1 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 449 ZIP_FILENAME_LEN, NULL, 0, NULL, 0 ) char *psz_fileName = calloc( ZIP_FILENAME_LEN, 1 ); if( unzGetCurrentFileInfo( file, p_fileInfo, psz_fileName, vlc_array_append( p_filenames, strdup( psz_fileName ) ); free( psz_fileName ); 0 --------------------------------- 2 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 449 char *psz_fileName = calloc( ZIP_FILENAME_LEN, 1 ); ZIP_FILENAME_LEN, NULL, 0, NULL, 0 ) if( unzGetCurrentFileInfo( file, p_fileInfo, psz_fileName, vlc_array_append( p_filenames, strdup( psz_fileName ) ); free( psz_fileName ); 0 --------------------------------- 3 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c inputfunc 100 fread(buf, 13, 1, fp); img->xsize = (buf[7] << 8) | buf[6]; img->ysize = (buf[9] << 8) | buf[8]; ncolors = 2 << (buf[10] & 0x07); if (buf[10] & GIF_COLORMAP) if (gif_read_cmap(fp, ncolors, cmap, &gray)) switch (getc(fp)) fclose(fp); buf[0] = getc(fp); if (buf[0] == 0xf9) gif_get_block(fp, buf); fread(buf, 9, 1, fp); if (buf[8] & GIF_COLORMAP) ncolors = 2 << (buf[8] & 0x07); if (gif_read_cmap(fp, ncolors, cmap, &gray)) img->xsize = (buf[5] << 8) | buf[4]; img->ysize = (buf[7] << 8) | buf[6]; if (img->xsize == 0 || img->ysize == 0) img->xsize, img->ysize); fprintf(stderr, "DEBUG: Bad GIF image dimensions: %dx%d\n", fclose(fp); i = gif_read_image(fp, img, cmap, buf[8] & GIF_INTERLACE); int interlace); i = gif_read_image(fp, img, cmap, buf[8] & GIF_INTERLACE); static int gif_read_cmap(FILE *fp, int ncolors, gif_cmap_t cmap, fclose(fp); fclose(fp); for (i = ncolors - 1; i >= 0; i --) cupsImageWhiteToCMYK(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageWhiteToCMY(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageWhiteToBlack(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageWhiteToRGB(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageRGBAdjust(cmap[i], 1, saturation, hue); for (i = ncolors - 1; i >= 0; i --) cupsImageRGBToCMYK(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageRGBToCMY(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageRGBToBlack(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageRGBToWhite(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageRGBToRGB(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageLut(cmap[i], bpp, lut); static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, fclose(fp); static int gif_get_block(FILE *fp, unsigned char *buffer); if (buf[0] & 1) transparent = buf[3]; if (transparent >= 0) 0 --------------------------------- 4 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_workmonitor.cpp cppfunc 111 WCHAR installDir[MAX_PATH + 1] = {L'\0'}; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH + 1]) wcsncpy(aResultDir, argvTmp[2], MAX_PATH); WCHAR* backSlash = wcsrchr(aResultDir, L'\\'); 0 --------------------------------- 5 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 196 DumpStyleGeneaology(nsIFrame* aFrame, const char* gap) nsFrame::ListTag(stdout, aFrame); nsStyleContext* sc = aFrame->GetStyleContext(); printf("%p ", sc); psc = sc->GetParent(); sc = psc; printf("%p ", sc); 0 --------------------------------- 6 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 514 rtsp_create_conversation(packet_info *pinfo, const guchar *line_begin, size_t line_len, gint rdt_feature_level) guchar buf[256]; if (line_len > sizeof(buf) - 1) line_len = sizeof(buf) - 1; memcpy(buf, line_begin, line_len); 0 --------------------------------- 7 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4420 str[0] = '\0'; av_strlcatf(str, size, "%s: av_strlcatf(str, size, "%s@", authorization); av_strlcat(str, "[", size); av_strlcat(str, hostname, size); av_strlcat(str, "]", size); av_strlcat(str, hostname, size); av_strlcat(str, hostname, size); av_strlcatf(str, size, ":%d", port); int len = strlen(str); vsnprintf(str + len, size > len ? size - len : 0, fmt, vl); return strlen(str); 0 --------------------------------- 8 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 241 static int Open( vlc_object_t *p_this ) char *psz_path, *psz_uri; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_path = p_access->psz_path; psz_parser = strchr( psz_tmp, '@' ); *psz_parser = 0; psz_path = p_access->psz_path + (psz_parser - psz_tmp) + 1; Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); i_ret = asprintf( &psz_uri, " free( psz_uri ); strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_parser = strchr( psz_path, '/' ); i_ret = asprintf( &psz_uri, " free( psz_uri ); static void Win32AddConnection( access_t *p_access, char *psz_path, i_ret = asprintf( &psz_uri, " free( psz_uri ); 0 --------------------------------- 9 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cppfunc 241 static int Open( vlc_object_t *p_this ) char *psz_path, *psz_uri; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_path = p_access->psz_path; psz_parser = strchr( psz_tmp, '@' ); *psz_parser = 0; psz_path = p_access->psz_path + (psz_parser - psz_tmp) + 1; Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); i_ret = asprintf( &psz_uri, " free( psz_uri ); strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_parser = strchr( psz_path, '/' ); i_ret = asprintf( &psz_uri, " free( psz_uri ); static void Win32AddConnection( access_t *p_access, char *psz_path, i_ret = asprintf( &psz_uri, " free( psz_uri ); 0 --------------------------------- 10 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 519 buf[line_len] = '\0'; tmp = buf + STRLEN_CONST(rtsp_transport); tmp++; while (*tmp && isspace(*tmp)) 0 --------------------------------- 11 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cppfunc 519 buf[line_len] = '\0'; tmp = buf + STRLEN_CONST(rtsp_transport); tmp++; while (*tmp && isspace(*tmp)) 0 --------------------------------- 12 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1349 debug_printf(const char *format, va_start(ap, format); vfprintf(stderr, format, ap); 0 --------------------------------- 13 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 373 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); fprintf(out, " IBSplitSpecialPrevSibling=%p", IBprevsibling); fprintf(out, " [content=%p]", static_cast(mContent)); fprintf(out, " {%d,%d,%d,%d}", mRect.x, mRect.y, mRect.width, mRect.height); fprintf(out, " [state=%016llx]", (unsigned long long)mState); 0 --------------------------------- 14 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 5812 nsIFrame* aFloat, NS_PRECONDITION(aFloat->GetStateBits() & NS_FRAME_OUT_OF_FLOW, aFloat, this, nsBlockReflowContext brc(aState.mPresContext, aState.mReflowState); if (!aFloat->GetPrevInFlow()) { rv = brc.ReflowBlock(aAdjustedAvailableSpace, true, margin, if (aFloat->GetType() == nsGkAtoms::letterFrame) { const nsHTMLReflowMetrics& metrics = brc.GetMetrics(); aFloat->SetSize(nsSize(metrics.width, metrics.height)); if (aFloat->HasView()) { nsContainerFrame::SyncFrameViewAfterReflow(aState.mPresContext, aFloat, aFloat->DidReflow(aState.mPresContext, &floatRS, aFloat, metrics.width, metrics.height); 0 --------------------------------- 15 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 463 path->data = NULL; path->size = 0; err = v9fs_co_open(pdu, f, f->open_flags); err = v9fs_co_opendir(pdu, f); for (f = s->fid_list; f; f = f->next) { BUG_ON(f->clunked); f->ref++; err = v9fs_reopen_fid(pdu, f); return NULL; f->flags |= FID_REFERENCED; return f; return NULL; fidp = get_fid(pdu, fid); err = v9fs_mark_fids_unreclaim(pdu, &fidp->path); V9fsPath path; v9fs_path_init(&path); err = v9fs_co_name_to_path(pdu, &dfidp->path, name.data, &path); err = v9fs_mark_fids_unreclaim(pdu, &path); static int v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) if (!memcmp(fidp->path.data, path->data, path->size)) { void v9fs_path_init(V9fsPath *path) v9fs_path_init(&path); err = v9fs_mark_fids_unreclaim(pdu, &path); static int v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) err = v9fs_reopen_fid(pdu, f); return f; fidp = get_fid(pdu, fid); err = v9fs_mark_fids_unreclaim(pdu, &fidp->path); 0 --------------------------------- 16 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 404 WriteStatusFailure(LPCWSTR updateDirPath, int errorCode) char failure[32]; sprintf(failure, "failed: %d", errorCode); DWORD toWrite = strlen(failure); DWORD wrote; toWrite, &wrote, NULL); 0 --------------------------------- 17 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp cfunc 401 WriteStatusFailure(LPCWSTR updateDirPath, int errorCode) char failure[32]; sprintf(failure, "failed: %d", errorCode); DWORD toWrite = strlen(failure); 0 --------------------------------- 18 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 403 WriteStatusFailure(LPCWSTR updateDirPath, int errorCode) char failure[32]; sprintf(failure, "failed: %d", errorCode); DWORD toWrite = strlen(failure); BOOL ok = WriteFile(statusFile, failure, 0 --------------------------------- 19 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cppfunc 401 if (gCommandChainQueue.IsEmpty()) { CommandChain* nextChain = gCommandChainQueue[0]; NetworkResultOptions newResult; next(nextChain, false, newResult); 0 --------------------------------- 20 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1469 for (cache = (snmp_cache_t *)cupsArrayFirst(Devices); cache = (snmp_cache_t *)cupsArrayNext(Devices)) free(cache->addrname); 0 --------------------------------- 21 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 1469 for (cache = (snmp_cache_t *)cupsArrayFirst(Devices); cache = (snmp_cache_t *)cupsArrayNext(Devices)) free(cache->addrname); 0 --------------------------------- 22 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1549 hex_debug(unsigned char *buffer, for (col = 0; len > 0; col ++, buffer ++, len --) fprintf(stderr, " %02X", *buffer); 0 --------------------------------- 23 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4732 char *endptr; prog_id = strtol(spec, &endptr, 0); if (*endptr++ == ':') { int stream_idx = strtol(endptr, NULL, 0); 0 --------------------------------- 24 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4732 char *endptr; prog_id = strtol(spec, &endptr, 0); if (*endptr++ == ':') { int stream_idx = strtol(endptr, NULL, 0); 0 --------------------------------- 25 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 378 nsBlockFrame* f = const_cast(this); if (f->HasOverflowAreas()) { nsRect overflowArea = f->GetVisualOverflowRect(); fprintf(out, " [vis-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, 0 --------------------------------- 26 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_serviceinstall.cpp cfunc 133 int rv = ReadMaintenanceServiceStrings(updaterINIPath, &serviceStrings); MaintenanceServiceStringTable *results) results->serviceDescription[MAX_TEXT_LEN - 1] = '\0'; MaintenanceServiceStringTable serviceStrings; int rv = ReadMaintenanceServiceStrings(updaterINIPath, &serviceStrings); if (rv != OK || !strlen(serviceStrings.serviceDescription)) { 0 --------------------------------- 27 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp cfunc 44 char propP2pSupported[PROPERTY_VALUE_MAX]; property_get("ro.moz.wifi.p2p_supported", propP2pSupported, "0"); return (0 == strcmp(propP2pSupported, "1")); 0 --------------------------------- 28 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 5396 nsIFrame* aOldFrame) nsFrame::ListTag(stdout, aOldFrame); bool hasFloats = BlockHasAnyFloats(aOldFrame); rv = DoRemoveFrame(aOldFrame, REMOVE_FIXED_CONTINUATIONS); return DoRemoveFrame(aOldFrame, REMOVE_FIXED_CONTINUATIONS); if (line->Contains(aDeletedFrame)) { NS_ASSERTION(this == aDeletedFrame->GetParent(), "messed up delete code"); NS_ASSERTION(line->Contains(aDeletedFrame), "frame not in line"); line->mFirstChild = aDeletedFrame->GetNextSibling(); overflowLines->mFrames.RemoveFrame(aDeletedFrame); mFrames.RemoveFrame(aDeletedFrame); line->NoteFrameRemoved(aDeletedFrame); aDeletedFrame->GetNextContinuation() : aDeletedFrame->GetNextInFlow(); nsIFrame* deletedNextContinuation = (aFlags & REMOVE_FIXED_CONTINUATIONS) ? nsFrame::ListTag(stdout, aDeletedFrame); aDeletedFrame->GetPrevSibling(), deletedNextContinuation); deletedNextContinuation->GetStateBits() & NS_FRAME_IS_OVERFLOW_CONTAINER) { deletedNextContinuation = nullptr; aDeletedFrame = deletedNextContinuation; NS_ASSERTION(this == aDeletedFrame->GetParent(), "messed up delete code"); NS_ASSERTION(line->Contains(aDeletedFrame), "frame not in line"); mFrames.RemoveFrame(aDeletedFrame); line->NoteFrameRemoved(aDeletedFrame); aDeletedFrame->GetNextContinuation() : aDeletedFrame->GetNextInFlow(); nsIFrame* deletedNextContinuation = (aFlags & REMOVE_FIXED_CONTINUATIONS) ? nsFrame::ListTag(stdout, aDeletedFrame); aDeletedFrame->GetPrevSibling(), deletedNextContinuation); nsIFrame* aNextInFlow, NS_PRECONDITION(aNextInFlow->GetPrevInFlow(), "bad next-in-flow"); if (aNextInFlow->GetStateBits() & nsLayoutUtils::AssertTreeOnlyEmptyNextInFlows(aNextInFlow); DoRemoveFrame(aNextInFlow, static nsresult RemoveBlockChild(nsIFrame* aFrame, nsBlockFrame* nextBlock = nsLayoutUtils::GetAsBlock(aFrame->GetParent()); return nextBlock->DoRemoveFrame(aFrame, nsBlockFrame::DoRemoveFrame(nsIFrame* aDeletedFrame, uint32_t aFlags) if (aDeletedFrame->GetStateBits() & NS_ASSERTION(this == aDeletedFrame->GetParent(), "messed up delete code"); NS_ASSERTION(line->Contains(aDeletedFrame), "frame not in line"); mFrames.RemoveFrame(aDeletedFrame); line->NoteFrameRemoved(aDeletedFrame); aDeletedFrame->GetNextContinuation() : aDeletedFrame->GetNextInFlow(); nsIFrame* deletedNextContinuation = (aFlags & REMOVE_FIXED_CONTINUATIONS) ? nsFrame::ListTag(stdout, aDeletedFrame); aDeletedFrame->GetPrevSibling(), deletedNextContinuation); 0 --------------------------------- 29 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 981 ! memcmp( &oggpacket.packet[1], "tarkin", 6 ) ) ! memcmp( oggpacket.packet, "Annodex", 7 ) ) ! memcmp( oggpacket.packet, "\x01vorbis", 7 ) ) ! memcmp( oggpacket.packet, "Speex", 5 ) ) ! memcmp( oggpacket.packet, "fLaC", 4 ) ) ! memcmp( oggpacket.packet, "\x80theora", 7 ) ) ! memcmp( oggpacket.packet, "KW-DIRAC\x00", 9 ) ) ) ! memcmp( oggpacket.packet, "BBCD\x00", 5 ) ) || 0 --------------------------------- 30 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 179 const uint8_t *p_peek; if( stream_Peek( s->p_source, &p_peek, i_zip_marker ) < i_zip_marker ) if( memcmp( p_peek, p_zip_marker, i_zip_marker ) ) 0 --------------------------------- 31 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 373 const char pending[] = "pending"; DWORD wrote; sizeof(pending) - 1, &wrote, NULL); 0 --------------------------------- 32 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4169 PRINT(" %02x", buf[i+j]); PRINT(" "); PRINT(" "); PRINT("%c", c); PRINT("\n"); PRINT("%08x ", i); PRINT(" "); PRINT("%c", c); hex_dump_internal(avcl, NULL, level, buf, size); PRINT("stream #%d:\n", pkt->stream_index); PRINT(" keyframe=%d\n", ((pkt->flags & AV_PKT_FLAG_KEY) != 0)); PRINT(" duration=%0.3f\n", pkt->duration * av_q2d(time_base)); PRINT(" dts="); PRINT("N/A"); PRINT("%0.3f", pkt->dts * av_q2d(time_base)); PRINT(" pts="); PRINT("N/A"); PRINT("%0.3f", pkt->pts * av_q2d(time_base)); PRINT("\n"); PRINT(" size=%d\n", pkt->size); av_hex_dump(f, pkt->data, pkt->size); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); void av_hex_dump(FILE *f, uint8_t *buf, int size) hex_dump_internal(NULL, f, 0, buf, size); static void hex_dump_internal(void *avcl, FILE *f, int level, uint8_t *buf, int size) PRINT("%c", c); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) av_hex_dump(f, pkt->data, pkt->size); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); 0 --------------------------------- 33 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4164 PRINT("%c", c); PRINT("\n"); PRINT("%08x ", i); PRINT(" "); hex_dump_internal(avcl, NULL, level, buf, size); PRINT("stream #%d:\n", pkt->stream_index); PRINT(" keyframe=%d\n", ((pkt->flags & AV_PKT_FLAG_KEY) != 0)); PRINT(" duration=%0.3f\n", pkt->duration * av_q2d(time_base)); PRINT(" dts="); PRINT("N/A"); PRINT("%0.3f", pkt->dts * av_q2d(time_base)); PRINT(" pts="); PRINT("N/A"); PRINT("%0.3f", pkt->pts * av_q2d(time_base)); PRINT("\n"); PRINT(" size=%d\n", pkt->size); av_hex_dump(f, pkt->data, pkt->size); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); static void hex_dump_internal(void *avcl, FILE *f, int level, uint8_t *buf, int size) PRINT(" "); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) av_hex_dump(f, pkt->data, pkt->size); void av_hex_dump(FILE *f, uint8_t *buf, int size) hex_dump_internal(NULL, f, 0, buf, size); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); 0 --------------------------------- 34 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4162 PRINT(" %02x", buf[i+j]); PRINT(" "); PRINT(" "); PRINT("%c", c); PRINT("\n"); PRINT("%08x ", i); PRINT(" "); hex_dump_internal(avcl, NULL, level, buf, size); PRINT("stream #%d:\n", pkt->stream_index); PRINT(" keyframe=%d\n", ((pkt->flags & AV_PKT_FLAG_KEY) != 0)); PRINT(" duration=%0.3f\n", pkt->duration * av_q2d(time_base)); PRINT(" dts="); PRINT("N/A"); PRINT("%0.3f", pkt->dts * av_q2d(time_base)); PRINT(" pts="); PRINT("N/A"); PRINT("%0.3f", pkt->pts * av_q2d(time_base)); PRINT("\n"); PRINT(" size=%d\n", pkt->size); av_hex_dump(f, pkt->data, pkt->size); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); void av_hex_dump(FILE *f, uint8_t *buf, int size) hex_dump_internal(NULL, f, 0, buf, size); static void hex_dump_internal(void *avcl, FILE *f, int level, uint8_t *buf, int size) PRINT(" "); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) av_hex_dump(f, pkt->data, pkt->size); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); 0 --------------------------------- 35 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4160 PRINT(" "); PRINT("%c", c); PRINT("\n"); PRINT("%08x ", i); PRINT(" %02x", buf[i+j]); hex_dump_internal(avcl, NULL, level, buf, size); PRINT(" keyframe=%d\n", ((pkt->flags & AV_PKT_FLAG_KEY) != 0)); PRINT(" duration=%0.3f\n", pkt->duration * av_q2d(time_base)); PRINT("N/A"); PRINT("%0.3f", pkt->dts * av_q2d(time_base)); PRINT("\n"); av_hex_dump(f, pkt->data, pkt->size); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); void av_hex_dump(FILE *f, uint8_t *buf, int size) hex_dump_internal(NULL, f, 0, buf, size); static void hex_dump_internal(void *avcl, FILE *f, int level, uint8_t *buf, int size) PRINT(" %02x", buf[i+j]); PRINT(" "); PRINT(" %02x", buf[i+j]); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT("stream #%d:\n", pkt->stream_index); PRINT(" dts="); PRINT(" pts="); PRINT("N/A"); PRINT("%0.3f", pkt->pts * av_q2d(time_base)); PRINT(" size=%d\n", pkt->size); av_hex_dump(f, pkt->data, pkt->size); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); 0 --------------------------------- 36 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 577 HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (!Process32FirstW(snapshot, &processEntry)) { } while (Process32NextW(snapshot, &processEntry)); CloseHandle(snapshot); 0 --------------------------------- 37 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 573 HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (!Process32FirstW(snapshot, &processEntry)) { } while (Process32NextW(snapshot, &processEntry)); CloseHandle(snapshot); 0 --------------------------------- 38 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 773 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *ret = buf; ret += 2; s2n(TLSEXT_TYPE_server_name, ret); s2n(0, ret); int el; if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { s2n(TLSEXT_TYPE_renegotiate, ret); s2n(el, ret); if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { ret += el; s2n(TLSEXT_TYPE_ec_point_formats, ret); s2n(s->tlsext_ecpointformatlist_length + 1, ret); *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length; memcpy(ret, s->tlsext_ecpointformatlist, 0 --------------------------------- 39 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1624 unsigned char *selected; unsigned char selected_len; ctx->next_proto_select_cb(s, &selected, &selected_len, data, s->next_proto_negotiated = OPENSSL_malloc(selected_len); memcpy(s->next_proto_negotiated, selected, selected_len); 0 --------------------------------- 40 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_workmonitor.cpp cfunc 78 char buf[32] = { 0 }; if (!ReadFile(statusFile, buf, sizeof(buf), &read, NULL)) { LOG(("updater.exe returned status: %s", buf)); const char kApplying[] = "applying"; isApplying = strncmp(buf, kApplying, 0 --------------------------------- 41 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1720 char uri[1024], if (!try_connect(&(device->address), device->addrname, 5353)) snprintf(uri, sizeof(uri), "lpd: static int try_connect(http_addr_t *addr, const char *addrname, if (!try_connect(&(device->address), device->addrname, 9100)) static int try_connect(http_addr_t *addr, const char *addrname, else if (!try_connect(&(device->address), device->addrname, 515)) static int try_connect(http_addr_t *addr, const char *addrname, debug_printf("DEBUG: %s supports LPD!\n", device->addrname); static void debug_printf(const char *format, ...); snprintf(uri, sizeof(uri), "lpd: update_cache(device, uri, NULL, NULL); const char *uri, device->uri = strdup(uri); snprintf(uri, sizeof(uri), "lpd: 0 --------------------------------- 42 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 497 if ((device_uri = calloc(1, sizeof(device_uri_t))) == NULL) if ((device_uri->uris = cupsArrayNew(NULL, NULL)) == NULL) if (regcomp(&(device_uri->re), start, REG_EXTENDED | REG_ICASE)) cupsArrayDelete(device_uri->uris); free(device_uri); 0 --------------------------------- 43 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 497 if ((device_uri = calloc(1, sizeof(device_uri_t))) == NULL) if ((device_uri->uris = cupsArrayNew(NULL, NULL)) == NULL) if (regcomp(&(device_uri->re), start, REG_EXTENDED | REG_ICASE)) cupsArrayDelete(device_uri->uris); free(device_uri); 0 --------------------------------- 44 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 462 static int AVI_ChunkRead_idx1( stream_t *s, avi_chunk_t *p_chk ) AVI_READCHUNK_ENTER; i_count = __MIN( (int64_t)p_chk->common.i_chunk_size, i_read ) / 16; p_chk->idx1.entry = calloc( i_count, sizeof( idx1_entry_t ) ); 0 --------------------------------- 45 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cppfunc 462 static int AVI_ChunkRead_idx1( stream_t *s, avi_chunk_t *p_chk ) AVI_READCHUNK_ENTER; i_count = __MIN( (int64_t)p_chk->common.i_chunk_size, i_read ) / 16; p_chk->idx1.entry = calloc( i_count, sizeof( idx1_entry_t ) ); 0 --------------------------------- 46 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_workmonitor.cpp API 70 WCHAR updateStatusFilePath[MAX_PATH + 1] = {L'\0'}; wcsncpy(updateStatusFilePath, updateDirPath, MAX_PATH); if (!PathAppendSafe(updateStatusFilePath, L"update.status")) { FILE_SHARE_WRITE | NULL, OPEN_EXISTING, 0, NULL)); nsAutoHandle statusFile(CreateFileW(updateStatusFilePath, GENERIC_READ, FILE_SHARE_WRITE | FILE_SHARE_READ | FILE_SHARE_WRITE | char buf[32] = { 0 }; DWORD read; if (!ReadFile(statusFile, buf, sizeof(buf), &read, NULL)) { 0 --------------------------------- 47 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 368 AVI_READCHUNK_ENTER; p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); AVI_READ2BYTES( p_chk->strf.auds.p_wf->wFormatTag ); AVI_READ2BYTES( p_chk->strf.auds.p_wf->nChannels ); AVI_READ4BYTES( p_chk->strf.auds.p_wf->nSamplesPerSec ); AVI_READ4BYTES( p_chk->strf.auds.p_wf->nAvgBytesPerSec ); AVI_READ2BYTES( p_chk->strf.auds.p_wf->nBlockAlign ); AVI_READ2BYTES( p_chk->strf.auds.p_wf->wBitsPerSample ); && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) AVI_READ2BYTES( p_chk->strf.auds.p_wf->cbSize ); p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_chk->strf.auds.p_wf->cbSize = p_chk->strf.auds.p_wf->cbSize = 0; memcpy( &p_chk->strf.auds.p_wf[1] , 0 --------------------------------- 48 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 333 strcat(result, array[i].get()); for (uint32_t i = 1; i < array.Length(); i++) { CHECK_LENGTH(len, strlen(array[i].get()), maxlen) 0 --------------------------------- 49 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 331 static void join(nsTArray& array, if (array.Length() > 0) { CHECK_LENGTH(len, strlen(array[0].get()), maxlen) strcpy(result, array[0].get()); for (uint32_t i = 1; i < array.Length(); i++) { strcat(result, sep); CHECK_LENGTH(len, strlen(array[i].get()), maxlen) strcat(result, array[i].get()); strcat(result, sep); 0 --------------------------------- 50 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 334 static void join(nsTArray& array, const char* sep, char* result) uint32_t seplen = strlen(sep); if (array.Length() > 0) { CHECK_LENGTH(len, strlen(array[0].get()), maxlen) strcpy(result, array[0].get()); for (uint32_t i = 1; i < array.Length(); i++) { strcat(result, sep); CHECK_LENGTH(len, strlen(array[i].get()), maxlen) strcat(result, array[i].get()); 0 --------------------------------- 51 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_workmonitor.cpp API 211 PROCESS_INFORMATION pi = {0}; NULL, &si, &pi); CloseHandle(pi.hThread); 0 --------------------------------- 52 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c cfunc 300 if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { const char *name, fprintf(stderr, "%s: x was < 0 (%d)\n", name, x); DisplaySurface *surface = qemu_console_surface(s->vga.con); if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) { const char *name, fprintf(stderr, "%s: x was < 0 (%d)\n", name, x); if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/dst", x1, y1, w, h)) { const char *name, fprintf(stderr, "%s: x was < 0 (%d)\n", name, x); DisplaySurface *surface = qemu_console_surface(s->vga.con); if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { const char *name, fprintf(stderr, "%s: x was < 0 (%d)\n", name, x); dpy_cursor_define(s->vga.con, qc); dx = vmsvga_fifo_read(s); if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) { int x0, int y0, int x1, int y1, int w, int h) if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/dst", x1, y1, w, h)) { int x, int y, int w, int h) fprintf(stderr, "%s: x was < 0 (%d)\n", name, x); trace_vmware_palette_write(s->index, value); trace_vmware_value_write(s->index, value); vmsvga_fifo_run(s); DisplaySurface *surface = qemu_console_surface(s->vga.con); s->vga.vram_ptr); dpy_gfx_replace_surface(s->vga.con, surface); struct vmsvga_state_s *s = opaque; vmsvga_value_write(s, addr, data); static inline int vmsvga_fill_rect(struct vmsvga_state_s *s, if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) { vmsvga_fifo_read(s); static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s) return le32_to_cpu(vmsvga_fifo_read_raw(s)); vmsvga_fifo_read(s); vmsvga_fifo_read(s); args = 7 + (vmsvga_fifo_read(s) >> 2); vmsvga_fifo_read(s); x = vmsvga_fifo_read(s); static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s) uint32_t cmd = s->fifo[CMD(stop) >> 2]; return cmd; return le32_to_cpu(vmsvga_fifo_read_raw(s)); x = vmsvga_fifo_read(s); if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) { int x0, int y0, int x1, int y1, int w, int h) if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) { int x, int y, int w, int h) fprintf(stderr, "%s: x was < 0 (%d)\n", name, x); static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s) vmsvga_fifo_read(s); x = vmsvga_fifo_read(s); static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s) return le32_to_cpu(vmsvga_fifo_read_raw(s)); static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s) uint32_t cmd = s->fifo[CMD(stop) >> 2]; return cmd; return le32_to_cpu(vmsvga_fifo_read_raw(s)); x = vmsvga_fifo_read(s); if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) { int x0, int y0, int x1, int y1, int w, int h) if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) { int x, int y, int w, int h) fprintf(stderr, "%s: x was < 0 (%d)\n", name, x); static void vmsvga_fifo_run(struct vmsvga_state_s *s) len = vmsvga_fifo_length(s); vmsvga_fifo_run(s); vmsvga_update_rect_flush(s); static inline int vmsvga_fifo_length(struct vmsvga_state_s *s) len = vmsvga_fifo_length(s); x = vmsvga_fifo_read(s); static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value) trace_vmware_scratch_write(s->index, value); vmsvga_fifo_run(s); static void vmsvga_update_display(void *opaque) vmsvga_check_size(s); static inline void vmsvga_check_size(struct vmsvga_state_s *s) vmsvga_check_size(s); vmsvga_fifo_run(s); static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s) rect = &s->redraw_fifo[s->redraw_fifo_first++]; vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h); int x, int y, int w, int h) if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { int x, int y, int w, int h) fprintf(stderr, "%s: x was < 0 (%d)\n", name, x); static inline int vmsvga_copy_rect(struct vmsvga_state_s *s, if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) { x = vmsvga_fifo_read(s); static void vmsvga_io_write(void *opaque, hwaddr addr, vmsvga_value_write(s, addr, data); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, vmsvga_cursor_define(s, &cursor); vmsvga_fifo_read(s); 0 --------------------------------- 53 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1795 char filename[1024], if ((cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL) cups_serverroot = CUPS_SERVERROOT; snprintf(filename, sizeof(filename), "%s/snmp.conf", cups_serverroot); if ((fp = cupsFileOpen(filename, "r")) != NULL) linenum = 0; while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) fprintf(stderr, "ERROR: Missing value on line %d of %s!\n", linenum, filename); line, linenum, filename); "line %d of %s!\n", linenum, filename); 0 --------------------------------- 54 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c cfunc 304 if (x > SVGA_MAX_WIDTH) { fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x); if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) { const char *name, fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x); DisplaySurface *surface = qemu_console_surface(s->vga.con); if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { const char *name, if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/dst", x1, y1, w, h)) { DisplaySurface *surface = qemu_console_surface(s->vga.con); dpy_cursor_define(s->vga.con, qc); x = vmsvga_fifo_read(s); if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) { uint32_t c, int x, int y, int w, int h) if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { int x, int y, int w, int h) fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x); dx = vmsvga_fifo_read(s); if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) { int x0, int y0, int x1, int y1, int w, int h) if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/dst", x1, y1, w, h)) { int x, int y, int w, int h) fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x); trace_vmware_palette_write(s->index, value); trace_vmware_value_write(s->index, value); vmsvga_fifo_run(s); DisplaySurface *surface = qemu_console_surface(s->vga.con); qemu_default_pixman_format(s->new_depth, true); trace_vmware_setmode(s->new_width, s->new_height, s->new_depth); s->vga.vram_ptr); dpy_gfx_replace_surface(s->vga.con, surface); struct vmsvga_state_s *s = opaque; vmsvga_value_write(s, addr, data); static inline int vmsvga_copy_rect(struct vmsvga_state_s *s, if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) { x = vmsvga_fifo_read(s); static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s) return le32_to_cpu(vmsvga_fifo_read_raw(s)); vmsvga_fifo_read(s); vmsvga_fifo_read(s); args = 7 + (vmsvga_fifo_read(s) >> 2); vmsvga_fifo_read(s); x = vmsvga_fifo_read(s); static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s) uint32_t cmd = s->fifo[CMD(stop) >> 2]; return cmd; return le32_to_cpu(vmsvga_fifo_read_raw(s)); x = vmsvga_fifo_read(s); if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) { int x0, int y0, int x1, int y1, int w, int h) if (!vmsvga_verify_rect(surface, "vmsvga_copy_rect/src", x0, y0, w, h)) { int x, int y, int w, int h) fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x); static void vmsvga_update_display(void *opaque) vmsvga_check_size(s); static inline void vmsvga_check_size(struct vmsvga_state_s *s) vmsvga_check_size(s); vmsvga_fifo_run(s); static void vmsvga_fifo_run(struct vmsvga_state_s *s) len = vmsvga_fifo_length(s); vmsvga_fifo_run(s); vmsvga_update_rect_flush(s); static inline int vmsvga_fifo_length(struct vmsvga_state_s *s) len = vmsvga_fifo_length(s); x = vmsvga_fifo_read(s); static void vmsvga_fifo_run(struct vmsvga_state_s *s) vmsvga_fifo_run(s); vmsvga_update_rect_flush(s); static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s) rect = &s->redraw_fifo[s->redraw_fifo_first++]; vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h); int x, int y, int w, int h) if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { int x, int y, int w, int h) fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x); static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value) trace_vmware_scratch_write(s->index, value); vmsvga_fifo_run(s); static inline void vmsvga_update_rect(struct vmsvga_state_s *s, vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h); rect = &s->redraw_fifo[s->redraw_fifo_first++]; vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h); int x, int y, int w, int h) if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { int x, int y, int w, int h) fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x); static inline int vmsvga_fill_rect(struct vmsvga_state_s *s, if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) { vmsvga_fifo_read(s); static void vmsvga_io_write(void *opaque, hwaddr addr, vmsvga_value_write(s, addr, data); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, vmsvga_cursor_define(s, &cursor); vmsvga_fifo_read(s); 0 --------------------------------- 55 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 145 const BlockDebugFlags* bdf = gFlags; const BlockDebugFlags* end = gFlags + NUM_DEBUG_FLAGS; *(bdf->on) = true; for (; bdf < end; bdf++) { if (PL_strcasecmp(bdf->name, flags) == 0) { printf("nsBlockFrame: setting %s debug flag on\n", bdf->name); 0 --------------------------------- 56 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp cfunc 386 char propVersion[PROPERTY_VALUE_MAX]; property_get("ro.build.version.sdk", propVersion, "0"); mSdkVersion = strtol(propVersion, nullptr, 10); 0 --------------------------------- 57 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp cppfunc 386 char propVersion[PROPERTY_VALUE_MAX]; property_get("ro.build.version.sdk", propVersion, "0"); mSdkVersion = strtol(propVersion, nullptr, 10); 0 --------------------------------- 58 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 722 asn1_debug(buffer, value_length, indent + 4); asn1_debug(buffer, value_length, indent + 4); int indent) fprintf(stderr, "DEBUG: %*sINTEGER %d bytes %d\n", indent, "", asn1_debug(buffer, value_length, indent + 4); fprintf(stderr, "DEBUG: %*sOCTET STRING %d bytes \"%s\"\n", indent, "", fprintf(stderr, ".%d", oid[i]); putc('\n', stderr); fprintf(stderr, "DEBUG: %*sBOOLEAN %d bytes %d\n", indent, "", 0 --------------------------------- 59 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 723 value_length = asn1_get_length(&buffer, bufend); integer = asn1_get_integer(&buffer, bufend, value_length); int length); value_length, integer); 0 --------------------------------- 60 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c cfunc 934 process_rec_header2_v2(wtap *wth, unsigned char *buffer, guint16 length, static const char x_25_str[] = "HDLC\nX.25\n"; if (length < sizeof x_25_str - 1) { if (strncmp((char *)buffer, x_25_str, sizeof x_25_str - 1) == 0) { 0 --------------------------------- 61 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 413 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *ret = buf; ret += 2; s2n(TLSEXT_TYPE_server_name, ret); s2n(size_str + 5, ret); s2n(size_str + 3, ret); s2n(size_str, ret); memcpy(ret, s->tlsext_hostname, size_str); 0 --------------------------------- 62 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c cfunc 100 static int ws_snd_decode_frame(AVCodecContext *avctx, void *data, const uint8_t *buf = avpkt->data; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) { samples = s->frame.data[0]; memcpy(samples, buf, out_size); 0 --------------------------------- 63 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 1310 process_rtsp_request(tvbuff_t *tvb, int offset, const guchar *data, (len == linelen || isspace(data[len]))) g_ascii_strncasecmp(rtsp_methods[ii], data, len) == 0 && url = data; while (url < lineend && !isspace(*url)) url++; while (url < lineend && isspace(*url)) url++; while (url < lineend && !isspace(*url)) url++; while (url < lineend && !isspace(*url)) 0 --------------------------------- 64 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cppfunc 1310 process_rtsp_request(tvbuff_t *tvb, int offset, const guchar *data, (len == linelen || isspace(data[len]))) g_ascii_strncasecmp(rtsp_methods[ii], data, len) == 0 && url = data; while (url < lineend && !isspace(*url)) url++; while (url < lineend && isspace(*url)) url++; while (url < lineend && !isspace(*url)) url++; while (url < lineend && !isspace(*url)) 0 --------------------------------- 65 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 729 asn1_debug(buffer, value_length, indent + 4); asn1_debug(buffer, value_length, indent + 4); asn1_debug(buffer, value_length, indent + 4); int indent) fprintf(stderr, "DEBUG: %*sBOOLEAN %d bytes %d\n", indent, "", fprintf(stderr, "DEBUG: %*sOCTET STRING %d bytes \"%s\"\n", indent, "", fprintf(stderr, "DEBUG: %*sOID %d bytes ", indent, "", fprintf(stderr, ".%d", oid[i]); putc('\n', stderr); fprintf(stderr, "DEBUG: %*sINTEGER %d bytes %d\n", indent, "", 0 --------------------------------- 66 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cfunc 252 const char *format, ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; if (isdigit((unsigned char)ch)) { 0 --------------------------------- 67 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cppfunc 252 const char *format, ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; if (isdigit((unsigned char)ch)) { 0 --------------------------------- 68 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 848 unsigned char *buf = NULL; unsigned char *bitmask = NULL; frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); return NULL; return NULL; frag->fragment = buf; (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); bitmask = return NULL; memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); frag->reassembly = bitmask; return frag; frag = dtls1_hm_fragment_new(frag_len, 0); memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); unsigned char wire[DTLS1_HM_HEADER_LENGTH]; struct hm_header_st msg_hdr; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, dtls1_get_message_header(wire, &msg_hdr); n2l3(data, msg_hdr->msg_len); n2s(data, msg_hdr->seq); n2l3(data, msg_hdr->frag_off); n2l3(data, msg_hdr->frag_len); dtls1_get_message_header(wire, &msg_hdr); return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, unsigned long frag_len = msg_hdr->frag_len; frag = dtls1_hm_fragment_new(frag_len, 0); static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, buf = (unsigned char *)OPENSSL_malloc(frag_len); frag->fragment = buf; return frag; frag = dtls1_hm_fragment_new(frag_len, 0); memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); dtls1_get_message_header(wire, &msg_hdr); return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); msg_hdr->type = *(data++); dtls1_get_message_header(wire, &msg_hdr); return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); 0 --------------------------------- 69 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 2160 int version, const unsigned request_id, packet.version = version; packet.request_type = ASN1_GET_REQUEST; packet.request_id = request_id; packet.object_type = ASN1_NULL_VALUE; strlcpy(packet.community, community, sizeof(packet.community)); bytes = asn1_encode_snmp(buffer, sizeof(buffer), &packet); snmp_packet_t *packet); memset(&packet, 0, sizeof(packet)); bytes = asn1_encode_snmp(buffer, sizeof(buffer), &packet); snmp_packet_t packet; bytes = asn1_encode_snmp(buffer, sizeof(buffer), &packet); packet.error); 0 --------------------------------- 70 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 454 unz_file_info *p_fileInfo = calloc( 1, sizeof( unz_file_info ) ); if( unzGetCurrentFileInfo( file, p_fileInfo, psz_fileName, free( p_fileInfo ); 0 --------------------------------- 71 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 454 unz_file_info *p_fileInfo = calloc( 1, sizeof( unz_file_info ) ); if( unzGetCurrentFileInfo( file, p_fileInfo, psz_fileName, free( p_fileInfo ); 0 --------------------------------- 72 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp cfunc 276 LPWSTR cmdLine = MakeCommandLine(argc, argv); LOG(("Starting service with cmdline: %ls", cmdLine)); processStarted = CreateProcessW(argv[0], cmdLine, free(cmdLine); 0 --------------------------------- 73 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp cppfunc 276 LPWSTR cmdLine = MakeCommandLine(argc, argv); LOG(("Starting service with cmdline: %ls", cmdLine)); processStarted = CreateProcessW(argv[0], cmdLine, free(cmdLine); 0 --------------------------------- 74 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_workmonitor.cpp cfunc 396 char updaterIdentity[64]; updaterIdentity, sizeof(updaterIdentity))) { if (strcmp(updaterIdentity, UPDATER_IDENTITY_STRING)) { 0 --------------------------------- 75 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1168 unsigned short type, size; static const unsigned char kSafariExtensionsBlock[] = { data += 2; n2s(data, type); n2s(data, size); data += size; const size_t len1 = sizeof(kSafariExtensionsBlock); if (memcmp(data, kSafariExtensionsBlock, len1) != 0) if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) if (memcmp(data, kSafariExtensionsBlock, len) != 0) unsigned short size; ssl_check_for_safari(s, data, limit); n2s(data, len); n2s(data, size); fprintf(stderr, "Received extension type %d size %d\n", type, size); s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); n2s(data, dsize); size -= 2; memcpy(s->srp_ctx.login, &data[1], len); !s->tls_session_ticket_ext_cb(s, data, size, size -= 2; s->tlsext_status_type = *data++; size--; n2s(data, dsize); size -= 2; int idsize; n2s(data, idsize); size -= 2 + idsize; id = d2i_OCSP_RESPID(NULL, &sdata, idsize); data += idsize; n2s(data, dsize); if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) data += size; n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length); int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length); int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *data = *p; n2s(data, len); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length); if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) n2s(data, dsize); if (!tls1_process_sigalgs(s, data, dsize)) size -= 2; data += size; n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length); static void ssl_check_for_safari(SSL *s, const unsigned char *data, n2s(data, len); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length); 0 --------------------------------- 76 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c cfunc 365 static void sysbus_esp_gpio_demux(void *opaque, int irq, int level) SysBusESPState *sysbus = ESP(opaque); ESPState *s = &sysbus->esp; parent_esp_reset(s, irq, level); static void parent_esp_reset(ESPState *s, int irq, int level) esp_soft_reset(s); static void esp_soft_reset(ESPState *s) qemu_irq_lower(s->irq); esp_hard_reset(s); void esp_hard_reset(ESPState *s) memset(s->rregs, 0, ESP_REGS); static void sysbus_esp_mem_write(void *opaque, hwaddr addr, esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) esp_soft_reset(s); static void sysbus_esp_hard_reset(DeviceState *dev) SysBusESPState *sysbus = ESP(dev); esp_hard_reset(&sysbus->esp); 0 --------------------------------- 77 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c cfunc 366 static void sysbus_esp_gpio_demux(void *opaque, int irq, int level) SysBusESPState *sysbus = ESP(opaque); ESPState *s = &sysbus->esp; parent_esp_reset(s, irq, level); static void parent_esp_reset(ESPState *s, int irq, int level) esp_soft_reset(s); static void esp_soft_reset(ESPState *s) esp_hard_reset(s); void esp_hard_reset(ESPState *s) memset(s->rregs, 0, ESP_REGS); memset(s->wregs, 0, ESP_REGS); static void sysbus_esp_hard_reset(DeviceState *dev) SysBusESPState *sysbus = ESP(dev); esp_hard_reset(&sysbus->esp); static void sysbus_esp_mem_write(void *opaque, hwaddr addr, esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) esp_soft_reset(s); 0 --------------------------------- 78 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4746 const char *spec) char *endptr; sid = strtol(spec + 1, &endptr, 0); 0 --------------------------------- 79 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4746 const char *spec) char *endptr; sid = strtol(spec + 1, &endptr, 0); 0 --------------------------------- 80 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 323 static void Close( vlc_object_t *p_this ) access_sys_t *p_sys = p_access->p_sys; p_sys->p_smb->close( p_sys->p_smb, p_sys->p_file ); smbc_free_context( p_sys->p_smb, 1 ); free( p_sys ); 0 --------------------------------- 81 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cppfunc 323 static void Close( vlc_object_t *p_this ) access_sys_t *p_sys = p_access->p_sys; p_sys->p_smb->close( p_sys->p_smb, p_sys->p_file ); smbc_free_context( p_sys->p_smb, 1 ); free( p_sys ); 0 --------------------------------- 82 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 487 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *ret = buf; long lenmax; strlen(s->tlsext_hostname)) > (unsigned long)lenmax) s2n(TLSEXT_TYPE_server_name, ret); s2n(size_str + 5, ret); s2n(size_str + 3, ret); *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name; s2n(size_str, ret); memcpy(ret, s->tlsext_hostname, size_str); ret += size_str; s2n(el, ret); if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { ret += el; int login_len = strlen(s->srp_ctx.login); s2n(TLSEXT_TYPE_srp, ret); s2n(login_len + 1, ret); (*ret++) = (unsigned char)login_len; memcpy(ret, s->srp_ctx.login, login_len); ret += login_len; s2n(TLSEXT_TYPE_ec_point_formats, ret); s2n(s->tlsext_ecpointformatlist_length + 1, ret); *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length; memcpy(ret, s->tlsext_ecpointformatlist, 0 --------------------------------- 83 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4460 if (!(ptr = strchr(key, '='))) ptr++; for (; *ptr && !(isspace(*ptr) || *ptr == ','); ptr++) key = ptr; if (!(ptr = strchr(key, '='))) 0 --------------------------------- 84 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 408 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); fprintf(out, " IBSplitSpecialPrevSibling=%p", IBprevsibling); fprintf(out, " [content=%p]", static_cast(mContent)); fprintf(out, " {%d,%d,%d,%d}", mRect.x, mRect.y, mRect.width, mRect.height); fprintf(out, " [state=%016llx]", (unsigned long long)mState); fprintf(out, " [vis-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " [scr-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " sc=%p(i=%d,b=%d)", fprintf(out, " pst=%s", fprintf(out, " transformed"); fprintf(out, " perspective"); 0 --------------------------------- 85 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1381 const char *old_make_model, if (!strncasecmp(old_make_model, "Hewlett-Packard", 15)) mmptr = (char *)old_make_model + 15; mmptr ++; while (isspace(*mmptr & 255)) 0 --------------------------------- 86 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 1381 const char *old_make_model, if (!strncasecmp(old_make_model, "Hewlett-Packard", 15)) mmptr = (char *)old_make_model + 15; mmptr ++; while (isspace(*mmptr & 255)) 0 --------------------------------- 87 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 401 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); fprintf(out, " IBSplitSpecialPrevSibling=%p", IBprevsibling); fprintf(out, " [content=%p]", static_cast(mContent)); fprintf(out, " {%d,%d,%d,%d}", mRect.x, mRect.y, mRect.width, mRect.height); fprintf(out, " [state=%016llx]", (unsigned long long)mState); fprintf(out, " [vis-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " [scr-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " sc=%p(i=%d,b=%d)", fprintf(out, " pst=%s", 0 --------------------------------- 88 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1388 const char *old_make_model, if (!strncasecmp(old_make_model, "Hewlett-Packard", 15)) mmptr = (char *)old_make_model + 15; while (isspace(*mmptr & 255)) mmptr ++; if (!strncasecmp(mmptr, "hp", 2)) mmptr += 2; mmptr ++; while (isspace(*mmptr & 255)) 0 --------------------------------- 89 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 1388 const char *old_make_model, if (!strncasecmp(old_make_model, "Hewlett-Packard", 15)) mmptr = (char *)old_make_model + 15; while (isspace(*mmptr & 255)) mmptr ++; if (!strncasecmp(mmptr, "hp", 2)) mmptr += 2; mmptr ++; while (isspace(*mmptr & 255)) 0 --------------------------------- 90 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 402 nsAutoString atomString; pseudoTag->ToString(atomString); NS_LossyConvertUTF16toASCII(atomString).get()); 0 --------------------------------- 91 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 405 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); fprintf(out, " IBSplitSpecialPrevSibling=%p", IBprevsibling); fprintf(out, " [content=%p]", static_cast(mContent)); fprintf(out, " {%d,%d,%d,%d}", mRect.x, mRect.y, mRect.width, mRect.height); fprintf(out, " [state=%016llx]", (unsigned long long)mState); fprintf(out, " [vis-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " [scr-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " sc=%p(i=%d,b=%d)", fprintf(out, " pst=%s", fprintf(out, " transformed"); 0 --------------------------------- 92 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 775 size_t len, asn1_debug(buffer, value_length, indent + 4); value_length = asn1_get_length(&buffer, bufend); value_length); 0 --------------------------------- 93 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 1150 if(strcmp(s->iformat->name, "mov,mp4,m4a,3gp,3g2,mj2")) !strcmp(s->iformat->name, "mpegts"))){ && (!strcmp(s->iformat->name, "mpeg") || 0 --------------------------------- 94 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1980 snmp_cache_t key, key.addrname = addrname; device = (snmp_cache_t *)cupsArrayFind(Devices, &key); free(device->make_and_model); 0 --------------------------------- 95 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 1980 snmp_cache_t key, key.addrname = addrname; device = (snmp_cache_t *)cupsArrayFind(Devices, &key); free(device->make_and_model); 0 --------------------------------- 96 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_workmonitor.cpp API 400 wcsncpy(aResultDir, argvTmp[2], MAX_PATH); bool backgroundUpdate = IsUpdateBeingStaged(argcTmp, argvTmp); LOAD_LIBRARY_AS_DATAFILE); HMODULE updaterModule = LoadLibraryEx(argv[0], NULL, if (!LoadStringA(updaterModule, IDS_UPDATER_IDENTITY, FreeLibrary(updaterModule); if (!PathRemoveFileSpecW(serviceUpdaterPath)) { if (!PathAppendSafe(serviceUpdaterPath, L"update")) { CreateDirectoryW(serviceUpdaterPath, NULL); if (!PathAppendSafe(serviceUpdaterPath, L"updater.exe")) { result = DeleteFileW(serviceUpdaterPath); serviceUpdaterPath)); if (PathGetSiblingFilePath(updaterINIPath, serviceUpdaterPath, WCHAR secureUpdaterPath[MAX_PATH + 1] = { L'\0' }; result = GetSecureUpdaterPath(secureUpdaterPath); oldUpdaterPath, secureUpdaterPath)); DeleteSecureUpdater(secureUpdaterPath); argv[3] = secureUpdaterPath; result = ProcessSoftwareUpdateCommand(argc - 3, argv + 3); IsUpdateBeingStaged(int argc, LPWSTR *argv) return argc == 4 && !wcscmp(argv[3], L"-1"); bool replaceRequest = (argcTmp >= 4 && wcsstr(argvTmp[3], L"/replace")); if (!IsLocalFile(argv[0], isLocal) || !isLocal) { nsAutoHandle noWriteLock(CreateFileW(argv[0], GENERIC_READ, FILE_SHARE_READ, if (result && !VerifySameFiles(argv[0], installDirUpdater, HMODULE updaterModule = LoadLibraryEx(argv[0], NULL, if (!LoadStringA(updaterModule, IDS_UPDATER_IDENTITY, FreeLibrary(updaterModule); DeleteSecureUpdater(WCHAR serviceUpdaterPath[MAX_PATH + 1]) result = CopyFileW(oldUpdaterPath, secureUpdaterPath, FALSE); argv[3] = secureUpdaterPath; result = ProcessSoftwareUpdateCommand(argc - 3, argv + 3); ProcessSoftwareUpdateCommand(DWORD argc, LPWSTR *argv) if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH + 1]) if (!IsLocalFile(argv[0], isLocal) || !isLocal) { nsAutoHandle noWriteLock(CreateFileW(argv[0], GENERIC_READ, FILE_SHARE_READ, if (result && !VerifySameFiles(argv[0], installDirUpdater, HMODULE updaterModule = LoadLibraryEx(argv[0], NULL, if (!LoadStringA(updaterModule, IDS_UPDATER_IDENTITY, FreeLibrary(updaterModule); BOOL PathGetSiblingFilePath(LPWSTR destinationBuffer, LPCWSTR siblingFilePath, result = CopyFileW(oldUpdaterPath, secureUpdaterPath, FALSE); argv[3] = secureUpdaterPath; result = ProcessSoftwareUpdateCommand(argc - 3, argv + 3); GetSecureUpdaterPath(WCHAR serviceUpdaterPath[MAX_PATH + 1]) if (!GetModuleFileNameW(NULL, serviceUpdaterPath, MAX_PATH)) { argv[3] = secureUpdaterPath; result = ProcessSoftwareUpdateCommand(argc - 3, argv + 3); 0 --------------------------------- 97 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc cfunc 377 uint8_t* frame_buffer, size_t frame_buffer_length, memset(fragmentation->fragmentationLength, 0, (*it).dataPtr - frame_buffer; fragmentation->fragmentationOffset[partition_id] = frame_buffer_length); assert(fragmentation->fragmentationOffset[partition_id] < (*partition_end).dataPtr + (*partition_end).sizeBytes - (*it).dataPtr; fragmentation->fragmentationLength[partition_id] = frame_buffer_length); assert(fragmentation->fragmentationLength[partition_id] <= fragmentation->fragmentationOffset[0] = 0; for (int i = 1; i < fragmentation->fragmentationVectorSize; ++i) { fragmentation->fragmentationOffset[i - 1] + fragmentation->fragmentationLength[i - 1]; fragmentation->fragmentationOffset[i] = fragmentation->fragmentationOffset[i - 1]); fragmentation->fragmentationOffset[i] >= assert(i == 0 || 0 --------------------------------- 98 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc cppfunc 377 uint8_t* frame_buffer, size_t frame_buffer_length, memset(fragmentation->fragmentationLength, 0, (*it).dataPtr - frame_buffer; fragmentation->fragmentationOffset[partition_id] = frame_buffer_length); assert(fragmentation->fragmentationOffset[partition_id] < (*partition_end).dataPtr + (*partition_end).sizeBytes - (*it).dataPtr; fragmentation->fragmentationLength[partition_id] = frame_buffer_length); assert(fragmentation->fragmentationLength[partition_id] <= fragmentation->fragmentationOffset[0] = 0; for (int i = 1; i < fragmentation->fragmentationVectorSize; ++i) { fragmentation->fragmentationOffset[i - 1] + fragmentation->fragmentationLength[i - 1]; fragmentation->fragmentationOffset[i] = fragmentation->fragmentationOffset[i - 1]); fragmentation->fragmentationOffset[i] >= assert(i == 0 || 0 --------------------------------- 99 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 149 va_list args; va_start( args, psz_fmt_src ); char *psz_tmp; int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; char *psz_out = realloc( *ppsz_dest, i_len ); strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; " \n" if( astrcatf( pp_buffer, " \n" if( astrcatf( pp_buffer, " \n\n" ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n", n->name ) < 0 ) if( astrcatf( pp_buffer, " \n", i->id ) < 0 ) if( astrcatf( pp_buffer, " \n" ) < 0 ) static int astrcatf( char **ppsz_dest, const char *psz_fmt_src, ... ) va_start( args, psz_fmt_src ); int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; char *psz_path = strdup( psz_pathtozip ); if( astrcatf( &psz_path, "%s", psz_escapedName ) < 0 ) return -1; if( astrcatf( pp_buffer, if( astrcatf( pp_buffer, " \n\n" ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n" ) < 0 ) static int astrcatf( char **ppsz_dest, const char *psz_fmt_src, ... ) int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; 0 --------------------------------- 100 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 147 va_list args; va_start( args, psz_fmt_src ); int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); va_end( args ); 0 --------------------------------- 101 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 147 va_list args; va_start( args, psz_fmt_src ); int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); va_end( args ); 0 --------------------------------- 102 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 196 static int Open( vlc_object_t *p_this ) access_t *p_access = (access_t*)p_this; char *psz_user = 0, *psz_pwd = 0, *psz_domain = 0; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_parser = strchr( psz_tmp, ';' ); psz_domain = strdup( psz_tmp ); if( !psz_user ) psz_user = var_CreateGetString( p_access, "smb-user" ); if( !psz_pwd ) psz_pwd = var_CreateGetString( p_access, "smb-pwd" ); if( !psz_domain ) psz_domain = var_CreateGetString( p_access, "smb-domain" ); if( psz_domain && !*psz_domain ) { free( psz_domain ); psz_domain = 0; } 0 --------------------------------- 103 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cppfunc 196 static int Open( vlc_object_t *p_this ) access_t *p_access = (access_t*)p_this; char *psz_user = 0, *psz_pwd = 0, *psz_domain = 0; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_parser = strchr( psz_tmp, ';' ); psz_domain = strdup( psz_tmp ); if( !psz_user ) psz_user = var_CreateGetString( p_access, "smb-user" ); if( !psz_pwd ) psz_pwd = var_CreateGetString( p_access, "smb-pwd" ); if( !psz_domain ) psz_domain = var_CreateGetString( p_access, "smb-domain" ); if( psz_domain && !*psz_domain ) { free( psz_domain ); psz_domain = 0; } 0 --------------------------------- 104 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 194 static int Open( vlc_object_t *p_this ) access_t *p_access = (access_t*)p_this; char *psz_user = 0, *psz_pwd = 0, *psz_domain = 0; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_pwd = strdup( psz_parser+1 ); if( !psz_user ) psz_user = var_CreateGetString( p_access, "smb-user" ); if( !psz_pwd ) psz_pwd = var_CreateGetString( p_access, "smb-pwd" ); if( psz_pwd && !*psz_pwd ) { free( psz_pwd ); psz_pwd = 0; } 0 --------------------------------- 105 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cppfunc 194 static int Open( vlc_object_t *p_this ) access_t *p_access = (access_t*)p_this; char *psz_user = 0, *psz_pwd = 0, *psz_domain = 0; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_pwd = strdup( psz_parser+1 ); if( !psz_user ) psz_user = var_CreateGetString( p_access, "smb-user" ); if( !psz_pwd ) psz_pwd = var_CreateGetString( p_access, "smb-pwd" ); if( psz_pwd && !*psz_pwd ) { free( psz_pwd ); psz_pwd = 0; } 0 --------------------------------- 106 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 192 static int Open( vlc_object_t *p_this ) access_t *p_access = (access_t*)p_this; char *psz_user = 0, *psz_pwd = 0, *psz_domain = 0; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_parser = strchr( psz_tmp, ';' ); *psz_parser = 0; psz_parser++; else psz_parser = psz_tmp; psz_user = strdup( psz_parser ); if( !psz_user ) psz_user = var_CreateGetString( p_access, "smb-user" ); if( psz_user && !*psz_user ) { free( psz_user ); psz_user = 0; } 0 --------------------------------- 107 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cppfunc 192 static int Open( vlc_object_t *p_this ) access_t *p_access = (access_t*)p_this; char *psz_user = 0, *psz_pwd = 0, *psz_domain = 0; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_parser = strchr( psz_tmp, ';' ); *psz_parser = 0; psz_parser++; else psz_parser = psz_tmp; psz_user = strdup( psz_parser ); if( !psz_user ) psz_user = var_CreateGetString( p_access, "smb-user" ); if( psz_user && !*psz_user ) { free( psz_user ); psz_user = 0; } 0 --------------------------------- 108 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 616 va_list args; va_start( args, psz_fmt_src ); char *psz_tmp; int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; char *psz_out = realloc( *ppsz_dest, i_len ); strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; size_t i_num = 0, i_len = 0; i_len++; i_len++; i_num++; *ppsz_encoded = malloc( i_len + 1 ); memcpy( *ppsz_encoded, psz_url, i_len + 1 ); char *psz_ret = malloc( i_len + 3*i_num + 2 ); *ppsz_encoded = psz_ret; char *psz_pathtozip; escapeToXml( &psz_pathtozip, psz_zippath ); if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; int i_track = 0; psz_file = convert_xml_special_chars( psz_file ? char *psz_path = strdup( psz_pathtozip ); if( astrcatf( &psz_path, "%s", psz_escapedName ) < 0 ) return -1; psz_path, psz_file, i_track ) < 0 ) return -1; parent->media = new_item( i_track ); tmp->next = new_item( i_track ); inline static item* new_item( int id ) psz_path, psz_file, i_track ) < 0 ) return -1; static int astrcatf( char **ppsz_dest, const char *psz_fmt_src, ... ) va_start( args, psz_fmt_src ); int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; char *psz_path = strdup( psz_pathtozip ); if( astrcatf( &psz_path, "%s", psz_escapedName ) < 0 ) return -1; psz_path, psz_file, i_track ) < 0 ) return -1; free( psz_path ); static int escapeToXml( char **ppsz_encoded, const char *psz_url ) escapeToXml( &psz_pathtozip, psz_zippath ); char *psz_path = strdup( psz_pathtozip ); psz_path, psz_file, i_track ) < 0 ) return -1; 0 --------------------------------- 109 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 616 va_list args; va_start( args, psz_fmt_src ); char *psz_tmp; int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; char *psz_out = realloc( *ppsz_dest, i_len ); strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; size_t i_num = 0, i_len = 0; i_len++; i_len++; i_num++; *ppsz_encoded = malloc( i_len + 1 ); memcpy( *ppsz_encoded, psz_url, i_len + 1 ); char *psz_ret = malloc( i_len + 3*i_num + 2 ); *ppsz_encoded = psz_ret; char *psz_pathtozip; escapeToXml( &psz_pathtozip, psz_zippath ); if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; int i_track = 0; psz_file = convert_xml_special_chars( psz_file ? char *psz_path = strdup( psz_pathtozip ); if( astrcatf( &psz_path, "%s", psz_escapedName ) < 0 ) return -1; psz_path, psz_file, i_track ) < 0 ) return -1; parent->media = new_item( i_track ); tmp->next = new_item( i_track ); inline static item* new_item( int id ) psz_path, psz_file, i_track ) < 0 ) return -1; static int astrcatf( char **ppsz_dest, const char *psz_fmt_src, ... ) va_start( args, psz_fmt_src ); int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; char *psz_path = strdup( psz_pathtozip ); if( astrcatf( &psz_path, "%s", psz_escapedName ) < 0 ) return -1; psz_path, psz_file, i_track ) < 0 ) return -1; free( psz_path ); static int escapeToXml( char **ppsz_encoded, const char *psz_url ) escapeToXml( &psz_pathtozip, psz_zippath ); char *psz_path = strdup( psz_pathtozip ); psz_path, psz_file, i_track ) < 0 ) return -1; 0 --------------------------------- 110 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 214 static int Open( vlc_object_t *p_this ) access_t *p_access = (access_t*)p_this; char *psz_user = 0, *psz_pwd = 0, *psz_domain = 0; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_parser = strchr( psz_tmp, ';' ); psz_domain = strdup( psz_tmp ); if( !psz_user ) psz_user = var_CreateGetString( p_access, "smb-user" ); if( !psz_pwd ) psz_pwd = var_CreateGetString( p_access, "smb-pwd" ); if( !psz_domain ) psz_domain = var_CreateGetString( p_access, "smb-domain" ); if( psz_domain && !*psz_domain ) { free( psz_domain ); psz_domain = 0; } Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); free( psz_domain ); char *psz_domain ) VLC_UNUSED( psz_domain ); free( psz_domain ); 0 --------------------------------- 111 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cppfunc 214 static int Open( vlc_object_t *p_this ) access_t *p_access = (access_t*)p_this; char *psz_user = 0, *psz_pwd = 0, *psz_domain = 0; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_parser = strchr( psz_tmp, ';' ); psz_domain = strdup( psz_tmp ); if( !psz_user ) psz_user = var_CreateGetString( p_access, "smb-user" ); if( !psz_pwd ) psz_pwd = var_CreateGetString( p_access, "smb-pwd" ); if( !psz_domain ) psz_domain = var_CreateGetString( p_access, "smb-domain" ); if( psz_domain && !*psz_domain ) { free( psz_domain ); psz_domain = 0; } Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); free( psz_domain ); char *psz_domain ) VLC_UNUSED( psz_domain ); free( psz_domain ); 0 --------------------------------- 112 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp API 210 PROCESS_INFORMATION pi = {0}; NULL, &si, &pi); DWORD waitRes = WaitForSingleObject(pi.hProcess, TIME_TO_WAIT_ON_UPDATER); TerminateProcess(pi.hProcess, 1); if (GetExitCodeProcess(pi.hProcess, &returnCode)) { CloseHandle(pi.hProcess); 0 --------------------------------- 113 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 212 static int Open( vlc_object_t *p_this ) access_t *p_access = (access_t*)p_this; char *psz_user = 0, *psz_pwd = 0, *psz_domain = 0; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_parser = strchr( psz_tmp, ';' ); *psz_parser = 0; psz_parser++; else psz_parser = psz_tmp; psz_user = strdup( psz_parser ); if( !psz_user ) psz_user = var_CreateGetString( p_access, "smb-user" ); if( psz_user && !*psz_user ) { free( psz_user ); psz_user = 0; } Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); free( psz_user ); char *psz_user, char *psz_pwd, free( psz_user ); i_result = OurWNetAddConnection2( &net_resource, psz_pwd, psz_user, 0 ); free( psz_user ); 0 --------------------------------- 114 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cppfunc 212 static int Open( vlc_object_t *p_this ) access_t *p_access = (access_t*)p_this; char *psz_user = 0, *psz_pwd = 0, *psz_domain = 0; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_parser = strchr( psz_tmp, ';' ); *psz_parser = 0; psz_parser++; else psz_parser = psz_tmp; psz_user = strdup( psz_parser ); if( !psz_user ) psz_user = var_CreateGetString( p_access, "smb-user" ); if( psz_user && !*psz_user ) { free( psz_user ); psz_user = 0; } Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); free( psz_user ); char *psz_user, char *psz_pwd, free( psz_user ); i_result = OurWNetAddConnection2( &net_resource, psz_pwd, psz_user, 0 ); free( psz_user ); 0 --------------------------------- 115 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 213 static int Open( vlc_object_t *p_this ) access_t *p_access = (access_t*)p_this; char *psz_user = 0, *psz_pwd = 0, *psz_domain = 0; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_pwd = strdup( psz_parser+1 ); if( !psz_user ) psz_user = var_CreateGetString( p_access, "smb-user" ); if( !psz_pwd ) psz_pwd = var_CreateGetString( p_access, "smb-pwd" ); if( psz_pwd && !*psz_pwd ) { free( psz_pwd ); psz_pwd = 0; } Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); free( psz_pwd ); char *psz_user, char *psz_pwd, free( psz_pwd ); i_result = OurWNetAddConnection2( &net_resource, psz_pwd, psz_user, 0 ); free( psz_pwd ); 0 --------------------------------- 116 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cppfunc 213 static int Open( vlc_object_t *p_this ) access_t *p_access = (access_t*)p_this; char *psz_user = 0, *psz_pwd = 0, *psz_domain = 0; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_pwd = strdup( psz_parser+1 ); if( !psz_user ) psz_user = var_CreateGetString( p_access, "smb-user" ); if( !psz_pwd ) psz_pwd = var_CreateGetString( p_access, "smb-pwd" ); if( psz_pwd && !*psz_pwd ) { free( psz_pwd ); psz_pwd = 0; } Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); free( psz_pwd ); char *psz_user, char *psz_pwd, free( psz_pwd ); i_result = OurWNetAddConnection2( &net_resource, psz_pwd, psz_user, 0 ); free( psz_pwd ); 0 --------------------------------- 117 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 466 if ((device_uri = calloc(1, sizeof(device_uri_t))) == NULL) if ((device_uri->uris = cupsArrayNew(NULL, NULL)) == NULL) free(device_uri); 0 --------------------------------- 118 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 466 if ((device_uri = calloc(1, sizeof(device_uri_t))) == NULL) if ((device_uri->uris = cupsArrayNew(NULL, NULL)) == NULL) free(device_uri); 0 --------------------------------- 119 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 56 avi_chunk_t chk; if( AVI_ChunkReadCommon( s, &chk ) ) int _AVI_ChunkRead( stream_t *s, avi_chunk_t *p_chk, avi_chunk_t *p_father ) if( AVI_ChunkReadCommon( s, p_chk ) ) static int AVI_ChunkReadCommon( stream_t *s, avi_chunk_t *p_chk ) memset( p_chk, 0, sizeof( avi_chunk_t ) ); 0 --------------------------------- 120 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 970 void NetworkUtils::disableNat(CommandChain* aChain, if (!GET_FIELD(mIp).IsEmpty() && !GET_FIELD(mPrefix).IsEmpty()) { uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = getNetworkAddr(ip, prefix); GET_CHAR(mInternalIfname), GET_CHAR(mExternalIfname), networkAddr, 0 --------------------------------- 121 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 971 void NetworkUtils::disableNat(CommandChain* aChain, if (!GET_FIELD(mIp).IsEmpty() && !GET_FIELD(mPrefix).IsEmpty()) { uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); GET_CHAR(mInternalIfname), GET_CHAR(mExternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 122 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 703 folder = path; char *sep = strchr( folder, '/' ); *sep = '\0'; return findOrCreateParentNode( current, sep ); ret = findOrCreateParentNode( ret, sep ); static node* findOrCreateParentNode( node *root, const char *fullpath ) char *path = strdup( fullpath ); free( path ); 0 --------------------------------- 123 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 703 folder = path; char *sep = strchr( folder, '/' ); *sep = '\0'; return findOrCreateParentNode( current, sep ); ret = findOrCreateParentNode( ret, sep ); static node* findOrCreateParentNode( node *root, const char *fullpath ) char *path = strdup( fullpath ); free( path ); 0 --------------------------------- 124 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 367 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); fprintf(out, " IBSplitSpecialPrevSibling=%p", IBprevsibling); fprintf(out, " [content=%p]", static_cast(mContent)); 0 --------------------------------- 125 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 233 PROCESS_INFORMATION pi = {0}; NULL, installDir, &si, &pi); CloseHandle(pi.hThread); 0 --------------------------------- 126 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 232 PROCESS_INFORMATION pi = {0}; NULL, installDir, &si, &pi); CloseHandle(pi.hProcess); 0 --------------------------------- 127 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 2518 path->data = NULL; path->size = 0; if (!strncmp(s1->data, s2->data, s1->size - 1)) { V9fsPath oldpath, newpath; v9fs_path_init(&oldpath); v9fs_co_name_to_path(pdu, olddir, old_name->data, &oldpath); if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); static int v9fs_path_is_ancestor(V9fsPath *s1, V9fsPath *s2) if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); void v9fs_path_init(V9fsPath *path) v9fs_path_init(&oldpath); v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); 0 --------------------------------- 128 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4726 const char *spec) char *endptr; spec += 2; prog_id = strtol(spec, &endptr, 0); 0 --------------------------------- 129 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4726 const char *spec) char *endptr; spec += 2; prog_id = strtol(spec, &endptr, 0); 0 --------------------------------- 130 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 1416 Ogg_LogicalStreamDelete( p_demux, p_ogg->pp_stream[i_stream] ); static void Ogg_LogicalStreamDelete( demux_t *p_demux, logical_stream_t *p_stream ); free( p_ogg->pp_stream ); 0 --------------------------------- 131 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cppfunc 1416 Ogg_LogicalStreamDelete( p_demux, p_ogg->pp_stream[i_stream] ); static void Ogg_LogicalStreamDelete( demux_t *p_demux, logical_stream_t *p_stream ); free( p_ogg->pp_stream ); 0 --------------------------------- 132 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 242 void StreamClose( vlc_object_t *p_this ) stream_sys_t *p_sys = s->p_sys; unzClose( p_sys->zipFile ); free( p_sys->fileFunctions ); free( p_sys->psz_xspf ); free( p_sys->psz_path ); free( p_sys ); 0 --------------------------------- 133 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 242 void StreamClose( vlc_object_t *p_this ) stream_sys_t *p_sys = s->p_sys; unzClose( p_sys->zipFile ); free( p_sys->fileFunctions ); free( p_sys->psz_xspf ); free( p_sys->psz_path ); free( p_sys ); 0 --------------------------------- 134 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c cfunc 488 void *data, int *data_size, const uint8_t *buf, int buf_size) unsigned char *output_samples = (unsigned char *)data; const unsigned char *p = buf + 16; *data_size = vmdaudio_loadsound(s, output_samples, p, 0, buf_size - 16); uint32_t flags = AV_RB32(p); int raw_block_size = s->block_align * s->bits / 8; silent_chunks = 32; silent_chunks = av_log2(flags + 1); memset(output_samples, 0, raw_block_size * silent_chunks); output_samples += raw_block_size * silent_chunks; *data_size += vmdaudio_loadsound(s, output_samples, p + 4, 0, buf_size - 20); *data_size = vmdaudio_loadsound(s, output_samples, p, 1, 0); const uint8_t *buf, int silence, int data_size) memset(data, 0, data_size * 2); static int vmdaudio_loadsound(VmdAudioContext *s, unsigned char *data, memset(data, 0, data_size * 2); 0 --------------------------------- 135 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 510 add_device_uri(char *value) value ++; for (start = value; *value && *value != '\"'; value ++) *value++ = '\0'; while (isspace(*value & 255)) value ++; for (start = value; *value && !isspace(*value & 255); value ++); *value++ = '\0'; for (start = value; *value && !isspace(*value & 255); value ++); 0 --------------------------------- 136 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 510 add_device_uri(char *value) value ++; for (start = value; *value && *value != '\"'; value ++) *value++ = '\0'; while (isspace(*value & 255)) value ++; for (start = value; *value && !isspace(*value & 255); value ++); *value++ = '\0'; for (start = value; *value && !isspace(*value & 255); value ++); 0 --------------------------------- 137 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 1026 ! memcmp( &oggpacket.packet[1], "kate\0\0\0", 7 ) ) ! memcmp( oggpacket.packet, "\x01vorbis", 7 ) ) ! memcmp( oggpacket.packet, "Speex", 5 ) ) ! memcmp( oggpacket.packet, "fLaC", 4 ) ) ! memcmp( oggpacket.packet, "\x80theora", 7 ) ) ! memcmp( oggpacket.packet, "KW-DIRAC\x00", 9 ) ) ) ! memcmp( oggpacket.packet, "BBCD\x00", 5 ) ) || ! memcmp( oggpacket.packet, "Annodex", 7 ) ) ! memcmp( oggpacket.packet, "AnxData", 7 ) ) 0 --------------------------------- 138 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 759 size_t len, asn1_debug(buffer, value_length, indent + 4); value_length = asn1_get_length(&buffer, bufend); value_length); 0 --------------------------------- 139 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c cfunc 930 static uint32_t vmsvga_value_read(void *opaque, uint32_t address) printf("%s: Bad register %02x\n", __func__, s->index); static uint64_t vmsvga_io_read(void *opaque, hwaddr addr, unsigned size) struct vmsvga_state_s *s = opaque; case SVGA_IO_MUL * SVGA_VALUE_PORT: return vmsvga_value_read(s, addr); 0 --------------------------------- 140 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 711 unsigned char *buf = NULL; unsigned char *bitmask = NULL; frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); return NULL; return NULL; frag->fragment = buf; (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); bitmask = return NULL; memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); frag->reassembly = bitmask; return frag; frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); unsigned char wire[DTLS1_HM_HEADER_LENGTH]; struct hm_header_st msg_hdr; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, dtls1_get_message_header(wire, &msg_hdr); return dtls1_reassemble_fragment(s, &msg_hdr, ok); n2l3(data, msg_hdr->msg_len); n2s(data, msg_hdr->seq); n2l3(data, msg_hdr->frag_off); n2l3(data, msg_hdr->frag_len); dtls1_get_message_header(wire, &msg_hdr); return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, buf = (unsigned char *)OPENSSL_malloc(frag_len); frag->fragment = buf; return frag; frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr)); dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); dtls1_get_message_header(wire, &msg_hdr); return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); msg_hdr->type = *(data++); dtls1_get_message_header(wire, &msg_hdr); return dtls1_reassemble_fragment(s, &msg_hdr, ok); dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, return dtls1_reassemble_fragment(s, msg_hdr, ok); 0 --------------------------------- 141 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 1297 size_t len = strlen(rtsp_methods[ii]); g_ascii_strncasecmp(rtsp_methods[ii], data, len) == 0 && for (ii = 0; ii < RTSP_NMETHODS; ii++) { if (ii == RTSP_NMETHODS) { (gint) strlen(rtsp_methods[ii]), rtsp_methods[ii]); 0 --------------------------------- 142 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 815 nsBlockFrame::GetPrefWidth(nsRenderingContext *aRenderingContext) InlinePrefWidthData data; curFrame = static_cast(curFrame->GetNextContinuation())) { for (line_iterator line = curFrame->begin_lines(), line_end = curFrame->end_lines(); data.ForceBreak(aRenderingContext); data.currentLine = nsLayoutUtils::IntrinsicForContainer(aRenderingContext, data.ForceBreak(aRenderingContext); data.currentLine = nsLayoutUtils::IntrinsicForContainer(aRenderingContext, line == curFrame->begin_lines()) { if (!curFrame->GetPrevContinuation() && const nsStyleCoord &indent = GetStyleText()->mTextIndent; if (indent.ConvertsToLength()) data.currentLine += nsRuleNode::ComputeCoordPercentCalc(indent, 0); data.lineContainer = curFrame; for (int32_t i = 0, i_end = line->GetChildCount(); i != i_end; data.line = &line; kid->AddInlinePrefWidth(aRenderingContext, &data); data.ForceBreak(aRenderingContext); data.currentLine = nsLayoutUtils::IntrinsicForContainer(aRenderingContext, kid->AddInlinePrefWidth(aRenderingContext, &data); data.prevLines, data.currentLine); kid->AddInlinePrefWidth(aRenderingContext, &data); data.prevLines, data.currentLine); return nsBidiPresUtils::Resolve(this); for (nsBlockFrame* curFrame = this; curFrame; for (line_iterator line = curFrame->begin_lines(), line_end = curFrame->end_lines(); line->IsBlock() ? "block" : "inline", line->IsEmpty() ? ", empty" : ""); if (line->IsBlock()) { line->mFirstChild, nsLayoutUtils::PREF_WIDTH); data.currentLine = nsLayoutUtils::IntrinsicForContainer(aRenderingContext, data.ForceBreak(aRenderingContext); data.ForceBreak(aRenderingContext); data.line = &line; data.ForceBreak(aRenderingContext); data.ForceBreak(aRenderingContext); kid->AddInlinePrefWidth(aRenderingContext, &data); data.currentLine += nsRuleNode::ComputeCoordPercentCalc(indent, 0); data.prevLines, data.currentLine); 0 --------------------------------- 143 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 671 char *p; buf[line_len] = '\0'; tmp = buf + STRLEN_CONST(rtsp_content_length); while (*tmp && isspace(*tmp)) tmp++; content_length = strtol(tmp, &p, 10); 0 --------------------------------- 144 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cppfunc 671 char *p; buf[line_len] = '\0'; tmp = buf + STRLEN_CONST(rtsp_content_length); while (*tmp && isspace(*tmp)) tmp++; content_length = strtol(tmp, &p, 10); 0 --------------------------------- 145 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 673 char *p; content_length = strtol(tmp, &p, 10); up = p; if (up == tmp || (*up != '\0' && !isspace(*up))) 0 --------------------------------- 146 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cppfunc 673 char *p; content_length = strtol(tmp, &p, 10); up = p; if (up == tmp || (*up != '\0' && !isspace(*up))) 0 --------------------------------- 147 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 969 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *data = *p; ssl_check_for_safari(s, data, limit); static void ssl_check_for_safari(SSL *s, const unsigned char *data, unsigned short type, size; static const unsigned char kSafariTLS12ExtensionsBlock[] = { data += 2; n2s(data, type); n2s(data, size); data += size; const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); if (memcmp(data, kSafariExtensionsBlock, len1) != 0) if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) 0 --------------------------------- 148 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp API 228 NULL, 0, NULL); HANDLE thread = CreateThread(NULL, 0, EnsureProcessTerminatedThread, CloseHandle(thread); 0 --------------------------------- 149 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 887 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *ret = buf; ret += 2; s2n(TLSEXT_TYPE_server_name, ret); s2n(0, ret); int el; if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { s2n(TLSEXT_TYPE_renegotiate, ret); s2n(el, ret); if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { ret += el; s2n(TLSEXT_TYPE_ec_point_formats, ret); s2n(s->tlsext_ecpointformatlist_length + 1, ret); *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length; memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); ret += s->tlsext_ecpointformatlist_length; s2n(TLSEXT_TYPE_session_ticket, ret); s2n(0, ret); s2n(TLSEXT_TYPE_status_request, ret); s2n(0, ret); size_t sol = s->s3->server_opaque_prf_input_len; s2n(TLSEXT_TYPE_opaque_prf_input, ret); s2n(sol + 2, ret); s2n(sol, ret); memcpy(ret, s->s3->server_opaque_prf_input, sol); ret += sol; int el; ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0); s2n(TLSEXT_TYPE_use_srtp, ret); s2n(el, ret); if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) { ret += el; memcpy(ret, cryptopro_ext, 36); ret += 36; s2n(TLSEXT_TYPE_heartbeat, ret); s2n(1, ret); *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS; *(ret++) = SSL_TLSEXT_HB_ENABLED; const unsigned char *npa; unsigned int npalen; r = s->ctx->next_protos_advertised_cb(s, &npa, &npalen, s2n(TLSEXT_TYPE_next_proto_neg, ret); s2n(npalen, ret); memcpy(ret, npa, npalen); 0 --------------------------------- 150 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c cfunc 683 static int nsv_read_packet(AVFormatContext *s, AVPacket *pkt) memcpy(pkt, &nsv->ahead[i], sizeof(AVPacket)); nsv->ahead[i].data = NULL; memcpy(pkt, &nsv->ahead[i], sizeof(AVPacket)); 0 --------------------------------- 151 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp cfunc 275 char *entity = nullptr; rv = mEntityConverter->ConvertUTF32ToEntity(inUCS4, mEntityVersion, &entity); if (!entity || (int32_t)strlen(entity) > bufferLength) { 0 --------------------------------- 152 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 2754 st = ic->streams[pkt->stream_index]; double dts= (is_relative(pkt->dts) ? pkt->dts - RELATIVE_TS_BASE : pkt->dts) * av_q2d(st->time_base); double sdts= dts*framerate/(1001*12); int ticks= lrintf(sdts+j*0.5); static int is_relative(int64_t ts) { double dts= (is_relative(pkt->dts) ? pkt->dts - RELATIVE_TS_BASE : pkt->dts) * av_q2d(st->time_base); double sdts= dts*framerate/(1001*12); int ticks= lrintf(sdts+j*0.5); 0 --------------------------------- 153 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 1345 process_rtsp_reply(tvbuff_t *tvb, int offset, const guchar *data, const guchar *status = data; while (status < lineend && !isspace(*status)) status++; while (status < lineend && isspace(*status)) status++; while (status < lineend && isspace(*status)) 0 --------------------------------- 154 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cppfunc 1345 process_rtsp_reply(tvbuff_t *tvb, int offset, const guchar *data, const guchar *status = data; while (status < lineend && !isspace(*status)) status++; while (status < lineend && isspace(*status)) status++; while (status < lineend && isspace(*status)) 0 --------------------------------- 155 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c cfunc 435 int x0, int y0, int x1, int y1, int w, int h) uint32_t cmd = s->fifo[CMD(stop) >> 2]; return cmd; return le32_to_cpu(vmsvga_fifo_read_raw(s)); width = vmsvga_fifo_read(s); if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) { DisplaySurface *surface = qemu_console_surface(s->vga.con); int bypl = surface_stride(surface); int bypp = surface_bytes_per_pixel(surface); int width = bypp * w; memmove(ptr[1], ptr[0], width); 0 --------------------------------- 156 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1808 char filename[1024], line[1024], if ((cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL) cups_serverroot = CUPS_SERVERROOT; snprintf(filename, sizeof(filename), "%s/snmp.conf", cups_serverroot); if ((fp = cupsFileOpen(filename, "r")) != NULL) linenum = 0; while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) fprintf(stderr, "ERROR: Missing value on line %d of %s!\n", linenum, filename); else if (!strcasecmp(line, "Address")) else if (!strcasecmp(line, "Community")) else if (!strcasecmp(line, "DebugLevel")) else if (!strcasecmp(line, "DeviceURI")) else if (!strcasecmp(line, "HostNameLookups")) else if (!strcasecmp(line, "MaxRunTime")) line, linenum, filename); 0 --------------------------------- 157 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp cfunc 901 int passes = 0; growth = 0; delta = 0; passes++; JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN); growth += delta; passes, offset + growth, offset, growth); UpdateJumpTargets(JSJumpTarget *jt, ptrdiff_t pivot, ptrdiff_t delta) delta += JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN; growth += delta; passes, offset + growth, offset, growth); 0 --------------------------------- 158 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp cfunc 900 UpdateJumpTargets(jt->kids[JT_LEFT], pivot, delta); UpdateJumpTargets(jt->kids[JT_RIGHT], pivot, delta); JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN); UpdateJumpTargets(JSJumpTarget *jt, ptrdiff_t pivot, ptrdiff_t delta) delta += JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN; growth += delta; growth / (JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN), cg->numSpanDeps, passes, offset + growth, offset, growth); growth / (JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN), cg->numSpanDeps, 0 --------------------------------- 159 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 766 asn1_debug(buffer, value_length, indent + 4); asn1_debug(buffer, value_length, indent + 4); int indent) fprintf(stderr, "DEBUG: %*sBOOLEAN %d bytes %d\n", indent, "", fprintf(stderr, "DEBUG: %*sINTEGER %d bytes %d\n", indent, "", fprintf(stderr, "DEBUG: %*sOCTET STRING %d bytes \"%s\"\n", indent, "", fprintf(stderr, "DEBUG: %*sOID %d bytes ", indent, "", asn1_debug(buffer, value_length, indent + 4); fprintf(stderr, ".%d", oid[i]); putc('\n', stderr); fprintf(stderr, "DEBUG: %*sGet-Response-PDU %d bytes\n", indent, "", fprintf(stderr, "DEBUG: %*sGet-Request-PDU %d bytes\n", indent, "", 0 --------------------------------- 160 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 767 size_t len, asn1_debug(buffer, value_length, indent + 4); value_length = asn1_get_length(&buffer, bufend); value_length); 0 --------------------------------- 161 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1805 *value; while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) DebugLevel = atoi(value); add_device_uri(value); !strcasecmp(value, "double"); !strcasecmp(value, "true") || !strcasecmp(value, "yes") || HostNameLookups = !strcasecmp(value, "on") || MaxRunTime = atoi(value); static device_uri_t *add_device_uri(char *value); MaxRunTime = atoi(value); 0 --------------------------------- 162 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 1805 *value; while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) DebugLevel = atoi(value); add_device_uri(value); !strcasecmp(value, "double"); !strcasecmp(value, "true") || !strcasecmp(value, "yes") || HostNameLookups = !strcasecmp(value, "on") || MaxRunTime = atoi(value); static device_uri_t *add_device_uri(char *value); MaxRunTime = atoi(value); 0 --------------------------------- 163 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 626 HKEY testOnlyFallbackKey; &testOnlyFallbackKey) != ERROR_SUCCESS) { RegCloseKey(testOnlyFallbackKey); 0 --------------------------------- 164 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 1819 nsBlockFrame::BlockNeedsFloatManager(nsIFrame* aBlock) NS_PRECONDITION(aBlock, "Must have a frame"); NS_ASSERTION(nsLayoutUtils::GetAsBlock(aBlock), "aBlock must be a block"); nsIFrame* parent = aBlock->GetParent(); return (aBlock->GetStateBits() & NS_BLOCK_FLOAT_MGR) || bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); topMarginRoot, bottomMarginRoot, needFloatManager); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, DrainPushedFloats(state); (parent && !parent->IsFloatContainingBlock()); return (aBlock->GetStateBits() & NS_BLOCK_FLOAT_MGR) || bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); topMarginRoot, bottomMarginRoot, needFloatManager); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, DrainPushedFloats(state); nsBlockFrame::DrainPushedFloats(nsBlockReflowState& aState) DrainPushedFloats(state); rv = ReflowPushedFloats(state, fcBounds, fcStatus); *aBottomMarginRoot = GetNextInFlow() == nullptr; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); topMarginRoot, bottomMarginRoot, needFloatManager); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, DrainPushedFloats(state); *aTopMarginRoot = true; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); topMarginRoot, bottomMarginRoot, needFloatManager); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, DrainPushedFloats(state); *aBottomMarginRoot = true; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); topMarginRoot, bottomMarginRoot, needFloatManager); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, DrainPushedFloats(state); nsBlockFrame::ReflowPushedFloats(nsBlockReflowState& aState, rv = ReflowPushedFloats(state, fcBounds, fcStatus); rv = ReflowDirtyLines(state); if (0 != aState.ClearFloats(0, NS_STYLE_CLEAR_LEFT_AND_RIGHT)) { nsBlockFrame::ReflowPushedFloats(nsBlockReflowState& aState, rv = ReflowPushedFloats(state, fcBounds, fcStatus); rv = ReflowDirtyLines(state); nsBlockFrame::ReflowDirtyLines(nsBlockReflowState& aState) printf(" computedWidth=%d\n", aState.mReflowState.ComputedWidth()); nsBlockFrame::GetEffectiveComputedHeight(const nsHTMLReflowState& aReflowState) const if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, DrainPushedFloats(state); nscoord height = aReflowState.ComputedHeight(); if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, DrainPushedFloats(state); nsBlockFrame::Reflow(nsPresContext* aPresContext, nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, DrainPushedFloats(state); *aTopMarginRoot = false; *aBottomMarginRoot = false; *aTopMarginRoot = GetPrevInFlow() == nullptr; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); topMarginRoot, bottomMarginRoot, needFloatManager); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, DrainPushedFloats(state); nsBlockFrame::IsMarginRoot(bool* aTopMarginRoot, bool* aBottomMarginRoot) IsMarginRoot(&topMarginRoot, &bottomMarginRoot); topMarginRoot, bottomMarginRoot, needFloatManager); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, DrainPushedFloats(state); 0 --------------------------------- 165 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 1424 unsigned char save_write_sequence[8]; memcpy(save_write_sequence, s->s3->write_sequence, memcpy(s->s3->write_sequence, s->d1->last_write_sequence, memcpy(s->d1->last_write_sequence, s->s3->write_sequence, memcpy(s->s3->write_sequence, save_write_sequence, 0 --------------------------------- 166 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 1051 int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) sender, slen, i = s->method->ssl3_enc->final_finish_mac(s, s->s3->tmp.finish_md); i = s->method->ssl3_enc->final_finish_mac(s, memcpy(p, s->s3->tmp.finish_md, i); OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_server_finished, s->s3->tmp.finish_md, i); 0 --------------------------------- 167 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 758 fprintf(stderr, "DEBUG: %*sGet-Request-PDU %d bytes\n", indent, "", asn1_debug(buffer, value_length, indent + 4); asn1_debug(buffer, value_length, indent + 4); int indent) asn1_debug(buffer, value_length, indent + 4); fprintf(stderr, "DEBUG: %*sBOOLEAN %d bytes %d\n", indent, "", fprintf(stderr, "DEBUG: %*sINTEGER %d bytes %d\n", indent, "", fprintf(stderr, "DEBUG: %*sOCTET STRING %d bytes \"%s\"\n", indent, "", fprintf(stderr, "DEBUG: %*sOID %d bytes ", indent, "", fprintf(stderr, ".%d", oid[i]); putc('\n', stderr); fprintf(stderr, "DEBUG: %*sGet-Response-PDU %d bytes\n", indent, "", fprintf(stderr, "DEBUG: %*sSEQUENCE %d bytes\n", indent, "", 0 --------------------------------- 168 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cfunc 324 nullptr, nullptr, nullptr); png_structp pngread = png_create_read_struct(PNG_LIBPNG_VER_STRING, png_infop pnginfo = png_create_info_struct(pngread); if (setjmp(png_jmpbuf(pngread))) { 0 --------------------------------- 169 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cppfunc 324 nullptr, nullptr, nullptr); png_structp pngread = png_create_read_struct(PNG_LIBPNG_VER_STRING, png_infop pnginfo = png_create_info_struct(pngread); if (setjmp(png_jmpbuf(pngread))) { 0 --------------------------------- 170 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 871 static void print_sg(struct iovec *sg, int cnt) printf("sg[%d]: {", cnt); QEMUIOVector qiov; qemu_iovec_init(&qiov, qiov_full.niov); qemu_iovec_reset(&qiov); qemu_iovec_concat(&qiov, &qiov_full, count, qiov_full.size - count); print_sg(qiov.iov, qiov.niov); QEMUIOVector qiov; qemu_iovec_init(&qiov, qiov_full.niov); print_sg(qiov.iov, qiov.niov); len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); qemu_iovec_reset(&qiov); print_sg(qiov.iov, qiov.niov); 0 --------------------------------- 171 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 876 printf("(%p, %zd)", sg[i].iov_base, sg[i].iov_len); QEMUIOVector qiov; qemu_iovec_init(&qiov, qiov_full.niov); qemu_iovec_concat(&qiov, &qiov_full, count, qiov_full.size - count); print_sg(qiov.iov, qiov.niov); QEMUIOVector qiov; qemu_iovec_init(&qiov, qiov_full.niov); qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); print_sg(qiov.iov, qiov.niov); static void print_sg(struct iovec *sg, int cnt) printf("sg[%d]: {", cnt); printf("(%p, %zd)", sg[i].iov_base, sg[i].iov_len); len = v9fs_co_preadv(pdu, fidp, qiov.iov, qiov.niov, off); qemu_iovec_reset(&qiov); print_sg(qiov.iov, qiov.niov); len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); qemu_iovec_reset(&qiov); print_sg(qiov.iov, qiov.niov); 0 --------------------------------- 172 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 120 const BlockDebugFlags* bdf = gFlags; for (; bdf < end; bdf++) { printf(" %s\n", bdf->name); 0 --------------------------------- 173 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 347 if( CreatePlaylist( s, &p_sys->psz_xspf ) < 0 ) static int CreatePlaylist( stream_t *s, char **pp_buffer ); if( CreatePlaylist( s, &p_sys->psz_xspf ) < 0 ) p_sys->i_len = strlen( p_sys->psz_xspf ); 0 --------------------------------- 174 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 209 int StreamOpen( vlc_object_t *p_this ) stream_t *s = (stream_t*) p_this; stream_sys_t *p_sys; if( stream_Peek( s->p_source, &p_peek, i_zip_marker ) < i_zip_marker ) s->p_sys = p_sys = calloc( 1, sizeof( *p_sys ) ); s->pf_read = Read; s->pf_peek = Peek; s->pf_control = Control; calloc( 1, sizeof( zlib_filefunc_def ) ); p_sys->fileFunctions = ( zlib_filefunc_def * ) p_sys->fileFunctions->zopen_file = ZipIO_Open; p_sys->fileFunctions->zread_file = ZipIO_Read; p_sys->fileFunctions->zwrite_file = ZipIO_Write; p_sys->fileFunctions->ztell_file = ZipIO_Tell; p_sys->fileFunctions->zseek_file = ZipIO_Seek; p_sys->fileFunctions->zclose_file = ZipIO_Close; p_sys->fileFunctions->zerror_file = ZipIO_Error; p_sys->fileFunctions->opaque = ( void * ) s; p_sys->zipFile = unzOpen2( NULL free( p_sys->fileFunctions ); 0 --------------------------------- 175 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 209 int StreamOpen( vlc_object_t *p_this ) stream_t *s = (stream_t*) p_this; stream_sys_t *p_sys; if( stream_Peek( s->p_source, &p_peek, i_zip_marker ) < i_zip_marker ) s->p_sys = p_sys = calloc( 1, sizeof( *p_sys ) ); s->pf_read = Read; s->pf_peek = Peek; s->pf_control = Control; calloc( 1, sizeof( zlib_filefunc_def ) ); p_sys->fileFunctions = ( zlib_filefunc_def * ) p_sys->fileFunctions->zopen_file = ZipIO_Open; p_sys->fileFunctions->zread_file = ZipIO_Read; p_sys->fileFunctions->zwrite_file = ZipIO_Write; p_sys->fileFunctions->ztell_file = ZipIO_Tell; p_sys->fileFunctions->zseek_file = ZipIO_Seek; p_sys->fileFunctions->zclose_file = ZipIO_Close; p_sys->fileFunctions->zerror_file = ZipIO_Error; p_sys->fileFunctions->opaque = ( void * ) s; p_sys->zipFile = unzOpen2( NULL free( p_sys->fileFunctions ); 0 --------------------------------- 176 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c cfunc 505 void *data, int *data_size, const uint8_t *buf, int buf_size) unsigned char *output_samples = (unsigned char *)data; const unsigned char *p = buf + 16; *data_size = vmdaudio_loadsound(s, output_samples, p, 0, buf_size - 16); uint32_t flags = AV_RB32(p); int raw_block_size = s->block_align * s->bits / 8; silent_chunks = 32; silent_chunks = av_log2(flags + 1); memset(output_samples, 0, raw_block_size * silent_chunks); output_samples += raw_block_size * silent_chunks; *data_size += vmdaudio_loadsound(s, output_samples, p + 4, 0, buf_size - 20); *data_size = vmdaudio_loadsound(s, output_samples, p, 1, 0); const uint8_t *buf, int silence, int data_size) memset(data, 0, data_size * 2); static int vmdaudio_loadsound(VmdAudioContext *s, unsigned char *data, memset(data, 0, data_size * 2); 0 --------------------------------- 177 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 804 path->data = NULL; path->size = 0; path->data = NULL; path->size = 0; err = v9fs_co_open(pdu, f, f->open_flags); err = v9fs_co_opendir(pdu, f); for (f = s->fid_list; f; f = f->next) { BUG_ON(f->clunked); f->ref++; err = v9fs_reopen_fid(pdu, f); return NULL; f->flags |= FID_REFERENCED; return f; return NULL; fidp = get_fid(pdu, fid); err = v9fs_co_lstat(pdu, &fidp->path, &stbuf); err = stat_to_v9stat(pdu, &fidp->path, &stbuf, &v9stat); V9fsPath path; v9fs_path_init(&path); err = stat_to_v9stat(pdu, &path, &stbuf, &v9stat); v9fs_path_free(&path); err = v9fs_co_lstat(pdu, &path, &stbuf); err = v9fs_co_name_to_path(pdu, &fidp->path, dent->d_name, &path); v9fs_path_init(&path); static int stat_to_v9stat(V9fsPDU *pdu, V9fsPath *name, str = strrchr(name->data, '/'); void v9fs_path_init(V9fsPath *path) v9fs_path_init(&path); err = stat_to_v9stat(pdu, &path, &stbuf, &v9stat); static int v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) err = v9fs_reopen_fid(pdu, f); return f; fidp = get_fid(pdu, fid); err = stat_to_v9stat(pdu, &fidp->path, &stbuf, &v9stat); void v9fs_path_free(V9fsPath *path) v9fs_path_free(&path); err = stat_to_v9stat(pdu, &path, &stbuf, &v9stat); 0 --------------------------------- 178 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp cfunc 7175 js_FinishTakingSrcNotes(JSContext *cx, JSCodeGenerator *cg, jssrcnote *notes) prologCount = cg->prolog.noteCount; prologCount = cg->prolog.noteCount; memcpy(notes, cg->prolog.notes, SRCNOTE_SIZE(prologCount)); 0 --------------------------------- 179 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 651 frag = NULL; (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH; unsigned char *p = memcpy(&p[frag->msg_header.frag_off], frag->fragment, 0 --------------------------------- 180 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c cfunc 372 fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x); fprintf(stderr, "%s: w was < 0 (%d)\n", name, w); fprintf(stderr, "%s: w was > %d (%d)\n", name, SVGA_MAX_WIDTH, w); if (x + w > surface_width(surface)) { name, surface_width(surface), x, w); fprintf(stderr, "%s: y was < 0 (%d)\n", name, y); fprintf(stderr, "%s: y was > %d (%d)\n", name, SVGA_MAX_HEIGHT, y); if (y + h > surface_height(surface)) { name, surface_height(surface), y, h); DisplaySurface *surface = qemu_console_surface(s->vga.con); if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { x = 0; y = 0; w = surface_width(surface); h = surface_height(surface); bypl = surface_stride(surface); width = surface_bytes_per_pixel(surface) * w; start = surface_bytes_per_pixel(surface) * x + bypl * y; src = s->vga.vram_ptr + start; dst = surface_data(surface) + start; for (line = h; line > 0; line--, src += bypl, dst += bypl) { memcpy(dst, src, width); qemu_default_pixman_format(s->new_depth, true); trace_vmware_setmode(s->new_width, s->new_height, s->new_depth); static void vmsvga_update_display(void *opaque) vmsvga_check_size(s); static inline void vmsvga_check_size(struct vmsvga_state_s *s) vmsvga_check_size(s); vmsvga_fifo_run(s); static void vmsvga_fifo_run(struct vmsvga_state_s *s) len = vmsvga_fifo_length(s); vmsvga_fifo_run(s); vmsvga_update_rect_flush(s); static inline int vmsvga_fifo_length(struct vmsvga_state_s *s) len = vmsvga_fifo_length(s); static void vmsvga_fifo_run(struct vmsvga_state_s *s) vmsvga_fifo_run(s); vmsvga_update_rect_flush(s); static inline void vmsvga_update_rect_flush(struct vmsvga_state_s *s) rect = &s->redraw_fifo[s->redraw_fifo_first++]; vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h); int x, int y, int w, int h) if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { int x, int y, int w, int h) width = surface_bytes_per_pixel(surface) * w; start = surface_bytes_per_pixel(surface) * x + bypl * y; src = s->vga.vram_ptr + start; dst = surface_data(surface) + start; memcpy(dst, src, width); static inline void vmsvga_update_rect(struct vmsvga_state_s *s, vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h); rect = &s->redraw_fifo[s->redraw_fifo_first++]; vmsvga_update_rect(s, rect->x, rect->y, rect->w, rect->h); int x, int y, int w, int h) if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { int x, int y, int w, int h) fprintf(stderr, "%s: x was < 0 (%d)\n", name, x); width = surface_bytes_per_pixel(surface) * w; start = surface_bytes_per_pixel(surface) * x + bypl * y; src = s->vga.vram_ptr + start; dst = surface_data(surface) + start; memcpy(dst, src, width); for (line = h; line > 0; line--, src += bypl, dst += bypl) { memcpy(dst, src, width); static inline bool vmsvga_verify_rect(DisplaySurface *surface, bypl = surface_stride(surface); width = surface_bytes_per_pixel(surface) * w; for (line = h; line > 0; line--, src += bypl, dst += bypl) { memcpy(dst, src, width); 0 --------------------------------- 181 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 2368 static int tls_decrypt_ticket(SSL *s, const unsigned char *etick, int eticklen, const unsigned char *sess_id, int sesslen, SSL_SESSION **psess) int slen, mlen, renew_ticket = 0; HMAC_CTX hctx; EVP_CIPHER_CTX ctx; HMAC_CTX_init(&hctx); EVP_CIPHER_CTX_init(&ctx); &ctx, &hctx, 0); if (memcmp(etick, tctx->tlsext_tick_key_name, 16)) if (HMAC_Init_ex(&hctx, tctx->tlsext_tick_hmac_key, 16, || EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, etick + 16) <= 0) { mlen = HMAC_size(&hctx); if (eticklen <= 16 + EVP_CIPHER_CTX_iv_length(&ctx) + mlen) { eticklen -= mlen; if (HMAC_Update(&hctx, etick, eticklen) <= 0 if (CRYPTO_memcmp(tick_hmac, etick + eticklen, mlen)) { p = etick + 16 + EVP_CIPHER_CTX_iv_length(&ctx); eticklen -= 16 + EVP_CIPHER_CTX_iv_length(&ctx); sdec = OPENSSL_malloc(eticklen); || EVP_DecryptUpdate(&ctx, sdec, &slen, p, eticklen) <= 0) { if (EVP_DecryptFinal(&ctx, sdec + slen, &mlen) <= 0) { slen += mlen; p = sdec; sess = d2i_SSL_SESSION(NULL, &p, slen); memcpy(sess->session_id, sess_id, sesslen); 0 --------------------------------- 182 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4122 return av_guess_format("image2", NULL, NULL); return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); const char *filename, void *logctx, if ((ret = avio_open2(&s->pb, filename, AVIO_FLAG_READ | s->avio_flags, return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); const char *filename, void *logctx, if (!av_filename_number_test(filename)) { oformat = av_guess_format(format, NULL, NULL); AVOutputFormat *oformat, const char *filename) int ret = avformat_alloc_output_context2(&avctx, oformat, format, filename); const char *format, const char *filename) oformat = av_guess_format(NULL, filename, NULL); nd = 0; while (isdigit(*p)) { c = *p++; nd = nd * 10 + *p++ - '0'; snprintf(buf1, sizeof(buf1), "%0*d", nd, number); len = strlen(buf1); snprintf(buf1, sizeof(buf1), "%0*d", nd, number); AVOutputFormat *av_guess_format(const char *short_name, const char *filename, ff_guess_image2_codec(filename) != AV_CODEC_ID_NONE) { av_filename_number_test(filename) && int av_filename_number_test(const char *filename) return filename && (av_get_frame_filename(buf, sizeof(buf), filename, 1)>=0); const char *path, int number) p = path; c = *p++; nd = nd * 10 + *p++ - '0'; snprintf(buf1, sizeof(buf1), "%0*d", nd, number); len = strlen(buf1); snprintf(buf1, sizeof(buf1), "%0*d", nd, number); int avformat_open_input(AVFormatContext **ps, const char *filename, AVInputFormat *fmt, AVDictionary **options) if ((ret = init_input(s, filename, &tmp)) < 0) static int init_input(AVFormatContext *s, const char *filename, AVDictionary **options) if (!av_filename_number_test(filename)) { 0 --------------------------------- 183 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 2429 v9fs_string_init(&stat->name); v9fs_string_init(&stat->uid); v9fs_string_init(&stat->gid); v9fs_string_init(&stat->muid); v9fs_string_init(&stat->extension); V9fsString name; v9fs_string_init(&name); err = pdu_unmarshal(pdu, offset, "dds", &fid, &newdirfid, &name); err = v9fs_complete_rename(pdu, fidp, newdirfid, &name); V9fsStat v9stat; v9fs_stat_init(&v9stat); err = pdu_unmarshal(pdu, offset, "dwS", &fid, &unused, &v9stat); v9stat.mode, v9stat.atime, v9stat.mtime); if (donttouch_stat(&v9stat)) { err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name); int32_t newdirfid, V9fsString *name) old_name = fidp->path.data; end = strrchr(old_name, '/'); end++; end = old_name; new_name = g_malloc0(end - old_name + name->size + 1); strncat(new_name, old_name, end - old_name); strncat(new_name + (end - old_name), name->data, name->size); static void v9fs_stat_init(V9fsStat *stat) v9fs_stat_init(&v9stat); err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name); int32_t newdirfid, V9fsString *name) new_name = g_malloc0(end - old_name + name->size + 1); strncat(new_name, old_name, end - old_name); strncat(new_name + (end - old_name), name->data, name->size); static int donttouch_stat(V9fsStat *stat) if (donttouch_stat(&v9stat)) { err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name); int32_t newdirfid, V9fsString *name) new_name = g_malloc0(end - old_name + name->size + 1); strncat(new_name, old_name, end - old_name); strncat(new_name + (end - old_name), name->data, name->size); 0 --------------------------------- 184 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4126 return av_guess_format("image2", NULL, NULL); char buf[1024]; return filename && (av_get_frame_filename(buf, sizeof(buf), filename, 1)>=0); return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); const char *filename, void *logctx, if ((ret = avio_open2(&s->pb, filename, AVIO_FLAG_READ | s->avio_flags, return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); const char *filename, void *logctx, if (!av_filename_number_test(filename)) { oformat = av_guess_format(format, NULL, NULL); AVOutputFormat *oformat, const char *filename) int ret = avformat_alloc_output_context2(&avctx, oformat, format, filename); const char *format, const char *filename) oformat = av_guess_format(NULL, filename, NULL); char *q, buf1[20], c; nd = 0; while (isdigit(*p)) { c = *p++; nd = nd * 10 + *p++ - '0'; memcpy(q, buf1, len); snprintf(buf1, sizeof(buf1), "%0*d", nd, number); len = strlen(buf1); memcpy(q, buf1, len); int av_filename_number_test(const char *filename) return filename && (av_get_frame_filename(buf, sizeof(buf), filename, 1)>=0); const char *path, int number) p = path; c = *p++; nd = nd * 10 + *p++ - '0'; snprintf(buf1, sizeof(buf1), "%0*d", nd, number); len = strlen(buf1); memcpy(q, buf1, len); q += len; memcpy(q, buf1, len); *q++ = c; memcpy(q, buf1, len); AVOutputFormat *av_guess_format(const char *short_name, const char *filename, ff_guess_image2_codec(filename) != AV_CODEC_ID_NONE) { av_filename_number_test(filename) && int av_get_frame_filename(char *buf, int buf_size, q = buf; memcpy(q, buf1, len); int avformat_open_input(AVFormatContext **ps, const char *filename, AVInputFormat *fmt, AVDictionary **options) if ((ret = init_input(s, filename, &tmp)) < 0) static int init_input(AVFormatContext *s, const char *filename, AVDictionary **options) if (!av_filename_number_test(filename)) { 0 --------------------------------- 185 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 422 AVI_READCHUNK_ENTER; p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_buff + 8 + sizeof( WAVEFORMATEX ), if( p_chk->strf.vids.p_bih->biSize - sizeof(BITMAPINFOHEADER) > 0 ) p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); p_buff + 8 + sizeof(BITMAPINFOHEADER), AVI_READCHUNK_EXIT( VLC_SUCCESS ); 0 --------------------------------- 186 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cppfunc 422 AVI_READCHUNK_ENTER; p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_buff + 8 + sizeof( WAVEFORMATEX ), if( p_chk->strf.vids.p_bih->biSize - sizeof(BITMAPINFOHEADER) > 0 ) p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); p_buff + 8 + sizeof(BITMAPINFOHEADER), AVI_READCHUNK_EXIT( VLC_SUCCESS ); 0 --------------------------------- 187 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c inputfunc 303 char *argv[]) read_snmp_conf(argv[1]); static void read_snmp_conf(const char *address); 0 --------------------------------- 188 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 222 static int Open( vlc_object_t *p_this ) char *psz_path, *psz_uri; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_path = p_access->psz_path; psz_parser = strchr( psz_tmp, '@' ); *psz_parser = 0; psz_path = p_access->psz_path + (psz_parser - psz_tmp) + 1; Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); i_ret = asprintf( &psz_uri, " free( psz_uri ); strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_parser = strchr( psz_path, '/' ); i_ret = asprintf( &psz_uri, " free( psz_uri ); static void Win32AddConnection( access_t *p_access, char *psz_path, i_ret = asprintf( &psz_uri, " free( psz_uri ); 0 --------------------------------- 189 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cppfunc 222 static int Open( vlc_object_t *p_this ) char *psz_path, *psz_uri; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_path = p_access->psz_path; psz_parser = strchr( psz_tmp, '@' ); *psz_parser = 0; psz_path = p_access->psz_path + (psz_parser - psz_tmp) + 1; Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); i_ret = asprintf( &psz_uri, " free( psz_uri ); strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_parser = strchr( psz_path, '/' ); i_ret = asprintf( &psz_uri, " free( psz_uri ); static void Win32AddConnection( access_t *p_access, char *psz_path, i_ret = asprintf( &psz_uri, " free( psz_uri ); 0 --------------------------------- 190 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 159 const uint8_t *p_peek; if( stream_Peek( p_demux->s, &p_peek, 4 ) < 4 ) return VLC_EGENERIC; if( !p_demux->b_force && memcmp( p_peek, "OggS", 4 ) ) 0 --------------------------------- 191 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 1752 ts_max= ts_min= AV_NOPTS_VALUE; e= &st->index_entries[index]; ts_min= e->timestamp; ts_max= e->timestamp; pos= ff_gen_search(s, stream_index, target_ts, pos_min, pos_max, pos_limit, ts_min, ts_max, flags, &ts, avif->read_timestamp); int64_t ts_min, int64_t ts_max, int flags, int64_t *ts_ret, pos_min = s->data_offset; ts_min = read_timestamp(s, stream_index, &pos_min, INT64_MAX); int step= 1024; filesize = avio_size(s->pb); pos_max = filesize - 1; pos_max -= step; step += step; ts_max = read_timestamp(s, stream_index, &pos_max, pos_max + step); int64_t tmp_ts= read_timestamp(s, stream_index, &tmp_pos, INT64_MAX); ts_max= tmp_ts; ts = read_timestamp(s, stream_index, &pos, INT64_MAX); assert(ts != AV_NOPTS_VALUE); ts_max = ts; ts_min = ts; pos = av_rescale(target_ts - ts_min, pos_max - pos_min, ts_max - ts_min) pos_min = s->data_offset; pos_max = avio_size(s->pb) - 1; if (pos < pos_min) pos= pos_min; else if(pos > pos_max) pos= pos_max; avio_seek(s->pb, pos, SEEK_SET); index = av_index_search_timestamp(st, timestamp, flags); if(s->iformat->read_seek(s, stream_index, timestamp, flags) >= 0) return seek_frame_byte(s, stream_index, timestamp, flags); timestamp = av_rescale(timestamp, st->time_base.den, AV_TIME_BASE * (int64_t)st->time_base.num); ret = s->iformat->read_seek(s, stream_index, timestamp, flags); return ff_seek_frame_binary(s, stream_index, timestamp, flags); ret = av_seek_frame(s, stream_index, ts, flags | (dir^AVSEEK_FLAG_BACKWARD)); static int seek_frame_byte(AVFormatContext *s, int stream_index, int64_t pos, int flags){ avio_seek(s->pb, pos, SEEK_SET); ret = av_seek_frame(s, stream_index, ts, flags | (dir^AVSEEK_FLAG_BACKWARD)); int av_seek_frame(AVFormatContext *s, int stream_index, int64_t timestamp, int flags) int ret = seek_frame_internal(s, stream_index, timestamp, flags); int64_t timestamp, int flags) return ff_seek_frame_binary(s, stream_index, timestamp, flags); int ff_seek_frame_binary(AVFormatContext *s, int stream_index, int64_t target_ts, int flags) av_dlog(s, "read_seek: %d %s\n", stream_index, av_ts2str(target_ts)); index= av_index_search_timestamp(st, target_ts, flags | AVSEEK_FLAG_BACKWARD); int av_index_search_timestamp(AVStream *st, int64_t wanted_timestamp, wanted_timestamp, flags); int64_t wanted_timestamp, int flags) index= av_index_search_timestamp(st, target_ts, flags & ~AVSEEK_FLAG_BACKWARD); assert(e->timestamp >= target_ts); ret = av_seek_frame(s, stream_index, ts, flags | (dir^AVSEEK_FLAG_BACKWARD)); int av_index_search_timestamp(AVStream *st, int64_t wanted_timestamp, wanted_timestamp, flags); int64_t wanted_timestamp, int flags) assert(e->timestamp >= target_ts); int avformat_seek_file(AVFormatContext *s, int stream_index, int64_t min_ts, int64_t ts, int64_t max_ts, int flags) int ret = av_seek_frame(s, stream_index, ts, flags | dir); ret = av_seek_frame(s, stream_index, dir ? max_ts : min_ts, flags | dir); int64_t ff_gen_search(AVFormatContext *s, int stream_index, int64_t target_ts, av_dlog(s, "gen_seek: %d %s\n", stream_index, av_ts2str(target_ts)); ts_min = read_timestamp(s, stream_index, &pos_min, INT64_MAX); pos = av_rescale(target_ts - ts_min, pos_max - pos_min, ts_max - ts_min) ret = av_seek_frame(s, stream_index, ts, flags | (dir^AVSEEK_FLAG_BACKWARD)); 0 --------------------------------- 192 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 1752 ts_max= ts_min= AV_NOPTS_VALUE; e= &st->index_entries[index]; ts_min= e->timestamp; ts_max= e->timestamp; pos= ff_gen_search(s, stream_index, target_ts, pos_min, pos_max, pos_limit, ts_min, ts_max, flags, &ts, avif->read_timestamp); int64_t ts_min, int64_t ts_max, int flags, int64_t *ts_ret, pos_min = s->data_offset; ts_min = read_timestamp(s, stream_index, &pos_min, INT64_MAX); int step= 1024; filesize = avio_size(s->pb); pos_max = filesize - 1; pos_max -= step; step += step; ts_max = read_timestamp(s, stream_index, &pos_max, pos_max + step); int64_t tmp_ts= read_timestamp(s, stream_index, &tmp_pos, INT64_MAX); ts_max= tmp_ts; ts = read_timestamp(s, stream_index, &pos, INT64_MAX); assert(ts != AV_NOPTS_VALUE); ts_max = ts; ts_min = ts; pos = av_rescale(target_ts - ts_min, pos_max - pos_min, ts_max - ts_min) pos_min = s->data_offset; pos_max = avio_size(s->pb) - 1; if (pos < pos_min) pos= pos_min; else if(pos > pos_max) pos= pos_max; avio_seek(s->pb, pos, SEEK_SET); index = av_index_search_timestamp(st, timestamp, flags); if(s->iformat->read_seek(s, stream_index, timestamp, flags) >= 0) return seek_frame_byte(s, stream_index, timestamp, flags); timestamp = av_rescale(timestamp, st->time_base.den, AV_TIME_BASE * (int64_t)st->time_base.num); ret = s->iformat->read_seek(s, stream_index, timestamp, flags); return ff_seek_frame_binary(s, stream_index, timestamp, flags); ret = av_seek_frame(s, stream_index, ts, flags | (dir^AVSEEK_FLAG_BACKWARD)); static int seek_frame_byte(AVFormatContext *s, int stream_index, int64_t pos, int flags){ avio_seek(s->pb, pos, SEEK_SET); ret = av_seek_frame(s, stream_index, ts, flags | (dir^AVSEEK_FLAG_BACKWARD)); int av_seek_frame(AVFormatContext *s, int stream_index, int64_t timestamp, int flags) int ret = seek_frame_internal(s, stream_index, timestamp, flags); int64_t timestamp, int flags) return ff_seek_frame_binary(s, stream_index, timestamp, flags); int ff_seek_frame_binary(AVFormatContext *s, int stream_index, int64_t target_ts, int flags) av_dlog(s, "read_seek: %d %s\n", stream_index, av_ts2str(target_ts)); index= av_index_search_timestamp(st, target_ts, flags | AVSEEK_FLAG_BACKWARD); int av_index_search_timestamp(AVStream *st, int64_t wanted_timestamp, wanted_timestamp, flags); int64_t wanted_timestamp, int flags) index= av_index_search_timestamp(st, target_ts, flags & ~AVSEEK_FLAG_BACKWARD); assert(e->timestamp >= target_ts); ret = av_seek_frame(s, stream_index, ts, flags | (dir^AVSEEK_FLAG_BACKWARD)); int av_index_search_timestamp(AVStream *st, int64_t wanted_timestamp, wanted_timestamp, flags); int64_t wanted_timestamp, int flags) assert(e->timestamp >= target_ts); int avformat_seek_file(AVFormatContext *s, int stream_index, int64_t min_ts, int64_t ts, int64_t max_ts, int flags) int ret = av_seek_frame(s, stream_index, ts, flags | dir); ret = av_seek_frame(s, stream_index, dir ? max_ts : min_ts, flags | dir); int64_t ff_gen_search(AVFormatContext *s, int stream_index, int64_t target_ts, av_dlog(s, "gen_seek: %d %s\n", stream_index, av_ts2str(target_ts)); ts_min = read_timestamp(s, stream_index, &pos_min, INT64_MAX); pos = av_rescale(target_ts - ts_min, pos_max - pos_min, ts_max - ts_min) ret = av_seek_frame(s, stream_index, ts, flags | (dir^AVSEEK_FLAG_BACKWARD)); 0 --------------------------------- 193 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 774 p_child = p_chk->common.p_first; p_next = p_child->common.p_next; p_child = p_next; free( p_child ); 0 --------------------------------- 194 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cppfunc 774 p_child = p_chk->common.p_first; p_next = p_child->common.p_next; p_child = p_next; free( p_child ); 0 --------------------------------- 195 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 463 path->data = NULL; path->size = 0; err = v9fs_co_open(pdu, f, f->open_flags); err = v9fs_co_opendir(pdu, f); for (f = s->fid_list; f; f = f->next) { BUG_ON(f->clunked); f->ref++; err = v9fs_reopen_fid(pdu, f); return NULL; f->flags |= FID_REFERENCED; return f; return NULL; fidp = get_fid(pdu, fid); err = v9fs_mark_fids_unreclaim(pdu, &fidp->path); V9fsPath path; v9fs_path_init(&path); err = v9fs_co_name_to_path(pdu, &dfidp->path, name.data, &path); err = v9fs_mark_fids_unreclaim(pdu, &path); static int v9fs_mark_fids_unreclaim(V9fsPDU *pdu, V9fsPath *path) if (!memcmp(fidp->path.data, path->data, path->size)) { void v9fs_path_init(V9fsPath *path) v9fs_path_init(&path); err = v9fs_mark_fids_unreclaim(pdu, &path); static int v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) err = v9fs_reopen_fid(pdu, f); return f; fidp = get_fid(pdu, fid); err = v9fs_mark_fids_unreclaim(pdu, &fidp->path); 0 --------------------------------- 196 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1475 for (cache = (snmp_cache_t *)cupsArrayFirst(Devices); cache = (snmp_cache_t *)cupsArrayNext(Devices)) free(cache->id); 0 --------------------------------- 197 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 1475 for (cache = (snmp_cache_t *)cupsArrayFirst(Devices); cache = (snmp_cache_t *)cupsArrayNext(Devices)) free(cache->id); 0 --------------------------------- 198 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cfunc 273 RawReader(png_structp png_ptr, png_bytep data, png_size_t length) RawReadState *state = (RawReadState *)png_get_io_ptr(png_ptr); memcpy(data, state->start + state->offset, length); 0 --------------------------------- 199 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1472 for (cache = (snmp_cache_t *)cupsArrayFirst(Devices); cache = (snmp_cache_t *)cupsArrayNext(Devices)) free(cache->uri); 0 --------------------------------- 200 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 1472 for (cache = (snmp_cache_t *)cupsArrayFirst(Devices); cache = (snmp_cache_t *)cupsArrayNext(Devices)) free(cache->uri); 0 --------------------------------- 201 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c cfunc 1072 trace_vmware_palette_write(s->index, value); trace_vmware_value_write(s->index, value); printf("%s: Bad register %02x\n", __func__, s->index); struct vmsvga_state_s *s = opaque; vmsvga_value_write(s, addr, data); static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value) trace_vmware_scratch_write(s->index, value); printf("%s: Bad register %02x\n", __func__, s->index); static void vmsvga_io_write(void *opaque, hwaddr addr, vmsvga_value_write(s, addr, data); 0 --------------------------------- 202 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 1305 process_rtsp_request(tvbuff_t *tvb, int offset, const guchar *data, (len == linelen || isspace(data[len]))) g_ascii_strncasecmp(rtsp_methods[ii], data, len) == 0 && url = data; while (url < lineend && !isspace(*url)) url++; while (url < lineend && isspace(*url)) url++; while (url < lineend && isspace(*url)) 0 --------------------------------- 203 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cppfunc 1305 process_rtsp_request(tvbuff_t *tvb, int offset, const guchar *data, (len == linelen || isspace(data[len]))) g_ascii_strncasecmp(rtsp_methods[ii], data, len) == 0 && url = data; while (url < lineend && !isspace(*url)) url++; while (url < lineend && isspace(*url)) url++; while (url < lineend && isspace(*url)) 0 --------------------------------- 204 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 525 size_t i_num = 0, i_len = 0; i_len++; i_len++; *ppsz_encoded = malloc( i_len + 1 ); memcpy( *ppsz_encoded, psz_url, i_len + 1 ); const char *psz_zippath ) char *psz_zip = strrchr( psz_zippath, DIR_SEP_CHAR ); char *psz_pathtozip; escapeToXml( &psz_pathtozip, psz_zippath ); char *psz_escapedName; escapeToXml( &psz_escapedName, psz_name ); static int escapeToXml( char **ppsz_encoded, const char *psz_url ) memcpy( *ppsz_encoded, psz_url, i_len + 1 ); static int WriteXSPF( char **pp_buffer, vlc_array_t *p_filenames, for( int i = 0; i < vlc_array_count( p_filenames ); ++i ) char *psz_name = (char*) vlc_array_item_at_index( p_filenames, i ); int i_len = strlen( psz_name ); char *psz_file = strrchr( psz_name, '/' ); escapeToXml( &psz_escapedName, psz_name ); 0 --------------------------------- 205 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 1302 process_rtsp_request(tvbuff_t *tvb, int offset, const guchar *data, g_ascii_strncasecmp(rtsp_methods[ii], data, len) == 0 && (len == linelen || isspace(data[len]))) url = data; while (url < lineend && !isspace(*url)) url++; while (url < lineend && !isspace(*url)) 0 --------------------------------- 206 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cppfunc 1302 process_rtsp_request(tvbuff_t *tvb, int offset, const guchar *data, g_ascii_strncasecmp(rtsp_methods[ii], data, len) == 0 && (len == linelen || isspace(data[len]))) url = data; while (url < lineend && !isspace(*url)) url++; while (url < lineend && !isspace(*url)) 0 --------------------------------- 207 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 418 static void debug_printf(const char *format, ...); const char *addrname, const char *uri, const char *id, const char *make_and_model) addr, addrname, uri ? uri : "(null)", id ? id : "(null)", make_and_model ? make_and_model : "(null)"); memcpy(&(temp->address), addr, sizeof(temp->address)); add_cache(http_addr_t *addr, addr, addrname, uri ? uri : "(null)", id ? id : "(null)", 0 --------------------------------- 208 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 154 path->data = NULL; path->size = 0; memcpy(lhs->data, rhs->data, rhs->size); lhs->size = rhs->size; if (!strncmp(s1->data, s2->data, s1->size - 1)) { err = v9fs_co_open(pdu, f, f->open_flags); err = v9fs_co_opendir(pdu, f); for (f = s->fid_list; f; f = f->next) { BUG_ON(f->clunked); f->ref++; err = v9fs_reopen_fid(pdu, f); return NULL; f->flags |= FID_REFERENCED; return f; return NULL; dst->size++; V9fsPath dpath, path; fidp = get_fid(pdu, fid); v9fs_path_init(&path); v9fs_path_copy(&dpath, &fidp->path); v9fs_path_copy(&path, &fidp->path); v9fs_path_init(&path); v9fs_path_copy(&dpath, &fidp->path); err = v9fs_co_name_to_path(pdu, &dpath, wnames[name_idx].data, &path); err = v9fs_co_lstat(pdu, &path, &stbuf); v9fs_path_copy(&dpath, &path); v9fs_path_copy(&fidp->path, &path); v9fs_path_copy(&newfidp->path, &path); V9fsPath path; v9fs_path_init(&path); err = v9fs_co_name_to_path(pdu, &fidp->path, name.data, &path); v9fs_path_copy(&fidp->path, &path); err = v9fs_co_name_to_path(pdu, &fidp->path, name.data, &path); v9fs_path_copy(&fidp->path, &path); err = v9fs_co_name_to_path(pdu, &fidp->path, name.data, &path); v9fs_path_copy(&fidp->path, &path); err = v9fs_co_name_to_path(pdu, &fidp->path, name.data, &path); v9fs_path_copy(&fidp->path, &path); err = v9fs_co_name_to_path(pdu, &fidp->path, name.data, &path); v9fs_path_copy(&fidp->path, &path); err = v9fs_co_name_to_path(pdu, &fidp->path, name.data, &path); v9fs_path_copy(&fidp->path, &path); if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { void v9fs_path_copy(V9fsPath *lhs, V9fsPath *rhs) v9fs_path_free(lhs); lhs->data = g_malloc(rhs->size); memcpy(lhs->data, rhs->data, rhs->size); v9fs_path_copy(&str, dst); v9fs_path_copy(&path, &fidp->path); v9fs_path_copy(&newfidp->path, &path); v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); static int v9fs_path_is_ancestor(V9fsPath *s1, V9fsPath *s2) if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); static void v9fs_fix_path(V9fsPath *dst, V9fsPath *src, int len) v9fs_path_copy(&str, dst); void v9fs_path_init(V9fsPath *path) v9fs_path_init(&path); v9fs_path_copy(&newfidp->path, &path); v9fs_path_init(&path); v9fs_path_copy(&fidp->path, &path); static int v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) err = v9fs_reopen_fid(pdu, f); return f; fidp = get_fid(pdu, fid); v9fs_path_copy(&dpath, &fidp->path); 0 --------------------------------- 209 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c cfunc 979 trace_vmware_palette_write(s->index, value); trace_vmware_value_write(s->index, value); printf("%s: Bad width: %i\n", __func__, value); uint64_t data, unsigned size) vmsvga_value_write(s, addr, data); static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value) trace_vmware_scratch_write(s->index, value); printf("%s: Bad width: %i\n", __func__, value); 0 --------------------------------- 210 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 603 void NetworkUtils::setAccessPoint(CommandChain* aChain, nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(key); aString.ReplaceSubstring("\\", "\\\\"); } key.get()); 0 --------------------------------- 211 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 2429 v9fs_string_init(&stat->name); v9fs_string_init(&stat->uid); v9fs_string_init(&stat->gid); v9fs_string_init(&stat->muid); v9fs_string_init(&stat->extension); V9fsString name; v9fs_string_init(&name); err = pdu_unmarshal(pdu, offset, "dds", &fid, &newdirfid, &name); err = v9fs_complete_rename(pdu, fidp, newdirfid, &name); V9fsStat v9stat; v9fs_stat_init(&v9stat); err = pdu_unmarshal(pdu, offset, "dwS", &fid, &unused, &v9stat); v9stat.mode, v9stat.atime, v9stat.mtime); if (donttouch_stat(&v9stat)) { err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name); int32_t newdirfid, V9fsString *name) old_name = fidp->path.data; end = strrchr(old_name, '/'); end++; end = old_name; new_name = g_malloc0(end - old_name + name->size + 1); strncat(new_name, old_name, end - old_name); strncat(new_name + (end - old_name), name->data, name->size); static void v9fs_stat_init(V9fsStat *stat) v9fs_stat_init(&v9stat); err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name); int32_t newdirfid, V9fsString *name) new_name = g_malloc0(end - old_name + name->size + 1); strncat(new_name, old_name, end - old_name); strncat(new_name + (end - old_name), name->data, name->size); static int donttouch_stat(V9fsStat *stat) if (donttouch_stat(&v9stat)) { err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name); int32_t newdirfid, V9fsString *name) new_name = g_malloc0(end - old_name + name->size + 1); strncat(new_name, old_name, end - old_name); strncat(new_name + (end - old_name), name->data, name->size); 0 --------------------------------- 212 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4417 int ff_url_join(char *str, int size, const char *proto, int port, const char *fmt, ...) str[0] = '\0'; av_strlcatf(str, size, "%s: av_strlcatf(str, size, "%s@", authorization); av_strlcat(str, "[", size); av_strlcat(str, hostname, size); av_strlcat(str, "]", size); av_strlcat(str, hostname, size); av_strlcat(str, hostname, size); av_strlcatf(str, size, ":%d", port); int len = strlen(str); va_start(vl, fmt); vsnprintf(str + len, size > len ? size - len : 0, fmt, vl); 0 --------------------------------- 213 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4559 void ff_make_absolute_url(char *buf, int size, const char *base, av_strlcpy(buf, base, size); path_query = strchr(buf, '?'); sep = strrchr(buf, '/'); buf[0] = '\0'; sep = strrchr(buf, '/'); if (!strcmp(sep ? &sep[1] : buf, "..")) { av_strlcat(buf, "/", size); sep = strrchr(buf, '/'); if (!strcmp(sep ? &sep[1] : buf, "..")) { buf[0] = '\0'; sep = strrchr(buf, '/'); if (!strcmp(sep ? &sep[1] : buf, "..")) { 0 --------------------------------- 214 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 206 buf = (unsigned char *)OPENSSL_malloc(frag_len); (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); bitmask = memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); unsigned long frag_len = msg_hdr->frag_len; frag = dtls1_hm_fragment_new(frag_len, 0); unsigned char wire[DTLS1_HM_HEADER_LENGTH]; struct hm_header_st msg_hdr; i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire, dtls1_get_message_header(wire, &msg_hdr); return dtls1_reassemble_fragment(s, &msg_hdr, ok); s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->d1->next_handshake_write_seq++; s2n(s->d1->handshake_write_seq, p); dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, s->d1->handshake_write_seq, 0, 0); unsigned short seq_num, dtls1_buffer_message(s, 1); n2l3(data, msg_hdr->msg_len); n2s(data, msg_hdr->seq); n2l3(data, msg_hdr->frag_off); n2l3(data, msg_hdr->frag_len); dtls1_get_message_header(wire, &msg_hdr); return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); dtls1_process_out_of_seq_message(SSL *s, const struct hm_header_st *msg_hdr, return dtls1_reassemble_fragment(s, msg_hdr, ok); dtls1_reassemble_fragment(SSL *s, const struct hm_header_st *msg_hdr, int *ok) frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1); static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); bitmask = memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); static void dtls1_set_message_header_int(SSL *s, unsigned char mt, dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, dtls1_buffer_message(s, 1); int dtls1_buffer_message(SSL *s, int is_ccs) frag = dtls1_hm_fragment_new(s->init_num, 0); dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); dtls1_get_message_header(wire, &msg_hdr); return dtls1_process_out_of_seq_message(s, &msg_hdr, ok); msg_hdr->type = *(data++); dtls1_get_message_header(wire, &msg_hdr); return dtls1_reassemble_fragment(s, &msg_hdr, ok); 0 --------------------------------- 215 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 505 const char *filename, void *logctx, if ((ret = avio_open2(&s->pb, filename, AVIO_FLAG_READ | s->avio_flags, return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); unsigned int offset, unsigned int max_probe_size) AVProbeData pd = { filename ? filename : "", NULL, -offset }; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); unsigned int offset, unsigned int max_probe_size) AVProbeData pd = { filename ? filename : "", NULL, -offset }; max_probe_size = PROBE_BUF_MAX; max_probe_size = PROBE_BUF_MAX; for(probe_size= PROBE_BUF_MIN; probe_size<=max_probe_size && !*fmt; int buf_offset = (probe_size == PROBE_BUF_MIN) ? 0 : probe_size>>1; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) { av_log(logctx, AV_LOG_DEBUG, "Format %s probed with size=%d and score=%d\n", (*fmt)->name, probe_size, score); probe_size = FFMIN(probe_size<<1, FFMAX(max_probe_size, probe_size+1))) { buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); int avformat_open_input(AVFormatContext **ps, const char *filename, AVInputFormat *fmt, AVDictionary **options) if ((ret = init_input(s, filename, &tmp)) < 0) static int init_input(AVFormatContext *s, const char *filename, AVDictionary **options) return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); const char *filename, void *logctx, AVProbeData pd = { filename ? filename : "", NULL, -offset }; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 0 --------------------------------- 216 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4418 va_list vl; va_start(vl, fmt); vsnprintf(str + len, size > len ? size - len : 0, fmt, vl); va_end(vl); 0 --------------------------------- 217 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4418 va_list vl; va_start(vl, fmt); vsnprintf(str + len, size > len ? size - len : 0, fmt, vl); va_end(vl); 0 --------------------------------- 218 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 847 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *ret = buf; ret += 2; s2n(TLSEXT_TYPE_server_name, ret); s2n(0, ret); int el; if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { s2n(TLSEXT_TYPE_renegotiate, ret); s2n(el, ret); if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { ret += el; s2n(TLSEXT_TYPE_ec_point_formats, ret); s2n(s->tlsext_ecpointformatlist_length + 1, ret); *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length; memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); ret += s->tlsext_ecpointformatlist_length; s2n(TLSEXT_TYPE_session_ticket, ret); s2n(0, ret); s2n(TLSEXT_TYPE_status_request, ret); s2n(0, ret); size_t sol = s->s3->server_opaque_prf_input_len; s2n(TLSEXT_TYPE_opaque_prf_input, ret); s2n(sol + 2, ret); s2n(sol, ret); memcpy(ret, s->s3->server_opaque_prf_input, sol); ret += sol; int el; ssl_add_serverhello_use_srtp_ext(s, 0, &el, 0); s2n(TLSEXT_TYPE_use_srtp, ret); s2n(el, ret); if (ssl_add_serverhello_use_srtp_ext(s, ret, &el, el)) { ret += el; const unsigned char cryptopro_ext[36] = { memcpy(ret, cryptopro_ext, 36); 0 --------------------------------- 219 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 485 if ((device_uri = calloc(1, sizeof(device_uri_t))) == NULL) if ((device_uri->uris = cupsArrayNew(NULL, NULL)) == NULL) cupsArrayDelete(device_uri->uris); free(device_uri); 0 --------------------------------- 220 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 485 if ((device_uri = calloc(1, sizeof(device_uri_t))) == NULL) if ((device_uri->uris = cupsArrayNew(NULL, NULL)) == NULL) cupsArrayDelete(device_uri->uris); free(device_uri); 0 --------------------------------- 221 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1713 char uri[1024], if (!try_connect(&(device->address), device->addrname, 5353)) snprintf(uri, sizeof(uri), "socket: static int try_connect(http_addr_t *addr, const char *addrname, if (!try_connect(&(device->address), device->addrname, 9100)) static int try_connect(http_addr_t *addr, const char *addrname, debug_printf("DEBUG: %s supports AppSocket!\n", device->addrname); static void debug_printf(const char *format, ...); snprintf(uri, sizeof(uri), "socket: update_cache(device, uri, NULL, NULL); const char *uri, device->uri = strdup(uri); snprintf(uri, sizeof(uri), "socket: 0 --------------------------------- 222 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 154 path->data = NULL; path->size = 0; memcpy(lhs->data, rhs->data, rhs->size); lhs->size = rhs->size; if (!strncmp(s1->data, s2->data, s1->size - 1)) { err = v9fs_co_open(pdu, f, f->open_flags); err = v9fs_co_opendir(pdu, f); for (f = s->fid_list; f; f = f->next) { BUG_ON(f->clunked); f->ref++; err = v9fs_reopen_fid(pdu, f); return NULL; f->flags |= FID_REFERENCED; return f; return NULL; dst->size++; V9fsPath dpath, path; fidp = get_fid(pdu, fid); v9fs_path_copy(&dpath, &fidp->path); v9fs_path_copy(&path, &fidp->path); v9fs_path_init(&path); v9fs_path_copy(&dpath, &fidp->path); err = v9fs_co_name_to_path(pdu, &dpath, wnames[name_idx].data, &path); err = v9fs_co_lstat(pdu, &path, &stbuf); v9fs_path_copy(&dpath, &path); v9fs_path_copy(&fidp->path, &path); v9fs_path_copy(&newfidp->path, &path); V9fsPath path; v9fs_path_init(&path); err = v9fs_co_name_to_path(pdu, &fidp->path, name.data, &path); v9fs_path_copy(&fidp->path, &path); err = v9fs_co_name_to_path(pdu, &fidp->path, name.data, &path); v9fs_path_copy(&fidp->path, &path); err = v9fs_co_name_to_path(pdu, &fidp->path, name.data, &path); v9fs_path_copy(&fidp->path, &path); err = v9fs_co_name_to_path(pdu, &fidp->path, name.data, &path); v9fs_path_copy(&fidp->path, &path); err = v9fs_co_name_to_path(pdu, &fidp->path, name.data, &path); v9fs_path_copy(&fidp->path, &path); err = v9fs_co_name_to_path(pdu, &fidp->path, name.data, &path); v9fs_path_copy(&fidp->path, &path); if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { file_fidp = get_fid(pdu, fid); v9fs_path_copy(&xattr_fidp->path, &file_fidp->path); void v9fs_path_copy(V9fsPath *lhs, V9fsPath *rhs) v9fs_path_free(lhs); lhs->data = g_malloc(rhs->size); memcpy(lhs->data, rhs->data, rhs->size); v9fs_path_copy(&str, dst); v9fs_path_copy(&path, &fidp->path); v9fs_path_copy(&newfidp->path, &path); v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); static int v9fs_path_is_ancestor(V9fsPath *s1, V9fsPath *s2) if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); static void v9fs_fix_path(V9fsPath *dst, V9fsPath *src, int len) v9fs_path_copy(&str, dst); static int v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) err = v9fs_reopen_fid(pdu, f); return f; file_fidp = get_fid(pdu, fid); v9fs_path_copy(&xattr_fidp->path, &file_fidp->path); void v9fs_path_init(V9fsPath *path) v9fs_path_init(&path); v9fs_path_copy(&newfidp->path, &path); v9fs_path_init(&path); v9fs_path_copy(&fidp->path, &path); 0 --------------------------------- 223 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 701 HKEY baseKey; KEY_READ, &baseKey); BOOL success = GetDWORDValue(baseKey, L"EnableLUA", enabled); GetDWORDValue(HKEY key, LPCWSTR valueName, DWORD &retValue) LONG retCode = RegQueryValueExW(key, valueName, 0, NULL, GetDWORDValue(baseKey, L"ConsentPromptBehaviorAdmin", consent); GetDWORDValue(baseKey, L"PromptOnSecureDesktop", secureDesktop); RegCloseKey(baseKey); GetDWORDValue(HKEY key, LPCWSTR valueName, DWORD &retValue) LONG retCode = RegQueryValueExW(key, valueName, 0, NULL, GetDWORDValue(baseKey, L"PromptOnSecureDesktop", secureDesktop); GetDWORDValue(HKEY key, LPCWSTR valueName, DWORD &retValue) LONG retCode = RegQueryValueExW(key, valueName, 0, NULL, RegCloseKey(baseKey); 0 --------------------------------- 224 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 354 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); 0 --------------------------------- 225 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 1927 static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, qemu_iovec_init(qiov, niov); qemu_iovec_concat(qiov, &elem, skip, size); xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); write_count -= to_copy; to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); uint64_t off; uint32_t count; QEMUIOVector qiov_full; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count, uint64_t off, uint32_t count, write_count = xattr_len - off; write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); qiov_full.iov, qiov_full.niov); struct iovec *sg, int cnt) to_copy = sg[i].iov_len; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 0 --------------------------------- 226 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp cfunc 1000 UpdateJumpTargets(jt->kids[JT_LEFT], pivot, delta); UpdateJumpTargets(jt->kids[JT_RIGHT], pivot, delta); sdbase = cg->spanDeps; sdlimit = sdbase + cg->numSpanDeps; growth = 0; delta = 0; JS_ASSERT(JT_HAS_TAG(sd->target)); sdtop = sd; top = sd->top; JS_ASSERT(top == sd->before); for (sd2 = sdtop; sd2 < sdlimit && sd2->top == top; sd2++) { sd2->offset += delta; UpdateJumpTargets(cg->jumpTargets, sd2->offset, sd = sd2 - 1; for (sd = sdbase; sd < sdlimit; sd++) { ptrdiff_t deltaFromTop = 0; sd2->offset += deltaFromTop; deltaFromTop += JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN; sd2->offset += deltaFromTop; delta += JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN; UpdateJumpTargets(cg->jumpTargets, sd2->offset, JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN); growth += delta; passes, offset + growth, offset, growth); growth / (JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN), cg->numSpanDeps, JS_ASSERT(sd == sdlimit); oldpc = base + sd->before; JS_ASSERT(delta >= 1 + JUMP_OFFSET_LEN); oldpc + 1 + JUMP_OFFSET_LEN, UpdateJumpTargets(JSJumpTarget *jt, ptrdiff_t pivot, ptrdiff_t delta) for (sd2 = sdtop; sd2 < sdlimit && sd2->top == top; sd2++) { delta += JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN; sd->offset += delta; span = SD_SPAN(sd, pivot); for (sd = sdbase; sd < sdlimit; sd++) { sd = sd2 - 1; for (sd = sdbase; sd < sdlimit; sd++) { JS_ASSERT(sd == sdlimit); oldpc = base + sd->before; span = SD_SPAN(sd, pivot); JS_ASSERT(delta >= 1 + JUMP_OFFSET_LEN); offset = sd->before + 1; delta = offset - sd->before; JS_ASSERT(delta >= 1 + JUMP_OFFSET_LEN); oldpc + 1 + JUMP_OFFSET_LEN, OptimizeSpanDeps(JSContext *cx, JSCodeGenerator *cg) base = CG_BASE(cg); size = BYTECODE_SIZE(PTRDIFF(limit, base, jsbytecode)); oldpc = base + sd->before; oldpc + 1 + JUMP_OFFSET_LEN, 0 --------------------------------- 227 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp cfunc 1001 UpdateJumpTargets(jt->kids[JT_LEFT], pivot, delta); UpdateJumpTargets(jt->kids[JT_RIGHT], pivot, delta); base = CG_BASE(cg); sdbase = cg->spanDeps; sdlimit = sdbase + cg->numSpanDeps; growth = 0; delta = 0; JS_ASSERT(JT_HAS_TAG(sd->target)); sdtop = sd; top = sd->top; JS_ASSERT(top == sd->before); for (sd2 = sdtop; sd2 < sdlimit && sd2->top == top; sd2++) { sd = sd2 - 1; for (sd = sdbase; sd < sdlimit; sd++) { ptrdiff_t deltaFromTop = 0; sd2->offset += deltaFromTop; deltaFromTop += JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN; sd2->offset += deltaFromTop; sd2->offset += delta; delta += JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN; UpdateJumpTargets(cg->jumpTargets, sd2->offset, JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN); growth += delta; passes, offset + growth, offset, growth); growth / (JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN), cg->numSpanDeps, size = BYTECODE_SIZE(PTRDIFF(limit, base, jsbytecode)); incr = BYTECODE_SIZE(length) - size; JS_ASSERT(sd == sdlimit); oldpc = base + sd->before; span = SD_SPAN(sd, pivot); SET_JUMP_OFFSET(oldpc, span); delta = offset - sd->before; oldpc + 1 + JUMP_OFFSET_LEN, JS_ASSERT(delta >= 1 + JUMP_OFFSET_LEN); size = BYTECODE_SIZE(delta - (1 + JUMP_OFFSET_LEN)); size); UpdateJumpTargets(JSJumpTarget *jt, ptrdiff_t pivot, ptrdiff_t delta) for (sd2 = sdtop; sd2 < sdlimit && sd2->top == top; sd2++) { delta += JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN; sd->offset += delta; span = SD_SPAN(sd, pivot); for (sd = sdbase; sd < sdlimit; sd++) { sd = sd2 - 1; for (sd = sdbase; sd < sdlimit; sd++) { JS_ASSERT(sd == sdlimit); span = SD_SPAN(sd, pivot); delta = offset - sd->before; JS_ASSERT(delta >= 1 + JUMP_OFFSET_LEN); offset = sd->before + 1; delta = offset - sd->before; JS_ASSERT(delta >= 1 + JUMP_OFFSET_LEN); size = BYTECODE_SIZE(delta - (1 + JUMP_OFFSET_LEN)); size); OptimizeSpanDeps(JSContext *cx, JSCodeGenerator *cg) base = CG_BASE(cg); offset = CG_OFFSET(cg); passes, offset + growth, offset, growth); delta = offset - sd->before; JS_ASSERT(delta >= 1 + JUMP_OFFSET_LEN); size = BYTECODE_SIZE(delta - (1 + JUMP_OFFSET_LEN)); size); 0 --------------------------------- 228 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 609 void NetworkUtils::setAccessPoint(CommandChain* aChain, nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(key); aString.ReplaceSubstring("\\", "\\\\"); } key.get()); 0 --------------------------------- 229 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 364 int tls12_get_req_sig_algs(SSL *s, unsigned char *p) size_t slen = sizeof(tls12_sigalgs); memcpy(p, tls12_sigalgs, slen); 0 --------------------------------- 230 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 154 va_list args; va_start( args, psz_fmt_src ); char *psz_tmp; int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; strcat( psz_out, psz_tmp ); free( psz_tmp ); if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; if( astrcatf( &psz_path, "%s", psz_escapedName ) < 0 ) return -1; " \n" " \n" if( astrcatf( pp_buffer, " \n\n" ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n", n->name ) < 0 ) if( astrcatf( pp_buffer, " \n", i->id ) < 0 ) if( astrcatf( pp_buffer, " \n" ) < 0 ) static int astrcatf( char **ppsz_dest, const char *psz_fmt_src, ... ) va_start( args, psz_fmt_src ); int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; strcat( psz_out, psz_tmp ); free( psz_tmp ); 0 --------------------------------- 231 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 154 va_list args; va_start( args, psz_fmt_src ); char *psz_tmp; int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; strcat( psz_out, psz_tmp ); free( psz_tmp ); if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; if( astrcatf( &psz_path, "%s", psz_escapedName ) < 0 ) return -1; " \n" " \n" if( astrcatf( pp_buffer, " \n\n" ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n", n->name ) < 0 ) if( astrcatf( pp_buffer, " \n", i->id ) < 0 ) if( astrcatf( pp_buffer, " \n" ) < 0 ) static int astrcatf( char **ppsz_dest, const char *psz_fmt_src, ... ) va_start( args, psz_fmt_src ); int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; strcat( psz_out, psz_tmp ); free( psz_tmp ); 0 --------------------------------- 232 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 150 va_list args; va_start( args, psz_fmt_src ); char *psz_tmp; int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; char *psz_out = realloc( *ppsz_dest, i_len ); strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; size_t i_num = 0, i_len = 0; i_len++; i_len++; i_num++; *ppsz_encoded = malloc( i_len + 1 ); memcpy( *ppsz_encoded, psz_url, i_len + 1 ); char *psz_ret = malloc( i_len + 3*i_num + 2 ); *ppsz_encoded = psz_ret; psz_zip = convert_xml_special_chars( psz_zip ? (psz_zip+1) : psz_zippath ); " \n", psz_zip ) == -1) char *psz_pathtozip; escapeToXml( &psz_pathtozip, psz_zippath ); if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; char *psz_path = strdup( psz_pathtozip ); if( astrcatf( &psz_path, "%s", psz_escapedName ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n" if( astrcatf( pp_buffer, " \n" if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n\n" ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n", n->name ) < 0 ) nodeToXSPF( pp_buffer, n->child, false ); if( astrcatf( pp_buffer, " \n", i->id ) < 0 ) if( astrcatf( pp_buffer, " \n" ) < 0 ) static int astrcatf( char **ppsz_dest, const char *psz_fmt_src, ... ) va_start( args, psz_fmt_src ); int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; char *psz_out = realloc( *ppsz_dest, i_len ); strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; char *psz_path = strdup( psz_pathtozip ); if( astrcatf( &psz_path, "%s", psz_escapedName ) < 0 ) return -1; if( astrcatf( pp_buffer, if( astrcatf( pp_buffer, " \n\n" ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n" ) < 0 ) static int astrcatf( char **ppsz_dest, const char *psz_fmt_src, ... ) char *psz_out = realloc( *ppsz_dest, i_len ); static int nodeToXSPF( char **pp_buffer, node *n, bool b_root ); if( astrcatf( pp_buffer, " \n\n" ) < 0 ) return -1; static int WriteXSPF( char **pp_buffer, vlc_array_t *p_filenames, if( asprintf( pp_buffer, "\n" if( astrcatf( pp_buffer, static int nodeToXSPF( char **pp_buffer, node *n, bool b_root ) if( astrcatf( pp_buffer, " \n" ) < 0 ) static int escapeToXml( char **ppsz_encoded, const char *psz_url ) escapeToXml( &psz_pathtozip, psz_zippath ); if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; 0 --------------------------------- 233 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 150 va_list args; va_start( args, psz_fmt_src ); char *psz_tmp; int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; char *psz_out = realloc( *ppsz_dest, i_len ); strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; size_t i_num = 0, i_len = 0; i_len++; i_len++; i_num++; *ppsz_encoded = malloc( i_len + 1 ); memcpy( *ppsz_encoded, psz_url, i_len + 1 ); char *psz_ret = malloc( i_len + 3*i_num + 2 ); *ppsz_encoded = psz_ret; psz_zip = convert_xml_special_chars( psz_zip ? (psz_zip+1) : psz_zippath ); " \n", psz_zip ) == -1) char *psz_pathtozip; escapeToXml( &psz_pathtozip, psz_zippath ); if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; char *psz_path = strdup( psz_pathtozip ); if( astrcatf( &psz_path, "%s", psz_escapedName ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n" if( astrcatf( pp_buffer, " \n" if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n\n" ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n", n->name ) < 0 ) nodeToXSPF( pp_buffer, n->child, false ); if( astrcatf( pp_buffer, " \n", i->id ) < 0 ) if( astrcatf( pp_buffer, " \n" ) < 0 ) static int astrcatf( char **ppsz_dest, const char *psz_fmt_src, ... ) va_start( args, psz_fmt_src ); int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; char *psz_out = realloc( *ppsz_dest, i_len ); strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; char *psz_path = strdup( psz_pathtozip ); if( astrcatf( &psz_path, "%s", psz_escapedName ) < 0 ) return -1; if( astrcatf( pp_buffer, if( astrcatf( pp_buffer, " \n\n" ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n" ) < 0 ) static int nodeToXSPF( char **pp_buffer, node *n, bool b_root ); if( astrcatf( pp_buffer, " \n\n" ) < 0 ) return -1; static int WriteXSPF( char **pp_buffer, vlc_array_t *p_filenames, if( asprintf( pp_buffer, "\n" if( astrcatf( pp_buffer, static int nodeToXSPF( char **pp_buffer, node *n, bool b_root ) if( astrcatf( pp_buffer, " \n" ) < 0 ) static int escapeToXml( char **ppsz_encoded, const char *psz_url ) escapeToXml( &psz_pathtozip, psz_zippath ); if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; 0 --------------------------------- 234 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 153 va_list args; va_start( args, psz_fmt_src ); char *psz_tmp; int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; char *psz_out = realloc( *ppsz_dest, i_len ); strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; size_t i_num = 0, i_len = 0; i_len++; i_len++; i_num++; *ppsz_encoded = malloc( i_len + 1 ); memcpy( *ppsz_encoded, psz_url, i_len + 1 ); char *psz_ret = malloc( i_len + 3*i_num + 2 ); *ppsz_encoded = psz_ret; psz_zip = convert_xml_special_chars( psz_zip ? (psz_zip+1) : psz_zippath ); " \n", psz_zip ) == -1) char *psz_pathtozip; escapeToXml( &psz_pathtozip, psz_zippath ); if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; char *psz_path = strdup( psz_pathtozip ); if( astrcatf( &psz_path, "%s", psz_escapedName ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n" if( astrcatf( pp_buffer, " \n" if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n\n" ) < 0 ) return -1; if( astrcatf( pp_buffer, " \n", n->name ) < 0 ) nodeToXSPF( pp_buffer, n->child, false ); if( astrcatf( pp_buffer, " \n", i->id ) < 0 ) if( astrcatf( pp_buffer, " \n" ) < 0 ) static int astrcatf( char **ppsz_dest, const char *psz_fmt_src, ... ) va_start( args, psz_fmt_src ); int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; char *psz_out = realloc( *ppsz_dest, i_len ); strcat( psz_out, psz_tmp ); static int WriteXSPF( char **pp_buffer, vlc_array_t *p_filenames, if( asprintf( pp_buffer, "\n" if( astrcatf( pp_buffer, static int nodeToXSPF( char **pp_buffer, node *n, bool b_root ) if( astrcatf( pp_buffer, " \n" ) < 0 ) static int nodeToXSPF( char **pp_buffer, node *n, bool b_root ); if( astrcatf( pp_buffer, " \n\n" ) < 0 ) return -1; static int escapeToXml( char **ppsz_encoded, const char *psz_url ) escapeToXml( &psz_pathtozip, psz_zippath ); if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; 0 --------------------------------- 235 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 2105 V9fsString extension; v9fs_string_init(&extension); &perm, &mode, &extension); char ctype; uint32_t major, minor; if (sscanf(extension.data, "%c %u %u", &ctype, &major, &minor) != 3) { 0 --------------------------------- 236 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c cfunc 550 void *data, int *data_size, unsigned char *output_samples = (unsigned char *)data; memset(output_samples, 0, raw_block_size * silent_chunks); 0 --------------------------------- 237 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1780 char filename[1024], if ((cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL) cups_serverroot = CUPS_SERVERROOT; snprintf(filename, sizeof(filename), "%s/snmp.conf", cups_serverroot); if ((fp = cupsFileOpen(filename, "r")) != NULL) filename); 0 --------------------------------- 238 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 1246 char buf[400]; PR_snprintf(buf, sizeof(buf), printf("%s\n", buf); 0 --------------------------------- 239 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 734 asn1_debug(buffer, value_length, indent + 4); asn1_debug(buffer, value_length, indent + 4); asn1_debug(buffer, value_length, indent + 4); int indent) fprintf(stderr, "DEBUG: %*sBOOLEAN %d bytes %d\n", indent, "", fprintf(stderr, "DEBUG: %*sOID %d bytes ", indent, "", fprintf(stderr, ".%d", oid[i]); putc('\n', stderr); fprintf(stderr, "DEBUG: %*sOCTET STRING %d bytes \"%s\"\n", indent, "", 0 --------------------------------- 240 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1789 *value; while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) DebugLevel = atoi(value); add_device_uri(value); !strcasecmp(value, "double"); !strcasecmp(value, "true") || !strcasecmp(value, "yes") || HostNameLookups = !strcasecmp(value, "on") || DebugLevel = atoi(value); static device_uri_t *add_device_uri(char *value); DebugLevel = atoi(value); 0 --------------------------------- 241 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 1789 *value; while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) add_device_uri(value); !strcasecmp(value, "double"); !strcasecmp(value, "true") || !strcasecmp(value, "yes") || HostNameLookups = !strcasecmp(value, "on") || DebugLevel = atoi(value); static device_uri_t *add_device_uri(char *value); DebugLevel = atoi(value); 0 --------------------------------- 242 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 351 static void getIFProperties(const char* ifname, IFProperties& prop) char key[PROPERTY_KEY_MAX]; snprintf(key, PROPERTY_KEY_MAX - 1, "net.%s.gw", ifname); property_get(key, prop.gateway, ""); snprintf(key, PROPERTY_KEY_MAX - 1, "net.%s.dns1", ifname); property_get(key, prop.dns1, ""); snprintf(key, PROPERTY_KEY_MAX - 1, "net.%s.dns2", ifname); 0 --------------------------------- 243 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 601 void NetworkUtils::setAccessPoint(CommandChain* aChain, nsCString ssid(GET_CHAR(mSsid)); escapeQuote(ssid); aString.ReplaceSubstring("\\", "\\\\"); } ssid.get(), 0 --------------------------------- 244 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 359 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); void* IBsibling = Properties().Get(IBSplitSpecialSibling()); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); 0 --------------------------------- 245 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 607 void NetworkUtils::setAccessPoint(CommandChain* aChain, nsCString ssid(GET_CHAR(mSsid)); escapeQuote(ssid); aString.ReplaceSubstring("\\", "\\\\"); } ssid.get(), 0 --------------------------------- 246 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp cfunc 1254 int backsteps = 0; const int maxBackStep = 10; NS_ASSERTION(static_cast(PAGE_STEP) * pow(2.0, maxBackStep) < PR_INT32_MAX, backsteps = NS_MIN(backsteps + 1, maxBackStep); backsteps = 0; static_cast(PAGE_STEP * pow(2.0, backsteps)), backsteps)); guess -= PAGE_STEP * static_cast(pow(2.0, backsteps)); 0 --------------------------------- 247 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp cppfunc 1254 int backsteps = 0; const int maxBackStep = 10; NS_ASSERTION(static_cast(PAGE_STEP) * pow(2.0, maxBackStep) < PR_INT32_MAX, backsteps = NS_MIN(backsteps + 1, maxBackStep); backsteps = 0; static_cast(PAGE_STEP * pow(2.0, backsteps)), backsteps)); guess -= PAGE_STEP * static_cast(pow(2.0, backsteps)); 0 --------------------------------- 248 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 730 value_length = asn1_get_length(&buffer, bufend); integer = asn1_get_integer(&buffer, bufend, value_length); int length); value_length, integer); 0 --------------------------------- 249 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 351 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); 0 --------------------------------- 250 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4171 PRINT("%08x ", i); PRINT(" "); PRINT("\n"); hex_dump_internal(avcl, NULL, level, buf, size); PRINT(" duration=%0.3f\n", pkt->duration * av_q2d(time_base)); PRINT("N/A"); PRINT("%0.3f", pkt->dts * av_q2d(time_base)); PRINT(" pts="); PRINT("N/A"); PRINT("%0.3f", pkt->pts * av_q2d(time_base)); PRINT("\n"); PRINT(" size=%d\n", pkt->size); av_hex_dump(f, pkt->data, pkt->size); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT("stream #%d:\n", pkt->stream_index); PRINT(" keyframe=%d\n", ((pkt->flags & AV_PKT_FLAG_KEY) != 0)); PRINT(" dts="); av_hex_dump(f, pkt->data, pkt->size); void av_hex_dump(FILE *f, uint8_t *buf, int size) hex_dump_internal(NULL, f, 0, buf, size); static void hex_dump_internal(void *avcl, FILE *f, int level, uint8_t *buf, int size) PRINT("\n"); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); 0 --------------------------------- 251 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp cfunc 3164 js_ReportOutOfScriptQuota(cx); JS_ReportErrorFlagsAndNumber(cx, JSREPORT_WARNING, OBJ_SET_BLOCK_DEPTH(cx, blockObj, cg->stackDepth); ndefs = OBJ_BLOCK_COUNT(cx, blockObj); ptrdiff_t offset = EmitCheck(cx, cg, op, 1); UpdateDepth(cx, cg, offset); UpdateDepth(cx, cg, offset); if (js_LookupLocal(cx, cg->fun, atom, NULL) != JSLOCAL_NONE) ok = OBJ_LOOKUP_PROPERTY(cx, obj, ATOM_TO_JSID(atom), &objbox, ok = OBJ_GET_ATTRIBUTES(cx, obj, ATOM_TO_JSID(atom), prop, ok = OBJ_GET_PROPERTY(cx, obj, ATOM_TO_JSID(atom), vp); OBJ_DROP_PROPERTY(cx, objbox, prop); if (js_Emit1(cx, cg, (JSOp)(JSOP_INDEXBASE1 + indexBase - 1)) < 0) JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, if (js_Emit2(cx, cg, JSOP_INDEXBASE, (JSOp)indexBase) < 0) bigSuffix = EmitBigIndexPrefix(cx, cg, index); return bigSuffix == JSOP_NOP || js_Emit1(cx, cg, bigSuffix) >= 0; return EmitIndexOp(cx, op, cg->objectList.index(objbox), cg); js_ReportCompileErrorNumber(cx, CG_TS(cg), NULL, if (!EmitObjectOp(cx, pn->pn_objbox, JSOP_ENTERBLOCK, cg)) jsint depth = AdjustBlockSlot(cx, cg, OBJ_BLOCK_DEPTH(cx, blockObj)); limit = slot + OBJ_BLOCK_COUNT(cx, blockObj); js_ReallocSlots(cx, blockObj, JSSLOT_FREE(&js_BlockClass), JS_TRUE); count = OBJ_BLOCK_COUNT(cx, pn2->pn_objbox->object); if (!EmitEnterBlock(cx, pn2, cg)) if (!js_EmitTree(cx, cg, pn->pn_left)) jsbitmap intmap_space[INTMAP_LENGTH]; atom = js_AtomizeDouble(cx, d); ok = LookupCompileTimeConstant(cx, cg, pn4->pn_atom, &v); intmap = intmap_space; * sizeof(jsbitmap)); (JS_BIT(16) >> JS_BITS_PER_WORD_LOG2) intmap_bitlen = INTMAP_LENGTH << JS_BITS_PER_WORD_LOG2; intmap_bitlen = JS_BIT(16); (JS_BIT(16) >> JS_BITS_PER_WORD_LOG2) * sizeof(jsbitmap)); JS_malloc(cx, intmap = (jsbitmap *) memset(intmap, 0, intmap_bitlen >> JS_BITS_PER_BYTE_LOG2); AdjustBlockSlot(JSContext *cx, JSCodeGenerator *cg, jsint slot) jsint depth = AdjustBlockSlot(cx, cg, OBJ_BLOCK_DEPTH(cx, blockObj)); EmitEnterBlock(JSContext *cx, JSParseNode *pn, JSCodeGenerator *cg) if (!EmitObjectOp(cx, pn->pn_objbox, JSOP_ENTERBLOCK, cg)) if (!EmitEnterBlock(cx, pn2, cg)) if (!js_EmitTree(cx, cg, pn->pn_left)) JS_malloc(cx, intmap = (jsbitmap *) memset(intmap, 0, intmap_bitlen >> JS_BITS_PER_BYTE_LOG2); EmitSwitch(JSContext *cx, JSCodeGenerator *cg, JSParseNode *pn, if (!js_EmitTree(cx, cg, pn->pn_left)) JS_malloc(cx, intmap = (jsbitmap *) memset(intmap, 0, intmap_bitlen >> JS_BITS_PER_BYTE_LOG2); js_Emit1(JSContext *cx, JSCodeGenerator *cg, JSOp op) ptrdiff_t offset = EmitCheck(cx, cg, op, 1); return bigSuffix == JSOP_NOP || js_Emit1(cx, cg, bigSuffix) >= 0; return EmitIndexOp(cx, op, cg->objectList.index(objbox), cg); EmitCheck(JSContext *cx, JSCodeGenerator *cg, JSOp op, ptrdiff_t delta) ptrdiff_t offset = EmitCheck(cx, cg, op, 1); ptrdiff_t offset = EmitCheck(cx, cg, op, 2); if (js_Emit1(cx, cg, (JSOp)(JSOP_INDEXBASE1 + indexBase - 1)) < 0) if (js_Emit2(cx, cg, JSOP_INDEXBASE, (JSOp)indexBase) < 0) bigSuffix = EmitBigIndexPrefix(cx, cg, index); return bigSuffix == JSOP_NOP || js_Emit1(cx, cg, bigSuffix) >= 0; return EmitIndexOp(cx, op, cg->objectList.index(objbox), cg); EmitObjectOp(JSContext *cx, JSObjectBox *objbox, JSOp op, return EmitIndexOp(cx, op, cg->objectList.index(objbox), cg); if (!EmitObjectOp(cx, pn->pn_objbox, JSOP_ENTERBLOCK, cg)) EmitIndexOp(JSContext *cx, JSOp op, uintN index, JSCodeGenerator *cg) bigSuffix = EmitBigIndexPrefix(cx, cg, index); return EmitIndexOp(cx, op, cg->objectList.index(objbox), cg); EmitBigIndexPrefix(JSContext *cx, JSCodeGenerator *cg, uintN index) bigSuffix = EmitBigIndexPrefix(cx, cg, index); return EmitIndexOp(cx, op, cg->objectList.index(objbox), cg); if (!EmitObjectOp(cx, pn->pn_objbox, JSOP_ENTERBLOCK, cg)) if (!EmitEnterBlock(cx, pn2, cg)) if (!js_EmitTree(cx, cg, pn->pn_left)) JS_malloc(cx, intmap = (jsbitmap *) memset(intmap, 0, intmap_bitlen >> JS_BITS_PER_BYTE_LOG2); UpdateDepth(JSContext *cx, JSCodeGenerator *cg, ptrdiff_t target) UpdateDepth(cx, cg, offset); UpdateDepth(cx, cg, offset); js_Emit2(JSContext *cx, JSCodeGenerator *cg, JSOp op, jsbytecode op1) ptrdiff_t offset = EmitCheck(cx, cg, op, 2); if (js_Emit2(cx, cg, JSOP_INDEXBASE, (JSOp)indexBase) < 0) bigSuffix = EmitBigIndexPrefix(cx, cg, index); LookupCompileTimeConstant(JSContext *cx, JSCodeGenerator *cg, JSAtom *atom, ok = LookupCompileTimeConstant(cx, cg, pn4->pn_atom, &v); JS_malloc(cx, intmap = (jsbitmap *) memset(intmap, 0, intmap_bitlen >> JS_BITS_PER_BYTE_LOG2); 0 --------------------------------- 252 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cfunc 252 const char *format, ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; if (isdigit((unsigned char)ch)) { 0 --------------------------------- 253 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cppfunc 252 const char *format, ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; if (isdigit((unsigned char)ch)) { 0 --------------------------------- 254 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cppfunc 965 void NetworkUtils::disableNat(CommandChain* aChain, if (!GET_FIELD(mIp).IsEmpty() && !GET_FIELD(mPrefix).IsEmpty()) { uint32_t prefix = atoi(GET_CHAR(mPrefix)); 0 --------------------------------- 255 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 516 int _AVI_ChunkRead( stream_t *s, avi_chunk_t *p_chk, avi_chunk_t *p_father ) if( AVI_ChunkReadCommon( s, p_chk ) ) static int AVI_ChunkReadCommon( stream_t *s, avi_chunk_t *p_chk ) if( ( i_peek = stream_Peek( s, &p_peek, 8 ) ) < 8 ) p_chk->common.i_chunk_pos = stream_Tell( s ); AVI_READCHUNK_ENTER; AVI_READ2BYTES( p_indx->i_longsperentry ); AVI_READ1BYTE ( p_indx->i_indexsubtype ); AVI_READ4BYTES( p_indx->i_id ); AVI_READ8BYTES( p_indx->i_baseoffset ); AVI_READ4BYTES( i_dummy ); i_count = __MIN( p_indx->i_entriesinuse, i_read / 8 ); p_indx->idx.std = calloc( sizeof( indx_std_entry_t ), i_count ); if( AVI_ChunkReadCommon( s, p_chk ) ) return AVI_ChunkRead_indx( s, p_chk ); static int AVI_ChunkRead_indx( stream_t *s, avi_chunk_t *p_chk ) AVI_READCHUNK_ENTER; i_count = __MIN( p_indx->i_entriesinuse, i_read / 8 ); p_indx->idx.std = calloc( sizeof( indx_std_entry_t ), i_count ); static inline uint8_t GetB( uint8_t *ptr ) AVI_READ1BYTE ( p_indx->i_indextype ); static inline uint8_t GetB( uint8_t *ptr ) AVI_READ4BYTES( p_indx->i_entriesinuse ); i_count = __MIN( p_indx->i_entriesinuse, i_read / 8 ); p_indx->idx.std = calloc( sizeof( indx_std_entry_t ), i_count ); 0 --------------------------------- 256 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cppfunc 516 int _AVI_ChunkRead( stream_t *s, avi_chunk_t *p_chk, avi_chunk_t *p_father ) if( AVI_ChunkReadCommon( s, p_chk ) ) static int AVI_ChunkReadCommon( stream_t *s, avi_chunk_t *p_chk ) if( ( i_peek = stream_Peek( s, &p_peek, 8 ) ) < 8 ) p_chk->common.i_chunk_pos = stream_Tell( s ); AVI_READCHUNK_ENTER; AVI_READ2BYTES( p_indx->i_longsperentry ); AVI_READ1BYTE ( p_indx->i_indexsubtype ); AVI_READ4BYTES( p_indx->i_id ); AVI_READ8BYTES( p_indx->i_baseoffset ); AVI_READ4BYTES( i_dummy ); i_count = __MIN( p_indx->i_entriesinuse, i_read / 8 ); p_indx->idx.std = calloc( sizeof( indx_std_entry_t ), i_count ); if( AVI_ChunkReadCommon( s, p_chk ) ) return AVI_ChunkRead_indx( s, p_chk ); static int AVI_ChunkRead_indx( stream_t *s, avi_chunk_t *p_chk ) AVI_READCHUNK_ENTER; i_count = __MIN( p_indx->i_entriesinuse, i_read / 8 ); p_indx->idx.std = calloc( sizeof( indx_std_entry_t ), i_count ); static inline uint8_t GetB( uint8_t *ptr ) AVI_READ1BYTE ( p_indx->i_indextype ); static inline uint8_t GetB( uint8_t *ptr ) AVI_READ4BYTES( p_indx->i_entriesinuse ); i_count = __MIN( p_indx->i_entriesinuse, i_read / 8 ); p_indx->idx.std = calloc( sizeof( indx_std_entry_t ), i_count ); 0 --------------------------------- 257 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp cfunc 7113 static FILE *fp; fp = fopen("/tmp/srcnotes.hist", "w"); setvbuf(fp, NULL, _IONBF, 0); fprintf(fp, "SrcNote size histogram:\n"); fprintf(fp, "%4u %4u ", JS_BIT(i), hist[i]); fputc('*', fp); 0 --------------------------------- 258 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp cfunc 7114 static FILE *fp; fp = fopen("/tmp/srcnotes.hist", "w"); setvbuf(fp, NULL, _IONBF, 0); fprintf(fp, "SrcNote size histogram:\n"); fprintf(fp, "%4u %4u ", JS_BIT(i), hist[i]); fputc('\n', fp); 0 --------------------------------- 259 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 2179 char addrname[32]; bytes, httpAddrString(addr, addrname, sizeof(addrname))); asn1_debug(buffer, bytes, 0); hex_debug(buffer, bytes); bytes, addrname, strerror(errno)); static void hex_debug(unsigned char *buffer, size_t len); if (sendto(fd, buffer, bytes, 0, (void *)addr, sizeof(addr->ipv4)) < bytes) bytes, addrname, strerror(errno)); static void asn1_debug(unsigned char *buffer, size_t len, if (sendto(fd, buffer, bytes, 0, (void *)addr, sizeof(addr->ipv4)) < bytes) bytes, addrname, strerror(errno)); 0 --------------------------------- 260 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp cfunc 7116 static FILE *fp; fp = fopen("/tmp/srcnotes.hist", "w"); setvbuf(fp, NULL, _IONBF, 0); fprintf(fp, "SrcNote size histogram:\n"); fprintf(fp, "%4u %4u ", JS_BIT(i), hist[i]); fputc('*', fp); fputc('\n', fp); fputc('\n', fp); 0 --------------------------------- 261 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4296 const char *p, *ls, *ls2, *at, *col, *brk; av_strlcpy(proto, url, FFMIN(proto_size, p + 1 - url)); p++; if (*p == '/') p++; if (*p == '/') p++; ls = strchr(p, '/'); ls2 = strchr(p, '?'); ls = ls2; ls = FFMIN(ls, ls2); av_strlcpy(path, ls, path_size); ls = &p[strlen(p)]; if ((at = strchr(p, '@')) && at < ls) { FFMIN(authorization_size, at + 1 - p)); p = at + 1; if (*p == '[' && (brk = strchr(p, ']')) && brk < ls) { } else if ((col = strchr(p, ':')) && col < ls) { FFMIN(col + 1 - p, hostname_size)); if (port_ptr) *port_ptr = atoi(col + 1); 0 --------------------------------- 262 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4296 const char *p, *ls, *ls2, *at, *col, *brk; av_strlcpy(proto, url, FFMIN(proto_size, p + 1 - url)); p++; if (*p == '/') p++; if (*p == '/') p++; ls = strchr(p, '/'); ls2 = strchr(p, '?'); ls = ls2; ls = FFMIN(ls, ls2); av_strlcpy(path, ls, path_size); ls = &p[strlen(p)]; if ((at = strchr(p, '@')) && at < ls) { FFMIN(authorization_size, at + 1 - p)); p = at + 1; if (*p == '[' && (brk = strchr(p, ']')) && brk < ls) { } else if ((col = strchr(p, ':')) && col < ls) { FFMIN(col + 1 - p, hostname_size)); if (port_ptr) *port_ptr = atoi(col + 1); 0 --------------------------------- 263 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 616 void NetworkUtils::setAccessPoint(CommandChain* aChain, nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(key); aString.ReplaceSubstring("\\", "\\\\"); } key.get()); 0 --------------------------------- 264 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 567 HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); if (!Process32FirstW(snapshot, &processEntry)) { CloseHandle(snapshot); 0 --------------------------------- 265 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp API 586 aOldParent, aNewParent); nsIFrame* aNewParent) ReparentFrame(e.get(), aOldParent, aNewParent); ReparentFrame(nsIFrame* aFrame, nsIFrame* aOldParent, nsIFrame* aNewParent) aFrame->SetParent(aNewParent); 0 --------------------------------- 266 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 1795 static void DumpLine(const nsBlockReflowState& aState, nsLineBox* aLine, nsRect ovis(aLine->GetVisualOverflowArea()); ovis.x, ovis.y, ovis.width, ovis.height, 0 --------------------------------- 267 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 1797 static void DumpLine(const nsBlockReflowState& aState, nsLineBox* aLine, nscoord aDeltaY, int32_t aDeltaIndent) { nsRect ovis(aLine->GetVisualOverflowArea()); nsRect oscr(aLine->GetScrollableOverflowArea()); static_cast(aLine), aState.mY, aLine->IsDirty() ? "yes" : "no", aDeltaY, aState.mPrevBottomMargin.get(), aLine->GetChildCount()); 0 --------------------------------- 268 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 1796 static void DumpLine(const nsBlockReflowState& aState, nsLineBox* aLine, nsRect ovis(aLine->GetVisualOverflowArea()); nsRect oscr(aLine->GetScrollableOverflowArea()); oscr.x, oscr.y, oscr.width, oscr.height, 0 --------------------------------- 269 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 6035 const nsRect& aDirtyRect, nsBlockFrame::line_iterator& aLine, DebugOutputDrawLine(aDepth, aLine.get(), intersect); static void DebugOutputDrawLine(int32_t aDepth, nsLineBox* aLine, bool aDrawn) { nsRect lineArea = aLine->GetVisualOverflowArea(); static_cast(aLine), 0 --------------------------------- 270 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 917 static int asn1_size_length(int length); valuelen = asn1_size_integer(packet->object_value.integer); 1 + asn1_size_length(valuelen) + valuelen; asn1_set_integer(&bufptr, packet->version); asn1_set_length(&bufptr, commlen); int length); memcpy(bufptr, packet->community, commlen); bufptr += commlen; *bufptr++ = packet->request_type; *bufptr++ = ASN1_SEQUENCE; asn1_set_oid(&bufptr, packet->object_name); asn1_set_length(&bufptr, valuelen); int length); memcpy(bufptr, packet->object_value.string, valuelen); static void asn1_set_integer(unsigned char **buffer, asn1_set_integer(&bufptr, packet->version); memcpy(bufptr, packet->community, commlen); asn1_set_integer(&bufptr, packet->request_id); asn1_set_integer(&bufptr, packet->error_status); asn1_set_integer(&bufptr, packet->error_index); memcpy(bufptr, packet->object_value.string, valuelen); static void asn1_set_length(unsigned char **buffer, asn1_set_length(&bufptr, msglen); asn1_set_length(&bufptr, commlen); memcpy(bufptr, packet->community, commlen); asn1_set_length(&bufptr, reqlen); asn1_set_length(&bufptr, listlen); asn1_set_length(&bufptr, varlen); asn1_set_length(&bufptr, valuelen); memcpy(bufptr, packet->object_value.string, valuelen); asn1_encode_snmp(unsigned char *buffer, valuelen = 0; valuelen = asn1_size_integer(packet->object_value.boolean); valuelen = strlen(packet->object_value.string); valuelen = asn1_size_oid(packet->object_value.oid); 1 + asn1_size_length(valuelen) + valuelen; commlen = strlen(packet->community); 1 + asn1_size_length(commlen) + commlen + bufptr = buffer; *bufptr++ = ASN1_SEQUENCE; asn1_set_length(&bufptr, msglen); *bufptr++ = ASN1_OCTET_STRING; asn1_set_length(&bufptr, commlen); memcpy(bufptr, packet->community, commlen); asn1_set_length(&bufptr, reqlen); asn1_set_integer(&bufptr, packet->request_id); asn1_set_integer(&bufptr, packet->error_status); asn1_set_integer(&bufptr, packet->error_index); *bufptr++ = ASN1_SEQUENCE; asn1_set_length(&bufptr, listlen); asn1_set_length(&bufptr, varlen); *bufptr++ = ASN1_OCTET_STRING; asn1_set_length(&bufptr, valuelen); memcpy(bufptr, packet->object_value.string, valuelen); static void asn1_set_oid(unsigned char **buffer, asn1_set_oid(&bufptr, packet->object_name); memcpy(bufptr, packet->object_value.string, valuelen); 0 --------------------------------- 271 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4292 const char *url) const char *p, *ls, *ls2, *at, *col, *brk; if ((p = strchr(url, ':'))) { av_strlcpy(proto, url, FFMIN(proto_size, p + 1 - url)); p++; if (*p == '/') p++; if (*p == '/') p++; ls = strchr(p, '/'); ls2 = strchr(p, '?'); ls = ls2; ls = FFMIN(ls, ls2); av_strlcpy(path, ls, path_size); ls = &p[strlen(p)]; if ((at = strchr(p, '@')) && at < ls) { FFMIN(authorization_size, at + 1 - p)); p = at + 1; if (*p == '[' && (brk = strchr(p, ']')) && brk < ls) { FFMIN(hostname_size, brk - p)); *port_ptr = atoi(brk + 2); 0 --------------------------------- 272 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4292 const char *url) const char *p, *ls, *ls2, *at, *col, *brk; if ((p = strchr(url, ':'))) { av_strlcpy(proto, url, FFMIN(proto_size, p + 1 - url)); p++; if (*p == '/') p++; if (*p == '/') p++; ls = strchr(p, '/'); ls2 = strchr(p, '?'); ls = ls2; ls = FFMIN(ls, ls2); av_strlcpy(path, ls, path_size); ls = &p[strlen(p)]; if ((at = strchr(p, '@')) && at < ls) { FFMIN(authorization_size, at + 1 - p)); p = at + 1; if (*p == '[' && (brk = strchr(p, ']')) && brk < ls) { FFMIN(hostname_size, brk - p)); *port_ptr = atoi(brk + 2); 0 --------------------------------- 273 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 845 V9fsStatDotl v9stat_dotl; stat_to_v9stat_dotl(s, &stbuf, &v9stat_dotl); V9fsStatDotl *v9lstat) memset(v9lstat, 0, sizeof(*v9lstat)); 0 --------------------------------- 274 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 6039 const nsRect& aDirtyRect, nsBlockFrame::line_iterator& aLine, DebugOutputDrawLine(aDepth, aLine.get(), intersect); static void DebugOutputDrawLine(int32_t aDepth, nsLineBox* aLine, bool aDrawn) { nsRect lineArea = aLine->GetVisualOverflowArea(); lineArea.width, lineArea.height); 0 --------------------------------- 275 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 6038 const nsRect& aDirtyRect, nsBlockFrame::line_iterator& aLine, DebugOutputDrawLine(aDepth, aLine.get(), intersect); static void DebugOutputDrawLine(int32_t aDepth, nsLineBox* aLine, bool aDrawn) { nsRect lineArea = aLine->GetVisualOverflowArea(); lineArea.x, lineArea.y, 0 --------------------------------- 276 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp cfunc 162 if (!GetBackupLogPath(newPath, basePath, i)) { BackupOldLogs(updatePath, LOGS_TO_KEEP); GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) L"maintenanceservice-%d.log", logNumber); BackupOldLogs(LPCWSTR basePath, int numLogsToKeep) for (int i = numLogsToKeep; i >= 1; i--) { if (!GetBackupLogPath(oldPath, basePath, i -1)) { 0 --------------------------------- 277 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp cppfunc 162 if (!GetBackupLogPath(newPath, basePath, i)) { BackupOldLogs(updatePath, LOGS_TO_KEEP); BackupOldLogs(LPCWSTR basePath, int numLogsToKeep) for (int i = numLogsToKeep; i >= 1; i--) { if (!GetBackupLogPath(oldPath, basePath, i -1)) { GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) L"maintenanceservice-%d.log", logNumber); 0 --------------------------------- 278 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 370 AVI_READCHUNK_ENTER; p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); AVI_READ2BYTES( p_chk->strf.auds.p_wf->wFormatTag ); AVI_READ2BYTES( p_chk->strf.auds.p_wf->nChannels ); AVI_READ4BYTES( p_chk->strf.auds.p_wf->nSamplesPerSec ); AVI_READ4BYTES( p_chk->strf.auds.p_wf->nAvgBytesPerSec ); AVI_READ2BYTES( p_chk->strf.auds.p_wf->nBlockAlign ); AVI_READ2BYTES( p_chk->strf.auds.p_wf->wBitsPerSample ); && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) AVI_READ2BYTES( p_chk->strf.auds.p_wf->cbSize ); p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_chk->strf.auds.p_wf->cbSize = p_chk->strf.auds.p_wf->cbSize = 0; p_chk->strf.auds.p_wf->cbSize ); 0 --------------------------------- 279 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c cfunc 121 FILE *fp, fread(buf, 13, 1, fp); if (gif_read_cmap(fp, ncolors, cmap, &gray)) fclose(fp); buf[0] = getc(fp); gif_get_block(fp, buf); while (gif_get_block(fp, buf) != 0); static int gif_read_cmap(FILE *fp, int ncolors, gif_cmap_t cmap, fclose(fp); static int gif_get_block(FILE *fp, unsigned char *buffer); fclose(fp); while (gif_get_block(fp, buf) != 0); 0 --------------------------------- 280 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 669 buf[line_len] = '\0'; tmp = buf + STRLEN_CONST(rtsp_content_length); tmp++; while (*tmp && isspace(*tmp)) 0 --------------------------------- 281 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cppfunc 669 buf[line_len] = '\0'; tmp = buf + STRLEN_CONST(rtsp_content_length); tmp++; while (*tmp && isspace(*tmp)) 0 --------------------------------- 282 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c inputfunc 125 buf[0] = getc(fp); while (gif_get_block(fp, buf) != 0); static int gif_get_block(FILE *fp, unsigned char *buffer); switch (getc(fp)) fclose(fp); fread(buf, 9, 1, fp); if (buf[8] & GIF_COLORMAP) ncolors = 2 << (buf[8] & 0x07); if (gif_read_cmap(fp, ncolors, cmap, &gray)) img->xsize = (buf[5] << 8) | buf[4]; img->ysize = (buf[7] << 8) | buf[6]; if (img->xsize == 0 || img->ysize == 0) img->xsize, img->ysize); fprintf(stderr, "DEBUG: Bad GIF image dimensions: %dx%d\n", fclose(fp); i = gif_read_image(fp, img, cmap, buf[8] & GIF_INTERLACE); int interlace); i = gif_read_image(fp, img, cmap, buf[8] & GIF_INTERLACE); static int gif_read_cmap(FILE *fp, int ncolors, gif_cmap_t cmap, fclose(fp); for (i = ncolors - 1; i >= 0; i --) cupsImageWhiteToCMYK(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageWhiteToCMY(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageWhiteToBlack(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageWhiteToRGB(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageRGBAdjust(cmap[i], 1, saturation, hue); for (i = ncolors - 1; i >= 0; i --) cupsImageRGBToCMYK(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageRGBToCMY(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageRGBToBlack(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageRGBToWhite(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageRGBToRGB(cmap[i], cmap[i], 1); for (i = ncolors - 1; i >= 0; i --) cupsImageLut(cmap[i], bpp, lut); static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, fclose(fp); 0 --------------------------------- 283 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 1255 stream_header_t tmp; stream_header_t *st = &tmp; memcpy( st->streamtype, &oggpacket.packet[1+0], 8 ); if( !strncmp( st->streamtype, "video", 5 ) && else if( !strncmp( st->streamtype, "audio", 5 ) && else if( !strncmp(st->streamtype, "text", 4) ) 0 --------------------------------- 284 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 665 rtsp_get_content_length(const guchar *line_begin, size_t line_len) guchar buf[256]; if (line_len > sizeof(buf) - 1) { line_len = sizeof(buf) - 1; memcpy(buf, line_begin, line_len); 0 --------------------------------- 285 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 185 psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_parser = strchr( psz_tmp, ';' ); psz_domain = strdup( psz_tmp ); free( psz_tmp ); 0 --------------------------------- 286 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cppfunc 185 psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_parser = strchr( psz_tmp, '@' ); psz_parser = strchr( psz_tmp, ':' ); psz_parser = strchr( psz_tmp, ';' ); psz_domain = strdup( psz_tmp ); free( psz_tmp ); 0 --------------------------------- 287 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4521 void ff_make_absolute_url(char *buf, int size, const char *base, av_strlcpy(buf, base, size); sep = strstr(buf, ": sep += 3; sep = strchr(sep, '/'); 0 --------------------------------- 288 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 2449 nsTArray configFuncs; char persistConfig[PROPERTY_VALUE_MAX]; join(configFuncs, USB_CONFIG_DELIMIT, PROPERTY_VALUE_MAX, newConfig); if (strcmp(currentConfig, newConfig)) { property_set(SYS_USB_CONFIG_PROPERTY, newConfig); } 0 --------------------------------- 289 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 631 static int AVI_ChunkRead_strz( stream_t *s, avi_chunk_t *p_chk ) AVI_READCHUNK_ENTER; p_strz->p_str = malloc( i_read + 1); memcpy( p_strz->p_str, p_read, i_read ); 0 --------------------------------- 290 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4486 void ff_parse_key_value(const char *str, ff_parse_key_val_cb callback_get_buf, const char *ptr = str; while (*ptr && (isspace(*ptr) || *ptr == ',')) ptr++; key = ptr; if (!(ptr = strchr(key, '='))) ptr++; ptr += 2; ptr++; ptr++; key = ptr; if (!(ptr = strchr(key, '='))) ptr++; for (; *ptr && !(isspace(*ptr) || *ptr == ','); ptr++) 0 --------------------------------- 291 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4486 void ff_parse_key_value(const char *str, ff_parse_key_val_cb callback_get_buf, const char *ptr = str; while (*ptr && (isspace(*ptr) || *ptr == ',')) ptr++; key = ptr; if (!(ptr = strchr(key, '='))) ptr++; ptr += 2; ptr++; ptr++; key = ptr; if (!(ptr = strchr(key, '='))) ptr++; for (; *ptr && !(isspace(*ptr) || *ptr == ','); ptr++) 0 --------------------------------- 292 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 735 nsBlockFrame::GetMinWidth(nsRenderingContext *aRenderingContext) InlineMinWidthData data; data.ForceBreak(aRenderingContext); data.currentLine = nsLayoutUtils::IntrinsicForContainer(aRenderingContext, data.ForceBreak(aRenderingContext); data.ForceBreak(aRenderingContext); data.currentLine = nsLayoutUtils::IntrinsicForContainer(aRenderingContext, data.currentLine += nsRuleNode::ComputeCoordPercentCalc(indent, 0); kid->AddInlineMinWidth(aRenderingContext, &data); data.ForceBreak(aRenderingContext); data.currentLine = nsLayoutUtils::IntrinsicForContainer(aRenderingContext, kid->AddInlineMinWidth(aRenderingContext, &data); data.prevLines, data.currentLine); return nsBidiPresUtils::Resolve(this); for (nsBlockFrame* curFrame = this; curFrame; curFrame = static_cast(curFrame->GetNextContinuation())) { for (line_iterator line = curFrame->begin_lines(), line_end = curFrame->end_lines(); line->IsBlock() ? "block" : "inline", line->IsEmpty() ? ", empty" : ""); if (line->IsBlock()) { line->mFirstChild, nsLayoutUtils::MIN_WIDTH); data.currentLine = nsLayoutUtils::IntrinsicForContainer(aRenderingContext, data.line = &line; data.ForceBreak(aRenderingContext); data.ForceBreak(aRenderingContext); line == curFrame->begin_lines()) { if (!curFrame->GetPrevContinuation() && const nsStyleCoord &indent = GetStyleText()->mTextIndent; if (indent.ConvertsToLength()) kid->AddInlineMinWidth(aRenderingContext, &data); data.currentLine += nsRuleNode::ComputeCoordPercentCalc(indent, 0); for (int32_t i = 0, i_end = line->GetChildCount(); i != i_end; data.line = &line; data.lineContainer = curFrame; data.prevLines, data.currentLine); kid->AddInlineMinWidth(aRenderingContext, &data); data.prevLines, data.currentLine); 0 --------------------------------- 293 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 4122 aAvailableSpaceHeight = NS_MAX(aAvailableSpaceHeight, aLine->mBounds.height); aState.GetFloatAvailableSpaceForHeight(aLine->mBounds.y, if (CRAZY_HEIGHT(aLine->mBounds.y)) { lastHeight = aLine->mBounds.y; if (abs(aLine->mBounds.y - lastHeight) > CRAZY_H/10) { aLine->mBounds.y, aLine->mBounds.height); 0 --------------------------------- 294 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 1287 unsigned char *buf = NULL; return NULL; frag->fragment = buf; (unsigned char *)OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len)); bitmask = return NULL; memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len)); frag->reassembly = bitmask; return frag; s->d1->handshake_write_seq = s->d1->next_handshake_write_seq; s->d1->next_handshake_write_seq++; s2n(s->d1->handshake_write_seq, p); dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, s->d1->handshake_write_seq, 0, 0); unsigned short seq_num, unsigned char *bitmask = NULL; frag = (hm_fragment *)OPENSSL_malloc(sizeof(hm_fragment)); return NULL; frag->reassembly = bitmask; return frag; dtls1_buffer_message(s, 1); frag = dtls1_hm_fragment_new(s->init_num, 0); memcpy(frag->fragment, s->init_buf->data, s->init_num); static void dtls1_set_message_header_int(SSL *s, unsigned char mt, dtls1_set_message_header_int(s, SSL3_MT_CCS, 0, dtls1_buffer_message(s, 1); int dtls1_buffer_message(SSL *s, int is_ccs) frag = dtls1_hm_fragment_new(s->init_num, 0); static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len, buf = (unsigned char *)OPENSSL_malloc(frag_len); frag->fragment = buf; return frag; frag = dtls1_hm_fragment_new(s->init_num, 0); memcpy(frag->fragment, s->init_buf->data, s->init_num); 0 --------------------------------- 295 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 1699 char dnschange[PROPERTY_VALUE_MAX]; property_get("net.dnschange", dnschange, "0"); char num[PROPERTY_VALUE_MAX]; snprintf(num, PROPERTY_VALUE_MAX - 1, "%d", atoi(dnschange) + 1); 0 --------------------------------- 296 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cppfunc 1699 char dnschange[PROPERTY_VALUE_MAX]; property_get("net.dnschange", dnschange, "0"); snprintf(num, PROPERTY_VALUE_MAX - 1, "%d", atoi(dnschange) + 1); 0 --------------------------------- 297 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4453 void ff_parse_key_value(const char *str, ff_parse_key_val_cb callback_get_buf, const char *ptr = str; while (*ptr && (isspace(*ptr) || *ptr == ',')) ptr++; if (!(ptr = strchr(key, '='))) while (*ptr && (isspace(*ptr) || *ptr == ',')) ptr++; while (*ptr && (isspace(*ptr) || *ptr == ',')) ptr++; ptr += 2; ptr++; ptr++; for (; *ptr && !(isspace(*ptr) || *ptr == ','); ptr++) while (*ptr && (isspace(*ptr) || *ptr == ',')) 0 --------------------------------- 298 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4453 void ff_parse_key_value(const char *str, ff_parse_key_val_cb callback_get_buf, const char *ptr = str; while (*ptr && (isspace(*ptr) || *ptr == ',')) ptr++; if (!(ptr = strchr(key, '='))) while (*ptr && (isspace(*ptr) || *ptr == ',')) ptr++; while (*ptr && (isspace(*ptr) || *ptr == ',')) ptr++; ptr += 2; ptr++; ptr++; for (; *ptr && !(isspace(*ptr) || *ptr == ','); ptr++) while (*ptr && (isspace(*ptr) || *ptr == ',')) 0 --------------------------------- 299 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1208 unsigned short type, size; static const unsigned char kSafariExtensionsBlock[] = { data += 2; n2s(data, type); n2s(data, size); data += size; const size_t len1 = sizeof(kSafariExtensionsBlock); if (memcmp(data, kSafariExtensionsBlock, len1) != 0) if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) if (memcmp(data, kSafariExtensionsBlock, len) != 0) unsigned short size; ssl_check_for_safari(s, data, limit); n2s(data, len); n2s(data, size); fprintf(stderr, "Received extension type %d size %d\n", type, size); s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); n2s(data, dsize); size -= 2; memcpy(s->srp_ctx.login, &data[1], len); !s->tls_session_ticket_ext_cb(s, data, size, if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) n2s(data, dsize); size -= 2; if (!tls1_process_sigalgs(s, data, dsize)) s->tlsext_status_type = *data++; size--; n2s(data, dsize); size -= 2; int idsize; n2s(data, idsize); size -= 2 + idsize; id = d2i_OCSP_RESPID(NULL, &sdata, idsize); data += idsize; n2s(data, dsize); size -= 2; if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) data += size; n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); ellipticcurvelist_length += (*(sdata++)); OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { ellipticcurvelist_length); ellipticcurvelist_length; s->session->tlsext_ellipticcurvelist_length = s->session->tlsext_ellipticcurvelist_length); int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *data = *p; n2s(data, len); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { ellipticcurvelist_length; s->session->tlsext_ellipticcurvelist_length = s->session->tlsext_ellipticcurvelist_length); static void ssl_check_for_safari(SSL *s, const unsigned char *data, n2s(data, len); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { ellipticcurvelist_length; s->session->tlsext_ellipticcurvelist_length = s->session->tlsext_ellipticcurvelist_length); int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { ellipticcurvelist_length; s->session->tlsext_ellipticcurvelist_length = s->session->tlsext_ellipticcurvelist_length); 0 --------------------------------- 300 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1203 unsigned short type, size; static const unsigned char kSafariExtensionsBlock[] = { data += 2; n2s(data, type); n2s(data, size); data += size; const size_t len1 = sizeof(kSafariExtensionsBlock); if (memcmp(data, kSafariExtensionsBlock, len1) != 0) if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) if (memcmp(data, kSafariExtensionsBlock, len) != 0) unsigned short size; ssl_check_for_safari(s, data, limit); n2s(data, len); n2s(data, size); fprintf(stderr, "Received extension type %d size %d\n", type, size); s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); n2s(data, dsize); size -= 2; memcpy(s->srp_ctx.login, &data[1], len); !s->tls_session_ticket_ext_cb(s, data, size, if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) n2s(data, dsize); size -= 2; if (!tls1_process_sigalgs(s, data, dsize)) s->tlsext_status_type = *data++; size--; n2s(data, dsize); size -= 2; int idsize; n2s(data, idsize); size -= 2 + idsize; id = d2i_OCSP_RESPID(NULL, &sdata, idsize); data += idsize; n2s(data, dsize); size -= 2; if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) data += size; n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); ellipticcurvelist_length += (*(sdata++)); OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { ellipticcurvelist_length); static void ssl_check_for_safari(SSL *s, const unsigned char *data, n2s(data, len); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { ellipticcurvelist_length); int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { ellipticcurvelist_length); int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *data = *p; n2s(data, len); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { ellipticcurvelist_length); 0 --------------------------------- 301 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 652 frag = NULL; al = dtls1_preprocess_fragment(s, &frag->msg_header, max); static int dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, al = dtls1_preprocess_fragment(s, &frag->msg_header, max); frag->msg_header.frag_len); 0 --------------------------------- 302 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1400 char *make_model, const char *old_make_model, int make_model_size) if (!strncasecmp(old_make_model, "Hewlett-Packard", 15)) else if (!strncasecmp(old_make_model, "deskjet", 7)) else if (!strncasecmp(old_make_model, "officejet", 9)) snprintf(make_model, make_model_size, "HP OfficeJet%s", old_make_model + 9); 0 --------------------------------- 303 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1403 const char *old_make_model, if (!strncasecmp(old_make_model, "Hewlett-Packard", 15)) else if (!strncasecmp(old_make_model, "deskjet", 7)) else if (!strncasecmp(old_make_model, "officejet", 9)) else if (!strncasecmp(old_make_model, "stylus_pro_", 11)) old_make_model + 11); 0 --------------------------------- 304 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 414 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); fprintf(out, " IBSplitSpecialPrevSibling=%p", IBprevsibling); fprintf(out, " [content=%p]", static_cast(mContent)); fprintf(out, " {%d,%d,%d,%d}", mRect.x, mRect.y, mRect.width, mRect.height); fprintf(out, " [state=%016llx]", (unsigned long long)mState); fprintf(out, " [vis-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " [scr-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " sc=%p(i=%d,b=%d)", fprintf(out, " pst=%s", fprintf(out, " transformed"); fprintf(out, " perspective"); fprintf(out, " preserves-3d-children"); fprintf(out, " preserves-3d"); 0 --------------------------------- 305 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 809 unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned char *ret = buf; ret += 2; s2n(TLSEXT_TYPE_server_name, ret); s2n(0, ret); int el; if (!ssl_add_serverhello_renegotiate_ext(s, 0, &el, 0)) { s2n(TLSEXT_TYPE_renegotiate, ret); s2n(el, ret); if (!ssl_add_serverhello_renegotiate_ext(s, ret, &el, el)) { ret += el; s2n(TLSEXT_TYPE_ec_point_formats, ret); s2n(s->tlsext_ecpointformatlist_length + 1, ret); *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length; memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); ret += s->tlsext_ecpointformatlist_length; s2n(TLSEXT_TYPE_session_ticket, ret); s2n(0, ret); s2n(TLSEXT_TYPE_status_request, ret); s2n(0, ret); s2n(TLSEXT_TYPE_opaque_prf_input, ret); s2n(sol + 2, ret); s2n(sol, ret); memcpy(ret, s->s3->server_opaque_prf_input, sol); 0 --------------------------------- 306 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 411 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); fprintf(out, " IBSplitSpecialPrevSibling=%p", IBprevsibling); fprintf(out, " [content=%p]", static_cast(mContent)); fprintf(out, " {%d,%d,%d,%d}", mRect.x, mRect.y, mRect.width, mRect.height); fprintf(out, " [state=%016llx]", (unsigned long long)mState); fprintf(out, " [vis-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " [scr-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " sc=%p(i=%d,b=%d)", fprintf(out, " pst=%s", fprintf(out, " transformed"); fprintf(out, " perspective"); fprintf(out, " preserves-3d-children"); 0 --------------------------------- 307 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1528 unsigned short size; n2s(data, size); s->tlsext_debug_cb(s, 1, type, data, size, s->tlsext_debug_arg); !s->tls_session_ticket_ext_cb(s, data, size, if (!ssl_next_proto_validate(data, size)) { if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) data += size; n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { memcpy(s->session->tlsext_ecpointformatlist, sdata, sdata = s->session->tlsext_ecpointformatlist; fprintf(stderr, "%i ", *(sdata++)); int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, unsigned char *data = *p; n2s(data, length); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { memcpy(s->session->tlsext_ecpointformatlist, sdata, fprintf(stderr, sdata = s->session->tlsext_ecpointformatlist; fprintf(stderr, "%i ", *(sdata++)); if (ssl_parse_serverhello_use_srtp_ext(s, data, size, al)) data += size; n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { memcpy(s->session->tlsext_ecpointformatlist, sdata, sdata = s->session->tlsext_ecpointformatlist; fprintf(stderr, "%i ", *(sdata++)); static char ssl_next_proto_validate(unsigned char *d, unsigned len) ctx->next_proto_select_cb(s, &selected, &selected_len, data, n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { memcpy(s->session->tlsext_ecpointformatlist, sdata, sdata = s->session->tlsext_ecpointformatlist; fprintf(stderr, "%i ", *(sdata++)); size, data += size; n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { memcpy(s->session->tlsext_ecpointformatlist, sdata, sdata = s->session->tlsext_ecpointformatlist; fprintf(stderr, "%i ", *(sdata++)); 0 --------------------------------- 308 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1521 unsigned short size; n2s(data, size); s->tlsext_debug_cb(s, 1, type, data, size, s->tlsext_debug_arg); if (!ssl_next_proto_validate(data, size)) { if (!ssl_parse_serverhello_renegotiate_ext(s, data, size, al)) if (ssl_parse_serverhello_use_srtp_ext(s, data, size, al)) data += size; n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length); int ssl_parse_serverhello_tlsext(SSL *s, unsigned char **p, unsigned char *d, unsigned char *data = *p; n2s(data, length); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length); !s->tls_session_ticket_ext_cb(s, data, size, data += size; n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length); static char ssl_next_proto_validate(unsigned char *d, unsigned len) ctx->next_proto_select_cb(s, &selected, &selected_len, data, n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length); size, data += size; n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length); 0 --------------------------------- 309 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1212 fprintf(stderr, "%i ", *(sdata++)); fprintf(stderr, "\n"); fprintf(stderr, "Received extension type %d size %d\n", type, size); fprintf(stderr, fprintf(stderr, "\n"); 0 --------------------------------- 310 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 1425 sizeof(s->s3->write_sequence)); sizeof(s->s3->write_sequence)); sizeof(s->s3->write_sequence)); sizeof(s->s3->write_sequence)); 0 --------------------------------- 311 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 1504 struct hm_header_st msg_hdr; dtls1_get_message_header(wire, &msg_hdr); dtls1_get_message_header(unsigned char *data, struct hm_header_st *msg_hdr) memset(msg_hdr, 0x00, sizeof(struct hm_header_st)); 0 --------------------------------- 312 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 976 int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *data = *p; ssl_check_for_safari(s, data, limit); static void ssl_check_for_safari(SSL *s, const unsigned char *data, unsigned short type, size; static const unsigned char kSafariExtensionsBlock[] = { data += 2; n2s(data, type); n2s(data, size); data += size; const size_t len = sizeof(kSafariExtensionsBlock); if (memcmp(data, kSafariExtensionsBlock, len) != 0) 0 --------------------------------- 313 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_workmonitor.cpp API 210 PROCESS_INFORMATION pi = {0}; NULL, &si, &pi); DWORD waitRes = WaitForSingleObject(pi.hProcess, TIME_TO_WAIT_ON_UPDATER); TerminateProcess(pi.hProcess, 1); if (GetExitCodeProcess(pi.hProcess, &returnCode)) { CloseHandle(pi.hProcess); 0 --------------------------------- 314 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 396 int32_t numInlineLines = 0; int32_t numBlockLines = 0; numBlockLines++; numInlineLines++; static_cast(mStyleContext), numInlineLines, numBlockLines); 0 --------------------------------- 315 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 201 if (!av_strncasecmp(name, names, len)) return !av_strcasecmp(name, names); return av_guess_format("image2", NULL, NULL); if (fmt->name && short_name && match_format(short_name, fmt->name)) oformat = av_guess_format(NULL, filename, NULL); static int match_format(const char *name, const char *names) namelen = strlen(name); AVOutputFormat *av_guess_format(const char *short_name, const char *filename, if (fmt->name && short_name && match_format(short_name, fmt->name)) AVInputFormat *av_find_input_format(const char *short_name) if (match_format(short_name, fmt->name)) AVFormatContext *avformat_alloc_output_context(const char *format, int ret = avformat_alloc_output_context2(&avctx, oformat, format, filename); const char *format, const char *filename) oformat = av_guess_format(format, NULL, NULL); 0 --------------------------------- 316 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_workmonitor.cpp cppfunc 51 WCHAR updateStatusFilePath[MAX_PATH + 1] = {L'\0'}; wcsncpy(updateStatusFilePath, updateDirPath, MAX_PATH); wcsncpy(aResultDir, argvTmp[2], MAX_PATH); bool backgroundUpdate = IsUpdateBeingStaged(argcTmp, argvTmp); if (!PathRemoveFileSpecW(serviceUpdaterPath)) { if (!PathAppendSafe(serviceUpdaterPath, L"update")) { CreateDirectoryW(serviceUpdaterPath, NULL); if (!PathAppendSafe(serviceUpdaterPath, L"updater.exe")) { result = DeleteFileW(serviceUpdaterPath); serviceUpdaterPath)); if (PathGetSiblingFilePath(updaterINIPath, serviceUpdaterPath, WCHAR secureUpdaterPath[MAX_PATH + 1] = { L'\0' }; result = GetSecureUpdaterPath(secureUpdaterPath); oldUpdaterPath, secureUpdaterPath)); DeleteSecureUpdater(secureUpdaterPath); argv[3] = secureUpdaterPath; result = ProcessSoftwareUpdateCommand(argc - 3, argv + 3); ProcessSoftwareUpdateCommand(DWORD argc, LPWSTR *argv) if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH + 1]) if (!IsLocalFile(argv[0], isLocal) || !isLocal) { nsAutoHandle noWriteLock(CreateFileW(argv[0], GENERIC_READ, FILE_SHARE_READ, if (result && !VerifySameFiles(argv[0], installDirUpdater, HMODULE updaterModule = LoadLibraryEx(argv[0], NULL, argv[0]); if (StartUpdateProcess(argc, argv, installDir, LPWSTR *argv, LPWSTR cmdLine = MakeCommandLine(argc, argv); PRUnichar* MakeCommandLine(int argc, PRUnichar **argv); PathGetSiblingFilePath(updaterINITemp, argv[0], L"updater.tmp")) { BOOL PathGetSiblingFilePath(LPWSTR destinationBuffer, LPCWSTR siblingFilePath, if (PathGetSiblingFilePath(updaterINI, argv[0], L"updater.ini") && processStarted = CreateProcessW(argv[0], cmdLine, if (IsStatusApplying(argv[1], isApplying) && isApplying) { result = CopyFileW(oldUpdaterPath, secureUpdaterPath, FALSE); argv[3] = secureUpdaterPath; result = ProcessSoftwareUpdateCommand(argc - 3, argv + 3); BOOL PathGetSiblingFilePath(LPWSTR destinationBuffer, LPCWSTR siblingFilePath, processStarted = CreateProcessW(argv[0], cmdLine, if (IsStatusApplying(argv[1], isApplying) && isApplying) { IsStatusApplying(LPCWSTR updateDirPath, BOOL &isApplying) wcsncpy(updateStatusFilePath, updateDirPath, MAX_PATH); DeleteSecureUpdater(WCHAR serviceUpdaterPath[MAX_PATH + 1]) result = CopyFileW(oldUpdaterPath, secureUpdaterPath, FALSE); argv[3] = secureUpdaterPath; result = ProcessSoftwareUpdateCommand(argc - 3, argv + 3); GetSecureUpdaterPath(WCHAR serviceUpdaterPath[MAX_PATH + 1]) if (!GetModuleFileNameW(NULL, serviceUpdaterPath, MAX_PATH)) { argv[3] = secureUpdaterPath; result = ProcessSoftwareUpdateCommand(argc - 3, argv + 3); IsUpdateBeingStaged(int argc, LPWSTR *argv) return argc == 4 && !wcscmp(argv[3], L"-1"); bool replaceRequest = (argcTmp >= 4 && wcsstr(argvTmp[3], L"/replace")); if (!IsLocalFile(argv[0], isLocal) || !isLocal) { nsAutoHandle noWriteLock(CreateFileW(argv[0], GENERIC_READ, FILE_SHARE_READ, if (result && !VerifySameFiles(argv[0], installDirUpdater, HMODULE updaterModule = LoadLibraryEx(argv[0], NULL, argv[0]); if (StartUpdateProcess(argc, argv, installDir, LPWSTR *argv, LPWSTR cmdLine = MakeCommandLine(argc, argv); 0 --------------------------------- 317 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c cfunc 470 cups_image_t *img, bpp = cupsImageGetDepth(img); pixels = calloc(bpp, img->xsize); free(pixels); 0 --------------------------------- 318 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c cppfunc 470 cups_image_t *img, bpp = cupsImageGetDepth(img); pixels = calloc(bpp, img->xsize); free(pixels); 0 --------------------------------- 319 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 774 fprintf(stderr, "DEBUG: %*sSEQUENCE %d bytes\n", indent, "", asn1_debug(buffer, value_length, indent + 4); fprintf(stderr, "DEBUG: %*sGet-Request-PDU %d bytes\n", indent, "", asn1_debug(buffer, value_length, indent + 4); asn1_debug(buffer, value_length, indent + 4); int indent) fprintf(stderr, "DEBUG: %*sBOOLEAN %d bytes %d\n", indent, "", fprintf(stderr, "DEBUG: %*sINTEGER %d bytes %d\n", indent, "", fprintf(stderr, "DEBUG: %*sOCTET STRING %d bytes \"%s\"\n", indent, "", fprintf(stderr, "DEBUG: %*sNULL VALUE %d bytes\n", indent, "", fprintf(stderr, "DEBUG: %*sOID %d bytes ", indent, "", fprintf(stderr, ".%d", oid[i]); putc('\n', stderr); fprintf(stderr, "DEBUG: %*sUNKNOWN(%x) %d bytes\n", indent, "", fprintf(stderr, "DEBUG: %*sGet-Response-PDU %d bytes\n", indent, "", 0 --------------------------------- 320 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 804 path->data = NULL; path->size = 0; path->data = NULL; path->size = 0; err = v9fs_co_open(pdu, f, f->open_flags); err = v9fs_co_opendir(pdu, f); for (f = s->fid_list; f; f = f->next) { BUG_ON(f->clunked); f->ref++; err = v9fs_reopen_fid(pdu, f); return NULL; f->flags |= FID_REFERENCED; return f; return NULL; fidp = get_fid(pdu, fid); err = v9fs_co_lstat(pdu, &fidp->path, &stbuf); err = stat_to_v9stat(pdu, &fidp->path, &stbuf, &v9stat); V9fsPath path; v9fs_path_init(&path); err = stat_to_v9stat(pdu, &path, &stbuf, &v9stat); v9fs_path_free(&path); err = v9fs_co_lstat(pdu, &path, &stbuf); err = v9fs_co_name_to_path(pdu, &fidp->path, dent->d_name, &path); v9fs_path_init(&path); static int stat_to_v9stat(V9fsPDU *pdu, V9fsPath *name, str = strrchr(name->data, '/'); void v9fs_path_init(V9fsPath *path) v9fs_path_init(&path); err = stat_to_v9stat(pdu, &path, &stbuf, &v9stat); static int v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) err = v9fs_reopen_fid(pdu, f); return f; fidp = get_fid(pdu, fid); err = stat_to_v9stat(pdu, &fidp->path, &stbuf, &v9stat); void v9fs_path_free(V9fsPath *path) v9fs_path_free(&path); err = stat_to_v9stat(pdu, &path, &stbuf, &v9stat); 0 --------------------------------- 321 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cfunc 234 const char *format, ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; if (isdigit((unsigned char)ch)) { 0 --------------------------------- 322 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cppfunc 234 const char *format, ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; if (isdigit((unsigned char)ch)) { 0 --------------------------------- 323 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cfunc 743 char **sbuffer, char **buffer, assert(*sbuffer != NULL || buffer != NULL); memcpy(*buffer, *sbuffer, *currlen); *sbuffer = NULL; assert(*sbuffer != NULL); 0 --------------------------------- 324 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cppfunc 743 char **sbuffer, char **buffer, assert(*sbuffer != NULL || buffer != NULL); memcpy(*buffer, *sbuffer, *currlen); *sbuffer = NULL; assert(*sbuffer != NULL); 0 --------------------------------- 325 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cfunc 522 const char *prefix = ""; if (base == 8) prefix = "0"; if (base == 16) prefix = "0x"; spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); 0 --------------------------------- 326 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1115 s->session->tlsext_hostname[len] = '\0'; if (strlen(s->session->tlsext_hostname) != len) { && strncmp(s->session->tlsext_hostname, && strlen(s->session->tlsext_hostname) == len 0 --------------------------------- 327 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 2078 V9fsString extension; v9fs_string_init(&extension); &perm, &mode, &extension); int32_t ofid = atoi(extension.data); 0 --------------------------------- 328 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cppfunc 2078 V9fsString extension; v9fs_string_init(&extension); &perm, &mode, &extension); int32_t ofid = atoi(extension.data); 0 --------------------------------- 329 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c inputfunc 1861 if ((bytes = recvfrom(fd, buffer, sizeof(buffer), 0, (void *)&addr, &addrlen)) < 0) bytes, addrname); if (asn1_decode_snmp(buffer, bytes, &packet)) static int asn1_decode_snmp(unsigned char *buffer, size_t len, asn1_debug(buffer, bytes, 0); asn1_debug(buffer, bytes, 0); hex_debug(buffer, bytes); static void debug_printf(const char *format, ...); static void hex_debug(unsigned char *buffer, size_t len); static void asn1_debug(unsigned char *buffer, size_t len, hex_debug(buffer, bytes); 0 --------------------------------- 330 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 1331 fprintf(stderr, "buffered messge: \ttype = %xx\n", msg_buf->type); fprintf(stderr, "\t\t\t\t\tlen = %d\n", msg_buf->len); fprintf(stderr, "\t\t\t\t\tseq_num = %d\n", msg_buf->seq_num); 0 --------------------------------- 331 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 1660 for (line_iterator line = begin_lines(), line_end = end_lines(); line->IsImpactedByFloat() || if (!line->IsBlock()) { if (gNoisyReflow && !line->IsDirty()) { static_cast(line.get()), line->IsBlock() ? "block" : "inline", line->HasBreakAfter() ? "has-break-after " : "", line->HasFloats() ? "has-floats " : "", line->IsImpactedByFloat() ? "impacted " : "", line->GetBreakTypeBefore(), line->GetBreakTypeAfter(), line->mBounds.XMost()); 0 --------------------------------- 332 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 2861 st = ic->streams[i]; av_reduce(&st->avg_frame_rate.num, &st->avg_frame_rate.den, for (j = 1; j < MAX_STD_TIMEBASES; j++) { AVRational std_fps = { get_std_framerate(j), 12*1001 }; av_reduce(&st->avg_frame_rate.num, &st->avg_frame_rate.den, double error = fabs(av_q2d(st->avg_frame_rate) / av_q2d(std_fps) - 1); static int get_std_framerate(int i){ if(i<60*12) return (i+1)*1001; AVRational std_fps = { get_std_framerate(j), 12*1001 }; double error = fabs(av_q2d(st->avg_frame_rate) / av_q2d(std_fps) - 1); 0 --------------------------------- 333 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cppfunc 6153 return nullptr; FrameProperties props = Properties(); (props.Get(LineCursorProperty())); nsLineBox* property = static_cast line_iterator cursor = mLines.begin(property); nsRect cursorArea = cursor->GetVisualOverflowArea(); cursor = cursor.prev(); cursorArea = cursor->GetVisualOverflowArea(); cursor = cursor.next(); cursorArea = cursor->GetVisualOverflowArea(); if (cursor.get() != property) { props.Set(LineCursorProperty(), cursor.get()); return cursor.get(); nullptr : GetFirstLineContaining(aDirtyRect.y); nsLineBox* cursor = aBuilder->ShouldDescendIntoFrame(this) ? for (line_iterator line = mLines.begin(cursor); 0 --------------------------------- 334 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 178 PROCESS_INFORMATION pi = {0}; &pi); &pi); CloseHandle(pi.hThread); 0 --------------------------------- 335 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_frame_buffer.cc cfunc 250 SetState(kStateIncomplete); _state == kStateIncomplete); assert(_state == kStateEmpty || VCMFrameBuffer::SetState(VCMFrameBufferStateEnum state) { _state = state; SetState(kStateIncomplete); SetState(kStateDecodable); assert(_state == kStateEmpty || 0 --------------------------------- 336 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_frame_buffer.cc cppfunc 250 SetState(kStateIncomplete); _state == kStateIncomplete); assert(_state == kStateEmpty || VCMFrameBuffer::SetState(VCMFrameBufferStateEnum state) { _state = state; SetState(kStateIncomplete); SetState(kStateDecodable); assert(_state == kStateEmpty || 0 --------------------------------- 337 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 1598 const nsStyleText* styleText = GetStyleText(); IsAlignedLeft(styleText->mTextAlign, styleText->mTextAlign); 0 --------------------------------- 338 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 170 memset( p_chk, 0, sizeof( avi_chunk_t ) ); p_chk = malloc( sizeof( avi_chunk_t ) ); memset( p_chk, 0, sizeof( avi_chunk_t ) ); 0 --------------------------------- 339 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cppfunc 4118 aState.GetFloatAvailableSpaceForHeight(aLine->mBounds.y, if (CRAZY_HEIGHT(aLine->mBounds.y)) { lastHeight = aLine->mBounds.y; if (abs(aLine->mBounds.y - lastHeight) > CRAZY_H/10) { 0 --------------------------------- 340 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp API 374 NULL, 0, NULL); HANDLE thread = CreateThread(NULL, 0, StopServiceAndWaitForCommandThread, CloseHandle(thread); 0 --------------------------------- 341 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 1892 NS_ConvertUTF16toUTF8 autoIfname(aOptions.mIfname); char key[PROPERTY_KEY_MAX]; snprintf(key, sizeof key - 1, "net.%s.gw", autoIfname.get()); 0 --------------------------------- 342 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 1483 char value[PROPERTY_VALUE_MAX]; property_get("ro.build.version.sdk", value, nullptr); SDK_VERSION = atoi(value); 0 --------------------------------- 343 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cppfunc 1483 char value[PROPERTY_VALUE_MAX]; property_get("ro.build.version.sdk", value, nullptr); SDK_VERSION = atoi(value); 0 --------------------------------- 344 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 1813 V9fsQID qid; dent = g_malloc(sizeof(struct dirent)); err = v9fs_co_readdir_r(pdu, fidp, dent, &result); size = MIN(sizeof(dent->d_ino), sizeof(qid.path)); qid.type = 0; qid.version = 0; &qid, dent->d_off, memcpy(&qid.path, &dent->d_ino, size); 0 --------------------------------- 345 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_serviceinstall.cpp cfunc 46 MaintenanceServiceStringTable serviceStrings; int rv = ReadMaintenanceServiceStrings(updaterINIPath, &serviceStrings); MaintenanceServiceStringTable *results) strncpy(results->serviceDescription, 0 --------------------------------- 346 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_serviceinstall.cpp API 572 SERVICE_STATUS status; if (ControlService(schService, SERVICE_CONTROL_STOP, &status)) { } while (QueryServiceStatus(schService, &status)); Sleep(status.dwWaitHint); 0 --------------------------------- 347 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1478 for (cache = (snmp_cache_t *)cupsArrayFirst(Devices); cache = (snmp_cache_t *)cupsArrayNext(Devices)) free(cache->make_and_model); 0 --------------------------------- 348 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 1478 for (cache = (snmp_cache_t *)cupsArrayFirst(Devices); cache = (snmp_cache_t *)cupsArrayNext(Devices)) free(cache->make_and_model); 0 --------------------------------- 349 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4715 const char *spec) switch (*spec++) { if (*spec++ == ':') { int i, index = strtol(spec, NULL, 0); 0 --------------------------------- 350 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4715 const char *spec) switch (*spec++) { if (*spec++ == ':') { int i, index = strtol(spec, NULL, 0); 0 --------------------------------- 351 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 232 static void Win32AddConnection( access_t *p_access, char *psz_path, i_ret = asprintf( &psz_uri, " free( psz_uri ); static int Open( vlc_object_t *p_this ) char *psz_path, *psz_uri; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_path = p_access->psz_path; psz_parser = strchr( psz_tmp, '@' ); *psz_parser = 0; psz_path = p_access->psz_path + (psz_parser - psz_tmp) + 1; Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); i_ret = asprintf( &psz_uri, " free( psz_uri ); strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_parser = strchr( psz_path, '/' ); i_ret = asprintf( &psz_uri, " free( psz_uri ); 0 --------------------------------- 352 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cppfunc 232 static void Win32AddConnection( access_t *p_access, char *psz_path, i_ret = asprintf( &psz_uri, " free( psz_uri ); static int Open( vlc_object_t *p_this ) char *psz_path, *psz_uri; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_path = p_access->psz_path; psz_parser = strchr( psz_tmp, '@' ); *psz_parser = 0; psz_path = p_access->psz_path + (psz_parser - psz_tmp) + 1; Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); i_ret = asprintf( &psz_uri, " free( psz_uri ); strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_parser = strchr( psz_path, '/' ); i_ret = asprintf( &psz_uri, " free( psz_uri ); 0 --------------------------------- 353 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 176 PROCESS_INFORMATION pi = {0}; &pi); &pi); WaitForSingleObject(pi.hProcess, INFINITE); 0 --------------------------------- 354 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 177 PROCESS_INFORMATION pi = {0}; &pi); &pi); WaitForSingleObject(pi.hProcess, INFINITE); CloseHandle(pi.hProcess); 0 --------------------------------- 355 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 714 char *sep = strchr( folder, '/' ); *sep = '\0'; return findOrCreateParentNode( current, sep ); ret = findOrCreateParentNode( ret, sep ); static node* findOrCreateParentNode( node *root, const char *fullpath ) char *path = strdup( fullpath ); folder = path; char *sep = strchr( folder, '/' ); if( !strcmp( current->name, folder ) ) 0 --------------------------------- 356 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 458 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); fprintf(out, " IBSplitSpecialPrevSibling=%p", IBprevsibling); fprintf(out, " [content=%p]", static_cast(mContent)); fprintf(out, " {%d,%d,%d,%d}", mRect.x, mRect.y, mRect.width, mRect.height); fprintf(out, " [state=%016llx]", (unsigned long long)mState); fprintf(out, " [vis-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " [scr-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " sc=%p(i=%d,b=%d)", fprintf(out, " pst=%s", fprintf(out, " transformed"); fprintf(out, " perspective"); fprintf(out, " preserves-3d-children"); fprintf(out, " preserves-3d"); fputs("<\n", out); line->List(out, aIndent, aFlags); IndentBy(out, aIndent); fputs("Overflow-lines<\n", out); line->List(out, aIndent + 1, aFlags); IndentBy(out, aIndent); fputs(">\n", out); IndentBy(out, aIndent); fprintf(out, "%s<\n", mozilla::layout::ChildListName(lists.CurrentID())); IndentBy(out, aIndent); fputs(">\n", out); 0 --------------------------------- 357 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 2623 if (SDK_VERSION >= 20) { if (SDK_VERSION >= 20) { #ifdef _DEBUG NU_DBG(" ssid: %s", GET_CHAR(mSsid)); 0 --------------------------------- 358 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 451 ChildListIterator lists(this); for (; !lists.IsDone(); lists.Next()) { if (skip.Contains(lists.CurrentID())) { IndentBy(out, aIndent); kid->List(out, aIndent + 1, aFlags); IndentBy(out, aIndent); fputs(">\n", out); nsFrameList::Enumerator childFrames(lists.CurrentList()); fprintf(out, "%s<\n", mozilla::layout::ChildListName(lists.CurrentID())); 0 --------------------------------- 359 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 2444 err = v9fs_co_open(pdu, f, f->open_flags); err = v9fs_co_opendir(pdu, f); for (f = s->fid_list; f; f = f->next) { BUG_ON(f->clunked); f->ref++; err = v9fs_reopen_fid(pdu, f); return NULL; f->flags |= FID_REFERENCED; return f; return NULL; fidp = get_fid(pdu, fid); err = v9fs_complete_rename(pdu, fidp, newdirfid, &name); fidp = get_fid(pdu, fid); err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name); static int v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp, err = v9fs_co_rename(pdu, &fidp->path, &new_path); if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); static int v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) err = v9fs_reopen_fid(pdu, f); return f; fidp = get_fid(pdu, fid); err = v9fs_complete_rename(pdu, fidp, newdirfid, &name); static int v9fs_path_is_ancestor(V9fsPath *s1, V9fsPath *s2) if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); 0 --------------------------------- 360 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1449 free_array(cups_array_t *a) for (s = (char *)cupsArrayFirst(a); s; s = (char *)cupsArrayNext(a)) free(s); 0 --------------------------------- 361 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 1449 free_array(cups_array_t *a) for (s = (char *)cupsArrayFirst(a); s; s = (char *)cupsArrayNext(a)) free(s); 0 --------------------------------- 362 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 423 else return first_iformat; AVInputFormat *fmt1 = NULL, *fmt; fmt = NULL; while ((fmt1 = av_iformat_next(fmt1))) { score = fmt1->read_probe(&lpd); fmt = fmt1; fmt = NULL; return fmt; AVInputFormat *fmt = av_probe_input_format3(pd, 1, &score); pd->buf_size, MAX_PROBE_PACKETS - st->probe_packets, fmt->name, score); if (!strcmp(fmt->name, fmt_id_type[i].name)) { AVInputFormat *av_iformat_next(AVInputFormat *f) if(f) return f->next; while ((fmt1 = av_iformat_next(fmt1))) { fmt = fmt1; return fmt; AVInputFormat *fmt = av_probe_input_format3(pd, 1, &score); pd->buf_size, MAX_PROBE_PACKETS - st->probe_packets, fmt->name, score); if (!strcmp(fmt->name, fmt_id_type[i].name)) { 0 --------------------------------- 363 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 289 static void Win32AddConnection( access_t *p_access, char *psz_path, i_ret = asprintf( &psz_uri, " free( psz_uri ); strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_parser = strchr( psz_path, '/' ); i_ret = asprintf( &psz_uri, " free( psz_uri ); static int Open( vlc_object_t *p_this ) char *psz_path, *psz_uri; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_path = p_access->psz_path; psz_parser = strchr( psz_tmp, '@' ); *psz_parser = 0; psz_path = p_access->psz_path + (psz_parser - psz_tmp) + 1; Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); i_ret = asprintf( &psz_uri, " free( psz_uri ); 0 --------------------------------- 364 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cppfunc 289 static void Win32AddConnection( access_t *p_access, char *psz_path, i_ret = asprintf( &psz_uri, " free( psz_uri ); strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_parser = strchr( psz_path, '/' ); i_ret = asprintf( &psz_uri, " free( psz_uri ); static int Open( vlc_object_t *p_this ) char *psz_path, *psz_uri; psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_path = p_access->psz_path; psz_parser = strchr( psz_tmp, '@' ); *psz_parser = 0; psz_path = p_access->psz_path + (psz_parser - psz_tmp) + 1; Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); i_ret = asprintf( &psz_uri, " free( psz_uri ); 0 --------------------------------- 365 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc cfunc 223 const size_t kH264NALHeaderLengthInBytes = 1; nalu_ptr = packet_buffer + kH264NALHeaderLengthInBytes; size_t length = BufferToUWord16(nalu_ptr); frame_buffer_ptr += Insert(nalu_ptr, if (packets_.size() == kMaxPacketsInSession) { ReversePacketIterator rit = packets_.rbegin(); for (; rit != packets_.rend(); ++rit) if (rit != packets_.rend() && first_packet_seq_num_ = static_cast(packet.seqNum); last_packet_seq_num_ = static_cast(packet.seqNum); PacketIterator packet_list_it = packets_.insert(rit.base(), packet); size_t returnLength = InsertBuffer(frame_buffer, packet_list_it); PacketIterator packet_it) { VCMPacket& packet = *packet_it; const uint8_t* packet_buffer = packet.dataPtr; packet.sizeBytes = Insert(packet_buffer, size_t VCMSessionInfo::Insert(const uint8_t* buffer, memcpy(frame_buffer, startCode, kH264StartCodeLengthBytes); buffer, length += (insert_start_code ? kH264StartCodeLengthBytes : 0); nalu_ptr += length; size_t length = BufferToUWord16(nalu_ptr); frame_buffer_ptr += Insert(nalu_ptr, IsNewerSequenceNumber(first_packet_seq_num_, packet.seqNum))) { IsNewerSequenceNumber(packet.seqNum, last_packet_seq_num_))) { IsNewerSequenceNumber(first_packet_seq_num_, packet.seqNum)) { last_packet_seq_num_ = static_cast(packet.seqNum); PacketIterator packet_list_it = packets_.insert(rit.base(), packet); size_t returnLength = InsertBuffer(frame_buffer, packet_list_it); PacketIterator packet_it) { VCMPacket& packet = *packet_it; const uint8_t* packet_buffer = packet.dataPtr; packet.sizeBytes = Insert(packet_buffer, int VCMSessionInfo::InsertPacket(const VCMPacket& packet, IsNewerSequenceNumber(packet.seqNum, last_packet_seq_num_)) { PacketIterator packet_list_it = packets_.insert(rit.base(), packet); size_t returnLength = InsertBuffer(frame_buffer, packet_list_it); PacketIterator packet_it) { VCMPacket& packet = *packet_it; const uint8_t* packet_buffer = packet.dataPtr; packet.sizeBytes = Insert(packet_buffer, 0 --------------------------------- 366 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc cfunc 222 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer, packet.dataPtr = frame_buffer + offset; const size_t kH264NALHeaderLengthInBytes = 1; const size_t kLengthFieldLength = 2; nalu_ptr = packet_buffer + kH264NALHeaderLengthInBytes; size_t length = BufferToUWord16(nalu_ptr); nalu_ptr += kLengthFieldLength; frame_buffer_ptr += Insert(nalu_ptr, length, const_cast(packet.dataPtr)); size_t length, uint8_t* frame_buffer) { memcpy(frame_buffer, startCode, kH264StartCodeLengthBytes); memcpy(frame_buffer + (insert_start_code ? kH264StartCodeLengthBytes : 0), length); return length; frame_buffer_ptr += Insert(nalu_ptr, const_cast(frame_buffer_ptr)); uint8_t* frame_buffer) { memcpy(frame_buffer + (insert_start_code ? kH264StartCodeLengthBytes : 0), IsNewerSequenceNumber(first_packet_seq_num_, packet.seqNum))) { IsNewerSequenceNumber(packet.seqNum, last_packet_seq_num_))) { IsNewerSequenceNumber(packet.seqNum, last_packet_seq_num_)) { PacketIterator packet_list_it = packets_.insert(rit.base(), packet); size_t returnLength = InsertBuffer(frame_buffer, packet_list_it); PacketIterator packet_it) { VCMPacket& packet = *packet_it; const uint8_t* packet_buffer = packet.dataPtr; nalu_ptr = packet_buffer + kH264NALHeaderLengthInBytes; size_t length = BufferToUWord16(nalu_ptr); length, size_t length, length); return length; frame_buffer_ptr += Insert(nalu_ptr, const_cast(frame_buffer_ptr)); uint8_t* frame_buffer) { memcpy(frame_buffer + (insert_start_code ? kH264StartCodeLengthBytes : 0), int VCMSessionInfo::InsertPacket(const VCMPacket& packet, uint8_t* frame_buffer, IsNewerSequenceNumber(first_packet_seq_num_, packet.seqNum)) { last_packet_seq_num_ = static_cast(packet.seqNum); PacketIterator packet_list_it = packets_.insert(rit.base(), packet); size_t returnLength = InsertBuffer(frame_buffer, packet_list_it); PacketIterator packet_it) { VCMPacket& packet = *packet_it; const uint8_t* packet_buffer = packet.dataPtr; nalu_ptr = packet_buffer + kH264NALHeaderLengthInBytes; size_t length = BufferToUWord16(nalu_ptr); length, size_t length, length); return length; frame_buffer_ptr += Insert(nalu_ptr, const_cast(frame_buffer_ptr)); uint8_t* frame_buffer) { memcpy(frame_buffer + (insert_start_code ? kH264StartCodeLengthBytes : 0), if (packets_.size() == kMaxPacketsInSession) { ReversePacketIterator rit = packets_.rbegin(); for (; rit != packets_.rend(); ++rit) if (rit != packets_.rend() && PacketIterator packet_list_it = packets_.insert(rit.base(), packet); size_t returnLength = InsertBuffer(frame_buffer, packet_list_it); VCMPacket& packet = *packet_it; size_t offset = 0; offset += (*it).sizeBytes; const uint8_t* packet_buffer = packet.dataPtr; packet.dataPtr = frame_buffer + offset; nalu_ptr = packet_buffer + kH264NALHeaderLengthInBytes; uint8_t* frame_buffer_ptr = frame_buffer + offset; nalu_ptr += length; size_t length = BufferToUWord16(nalu_ptr); length, size_t length, length); length += (insert_start_code ? kH264StartCodeLengthBytes : 0); return length; frame_buffer_ptr += Insert(nalu_ptr, const_cast(frame_buffer_ptr)); const_cast(packet.dataPtr)); uint8_t* frame_buffer) { memcpy(frame_buffer + (insert_start_code ? kH264StartCodeLengthBytes : 0), size_t VCMSessionInfo::Insert(const uint8_t* buffer, buffer, size_t length = BufferToUWord16(nalu_ptr); length, size_t length, length); return length; frame_buffer_ptr += Insert(nalu_ptr, const_cast(frame_buffer_ptr)); uint8_t* frame_buffer) { memcpy(frame_buffer + (insert_start_code ? kH264StartCodeLengthBytes : 0), 0 --------------------------------- 367 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc cfunc 220 const size_t kLengthFieldLength = 2; nalu_ptr += kLengthFieldLength; frame_buffer_ptr += Insert(nalu_ptr, const unsigned char startCode[] = {0, 0, 0, 1}; memcpy(frame_buffer, startCode, kH264StartCodeLengthBytes); length += (insert_start_code ? kH264StartCodeLengthBytes : 0); return length; frame_buffer_ptr += Insert(nalu_ptr, const_cast(frame_buffer_ptr)); uint8_t* frame_buffer) { memcpy(frame_buffer, startCode, kH264StartCodeLengthBytes); uint8_t* frame_buffer, if (packets_.size() == kMaxPacketsInSession) { ReversePacketIterator rit = packets_.rbegin(); for (; rit != packets_.rend(); ++rit) if (rit != packets_.rend() && IsNewerSequenceNumber(first_packet_seq_num_, packet.seqNum))) { IsNewerSequenceNumber(packet.seqNum, last_packet_seq_num_))) { first_packet_seq_num_ = static_cast(packet.seqNum); IsNewerSequenceNumber(first_packet_seq_num_, packet.seqNum)) { last_packet_seq_num_ = static_cast(packet.seqNum); IsNewerSequenceNumber(packet.seqNum, last_packet_seq_num_)) { PacketIterator packet_list_it = packets_.insert(rit.base(), packet); size_t returnLength = InsertBuffer(frame_buffer, packet_list_it); PacketIterator packet_it) { VCMPacket& packet = *packet_it; size_t offset = 0; offset += (*it).sizeBytes; const uint8_t* packet_buffer = packet.dataPtr; packet.dataPtr = frame_buffer + offset; const size_t kH264NALHeaderLengthInBytes = 1; nalu_ptr = packet_buffer + kH264NALHeaderLengthInBytes; uint8_t* frame_buffer_ptr = frame_buffer + offset; nalu_ptr += length; size_t length = BufferToUWord16(nalu_ptr); length, size_t length, length); return length; frame_buffer_ptr += Insert(nalu_ptr, const_cast(frame_buffer_ptr)); const_cast(packet.dataPtr)); uint8_t* frame_buffer) { memcpy(frame_buffer, startCode, kH264StartCodeLengthBytes); size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer, packet.dataPtr = frame_buffer + offset; const_cast(packet.dataPtr)); uint8_t* frame_buffer) { memcpy(frame_buffer, startCode, kH264StartCodeLengthBytes); int VCMSessionInfo::InsertPacket(const VCMPacket& packet, PacketIterator packet_list_it = packets_.insert(rit.base(), packet); size_t returnLength = InsertBuffer(frame_buffer, packet_list_it); PacketIterator packet_it) { VCMPacket& packet = *packet_it; const uint8_t* packet_buffer = packet.dataPtr; nalu_ptr = packet_buffer + kH264NALHeaderLengthInBytes; size_t length = BufferToUWord16(nalu_ptr); length, size_t length, length); return length; frame_buffer_ptr += Insert(nalu_ptr, const_cast(frame_buffer_ptr)); uint8_t* frame_buffer) { memcpy(frame_buffer, startCode, kH264StartCodeLengthBytes); size_t VCMSessionInfo::Insert(const uint8_t* buffer, buffer, size_t length = BufferToUWord16(nalu_ptr); length, size_t length, length); return length; frame_buffer_ptr += Insert(nalu_ptr, const_cast(frame_buffer_ptr)); uint8_t* frame_buffer) { memcpy(frame_buffer, startCode, kH264StartCodeLengthBytes); 0 --------------------------------- 368 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 194 stream_sys_t *p_sys; s->p_sys = p_sys = calloc( 1, sizeof( *p_sys ) ); calloc( 1, sizeof( zlib_filefunc_def ) ); p_sys->fileFunctions = ( zlib_filefunc_def * ) free( p_sys ); 0 --------------------------------- 369 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 194 stream_sys_t *p_sys; s->p_sys = p_sys = calloc( 1, sizeof( *p_sys ) ); calloc( 1, sizeof( zlib_filefunc_def ) ); p_sys->fileFunctions = ( zlib_filefunc_def * ) free( p_sys ); 0 --------------------------------- 370 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 297 static void split(char* str, const char* sep, nsTArray& result) char *s = strtok(str, sep); s = strtok(nullptr, sep); 0 --------------------------------- 371 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c cfunc 388 VmdVideoContext *s = avctx->priv_data; vmd_decode(s); static void vmd_decode(VmdVideoContext *s) frame_x = AV_RL16(&s->buf[6]); s->x_off = frame_x; static void vmd_decode(VmdVideoContext *s) vmd_decode(s); memcpy(s->frame.data[1], s->palette, PALETTE_COUNT * 4); 0 --------------------------------- 372 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 938 ! memcmp( &oggpacket.packet[1], "FLAC", 4 ) && ! memcmp( &oggpacket.packet[9], "fLaC", 4 ) ) ! memcmp( oggpacket.packet, "\x80theora", 7 ) ) ! memcmp( oggpacket.packet, "\x01vorbis", 7 ) ) ! memcmp( oggpacket.packet, "Speex", 5 ) ) ! memcmp( oggpacket.packet, "fLaC", 4 ) ) 0 --------------------------------- 373 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 1659 if (line->IsBlock() || line->IsImpactedByFloat() || line->ResizeReflowOptimizationDisabled() || ((isLastLine || !line->IsLineWrapped()) && !skipLastLine) || (!isLastLine && !line->HasBreakAfter()) || line->HasFloats() || line->MarkDirty(); if (!line->IsBlock()) { line.get(), line->IsImpactedByFloat() ? "" : "not "); if (gNoisyReflow && !line->IsDirty()) { static_cast(line.get()), static_cast((line.next() != end_lines() ? line.next().get() : nullptr)), line->IsBlock() ? "block" : "inline", line->HasBreakAfter() ? "has-break-after " : "", line->HasFloats() ? "has-floats " : "", line->IsImpactedByFloat() ? "impacted " : "", line->GetBreakTypeBefore(), line->GetBreakTypeAfter(), 0 --------------------------------- 374 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c cfunc 775 struct vers_rec version; struct tm tm; bytes_read = file_read(&version, sizeof version, wth->fh); if (bytes_read != sizeof version) { start_date = pletoh16(&version.date); tm.tm_year = ((start_date&DOS_YEAR_MASK)>>DOS_YEAR_SHIFT) + DOS_YEAR_OFFSET; tm.tm_mon = ((start_date&DOS_MONTH_MASK)>>DOS_MONTH_SHIFT) + DOS_MONTH_OFFSET; tm.tm_mday = ((start_date&DOS_DAY_MASK)>>DOS_DAY_SHIFT); tm.tm_hour = 0; tm.tm_min = 0; tm.tm_sec = 0; tm.tm_isdst = -1; ngsniffer->start = mktime(&tm); 0 --------------------------------- 375 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c cppfunc 775 struct vers_rec version; struct tm tm; bytes_read = file_read(&version, sizeof version, wth->fh); if (bytes_read != sizeof version) { start_date = pletoh16(&version.date); tm.tm_year = ((start_date&DOS_YEAR_MASK)>>DOS_YEAR_SHIFT) + DOS_YEAR_OFFSET; tm.tm_mon = ((start_date&DOS_MONTH_MASK)>>DOS_MONTH_SHIFT) + DOS_MONTH_OFFSET; tm.tm_mday = ((start_date&DOS_DAY_MASK)>>DOS_DAY_SHIFT); tm.tm_hour = 0; tm.tm_min = 0; tm.tm_sec = 0; tm.tm_isdst = -1; ngsniffer->start = mktime(&tm); 0 --------------------------------- 376 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 1652 static_cast((line.next() != end_lines() ? line.next().get() : nullptr)), line->IsBlock() ? "block" : "inline", line->HasBreakAfter() ? "has-break-after " : "", line->HasFloats() ? "has-floats " : "", line->IsImpactedByFloat() ? "impacted " : "", line->GetBreakTypeBefore(), line->GetBreakTypeAfter(), line->IsImpactedByFloat() || line->ResizeReflowOptimizationDisabled() || ((isLastLine || !line->IsLineWrapped()) && !skipLastLine) || (!isLastLine && !line->HasBreakAfter()) || line->HasFloats() || if (line->IsBlock() || if (!line->IsBlock()) { if (gNoisyReflow && !line->IsDirty()) { static_cast(line.get()), 0 --------------------------------- 377 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 1653 for (line_iterator line = begin_lines(), line_end = end_lines(); line->IsBlock() ? "block" : "inline", line->HasBreakAfter() ? "has-break-after " : "", line->HasFloats() ? "has-floats " : "", line->IsImpactedByFloat() ? "impacted " : "", line->GetBreakTypeBefore(), line->GetBreakTypeAfter(), line->IsImpactedByFloat() || line->ResizeReflowOptimizationDisabled() || ((isLastLine || !line->IsLineWrapped()) && !skipLastLine) || (!isLastLine && !line->HasBreakAfter()) || line->HasFloats() || if (line->IsBlock() || line->IsImpactedByFloat() || if (!line->IsBlock()) { if (gNoisyReflow && !line->IsDirty()) { static_cast(line.get()), static_cast((line.next() != end_lines() ? line.next().get() : nullptr)), 0 --------------------------------- 378 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 2777 st = ic->streams[i]; st->codec->time_base= st->time_base; st->parser = av_parser_init(st->codec->codec_id); avcodec_get_name(st->codec->codec_id)); avcodec_find_decoder(st->codec->codec_id); st = ic->streams[i]; if (!has_codec_parameters(st, NULL)) st->info->fps_first_dts = st->info->fps_last_dts = AV_NOPTS_VALUE; if (!has_codec_parameters(st, NULL)) st->info->fps_first_dts = st->info->fps_last_dts = AV_NOPTS_VALUE; if (!has_codec_parameters(st, NULL)) st->info->fps_first_dts = pkt->dts; if (!has_codec_parameters(st, NULL)) st->info->fps_first_dts_idx = st->codec_info_nb_frames; if (!has_codec_parameters(st, NULL)) st->info->fps_last_dts_idx = st->codec_info_nb_frames; t = av_rescale_q(st->info->codec_info_duration, st->time_base, AV_TIME_BASE_Q); st->info->codec_info_duration += pkt->duration; if (!has_codec_parameters(st, NULL)) int64_t last = st->info->last_dts; double dts= (is_relative(pkt->dts) ? pkt->dts - RELATIVE_TS_BASE : pkt->dts) * av_q2d(st->time_base); int64_t duration= pkt->dts - last; for (i=0; iinfo->duration_error[0][0]); i++) { int framerate= get_std_framerate(i); double sdts= dts*framerate/(1001*12); for(j=0; j<2; j++){ int ticks= lrintf(sdts+j*0.5); double error= sdts - ticks + j*0.5; st->info->duration_error[j][0][i] += error; for (i=0; iinfo->duration_error[0][0]); i++) { if (!has_codec_parameters(st, NULL)) st->info->duration_error[j][1][i] += error*error; for (i=0; iinfo->duration_error[0][0]); i++) { if (!has_codec_parameters(st, NULL)) st->info->duration_count++; if (!has_codec_parameters(st, NULL)) st->info->duration_gcd = av_gcd(st->info->duration_gcd, duration); if (!has_codec_parameters(st, NULL)) st->info->last_dts = pkt->dts; if (!has_codec_parameters(st, NULL)) st = ic->streams[pkt->stream_index]; st->codec->extradata= av_malloc(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); memcpy(st->codec->extradata, pkt->data, st->codec->extradata_size); memset(st->codec->extradata + i, 0, FF_INPUT_BUFFER_PADDING_SIZE); int i= st->parser->parser->split(st->codec, pkt->data, pkt->size); st->codec->extradata_size= i; st->codec->extradata= av_malloc(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); memset(st->codec->extradata + i, 0, FF_INPUT_BUFFER_PADDING_SIZE); static int has_codec_parameters(AVStream *st, const char **errmsg_ptr) if (!has_codec_parameters(st, NULL)) if( tb_unreliable(st->codec) && !(st->r_frame_rate.num && st->avg_frame_rate.num) static int tb_unreliable(AVCodecContext *c){ if( tb_unreliable(st->codec) && !(st->r_frame_rate.num && st->avg_frame_rate.num) int i= st->parser->parser->split(st->codec, pkt->data, pkt->size); st->codec->extradata_size= i; st->codec->extradata= av_malloc(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); memset(st->codec->extradata + i, 0, FF_INPUT_BUFFER_PADDING_SIZE); static int is_relative(int64_t ts) { st->info->fps_last_dts = pkt->dts; if (!has_codec_parameters(st, NULL)) static int get_std_framerate(int i){ if(i<60*12) return (i+1)*1001; int framerate= get_std_framerate(i); double sdts= dts*framerate/(1001*12); int ticks= lrintf(sdts+j*0.5); double error= sdts - ticks + j*0.5; st->info->duration_error[j][0][i] += error; for (i=0; iinfo->duration_error[0][0]); i++) { if (!has_codec_parameters(st, NULL)) 0 --------------------------------- 379 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc cfunc 381 uint8_t* frame_buffer, size_t frame_buffer_length, size_t new_length = 0; (*it).dataPtr - frame_buffer; fragmentation->fragmentationOffset[partition_id] = frame_buffer_length); assert(fragmentation->fragmentationOffset[partition_id] < (*partition_end).dataPtr + (*partition_end).sizeBytes - (*it).dataPtr; fragmentation->fragmentationLength[partition_id] = frame_buffer_length); assert(fragmentation->fragmentationLength[partition_id] <= new_length += fragmentation->fragmentationLength[partition_id]; assert(new_length <= frame_buffer_length); 0 --------------------------------- 380 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc cppfunc 381 uint8_t* frame_buffer, size_t frame_buffer_length, size_t new_length = 0; (*it).dataPtr - frame_buffer; fragmentation->fragmentationOffset[partition_id] = frame_buffer_length); assert(fragmentation->fragmentationOffset[partition_id] < (*partition_end).dataPtr + (*partition_end).sizeBytes - (*it).dataPtr; fragmentation->fragmentationLength[partition_id] = frame_buffer_length); assert(fragmentation->fragmentationLength[partition_id] <= new_length += fragmentation->fragmentationLength[partition_id]; assert(new_length <= frame_buffer_length); 0 --------------------------------- 381 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 1342 process_rtsp_reply(tvbuff_t *tvb, int offset, const guchar *data, const guchar *status = data; while (status < lineend && !isspace(*status)) status++; while (status < lineend && !isspace(*status)) 0 --------------------------------- 382 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cppfunc 1342 process_rtsp_reply(tvbuff_t *tvb, int offset, const guchar *data, const guchar *status = data; while (status < lineend && !isspace(*status)) status++; while (status < lineend && !isspace(*status)) 0 --------------------------------- 383 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 543 size_t i_num = 0, i_len = 0; i_len++; i_len++; i_num++; memcpy( *ppsz_encoded, psz_url, i_len + 1 ); char *psz_ret = malloc( i_len + 3*i_num + 2 ); for( psz_iter = (char*) psz_url, psz_tmp = psz_ret; *(psz_tmp++) = '?'; snprintf( psz_tmp, 3, "%02x", ( *psz_iter & 0x000000FF ) ); *psz_tmp = *psz_iter; snprintf( psz_tmp, 3, "%02x", ( *psz_iter & 0x000000FF ) ); psz_tmp++; snprintf( psz_tmp, 3, "%02x", ( *psz_iter & 0x000000FF ) ); const char *psz_zippath ) char *psz_zip = strrchr( psz_zippath, DIR_SEP_CHAR ); escapeToXml( &psz_pathtozip, psz_zippath ); escapeToXml( &psz_escapedName, psz_name ); static int escapeToXml( char **ppsz_encoded, const char *psz_url ) for( psz_iter = (char*) psz_url, psz_tmp = psz_ret; if( isAllowedChar( *psz_iter ) ) *psz_tmp = *psz_iter; snprintf( psz_tmp, 3, "%02x", ( *psz_iter & 0x000000FF ) ); static int WriteXSPF( char **pp_buffer, vlc_array_t *p_filenames, for( int i = 0; i < vlc_array_count( p_filenames ); ++i ) char *psz_name = (char*) vlc_array_item_at_index( p_filenames, i ); int i_len = strlen( psz_name ); char *psz_file = strrchr( psz_name, '/' ); escapeToXml( &psz_escapedName, psz_name ); bool isAllowedChar( char c ) if( isAllowedChar( *psz_iter ) ) *psz_tmp = *psz_iter; snprintf( psz_tmp, 3, "%02x", ( *psz_iter & 0x000000FF ) ); 0 --------------------------------- 384 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1480 for (cache = (snmp_cache_t *)cupsArrayFirst(Devices); cache = (snmp_cache_t *)cupsArrayNext(Devices)) free(cache->addrname); free(cache->uri); free(cache->id); free(cache->make_and_model); free(cache); 0 --------------------------------- 385 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 1480 for (cache = (snmp_cache_t *)cupsArrayFirst(Devices); cache = (snmp_cache_t *)cupsArrayNext(Devices)) free(cache->addrname); free(cache->uri); free(cache->id); free(cache->make_and_model); free(cache); 0 --------------------------------- 386 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 3917 AVDictionaryEntry *tag=NULL; while((tag=av_dict_get(m, "", tag, AV_DICT_IGNORE_SUFFIX))) { if(strcmp("language", tag->key)){ av_log(ctx, AV_LOG_INFO, "%s %-16s: ", indent, tag->key); while((tag=av_dict_get(m, "", tag, AV_DICT_IGNORE_SUFFIX))) { if(strcmp("language", tag->key)){ uint8_t *printed = ic->nb_streams ? av_mallocz(ic->nb_streams) : NULL; dump_metadata(NULL, ic->metadata, " "); us = ic->duration % AV_TIME_BASE; (100 * us) / AV_TIME_BASE); us = abs(ic->start_time % AV_TIME_BASE); AVChapter *ch = ic->chapters[i]; dump_metadata(NULL, ch->metadata, " "); dump_metadata(NULL, ic->programs[j]->metadata, " "); dump_stream_format(ic, ic->programs[j]->stream_index[k], index, is_output); static void dump_stream_format(AVFormatContext *ic, int i, int index, int is_output) AVStream *st = ic->streams[i]; AVDictionaryEntry *lang = av_dict_get(st->metadata, "language", NULL, 0); dump_metadata(NULL, st->metadata, " "); dump_stream_format(ic, ic->programs[j]->stream_index[k], index, is_output); static void dump_metadata(void *ctx, AVDictionary *m, const char *indent) if(m && !(av_dict_count(m) == 1 && av_dict_get(m, "language", NULL, 0))){ while((tag=av_dict_get(m, "", tag, AV_DICT_IGNORE_SUFFIX))) { if(strcmp("language", tag->key)){ 0 --------------------------------- 387 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 2444 err = v9fs_co_open(pdu, f, f->open_flags); err = v9fs_co_opendir(pdu, f); for (f = s->fid_list; f; f = f->next) { BUG_ON(f->clunked); f->ref++; err = v9fs_reopen_fid(pdu, f); return NULL; f->flags |= FID_REFERENCED; return f; return NULL; fidp = get_fid(pdu, fid); err = v9fs_complete_rename(pdu, fidp, newdirfid, &name); fidp = get_fid(pdu, fid); err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name); static int v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp, err = v9fs_co_rename(pdu, &fidp->path, &new_path); if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); static int v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) err = v9fs_reopen_fid(pdu, f); return f; fidp = get_fid(pdu, fid); err = v9fs_complete_rename(pdu, fidp, newdirfid, &name); static int v9fs_path_is_ancestor(V9fsPath *s1, V9fsPath *s2) if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); 0 --------------------------------- 388 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 1745 *pkt_buf_end = NULL; free_packet_buffer(&s->raw_packet_buffer, &s->raw_packet_buffer_end); a = - 1; m = (a + b) >> 1; b = m; a = m; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; m += (flags & AVSEEK_FLAG_BACKWARD) ? -1 : 1; return -1; return m; return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, index= av_index_search_timestamp(st, target_ts, flags | AVSEEK_FLAG_BACKWARD); index= FFMAX(index, 0); assert(index==0); static void free_packet_buffer(AVPacketList **pkt_buf, AVPacketList **pkt_buf_end) free_packet_buffer(&s->raw_packet_buffer, &s->raw_packet_buffer_end); static void flush_packet_queue(AVFormatContext *s) flush_packet_queue(s); void ff_read_frame_flush(AVFormatContext *s) ff_read_frame_flush(s); return ff_seek_frame_binary(s, stream_index, timestamp, flags); int ff_seek_frame_binary(AVFormatContext *s, int stream_index, int64_t target_ts, int flags) st= s->streams[stream_index]; index= av_index_search_timestamp(st, target_ts, flags | AVSEEK_FLAG_BACKWARD); int av_index_search_timestamp(AVStream *st, int64_t wanted_timestamp, return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, int ff_index_search_timestamp(const AVIndexEntry *entries, int nb_entries, b = nb_entries; a= b-1; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; return m; return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, index= av_index_search_timestamp(st, target_ts, flags | AVSEEK_FLAG_BACKWARD); index= FFMAX(index, 0); assert(index==0); 0 --------------------------------- 389 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 1745 *pkt_buf_end = NULL; free_packet_buffer(&s->raw_packet_buffer, &s->raw_packet_buffer_end); a = - 1; m = (a + b) >> 1; b = m; a = m; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; m += (flags & AVSEEK_FLAG_BACKWARD) ? -1 : 1; return -1; return m; return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, index= av_index_search_timestamp(st, target_ts, flags | AVSEEK_FLAG_BACKWARD); index= FFMAX(index, 0); assert(index==0); static void free_packet_buffer(AVPacketList **pkt_buf, AVPacketList **pkt_buf_end) free_packet_buffer(&s->raw_packet_buffer, &s->raw_packet_buffer_end); static void flush_packet_queue(AVFormatContext *s) flush_packet_queue(s); void ff_read_frame_flush(AVFormatContext *s) ff_read_frame_flush(s); return ff_seek_frame_binary(s, stream_index, timestamp, flags); int ff_seek_frame_binary(AVFormatContext *s, int stream_index, int64_t target_ts, int flags) st= s->streams[stream_index]; index= av_index_search_timestamp(st, target_ts, flags | AVSEEK_FLAG_BACKWARD); int av_index_search_timestamp(AVStream *st, int64_t wanted_timestamp, return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, int ff_index_search_timestamp(const AVIndexEntry *entries, int nb_entries, b = nb_entries; a= b-1; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; return m; return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, index= av_index_search_timestamp(st, target_ts, flags | AVSEEK_FLAG_BACKWARD); index= FFMAX(index, 0); assert(index==0); 0 --------------------------------- 390 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1779 linenum = 0; while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) fprintf(stderr, fprintf(stderr, "ERROR: Unknown directive %s on line %d of %s!\n", fprintf(stderr, "ERROR: Missing value on line %d of %s!\n", linenum, 0 --------------------------------- 391 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 2105 V9fsString extension; v9fs_string_init(&extension); &perm, &mode, &extension); char ctype; uint32_t major, minor; if (sscanf(extension.data, "%c %u %u", &ctype, &major, &minor) != 3) { 0 --------------------------------- 392 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c cfunc 2527 static int read_blob(FILE_T infile, ngsniffer_comp_stream_t *comp_stream, comp_stream = &ngsniffer->rand; comp_stream = &ngsniffer->seq; if (read_blob(infile, comp_stream, err, err_info) < 0) bytes_left = comp_stream->nbytes - comp_stream->nextout; if (read_blob(infile, comp_stream, err, err_info) < 0) bytes_left = comp_stream->nbytes - comp_stream->nextout; bytes_to_copy = bytes_left; memcpy(outbuffer, &comp_stream->buf[comp_stream->nextout], bytes_to_copy); copybytes -= bytes_to_copy; bytes_to_copy = copybytes; bytes_to_copy); outbuffer += bytes_to_copy; memcpy(outbuffer, &comp_stream->buf[comp_stream->nextout], static int read_blob(FILE_T infile, ngsniffer_comp_stream_t *comp_stream, if (read_blob(infile, comp_stream, err, err_info) < 0) memcpy(outbuffer, &comp_stream->buf[comp_stream->nextout], ng_file_read(void *buffer, unsigned int nbytes, wtap *wth, gboolean is_random, unsigned int copybytes = nbytes; unsigned char *outbuffer = (unsigned char *)buffer; comp_stream = &ngsniffer->rand; comp_stream->buf = (unsigned char *)g_malloc(OUTBUF_SIZE); if (read_blob(infile, comp_stream, err, err_info) < 0) if (read_blob(infile, comp_stream, err, err_info) < 0) bytes_to_copy = copybytes; memcpy(outbuffer, &comp_stream->buf[comp_stream->nextout], bytes_to_copy); outbuffer += bytes_to_copy; memcpy(outbuffer, &comp_stream->buf[comp_stream->nextout], comp_stream->nextout += bytes_to_copy; bytes_left = comp_stream->nbytes - comp_stream->nextout; bytes_to_copy = bytes_left; bytes_to_copy); outbuffer += bytes_to_copy; memcpy(outbuffer, &comp_stream->buf[comp_stream->nextout], 0 --------------------------------- 393 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 1749 *pkt_buf_end = NULL; free_packet_buffer(&s->raw_packet_buffer, &s->raw_packet_buffer_end); a = - 1; m = (a + b) >> 1; b = m; a = m; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; m += (flags & AVSEEK_FLAG_BACKWARD) ? -1 : 1; return -1; return m; return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, index= av_index_search_timestamp(st, target_ts, flags & ~AVSEEK_FLAG_BACKWARD); assert(index < st->nb_index_entries); static void free_packet_buffer(AVPacketList **pkt_buf, AVPacketList **pkt_buf_end) free_packet_buffer(&s->raw_packet_buffer, &s->raw_packet_buffer_end); static void flush_packet_queue(AVFormatContext *s) flush_packet_queue(s); void ff_read_frame_flush(AVFormatContext *s) ff_read_frame_flush(s); return ff_seek_frame_binary(s, stream_index, timestamp, flags); int ff_seek_frame_binary(AVFormatContext *s, int stream_index, int64_t target_ts, int flags) st= s->streams[stream_index]; index= av_index_search_timestamp(st, target_ts, flags | AVSEEK_FLAG_BACKWARD); int av_index_search_timestamp(AVStream *st, int64_t wanted_timestamp, return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, index= av_index_search_timestamp(st, target_ts, flags | AVSEEK_FLAG_BACKWARD); index= av_index_search_timestamp(st, target_ts, flags & ~AVSEEK_FLAG_BACKWARD); int av_index_search_timestamp(AVStream *st, int64_t wanted_timestamp, return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, int ff_index_search_timestamp(const AVIndexEntry *entries, int nb_entries, b = nb_entries; a= b-1; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; return m; return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, index= av_index_search_timestamp(st, target_ts, flags & ~AVSEEK_FLAG_BACKWARD); assert(index < st->nb_index_entries); 0 --------------------------------- 394 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 1749 *pkt_buf_end = NULL; free_packet_buffer(&s->raw_packet_buffer, &s->raw_packet_buffer_end); a = - 1; m = (a + b) >> 1; b = m; a = m; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; m += (flags & AVSEEK_FLAG_BACKWARD) ? -1 : 1; return -1; return m; return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, index= av_index_search_timestamp(st, target_ts, flags & ~AVSEEK_FLAG_BACKWARD); assert(index < st->nb_index_entries); static void free_packet_buffer(AVPacketList **pkt_buf, AVPacketList **pkt_buf_end) free_packet_buffer(&s->raw_packet_buffer, &s->raw_packet_buffer_end); static void flush_packet_queue(AVFormatContext *s) flush_packet_queue(s); void ff_read_frame_flush(AVFormatContext *s) ff_read_frame_flush(s); return ff_seek_frame_binary(s, stream_index, timestamp, flags); int ff_seek_frame_binary(AVFormatContext *s, int stream_index, int64_t target_ts, int flags) st= s->streams[stream_index]; index= av_index_search_timestamp(st, target_ts, flags | AVSEEK_FLAG_BACKWARD); int av_index_search_timestamp(AVStream *st, int64_t wanted_timestamp, return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, index= av_index_search_timestamp(st, target_ts, flags | AVSEEK_FLAG_BACKWARD); index= av_index_search_timestamp(st, target_ts, flags & ~AVSEEK_FLAG_BACKWARD); int av_index_search_timestamp(AVStream *st, int64_t wanted_timestamp, return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, int ff_index_search_timestamp(const AVIndexEntry *entries, int nb_entries, b = nb_entries; a= b-1; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; return m; return ff_index_search_timestamp(st->index_entries, st->nb_index_entries, index= av_index_search_timestamp(st, target_ts, flags & ~AVSEEK_FLAG_BACKWARD); assert(index < st->nb_index_entries); 0 --------------------------------- 395 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 434 ZIP_FILENAME_LEN, NULL, 0, NULL, 0 ) char *psz_fileName = calloc( ZIP_FILENAME_LEN, 1 ); free( psz_fileName ); 0 --------------------------------- 396 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 434 ZIP_FILENAME_LEN, NULL, 0, NULL, 0 ) char *psz_fileName = calloc( ZIP_FILENAME_LEN, 1 ); free( psz_fileName ); 0 --------------------------------- 397 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 6889 nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); 0 --------------------------------- 398 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 6230 char buf[400]; PR_snprintf(buf, sizeof(buf), printf("%s\n", buf); 0 --------------------------------- 399 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 530 i_len++; i_len++; char *psz_ret = malloc( i_len + 3*i_num + 2 ); 0 --------------------------------- 400 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 741 asn1_debug(buffer, value_length, indent + 4); asn1_debug(buffer, value_length, indent + 4); int indent) fprintf(stderr, "DEBUG: %*sGet-Request-PDU %d bytes\n", indent, "", asn1_debug(buffer, value_length, indent + 4); fprintf(stderr, "DEBUG: %*sBOOLEAN %d bytes %d\n", indent, "", fprintf(stderr, "DEBUG: %*sINTEGER %d bytes %d\n", indent, "", fprintf(stderr, "DEBUG: %*sOCTET STRING %d bytes \"%s\"\n", indent, "", fprintf(stderr, "DEBUG: %*sOID %d bytes ", indent, "", fprintf(stderr, ".%d", oid[i]); putc('\n', stderr); fprintf(stderr, "DEBUG: %*sGet-Response-PDU %d bytes\n", indent, "", fprintf(stderr, "DEBUG: %*sUNKNOWN(%x) %d bytes\n", indent, "", fprintf(stderr, "DEBUG: %*sNULL VALUE %d bytes\n", indent, "", 0 --------------------------------- 401 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1826 char filename[1024], if ((cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL) cups_serverroot = CUPS_SERVERROOT; snprintf(filename, sizeof(filename), "%s/snmp.conf", cups_serverroot); if ((fp = cupsFileOpen(filename, "r")) != NULL) filename); "line %d of %s!\n", linenum, filename); line, linenum, filename); filename); 0 --------------------------------- 402 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1824 fprintf(stderr, "ERROR: Missing value on line %d of %s!\n", linenum, fprintf(stderr, fprintf(stderr, "ERROR: Unknown directive %s on line %d of %s!\n", fprintf(stderr, 0 --------------------------------- 403 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 570 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *ret = buf; ret += 2; long lenmax; strlen(s->tlsext_hostname)) > (unsigned long)lenmax) s2n(TLSEXT_TYPE_server_name, ret); s2n(size_str + 5, ret); s2n(size_str + 3, ret); *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name; s2n(size_str, ret); memcpy(ret, s->tlsext_hostname, size_str); ret += size_str; int el; if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { s2n(TLSEXT_TYPE_renegotiate, ret); s2n(el, ret); if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { ret += el; int login_len = strlen(s->srp_ctx.login); s2n(TLSEXT_TYPE_srp, ret); s2n(login_len + 1, ret); (*ret++) = (unsigned char)login_len; memcpy(ret, s->srp_ctx.login, login_len); ret += login_len; s2n(TLSEXT_TYPE_ec_point_formats, ret); s2n(s->tlsext_ecpointformatlist_length + 1, ret); *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length; memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); ret += s->tlsext_ecpointformatlist_length; s2n(TLSEXT_TYPE_elliptic_curves, ret); s2n(s->tlsext_ellipticcurvelist_length + 2, ret); s2n(s->tlsext_ellipticcurvelist_length, ret); memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); ret += s->tlsext_ellipticcurvelist_length; ticklen = s->session->tlsext_ticklen; ticklen = s->tlsext_session_ticket->length; s->session->tlsext_tick = OPENSSL_malloc(ticklen); s->tlsext_session_ticket->data, ticklen); ticklen = 0; s2n(TLSEXT_TYPE_session_ticket, ret); s2n(ticklen, ret); memcpy(ret, s->session->tlsext_tick, ticklen); ret += ticklen; if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6) s2n(TLSEXT_TYPE_signature_algorithms, ret); s2n(sizeof(tls12_sigalgs) + 2, ret); s2n(sizeof(tls12_sigalgs), ret); memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs)); ret += sizeof(tls12_sigalgs); s2n(TLSEXT_TYPE_opaque_prf_input, ret); s2n(col + 2, ret); s2n(col, ret); memcpy(ret, s->s3->client_opaque_prf_input, col); 0 --------------------------------- 404 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 876 printf("(%p, %zd)", sg[i].iov_base, sg[i].iov_len); QEMUIOVector qiov; qemu_iovec_init(&qiov, qiov_full.niov); qemu_iovec_concat(&qiov, &qiov_full, count, qiov_full.size - count); print_sg(qiov.iov, qiov.niov); QEMUIOVector qiov; qemu_iovec_init(&qiov, qiov_full.niov); qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); print_sg(qiov.iov, qiov.niov); static void print_sg(struct iovec *sg, int cnt) printf("sg[%d]: {", cnt); printf("(%p, %zd)", sg[i].iov_base, sg[i].iov_len); len = v9fs_co_preadv(pdu, fidp, qiov.iov, qiov.niov, off); qemu_iovec_reset(&qiov); print_sg(qiov.iov, qiov.niov); len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); qemu_iovec_reset(&qiov); print_sg(qiov.iov, qiov.niov); 0 --------------------------------- 405 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 576 buf[line_len] = '\0'; if ((tmp = strstr(buf, rtsp_sps))) { if ((tmp = strstr(buf, rtsp_cps))) { guint s_data_chan, s_mon_chan; if ((tmp = strstr(buf, rtsp_inter)) == NULL) { tmp += strlen(rtsp_inter); i = sscanf(tmp, "%u-%u", &s_data_chan, &s_mon_chan); 0 --------------------------------- 406 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4334 int ff_hex_to_data(uint8_t *data, const char *p) p += strspn(p, SPACE_CHARS); c = toupper((unsigned char) *p++); 0 --------------------------------- 407 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4334 int ff_hex_to_data(uint8_t *data, const char *p) p += strspn(p, SPACE_CHARS); c = toupper((unsigned char) *p++); 0 --------------------------------- 408 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 1377 header_length = DTLS1_CCS_HEADER_LENGTH; header_length = DTLS1_HM_HEADER_LENGTH; frag->msg_header.msg_len + header_length); 0 --------------------------------- 409 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 1867 !memcmp( p_oggpacket->packet, "Annodex", 7 ) ) !memcmp( p_oggpacket->packet, "AnxData", 7 ) ) granule_rate_numerator = GetQWLE( &p_oggpacket->packet[8] ); granule_rate_denominator = GetQWLE( &p_oggpacket->packet[16] ); GetDWLE( &p_oggpacket->packet[24] ); content_type_string[0] = '\0'; uint8_t *p = memchr( &p_oggpacket->packet[42], '\r', sscanf( (char*)(&p_oggpacket->packet[42]), "%1023s\r\n", content_type_string ); if( !strncmp(content_type_string, "audio/x-wav", 11) ) else if( !strncmp(content_type_string, "audio/x-vorbis", 14) ) else if( !strncmp(content_type_string, "audio/x-speex", 13) ) else if( !strncmp(content_type_string, "video/x-theora", 14) ) else if( !strncmp(content_type_string, "video/x-xvid", 12) ) else if( !strncmp(content_type_string, "video/mpeg", 10) ) else if( !strncmp(content_type_string, "text/x-cmml", 11) ) 0 --------------------------------- 410 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp API 211 PROCESS_INFORMATION pi = {0}; NULL, &si, &pi); CloseHandle(pi.hThread); 0 --------------------------------- 411 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 871 QEMUIOVector qiov; qemu_iovec_init(&qiov, qiov_full.niov); print_sg(qiov.iov, qiov.niov); QEMUIOVector qiov; qemu_iovec_init(&qiov, qiov_full.niov); qemu_iovec_reset(&qiov); qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); print_sg(qiov.iov, qiov.niov); static void print_sg(struct iovec *sg, int cnt) printf("sg[%d]: {", cnt); len = v9fs_co_preadv(pdu, fidp, qiov.iov, qiov.niov, off); qemu_iovec_concat(&qiov, &qiov_full, count, qiov_full.size - count); qemu_iovec_reset(&qiov); print_sg(qiov.iov, qiov.niov); 0 --------------------------------- 412 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 918 V9fsString version; v9fs_string_init(&version); err = pdu_unmarshal(pdu, offset, "ds", &s->msize, &version); trace_v9fs_version(pdu->tag, pdu->id, s->msize, version.data); if (!strcmp(version.data, "9P2000.u")) { } else if (!strcmp(version.data, "9P2000.L")) { 0 --------------------------------- 413 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 2047 char ifname[255]; strlcpy(ifname, address + 4, sizeof(ifname)); ifname[strlen(ifname) - 1] = '\0'; 0 --------------------------------- 414 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 2092 send_snmp_query(fd, &(addr->addr), SNMP_VERSION_1, community, read_snmp_response(fd); scan_devices(int fd) FD_SET(fd, &input); if (select(fd + 1, &input, NULL, NULL, &timeout) < 0) fd, strerror(errno)); if (FD_ISSET(fd, &input)) FD_SET(fd, &input); if (select(fd + 1, &input, NULL, NULL, &timeout) < 0) fd, strerror(errno)); static void read_snmp_response(int fd); FD_SET(fd, &input); if (select(fd + 1, &input, NULL, NULL, &timeout) < 0) fd, strerror(errno)); static void send_snmp_query(int fd, http_addr_t *addr, int version, FD_SET(fd, &input); if (select(fd + 1, &input, NULL, NULL, &timeout) < 0) fd, strerror(errno)); 0 --------------------------------- 415 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 2091 DeviceTypeRequest, DeviceTypeOID); const unsigned request_id, const int *oid); gettimeofday(&StartTime, NULL); DeviceTypeRequest = StartTime.tv_sec; DeviceDescRequest = StartTime.tv_sec + 1; for (address = (char *)cupsArrayFirst(Addresses); address = (char *)cupsArrayNext(Addresses)) fprintf(stderr, "ERROR: Unable to scan \"%s\"!\n", address); for (community = (char *)cupsArrayFirst(Communities); community = (char *)cupsArrayNext(Communities)) DeviceTypeRequest, DeviceTypeOID); fprintf(stderr, "ERROR: %.3f select() for %d failed: %s\n", run_time(), 0 --------------------------------- 416 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 463 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); fprintf(out, " IBSplitSpecialPrevSibling=%p", IBprevsibling); fprintf(out, " [content=%p]", static_cast(mContent)); fprintf(out, " {%d,%d,%d,%d}", mRect.x, mRect.y, mRect.width, mRect.height); fprintf(out, " [state=%016llx]", (unsigned long long)mState); fprintf(out, " [vis-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " [scr-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " sc=%p(i=%d,b=%d)", fprintf(out, " pst=%s", fprintf(out, " transformed"); fprintf(out, " perspective"); fprintf(out, " preserves-3d-children"); fprintf(out, " preserves-3d"); fputs("<\n", out); line->List(out, aIndent, aFlags); IndentBy(out, aIndent); fputs("Overflow-lines<\n", out); line->List(out, aIndent + 1, aFlags); IndentBy(out, aIndent); fputs(">\n", out); IndentBy(out, aIndent); fprintf(out, "%s<\n", mozilla::layout::ChildListName(lists.CurrentID())); kid->List(out, aIndent + 1, aFlags); IndentBy(out, aIndent); fputs(">\n", out); IndentBy(out, aIndent); fputs(">\n", out); 0 --------------------------------- 417 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp cfunc 999 UpdateJumpTargets(jt->kids[JT_LEFT], pivot, delta); UpdateJumpTargets(jt->kids[JT_RIGHT], pivot, delta); sdbase = cg->spanDeps; sdlimit = sdbase + cg->numSpanDeps; offset = CG_OFFSET(cg); growth = 0; delta = 0; JS_ASSERT(JT_HAS_TAG(sd->target)); sd->offset += delta; sdtop = sd; top = sd->top; JS_ASSERT(top == sd->before); span = SD_SPAN(sd, pivot); ptrdiff_t deltaFromTop = 0; for (sd2 = sdtop; sd2 < sdlimit && sd2->top == top; sd2++) { sd2->offset += deltaFromTop; deltaFromTop += JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN; sd2->offset += deltaFromTop; sd2->offset += delta; UpdateJumpTargets(cg->jumpTargets, sd2->offset, JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN); sd = sd2 - 1; for (sd = sdbase; sd < sdlimit; sd++) { delta += JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN; growth += delta; passes, offset + growth, offset, growth); growth / (JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN), cg->numSpanDeps, passes, offset + growth, offset, growth); JS_ASSERT(sd == sdlimit); span = SD_SPAN(sd, pivot); SET_JUMP_OFFSET(oldpc, span); pc = base + sd->offset; offset = sd->before + 1; delta = offset - sd->before; JS_ASSERT(delta >= 1 + JUMP_OFFSET_LEN); oldpc + 1 + JUMP_OFFSET_LEN, memmove(pc + 1 + JUMPX_OFFSET_LEN, UpdateJumpTargets(JSJumpTarget *jt, ptrdiff_t pivot, ptrdiff_t delta) for (sd2 = sdtop; sd2 < sdlimit && sd2->top == top; sd2++) { sd = sd2 - 1; for (sd = sdbase; sd < sdlimit; sd++) { JS_ASSERT(sd == sdlimit); span = SD_SPAN(sd, pivot); oldpc = base + sd->before; pc = base + sd->offset; memmove(pc + 1 + JUMPX_OFFSET_LEN, oldpc + 1 + JUMP_OFFSET_LEN, memmove(pc + 1 + JUMPX_OFFSET_LEN, OptimizeSpanDeps(JSContext *cx, JSCodeGenerator *cg) base = CG_BASE(cg); size = BYTECODE_SIZE(PTRDIFF(limit, base, jsbytecode)); pc = base + sd->offset; memmove(pc + 1 + JUMPX_OFFSET_LEN, 0 --------------------------------- 418 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 2776 if(i<60*12) return (i+1)*1001; st = ic->streams[i]; st->codec->time_base= st->time_base; st->parser = av_parser_init(st->codec->codec_id); avcodec_get_name(st->codec->codec_id)); avcodec_find_decoder(st->codec->codec_id); st = ic->streams[i]; if (!has_codec_parameters(st, NULL)) st->info->fps_first_dts = st->info->fps_last_dts = AV_NOPTS_VALUE; if (!has_codec_parameters(st, NULL)) st->info->fps_first_dts = st->info->fps_last_dts = AV_NOPTS_VALUE; if (!has_codec_parameters(st, NULL)) st->info->fps_first_dts = pkt->dts; if (!has_codec_parameters(st, NULL)) st->info->fps_first_dts_idx = st->codec_info_nb_frames; if (!has_codec_parameters(st, NULL)) st->info->fps_last_dts_idx = st->codec_info_nb_frames; if (!has_codec_parameters(st, NULL)) t = av_rescale_q(st->info->codec_info_duration, st->time_base, AV_TIME_BASE_Q); st->info->codec_info_duration += pkt->duration; if (!has_codec_parameters(st, NULL)) int64_t last = st->info->last_dts; double dts= (is_relative(pkt->dts) ? pkt->dts - RELATIVE_TS_BASE : pkt->dts) * av_q2d(st->time_base); int64_t duration= pkt->dts - last; for (i=0; iinfo->duration_error[0][0]); i++) { int framerate= get_std_framerate(i); double sdts= dts*framerate/(1001*12); for(j=0; j<2; j++){ int ticks= lrintf(sdts+j*0.5); double error= sdts - ticks + j*0.5; st->info->duration_error[j][0][i] += error; for (i=0; iinfo->duration_error[0][0]); i++) { if (!has_codec_parameters(st, NULL)) st->info->duration_error[j][1][i] += error*error; for (i=0; iinfo->duration_error[0][0]); i++) { if (!has_codec_parameters(st, NULL)) st->info->duration_count++; if (!has_codec_parameters(st, NULL)) st->info->duration_gcd = av_gcd(st->info->duration_gcd, duration); if (!has_codec_parameters(st, NULL)) st->info->last_dts = pkt->dts; if (!has_codec_parameters(st, NULL)) st = ic->streams[pkt->stream_index]; st->codec->extradata= av_malloc(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); memcpy(st->codec->extradata, pkt->data, st->codec->extradata_size); memset(st->codec->extradata + i, 0, FF_INPUT_BUFFER_PADDING_SIZE); int i= st->parser->parser->split(st->codec, pkt->data, pkt->size); st->codec->extradata_size= i; st->codec->extradata= av_malloc(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); memcpy(st->codec->extradata, pkt->data, st->codec->extradata_size); static int has_codec_parameters(AVStream *st, const char **errmsg_ptr) if (!has_codec_parameters(st, NULL)) if( tb_unreliable(st->codec) && !(st->r_frame_rate.num && st->avg_frame_rate.num) static int tb_unreliable(AVCodecContext *c){ if( tb_unreliable(st->codec) && !(st->r_frame_rate.num && st->avg_frame_rate.num) int i= st->parser->parser->split(st->codec, pkt->data, pkt->size); st->codec->extradata_size= i; st->codec->extradata= av_malloc(st->codec->extradata_size + FF_INPUT_BUFFER_PADDING_SIZE); memcpy(st->codec->extradata, pkt->data, st->codec->extradata_size); memset(st->codec->extradata + i, 0, FF_INPUT_BUFFER_PADDING_SIZE); memcpy(st->codec->extradata, pkt->data, st->codec->extradata_size); static int is_relative(int64_t ts) { st->info->fps_last_dts = pkt->dts; if (!has_codec_parameters(st, NULL)) static int get_std_framerate(int i){ if(i<60*12) return (i+1)*1001; int framerate= get_std_framerate(i); double sdts= dts*framerate/(1001*12); int ticks= lrintf(sdts+j*0.5); double error= sdts - ticks + j*0.5; st->info->duration_error[j][0][i] += error; for (i=0; iinfo->duration_error[0][0]); i++) { if (!has_codec_parameters(st, NULL)) 0 --------------------------------- 419 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc cfunc 356 (*partition_end).dataPtr + (*partition_end).sizeBytes - (*it).dataPtr; fragmentation->fragmentationLength[partition_id] = assert(fragmentation->fragmentationLength[partition_id] <= frame_buffer_length); assert(fragmentation->fragmentationOffset[partition_id] < 0 --------------------------------- 420 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc cppfunc 356 (*partition_end).dataPtr + (*partition_end).sizeBytes - (*it).dataPtr; fragmentation->fragmentationLength[partition_id] = assert(fragmentation->fragmentationLength[partition_id] <= frame_buffer_length); assert(fragmentation->fragmentationOffset[partition_id] < 0 --------------------------------- 421 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc cfunc 224 size_t length = BufferToUWord16(nalu_ptr); memcpy(frame_buffer, startCode, kH264StartCodeLengthBytes); length += (insert_start_code ? kH264StartCodeLengthBytes : 0); nalu_ptr += length; length, packet.sizeBytes + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0)); int steps_to_shift) { uint8_t* first_packet_ptr = const_cast((*it).dataPtr); memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); packet.sizeBytes, size_t length, length); 0 --------------------------------- 422 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 692 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *ret = buf; ret += 2; long lenmax; strlen(s->tlsext_hostname)) > (unsigned long)lenmax) s2n(TLSEXT_TYPE_server_name, ret); s2n(size_str + 5, ret); s2n(size_str + 3, ret); *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name; s2n(size_str, ret); memcpy(ret, s->tlsext_hostname, size_str); ret += size_str; int el; if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { s2n(TLSEXT_TYPE_renegotiate, ret); s2n(el, ret); if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { ret += el; int login_len = strlen(s->srp_ctx.login); s2n(TLSEXT_TYPE_srp, ret); s2n(login_len + 1, ret); (*ret++) = (unsigned char)login_len; memcpy(ret, s->srp_ctx.login, login_len); ret += login_len; s2n(TLSEXT_TYPE_ec_point_formats, ret); s2n(s->tlsext_ecpointformatlist_length + 1, ret); *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length; memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); ret += s->tlsext_ecpointformatlist_length; s2n(TLSEXT_TYPE_elliptic_curves, ret); s2n(s->tlsext_ellipticcurvelist_length + 2, ret); s2n(s->tlsext_ellipticcurvelist_length, ret); memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); ret += s->tlsext_ellipticcurvelist_length; ticklen = s->session->tlsext_ticklen; ticklen = s->tlsext_session_ticket->length; s->session->tlsext_tick = OPENSSL_malloc(ticklen); s->tlsext_session_ticket->data, ticklen); ticklen = 0; s2n(TLSEXT_TYPE_session_ticket, ret); s2n(ticklen, ret); memcpy(ret, s->session->tlsext_tick, ticklen); ret += ticklen; if ((size_t)(limit - ret) < sizeof(tls12_sigalgs) + 6) s2n(TLSEXT_TYPE_signature_algorithms, ret); s2n(sizeof(tls12_sigalgs) + 2, ret); s2n(sizeof(tls12_sigalgs), ret); memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs)); ret += sizeof(tls12_sigalgs); size_t col = s->s3->client_opaque_prf_input_len; s2n(TLSEXT_TYPE_opaque_prf_input, ret); s2n(col + 2, ret); s2n(col, ret); memcpy(ret, s->s3->client_opaque_prf_input, col); ret += col; s2n(TLSEXT_TYPE_status_request, ret); s2n(extlen + idlen + 5, ret); *(ret++) = TLSEXT_STATUSTYPE_ocsp; s2n(idlen, ret); ret += 2; itmp = i2d_OCSP_RESPID(id, &ret); s2n(extlen, ret); i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ret); s2n(TLSEXT_TYPE_heartbeat, ret); s2n(1, ret); *(ret++) = SSL_TLSEXT_HB_DONT_SEND_REQUESTS; *(ret++) = SSL_TLSEXT_HB_ENABLED; s2n(TLSEXT_TYPE_next_proto_neg, ret); s2n(0, ret); int el; ssl_add_clienthello_use_srtp_ext(s, 0, &el, 0); s2n(TLSEXT_TYPE_use_srtp, ret); s2n(el, ret); if (ssl_add_clienthello_use_srtp_ext(s, ret, &el, el)) { ret += el; int hlen = ret - (unsigned char *)s->init_buf->data; hlen -= 5; hlen = 0x200 - hlen; hlen -= 4; hlen = 0; s2n(TLSEXT_TYPE_padding, ret); s2n(hlen, ret); memset(ret, 0, hlen); ret += hlen; s2n(TLSEXT_TYPE_padding, ret); s2n(hlen, ret); memset(ret, 0, hlen); 0 --------------------------------- 423 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 238 int index = 0; if (!aChildIsBlock) index |= 1; printf("record(%d): %02x %02x\n", index, record[0], record[1]); 0 --------------------------------- 424 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 555 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *ret = buf; ret += 2; long lenmax; strlen(s->tlsext_hostname)) > (unsigned long)lenmax) s2n(TLSEXT_TYPE_server_name, ret); s2n(size_str + 5, ret); s2n(size_str + 3, ret); *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name; s2n(size_str, ret); memcpy(ret, s->tlsext_hostname, size_str); ret += size_str; int el; if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { s2n(TLSEXT_TYPE_renegotiate, ret); s2n(el, ret); if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { ret += el; int login_len = strlen(s->srp_ctx.login); s2n(TLSEXT_TYPE_srp, ret); s2n(login_len + 1, ret); (*ret++) = (unsigned char)login_len; memcpy(ret, s->srp_ctx.login, login_len); ret += login_len; s2n(TLSEXT_TYPE_ec_point_formats, ret); s2n(s->tlsext_ecpointformatlist_length + 1, ret); *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length; memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); ret += s->tlsext_ecpointformatlist_length; s2n(TLSEXT_TYPE_elliptic_curves, ret); s2n(s->tlsext_ellipticcurvelist_length + 2, ret); s2n(s->tlsext_ellipticcurvelist_length, ret); memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); ret += s->tlsext_ellipticcurvelist_length; ticklen = s->session->tlsext_ticklen; ticklen = s->tlsext_session_ticket->length; s->session->tlsext_tick = OPENSSL_malloc(ticklen); s->tlsext_session_ticket->data, ticklen); ticklen = 0; s2n(TLSEXT_TYPE_session_ticket, ret); s2n(ticklen, ret); memcpy(ret, s->session->tlsext_tick, ticklen); ret += ticklen; s2n(TLSEXT_TYPE_signature_algorithms, ret); s2n(sizeof(tls12_sigalgs) + 2, ret); s2n(sizeof(tls12_sigalgs), ret); memcpy(ret, tls12_sigalgs, sizeof(tls12_sigalgs)); 0 --------------------------------- 425 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c cfunc 429 int x0, int y0, int x1, int y1, int w, int h) uint32_t cmd = s->fifo[CMD(stop) >> 2]; return cmd; return le32_to_cpu(vmsvga_fifo_read_raw(s)); width = vmsvga_fifo_read(s); if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) { DisplaySurface *surface = qemu_console_surface(s->vga.con); int bypl = surface_stride(surface); int bypp = surface_bytes_per_pixel(surface); int width = bypp * w; memmove(ptr[1], ptr[0], width); 0 --------------------------------- 426 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4206 PRINT("stream #%d:\n", pkt->stream_index); PRINT(" keyframe=%d\n", ((pkt->flags & AV_PKT_FLAG_KEY) != 0)); PRINT(" duration=%0.3f\n", pkt->duration * av_q2d(time_base)); PRINT(" dts="); PRINT("N/A"); PRINT("%0.3f", pkt->dts * av_q2d(time_base)); PRINT(" pts="); PRINT("N/A"); PRINT("%0.3f", pkt->pts * av_q2d(time_base)); PRINT("\n"); PRINT(" size=%d\n", pkt->size); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT(" size=%d\n", pkt->size); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); 0 --------------------------------- 427 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4205 pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT("\n"); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); 0 --------------------------------- 428 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp cfunc 7176 js_FinishTakingSrcNotes(JSContext *cx, JSCodeGenerator *cg, jssrcnote *notes) JS_ASSERT(cg->current == &cg->main); prologCount = cg->prolog.noteCount; prologCount = cg->prolog.noteCount; mainCount = cg->main.noteCount; memcpy(notes, cg->prolog.notes, SRCNOTE_SIZE(prologCount)); memcpy(notes + prologCount, cg->main.notes, SRCNOTE_SIZE(mainCount)); SN_MAKE_TERMINATOR(¬es[totalCount]); memcpy(notes + prologCount, cg->main.notes, SRCNOTE_SIZE(mainCount)); 0 --------------------------------- 429 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c cfunc 110 FILE *fp, fread(buf, 13, 1, fp); if (gif_read_cmap(fp, ncolors, cmap, &gray)) static int gif_read_cmap(FILE *fp, int ncolors, gif_cmap_t cmap, fclose(fp); 0 --------------------------------- 430 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4200 pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT(" pts="); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); 0 --------------------------------- 431 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1350 va_list ap; va_start(ap, format); vfprintf(stderr, format, ap); va_end(ap); 0 --------------------------------- 432 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 1350 va_list ap; va_start(ap, format); vfprintf(stderr, format, ap); va_end(ap); 0 --------------------------------- 433 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cppfunc 664 void NetworkUtils::clearWifiTetherParms(CommandChain* aChain, NetworkResultOptions& aResult) next(aChain, false, aResult); 0 --------------------------------- 434 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4198 PRINT("stream #%d:\n", pkt->stream_index); PRINT(" keyframe=%d\n", ((pkt->flags & AV_PKT_FLAG_KEY) != 0)); PRINT(" duration=%0.3f\n", pkt->duration * av_q2d(time_base)); PRINT(" dts="); PRINT("%0.3f", pkt->dts * av_q2d(time_base)); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT("%0.3f", pkt->dts * av_q2d(time_base)); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); 0 --------------------------------- 435 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4196 pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT("N/A"); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); 0 --------------------------------- 436 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4194 pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT(" dts="); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); 0 --------------------------------- 437 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4192 pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT(" duration=%0.3f\n", pkt->duration * av_q2d(time_base)); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); 0 --------------------------------- 438 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4191 pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT(" keyframe=%d\n", ((pkt->flags & AV_PKT_FLAG_KEY) != 0)); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); 0 --------------------------------- 439 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4190 pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT("stream #%d:\n", pkt->stream_index); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); 0 --------------------------------- 440 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 614 void NetworkUtils::setAccessPoint(CommandChain* aChain, nsCString ssid(GET_CHAR(mSsid)); escapeQuote(ssid); aString.ReplaceSubstring("\\", "\\\\"); } ssid.get(), 0 --------------------------------- 441 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c cfunc 587 char magic[sizeof ngsniffer_magic]; bytes_read = file_read(magic, sizeof magic, wth->fh); if (bytes_read != sizeof magic) { if (memcmp(magic, ngsniffer_magic, sizeof ngsniffer_magic)) { 0 --------------------------------- 442 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4293 ls = strchr(p, '/'); ls2 = strchr(p, '?'); ls = ls2; ls = FFMIN(ls, ls2); av_strlcpy(path, ls, path_size); ls = &p[strlen(p)]; if ((at = strchr(p, '@')) && at < ls) { FFMIN(authorization_size, at + 1 - p)); p = at + 1; if (*p == '[' && (brk = strchr(p, ']')) && brk < ls) { } else if ((col = strchr(p, ':')) && col < ls) { 0 --------------------------------- 443 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 343 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); 0 --------------------------------- 444 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 349 static void getIFProperties(const char* ifname, IFProperties& prop) snprintf(key, PROPERTY_KEY_MAX - 1, "net.%s.gw", ifname); property_get(key, prop.gateway, ""); snprintf(key, PROPERTY_KEY_MAX - 1, "net.%s.dns1", ifname); 0 --------------------------------- 445 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 346 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); 0 --------------------------------- 446 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_serviceinstall.cpp cppfunc 203 LPCWSTR currentServicePath, nsAutoArrayPtr serviceConfigBuffer = new char[bytesNeeded]; reinterpret_cast(serviceConfigBuffer.get()), *reinterpret_cast(serviceConfigBuffer.get()); QUERY_SERVICE_CONFIGW &serviceConfig = if (!FixServicePath(schService, serviceConfig.lpBinaryPathName, size_t currentServicePathLen = wcslen(currentServicePath); !wcsstr(currentServicePath, L"maintenanceservice_tmp.exe") && currentServicePath)); WCHAR fixedPath[MAX_PATH + 1] = { L'\0' }; wcsncpy(fixedPath, currentServicePath, MAX_PATH); 0 --------------------------------- 447 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 641 va_list args; va_start( args, psz_fmt_src ); char *psz_tmp; int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; char *psz_out = realloc( *ppsz_dest, i_len ); strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; size_t i_num = 0, i_len = 0; i_len++; i_len++; i_num++; *ppsz_encoded = malloc( i_len + 1 ); memcpy( *ppsz_encoded, psz_url, i_len + 1 ); char *psz_ret = malloc( i_len + 3*i_num + 2 ); *ppsz_encoded = psz_ret; char *psz_pathtozip; escapeToXml( &psz_pathtozip, psz_zippath ); if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; char *psz_path = strdup( psz_pathtozip ); free( psz_pathtozip ); static int astrcatf( char **ppsz_dest, const char *psz_fmt_src, ... ) va_start( args, psz_fmt_src ); int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; free( psz_pathtozip ); static int escapeToXml( char **ppsz_encoded, const char *psz_url ) escapeToXml( &psz_pathtozip, psz_zippath ); free( psz_pathtozip ); 0 --------------------------------- 448 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 641 va_list args; va_start( args, psz_fmt_src ); char *psz_tmp; int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; char *psz_out = realloc( *ppsz_dest, i_len ); strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; size_t i_num = 0, i_len = 0; i_len++; i_len++; i_num++; *ppsz_encoded = malloc( i_len + 1 ); memcpy( *ppsz_encoded, psz_url, i_len + 1 ); char *psz_ret = malloc( i_len + 3*i_num + 2 ); *ppsz_encoded = psz_ret; char *psz_pathtozip; escapeToXml( &psz_pathtozip, psz_zippath ); if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; char *psz_path = strdup( psz_pathtozip ); free( psz_pathtozip ); static int astrcatf( char **ppsz_dest, const char *psz_fmt_src, ... ) va_start( args, psz_fmt_src ); int i_ret = vasprintf( &psz_tmp, psz_fmt_src, args ); int i_len = strlen( *ppsz_dest ) + strlen( psz_tmp ) + 1; strcat( psz_out, psz_tmp ); *ppsz_dest = psz_out; if( astrcatf( &psz_pathtozip, "%s", ZIP_SEP ) < 0 ) return -1; free( psz_pathtozip ); static int escapeToXml( char **ppsz_encoded, const char *psz_url ) escapeToXml( &psz_pathtozip, psz_zippath ); free( psz_pathtozip ); 0 --------------------------------- 449 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_serviceinstall.cpp cppfunc 364 WCHAR newServiceBinaryPath[MAX_PATH + 1]; if (!GetModuleFileNameW(NULL, newServiceBinaryPath, if (!GetVersionNumberFromPath(newServiceBinaryPath, newA, GetVersionNumberFromPath(LPWSTR path, DWORD &A, DWORD &B, DWORD fileVersionInfoSize = GetFileVersionInfoSizeW(path, 0); if (!GetFileVersionInfoW(path, 0, fileVersionInfoSize, if (!wcscmp(newServiceBinaryPath, serviceConfig.lpBinaryPathName)) { 0 --------------------------------- 450 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4109 return av_guess_format("image2", NULL, NULL); oformat = av_guess_format(format, NULL, NULL); AVOutputFormat *oformat, const char *filename) int ret = avformat_alloc_output_context2(&avctx, oformat, format, filename); const char *format, const char *filename) oformat = av_guess_format(NULL, filename, NULL); int av_filename_number_test(const char *filename) return filename && (av_get_frame_filename(buf, sizeof(buf), filename, 1)>=0); const char *path, int number) p = path; c = *p++; nd = 0; while (isdigit(*p)) { nd = nd * 10 + *p++ - '0'; while (isdigit(*p)) { int avformat_open_input(AVFormatContext **ps, const char *filename, AVInputFormat *fmt, AVDictionary **options) if ((ret = init_input(s, filename, &tmp)) < 0) static int init_input(AVFormatContext *s, const char *filename, AVDictionary **options) return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); const char *filename, void *logctx, return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); if ((ret = avio_open2(&s->pb, filename, AVIO_FLAG_READ | s->avio_flags, if (!av_filename_number_test(filename)) { AVOutputFormat *av_guess_format(const char *short_name, const char *filename, ff_guess_image2_codec(filename) != AV_CODEC_ID_NONE) { av_filename_number_test(filename) && 0 --------------------------------- 451 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4109 return av_guess_format("image2", NULL, NULL); oformat = av_guess_format(format, NULL, NULL); AVOutputFormat *oformat, const char *filename) int ret = avformat_alloc_output_context2(&avctx, oformat, format, filename); const char *format, const char *filename) oformat = av_guess_format(NULL, filename, NULL); int av_filename_number_test(const char *filename) return filename && (av_get_frame_filename(buf, sizeof(buf), filename, 1)>=0); const char *path, int number) p = path; c = *p++; nd = 0; while (isdigit(*p)) { nd = nd * 10 + *p++ - '0'; while (isdigit(*p)) { int avformat_open_input(AVFormatContext **ps, const char *filename, AVInputFormat *fmt, AVDictionary **options) if ((ret = init_input(s, filename, &tmp)) < 0) static int init_input(AVFormatContext *s, const char *filename, AVDictionary **options) return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); const char *filename, void *logctx, return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); if ((ret = avio_open2(&s->pb, filename, AVIO_FLAG_READ | s->avio_flags, if (!av_filename_number_test(filename)) { AVOutputFormat *av_guess_format(const char *short_name, const char *filename, ff_guess_image2_codec(filename) != AV_CODEC_ID_NONE) { av_filename_number_test(filename) && 0 --------------------------------- 452 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 810 char buf[BUF_SIZE]; NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); memcpy(buf, reason.get(), reason.Length() + 1); 0 --------------------------------- 453 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1211 unsigned short type, size; static const unsigned char kSafariExtensionsBlock[] = { data += 2; n2s(data, type); n2s(data, size); data += size; const size_t len1 = sizeof(kSafariExtensionsBlock); if (memcmp(data, kSafariExtensionsBlock, len1) != 0) if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) if (memcmp(data, kSafariExtensionsBlock, len) != 0) unsigned short size; ssl_check_for_safari(s, data, limit); n2s(data, len); s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); n2s(data, dsize); size -= 2; memcpy(s->srp_ctx.login, &data[1], len); !s->tls_session_ticket_ext_cb(s, data, size, if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) n2s(data, dsize); size -= 2; if (!tls1_process_sigalgs(s, data, dsize)) s->tlsext_status_type = *data++; size--; n2s(data, dsize); size -= 2; int idsize; n2s(data, idsize); size -= 2 + idsize; id = d2i_OCSP_RESPID(NULL, &sdata, idsize); data += idsize; n2s(data, dsize); size -= 2; if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) data += size; n2s(data, type); n2s(data, size); fprintf(stderr, "Received extension type %d size %d\n", type, size); data += size; n2s(data, size); fprintf(stderr, "%i ", *(sdata++)); fprintf(stderr, "\n"); fprintf(stderr, "Received extension type %d size %d\n", type, size); unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); ellipticcurvelist_length += (*(sdata++)); OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { memcpy(s->session->tlsext_ellipticcurvelist, sdata, fprintf(stderr, sdata = s->session->tlsext_ellipticcurvelist; fprintf(stderr, "%i ", *(sdata++)); int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { memcpy(s->session->tlsext_ellipticcurvelist, sdata, sdata = s->session->tlsext_ellipticcurvelist; fprintf(stderr, "%i ", *(sdata++)); static void ssl_check_for_safari(SSL *s, const unsigned char *data, n2s(data, len); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { memcpy(s->session->tlsext_ellipticcurvelist, sdata, sdata = s->session->tlsext_ellipticcurvelist; fprintf(stderr, "%i ", *(sdata++)); int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *data = *p; n2s(data, len); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ellipticcurvelist_length = (*(sdata++) << 8); OPENSSL_malloc(ellipticcurvelist_length)) == NULL) { memcpy(s->session->tlsext_ellipticcurvelist, sdata, sdata = s->session->tlsext_ellipticcurvelist; fprintf(stderr, "%i ", *(sdata++)); 0 --------------------------------- 454 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 202 while ((p = strchr(names, ','))) { len = FFMAX(p - names, namelen); if (!av_strncasecmp(name, names, len)) names = p+1; while ((p = strchr(names, ','))) { return !av_strcasecmp(name, names); if (fmt->name && short_name && match_format(short_name, fmt->name)) if (match_format(short_name, fmt->name)) static int match_format(const char *name, const char *names) while ((p = strchr(names, ','))) { 0 --------------------------------- 455 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 476 static void Win32AddConnection( access_t *p_access, char *psz_path, strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_parser = strchr( psz_path, '/' ); char *psz_parser2 = strchr( ++psz_parser, '/' ); static int Open( vlc_object_t *p_this ) psz_path = strchr( p_access->psz_path, '/' ); char *psz_tmp = strdup( p_access->psz_path ); psz_tmp[ psz_path - p_access->psz_path ] = 0; psz_path = p_access->psz_path; psz_parser = strchr( psz_tmp, '@' ); *psz_parser = 0; psz_path = p_access->psz_path + (psz_parser - psz_tmp) + 1; Win32AddConnection( p_access, psz_path, psz_user, psz_pwd, psz_domain); 0 --------------------------------- 456 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1552 fputs("DEBUG: Hex dump of packet:\n", stderr); fprintf(stderr, "DEBUG: %04X ", col); fprintf(stderr, " %02X", *buffer); putc('\n', stderr); 0 --------------------------------- 457 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1556 fputs("DEBUG: Hex dump of packet:\n", stderr); fprintf(stderr, "DEBUG: %04X ", col); fprintf(stderr, " %02X", *buffer); putc('\n', stderr); putc('\n', stderr); 0 --------------------------------- 458 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cfunc 522 const char *prefix = ""; if (base == 8) prefix = "0"; if (base == 16) prefix = "0x"; spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0) - strlen(prefix); 0 --------------------------------- 459 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 698 node *n = (node*) calloc( 1, sizeof(node) ); return n; char *sep = strchr( folder, '/' ); *sep = '\0'; node *current = root->child; if( !strcmp( current->name, folder ) ) return findOrCreateParentNode( current, sep ); current = current->next; return findOrCreateParentNode( current, sep ); node *ret = new_node( folder ); node *n = (node*) calloc( 1, sizeof(node) ); return n; node *ret = new_node( folder ); root->child = ret; return findOrCreateParentNode( current, sep ); node *ret = new_node( folder ); ret = findOrCreateParentNode( ret, sep ); return ret; ret = findOrCreateParentNode( ret, sep ); static node* findOrCreateParentNode( node *root, const char *fullpath ) char *path = strdup( fullpath ); folder = path; assert( root ); char *sep = strchr( folder, '/' ); return root; node *ret = new_node( folder ); ret = findOrCreateParentNode( ret, sep ); inline static node* new_node( char *name ) n->name = convert_xml_special_chars( name ); return n; node *ret = new_node( folder ); ret = findOrCreateParentNode( ret, sep ); static node* findOrCreateParentNode( node *root, const char *fullpath ) assert( root ); 0 --------------------------------- 460 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 698 node *n = (node*) calloc( 1, sizeof(node) ); return n; char *sep = strchr( folder, '/' ); *sep = '\0'; node *current = root->child; if( !strcmp( current->name, folder ) ) return findOrCreateParentNode( current, sep ); current = current->next; return findOrCreateParentNode( current, sep ); node *ret = new_node( folder ); node *n = (node*) calloc( 1, sizeof(node) ); return n; node *ret = new_node( folder ); root->child = ret; return findOrCreateParentNode( current, sep ); node *ret = new_node( folder ); ret = findOrCreateParentNode( ret, sep ); return ret; ret = findOrCreateParentNode( ret, sep ); static node* findOrCreateParentNode( node *root, const char *fullpath ) char *path = strdup( fullpath ); folder = path; assert( root ); char *sep = strchr( folder, '/' ); return root; node *ret = new_node( folder ); ret = findOrCreateParentNode( ret, sep ); inline static node* new_node( char *name ) n->name = convert_xml_special_chars( name ); return n; node *ret = new_node( folder ); ret = findOrCreateParentNode( ret, sep ); static node* findOrCreateParentNode( node *root, const char *fullpath ) assert( root ); 0 --------------------------------- 461 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 1047 int dtls1_send_finished(SSL *s, int a, int b, const char *sender, int slen) sender, slen, i = s->method->ssl3_enc->final_finish_mac(s, s->s3->tmp.finish_md); i = s->method->ssl3_enc->final_finish_mac(s, memcpy(p, s->s3->tmp.finish_md, i); OPENSSL_assert(i <= EVP_MAX_MD_SIZE); memcpy(s->s3->previous_client_finished, s->s3->tmp.finish_md, i); 0 --------------------------------- 462 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 1448 static void Ogg_LogicalStreamDelete( demux_t *p_demux, logical_stream_t *p_stream ) es_out_Del( p_demux->out, p_stream->p_es ); ogg_stream_clear( &p_stream->os ); free( p_stream->p_headers ); es_format_Clean( &p_stream->fmt_old ); es_format_Clean( &p_stream->fmt ); oggseek_index_entries_free( p_stream->idx ); free( p_stream ); 0 --------------------------------- 463 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cppfunc 1448 static void Ogg_LogicalStreamDelete( demux_t *p_demux, logical_stream_t *p_stream ) es_out_Del( p_demux->out, p_stream->p_es ); ogg_stream_clear( &p_stream->os ); free( p_stream->p_headers ); es_format_Clean( &p_stream->fmt_old ); es_format_Clean( &p_stream->fmt ); oggseek_index_entries_free( p_stream->idx ); free( p_stream ); 0 --------------------------------- 464 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 550 buf[line_len] = '\0'; c_data_port = c_mon_port = 0; if ((tmp = strstr(buf, rtsp_sps))) { if ((tmp = strstr(buf, rtsp_cps))) { tmp += strlen(rtsp_cps); if (sscanf(tmp, "%u-%u", &c_data_port, &c_mon_port) < 1) { 0 --------------------------------- 465 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 463 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *ret = buf; ret += 2; long lenmax; strlen(s->tlsext_hostname)) > (unsigned long)lenmax) s2n(TLSEXT_TYPE_server_name, ret); s2n(size_str + 5, ret); s2n(size_str + 3, ret); *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name; s2n(size_str, ret); memcpy(ret, s->tlsext_hostname, size_str); ret += size_str; int el; if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { s2n(TLSEXT_TYPE_renegotiate, ret); s2n(el, ret); if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { ret += el; int login_len = strlen(s->srp_ctx.login); s2n(TLSEXT_TYPE_srp, ret); s2n(login_len + 1, ret); (*ret++) = (unsigned char)login_len; memcpy(ret, s->srp_ctx.login, login_len); 0 --------------------------------- 466 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c cfunc 1084 uint64_t data, unsigned size) vmsvga_bios_write(s, addr, data); static void vmsvga_bios_write(void *opaque, uint32_t address, uint32_t data) printf("%s: what are we supposed to do with (%08x)?\n", __func__, data); 0 --------------------------------- 467 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c cfunc 481 if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { int x, int y, int w, int h) int width = surface_bytes_per_pixel(surface) * w; if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { uint32_t cmd = s->fifo[CMD(stop) >> 2]; return cmd; return le32_to_cpu(vmsvga_fifo_read_raw(s)); x = vmsvga_fifo_read(s); if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) { uint32_t c, int x, int y, int w, int h) if (!vmsvga_verify_rect(surface, __func__, x, y, w, h)) { fprintf(stderr, "%s: x was < 0 (%d)\n", name, x); fprintf(stderr, "%s: x was > %d (%d)\n", name, SVGA_MAX_WIDTH, x); if (x + w > surface_width(surface)) { name, surface_width(surface), x, w); fprintf(stderr, "%s: y was < 0 (%d)\n", name, y); fprintf(stderr, "%s: y was > %d (%d)\n", name, SVGA_MAX_HEIGHT, y); if (y + h > surface_height(surface)) { name, surface_height(surface), y, h); uint32_t cmd = s->fifo[CMD(stop) >> 2]; return cmd; return le32_to_cpu(vmsvga_fifo_read_raw(s)); width = vmsvga_fifo_read(s); if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) { uint32_t c, int x, int y, int w, int h) DisplaySurface *surface = qemu_console_surface(s->vga.con); int bypl = surface_stride(surface); int width = surface_bytes_per_pixel(surface) * w; fst = s->vga.vram_ptr + surface_bytes_per_pixel(surface) * x + bypl * y; dst = fst; dst += bypl; memcpy(dst, fst, width); static inline bool vmsvga_verify_rect(DisplaySurface *surface, fst = s->vga.vram_ptr + surface_bytes_per_pixel(surface) * x + bypl * y; dst = fst; memcpy(dst, fst, width); 0 --------------------------------- 468 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 177 path->data = NULL; path->size = 0; if (!strncmp(s1->data, s2->data, s1->size - 1)) { err = v9fs_co_open(pdu, f, f->open_flags); err = v9fs_co_opendir(pdu, f); for (f = s->fid_list; f; f = f->next) { BUG_ON(f->clunked); f->ref++; err = v9fs_reopen_fid(pdu, f); return NULL; f->flags |= FID_REFERENCED; return f; return NULL; err = v9fs_co_rename(pdu, &fidp->path, &new_path); if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { fidp = get_fid(pdu, fid); err = v9fs_complete_rename(pdu, fidp, newdirfid, &name); V9fsPath oldpath, newpath; v9fs_path_init(&oldpath); v9fs_co_name_to_path(pdu, olddir, old_name->data, &oldpath); if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { fidp = get_fid(pdu, fid); err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name); static int v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp, if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { static int v9fs_path_is_ancestor(V9fsPath *s1, V9fsPath *s2) if (!strncmp(s1->data, s2->data, s1->size - 1)) { if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { void v9fs_path_init(V9fsPath *path) v9fs_path_init(&oldpath); if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { static int v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) err = v9fs_reopen_fid(pdu, f); return f; fidp = get_fid(pdu, fid); err = v9fs_complete_rename(pdu, fidp, newdirfid, &name); 0 --------------------------------- 469 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 5415 line = line_end; TryAllLines(&line, &line_start, &line_end, &searchingOverflowList, nsBlockFrame::TryAllLines(nsLineList::iterator* aIterator, TryAllLines(&line, &line_start, &line_end, &searchingOverflowList, searchingOverflowList?"overflow":"normal", line.get()); NS_ASSERTION(line->Contains(aDeletedFrame), "frame not in line"); bool isLastFrameOnLine = 1 == line->GetChildCount(); if (line != line_end && !line->IsBlock()) { line->NoteFrameRemoved(aDeletedFrame); searchingOverflowList?"overflow":"normal", line.get()); if (0 == line->GetChildCount()) { searchingOverflowList?"overflow":"normal", line.get()); 0 --------------------------------- 470 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c cfunc 243 FILE *fp, fread(buf, 13, 1, fp); if (gif_read_cmap(fp, ncolors, cmap, &gray)) buf[0] = getc(fp); gif_get_block(fp, buf); while (gif_get_block(fp, buf) != 0); fread(buf, 9, 1, fp); if (gif_read_cmap(fp, ncolors, cmap, &gray)) fclose(fp); static int gif_read_cmap(FILE *fp, int ncolors, gif_cmap_t cmap, fread(buf, 9, 1, fp); fclose(fp); static int gif_get_block(FILE *fp, unsigned char *buffer); while (gif_get_block(fp, buf) != 0); fread(buf, 9, 1, fp); fclose(fp); 0 --------------------------------- 471 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c cfunc 242 FILE *fp, unsigned char buf[1024]; fread(buf, 13, 1, fp); img->xsize = (buf[7] << 8) | buf[6]; img->ysize = (buf[9] << 8) | buf[8]; if (gif_read_cmap(fp, ncolors, cmap, &gray)) buf[0] = getc(fp); gif_get_block(fp, buf); while (gif_get_block(fp, buf) != 0); fread(buf, 9, 1, fp); img->xsize = (buf[5] << 8) | buf[4]; img->ysize = (buf[7] << 8) | buf[6]; img->xsize = (buf[5] << 8) | buf[4]; img->ysize = (buf[7] << 8) | buf[6]; img->xsize, img->ysize); static int gif_read_cmap(FILE *fp, int ncolors, gif_cmap_t cmap, fread(buf, 9, 1, fp); img->xsize = (buf[5] << 8) | buf[4]; img->ysize = (buf[7] << 8) | buf[6]; img->xsize, img->ysize); static int gif_get_block(FILE *fp, unsigned char *buffer); while (gif_get_block(fp, buf) != 0); fread(buf, 9, 1, fp); img->xsize = (buf[5] << 8) | buf[4]; img->ysize = (buf[7] << 8) | buf[6]; img->xsize, img->ysize); static int gif_get_block(FILE *fp, unsigned char *buffer); fread(buf, 9, 1, fp); img->xsize = (buf[5] << 8) | buf[4]; img->xsize, img->ysize); 0 --------------------------------- 472 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 313 ogg_packet oggpacket; while( ogg_stream_packetout( &p_stream->os, &oggpacket ) > 0 ) ! memcmp( oggpacket.packet, "\x80theora", 7 ) ) ! memcmp( oggpacket.packet, "\x01vorbis", 7 ) ) Ogg_DecodePacket( p_demux, p_stream, &oggpacket ); Ogg_DecodePacket( p_demux, p_stream, &oggpacket ); static void Ogg_DecodePacket ( demux_t *, logical_stream_t *, ogg_packet * ); Ogg_DecodePacket( p_demux, p_stream, &oggpacket ); ! memcmp( oggpacket.packet, "\x80theora", 7 ) ) ! memcmp( oggpacket.packet, "\x01vorbis", 7 ) ) if( ogg_stream_packetout( &p_stream->os, &oggpacket ) > 0 ) Ogg_UpdatePCR( p_stream, &oggpacket ); Ogg_DecodePacket( p_demux, p_stream, &oggpacket ); ! memcmp( oggpacket.packet, "\x80theora", 7 ) ) ! memcmp( oggpacket.packet, "\x01vorbis", 7 ) ) static void Ogg_UpdatePCR ( logical_stream_t *, ogg_packet * ); Ogg_UpdatePCR( p_stream, &oggpacket ); Ogg_ReadVorbisHeader( p_stream, &oggpacket ); static void Ogg_ReadVorbisHeader( logical_stream_t *, ogg_packet * ); Ogg_ReadVorbisHeader( p_stream, &oggpacket ); Ogg_ReadTheoraHeader( p_stream, &oggpacket ); static void Ogg_ReadTheoraHeader( logical_stream_t *, ogg_packet * ); Ogg_ReadTheoraHeader( p_stream, &oggpacket ); ! memcmp( oggpacket.packet, "\x80theora", 7 ) ) ! memcmp( oggpacket.packet, "\x01vorbis", 7 ) ) 0 --------------------------------- 473 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cppfunc 627 static int AVI_ChunkRead_strz( stream_t *s, avi_chunk_t *p_chk ) AVI_READCHUNK_ENTER; p_strz->p_str = malloc( i_read + 1); 0 --------------------------------- 474 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_pathhash.cpp cppfunc 134 LPCWSTR baseRegPath = L"SOFTWARE\\Mozilla\\" wcsncpy(registryPath, baseRegPath, MAX_PATH); registryPath + wcslen(baseRegPath)); 0 --------------------------------- 475 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 1758 p_stream->fmt.psz_description[15] = 0; psz_desc = strdup(FindKateCategoryName(p_stream->fmt.psz_description)); free( p_stream->fmt.psz_description ); 0 --------------------------------- 476 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cppfunc 1758 p_stream->fmt.psz_description[15] = 0; psz_desc = strdup(FindKateCategoryName(p_stream->fmt.psz_description)); free( p_stream->fmt.psz_description ); 0 --------------------------------- 477 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cfunc 521 const char *mBuf; (local_file_header *)(mBuf + letoh32(entry->offset)); const local_file_header * data = if (((char *)data + data->GetSize()) > (char *)mEnd) letoh16(extra_field_size) + GetDataSize(); return sizeof(local_file_header) + letoh16(filename_size) + return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); descCopy.append(file->GetData(), entry->GetDataSize()); int32_t width, height, fps; const char *line = descCopy.c_str(); end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { 0 --------------------------------- 478 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c cfunc 248 FILE *fp, fread(buf, 13, 1, fp); if (gif_read_cmap(fp, ncolors, cmap, &gray)) buf[0] = getc(fp); gif_get_block(fp, buf); while (gif_get_block(fp, buf) != 0); fread(buf, 9, 1, fp); if (gif_read_cmap(fp, ncolors, cmap, &gray)) i = gif_read_image(fp, img, cmap, buf[8] & GIF_INTERLACE); static int gif_read_cmap(FILE *fp, int ncolors, gif_cmap_t cmap, fread(buf, 9, 1, fp); i = gif_read_image(fp, img, cmap, buf[8] & GIF_INTERLACE); static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, fclose(fp); static int gif_get_block(FILE *fp, unsigned char *buffer); while (gif_get_block(fp, buf) != 0); fread(buf, 9, 1, fp); i = gif_read_image(fp, img, cmap, buf[8] & GIF_INTERLACE); static int gif_get_block(FILE *fp, unsigned char *buffer); fread(buf, 9, 1, fp); i = gif_read_image(fp, img, cmap, buf[8] & GIF_INTERLACE); 0 --------------------------------- 479 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 782 fprintf(stderr, "DEBUG: %*sSEQUENCE %d bytes\n", indent, "", asn1_debug(buffer, value_length, indent + 4); fprintf(stderr, "DEBUG: %*sGet-Request-PDU %d bytes\n", indent, "", asn1_debug(buffer, value_length, indent + 4); asn1_debug(buffer, value_length, indent + 4); int indent) fprintf(stderr, "DEBUG: %*sBOOLEAN %d bytes %d\n", indent, "", fprintf(stderr, "DEBUG: %*sINTEGER %d bytes %d\n", indent, "", fprintf(stderr, "DEBUG: %*sOCTET STRING %d bytes \"%s\"\n", indent, "", fprintf(stderr, "DEBUG: %*sOID %d bytes ", indent, "", fprintf(stderr, ".%d", oid[i]); putc('\n', stderr); fprintf(stderr, "DEBUG: %*sGet-Response-PDU %d bytes\n", indent, "", fprintf(stderr, "DEBUG: %*sUNKNOWN(%x) %d bytes\n", indent, "", 0 --------------------------------- 480 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 783 value_type = asn1_get_type(&buffer, bufend); value_length = asn1_get_length(&buffer, bufend); value_type, value_length); 0 --------------------------------- 481 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4276 const char *url) if ((p = strchr(url, ':'))) { av_strlcpy(proto, url, FFMIN(proto_size, p + 1 - url)); p++; if (*p == '/') p++; if (*p == '/') p++; ls = strchr(p, '/'); ls2 = strchr(p, '?'); ls = &p[strlen(p)]; 0 --------------------------------- 482 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4036 us = ic->duration % AV_TIME_BASE; (100 * us) / AV_TIME_BASE); us = abs(ic->start_time % AV_TIME_BASE); 0 --------------------------------- 483 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 1038 d = (unsigned char *)s->init_buf->data; p = &(d[DTLS1_HM_HEADER_LENGTH]); memcpy(p, s->s3->tmp.finish_md, i); 0 --------------------------------- 484 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 132 node *n = (node*) calloc( 1, sizeof(node) ); return n; free( root->name ); free( root ); psz_zip = convert_xml_special_chars( psz_zip ? (psz_zip+1) : psz_zippath ); " \n", psz_zip ) == -1) node *playlist = new_node( psz_zip ); node *parent = findOrCreateParentNode( playlist, psz_name ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; static int nodeToXSPF( char **pp_buffer, node *n, bool b_root ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; free_all_node( playlist ); inline static void free_all_node( node *root ) free( root ); free_all_node( playlist ); inline static void free_all_node( node *root ) free_all_node( root->child ); inline static void free_all_node( node *root ) node *tmp = root->next; root = tmp; free( root ); inline static node* new_node( char *name ) n->name = convert_xml_special_chars( name ); return n; node *playlist = new_node( psz_zip ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; free_all_node( playlist ); static node* findOrCreateParentNode( node *root, const char *fullpath ); node *parent = findOrCreateParentNode( playlist, psz_name ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; free_all_node( playlist ); 0 --------------------------------- 485 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 132 node *n = (node*) calloc( 1, sizeof(node) ); return n; free( root->name ); free( root ); psz_zip = convert_xml_special_chars( psz_zip ? (psz_zip+1) : psz_zippath ); " \n", psz_zip ) == -1) node *playlist = new_node( psz_zip ); node *parent = findOrCreateParentNode( playlist, psz_name ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; static int nodeToXSPF( char **pp_buffer, node *n, bool b_root ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; free_all_node( playlist ); inline static void free_all_node( node *root ) free( root ); free_all_node( playlist ); inline static void free_all_node( node *root ) free_all_node( root->child ); inline static void free_all_node( node *root ) node *tmp = root->next; root = tmp; free( root ); inline static node* new_node( char *name ) n->name = convert_xml_special_chars( name ); return n; node *playlist = new_node( psz_zip ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; free_all_node( playlist ); static node* findOrCreateParentNode( node *root, const char *fullpath ); node *parent = findOrCreateParentNode( playlist, psz_name ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; free_all_node( playlist ); 0 --------------------------------- 486 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 130 node *n = (node*) calloc( 1, sizeof(node) ); return n; psz_zip = convert_xml_special_chars( psz_zip ? (psz_zip+1) : psz_zippath ); " \n", psz_zip ) == -1) node *playlist = new_node( psz_zip ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; inline static node* new_node( char *name ) n->name = convert_xml_special_chars( name ); return n; node *playlist = new_node( psz_zip ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; static int nodeToXSPF( char **pp_buffer, node *n, bool b_root ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; free_all_node( playlist ); inline static void free_all_node( node *root ) free_all_node( root->child ); free( root->name ); 0 --------------------------------- 487 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 130 node *n = (node*) calloc( 1, sizeof(node) ); return n; psz_zip = convert_xml_special_chars( psz_zip ? (psz_zip+1) : psz_zippath ); " \n", psz_zip ) == -1) node *playlist = new_node( psz_zip ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; inline static node* new_node( char *name ) n->name = convert_xml_special_chars( name ); return n; node *playlist = new_node( psz_zip ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; static int nodeToXSPF( char **pp_buffer, node *n, bool b_root ); if( nodeToXSPF( pp_buffer, playlist, true ) < 0 ) return -1; free_all_node( playlist ); inline static void free_all_node( node *root ) free_all_node( root->child ); free( root->name ); 0 --------------------------------- 488 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 933 const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); 0 --------------------------------- 489 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp cfunc 396 char updaterIdentity[64]; updaterIdentity, sizeof(updaterIdentity))) { if (strcmp(updaterIdentity, UPDATER_IDENTITY_STRING)) { 0 --------------------------------- 490 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c cfunc 688 static void sysbus_esp_realize(DeviceState *dev, Error **errp) SysBusDevice *sbd = SYS_BUS_DEVICE(dev); SysBusESPState *sysbus = ESP(dev); assert(sysbus->it_shift != -1); 0 --------------------------------- 491 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c cppfunc 688 static void sysbus_esp_realize(DeviceState *dev, Error **errp) SysBusDevice *sbd = SYS_BUS_DEVICE(dev); SysBusESPState *sysbus = ESP(dev); assert(sysbus->it_shift != -1); 0 --------------------------------- 492 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4204 PRINT("stream #%d:\n", pkt->stream_index); PRINT(" keyframe=%d\n", ((pkt->flags & AV_PKT_FLAG_KEY) != 0)); PRINT(" duration=%0.3f\n", pkt->duration * av_q2d(time_base)); PRINT(" dts="); PRINT("N/A"); PRINT("%0.3f", pkt->dts * av_q2d(time_base)); PRINT(" pts="); PRINT("%0.3f", pkt->pts * av_q2d(time_base)); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT("%0.3f", pkt->pts * av_q2d(time_base)); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); 0 --------------------------------- 493 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 2056 for (address = (char *)cupsArrayFirst(Addresses); address = (char *)cupsArrayNext(Addresses)) if (!strcmp(address, "@LOCAL")) else if (!strncmp(address, "@IF(", 4)) strlcpy(ifname, address + 4, sizeof(ifname)); addrs = httpAddrGetList(address, AF_INET, NULL); fprintf(stderr, "ERROR: Unable to scan \"%s\"!\n", address); 0 --------------------------------- 494 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 543 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *ret = buf; ret += 2; long lenmax; strlen(s->tlsext_hostname)) > (unsigned long)lenmax) s2n(TLSEXT_TYPE_server_name, ret); s2n(size_str + 5, ret); s2n(size_str + 3, ret); *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name; s2n(size_str, ret); memcpy(ret, s->tlsext_hostname, size_str); ret += size_str; int el; if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { s2n(TLSEXT_TYPE_renegotiate, ret); s2n(el, ret); if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { ret += el; int login_len = strlen(s->srp_ctx.login); s2n(TLSEXT_TYPE_srp, ret); s2n(login_len + 1, ret); (*ret++) = (unsigned char)login_len; memcpy(ret, s->srp_ctx.login, login_len); ret += login_len; s2n(TLSEXT_TYPE_ec_point_formats, ret); s2n(s->tlsext_ecpointformatlist_length + 1, ret); *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length; memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); ret += s->tlsext_ecpointformatlist_length; s2n(TLSEXT_TYPE_elliptic_curves, ret); s2n(s->tlsext_ellipticcurvelist_length + 2, ret); s2n(s->tlsext_ellipticcurvelist_length, ret); memcpy(ret, s->tlsext_ellipticcurvelist, s->tlsext_ellipticcurvelist_length); ret += s->tlsext_ellipticcurvelist_length; ticklen = s->tlsext_session_ticket->length; s->session->tlsext_tick = OPENSSL_malloc(ticklen); memcpy(s->session->tlsext_tick, s2n(TLSEXT_TYPE_session_ticket, ret); s2n(ticklen, ret); memcpy(ret, s->session->tlsext_tick, ticklen); 0 --------------------------------- 495 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 739 folder = path; char *sep = strchr( folder, '/' ); *sep = '\0'; return findOrCreateParentNode( current, sep ); ret = findOrCreateParentNode( ret, sep ); static node* findOrCreateParentNode( node *root, const char *fullpath ) char *path = strdup( fullpath ); free( path ); 0 --------------------------------- 496 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 739 folder = path; char *sep = strchr( folder, '/' ); *sep = '\0'; return findOrCreateParentNode( current, sep ); ret = findOrCreateParentNode( ret, sep ); static node* findOrCreateParentNode( node *root, const char *fullpath ) char *path = strdup( fullpath ); free( path ); 0 --------------------------------- 497 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 379 nsBlockFrame* f = const_cast(this); if (f->HasOverflowAreas()) { nsRect overflowArea = f->GetVisualOverflowRect(); overflowArea.width, overflowArea.height); 0 --------------------------------- 498 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1176 unsigned short type, size; static const unsigned char kSafariExtensionsBlock[] = { data += 2; n2s(data, type); n2s(data, size); data += size; const size_t len1 = sizeof(kSafariExtensionsBlock); if (memcmp(data, kSafariExtensionsBlock, len1) != 0) if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) if (memcmp(data, kSafariExtensionsBlock, len) != 0) unsigned short size; ssl_check_for_safari(s, data, limit); n2s(data, len); n2s(data, size); fprintf(stderr, "Received extension type %d size %d\n", type, size); s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); n2s(data, dsize); size -= 2; memcpy(s->srp_ctx.login, &data[1], len); !s->tls_session_ticket_ext_cb(s, data, size, if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) n2s(data, dsize); size -= 2; if (!tls1_process_sigalgs(s, data, dsize)) s->tlsext_status_type = *data++; size--; n2s(data, dsize); size -= 2; int idsize; n2s(data, idsize); size -= 2 + idsize; id = d2i_OCSP_RESPID(NULL, &sdata, idsize); data += idsize; n2s(data, dsize); size -= 2; if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) data += size; n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { memcpy(s->session->tlsext_ecpointformatlist, sdata, sdata = s->session->tlsext_ecpointformatlist; fprintf(stderr, "%i ", *(sdata++)); static void ssl_check_for_safari(SSL *s, const unsigned char *data, n2s(data, len); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { memcpy(s->session->tlsext_ecpointformatlist, sdata, sdata = s->session->tlsext_ecpointformatlist; fprintf(stderr, "%i ", *(sdata++)); int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { memcpy(s->session->tlsext_ecpointformatlist, sdata, sdata = s->session->tlsext_ecpointformatlist; fprintf(stderr, "%i ", *(sdata++)); int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *data = *p; n2s(data, len); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { memcpy(s->session->tlsext_ecpointformatlist, sdata, sdata = s->session->tlsext_ecpointformatlist; fprintf(stderr, "%i ", *(sdata++)); 0 --------------------------------- 499 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c cfunc 195 &wth->phdr, wth->frame_buffer, err, err_info); struct wtap_pkthdr *phdr, Buffer *buf, phdr, buf, err, err_info)) { struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info) guint tmp[2]; bytes_read = file_read(&tmp, 2, fh); payload_length = pletoh16(tmp); buffer_assure_space(buf, packet_size); pd = buffer_start_ptr(buf); memcpy(pd, tmp, 2); 0 --------------------------------- 500 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c API 500 HINSTANCE hdll = LoadLibrary(_T("MPR.DLL")); (void *)GetProcAddress( hdll, _T("WNetAddConnection2A") ); FreeLibrary( hdll ); 0 --------------------------------- 501 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4157 PRINT(" %02x", buf[i+j]); PRINT(" "); PRINT(" "); PRINT("\n"); PRINT("%08x ", i); hex_dump_internal(avcl, NULL, level, buf, size); PRINT("stream #%d:\n", pkt->stream_index); PRINT(" keyframe=%d\n", ((pkt->flags & AV_PKT_FLAG_KEY) != 0)); PRINT(" duration=%0.3f\n", pkt->duration * av_q2d(time_base)); PRINT(" dts="); PRINT("N/A"); PRINT("%0.3f", pkt->dts * av_q2d(time_base)); PRINT(" pts="); PRINT("N/A"); PRINT("%0.3f", pkt->pts * av_q2d(time_base)); PRINT("\n"); PRINT(" size=%d\n", pkt->size); av_hex_dump(f, pkt->data, pkt->size); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) av_hex_dump(f, pkt->data, pkt->size); void av_hex_dump(FILE *f, uint8_t *buf, int size) hex_dump_internal(NULL, f, 0, buf, size); static void hex_dump_internal(void *avcl, FILE *f, int level, uint8_t *buf, int size) PRINT("%08x ", i); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); 0 --------------------------------- 502 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 442 AVI_READCHUNK_ENTER; memcpy( p_chk->strd.p_data, p_buff + 8, p_chk->common.i_chunk_size ); AVI_READCHUNK_EXIT( VLC_SUCCESS ); 0 --------------------------------- 503 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cppfunc 442 AVI_READCHUNK_ENTER; memcpy( p_chk->strd.p_data, p_buff + 8, p_chk->common.i_chunk_size ); AVI_READCHUNK_EXIT( VLC_SUCCESS ); 0 --------------------------------- 504 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1398 char *make_model, int make_model_size) snprintf(make_model, make_model_size, "HP DeskJet%s", old_make_model + 7); 0 --------------------------------- 505 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 382 nsBlockFrame* f = const_cast(this); if (f->HasOverflowAreas()) { nsRect overflowArea = f->GetVisualOverflowRect(); overflowArea = f->GetScrollableOverflowRect(); overflowArea.width, overflowArea.height); 0 --------------------------------- 506 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 381 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); fprintf(out, " IBSplitSpecialPrevSibling=%p", IBprevsibling); fprintf(out, " [content=%p]", static_cast(mContent)); fprintf(out, " {%d,%d,%d,%d}", mRect.x, mRect.y, mRect.width, mRect.height); fprintf(out, " [state=%016llx]", (unsigned long long)mState); nsBlockFrame* f = const_cast(this); if (f->HasOverflowAreas()) { nsRect overflowArea = f->GetVisualOverflowRect(); fprintf(out, " [vis-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, overflowArea = f->GetScrollableOverflowRect(); fprintf(out, " [scr-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, 0 --------------------------------- 507 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 306 static void split(char* str, const char* sep, nsTArray& result) char *s = strtok(str, sep); s = strtok(nullptr, sep); 0 --------------------------------- 508 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 219 int StreamOpen( vlc_object_t *p_this ) stream_t *s = (stream_t*) p_this; stream_sys_t *p_sys; if( stream_Peek( s->p_source, &p_peek, i_zip_marker ) < i_zip_marker ) s->p_sys = p_sys = calloc( 1, sizeof( *p_sys ) ); s->pf_read = Read; s->pf_peek = Peek; s->pf_control = Control; calloc( 1, sizeof( zlib_filefunc_def ) ); p_sys->fileFunctions = ( zlib_filefunc_def * ) p_sys->fileFunctions->zopen_file = ZipIO_Open; p_sys->fileFunctions->zread_file = ZipIO_Read; p_sys->fileFunctions->zwrite_file = ZipIO_Write; p_sys->fileFunctions->ztell_file = ZipIO_Tell; p_sys->fileFunctions->zseek_file = ZipIO_Seek; p_sys->fileFunctions->zclose_file = ZipIO_Close; p_sys->fileFunctions->zerror_file = ZipIO_Error; p_sys->fileFunctions->opaque = ( void * ) s; p_sys->zipFile = unzOpen2( NULL free( p_sys->fileFunctions ); free( p_sys ); 0 --------------------------------- 509 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 219 int StreamOpen( vlc_object_t *p_this ) stream_t *s = (stream_t*) p_this; stream_sys_t *p_sys; if( stream_Peek( s->p_source, &p_peek, i_zip_marker ) < i_zip_marker ) s->p_sys = p_sys = calloc( 1, sizeof( *p_sys ) ); s->pf_read = Read; s->pf_peek = Peek; s->pf_control = Control; calloc( 1, sizeof( zlib_filefunc_def ) ); p_sys->fileFunctions = ( zlib_filefunc_def * ) p_sys->fileFunctions->zopen_file = ZipIO_Open; p_sys->fileFunctions->zread_file = ZipIO_Read; p_sys->fileFunctions->zwrite_file = ZipIO_Write; p_sys->fileFunctions->ztell_file = ZipIO_Tell; p_sys->fileFunctions->zseek_file = ZipIO_Seek; p_sys->fileFunctions->zclose_file = ZipIO_Close; p_sys->fileFunctions->zerror_file = ZipIO_Error; p_sys->fileFunctions->opaque = ( void * ) s; p_sys->zipFile = unzOpen2( NULL free( p_sys->fileFunctions ); free( p_sys ); 0 --------------------------------- 510 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 6886 nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); if (line->IsDirty()) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); fc = fc->Next(); lineFloats.AppendElement(fc->mFloat); if (i < lineFloats.Length() && lineFloats.ElementAt(i) != f) { if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); 0 --------------------------------- 511 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 210 int StreamOpen( vlc_object_t *p_this ) stream_t *s = (stream_t*) p_this; stream_sys_t *p_sys; if( stream_Peek( s->p_source, &p_peek, i_zip_marker ) < i_zip_marker ) s->p_sys = p_sys = calloc( 1, sizeof( *p_sys ) ); s->pf_read = Read; s->pf_peek = Peek; s->pf_control = Control; calloc( 1, sizeof( zlib_filefunc_def ) ); p_sys->fileFunctions = ( zlib_filefunc_def * ) p_sys->fileFunctions->zopen_file = ZipIO_Open; p_sys->fileFunctions->zread_file = ZipIO_Read; p_sys->fileFunctions->zwrite_file = ZipIO_Write; p_sys->fileFunctions->ztell_file = ZipIO_Tell; p_sys->fileFunctions->zseek_file = ZipIO_Seek; p_sys->fileFunctions->zclose_file = ZipIO_Close; p_sys->fileFunctions->zerror_file = ZipIO_Error; p_sys->fileFunctions->opaque = ( void * ) s; p_sys->zipFile = unzOpen2( NULL free( p_sys->fileFunctions ); free( p_sys ); 0 --------------------------------- 512 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 210 int StreamOpen( vlc_object_t *p_this ) stream_t *s = (stream_t*) p_this; stream_sys_t *p_sys; if( stream_Peek( s->p_source, &p_peek, i_zip_marker ) < i_zip_marker ) s->p_sys = p_sys = calloc( 1, sizeof( *p_sys ) ); s->pf_read = Read; s->pf_peek = Peek; s->pf_control = Control; calloc( 1, sizeof( zlib_filefunc_def ) ); p_sys->fileFunctions = ( zlib_filefunc_def * ) p_sys->fileFunctions->zopen_file = ZipIO_Open; p_sys->fileFunctions->zread_file = ZipIO_Read; p_sys->fileFunctions->zwrite_file = ZipIO_Write; p_sys->fileFunctions->ztell_file = ZipIO_Tell; p_sys->fileFunctions->zseek_file = ZipIO_Seek; p_sys->fileFunctions->zclose_file = ZipIO_Close; p_sys->fileFunctions->zerror_file = ZipIO_Error; p_sys->fileFunctions->opaque = ( void * ) s; p_sys->zipFile = unzOpen2( NULL free( p_sys->fileFunctions ); free( p_sys ); 0 --------------------------------- 513 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c cfunc 2585 unsigned short blob_len; read_len = file_read(&blob_len, 2, infile); blob_len_host = pletoh16(&blob_len); in_len = -blob_len_host; in_len = blob_len_host; file_inbuf = (unsigned char *)g_malloc(INBUF_SIZE); read_len = file_read(file_inbuf, in_len, infile); memcpy(comp_stream->buf, file_inbuf, in_len); 0 --------------------------------- 514 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c cfunc 146 FILE *fp, fread(buf, 13, 1, fp); if (gif_read_cmap(fp, ncolors, cmap, &gray)) buf[0] = getc(fp); gif_get_block(fp, buf); while (gif_get_block(fp, buf) != 0); fread(buf, 9, 1, fp); if (gif_read_cmap(fp, ncolors, cmap, &gray)) static int gif_get_block(FILE *fp, unsigned char *buffer); while (gif_get_block(fp, buf) != 0); fread(buf, 9, 1, fp); if (gif_read_cmap(fp, ncolors, cmap, &gray)) static int gif_read_cmap(FILE *fp, int ncolors, gif_cmap_t cmap, fread(buf, 9, 1, fp); if (gif_read_cmap(fp, ncolors, cmap, &gray)) fclose(fp); 0 --------------------------------- 515 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1402 char *make_model, int make_model_size) snprintf(make_model, make_model_size, "EPSON Stylus Pro %s", 0 --------------------------------- 516 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 386 vlc_array_t *p_filenames = vlc_array_new(); i_ret = GetFilesInZip( s, file, p_filenames, NULL ); static int GetFilesInZip( stream_t*, unzFile, vlc_array_t*, vlc_array_t* ); i_ret = WriteXSPF( pp_buffer, p_filenames, p_sys->psz_path ); static int WriteXSPF( char **pp_buffer, vlc_array_t *p_filenames, for( int i = 0; i < vlc_array_count( p_filenames ); i++ ) free( vlc_array_item_at_index( p_filenames, i ) ); 0 --------------------------------- 517 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cppfunc 386 vlc_array_t *p_filenames = vlc_array_new(); i_ret = GetFilesInZip( s, file, p_filenames, NULL ); static int GetFilesInZip( stream_t*, unzFile, vlc_array_t*, vlc_array_t* ); i_ret = WriteXSPF( pp_buffer, p_filenames, p_sys->psz_path ); static int WriteXSPF( char **pp_buffer, vlc_array_t *p_filenames, for( int i = 0; i < vlc_array_count( p_filenames ); i++ ) free( vlc_array_item_at_index( p_filenames, i ) ); 0 --------------------------------- 518 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp cfunc 78 char buf[32] = { 0 }; if (!ReadFile(statusFile, buf, sizeof(buf), &read, NULL)) { LOG(("updater.exe returned status: %s", buf)); const char kApplying[] = "applying"; isApplying = strncmp(buf, kApplying, 0 --------------------------------- 519 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 918 V9fsString version; v9fs_string_init(&version); err = pdu_unmarshal(pdu, offset, "ds", &s->msize, &version); trace_v9fs_version(pdu->tag, pdu->id, s->msize, version.data); if (!strcmp(version.data, "9P2000.u")) { } else if (!strcmp(version.data, "9P2000.L")) { 0 --------------------------------- 520 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 860 memset( p_chk, 0, sizeof( avi_chunk_t ) ); p_chk = malloc( sizeof( avi_chunk_t ) ); memset( p_chk, 0, sizeof( avi_chunk_t ) ); 0 --------------------------------- 521 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 3922 AVDictionaryEntry *tag=NULL; while((tag=av_dict_get(m, "", tag, AV_DICT_IGNORE_SUFFIX))) { if(strcmp("language", tag->key)){ while((tag=av_dict_get(m, "", tag, AV_DICT_IGNORE_SUFFIX))) { const char *p = tag->value; av_log(ctx, AV_LOG_INFO, "%s %-16s: ", indent, tag->key); while((tag=av_dict_get(m, "", tag, AV_DICT_IGNORE_SUFFIX))) { const char *p = tag->value; size_t len = strcspn(p, "\x8\xa\xb\xc\xd"); av_strlcpy(tmp, p, FFMIN(sizeof(tmp), len+1)); p += len; size_t len = strcspn(p, "\x8\xa\xb\xc\xd"); if (*p) p++; size_t len = strcspn(p, "\x8\xa\xb\xc\xd"); uint8_t *printed = ic->nb_streams ? av_mallocz(ic->nb_streams) : NULL; dump_metadata(NULL, ic->metadata, " "); us = ic->duration % AV_TIME_BASE; (100 * us) / AV_TIME_BASE); us = abs(ic->start_time % AV_TIME_BASE); AVChapter *ch = ic->chapters[i]; dump_metadata(NULL, ch->metadata, " "); dump_metadata(NULL, ic->programs[j]->metadata, " "); dump_stream_format(ic, ic->programs[j]->stream_index[k], index, is_output); static void dump_stream_format(AVFormatContext *ic, int i, int index, int is_output) AVStream *st = ic->streams[i]; AVDictionaryEntry *lang = av_dict_get(st->metadata, "language", NULL, 0); dump_metadata(NULL, st->metadata, " "); dump_stream_format(ic, ic->programs[j]->stream_index[k], index, is_output); static void dump_stream_format(AVFormatContext *ic, int i, int index, int is_output) AVStream *st = ic->streams[i]; AVDictionaryEntry *lang = av_dict_get(st->metadata, "language", NULL, 0); dump_metadata(NULL, st->metadata, " "); static void dump_metadata(void *ctx, AVDictionary *m, const char *indent) if(m && !(av_dict_count(m) == 1 && av_dict_get(m, "language", NULL, 0))){ while((tag=av_dict_get(m, "", tag, AV_DICT_IGNORE_SUFFIX))) { const char *p = tag->value; size_t len = strcspn(p, "\x8\xa\xb\xc\xd"); 0 --------------------------------- 522 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp API 284 gWorkDoneEvent = CreateEvent(NULL, TRUE, FALSE, NULL); ReportSvcStatus(SERVICE_RUNNING, NO_ERROR, 0); SetEvent(gWorkDoneEvent); 0 --------------------------------- 523 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c cfunc 994 trace_vmware_palette_write(s->index, value); trace_vmware_value_write(s->index, value); printf("%s: Bad bits per pixel: %i bits\n", __func__, value); uint64_t data, unsigned size) vmsvga_value_write(s, addr, data); static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value) trace_vmware_scratch_write(s->index, value); printf("%s: Bad bits per pixel: %i bits\n", __func__, value); 0 --------------------------------- 524 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c cfunc 606 v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); fidp = get_fid(pdu, fid); len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; str.data = strerror(err); 0 --------------------------------- 525 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 541 buf[line_len] = '\0'; s_data_port = s_mon_port = 0; if ((tmp = strstr(buf, rtsp_sps))) { tmp += strlen(rtsp_sps); if (sscanf(tmp, "%u-%u", &s_data_port, &s_mon_port) < 1) { 0 --------------------------------- 526 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 232 return av_guess_format("image2", NULL, NULL); oformat = av_guess_format(format, NULL, NULL); oformat = av_guess_format(NULL, filename, NULL); const char *mime_type) if (fmt->mime_type && mime_type && !strcmp(fmt->mime_type, mime_type)) 0 --------------------------------- 527 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cppfunc 1337 void NetworkUtils::finalizeSuccess(CommandChain* aChain, next(aChain, false, aResult); NetworkResultOptions& aResult) gWifiTetheringParms = new NetworkParams(aChain->getParams()); postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); NetworkResultOptions& aResult) next(aChain, false, aResult); NetworkResultOptions& aResult) postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); NetworkResultOptions& aResult) next(aChain, false, aResult); NetworkResultOptions& aResult) postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); NetworkResultOptions& aResult) next(aChain, false, aResult); NetworkResultOptions& aResult) ASSIGN_FIELD(mCurInternalIfname) postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); NetworkResultOptions& aResult) next(aChain, false, aResult); aResult.mSuccess = true; finalizeSuccess(aChain, aResult); NetworkResultOptions& aResult) next(aChain, false, aResult); NetworkResultOptions& aResult) postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); NetworkResultOptions& aResult) aResult.mRet = true; postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); NetworkResultOptions& aResult) next(aChain, false, aResult); void NetworkUtils::wifiOperationModeSuccess(CommandChain* aChain, postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); void NetworkUtils::updateUpStreamSuccess(CommandChain* aChain, ASSIGN_FIELD(mCurExternalIfname) ASSIGN_FIELD(mCurInternalIfname) postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); NetworkResultOptions& aResult) next(aChain, false, aResult); void NetworkUtils::setDhcpServerSuccess(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); NetworkResultOptions& aResult) next(aChain, false, aResult); void NetworkUtils::wifiTetheringSuccess(CommandChain* aChain, ASSIGN_FIELD(mEnable) if (aChain->getParams().mEnable) { postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); NetworkResultOptions& aResult) next(aChain, false, aResult); void NetworkUtils::networkInterfaceAlarmSuccess(CommandChain* aChain, postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); void NetworkUtils::usbTetheringSuccess(CommandChain* aChain, ASSIGN_FIELD(mEnable) postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); NetworkResultOptions& aResult) next(aChain, false, aResult); void NetworkUtils::defaultAsyncSuccessHandler(CommandChain* aChain, postMessage(aChain->getParams(), aResult); finalizeSuccess(aChain, aResult); 0 --------------------------------- 528 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1427 char *make_model, const char *old_make_model, if (!strncasecmp(old_make_model, "Hewlett-Packard", 15)) make_model[2] = ' '; strlcpy(make_model + 3, mmptr, make_model_size - 3); else if (!strncasecmp(old_make_model, "deskjet", 7)) snprintf(make_model, make_model_size, "HP DeskJet%s", old_make_model + 7); else if (!strncasecmp(old_make_model, "officejet", 9)) snprintf(make_model, make_model_size, "HP OfficeJet%s", old_make_model + 9); else if (!strncasecmp(old_make_model, "stylus_pro_", 11)) snprintf(make_model, make_model_size, "EPSON Stylus Pro %s", old_make_model + 11); strlcpy(make_model, old_make_model, make_model_size); if ((mmptr = strstr(make_model, ", Inc.,")) != NULL) if ((mmptr = strstr(make_model, " Network")) != NULL) if ((mmptr = strchr(make_model, ',')) != NULL) 0 --------------------------------- 529 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1173 unsigned short type, size; static const unsigned char kSafariExtensionsBlock[] = { data += 2; n2s(data, type); n2s(data, size); data += size; const size_t len1 = sizeof(kSafariExtensionsBlock); if (memcmp(data, kSafariExtensionsBlock, len1) != 0) if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) if (memcmp(data, kSafariExtensionsBlock, len) != 0) unsigned short size; ssl_check_for_safari(s, data, limit); n2s(data, len); n2s(data, size); fprintf(stderr, "Received extension type %d size %d\n", type, size); s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); n2s(data, dsize); size -= 2; memcpy(s->srp_ctx.login, &data[1], len); !s->tls_session_ticket_ext_cb(s, data, size, if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) n2s(data, dsize); size -= 2; if (!tls1_process_sigalgs(s, data, dsize)) s->tlsext_status_type = *data++; size--; n2s(data, dsize); size -= 2; int idsize; n2s(data, idsize); size -= 2 + idsize; id = d2i_OCSP_RESPID(NULL, &sdata, idsize); data += idsize; n2s(data, dsize); size -= 2; if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) data += size; n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length); ecpointformatlist_length; s->session->tlsext_ecpointformatlist_length = s->session->tlsext_ecpointformatlist_length); int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *data = *p; n2s(data, len); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length; s->session->tlsext_ecpointformatlist_length = s->session->tlsext_ecpointformatlist_length); static void ssl_check_for_safari(SSL *s, const unsigned char *data, n2s(data, len); n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length; s->session->tlsext_ecpointformatlist_length = s->session->tlsext_ecpointformatlist_length); int tls1_process_sigalgs(SSL *s, const unsigned char *data, int dsize) n2s(data, type); n2s(data, size); unsigned char *sdata = data; int ecpointformatlist_length = *(sdata++); OPENSSL_malloc(ecpointformatlist_length)) == NULL) { ecpointformatlist_length; s->session->tlsext_ecpointformatlist_length = s->session->tlsext_ecpointformatlist_length); 0 --------------------------------- 530 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 2518 path->data = NULL; path->size = 0; if (!strncmp(s1->data, s2->data, s1->size - 1)) { V9fsPath oldpath, newpath; v9fs_path_init(&oldpath); v9fs_co_name_to_path(pdu, olddir, old_name->data, &oldpath); if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); static int v9fs_path_is_ancestor(V9fsPath *s1, V9fsPath *s2) if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); void v9fs_path_init(V9fsPath *path) v9fs_path_init(&oldpath); v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); 0 --------------------------------- 531 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 1649 if ((frame_size = av_get_audio_frame_duration(enc, size)) > 0) frame_size = get_audio_frame_size(st->codec, pkt->size, 0); avpriv_h264_has_num_reorder_frames(st->codec) == st->codec->has_b_frames) st = s->streams[cur_pkt.stream_index]; compute_pkt_fields(s, st, NULL, pkt); st = s->streams[pkt->stream_index]; st->skip_samples = 0; av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); entries = av_fast_realloc(*index_entries, (*nb_index_entries + 1) * *index_entries= entries; index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); return ff_add_index_entry(&st->index_entries, &st->nb_index_entries, int *nb_index_entries, &st->index_entries_allocated_size, pos, unsigned int *index_entries_allocated_size, if((unsigned)*nb_index_entries + 1 >= UINT_MAX / sizeof(AVIndexEntry)) index_entries_allocated_size, (*nb_index_entries + 1) * sizeof(AVIndexEntry)); entries = av_fast_realloc(*index_entries, sizeof(AVIndexEntry)); (*nb_index_entries + 1) * a = - 1; a= b-1; m = (a + b) >> 1; b = m; a = m; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; m += (flags & AVSEEK_FLAG_BACKWARD) ? -1 : 1; return -1; return m; index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); memmove(entries + index + 1, entries + index, sizeof(AVIndexEntry)*(*nb_index_entries - index)); static void compute_pkt_fields(AVFormatContext *s, AVStream *st, compute_pkt_fields(s, st, NULL, pkt); av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); int av_add_index_entry(AVStream *st, av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); return ff_add_index_entry(&st->index_entries, &st->nb_index_entries, int *nb_index_entries, memmove(entries + index + 1, entries + index, sizeof(AVIndexEntry)*(*nb_index_entries - index)); int ff_add_index_entry(AVIndexEntry **index_entries, entries = av_fast_realloc(*index_entries, memmove(entries + index + 1, entries + index, sizeof(AVIndexEntry)*(*nb_index_entries - index)); static int has_decode_delay_been_guessed(AVStream *st) if(pkt->pts != AV_NOPTS_VALUE && delay <= MAX_REORDER_DELAY && has_decode_delay_been_guessed(st)){ static void compute_frame_duration(int *pnum, int *pden, AVStream *st, compute_frame_duration(&num, &den, st, pc, pkt); if(pkt->pts != AV_NOPTS_VALUE && delay <= MAX_REORDER_DELAY && has_decode_delay_been_guessed(st)){ int ff_index_search_timestamp(const AVIndexEntry *entries, int nb_entries, index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); return ff_add_index_entry(&st->index_entries, &st->nb_index_entries, b = nb_entries; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; return m; index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); memmove(entries + index + 1, entries + index, sizeof(AVIndexEntry)*(*nb_index_entries - index)); static int get_audio_frame_size(AVCodecContext *enc, int size, int mux) frame_size = get_audio_frame_size(st->codec, pkt->size, 0); 0 --------------------------------- 532 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 439 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); fprintf(out, " IBSplitSpecialPrevSibling=%p", IBprevsibling); fprintf(out, " [content=%p]", static_cast(mContent)); fprintf(out, " {%d,%d,%d,%d}", mRect.x, mRect.y, mRect.width, mRect.height); fprintf(out, " [state=%016llx]", (unsigned long long)mState); fprintf(out, " [vis-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " [scr-overflow=%d,%d,%d,%d]", overflowArea.x, overflowArea.y, fprintf(out, " sc=%p(i=%d,b=%d)", fprintf(out, " pst=%s", fprintf(out, " transformed"); fprintf(out, " perspective"); fprintf(out, " preserves-3d-children"); fprintf(out, " preserves-3d"); fputs("<\n", out); line->List(out, aIndent, aFlags); IndentBy(out, aIndent); fputs("Overflow-lines<\n", out); IndentBy(out, aIndent); fputs(">\n", out); 0 --------------------------------- 533 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_frame_buffer.cc cfunc 232 SetState(kStateIncomplete); VCMFrameBuffer::SetState(VCMFrameBufferStateEnum state) { _state = state; SetState(kStateIncomplete); SetState(kStateDecodable); assert(_state == kStateEmpty); 0 --------------------------------- 534 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_frame_buffer.cc cppfunc 232 SetState(kStateIncomplete); VCMFrameBuffer::SetState(VCMFrameBufferStateEnum state) { _state = state; SetState(kStateIncomplete); SetState(kStateDecodable); assert(_state == kStateEmpty); 0 --------------------------------- 535 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 504 add_device_uri(char *value) value ++; for (start = value; *value && *value != '\"'; value ++) *value++ = '\0'; while (isspace(*value & 255)) value ++; while (isspace(*value & 255)) for (start = value; *value && !isspace(*value & 255); value ++); while (isspace(*value & 255)) *value++ = '\0'; while (isspace(*value & 255)) 0 --------------------------------- 536 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cppfunc 504 add_device_uri(char *value) value ++; for (start = value; *value && *value != '\"'; value ++) *value++ = '\0'; while (isspace(*value & 255)) value ++; for (start = value; *value && !isspace(*value & 255); value ++); while (isspace(*value & 255)) *value++ = '\0'; while (isspace(*value & 255)) 0 --------------------------------- 537 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_frame_buffer.cc cfunc 239 SetState(kStateIncomplete); _state == kStateIncomplete || assert(_state == kStateEmpty || _state == kStateIncomplete || VCMFrameBuffer::SetState(VCMFrameBufferStateEnum state) { _state = state; SetState(kStateIncomplete); SetState(kStateDecodable); _state == kStateDecodable); _state == kStateIncomplete || 0 --------------------------------- 538 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_frame_buffer.cc cppfunc 239 SetState(kStateIncomplete); _state == kStateIncomplete || assert(_state == kStateEmpty || _state == kStateIncomplete || VCMFrameBuffer::SetState(VCMFrameBufferStateEnum state) { _state = state; SetState(kStateIncomplete); SetState(kStateDecodable); _state == kStateDecodable); _state == kStateIncomplete || 0 --------------------------------- 539 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc cfunc 360 size_t frame_buffer_length, frame_buffer_length); assert(fragmentation->fragmentationOffset[partition_id] < frame_buffer_length); assert(fragmentation->fragmentationLength[partition_id] <= 0 --------------------------------- 540 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc cppfunc 360 size_t frame_buffer_length, frame_buffer_length); assert(fragmentation->fragmentationOffset[partition_id] < frame_buffer_length); assert(fragmentation->fragmentationLength[partition_id] <= 0 --------------------------------- 541 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 845 V9fsStatDotl v9stat_dotl; stat_to_v9stat_dotl(s, &stbuf, &v9stat_dotl); V9fsStatDotl *v9lstat) memset(v9lstat, 0, sizeof(*v9lstat)); 0 --------------------------------- 542 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cfunc 743 char **sbuffer, char **buffer, assert(*sbuffer != NULL || buffer != NULL); memcpy(*buffer, *sbuffer, *currlen); *sbuffer = NULL; assert(*sbuffer != NULL); 0 --------------------------------- 543 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cppfunc 743 char **sbuffer, char **buffer, assert(*sbuffer != NULL || buffer != NULL); memcpy(*buffer, *sbuffer, *currlen); *sbuffer = NULL; assert(*sbuffer != NULL); 0 --------------------------------- 544 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1074 unsigned char **buffer, char *string, int strsize) memcpy(string, buffer, strsize - 1); 0 --------------------------------- 545 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c inputfunc 1763 if ((cups_serverroot = getenv("CUPS_SERVERROOT")) == NULL) snprintf(filename, sizeof(filename), "%s/snmp.conf", cups_serverroot); if ((fp = cupsFileOpen(filename, "r")) != NULL) while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) filename); fprintf(stderr, "ERROR: Missing value on line %d of %s!\n", linenum, "line %d of %s!\n", linenum, filename); fprintf(stderr, line, linenum, filename); fprintf(stderr, "ERROR: Unknown directive %s on line %d of %s!\n", cupsFileClose(fp); filename); fprintf(stderr, 0 --------------------------------- 546 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 531 int _AVI_ChunkRead( stream_t *s, avi_chunk_t *p_chk, avi_chunk_t *p_father ) if( AVI_ChunkReadCommon( s, p_chk ) ) static int AVI_ChunkReadCommon( stream_t *s, avi_chunk_t *p_chk ) if( ( i_peek = stream_Peek( s, &p_peek, 8 ) ) < 8 ) p_chk->common.i_chunk_pos = stream_Tell( s ); AVI_READCHUNK_ENTER; AVI_READ2BYTES( p_indx->i_longsperentry ); AVI_READ1BYTE ( p_indx->i_indexsubtype ); AVI_READ4BYTES( p_indx->i_id ); AVI_READ8BYTES( p_indx->i_baseoffset ); AVI_READ4BYTES( i_dummy ); i_count = __MIN( p_indx->i_entriesinuse, i_read / 12 ); p_indx->idx.field = calloc( sizeof( indx_field_entry_t ), i_count ); if( AVI_ChunkReadCommon( s, p_chk ) ) return AVI_ChunkRead_indx( s, p_chk ); static int AVI_ChunkRead_indx( stream_t *s, avi_chunk_t *p_chk ) AVI_READCHUNK_ENTER; i_count = __MIN( p_indx->i_entriesinuse, i_read / 12 ); p_indx->idx.field = calloc( sizeof( indx_field_entry_t ), i_count ); static inline uint8_t GetB( uint8_t *ptr ) AVI_READ1BYTE ( p_indx->i_indextype ); static inline uint8_t GetB( uint8_t *ptr ) AVI_READ4BYTES( p_indx->i_entriesinuse ); i_count = __MIN( p_indx->i_entriesinuse, i_read / 12 ); p_indx->idx.field = calloc( sizeof( indx_field_entry_t ), i_count ); 0 --------------------------------- 547 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cppfunc 531 int _AVI_ChunkRead( stream_t *s, avi_chunk_t *p_chk, avi_chunk_t *p_father ) if( AVI_ChunkReadCommon( s, p_chk ) ) static int AVI_ChunkReadCommon( stream_t *s, avi_chunk_t *p_chk ) if( ( i_peek = stream_Peek( s, &p_peek, 8 ) ) < 8 ) p_chk->common.i_chunk_pos = stream_Tell( s ); AVI_READCHUNK_ENTER; AVI_READ2BYTES( p_indx->i_longsperentry ); AVI_READ1BYTE ( p_indx->i_indexsubtype ); AVI_READ4BYTES( p_indx->i_id ); AVI_READ8BYTES( p_indx->i_baseoffset ); AVI_READ4BYTES( i_dummy ); i_count = __MIN( p_indx->i_entriesinuse, i_read / 12 ); p_indx->idx.field = calloc( sizeof( indx_field_entry_t ), i_count ); if( AVI_ChunkReadCommon( s, p_chk ) ) return AVI_ChunkRead_indx( s, p_chk ); static int AVI_ChunkRead_indx( stream_t *s, avi_chunk_t *p_chk ) AVI_READCHUNK_ENTER; i_count = __MIN( p_indx->i_entriesinuse, i_read / 12 ); p_indx->idx.field = calloc( sizeof( indx_field_entry_t ), i_count ); static inline uint8_t GetB( uint8_t *ptr ) AVI_READ1BYTE ( p_indx->i_indextype ); static inline uint8_t GetB( uint8_t *ptr ) AVI_READ4BYTES( p_indx->i_entriesinuse ); i_count = __MIN( p_indx->i_entriesinuse, i_read / 12 ); p_indx->idx.field = calloc( sizeof( indx_field_entry_t ), i_count ); 0 --------------------------------- 548 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 2078 V9fsString extension; v9fs_string_init(&extension); &perm, &mode, &extension); int32_t ofid = atoi(extension.data); 0 --------------------------------- 549 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cppfunc 2078 V9fsString extension; v9fs_string_init(&extension); &perm, &mode, &extension); int32_t ofid = atoi(extension.data); 0 --------------------------------- 550 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c cfunc 517 cups_image_t *img, bpp = cupsImageGetDepth(img); pixels = calloc(bpp, img->xsize); _cupsImagePutRow(img, 0, ypos, img->xsize, pixels); free(pixels); 0 --------------------------------- 551 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c cppfunc 517 cups_image_t *img, bpp = cupsImageGetDepth(img); pixels = calloc(bpp, img->xsize); _cupsImagePutRow(img, 0, ypos, img->xsize, pixels); free(pixels); 0 --------------------------------- 552 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 177 path->data = NULL; path->size = 0; if (!strncmp(s1->data, s2->data, s1->size - 1)) { err = v9fs_co_open(pdu, f, f->open_flags); err = v9fs_co_opendir(pdu, f); for (f = s->fid_list; f; f = f->next) { BUG_ON(f->clunked); f->ref++; err = v9fs_reopen_fid(pdu, f); return NULL; f->flags |= FID_REFERENCED; return f; return NULL; err = v9fs_co_rename(pdu, &fidp->path, &new_path); if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &new_path, strlen(fidp->path.data)); if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { fidp = get_fid(pdu, fid); err = v9fs_complete_rename(pdu, fidp, newdirfid, &name); V9fsPath oldpath, newpath; v9fs_path_init(&oldpath); v9fs_co_name_to_path(pdu, olddir, old_name->data, &oldpath); if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { v9fs_fix_path(&tfidp->path, &newpath, strlen(oldpath.data)); if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { fidp = get_fid(pdu, fid); err = v9fs_complete_rename(pdu, fidp, -1, &v9stat.name); static int v9fs_complete_rename(V9fsPDU *pdu, V9fsFidState *fidp, if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { static int v9fs_path_is_ancestor(V9fsPath *s1, V9fsPath *s2) if (!strncmp(s1->data, s2->data, s1->size - 1)) { if (v9fs_path_is_ancestor(&fidp->path, &tfidp->path)) { void v9fs_path_init(V9fsPath *path) v9fs_path_init(&oldpath); if (v9fs_path_is_ancestor(&oldpath, &tfidp->path)) { static int v9fs_reopen_fid(V9fsPDU *pdu, V9fsFidState *f) err = v9fs_reopen_fid(pdu, f); return f; fidp = get_fid(pdu, fid); err = v9fs_complete_rename(pdu, fidp, newdirfid, &name); 0 --------------------------------- 553 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 751 value_length = asn1_get_length(&buffer, bufend); asn1_get_oid(&buffer, bufend, value_length, oid, SNMP_MAX_OID); int length, int *oid, int oidsize); value_length); 0 --------------------------------- 554 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 750 asn1_debug(buffer, value_length, indent + 4); asn1_debug(buffer, value_length, indent + 4); asn1_debug(buffer, value_length, indent + 4); int indent) fprintf(stderr, "DEBUG: %*sBOOLEAN %d bytes %d\n", indent, "", putc('\n', stderr); fprintf(stderr, "DEBUG: %*sOID %d bytes ", indent, "", 0 --------------------------------- 555 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 949 void NetworkUtils::enableNat(CommandChain* aChain, if (!GET_FIELD(mIp).IsEmpty() && !GET_FIELD(mPrefix).IsEmpty()) { uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); GET_CHAR(mInternalIfname), GET_CHAR(mExternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 556 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 948 void NetworkUtils::enableNat(CommandChain* aChain, if (!GET_FIELD(mIp).IsEmpty() && !GET_FIELD(mPrefix).IsEmpty()) { uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = getNetworkAddr(ip, prefix); GET_CHAR(mInternalIfname), GET_CHAR(mExternalIfname), networkAddr, 0 --------------------------------- 557 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cfunc 234 const char *format, ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; if (isdigit((unsigned char)ch)) { 0 --------------------------------- 558 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cppfunc 234 const char *format, ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; ch = *format++; if (isdigit((unsigned char)ch)) { 0 --------------------------------- 559 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4113 return av_guess_format("image2", NULL, NULL); return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); const char *filename, void *logctx, if ((ret = avio_open2(&s->pb, filename, AVIO_FLAG_READ | s->avio_flags, return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); const char *filename, void *logctx, if (!av_filename_number_test(filename)) { oformat = av_guess_format(format, NULL, NULL); AVOutputFormat *oformat, const char *filename) int ret = avformat_alloc_output_context2(&avctx, oformat, format, filename); const char *format, const char *filename) oformat = av_guess_format(NULL, filename, NULL); nd = 0; while (isdigit(*p)) { nd = nd * 10 + *p++ - '0'; c = *p++; } while (isdigit(c)); AVOutputFormat *av_guess_format(const char *short_name, const char *filename, ff_guess_image2_codec(filename) != AV_CODEC_ID_NONE) { av_filename_number_test(filename) && int av_filename_number_test(const char *filename) return filename && (av_get_frame_filename(buf, sizeof(buf), filename, 1)>=0); const char *path, int number) p = path; c = *p++; c = *p++; } while (isdigit(c)); int avformat_open_input(AVFormatContext **ps, const char *filename, AVInputFormat *fmt, AVDictionary **options) if ((ret = init_input(s, filename, &tmp)) < 0) static int init_input(AVFormatContext *s, const char *filename, AVDictionary **options) if (!av_filename_number_test(filename)) { 0 --------------------------------- 560 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 4113 return av_guess_format("image2", NULL, NULL); return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); const char *filename, void *logctx, if ((ret = avio_open2(&s->pb, filename, AVIO_FLAG_READ | s->avio_flags, return av_probe_input_buffer(s->pb, &s->iformat, filename, s, 0, s->probesize); const char *filename, void *logctx, if (!av_filename_number_test(filename)) { oformat = av_guess_format(format, NULL, NULL); AVOutputFormat *oformat, const char *filename) int ret = avformat_alloc_output_context2(&avctx, oformat, format, filename); const char *format, const char *filename) oformat = av_guess_format(NULL, filename, NULL); nd = 0; while (isdigit(*p)) { nd = nd * 10 + *p++ - '0'; c = *p++; } while (isdigit(c)); AVOutputFormat *av_guess_format(const char *short_name, const char *filename, ff_guess_image2_codec(filename) != AV_CODEC_ID_NONE) { av_filename_number_test(filename) && int av_filename_number_test(const char *filename) return filename && (av_get_frame_filename(buf, sizeof(buf), filename, 1)>=0); const char *path, int number) p = path; c = *p++; c = *p++; } while (isdigit(c)); int avformat_open_input(AVFormatContext **ps, const char *filename, AVInputFormat *fmt, AVDictionary **options) if ((ret = init_input(s, filename, &tmp)) < 0) static int init_input(AVFormatContext *s, const char *filename, AVDictionary **options) if (!av_filename_number_test(filename)) { 0 --------------------------------- 561 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1832 fprintf(stderr, "ERROR: Missing value on line %d of %s!\n", linenum, fprintf(stderr, fprintf(stderr, "ERROR: Unknown directive %s on line %d of %s!\n", fprintf(stderr, fputs("INFO: Using default SNMP Community public\n", stderr); 0 --------------------------------- 562 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cppfunc 942 void NetworkUtils::enableNat(CommandChain* aChain, if (!GET_FIELD(mIp).IsEmpty() && !GET_FIELD(mPrefix).IsEmpty()) { uint32_t prefix = atoi(GET_CHAR(mPrefix)); 0 --------------------------------- 563 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_workmonitor.cpp cfunc 276 LPWSTR cmdLine = MakeCommandLine(argc, argv); LOG(("Starting service with cmdline: %ls", cmdLine)); processStarted = CreateProcessW(argv[0], cmdLine, free(cmdLine); 0 --------------------------------- 564 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_workmonitor.cpp cppfunc 276 LPWSTR cmdLine = MakeCommandLine(argc, argv); LOG(("Starting service with cmdline: %ls", cmdLine)); processStarted = CreateProcessW(argv[0], cmdLine, free(cmdLine); 0 --------------------------------- 565 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 4246 nsRect &o = lineOverflowAreas.Overflow(otype); o = aLine->GetOverflowArea(otype); otype, 0 --------------------------------- 566 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 4247 if (aState.GetFlag(BRS_APPLYTOPMARGIN)) { if (!aState.IsAdjacentWithTop()) { if (aState.GetFlag(BRS_HAVELINEADJACENTTOTOP)) { aState.SetFlag(BRS_HAVELINEADJACENTTOTOP, true); if (ShouldApplyTopMargin(aState, aLine)) { nsFlowAreaRect floatAvailableSpace = aState.GetFloatAvailableSpace(); lineLayout.Init(&aState, aState.mMinLineHeight, aState.mLineNumber); rv = DoReflowInlineFrames(aState, lineLayout, aLine, !aFrame->IsFrameOfType(nsIFrame::eReplaced) && return aFrame->IsFrameOfType(nsIFrame::eBlockFrame) && (line->GetBreakTypeBefore() != NS_STYLE_CLEAR_NONE || bool previousMarginWasDirty = line->IsPreviousMarginDirty(); (line->IsBlock() || line->HasFloats() || line->HadFloatPushed())) { if (!line->IsDirty()) { if (needToRecoverState && line->IsDirty()) { if (line->IsDirty() && (line->HasFloats() || !willReflowAgain)) { NS_ASSERTION(!willReflowAgain || !line->IsBlock(), rv = ReflowLine(aState, line, &keepGoing); line_iterator aLine, rv = ReflowInlineFrames(aState, aLine, aKeepReflowGoing); line_iterator aLine, aLine->SetLineIsImpactedByFloat(false); if (ShouldApplyTopMargin(aState, aLine)) { nsLineBox* aLine) if (ShouldApplyTopMargin(aState, aLine)) { rv = DoReflowInlineFrames(aState, lineLayout, aLine, line_iterator aLine, aLine->EnableResizeReflowOptimization(); for (i = 0; LINE_REFLOW_OK == lineReflowStatus && i < aLine->GetChildCount(); rv = ReflowInlineFrame(aState, aLineLayout, aLine, frame, while ((aLine != end_lines()) && (0 == aLine->GetChildCount())) { aLine = mLines.erase(aLine); while ((aLine != end_lines()) && (0 == aLine->GetChildCount())) { for (i = 0; LINE_REFLOW_OK == lineReflowStatus && i < aLine->GetChildCount(); line_iterator aLine, rv = DoReflowInlineFrames(aState, lineLayout, aLine, line_iterator aLine, aLine->EnableResizeReflowOptimization(); for (i = 0; LINE_REFLOW_OK == lineReflowStatus && i < aLine->GetChildCount(); if (!PlaceLine(aState, aLineLayout, aLine, aFloatStateBeforeLine, line_iterator aLine, IsLastLine(aState, aLine))); aLine->SetOverflowAreas(overflowAreas); if (!aLine->CachedIsEmpty()) { aLine->AppendFloats(aState.mCurrentLineFloats); if (aLine->HasFloats()) { o = aLine->GetOverflowArea(otype); o.x, o.y, o.width, o.height, nsBlockFrame::DoReflowInlineFrames(nsBlockReflowState& aState, rv = ReflowInlineFrame(aState, aLineLayout, aLine, frame, nsBlockFrame::ReflowInlineFrame(nsBlockReflowState& aState, rv = ReflowInlineFrame(aState, aLineLayout, aLine, frame, (NS_STYLE_CLEAR_NONE != aState.mFloatBreakType), "bad break type"); NS_ASSERTION((NS_STYLE_CLEAR_NONE != breakType) || NS_ASSERTION(NS_STYLE_CLEAR_PAGE != breakType, "no page breaks yet"); aLine->SetBreakTypeAfter(breakType); rv = ReflowInlineFrame(aState, aLineLayout, aLine, frame, while ((aLine != end_lines()) && (0 == aLine->GetChildCount())) { aLine = mLines.erase(aLine); while ((aLine != end_lines()) && (0 == aLine->GetChildCount())) { for (i = 0; LINE_REFLOW_OK == lineReflowStatus && i < aLine->GetChildCount(); line_iterator aLine, rv = DoReflowInlineFrames(aState, lineLayout, aLine, line_iterator aLine, aLine->EnableResizeReflowOptimization(); for (i = 0; LINE_REFLOW_OK == lineReflowStatus && i < aLine->GetChildCount(); if (!PlaceLine(aState, aLineLayout, aLine, aFloatStateBeforeLine, line_iterator aLine, IsLastLine(aState, aLine))); aLine->SetOverflowAreas(overflowAreas); if (!aLine->CachedIsEmpty()) { aLine->AppendFloats(aState.mCurrentLineFloats); if (aLine->HasFloats()) { o = aLine->GetOverflowArea(otype); o.x, o.y, o.width, o.height, nsBlockFrame::ReflowInlineFrame(nsBlockReflowState& aState, (NS_STYLE_CLEAR_NONE != aState.mFloatBreakType), "bad break type"); NS_ASSERTION((NS_STYLE_CLEAR_NONE != breakType) || NS_ASSERTION(NS_STYLE_CLEAR_PAGE != breakType, "no page breaks yet"); aLine->SetBreakTypeAfter(breakType); rv = ReflowInlineFrame(aState, aLineLayout, aLine, frame, while ((aLine != end_lines()) && (0 == aLine->GetChildCount())) { aLine = mLines.erase(aLine); while ((aLine != end_lines()) && (0 == aLine->GetChildCount())) { for (i = 0; LINE_REFLOW_OK == lineReflowStatus && i < aLine->GetChildCount(); line_iterator aLine, rv = DoReflowInlineFrames(aState, lineLayout, aLine, line_iterator aLine, aLine->EnableResizeReflowOptimization(); for (i = 0; LINE_REFLOW_OK == lineReflowStatus && i < aLine->GetChildCount(); if (!PlaceLine(aState, aLineLayout, aLine, aFloatStateBeforeLine, line_iterator aLine, IsLastLine(aState, aLine))); aLine->SetOverflowAreas(overflowAreas); if (!aLine->CachedIsEmpty()) { aLine->AppendFloats(aState.mCurrentLineFloats); if (aLine->HasFloats()) { o = aLine->GetOverflowArea(otype); o.x, o.y, o.width, o.height, 0 --------------------------------- 567 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 1363 (frag->msg_header.seq, frag->msg_header.is_ccs), 0, int dtls1_get_queue_priority(unsigned short seq, int is_ccs) return seq * 2 - is_ccs; (frag->msg_header.seq, dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off, fprintf(stderr, "retransmit: message %d non-existant\n", seq); 0 --------------------------------- 568 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c cfunc 320 *p++ = '\0'; p = strchr(p, quote); p = strchr(p, '='); 0 --------------------------------- 569 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c inputfunc 270 if ((count = getc(fp)) == EOF) else if (count == 0) else if (fread(buf, 1, count, fp) < count) return (count); 0 --------------------------------- 570 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1037 unsigned short type; n2s(data, type); s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); int idsize; n2s(data, idsize); size -= 2 + idsize; n2s(data, size); fprintf(stderr, "Received extension type %d size %d\n", type, size); 0 --------------------------------- 571 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 1139 unsigned short size; n2s(data, size); fprintf(stderr, "Received extension type %d size %d\n", type, size); s->tlsext_debug_cb(s, 0, type, data, size, s->tlsext_debug_arg); size -= 2; !s->tls_session_ticket_ext_cb(s, data, size, if (!ssl_parse_clienthello_renegotiate_ext(s, data, size, al)) size -= 2; size--; size -= 2; size -= 2 + idsize; size -= 2; if (ssl_parse_clienthello_use_srtp_ext(s, data, size, al)) data += size; n2s(data, type); n2s(data, size); s->srp_ctx.login[len] = '\0'; if (strlen(s->srp_ctx.login) != len) memcpy(s->srp_ctx.login, &data[1], len); 0 --------------------------------- 572 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 4202 pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, tb); pkt_dump_internal(avcl, NULL, level, pkt, dump_payload, st->time_base); void av_pkt_dump2(FILE *f, AVPacket *pkt, int dump_payload, AVStream *st) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, st->time_base); static void pkt_dump_internal(void *avcl, FILE *f, int level, AVPacket *pkt, int dump_payload, AVRational time_base) PRINT("N/A"); void av_pkt_dump(FILE *f, AVPacket *pkt, int dump_payload) pkt_dump_internal(NULL, f, 0, pkt, dump_payload, tb); 0 --------------------------------- 573 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 694 uint8_t *new_buf = av_realloc(pd->buf, pd->buf_size+pkt->size+AVPROBE_PADDING_SIZE); pd->buf = new_buf; memcpy(pd->buf+pd->buf_size, pkt->data, pkt->size); memset(pd->buf+pd->buf_size, 0, AVPROBE_PADDING_SIZE); if(end || av_log2(pd->buf_size) != av_log2(pd->buf_size - pkt->size)){ av_init_packet(pkt); ret= s->iformat->read_packet(s, pkt); probe_codec(s, st, NULL); av_free_packet(pkt); av_packet_merge_side_data(pkt); add_to_pktbuf(&s->raw_packet_buffer, pkt, &s->raw_packet_buffer_end); AVPacket cur_pkt; ret = ff_read_packet(s, &cur_pkt); AVPacket pkt1, *pkt = &pkt1; av_free_packet(pkt); ret = ff_read_packet(ic, pkt); int ff_read_packet(AVFormatContext *s, AVPacket *pkt) *pkt = pktl->pkt; av_init_packet(pkt); add_to_pktbuf(&s->raw_packet_buffer, pkt, &s->raw_packet_buffer_end); static AVPacket *add_to_pktbuf(AVPacketList **packet_buffer, AVPacket *pkt, add_to_pktbuf(&s->raw_packet_buffer, pkt, &s->raw_packet_buffer_end); probe_codec(s, st, pkt); *pkt = pktl->pkt; av_init_packet(pkt); add_to_pktbuf(&s->raw_packet_buffer, pkt, &s->raw_packet_buffer_end); static void probe_codec(AVFormatContext *s, AVStream *st, const AVPacket *pkt) uint8_t *new_buf = av_realloc(pd->buf, pd->buf_size+pkt->size+AVPROBE_PADDING_SIZE); pd->buf = new_buf; memcpy(pd->buf+pd->buf_size, pkt->data, pkt->size); memset(pd->buf+pd->buf_size, 0, AVPROBE_PADDING_SIZE); if(end || av_log2(pd->buf_size) != av_log2(pd->buf_size - pkt->size)){ probe_codec(s, st, pkt); *pkt = pktl->pkt; av_init_packet(pkt); add_to_pktbuf(&s->raw_packet_buffer, pkt, &s->raw_packet_buffer_end); int av_read_packet(AVFormatContext *s, AVPacket *pkt) return ff_read_packet(s, pkt); 0 --------------------------------- 574 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 363 nsBlockFrame::List(FILE* out, int32_t aIndent, uint32_t aFlags) const IndentBy(out, aIndent); ListTag(out); fprintf(out, " [parent=%p]", mParent); fprintf(out, " [view=%p]", static_cast(GetView())); fprintf(out, " next=%p", static_cast(GetNextSibling())); fprintf(out, " prev-in-flow=%p", static_cast(GetPrevInFlow())); fprintf(out, " next-in-flow=%p", static_cast(GetNextInFlow())); fprintf(out, " IBSplitSpecialSibling=%p", IBsibling); void* IBprevsibling = Properties().Get(IBSplitSpecialPrevSibling()); fprintf(out, " IBSplitSpecialPrevSibling=%p", IBprevsibling); 0 --------------------------------- 575 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 1813 V9fsQID qid; dent = g_malloc(sizeof(struct dirent)); err = v9fs_co_readdir_r(pdu, fidp, dent, &result); size = MIN(sizeof(dent->d_ino), sizeof(qid.path)); qid.type = 0; qid.version = 0; &qid, dent->d_off, memcpy(&qid.path, &dent->d_ino, size); 0 --------------------------------- 576 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 692 static AVPacket *add_to_pktbuf(AVPacketList **packet_buffer, AVPacket *pkt, uint8_t *new_buf = av_realloc(pd->buf, pd->buf_size+pkt->size+AVPROBE_PADDING_SIZE); pd->buf = new_buf; memcpy(pd->buf+pd->buf_size, pkt->data, pkt->size); pd->buf_size += pkt->size; memset(pd->buf+pd->buf_size, 0, AVPROBE_PADDING_SIZE); if(end || av_log2(pd->buf_size) != av_log2(pd->buf_size - pkt->size)){ probe_codec(s, st, NULL); av_free_packet(pkt); add_to_pktbuf(&s->raw_packet_buffer, pkt, &s->raw_packet_buffer_end); probe_codec(s, st, pkt); *pkt = pktl->pkt; av_init_packet(pkt); add_to_pktbuf(&s->raw_packet_buffer, pkt, &s->raw_packet_buffer_end); AVPacket cur_pkt; ret = ff_read_packet(s, &cur_pkt); AVPacket pkt1, *pkt = &pkt1; ret = ff_read_packet(ic, pkt); av_free_packet(pkt); ret = ff_read_packet(ic, pkt); static AVPacket *add_to_pktbuf(AVPacketList **packet_buffer, AVPacket *pkt, add_to_pktbuf(&s->raw_packet_buffer, pkt, &s->raw_packet_buffer_end); probe_codec(s, st, pkt); static void probe_codec(AVFormatContext *s, AVStream *st, const AVPacket *pkt) uint8_t *new_buf = av_realloc(pd->buf, pd->buf_size+pkt->size+AVPROBE_PADDING_SIZE); pd->buf = new_buf; memcpy(pd->buf+pd->buf_size, pkt->data, pkt->size); memset(pd->buf+pd->buf_size, 0, AVPROBE_PADDING_SIZE); if(end || av_log2(pd->buf_size) != av_log2(pd->buf_size - pkt->size)){ av_init_packet(pkt); ret= s->iformat->read_packet(s, pkt); av_packet_merge_side_data(pkt); add_to_pktbuf(&s->raw_packet_buffer, pkt, &s->raw_packet_buffer_end); probe_codec(s, st, pkt); *pkt = pktl->pkt; av_init_packet(pkt); add_to_pktbuf(&s->raw_packet_buffer, pkt, &s->raw_packet_buffer_end); int ff_read_packet(AVFormatContext *s, AVPacket *pkt) *pkt = pktl->pkt; av_init_packet(pkt); add_to_pktbuf(&s->raw_packet_buffer, pkt, &s->raw_packet_buffer_end); int av_read_packet(AVFormatContext *s, AVPacket *pkt) return ff_read_packet(s, pkt); 0 --------------------------------- 577 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 1351 process_rtsp_reply(tvbuff_t *tvb, int offset, const guchar *data, const guchar *status = data; while (status < lineend && !isspace(*status)) status++; while (status < lineend && isspace(*status)) status++; status_i = 0; while (status < lineend && isdigit(*status)) status_i = status_i * 10 + *status++ - '0'; while (status < lineend && isdigit(*status)) 0 --------------------------------- 578 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cppfunc 1351 process_rtsp_reply(tvbuff_t *tvb, int offset, const guchar *data, const guchar *status = data; while (status < lineend && !isspace(*status)) status++; while (status < lineend && isspace(*status)) status++; status_i = 0; while (status < lineend && isdigit(*status)) status_i = status_i * 10 + *status++ - '0'; while (status < lineend && isdigit(*status)) 0 --------------------------------- 579 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1884 if (asn1_decode_snmp(buffer, bytes, &packet)) snmp_packet_t *packet); snmp_packet_t packet; if (asn1_decode_snmp(buffer, bytes, &packet)) addrname, packet.error); 0 --------------------------------- 580 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 510 unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf, unsigned char *ret = buf; ret += 2; long lenmax; strlen(s->tlsext_hostname)) > (unsigned long)lenmax) s2n(TLSEXT_TYPE_server_name, ret); s2n(size_str + 5, ret); s2n(size_str + 3, ret); *(ret++) = (unsigned char)TLSEXT_NAMETYPE_host_name; s2n(size_str, ret); memcpy(ret, s->tlsext_hostname, size_str); ret += size_str; int el; if (!ssl_add_clienthello_renegotiate_ext(s, 0, &el, 0)) { s2n(TLSEXT_TYPE_renegotiate, ret); s2n(el, ret); if (!ssl_add_clienthello_renegotiate_ext(s, ret, &el, el)) { ret += el; int login_len = strlen(s->srp_ctx.login); s2n(TLSEXT_TYPE_srp, ret); s2n(login_len + 1, ret); (*ret++) = (unsigned char)login_len; memcpy(ret, s->srp_ctx.login, login_len); ret += login_len; s2n(TLSEXT_TYPE_ec_point_formats, ret); s2n(s->tlsext_ecpointformatlist_length + 1, ret); *(ret++) = (unsigned char)s->tlsext_ecpointformatlist_length; memcpy(ret, s->tlsext_ecpointformatlist, s->tlsext_ecpointformatlist_length); ret += s->tlsext_ecpointformatlist_length; s2n(TLSEXT_TYPE_elliptic_curves, ret); s2n(s->tlsext_ellipticcurvelist_length + 2, ret); s2n(s->tlsext_ellipticcurvelist_length, ret); memcpy(ret, s->tlsext_ellipticcurvelist, 0 --------------------------------- 581 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp cfunc 1645 for (line_iterator line = begin_lines(), line_end = end_lines(); if (gNoisyReflow && !line->IsDirty()) { static_cast(line.get()), static_cast((line.next() != end_lines() ? line.next().get() : nullptr)), line->IsBlock() ? "block" : "inline", line->HasBreakAfter() ? "has-break-after " : "", line->HasFloats() ? "has-floats " : "", line->IsImpactedByFloat() ? "impacted " : "", line->GetBreakTypeBefore(), line->GetBreakTypeAfter(), line->IsImpactedByFloat() || line->ResizeReflowOptimizationDisabled() || ((isLastLine || !line->IsLineWrapped()) && !skipLastLine) || (!isLastLine && !line->HasBreakAfter()) || line->HasFloats() || if (line->IsBlock() || line->IsImpactedByFloat() || line->MarkDirty(); if (!line->IsBlock()) { line.get(), line->IsImpactedByFloat() ? "" : "not "); 0 --------------------------------- 582 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 1643 if ((frame_size = av_get_audio_frame_duration(enc, size)) > 0) frame_size = get_audio_frame_size(st->codec, pkt->size, 0); avpriv_h264_has_num_reorder_frames(st->codec) == st->codec->has_b_frames) st = s->streams[cur_pkt.stream_index]; compute_pkt_fields(s, st, NULL, pkt); av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); st = s->streams[pkt->stream_index]; st->skip_samples = 0; av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); timestamp -= RELATIVE_TS_BASE; entries = av_fast_realloc(*index_entries, (*nb_index_entries + 1) * *index_entries= entries; index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); assert(index==0 || ie[-1].timestamp < timestamp); av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); return ff_add_index_entry(&st->index_entries, &st->nb_index_entries, int *nb_index_entries, &st->index_entries_allocated_size, pos, unsigned int *index_entries_allocated_size, int64_t pos, int64_t timestamp, int size, int distance, int flags) timestamp, size, distance, flags); int64_t pos, int64_t timestamp, int size, int distance, int flags) if((unsigned)*nb_index_entries + 1 >= UINT_MAX / sizeof(AVIndexEntry)) if (is_relative(timestamp)) index_entries_allocated_size, (*nb_index_entries + 1) * sizeof(AVIndexEntry)); entries = av_fast_realloc(*index_entries, a = - 1; a= b-1; m = (a + b) >> 1; b = m; a = m; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; m += (flags & AVSEEK_FLAG_BACKWARD) ? -1 : 1; return -1; return m; index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); index= (*nb_index_entries)++; ie= &entries[index]; int64_t wanted_timestamp, int flags) assert(index==0 || ie[-1].timestamp < timestamp); static int is_relative(int64_t ts) { index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); int64_t wanted_timestamp, int flags) assert(index==0 || ie[-1].timestamp < timestamp); static void compute_pkt_fields(AVFormatContext *s, AVStream *st, compute_pkt_fields(s, st, NULL, pkt); av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); int av_add_index_entry(AVStream *st, av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); return ff_add_index_entry(&st->index_entries, &st->nb_index_entries, int ff_add_index_entry(AVIndexEntry **index_entries, entries = av_fast_realloc(*index_entries, ie= &entries[index]; assert(index==0 || ie[-1].timestamp < timestamp); static void compute_frame_duration(int *pnum, int *pden, AVStream *st, compute_frame_duration(&num, &den, st, pc, pkt); if(pkt->pts != AV_NOPTS_VALUE && delay <= MAX_REORDER_DELAY && has_decode_delay_been_guessed(st)){ static int has_decode_delay_been_guessed(AVStream *st) if(pkt->pts != AV_NOPTS_VALUE && delay <= MAX_REORDER_DELAY && has_decode_delay_been_guessed(st)){ int ff_index_search_timestamp(const AVIndexEntry *entries, int nb_entries, index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); return ff_add_index_entry(&st->index_entries, &st->nb_index_entries, b = nb_entries; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; return m; index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); assert(index==0 || ie[-1].timestamp < timestamp); static int get_audio_frame_size(AVCodecContext *enc, int size, int mux) frame_size = get_audio_frame_size(st->codec, pkt->size, 0); 0 --------------------------------- 583 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cppfunc 1643 if ((frame_size = av_get_audio_frame_duration(enc, size)) > 0) frame_size = get_audio_frame_size(st->codec, pkt->size, 0); avpriv_h264_has_num_reorder_frames(st->codec) == st->codec->has_b_frames) st = s->streams[cur_pkt.stream_index]; compute_pkt_fields(s, st, NULL, pkt); av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); st = s->streams[pkt->stream_index]; st->skip_samples = 0; av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); timestamp -= RELATIVE_TS_BASE; entries = av_fast_realloc(*index_entries, (*nb_index_entries + 1) * *index_entries= entries; index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); assert(index==0 || ie[-1].timestamp < timestamp); av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); return ff_add_index_entry(&st->index_entries, &st->nb_index_entries, int *nb_index_entries, &st->index_entries_allocated_size, pos, unsigned int *index_entries_allocated_size, int64_t pos, int64_t timestamp, int size, int distance, int flags) timestamp, size, distance, flags); int64_t pos, int64_t timestamp, int size, int distance, int flags) if((unsigned)*nb_index_entries + 1 >= UINT_MAX / sizeof(AVIndexEntry)) if (is_relative(timestamp)) index_entries_allocated_size, (*nb_index_entries + 1) * sizeof(AVIndexEntry)); entries = av_fast_realloc(*index_entries, a = - 1; a= b-1; m = (a + b) >> 1; b = m; a = m; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; m += (flags & AVSEEK_FLAG_BACKWARD) ? -1 : 1; return -1; return m; index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); index= (*nb_index_entries)++; ie= &entries[index]; int64_t wanted_timestamp, int flags) assert(index==0 || ie[-1].timestamp < timestamp); static int is_relative(int64_t ts) { index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); int64_t wanted_timestamp, int flags) assert(index==0 || ie[-1].timestamp < timestamp); static void compute_pkt_fields(AVFormatContext *s, AVStream *st, compute_pkt_fields(s, st, NULL, pkt); av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); int av_add_index_entry(AVStream *st, av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); av_add_index_entry(st, pkt->pos, pkt->dts, 0, 0, AVINDEX_KEYFRAME); return ff_add_index_entry(&st->index_entries, &st->nb_index_entries, int ff_add_index_entry(AVIndexEntry **index_entries, entries = av_fast_realloc(*index_entries, ie= &entries[index]; assert(index==0 || ie[-1].timestamp < timestamp); static void compute_frame_duration(int *pnum, int *pden, AVStream *st, compute_frame_duration(&num, &den, st, pc, pkt); if(pkt->pts != AV_NOPTS_VALUE && delay <= MAX_REORDER_DELAY && has_decode_delay_been_guessed(st)){ static int has_decode_delay_been_guessed(AVStream *st) if(pkt->pts != AV_NOPTS_VALUE && delay <= MAX_REORDER_DELAY && has_decode_delay_been_guessed(st)){ int ff_index_search_timestamp(const AVIndexEntry *entries, int nb_entries, index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); return ff_add_index_entry(&st->index_entries, &st->nb_index_entries, b = nb_entries; m= (flags & AVSEEK_FLAG_BACKWARD) ? a : b; return m; index= ff_index_search_timestamp(*index_entries, *nb_index_entries, timestamp, AVSEEK_FLAG_ANY); assert(index==0 || ie[-1].timestamp < timestamp); static int get_audio_frame_size(AVCodecContext *enc, int size, int mux) frame_size = get_audio_frame_size(st->codec, pkt->size, 0); 0 --------------------------------- 584 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c cfunc 3904 int g = av_gcd(st->time_base.num, st->time_base.den); av_log(NULL, AV_LOG_DEBUG, ", %d, %d/%d", st->codec_info_nb_frames, st->time_base.num/g, st->time_base.den/g); print_fps(av_q2d(st->avg_frame_rate), "fps"); print_fps(1/av_q2d(st->time_base), "tbn"); print_fps(1/av_q2d(st->codec->time_base), "tbc"); uint8_t *printed = ic->nb_streams ? av_mallocz(ic->nb_streams) : NULL; us = ic->duration % AV_TIME_BASE; (100 * us) / AV_TIME_BASE); us = abs(ic->start_time % AV_TIME_BASE); dump_stream_format(ic, ic->programs[j]->stream_index[k], index, is_output); static void print_fps(double d, const char *postfix){ uint64_t v= lrintf(d*100); static void dump_stream_format(AVFormatContext *ic, int i, int index, int is_output) AVStream *st = ic->streams[i]; print_fps(av_q2d(st->r_frame_rate), "tbr"); dump_stream_format(ic, ic->programs[j]->stream_index[k], index, is_output); 0 --------------------------------- 585 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cfunc 624 uint16_t len = letoh16(entry->filename_size); file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); const char *mBuf; entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return sizeof(cdir_entry) + letoh16(filename_size) + letoh16(extra_field_size) + letoh16(file_comment_size); entry = (cdir_entry *)((char *)prev + prev->GetSize()); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; return nullptr; while ((entry = reader.GetNextEntry(entry))) { file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); return sizeof(cdir_entry) + letoh16(filename_size) + entry = (cdir_entry *)((char *)prev + prev->GetSize()); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { string descCopy; descCopy.append(file->GetData(), entry->GetDataSize()); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); vector parts; end = strstr(line, "\n"); } while (end && *(line = end + 1)); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; memcpy(vaddr, frame.buf, gettimeofday(&tv2, nullptr); frame.buf = nullptr; free(frame.buf); string GetEntryName(const cdir_entry *entry) string name = reader.GetEntryName(entry); file = reader.GetLocalEntry(entry); const local_file_header * GetLocalEntry(const cdir_entry *entry) (local_file_header *)(mBuf + letoh32(entry->offset)); const local_file_header * data = if (((char *)data + data->GetSize()) > (char *)mEnd) letoh16(extra_field_size) + GetDataSize(); if (((char *)data + data->GetSize()) > (char *)mEnd) return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; free(frame.buf); 1 --------------------------------- 586 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cppfunc 624 uint16_t len = letoh16(entry->filename_size); file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); const char *mBuf; entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return sizeof(cdir_entry) + letoh16(filename_size) + letoh16(extra_field_size) + letoh16(file_comment_size); entry = (cdir_entry *)((char *)prev + prev->GetSize()); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; return nullptr; while ((entry = reader.GetNextEntry(entry))) { file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); return sizeof(cdir_entry) + letoh16(filename_size) + entry = (cdir_entry *)((char *)prev + prev->GetSize()); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { string descCopy; descCopy.append(file->GetData(), entry->GetDataSize()); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); vector parts; end = strstr(line, "\n"); } while (end && *(line = end + 1)); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; memcpy(vaddr, frame.buf, gettimeofday(&tv2, nullptr); frame.buf = nullptr; free(frame.buf); string GetEntryName(const cdir_entry *entry) string name = reader.GetEntryName(entry); file = reader.GetLocalEntry(entry); const local_file_header * GetLocalEntry(const cdir_entry *entry) (local_file_header *)(mBuf + letoh32(entry->offset)); const local_file_header * data = if (((char *)data + data->GetSize()) > (char *)mEnd) letoh16(extra_field_size) + GetDataSize(); if (((char *)data + data->GetSize()) > (char *)mEnd) return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; free(frame.buf); 1 --------------------------------- 587 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cppfunc 584 return letoh32(uncompressed_size); return sizeof(local_file_header) + letoh16(filename_size) + letoh16(extra_field_size) + GetDataSize(); return sizeof(cdir_entry) + letoh16(filename_size) + letoh16(extra_field_size) + letoh16(file_comment_size); if (((char *)entry + entry->GetSize()) > mCdir_limit || return nullptr; return entry; if (((char *)data + data->GetSize()) > (char *)mEnd) return nullptr; return data; color.g8 = color16.green; uint16_t color565 = ((color.r8 & 0xF8) << 8) | ((color.g8 & 0xFC) << 3) | uint16_t color565 = ((color.r8 & 0xF8) << 8) | return (color565 << 16) | color565; while ((entry = reader.GetNextEntry(entry))) { file = reader.GetLocalEntry(entry); string descCopy; descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); return letoh32(compressed_size); color.b8 = color16.blue; return color.r8g8b8; return color.r8g8b8; ((color.g8 & 0xFC) << 3) | uint16_t color565 = ((color.r8 & 0xF8) << 8) | ((color.b8 ) >> 3); ((color.g8 & 0xFC) << 3) | uint16_t color565 = ((color.r8 & 0xF8) << 8) | return (color565 << 16) | color565; return 0; descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); vector parts; end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } while (end && *(line = end + 1)); end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; void *vaddr; 0, 0, width, height, &vaddr)) { wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, AsBackgroundFill(const png_color_16& color16, int outputFormat) color.r8 = color16.red; uint16_t color565 = ((color.r8 & 0xF8) << 8) | ((color.g8 & 0xFC) << 3) | uint16_t color565 = ((color.r8 & 0xF8) << 8) | return (color565 << 16) | color565; wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, 1 --------------------------------- 588 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cppfunc 536 return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); return sizeof(cdir_entry) + letoh16(filename_size) + return nullptr; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); letoh16(extra_field_size) + letoh16(file_comment_size); const char *mBuf; entry = (cdir_entry *)((char *)prev + prev->GetSize()); entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return nullptr; return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); string descCopy; descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); vector parts; end = strstr(line, "\n"); } while (end && *(line = end + 1)); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); if (name.find(search) || 1 --------------------------------- 589 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 405 WCHAR updateStatusFilePath[MAX_PATH + 1]; wcscpy(updateStatusFilePath, updateDirPath); if (!PathAppendSafe(updateStatusFilePath, L"update.status")) { NULL, CREATE_ALWAYS, 0, NULL); HANDLE statusFile = CreateFileW(updateStatusFilePath, GENERIC_WRITE, 0, BOOL ok = WriteFile(statusFile, failure, CloseHandle(statusFile); BOOL PathAppendSafe(LPWSTR base, LPCWSTR extra); HANDLE statusFile = CreateFileW(updateStatusFilePath, GENERIC_WRITE, 0, BOOL ok = WriteFile(statusFile, failure, CloseHandle(statusFile); 1 --------------------------------- 590 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 627 ! memcmp ( p_oggpacket->packet, "Annodex", 7 ) ) ! memcmp ( p_oggpacket->packet, "AnxData", 7 ) ) p_oggpacket->packet += 9; p_oggpacket->packet, p_stream->i_headers ); 1 --------------------------------- 591 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 1163 const char* legacyOrEmpty = "legacy 0 "; legacyOrEmpty = ""; const char* action = aDoAdd ? "add" : "remove"; legacyOrEmpty, action, 1 --------------------------------- 592 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cfunc 895 return -1; orig_offset = offset; rf_chan = tvb_get_guint8(tvb, offset+1); rf_len = tvb_get_ntohs(tvb, offset+2); return -1; rf_chan, rf_len); ti = proto_tree_add_protocol_format(tree, proto_rtsp, tvb, offset, 4, rf_chan, rf_len); proto_tree_add_item(rtspframe_tree, hf_rtsp_magic, tvb, offset, 1, ENC_NA); offset += 1; proto_tree_add_item(rtspframe_tree, hf_rtsp_channel, tvb, offset, 1, ENC_NA); offset += 1; proto_tree_add_item(rtspframe_tree, hf_rtsp_length, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; next_tvb = tvb_new_subset(tvb, offset, length_remaining, rf_len); proto_tree_add_text(rtspframe_tree, tvb, offset, rf_len, "Data (%u bytes)", rf_len); offset += rf_len; return offset - orig_offset; tokenlen = get_token_len(line, line+5, &next_token); (len == linelen || isspace(line[len]))) g_ascii_strncasecmp(rtsp_methods[ii], line, len) == 0 && gint next_offset; tvb_ensure_length_remaining(tvb, offset), &next_offset, FALSE); if (!req_resp_hdrs_do_reassembly(tvb, offset, pinfo, return -1; line = tvb_get_ptr(tvb, offset, first_linelen); orig_offset = offset; ti = proto_tree_add_item(tree, proto_rtsp, tvb, offset, -1, content_length = -1; while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, tvb_ensure_length_remaining(tvb, offset), &next_offset, linelen = tvb_find_line_end(tvb, offset, FALSE); linelen = tvb_find_line_end(tvb, offset, return -1; colon_offset = tvb_find_guint8(tvb, offset, linelen, ':'); line = tvb_get_ptr(tvb, offset, linelen); is_request_or_reply = is_rtsp_request_or_reply(line, linelen, &rtsp_type); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) tvb_ensure_bytes_exist(tvb, offset, linelen + 1); while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, colon_offset = tvb_find_guint8(tvb, offset, linelen, ':'); line = tvb_get_ptr(tvb, offset, linelen); is_request_or_reply = is_rtsp_request_or_reply(line, linelen, &rtsp_type); datalen = tvb_length_remaining(tvb, offset); reported_datalen = tvb_reported_length_remaining(tvb, offset); datalen = content_length; datalen = 0; new_tvb = tvb_new_subset(tvb, offset, datalen, proto_item_set_len(ti, offset); if (tvb_get_guint8(tvb, offset) == RTSP_FRAMEHDR) { datalen = 0; proto_tree_add_text(rtsp_tree, tvb, offset, datalen, "Data (%d bytes)", offset += datalen; return offset - orig_offset; int offset = 0; ? dissect_rtspinterleaved(tvb, offset, pinfo, tree) : dissect_rtspmessage(tvb, offset, pinfo, tree); len = (tvb_get_guint8(tvb, offset) == RTSP_FRAMEHDR) offset += len; while (tvb_reported_length_remaining(tvb, offset) != 0) { len = (tvb_get_guint8(tvb, offset) == RTSP_FRAMEHDR) : dissect_rtspmessage(tvb, offset, pinfo, tree); dissect_rtspmessage(tvbuff_t *tvb, int offset, packet_info *pinfo, first_linelen = tvb_find_line_end(tvb, offset, line = tvb_get_ptr(tvb, offset, first_linelen); line = tvb_get_ptr(tvb, offset, first_linelen); while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, colon_offset = tvb_find_guint8(tvb, offset, linelen, ':'); line = tvb_get_ptr(tvb, offset, linelen); is_request_or_reply = is_rtsp_request_or_reply(line, linelen, &rtsp_type); is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { tokenlen = get_token_len(next_token, line+linelen, &next_token); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) dissect_rtsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) while (tvb_reported_length_remaining(tvb, offset) != 0) { len = (tvb_get_guint8(tvb, offset) == RTSP_FRAMEHDR) : dissect_rtspmessage(tvb, offset, pinfo, tree); dissect_rtspinterleaved(tvbuff_t *tvb, int offset, packet_info *pinfo, length_remaining = tvb_ensure_length_remaining(tvb, offset); while (tvb_reported_length_remaining(tvb, offset) != 0) { len = (tvb_get_guint8(tvb, offset) == RTSP_FRAMEHDR) : dissect_rtspmessage(tvb, offset, pinfo, tree); 1 --------------------------------- 593 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c cppfunc 895 return -1; orig_offset = offset; rf_chan = tvb_get_guint8(tvb, offset+1); rf_len = tvb_get_ntohs(tvb, offset+2); return -1; rf_chan, rf_len); ti = proto_tree_add_protocol_format(tree, proto_rtsp, tvb, offset, 4, rf_chan, rf_len); proto_tree_add_item(rtspframe_tree, hf_rtsp_magic, tvb, offset, 1, ENC_NA); offset += 1; proto_tree_add_item(rtspframe_tree, hf_rtsp_channel, tvb, offset, 1, ENC_NA); offset += 1; proto_tree_add_item(rtspframe_tree, hf_rtsp_length, tvb, offset, 2, ENC_BIG_ENDIAN); offset += 2; next_tvb = tvb_new_subset(tvb, offset, length_remaining, rf_len); proto_tree_add_text(rtspframe_tree, tvb, offset, rf_len, "Data (%u bytes)", rf_len); offset += rf_len; return offset - orig_offset; tokenlen = get_token_len(line, line+5, &next_token); (len == linelen || isspace(line[len]))) g_ascii_strncasecmp(rtsp_methods[ii], line, len) == 0 && gint next_offset; tvb_ensure_length_remaining(tvb, offset), &next_offset, FALSE); if (!req_resp_hdrs_do_reassembly(tvb, offset, pinfo, return -1; line = tvb_get_ptr(tvb, offset, first_linelen); orig_offset = offset; ti = proto_tree_add_item(tree, proto_rtsp, tvb, offset, -1, content_length = -1; while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, tvb_ensure_length_remaining(tvb, offset), &next_offset, linelen = tvb_find_line_end(tvb, offset, FALSE); linelen = tvb_find_line_end(tvb, offset, return -1; colon_offset = tvb_find_guint8(tvb, offset, linelen, ':'); line = tvb_get_ptr(tvb, offset, linelen); is_request_or_reply = is_rtsp_request_or_reply(line, linelen, &rtsp_type); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) tvb_ensure_bytes_exist(tvb, offset, linelen + 1); while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, colon_offset = tvb_find_guint8(tvb, offset, linelen, ':'); line = tvb_get_ptr(tvb, offset, linelen); is_request_or_reply = is_rtsp_request_or_reply(line, linelen, &rtsp_type); datalen = tvb_length_remaining(tvb, offset); reported_datalen = tvb_reported_length_remaining(tvb, offset); datalen = content_length; datalen = 0; new_tvb = tvb_new_subset(tvb, offset, datalen, proto_item_set_len(ti, offset); if (tvb_get_guint8(tvb, offset) == RTSP_FRAMEHDR) { datalen = 0; proto_tree_add_text(rtsp_tree, tvb, offset, datalen, "Data (%d bytes)", offset += datalen; return offset - orig_offset; int offset = 0; ? dissect_rtspinterleaved(tvb, offset, pinfo, tree) : dissect_rtspmessage(tvb, offset, pinfo, tree); len = (tvb_get_guint8(tvb, offset) == RTSP_FRAMEHDR) offset += len; while (tvb_reported_length_remaining(tvb, offset) != 0) { len = (tvb_get_guint8(tvb, offset) == RTSP_FRAMEHDR) : dissect_rtspmessage(tvb, offset, pinfo, tree); dissect_rtspmessage(tvbuff_t *tvb, int offset, packet_info *pinfo, first_linelen = tvb_find_line_end(tvb, offset, line = tvb_get_ptr(tvb, offset, first_linelen); line = tvb_get_ptr(tvb, offset, first_linelen); while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, colon_offset = tvb_find_guint8(tvb, offset, linelen, ':'); line = tvb_get_ptr(tvb, offset, linelen); is_request_or_reply = is_rtsp_request_or_reply(line, linelen, &rtsp_type); is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { tokenlen = get_token_len(next_token, line+linelen, &next_token); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) dissect_rtsp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) while (tvb_reported_length_remaining(tvb, offset) != 0) { len = (tvb_get_guint8(tvb, offset) == RTSP_FRAMEHDR) : dissect_rtspmessage(tvb, offset, pinfo, tree); dissect_rtspinterleaved(tvbuff_t *tvb, int offset, packet_info *pinfo, length_remaining = tvb_ensure_length_remaining(tvb, offset); while (tvb_reported_length_remaining(tvb, offset) != 0) { len = (tvb_get_guint8(tvb, offset) == RTSP_FRAMEHDR) : dissect_rtspmessage(tvb, offset, pinfo, tree); 1 --------------------------------- 594 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c cfunc 374 const guint8 *pd, int *err) tag = (const char *) (pd + 6 * 4 + 1); log = tag + strlen(tag) + 1; 1 --------------------------------- 595 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp API 374 WCHAR updateStatusFilePath[MAX_PATH + 1]; wcscpy(updateStatusFilePath, updateDirPath); if (!PathAppendSafe(updateStatusFilePath, L"update.status")) { NULL, CREATE_ALWAYS, 0, NULL); HANDLE statusFile = CreateFileW(updateStatusFilePath, GENERIC_WRITE, 0, BOOL ok = WriteFile(statusFile, pending, CloseHandle(statusFile); BOOL PathAppendSafe(LPWSTR base, LPCWSTR extra); HANDLE statusFile = CreateFileW(updateStatusFilePath, GENERIC_WRITE, 0, BOOL ok = WriteFile(statusFile, pending, CloseHandle(statusFile); 1 --------------------------------- 596 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp cppfunc 111 WCHAR installDir[MAX_PATH] = {L'\0'}; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); WCHAR* backSlash = wcsrchr(aResultDir, L'\\'); 1 --------------------------------- 597 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp cfunc 1186 CommandChain* aChain, return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 598 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cppfunc 547 return letoh32(uncompressed_size); return sizeof(local_file_header) + letoh16(filename_size) + name.append(entry->data, len); (local_file_header *)(mBuf + letoh32(entry->offset)); const local_file_header * data = if (((char *)data + data->GetSize()) > (char *)mEnd) letoh16(extra_field_size) + GetDataSize(); uint16_t len = letoh16(entry->filename_size); if (((char *)data + data->GetSize()) > (char *)mEnd) return nullptr; return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); const char *mBuf; entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return sizeof(cdir_entry) + letoh16(filename_size) + letoh16(extra_field_size) + letoh16(file_comment_size); mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); madvise(mBuf, sb.st_size, MADV_SEQUENTIAL); mBuf = nullptr; entry = (cdir_entry *)((char *)prev + prev->GetSize()); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return nullptr; return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); string descCopy; descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); vector parts; end = strstr(line, "\n"); } while (end && *(line = end + 1)); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; sort(part.frames.begin(), part.frames.end()); string GetEntryName(const cdir_entry *entry) string name = reader.GetEntryName(entry); while ((entry = reader.GetNextEntry(entry))) { file = reader.GetLocalEntry(entry); const local_file_header * GetLocalEntry(const cdir_entry *entry) (local_file_header *)(mBuf + letoh32(entry->offset)); const local_file_header * data = if (((char *)data + data->GetSize()) > (char *)mEnd) letoh16(extra_field_size) + GetDataSize(); return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; sort(part.frames.begin(), part.frames.end()); const cdir_entry * GetNextEntry(const cdir_entry *prev) entry = (cdir_entry *)((char *)prev + prev->GetSize()); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; sort(part.frames.begin(), part.frames.end()); 1 --------------------------------- 599 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp cppfunc 116 const WCHAR *updateInfoDir, WCHAR slogFile[MAX_PATH + 1]; wcscpy(slogFile, updateInfoDir); 1 --------------------------------- 600 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c cfunc 2328 SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, unsigned char * pin = inbuf; unsigned char * pout = outbuf; bit_value = pletoh16(pin); pin += 2; *(pout++) = *(pin++); bit_value = pletoh16(pin); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; code_low = (unsigned int) ((*pin) & 0xF ); length = code_low + 3; memset( pout, *pin++, length ); bit_value = pletoh16(pin); *(pout++) = *(pin++); code_low = (unsigned int) ((*pin) & 0xF ); pout += length; length = code_low + ((unsigned int)(*pin++) << 4) + 19; memset( pout, *pin++, length ); bit_value = pletoh16(pin); *(pout++) = *(pin++); code_low = (unsigned int) ((*pin) & 0xF ); length = code_low + ((unsigned int)(*pin++) << 4) + 19; memset( pout, *pin++, length ); pout += length; memset( pout, *pin++, length ); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; length = (unsigned int)(*pin++) + 16; bit_value = pletoh16(pin); *(pout++) = *(pin++); pin++; pin += 2; *(pout++) = *(pin++); code_low = (unsigned int) ((*pin) & 0xF ); length = code_low + ((unsigned int)(*pin++) << 4) + 19; memset( pout, *pin++, length ); memcpy( pout, pout - offset, length ); memset( pout, *pin++, length ); pout += length; memset( pout, *pin++, length ); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; length = code_type; memcpy( pout, pout - offset, length ); memset( pout, *pin++, length ); pout += length; memset( pout, *pin++, length ); 1 --------------------------------- 601 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cppfunc 431 return letoh32(uncompressed_size); return sizeof(local_file_header) + letoh16(filename_size) + letoh16(extra_field_size) + GetDataSize(); (local_file_header *)(mBuf + letoh32(entry->offset)); const local_file_header * data = if (((char *)data + data->GetSize()) > (char *)mEnd) letoh16(extra_field_size) + GetDataSize(); if (((char *)data + data->GetSize()) > (char *)mEnd) return nullptr; return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); return sizeof(cdir_entry) + letoh16(filename_size) + letoh16(extra_field_size) + letoh16(file_comment_size); const char *mBuf; entry = (cdir_entry *)((char *)prev + prev->GetSize()); entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return nullptr; return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); string descCopy; descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); vector parts; end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } while (end && *(line = end + 1)); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); AsBackgroundFill(const png_color_16& color16, int outputFormat) color.b8 = color16.blue; color.r8 = color16.red; swap(color.r8, color.b8); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); 1 --------------------------------- 602 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c cfunc 310 ps = src; *pd++ = *ps++; l = *ps++; l = (l & 0x7F) * 2; return ps - src; memcpy(pd, ps, l); ps += l; return ps - src; ps += 2; return ps - src; return ps - src; return ps - src; memcpy(s->frame.data[0], s->prev_frame.data[0], s->avctx->height * s->frame.linesize[0]); p += 2; r = *p++ * 4; g = *p++ * 4; b = *p++ * 4; pb = p; meth = *pb++; lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); dp = &s->frame.data[0][frame_y * s->frame.linesize[0] + frame_x]; pp = &s->prev_frame.data[0][frame_y * s->prev_frame.linesize[0] + frame_x]; len = *pb++; len = (len & 0x7F) + 1; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); memcpy(&dp[ofs], pb, len); len = *pb++; pb += len; len = *pb++; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); memcpy(&dp[ofs], pb, len); pb += len; if (*pb++ == 0xFF) memcpy(&dp[ofs], pb, len); memcpy(&dp[ofs], &pp[ofs], len + 1); dp += s->frame.linesize[0]; memcpy(&dp[ofs], &pp[ofs], len + 1); VmdVideoContext *s = avctx->priv_data; vmd_decode(s); static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_len) pb = s->unpack_buffer; len = *pb++; if (*pb++ == 0xFF) memcpy(&dp[ofs], pb, len); memcpy(&dp[ofs], &pp[ofs], len + 1); static int rle_unpack(const unsigned char *src, unsigned char *dest, len = *pb++; if (*pb++ == 0xFF) memcpy(&dp[ofs], pb, len); memcpy(&dp[ofs], &pp[ofs], len + 1); static void vmd_decode(VmdVideoContext *s) const unsigned char *p = s->buf + 16; pb = p; len = *pb++; if (*pb++ == 0xFF) memcpy(&dp[ofs], pb, len); memcpy(&dp[ofs], &pp[ofs], len + 1); 1 --------------------------------- 603 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_serviceinstall.cpp cppfunc 689 WCHAR accountName[UNLEN + 1]; if (!LookupAccountSidW(NULL, sid, accountName, wcscpy(accountName, L"Users"); 1 --------------------------------- 604 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp cppfunc 221 StartServiceUpdate(LPCWSTR installDir) WCHAR maintserviceInstallerPath[MAX_PATH + 1]; wcscpy(maintserviceInstallerPath, installDir); 1 --------------------------------- 605 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c cfunc 263 memcpy(s->frame.data[0], s->prev_frame.data[0], s->avctx->height * s->frame.linesize[0]); p += 2; r = *p++ * 4; g = *p++ * 4; b = *p++ * 4; pb = p; meth = *pb++; lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); dp = &s->frame.data[0][frame_y * s->frame.linesize[0] + frame_x]; pp = &s->prev_frame.data[0][frame_y * s->prev_frame.linesize[0] + frame_x]; len = *pb++; len = (len & 0x7F) + 1; memcpy(&dp[ofs], pb, len); memcpy(&dp[ofs], &pp[ofs], len + 1); memcpy(&dp[ofs], pb, len); dp += s->frame.linesize[0]; memcpy(&dp[ofs], pb, len); pp += s->prev_frame.linesize[0]; memcpy(&dp[ofs], &pp[ofs], len + 1); memcpy(&dp[ofs], pb, len); VmdVideoContext *s = avctx->priv_data; vmd_decode(s); static void vmd_decode(VmdVideoContext *s) const unsigned char *p = s->buf + 16; pb = p; len = *pb++; len = (len & 0x7F) + 1; memcpy(&dp[ofs], pb, len); static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_len) pb = s->unpack_buffer; len = *pb++; len = (len & 0x7F) + 1; memcpy(&dp[ofs], pb, len); 1 --------------------------------- 606 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp cppfunc 388 WriteStatusFailure(LPCWSTR updateDirPath, int errorCode) WCHAR updateStatusFilePath[MAX_PATH + 1]; wcscpy(updateStatusFilePath, updateDirPath); 1 --------------------------------- 607 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_workmonitor.cpp cppfunc 349 wcsncpy(aResultDir, argvTmp[2], MAX_PATH); WCHAR* backSlash = wcsrchr(aResultDir, L'\\'); return PathRemoveFileSpecW(aResultDir); WCHAR installDir[MAX_PATH + 1] = {L'\0'}; if (!GetInstallationDir(argc, argv, installDir)) { WCHAR installDirUpdater[MAX_PATH + 1] = {L'\0'}; wcsncpy(installDirUpdater, installDir, MAX_PATH); GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH + 1]) wcsncpy(installDirUpdater, installDir, MAX_PATH); 1 --------------------------------- 608 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp cppfunc 40 WCHAR exefullpath[MAX_PATH + 1]; wcscpy(exefullpath, installationDir); if (!PathAppendSafe(exefullpath, exefile)) { BOOL PathAppendSafe(LPWSTR base, LPCWSTR extra); if (!PathGetSiblingFilePath(dlogFile, exefullpath, L"uninstall.update")) { LPCWSTR siblingFilePath, if (wcslen(siblingFilePath) >= MAX_PATH) { wcscpy(destinationBuffer, siblingFilePath); 1 --------------------------------- 609 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp cppfunc 45 WCHAR dlogFile[MAX_PATH + 1]; if (!PathGetSiblingFilePath(dlogFile, exefullpath, L"uninstall.update")) { LPCWSTR newFileName) if (wcslen(destinationBuffer) + wcslen(newFileName) >= MAX_PATH) { PathGetSiblingFilePath(LPWSTR destinationBuffer, wcscpy(destinationBuffer, siblingFilePath); if (!PathRemoveFileSpecW(destinationBuffer)) { if (wcslen(destinationBuffer) + wcslen(newFileName) >= MAX_PATH) { 1 --------------------------------- 610 CVE-2013-0874/Ffmpeg_1.1.2_CVE_2013_0874_libavcodec_tiff.c cfunc 249 if (!sep) sep = ", "; ap = av_malloc((5 + strlen(sep)) * count); ap0 = ap; int l = snprintf(ap, 5 + strlen(sep), "%d%s", sp[i], sep); ap0[strlen(ap0) - strlen(sep)] = '\0'; tag = tget_short(&s->gb, s->le); type = tget_short(&s->gb, s->le); count = tget_long(&s->gb, s->le); off = tget_long(&s->gb, s->le); ADD_METADATA(count, "ModelPixelScaleTag", NULL); ADD_METADATA(count, "ModelTransformationTag", NULL); ADD_METADATA(count, "ModelTiepointTag", NULL); ADD_METADATA(1, "GeoTIFF_Version", NULL); ADD_METADATA(2, "GeoTIFF_Key_Revision", "."); ADD_METADATA(count, "artist", NULL); ADD_METADATA(count, "copyright", NULL); ADD_METADATA(count, "date", NULL); ADD_METADATA(count, "document_name", NULL); ADD_METADATA(count, "computer", NULL); ADD_METADATA(count, "description", NULL); ADD_METADATA(count, "make", NULL); ADD_METADATA(count, "model", NULL); ADD_METADATA(count, "page_name", NULL); ADD_METADATA(count, "page_number", " / "); ADD_METADATA(count, "software", NULL); const char *name, const char *sep, TiffContext *s) case TIFF_SHORT : return add_shorts_metadata(count, name, sep, s); const char *sep, TiffContext *s) if (count >= INT_MAX / sizeof(int16_t) || count <= 0) if (bytestream2_get_bytes_left(&s->gb) < count * sizeof(int16_t)) sp = av_malloc(count * sizeof(int16_t)); ap = shorts2str(sp, count, sep); static char *shorts2str(int16_t *sp, int count, const char *sep) ap = av_malloc((5 + strlen(sep)) * count); ap0 = ap; ap0[strlen(ap0) - strlen(sep)] = '\0'; static int add_metadata(int count, int type, case TIFF_SHORT : return add_shorts_metadata(count, name, sep, s); static int add_shorts_metadata(int count, const char *name, sp = av_malloc(count * sizeof(int16_t)); ap = shorts2str(sp, count, sep); static unsigned tget_short(GetByteContext *gb, int le) unsigned v = le ? bytestream2_get_le16(gb) : bytestream2_get_be16(gb); tag = tget_short(&s->gb, s->le); type = tget_short(&s->gb, s->le); count = tget_long(&s->gb, s->le); static unsigned tget_long(GetByteContext *gb, int le) unsigned v = le ? bytestream2_get_le32(gb) : bytestream2_get_be32(gb); return v; count = tget_long(&s->gb, s->le); off = tget_long(&s->gb, s->le); ADD_METADATA(count, "software", NULL); 1 --------------------------------- 611 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 653 p_oggpacket->bytes -= 9; p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); p_oggpacket->packet, p_stream->i_headers ); p_stream->i_headers = 0; p_stream->p_headers = NULL; else if( xiph_AppendHeaders( &p_stream->i_headers, &p_stream->p_headers, p_stream->i_headers = 0; p_stream->p_headers = NULL; p_stream->fmt.p_extra = malloc( p_stream->i_headers ); memcpy( p_stream->fmt.p_extra, p_stream->p_headers, 1 --------------------------------- 612 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 654 p_oggpacket->bytes -= 9; p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); p_oggpacket->packet, p_stream->i_headers ); p_stream->i_headers = 0; else if( xiph_AppendHeaders( &p_stream->i_headers, &p_stream->p_headers, p_stream->i_headers = 0; p_stream->fmt.p_extra = malloc( p_stream->i_headers ); p_stream->i_headers ); 1 --------------------------------- 613 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp cppfunc 51 ExecuteServiceCommand(int argc, LPWSTR *argv) if (!lstrcmpi(argv[2], L"software-update")) { result = ProcessSoftwareUpdateCommand(argc - 3, argv + 3); ProcessSoftwareUpdateCommand(DWORD argc, LPWSTR *argv) if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); bool backgroundUpdate = IsUpdateBeingStaged(argcTmp, argvTmp); if (!IsLocalFile(argv[0], isLocal) || !isLocal) { nsAutoHandle noWriteLock(CreateFileW(argv[0], GENERIC_READ, FILE_SHARE_READ, if (result && !VerifySameFiles(argv[0], installDirUpdater, HMODULE updaterModule = LoadLibraryEx(argv[0], NULL, argv[0]); if (StartUpdateProcess(argc, argv, installDir, LPWSTR *argv, LPWSTR cmdLine = MakeCommandLine(argc, argv); PRUnichar* MakeCommandLine(int argc, PRUnichar **argv); WCHAR updateStatusFilePath[MAX_PATH + 1]; wcscpy(updateStatusFilePath, updateDirPath); PathGetSiblingFilePath(updaterINITemp, argv[0], L"updater.tmp")) { BOOL PathGetSiblingFilePath(LPWSTR destinationBuffer, LPCWSTR siblingFilePath, if (PathGetSiblingFilePath(updaterINI, argv[0], L"updater.ini") && processStarted = CreateProcessW(argv[0], cmdLine, if (IsStatusApplying(argv[1], isApplying) && isApplying) { BOOL PathGetSiblingFilePath(LPWSTR destinationBuffer, LPCWSTR siblingFilePath, processStarted = CreateProcessW(argv[0], cmdLine, if (IsStatusApplying(argv[1], isApplying) && isApplying) { IsStatusApplying(LPCWSTR updateDirPath, BOOL &isApplying) wcscpy(updateStatusFilePath, updateDirPath); IsUpdateBeingStaged(int argc, LPWSTR *argv) return argc == 4 && !wcscmp(argv[3], L"-1"); bool replaceRequest = (argcTmp >= 4 && wcsstr(argvTmp[3], L"/replace")); if (!IsLocalFile(argv[0], isLocal) || !isLocal) { nsAutoHandle noWriteLock(CreateFileW(argv[0], GENERIC_READ, FILE_SHARE_READ, if (result && !VerifySameFiles(argv[0], installDirUpdater, HMODULE updaterModule = LoadLibraryEx(argv[0], NULL, argv[0]); if (StartUpdateProcess(argc, argv, installDir, LPWSTR *argv, LPWSTR cmdLine = MakeCommandLine(argc, argv); 1 --------------------------------- 614 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_pathhash.cpp cppfunc 117 CalculateRegistryPathFromFilePath(const LPCWSTR filePath, size_t filePathLen = wcslen(filePath); WCHAR *lowercasePath = new WCHAR[filePathLen + 2]; wcscpy(lowercasePath, filePath); 1 --------------------------------- 615 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cfunc 753 char **sbuffer, char **buffer, size_t *maxlen, assert(*sbuffer != NULL || buffer != NULL); *maxlen = 1024; *buffer = OPENSSL_malloc(*maxlen); assert(*sbuffer != NULL); memcpy(*buffer, *sbuffer, *currlen); *sbuffer = NULL; *maxlen += 1024; *buffer = OPENSSL_realloc(*buffer, *maxlen); assert(*sbuffer != NULL || *buffer != NULL); 1 --------------------------------- 616 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cppfunc 753 char **sbuffer, char **buffer, size_t *maxlen, assert(*sbuffer != NULL || buffer != NULL); *maxlen = 1024; *buffer = OPENSSL_malloc(*maxlen); assert(*sbuffer != NULL); memcpy(*buffer, *sbuffer, *currlen); *sbuffer = NULL; *maxlen += 1024; *buffer = OPENSSL_realloc(*buffer, *maxlen); assert(*sbuffer != NULL || *buffer != NULL); 1 --------------------------------- 617 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 846 static bool Ogg_LogicalStreamResetEsFormat( demux_t *p_demux, logical_stream_t *p_stream ); if( Ogg_LogicalStreamResetEsFormat( p_demux, p_stream ) ) if( !( p_block = block_New( p_demux, p_oggpacket->bytes ) ) ) return; memcpy( p_block->p_buffer, p_oggpacket->packet + i_header_len, static void Ogg_UpdatePCR ( logical_stream_t *, ogg_packet * ); Ogg_UpdatePCR( p_stream, p_oggpacket ); if( !( p_block = block_New( p_demux, p_oggpacket->bytes ) ) ) return; memcpy( p_block->p_buffer, p_oggpacket->packet + i_header_len, p_oggpacket->bytes - i_header_len ); memcpy( p_block->p_buffer, p_oggpacket->packet + i_header_len, static void Ogg_ReadFlacHeader( demux_t *, logical_stream_t *, ogg_packet * ); Ogg_ReadFlacHeader( p_demux, p_stream, p_oggpacket ); if( !( p_block = block_New( p_demux, p_oggpacket->bytes ) ) ) return; memcpy( p_block->p_buffer, p_oggpacket->packet + i_header_len, static void Ogg_ExtractMeta( demux_t *p_demux, vlc_fourcc_t i_codec, const uint8_t *p_headers, int i_headers ); Ogg_ExtractMeta( p_demux, p_stream->fmt.i_codec, if( !( p_block = block_New( p_demux, p_oggpacket->bytes ) ) ) return; memcpy( p_block->p_buffer, p_oggpacket->packet + i_header_len, static void Ogg_DecodePacket( demux_t *p_demux, int i_header_len = 0; ! memcmp ( p_oggpacket->packet, "Annodex", 7 ) ) ! memcmp ( p_oggpacket->packet, "AnxData", 7 ) ) es_out_Control( p_demux->out, ES_OUT_GET_ES_STATE, Ogg_ReadFlacHeader( p_demux, p_stream, p_oggpacket ); p_oggpacket->packet += 9; p_oggpacket->bytes -= 9; p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_stream->i_headers ); p_oggpacket->bytes, p_oggpacket->packet ) ) if( Ogg_LogicalStreamResetEsFormat( p_demux, p_stream ) ) es_out_Control( p_demux->out, ES_OUT_SET_ES_FMT, Ogg_ExtractMeta( p_demux, p_stream->fmt.i_codec, es_out_Control( p_demux->out, ES_OUT_RESET_PCR ); es_out_Control( p_demux->out, ES_OUT_SET_PCR, Ogg_UpdatePCR( p_stream, p_oggpacket ); es_out_Control( p_demux->out, ES_OUT_RESET_PCR ); es_out_Control( p_demux->out, ES_OUT_SET_PCR, VLC_TS_0 + p_stream->i_pcr ); if( !( p_block = block_New( p_demux, p_oggpacket->bytes ) ) ) return; i_header_len = (*p_oggpacket->packet & PACKET_LEN_BITS01) >> 6; i_header_len |= (*p_oggpacket->packet & PACKET_LEN_BITS2) << 1; i_header_len++; memcpy( p_block->p_buffer, p_oggpacket->packet + i_header_len, 1 --------------------------------- 618 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cfunc 847 int i_header_len = 0; ! memcmp ( p_oggpacket->packet, "Annodex", 7 ) ) ! memcmp ( p_oggpacket->packet, "AnxData", 7 ) ) p_oggpacket->packet += 9; p_oggpacket->packet, p_stream->i_headers ); p_oggpacket->bytes, p_oggpacket->packet ) ) Ogg_UpdatePCR( p_stream, p_oggpacket ); i_header_len = (*p_oggpacket->packet & PACKET_LEN_BITS01) >> 6; i_header_len++; p_oggpacket->bytes - i_header_len ); static void Ogg_UpdatePCR ( logical_stream_t *, ogg_packet * ); Ogg_UpdatePCR( p_stream, p_oggpacket ); i_header_len |= (*p_oggpacket->packet & PACKET_LEN_BITS2) << 1; p_oggpacket->bytes - i_header_len ); 1 --------------------------------- 619 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cfunc 823 va_list args; va_start(args, format); ret = BIO_vsnprintf(buf, n, format, args); int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); const char *format, va_list args); va_end(args); 1 --------------------------------- 620 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cppfunc 823 va_list args; va_start(args, format); ret = BIO_vsnprintf(buf, n, format, args); int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); const char *format, va_list args); va_end(args); 1 --------------------------------- 621 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp cppfunc 105 LaunchWinPostProcess(const WCHAR *installationDir, wcscpy(workingDirectory, installationDir); wcscpy(inifile, installationDir); wcscpy(exefullpath, installationDir); 1 --------------------------------- 622 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c cfunc 394 return '?'; const guint8 *pd, int *err) pid = (const gint *) (pd + 4); tid = (const gint *) (pd + 2 * 4); nanoseconds = (const guint32 *) (pd + 4 * 4); priority = get_priority((const guint8 *) (pd + 5 * 4)); tag = (const gchar *) (pd + 5 * 4 + 1); log = tag + strlen(tag) + 1; pid = (const gint *) (pd + 4); tid = (const gint *) (pd + 2 * 4); nanoseconds = (const guint32 *) (pd + 4 * 4); priority = get_priority((const guint8 *) (pd + 6 * 4)); tag = (const char *) (pd + 6 * 4 + 1); log = tag + strlen(tag) + 1; buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, priority, tag, log_part); gint microseconds, gint pid, gint tid, gchar priority, const gchar *tag, log_part[str_end - str_begin] = '\0'; priority, tag, log_part); const gchar *log) gchar time_buffer[15]; priority, tag, pid, log); r priority, pid, log, tag); r priority, tag, log); r priority, pid, tid, log); r strftime(time_buffer, sizeof(time_buffer), "%m-%d %H:%M:%S", time_buffer, microseconds, priority, tag, pid, log); r strftime(time_buffer, sizeof(time_buffer), "%m-%d %H:%M:%S", time_buffer, microseconds, pid, tid, priority, tag, log); r strftime(time_buffer, sizeof(time_buffer), "%m-%d %H:%M:%S", time_buffer, microseconds, pid, tid, priority, tag, log); r return NULL; buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, length = (guint32)strlen(buf); if (!wtap_dump_file_write(wdh, buf, length, err)) { length = (guint32)strlen(buf); 1 --------------------------------- 623 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c cfunc 2610 unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int payload; unsigned int padding = 16; hbtype = *p++; n2s(p, payload); pl = p; buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); 1 --------------------------------- 624 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c cfunc 79 const guint8 *pd, int *err) datetime = (const guint32 *) (pd + 3 * 4); datetime = (const guint32 *) (pd + 3 * 4); buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, static gchar *logcat_log(const struct dumper_t *dumper, guint32 seconds, datetime = (time_t) seconds; gmtime(&datetime)); 1 --------------------------------- 625 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c cppfunc 79 const guint8 *pd, int *err) datetime = (const guint32 *) (pd + 3 * 4); datetime = (const guint32 *) (pd + 3 * 4); buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, static gchar *logcat_log(const struct dumper_t *dumper, guint32 seconds, datetime = (time_t) seconds; gmtime(&datetime)); 1 --------------------------------- 626 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp cppfunc 2209 uint32 *vector = cg->upvarMap.vector; uint32 length = cg->lexdeps.count; vector = (uint32 *) calloc(length, sizeof *vector); 1 --------------------------------- 627 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_serviceinstall.cpp cppfunc 393 currentServicePath)); wcsncpy(fixedPath, currentServicePath, MAX_PATH); nsAutoArrayPtr serviceConfigBuffer = new char[bytesNeeded]; reinterpret_cast(serviceConfigBuffer.get()), *reinterpret_cast(serviceConfigBuffer.get()); QUERY_SERVICE_CONFIGW &serviceConfig = if (!FixServicePath(schService, serviceConfig.lpBinaryPathName, LPCWSTR currentServicePath, size_t currentServicePathLen = wcslen(currentServicePath); !wcsstr(currentServicePath, L"maintenanceservice_tmp.exe") && PathUnquoteSpacesW(serviceConfig.lpBinaryPathName); GetVersionNumberFromPath(serviceConfig.lpBinaryPathName, new WCHAR[wcslen(serviceConfig.lpBinaryPathName) + 1]; LPWSTR oldServiceBinaryTempPath = wcscpy(oldServiceBinaryTempPath, serviceConfig.lpBinaryPathName); wcscpy(oldServiceBinaryTempPath + len - 3, L"old"); GetVersionNumberFromPath(LPWSTR path, DWORD &A, DWORD &B, DWORD fileVersionInfoSize = GetFileVersionInfoSizeW(path, 0); if (!GetFileVersionInfoW(path, 0, fileVersionInfoSize, if (!wcscmp(newServiceBinaryPath, serviceConfig.lpBinaryPathName)) { serviceConfig.lpBinaryPathName, FALSE)) { const size_t len = wcslen(serviceConfig.lpBinaryPathName); wcscpy(oldServiceBinaryTempPath + len - 3, L"old"); 1 --------------------------------- 628 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c cfunc 2364 SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, unsigned char * pin = inbuf; unsigned char * pout = outbuf; bit_value = pletoh16(pin); pin += 2; *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; pin++; memset( pout, *pin++, length ); memset( pout, *pin++, length ); length = (unsigned int)(*pin++) + 16; bit_value = pletoh16(pin); pin += 2; *(pout++) = *(pin++); code_low = (unsigned int) ((*pin) & 0xF ); pin++; length = code_low + 3; memset( pout, *pin++, length ); pout += length; length = code_low + ((unsigned int)(*pin++) << 4) + 19; memset( pout, *pin++, length ); pout += length; offset = code_low + ((unsigned int)(*pin++) << 4) + 3; length = (unsigned int)(*pin++) + 16; memcpy( pout, pout - offset, length ); pout += length; memcpy( pout, pout - offset, length ); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; length = code_type; memcpy( pout, pout - offset, length ); memcpy( pout, pout - offset, length ); pout += length; memcpy( pout, pout - offset, length ); 1 --------------------------------- 629 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c cfunc 418 return '?'; buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, priority, tag, log_part); gint microseconds, gint pid, gint tid, gchar priority, const gchar *tag, const guint8 *pd, int *err) pid = (const gint *) (pd + 4); buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, tid = (const gint *) (pd + 2 * 4); nanoseconds = (const guint32 *) (pd + 4 * 4); priority = get_priority((const guint8 *) (pd + 5 * 4)); tag = (const gchar *) (pd + 5 * 4 + 1); log = tag + strlen(tag) + 1; pid = (const gint *) (pd + 4); tid = (const gint *) (pd + 2 * 4); nanoseconds = (const guint32 *) (pd + 4 * 4); priority = get_priority((const guint8 *) (pd + 6 * 4)); tag = (const char *) (pd + 6 * 4 + 1); log = tag + strlen(tag) + 1; buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, priority, tag, log_part); gint microseconds, gint pid, gint tid, gchar priority, const gchar *tag, log_part[strlen(str_begin)] = '\0'; priority, tag, log_part); const gchar *log) gchar time_buffer[15]; priority, tag, pid, log); r priority, pid, log, tag); r priority, tag, log); r priority, pid, tid, log); r strftime(time_buffer, sizeof(time_buffer), "%m-%d %H:%M:%S", time_buffer, microseconds, priority, tag, pid, log); r strftime(time_buffer, sizeof(time_buffer), "%m-%d %H:%M:%S", time_buffer, microseconds, pid, tid, priority, tag, log); r strftime(time_buffer, sizeof(time_buffer), "%m-%d %H:%M:%S", time_buffer, microseconds, pid, tid, priority, tag, log); r return NULL; buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, length = (guint32)strlen(buf); if (!wtap_dump_file_write(wdh, buf, length, err)) { length = (guint32)strlen(buf); 1 --------------------------------- 630 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp cppfunc 349 wcscpy(aResultDir, argvTmp[2]); WCHAR* backSlash = wcsrchr(aResultDir, L'\\'); return PathRemoveFileSpecW(aResultDir); WCHAR installDir[MAX_PATH] = {L'\0'}; if (!GetInstallationDir(argc, argv, installDir)) { WCHAR installDirUpdater[MAX_PATH + 1] = {L'\0'}; wcsncpy(installDirUpdater, installDir, MAX_PATH); GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcsncpy(installDirUpdater, installDir, MAX_PATH); 1 --------------------------------- 631 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c cfunc 537 DisplaySurface *surface = qemu_console_surface(s->vga.con); DisplaySurface *surface = qemu_console_surface(s->vga.con); struct vmsvga_cursor_definition_s *c) qc = cursor_alloc(c->width, c->height); dpy_cursor_define(s->vga.con, qc); struct vmsvga_cursor_definition_s cursor; cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); cursor.bpp = vmsvga_fifo_read(s); if (SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { cursor.mask[args] = vmsvga_fifo_read_raw(s); cursor.image[args] = vmsvga_fifo_read_raw(s); vmsvga_cursor_define(s, &cursor); struct vmsvga_cursor_definition_s *c) __func__, c->bpp); trace_vmware_palette_write(s->index, value); trace_vmware_value_write(s->index, value); vmsvga_fifo_run(s); DisplaySurface *surface = qemu_console_surface(s->vga.con); s->vga.vram_ptr); dpy_gfx_replace_surface(s->vga.con, surface); struct vmsvga_state_s *s = opaque; vmsvga_value_write(s, addr, data); static void vmsvga_fifo_run(struct vmsvga_state_s *s) len = vmsvga_fifo_length(s); static inline int vmsvga_fifo_length(struct vmsvga_state_s *s) len = vmsvga_fifo_length(s); cursor.id = vmsvga_fifo_read(s); static inline uint32_t vmsvga_fifo_read(struct vmsvga_state_s *s) return le32_to_cpu(vmsvga_fifo_read_raw(s)); vmsvga_fifo_read(s); vmsvga_fifo_read(s); args = 7 + (vmsvga_fifo_read(s) >> 2); vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); static inline uint32_t vmsvga_fifo_read_raw(struct vmsvga_state_s *s) uint32_t cmd = s->fifo[CMD(stop) >> 2]; return cmd; return le32_to_cpu(vmsvga_fifo_read_raw(s)); cursor.id = vmsvga_fifo_read(s); vmsvga_cursor_define(s, &cursor); struct vmsvga_cursor_definition_s *c) __func__, c->bpp); static inline void vmsvga_check_size(struct vmsvga_state_s *s) vmsvga_check_size(s); vmsvga_fifo_run(s); static void vmsvga_update_display(void *opaque) vmsvga_check_size(s); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, vmsvga_cursor_define(s, &cursor); vmsvga_fifo_read(s); static void vmsvga_value_write(void *opaque, uint32_t address, uint32_t value) trace_vmware_scratch_write(s->index, value); vmsvga_fifo_run(s); static inline int vmsvga_fill_rect(struct vmsvga_state_s *s, if (vmsvga_fill_rect(s, colour, x, y, width, height) == 0) { vmsvga_fifo_read(s); static void vmsvga_io_write(void *opaque, hwaddr addr, vmsvga_value_write(s, addr, data); static inline int vmsvga_copy_rect(struct vmsvga_state_s *s, if (vmsvga_copy_rect(s, x, y, dx, dy, width, height) == 0) { cursor.id = vmsvga_fifo_read(s); 1 --------------------------------- 632 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c cfunc 481 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_share[0] = 0; strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); sprintf( psz_remote, "\\\\%s\\%s", psz_server, psz_share ); 1 --------------------------------- 633 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c cfunc 89 const guint8 *pd, int *err) datetime = (const guint32 *) (pd + 3 * 4); datetime = (const guint32 *) (pd + 3 * 4); buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, static gchar *logcat_log(const struct dumper_t *dumper, guint32 seconds, datetime = (time_t) seconds; gmtime(&datetime)); 1 --------------------------------- 634 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c cppfunc 89 const guint8 *pd, int *err) datetime = (const guint32 *) (pd + 3 * 4); datetime = (const guint32 *) (pd + 3 * 4); buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, static gchar *logcat_log(const struct dumper_t *dumper, guint32 seconds, datetime = (time_t) seconds; gmtime(&datetime)); 1 --------------------------------- 635 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cfunc 753 char **sbuffer, char **buffer, size_t *maxlen, assert(*sbuffer != NULL || buffer != NULL); *maxlen = 1024; *buffer = OPENSSL_malloc(*maxlen); assert(*sbuffer != NULL); memcpy(*buffer, *sbuffer, *currlen); *sbuffer = NULL; *maxlen += 1024; *buffer = OPENSSL_realloc(*buffer, *maxlen); assert(*sbuffer != NULL || *buffer != NULL); 1 --------------------------------- 636 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cppfunc 753 char **sbuffer, char **buffer, size_t *maxlen, assert(*sbuffer != NULL || buffer != NULL); *maxlen = 1024; *buffer = OPENSSL_malloc(*maxlen); assert(*sbuffer != NULL); memcpy(*buffer, *sbuffer, *currlen); *sbuffer = NULL; *maxlen += 1024; *buffer = OPENSSL_realloc(*buffer, *maxlen); assert(*sbuffer != NULL || *buffer != NULL); 1 --------------------------------- 637 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cfunc 744 char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, assert(*sbuffer != NULL || buffer != NULL); *maxlen = 1024; *buffer = OPENSSL_malloc(*maxlen); assert(*sbuffer != NULL); *sbuffer = NULL; *maxlen += 1024; *buffer = OPENSSL_realloc(*buffer, *maxlen); memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 638 CVE-2013-0874/Ffmpeg_1.1.2_CVE_2013_0874_libavcodec_tiff.c cfunc 231 if (!sep) sep = ", "; component_len = 15 + strlen(sep); ap = av_malloc(component_len * count); ap0 = ap; unsigned l = snprintf(ap, component_len, "%f%s", dp[i], sep); ap0[strlen(ap0) - strlen(sep)] = '\0'; tag = tget_short(&s->gb, s->le); type = tget_short(&s->gb, s->le); count = tget_long(&s->gb, s->le); off = tget_long(&s->gb, s->le); ADD_METADATA(count, "ModelPixelScaleTag", NULL); ADD_METADATA(count, "ModelTransformationTag", NULL); ADD_METADATA(count, "ModelTiepointTag", NULL); ADD_METADATA(1, "GeoTIFF_Version", NULL); ADD_METADATA(2, "GeoTIFF_Key_Revision", "."); char *ap = doubles2str(&dp[s->geotags[i].offset], s->geotags[i].count, ", "); ADD_METADATA(count, "artist", NULL); ADD_METADATA(count, "copyright", NULL); ADD_METADATA(count, "date", NULL); const char *name, const char *sep, TiffContext *s) case TIFF_DOUBLE: return add_doubles_metadata(count, name, sep, s); const char *name, const char *sep, ap = doubles2str(dp, count, sep); ADD_METADATA(count, "document_name", NULL); const char *name, const char *sep, TiffContext *s) case TIFF_DOUBLE: return add_doubles_metadata(count, name, sep, s); const char *name, const char *sep, ap = doubles2str(dp, count, sep); ADD_METADATA(count, "ModelPixelScaleTag", NULL); ADD_METADATA(count, "ModelTransformationTag", NULL); ADD_METADATA(count, "ModelTiepointTag", NULL); ADD_METADATA(1, "GeoTIFF_Version", NULL); ADD_METADATA(2, "GeoTIFF_Key_Revision", "."); ADD_METADATA(count, "artist", NULL); ADD_METADATA(count, "copyright", NULL); ADD_METADATA(count, "computer", NULL); ADD_METADATA(count, "description", NULL); ADD_METADATA(count, "make", NULL); ADD_METADATA(count, "model", NULL); ADD_METADATA(count, "page_name", NULL); ADD_METADATA(count, "page_number", " / "); ADD_METADATA(count, "software", NULL); const char *name, const char *sep, TiffContext *s) case TIFF_DOUBLE: return add_doubles_metadata(count, name, sep, s); const char *name, const char *sep, ap = doubles2str(dp, count, sep); static int add_metadata(int count, int type, case TIFF_DOUBLE: return add_doubles_metadata(count, name, sep, s); static int add_doubles_metadata(int count, dp = av_malloc(count * sizeof(double)); ap = doubles2str(dp, count, sep); static char *doubles2str(double *dp, int count, const char *sep) component_len = 15 + strlen(sep); ap = av_malloc(component_len * count); ap0 = ap; ap0[strlen(ap0) - strlen(sep)] = '\0'; static unsigned tget_long(GetByteContext *gb, int le) unsigned v = le ? bytestream2_get_le32(gb) : bytestream2_get_be32(gb); return v; count = tget_long(&s->gb, s->le); off = tget_long(&s->gb, s->le); ADD_METADATA(count, "software", NULL); static unsigned tget_short(GetByteContext *gb, int le) unsigned v = le ? bytestream2_get_le16(gb) : bytestream2_get_be16(gb); tag = tget_short(&s->gb, s->le); type = tget_short(&s->gb, s->le); count = tget_long(&s->gb, s->le); 1 --------------------------------- 639 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp cfunc 1038 rv = HandleCharacterData(aErrorText, NS_strlen(aErrorText)); uint32_t aLength) return AddText(aData, aLength); mTextLength = 0; rv = HandleStartElement(parsererror.get(), noAtts, 0, 0); rv = HandleCharacterData(aErrorText, NS_strlen(aErrorText)); rv = HandleCharacterData(aSourceText, NS_strlen(aSourceText)); int32_t aLength) mText = (char16_t *) malloc(sizeof(char16_t) * 4096); int32_t offset = 0; mTextLength += amount; int32_t amount = mTextSize - mTextLength; amount = aLength; memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); aLength -= amount; mTextSize += aLength; offset += amount; memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); XULContentSinkImpl::ReportError(const char16_t* aErrorText, NS_PRECONDITION(aError && aSourceText && aErrorText, "Check arguments!!!"); rv = HandleCharacterData(aErrorText, NS_strlen(aErrorText)); uint32_t aLength) return AddText(aData, aLength); int32_t aLength) mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); XULContentSinkImpl::HandleCharacterData(const char16_t *aData, return AddText(aData, aLength); XULContentSinkImpl::AddText(const char16_t* aText, memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); XULContentSinkImpl::HandleCDataSection(const char16_t *aData, uint32_t aLength) return AddText(aData, aLength); 1 --------------------------------- 640 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp cppfunc 1038 XULContentSinkImpl::HandleCDataSection(const char16_t *aData, uint32_t aLength) return AddText(aData, aLength); const char16_t* aSourceText, nsIScriptError *aError, NS_PRECONDITION(aError && aSourceText && aErrorText, "Check arguments!!!"); mTextLength = 0; rv = HandleStartElement(parsererror.get(), noAtts, 0, 0); rv = HandleCharacterData(aErrorText, NS_strlen(aErrorText)); uint32_t aLength) return AddText(aData, aLength); rv = HandleCharacterData(aSourceText, NS_strlen(aSourceText)); uint32_t aLength) return AddText(aData, aLength); int32_t aLength) mText = (char16_t *) malloc(sizeof(char16_t) * 4096); mTextSize = 4096; int32_t offset = 0; int32_t amount = mTextSize - mTextLength; amount = aLength; mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); mTextLength += amount; int32_t amount = mTextSize - mTextLength; memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); aLength -= amount; mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); XULContentSinkImpl::ReportError(const char16_t* aErrorText, NS_PRECONDITION(aError && aSourceText && aErrorText, "Check arguments!!!"); rv = HandleCharacterData(aErrorText, NS_strlen(aErrorText)); uint32_t aLength) return AddText(aData, aLength); int32_t aLength) mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); XULContentSinkImpl::HandleCharacterData(const char16_t *aData, return AddText(aData, aLength); XULContentSinkImpl::AddText(const char16_t* aText, memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); 1 --------------------------------- 641 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp cfunc 173 WCHAR exearg[MAX_PATH + 1]; if (!GetPrivateProfileStringW(L"PostUpdateWin", L"ExeArg", NULL, exearg, WCHAR dummyArg[14]; wcscpy(dummyArg, L"argv0ignored "); size_t len = wcslen(exearg) + wcslen(dummyArg); WCHAR *cmdline = (WCHAR *) malloc((len + 1) * sizeof(WCHAR)); wcscpy(cmdline, dummyArg); wcscat(cmdline, exearg); cmdline, cmdline, free(cmdline); 1 --------------------------------- 642 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp cppfunc 173 WCHAR exearg[MAX_PATH + 1]; if (!GetPrivateProfileStringW(L"PostUpdateWin", L"ExeArg", NULL, exearg, WCHAR dummyArg[14]; wcscpy(dummyArg, L"argv0ignored "); size_t len = wcslen(exearg) + wcslen(dummyArg); WCHAR *cmdline = (WCHAR *) malloc((len + 1) * sizeof(WCHAR)); wcscpy(cmdline, dummyArg); wcscat(cmdline, exearg); cmdline, cmdline, free(cmdline); 1 --------------------------------- 643 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cfunc 589 return letoh32(uncompressed_size); return sizeof(local_file_header) + letoh16(filename_size) + letoh16(extra_field_size) + GetDataSize(); uint16_t len = letoh16(entry->filename_size); return nullptr; return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); return sizeof(cdir_entry) + letoh16(filename_size) + letoh16(extra_field_size) + letoh16(file_comment_size); const char *mBuf; entry = (cdir_entry *)((char *)prev + prev->GetSize()); entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return nullptr; return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); if (((char *)data + data->GetSize()) > (char *)mEnd) return data; file = reader.GetLocalEntry(entry); string descCopy; descCopy.append(file->GetData(), entry->GetDataSize()); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); vector parts; end = strstr(line, "\n"); } while (end && *(line = end + 1)); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; void *vaddr; 0, 0, width, height, &vaddr)) { memcpy(vaddr, frame.buf, string GetEntryName(const cdir_entry *entry) string name = reader.GetEntryName(entry); file = reader.GetLocalEntry(entry); const local_file_header * GetLocalEntry(const cdir_entry *entry) (local_file_header *)(mBuf + letoh32(entry->offset)); const local_file_header * data = if (((char *)data + data->GetSize()) > (char *)mEnd) letoh16(extra_field_size) + GetDataSize(); if (((char *)data + data->GetSize()) > (char *)mEnd) return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; memcpy(vaddr, frame.buf, 1 --------------------------------- 644 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp cppfunc 359 WriteStatusPending(LPCWSTR updateDirPath) WCHAR updateStatusFilePath[MAX_PATH + 1]; wcscpy(updateStatusFilePath, updateDirPath); 1 --------------------------------- 645 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c cfunc 408 g_strlcpy(log_part, str_begin, strlen(str_begin)); log_part[strlen(str_begin)] = '\0'; log_part = (gchar *) g_malloc(strlen(str_begin) + 1); g_strlcpy(log_part, str_begin, strlen(str_begin)); 1 --------------------------------- 646 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp API 400 IsUpdateBeingStaged(int argc, LPWSTR *argv) return argc == 4 && !wcscmp(argv[3], L"-1"); bool replaceRequest = (argcTmp >= 4 && wcsstr(argvTmp[3], L"/replace")); if (!IsLocalFile(argv[0], isLocal) || !isLocal) { nsAutoHandle noWriteLock(CreateFileW(argv[0], GENERIC_READ, FILE_SHARE_READ, if (result && !VerifySameFiles(argv[0], installDirUpdater, HMODULE updaterModule = LoadLibraryEx(argv[0], NULL, LOAD_LIBRARY_AS_DATAFILE); HMODULE updaterModule = LoadLibraryEx(argv[0], NULL, if (!LoadStringA(updaterModule, IDS_UPDATER_IDENTITY, FreeLibrary(updaterModule); ExecuteServiceCommand(int argc, LPWSTR *argv) if (!lstrcmpi(argv[2], L"software-update")) { result = ProcessSoftwareUpdateCommand(argc - 3, argv + 3); ProcessSoftwareUpdateCommand(DWORD argc, LPWSTR *argv) if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); bool backgroundUpdate = IsUpdateBeingStaged(argcTmp, argvTmp); if (!IsLocalFile(argv[0], isLocal) || !isLocal) { nsAutoHandle noWriteLock(CreateFileW(argv[0], GENERIC_READ, FILE_SHARE_READ, if (result && !VerifySameFiles(argv[0], installDirUpdater, HMODULE updaterModule = LoadLibraryEx(argv[0], NULL, if (!LoadStringA(updaterModule, IDS_UPDATER_IDENTITY, FreeLibrary(updaterModule); 1 --------------------------------- 647 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c cfunc 143 guint16 tmp; bytes_read = file_read(&tmp, 2, wth->fh); payload_length = pletoh16(&tmp); buffer = (guint8 *) g_malloc(5 * 4 + payload_length); bytes_read = file_read(buffer, 5 * 4 + payload_length, wth->fh); tag_length = (guint32)strlen(buffer + 5 * 4 + 1) + 1; log_length = (guint32)strlen(buffer + 5 * 4 + 1 + tag_length) + 1; 1 --------------------------------- 648 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c cfunc 263 static int Read( stream_t *s, void *p_read, unsigned int i_read ) unsigned i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 1 --------------------------------- 649 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp cfunc 278 ogg_page page; PRInt64 pageOffset = ReadOggPage(&page); int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (ogg_page_bos(&page)) { codecState = nsOggCodecState::Create(&page); mCodecStates.Put(serial, codecState); bitstreams.AppendElement(codecState); codecState->GetType() == nsOggCodecState::TYPE_VORBIS && mVorbisState = static_cast(codecState); codecState->GetType() == nsOggCodecState::TYPE_THEORA && mTheoraState = static_cast(codecState); codecState->GetType() == nsOggCodecState::TYPE_SKELETON && mSkeletonState = static_cast(codecState); mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) { codecState = nsOggCodecState::Create(&page); codecState->GetType() == nsOggCodecState::TYPE_THEORA && mTheoraState = static_cast(codecState); if (mTheoraState && ReadHeaders(mTheoraState)) { mInfo.mPicture = nsIntRect(mTheoraState->mInfo.pic_x, mTheoraState->mInfo.pic_y, mTheoraState->mInfo.pic_width, mTheoraState->mInfo.pic_height); mInfo.mFrame = nsIntSize(mTheoraState->mInfo.frame_width, mTheoraState->mInfo.frame_height); memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); PRBool nsOggReader::ReadHeaders(nsOggCodecState* aState) while (!aState->DoneReadingHeaders()) { if (mTheoraState && ReadHeaders(mTheoraState)) { memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); PRBool nsOggReader::ReadHeaders(nsOggCodecState* aState) if (mTheoraState && ReadHeaders(mTheoraState)) { memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); PRInt64 nsOggReader::ReadOggPage(ogg_page* aPage) while((ret = ogg_sync_pageseek(&mOggState, aPage)) <= 0) { PRInt64 pageOffset = ReadOggPage(&page); codecState = nsOggCodecState::Create(&page); codecState->GetType() == nsOggCodecState::TYPE_THEORA && mTheoraState = static_cast(codecState); if (mTheoraState && ReadHeaders(mTheoraState)) { 1 --------------------------------- 650 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cfunc 524 string GetEntryName(const cdir_entry *entry) string name = reader.GetEntryName(entry); while ((entry = reader.GetNextEntry(entry))) { file = reader.GetLocalEntry(entry); const cdir_entry * GetNextEntry(const cdir_entry *prev) entry = (cdir_entry *)((char *)prev + prev->GetSize()); return sizeof(cdir_entry) + letoh16(filename_size) + entry = (cdir_entry *)((char *)prev + prev->GetSize()); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { const local_file_header * GetLocalEntry(const cdir_entry *entry) (local_file_header *)(mBuf + letoh32(entry->offset)); const local_file_header * data = if (((char *)data + data->GetSize()) > (char *)mEnd) letoh16(extra_field_size) + GetDataSize(); return sizeof(local_file_header) + letoh16(filename_size) + return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); struct stat sb; if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); mBuf = nullptr; uint16_t len = letoh16(entry->filename_size); name.append(entry->data, len); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { 1 --------------------------------- 651 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cfunc 777 va_list args; va_start(args, format); ret = BIO_vprintf(bio, format, args); int BIO_vprintf (BIO *bio, const char *format, va_list args) &retlen, &ignored, format, args); const char *format, va_list args); va_end(args); 1 --------------------------------- 652 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cppfunc 777 va_list args; va_start(args, format); ret = BIO_vprintf(bio, format, args); int BIO_vprintf (BIO *bio, const char *format, va_list args) &retlen, &ignored, format, args); const char *format, va_list args); va_end(args); 1 --------------------------------- 653 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c cfunc 1927 xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, qemu_iovec_init(qiov, niov); qemu_iovec_concat(qiov, &elem, skip, size); write_count -= to_copy; to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); uint64_t off; uint32_t count; QEMUIOVector qiov_full; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count, uint64_t off, uint32_t count, write_count = xattr_len - off; write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); qiov_full.iov, qiov_full.niov); struct iovec *sg, int cnt) to_copy = sg[i].iov_len; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 1 --------------------------------- 654 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_serviceinstall.cpp cppfunc 391 if (!FixServicePath(schService, serviceConfig.lpBinaryPathName, LPCWSTR currentServicePath, size_t currentServicePathLen = wcslen(currentServicePath); !wcsstr(currentServicePath, L"maintenanceservice_tmp.exe") && currentServicePath)); wcsncpy(fixedPath, currentServicePath, MAX_PATH); nsAutoArrayPtr serviceConfigBuffer = new char[bytesNeeded]; reinterpret_cast(serviceConfigBuffer.get()), *reinterpret_cast(serviceConfigBuffer.get()); QUERY_SERVICE_CONFIGW &serviceConfig = PathUnquoteSpacesW(serviceConfig.lpBinaryPathName); GetVersionNumberFromPath(serviceConfig.lpBinaryPathName, GetVersionNumberFromPath(LPWSTR path, DWORD &A, DWORD &B, DWORD fileVersionInfoSize = GetFileVersionInfoSizeW(path, 0); if (!GetFileVersionInfoW(path, 0, fileVersionInfoSize, if (!wcscmp(newServiceBinaryPath, serviceConfig.lpBinaryPathName)) { serviceConfig.lpBinaryPathName, FALSE)) { const size_t len = wcslen(serviceConfig.lpBinaryPathName); wcscpy(oldServiceBinaryTempPath, serviceConfig.lpBinaryPathName); 1 --------------------------------- 655 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c cfunc 286 frame_x = AV_RL16(&s->buf[6]); frame_y = AV_RL16(&s->buf[8]); frame_width = AV_RL16(&s->buf[10]) - frame_x + 1; memcpy(s->frame.data[0], s->prev_frame.data[0], s->avctx->height * s->frame.linesize[0]); p += 2; r = *p++ * 4; g = *p++ * 4; b = *p++ * 4; pb = p; meth = *pb++; lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); dp = &s->frame.data[0][frame_y * s->frame.linesize[0] + frame_x]; memcpy(dp, pb, frame_width); pb += frame_width; memcpy(dp, pb, frame_width); dp += s->frame.linesize[0]; memcpy(dp, pb, frame_width); VmdVideoContext *s = avctx->priv_data; vmd_decode(s); static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_len) pb = s->unpack_buffer; memcpy(dp, pb, frame_width); static void vmd_decode(VmdVideoContext *s) const unsigned char *p = s->buf + 16; frame_width = AV_RL16(&s->buf[10]) - frame_x + 1; pb = p; memcpy(dp, pb, frame_width); 1 --------------------------------- 656 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c cfunc 403 AVI_READCHUNK_ENTER; p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size ); AVI_READ4BYTES( p_chk->strf.vids.p_bih->biSize ); AVI_READ4BYTES( p_chk->strf.vids.p_bih->biWidth ); AVI_READ4BYTES( p_chk->strf.vids.p_bih->biHeight ); AVI_READ2BYTES( p_chk->strf.vids.p_bih->biPlanes ); AVI_READ2BYTES( p_chk->strf.vids.p_bih->biBitCount ); AVI_READFOURCC( p_chk->strf.vids.p_bih->biCompression ); AVI_READ4BYTES( p_chk->strf.vids.p_bih->biSizeImage ); AVI_READ4BYTES( p_chk->strf.vids.p_bih->biXPelsPerMeter ); AVI_READ4BYTES( p_chk->strf.vids.p_bih->biYPelsPerMeter ); AVI_READ4BYTES( p_chk->strf.vids.p_bih->biClrUsed ); AVI_READ4BYTES( p_chk->strf.vids.p_bih->biClrImportant ); p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; memcpy( &p_chk->strf.vids.p_bih[1], static vlc_fourcc_t GetFOURCC( const uint8_t *p_buff ) return VLC_FOURCC( p_buff[0], p_buff[1], p_buff[2], p_buff[3] ); AVI_READFOURCC( p_chk->strf.vids.p_bih->biCompression ); memcpy( &p_chk->strf.vids.p_bih[1], 1 --------------------------------- 657 CVE-2013-0874/Ffmpeg_1.1.2_CVE_2013_0874_libavcodec_tiff.c cfunc 224 return i.f64; if (!sep) sep = ", "; component_len = 15 + strlen(sep); ap = av_malloc(component_len * count); ap[0] = '\0'; unsigned l = snprintf(ap, component_len, "%f%s", dp[i], sep); ap += l; unsigned l = snprintf(ap, component_len, "%f%s", dp[i], sep); ap0[strlen(ap0) - strlen(sep)] = '\0'; tag = tget_short(&s->gb, s->le); type = tget_short(&s->gb, s->le); count = tget_long(&s->gb, s->le); off = tget_long(&s->gb, s->le); ADD_METADATA(count, "ModelPixelScaleTag", NULL); ADD_METADATA(count, "ModelTransformationTag", NULL); ADD_METADATA(count, "ModelTiepointTag", NULL); ADD_METADATA(1, "GeoTIFF_Version", NULL); ADD_METADATA(2, "GeoTIFF_Key_Revision", "."); dp[i] = tget_double(&s->gb, s->le); char *ap = doubles2str(&dp[s->geotags[i].offset], s->geotags[i].count, ", "); ADD_METADATA(count, "artist", NULL); ADD_METADATA(count, "copyright", NULL); ADD_METADATA(count, "date", NULL); ADD_METADATA(count, "document_name", NULL); ADD_METADATA(count, "computer", NULL); ADD_METADATA(count, "description", NULL); ADD_METADATA(count, "make", NULL); ADD_METADATA(count, "model", NULL); ADD_METADATA(count, "page_name", NULL); ADD_METADATA(count, "page_number", " / "); ADD_METADATA(count, "software", NULL); const char *name, const char *sep, TiffContext *s) case TIFF_DOUBLE: return add_doubles_metadata(count, name, sep, s); const char *name, const char *sep, dp[i] = tget_double(&s->gb, s->le); av_freep(&dp); ap = doubles2str(dp, count, sep); static char *doubles2str(double *dp, int count, const char *sep) component_len = 15 + strlen(sep); ap = av_malloc(component_len * count); unsigned l = snprintf(ap, component_len, "%f%s", dp[i], sep); static int add_metadata(int count, int type, case TIFF_DOUBLE: return add_doubles_metadata(count, name, sep, s); static int add_doubles_metadata(int count, dp = av_malloc(count * sizeof(double)); ap = doubles2str(dp, count, sep); static unsigned tget_long(GetByteContext *gb, int le) unsigned v = le ? bytestream2_get_le32(gb) : bytestream2_get_be32(gb); return v; count = tget_long(&s->gb, s->le); off = tget_long(&s->gb, s->le); dp = av_malloc(count * sizeof(double)); char *ap = doubles2str(&dp[s->geotags[i].offset], s->geotags[i].count, ", "); ADD_METADATA(count, "software", NULL); static unsigned tget_short(GetByteContext *gb, int le) unsigned v = le ? bytestream2_get_le16(gb) : bytestream2_get_be16(gb); tag = tget_short(&s->gb, s->le); type = tget_short(&s->gb, s->le); count = tget_long(&s->gb, s->le); 1 --------------------------------- 658 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c cfunc 96 uint8_t buf[32]; len = get_cmd(s, buf); uint8_t buf[32]; len = get_cmd(s, buf); s->dma = 1; s->dma = 0; handle_satn(s); static void sysbus_esp_mem_write(void *opaque, hwaddr addr, esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) dmalen = s->ti_size; memcpy(buf, s->ti_buf, dmalen); static void handle_satn(ESPState *s) len = get_cmd(s, buf); 1 --------------------------------- 659 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c cfunc 303 ps += l; return ps - src; return ps - src; ps += 2; return ps - src; memcpy(s->frame.data[0], s->prev_frame.data[0], s->avctx->height * s->frame.linesize[0]); p += 2; r = *p++ * 4; g = *p++ * 4; b = *p++ * 4; pb = p; meth = *pb++; lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); dp = &s->frame.data[0][frame_y * s->frame.linesize[0] + frame_x]; pp = &s->prev_frame.data[0][frame_y * s->prev_frame.linesize[0] + frame_x]; len = *pb++; len = (len & 0x7F) + 1; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); memcpy(&dp[ofs], pb, len); pb += len; len = *pb++; len = (len & 0x7F) + 1; pp += s->prev_frame.linesize[0]; memcpy(&dp[ofs], &pp[ofs], len + 1); dp += s->frame.linesize[0]; memcpy(&dp[ofs], pb, len); VmdVideoContext *s = avctx->priv_data; vmd_decode(s); static void vmd_decode(VmdVideoContext *s) const unsigned char *p = s->buf + 16; pb = p; len = *pb++; len = (len & 0x7F) + 1; memcpy(&dp[ofs], pb, len); static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_len) pb = s->unpack_buffer; len = *pb++; len = (len & 0x7F) + 1; memcpy(&dp[ofs], pb, len); 1 --------------------------------- 660 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c cfunc 1069 unsigned char **buffer, int length, char *string, memcpy(string, *buffer, length); 1 --------------------------------- 661 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp API 70 WCHAR updateStatusFilePath[MAX_PATH + 1]; wcscpy(updateStatusFilePath, updateDirPath); if (!PathAppendSafe(updateStatusFilePath, L"update.status")) { FILE_SHARE_DELETE, FILE_SHARE_WRITE | nsAutoHandle statusFile(CreateFileW(updateStatusFilePath, GENERIC_READ, NULL, OPEN_EXISTING, 0, NULL)); char buf[32] = { 0 }; DWORD read; if (!ReadFile(statusFile, buf, sizeof(buf), &read, NULL)) { 1 --------------------------------- 662 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cfunc 777 va_list args; va_start(args, format); ret = BIO_vprintf(bio, format, args); int BIO_vprintf (BIO *bio, const char *format, va_list args) &retlen, &ignored, format, args); const char *format, va_list args); va_end(args); 1 --------------------------------- 663 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cppfunc 777 va_list args; va_start(args, format); ret = BIO_vprintf(bio, format, args); int BIO_vprintf (BIO *bio, const char *format, va_list args) &retlen, &ignored, format, args); const char *format, va_list args); va_end(args); 1 --------------------------------- 664 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cfunc 386 return letoh32(uncompressed_size); return sizeof(local_file_header) + letoh16(filename_size) + const char *mBuf; (local_file_header *)(mBuf + letoh32(entry->offset)); const local_file_header * data = if (((char *)data + data->GetSize()) > (char *)mEnd) letoh16(extra_field_size) + GetDataSize(); if (((char *)data + data->GetSize()) > (char *)mEnd) return nullptr; return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); return sizeof(cdir_entry) + letoh16(filename_size) + letoh16(extra_field_size) + letoh16(file_comment_size); entry = (cdir_entry *)((char *)prev + prev->GetSize()); entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return nullptr; return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); png_structp pngread = png_create_read_struct(PNG_LIBPNG_VER_STRING, nullptr, nullptr, nullptr); png_infop pnginfo = png_create_info_struct(pngread); if (setjmp(png_jmpbuf(pngread))) { png_set_read_fn(pngread, &state, RawReader); png_set_keep_unknown_chunks(pngread, 1, unused_chunks, png_set_keep_unknown_chunks(pngread, 1, tRNS_chunk, 1); png_read_info(pngread, pnginfo); has_bgcolor = (PNG_INFO_bKGD == png_get_bKGD(pngread, pnginfo, &colorp)); width = png_get_image_width(pngread, pnginfo); height = png_get_image_height(pngread, pnginfo); bytepp = 4; bytepp = 3; bytepp = 2; string descCopy; descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); vector parts; end = strstr(line, "\n"); } while (end && *(line = end + 1)); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; frame.ReadPngFrame(format); buf = (char *)malloc(width * (height + 1) * bytepp); 1 --------------------------------- 665 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp cppfunc 386 return letoh32(uncompressed_size); return sizeof(local_file_header) + letoh16(filename_size) + const char *mBuf; (local_file_header *)(mBuf + letoh32(entry->offset)); const local_file_header * data = if (((char *)data + data->GetSize()) > (char *)mEnd) letoh16(extra_field_size) + GetDataSize(); if (((char *)data + data->GetSize()) > (char *)mEnd) return nullptr; return data; file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); return data + letoh16(filename_size) + letoh16(extra_field_size); return sizeof(cdir_entry) + letoh16(filename_size) + letoh16(extra_field_size) + letoh16(file_comment_size); entry = (cdir_entry *)((char *)prev + prev->GetSize()); entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return nullptr; return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); return data; nullptr, nullptr, nullptr); png_structp pngread = png_create_read_struct(PNG_LIBPNG_VER_STRING, png_infop pnginfo = png_create_info_struct(pngread); if (setjmp(png_jmpbuf(pngread))) { png_set_read_fn(pngread, &state, RawReader); png_set_keep_unknown_chunks(pngread, 1, unused_chunks, png_set_keep_unknown_chunks(pngread, 1, tRNS_chunk, 1); png_read_info(pngread, pnginfo); has_bgcolor = (PNG_INFO_bKGD == png_get_bKGD(pngread, pnginfo, &colorp)); width = png_get_image_width(pngread, pnginfo); file = reader.GetLocalEntry(entry); descCopy.append(file->GetData(), entry->GetDataSize()); height = png_get_image_height(pngread, pnginfo); bytepp = 4; bytepp = 3; bytepp = 2; string descCopy; descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); vector parts; end = strstr(line, "\n"); } while (end && *(line = end + 1)); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; frame.ReadPngFrame(format); buf = (char *)malloc(width * (height + 1) * bytepp); 1 --------------------------------- 666 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c cppfunc 823 va_list args; va_start(args, format); ret = BIO_vsnprintf(buf, n, format, args); int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); const char *format, va_list args); va_end(args); 1 --------------------------------- 667 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c cfunc 744 char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, assert(*sbuffer != NULL || buffer != NULL); *maxlen = 1024; *buffer = OPENSSL_malloc(*maxlen); assert(*sbuffer != NULL); *sbuffer = NULL; *maxlen += 1024; *buffer = OPENSSL_realloc(*buffer, *maxlen); memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 668 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c cfunc 270 memcpy(s->frame.data[0], s->prev_frame.data[0], s->avctx->height * s->frame.linesize[0]); p += 2; r = *p++ * 4; g = *p++ * 4; b = *p++ * 4; pb = p; meth = *pb++; lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); dp = &s->frame.data[0][frame_y * s->frame.linesize[0] + frame_x]; pp = &s->prev_frame.data[0][frame_y * s->prev_frame.linesize[0] + frame_x]; len = *pb++; len = (len & 0x7F) + 1; memcpy(&dp[ofs], pb, len); pb += len; len = *pb++; memcpy(&dp[ofs], pb, len); memcpy(&dp[ofs], &pp[ofs], len + 1); dp += s->frame.linesize[0]; memcpy(&dp[ofs], &pp[ofs], len + 1); VmdVideoContext *s = avctx->priv_data; vmd_decode(s); static void lz_unpack(const unsigned char *src, unsigned char *dest, int dest_len) pb = s->unpack_buffer; len = *pb++; memcpy(&dp[ofs], pb, len); memcpy(&dp[ofs], &pp[ofs], len + 1); static void vmd_decode(VmdVideoContext *s) const unsigned char *p = s->buf + 16; pb = p; len = *pb++; memcpy(&dp[ofs], pb, len); memcpy(&dp[ofs], &pp[ofs], len + 1); 1 --------------------------------- 669 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c cppfunc 651 p_oggpacket->bytes -= 9; p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); p_oggpacket->packet, p_stream->i_headers ); p_stream->i_headers = 0; else if( xiph_AppendHeaders( &p_stream->i_headers, &p_stream->p_headers, p_stream->i_headers = 0; p_stream->fmt.p_extra = malloc( p_stream->i_headers ); 1 --------------------------------- 670 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c cfunc 166 static int ws_snd_decode_frame(AVCodecContext *avctx, void *data, const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) { samples = s->frame.data[0]; count = *buf & 0x3F; case 0: smp = 4; break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; code = *buf++; sample = av_clip_uint8(sample); *samples++ = sample; sample += ((code >> 2) & 0x3) - 2; sample = av_clip_uint8(sample); *samples++ = sample; sample += ((code >> 4) & 0x3) - 2; sample = av_clip_uint8(sample); *samples++ = sample; sample += (code >> 6) - 2; sample = av_clip_uint8(sample); *samples++ = sample; code = *buf++; count = *buf & 0x3F; case 0: smp = 4; break; case 1: smp = 2; break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; code = *buf++; sample += ( code & 0x3) - 2; sample = av_clip_uint8(sample); *samples++ = sample; sample += ws_adpcm_4bit[code & 0xF]; sample = av_clip_uint8(sample); *samples++ = sample; sample += ws_adpcm_4bit[code >> 4]; sample = av_clip_uint8(sample); *samples++ = sample; t = count; t <<= 3; sample += t >> 3; sample = av_clip_uint8(sample); *samples++ = sample; memcpy(samples, buf, smp); samples += smp; memcpy(samples, buf, smp); buf += smp; memcpy(samples, buf, smp); sample = buf[-1]; sample = av_clip_uint8(sample); *samples++ = sample; memcpy(samples, buf, smp); memset(samples, sample, smp); samples += smp; memcpy(samples, buf, smp); 1 --------------------------------- 671 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c cfunc 1592 unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int payload; unsigned int padding = 16; hbtype = *p++; n2s(p, payload); pl = p; payload + padding; unsigned int write_length = buffer = OPENSSL_malloc(write_length); bp = buffer; *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); 1 --------------------------------- 672 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c cfunc 84 const guint8 *pd, int *err) datetime = (const guint32 *) (pd + 3 * 4); datetime = (const guint32 *) (pd + 3 * 4); buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, static gchar *logcat_log(const struct dumper_t *dumper, guint32 seconds, datetime = (time_t) seconds; gmtime(&datetime)); 1 --------------------------------- 673 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c cppfunc 84 const guint8 *pd, int *err) datetime = (const guint32 *) (pd + 3 * 4); datetime = (const guint32 *) (pd + 3 * 4); buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, static gchar *logcat_log(const struct dumper_t *dumper, guint32 seconds, datetime = (time_t) seconds; gmtime(&datetime)); 1 --------------------------------- 674 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c cppfunc 419 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 675 153662/mem_dbg.c cppfunc 238 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 676 153662/mem_dbg.c cppfunc 234 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 677 199276/invalid_memory_access.c cppfunc 106 buf = (char *) malloc (25 * sizeof(char)); buf = NULL; strcpy(buf,"This is String"); free(buf); 0 --------------------------------- 678 153185/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 679 153601/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 680 153601/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 681 153185/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 682 70497/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_02.c cppfunc 181 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 683 152971/utils.c cppfunc 4818 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) switch(( *(spec++))){ if (( *(spec++)) == ':') { int index = (strtol(spec,((void *)0),0)); 0 --------------------------------- 684 153408/heapam.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 685 153408/heapam.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 686 153408/heapam.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 687 153330/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 688 70454/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_07.c cppfunc 241 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 689 153330/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 690 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c inputfunc 107 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 691 153689/tile-manager.c cppfunc 80 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 692 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c inputfunc 163 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 693 153298/stream.c cppfunc 1846 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 694 72650/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_73.cpp cppfunc 149 void badSink(list dataList) wchar_t * data = dataList.back(); memmove(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 695 153466/subtrans.c cppfunc 107 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 696 152903/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 697 152903/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 698 152903/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 699 152943/types.c cppfunc 67 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 700 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c cppfunc 79 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 701 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c cppfunc 88 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 702 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c cppfunc 85 data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_goodG2BSource(data); goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 703 67734/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_33.cpp cppfunc 232 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 704 153476/column.c cppfunc 83 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 705 153476/column.c cppfunc 85 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 706 153179/config_file.c cppfunc 111 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 707 110652/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_05.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 708 153772/subtrans.c cppfunc 334 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *gwynfa_cryptozonia; stonesoup_read_taint(&gwynfa_cryptozonia,"CASUISTICAL_RESTIACEOUS"); nutgrasses_disloyalist = ((void *)gwynfa_cryptozonia); drawbridges_walsh[5] = nutgrasses_disloyalist; scourfishes_daiquiri = 5; aeolodicon_soundheaded = &scourfishes_daiquiri; hawkbills_bluelegs = *(drawbridges_walsh + *aeolodicon_soundheaded); free(((char *)((char *)hawkbills_bluelegs))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&gwynfa_cryptozonia,"CASUISTICAL_RESTIACEOUS"); nutgrasses_disloyalist = ((void *)gwynfa_cryptozonia); drawbridges_walsh[5] = nutgrasses_disloyalist; hawkbills_bluelegs = *(drawbridges_walsh + *aeolodicon_soundheaded); free(((char *)((char *)hawkbills_bluelegs))); 0 --------------------------------- 709 153269/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 710 153269/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 711 153269/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 712 110816/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_41.cpp cppfunc 97 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 713 153810/pgstat.c inputfunc 3347 if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); memcpy(dbentry,(&dbbuf),sizeof(PgStat_StatDBEntry )); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 714 152911/eng_lib.c inputfunc 139 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&preenlistments_nuchale,"SOPHISTICATIONS_PLAGUELESS"); if (preenlistments_nuchale != 0) {; wran_nonevent . unpriceably_advocates = preenlistments_nuchale; reincorporates_tale[5] = wran_nonevent; curacao_drivellers = *(reincorporates_tale + *irenic_onewhere); subreguli_alphonsism(curacao_drivellers); 0 --------------------------------- 715 152911/eng_lib.c cppfunc 136 stonesoup_read_taint(&preenlistments_nuchale,"SOPHISTICATIONS_PLAGUELESS"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 716 70754/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_21.c cppfunc 117 data = (char *)malloc((10+1)*sizeof(char)); return data; data = NULL; data = goodG2B2Source(data); strcpy(data, source); printLine(data); free(data); static char * goodG2B2Source(char * data) return data; data = goodG2B2Source(data); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 717 67743/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_53.cpp inputfunc 98 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 718 70907/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_44.c cppfunc 65 static void goodG2BSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 719 153387/subtrans.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 720 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c inputfunc 163 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 721 153101/resowner.c cppfunc 669 neatherd_mesomorph = getenv("SPHERULA_STOMATOTOMIES"); humbugs_locofocos = ((int )(strlen(neatherd_mesomorph))); strictish_wormship = ((char *)(malloc(humbugs_locofocos + 1))); 0 --------------------------------- 722 153771/main_filter_toolbar.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 723 70409/CWE122_Heap_Based_Buffer_Overflow__CWE135_10.c cppfunc 83 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 724 72425/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_10.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 725 110397/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_65.c cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 726 153441/oids.c cppfunc 1333 va_list delsman_vulvitises; __builtin_va_start(delsman_vulvitises,drouks_countrieman); avn_benevolency = (va_arg(delsman_vulvitises,union keelhaling_unadorableness )); 0 --------------------------------- 727 66357/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_51.c cppfunc 57 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 728 153058/avfilter.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 729 153058/avfilter.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 730 153058/avfilter.c cppfunc 61 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 731 153309/mux.c cppfunc 112 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 732 153309/mux.c cppfunc 114 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 733 153445/color.c cppfunc 390 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 734 110830/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_66.cpp cppfunc 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 735 153580/pmsignal.c cppfunc 428 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 736 153588/file_wrappers.c cppfunc 109 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 737 79457/CWE134_Uncontrolled_Format_String__char_console_printf_34.c inputfunc 106 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myUnion.unionFirst = data; 0 --------------------------------- 738 148828/Geolocation.cpp cppfunc 178 void Geolocation::Watchers::remove(GeoNotifier* notifier) NotifierToIdMap::iterator iter = m_notifierToIdMap.find(notifier); m_idToNotifierMap.remove(iter->second); 0 --------------------------------- 739 153214/pgstat.c cppfunc 283 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 740 69922/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_03.cpp cppfunc 94 data = new wchar_t[100]; data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 741 71422/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_15.c cppfunc 109 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 742 153581/config_file.c cppfunc 111 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 743 153581/config_file.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 744 72137/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_10.c cppfunc 96 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 745 70461/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_14.c cppfunc 236 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 746 71481/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_42.c cppfunc 78 data[0] = '\0'; return data; data = goodG2BSource(data); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 747 70501/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_06.c cppfunc 233 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 748 66639/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_34.c cppfunc 68 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 749 153234/img2.c cppfunc 69 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 750 62582/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_21.c cppfunc 64 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 751 71412/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_05.c cppfunc 80 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 752 66233/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_02.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 753 66589/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_32.c cppfunc 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 754 70654/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_15.c cppfunc 503 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 755 153769/utils.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 756 153769/utils.c cppfunc 82 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 757 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c inputfunc 171 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; 0 --------------------------------- 758 153816/error.c cppfunc 207 jmp_buf sillabub_calamints; brontosauri_begift = setjmp(sillabub_calamints); longjmp(sillabub_calamints,1); 0 --------------------------------- 759 70749/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_14.c cppfunc 70 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 760 153680/color.c cppfunc 604 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 761 153680/color.c cppfunc 609 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *calumniously_matrices) free(((char *)calumniously_matrices)); 0 --------------------------------- 762 67726/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_15.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 763 153241/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 764 62741/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_61.c cppfunc 335 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 765 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c cppfunc 417 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 766 70960/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54.c cppfunc 309 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54e_goodG2BSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 767 153756/utf.c cppfunc 108 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 768 153428/utils.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 769 153059/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 770 70866/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_62.cpp cppfunc 67 data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 771 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c cppfunc 88 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 772 153301/e_camellia.c cppfunc 145 stonesoup_read_taint(&yodh_rlg,"DILUVY_CONSOLIDATING"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 773 153262/color.c cppfunc 324 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 774 153262/color.c cppfunc 326 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 775 153301/e_camellia.c inputfunc 148 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&yodh_rlg,"DILUVY_CONSOLIDATING"); if (yodh_rlg != 0) {; 0 --------------------------------- 776 72830/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_52.c cppfunc 172 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_52c_badSink(char * data) strcat(data, source); printLine(data); free(data); 0 --------------------------------- 777 153627/e_bf.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 778 72400/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54.c cppfunc 286 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54e_goodG2BSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 779 153330/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 780 71372/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_13.c cppfunc 93 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 781 153032/timestamp.c cppfunc 91 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 782 70995/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22.c cppfunc 70 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_goodG2B1Source(data); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 783 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c cppfunc 208 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 784 72831/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53.c cppfunc 239 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53d_goodG2BSink(char * data) strcat(data, source); printLine(data); free(data); 0 --------------------------------- 785 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c cppfunc 205 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 786 153152/eng_table.c cppfunc 121 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 787 70650/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_11.c cppfunc 416 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 788 153627/e_bf.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 789 67584/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_17.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 790 153347/bufmgr.c cppfunc 2757 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 791 153397/resowner.c cppfunc 153 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 792 153397/resowner.c cppfunc 157 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 793 66248/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_17.c cppfunc 58 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 794 70529/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_61.c cppfunc 234 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 795 153770/color.c cppfunc 118 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 796 148828/Geolocation.cpp cppfunc 298 void Geolocation::fatalErrorOccurred(Geolocation::GeoNotifier* notifier) m_oneShots.remove(notifier); m_watchers.remove(notifier); 0 --------------------------------- 797 153467/color.c cppfunc 594 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int acknowledgment_cackler = 53; char *achaenocarp_pressor; stonesoup_read_taint(&achaenocarp_pressor,"2478",acknowledgment_cackler); free(((char *)achaenocarp_pressor)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&achaenocarp_pressor,"2478",acknowledgment_cackler); free(((char *)achaenocarp_pressor)); 0 --------------------------------- 798 72744/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68.c cppfunc 131 wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68_badData; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 799 71414/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_07.c cppfunc 47 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 800 72131/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_04.c cppfunc 48 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 801 153035/avdevice.c cppfunc 67 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 802 70535/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67.c cppfunc 226 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 803 110506/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_03.c cppfunc 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 804 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c cppfunc 380 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 805 66524/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_05.c cppfunc 89 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 806 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c cppfunc 349 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 807 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c cppfunc 346 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 808 70961/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_61.c cppfunc 64 data = (char *)malloc((10+1)*sizeof(char)); return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_61b_goodG2BSource(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 809 153024/utils.c cppfunc 69 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 810 66246/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_15.c cppfunc 90 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 811 62983/CWE121_Stack_Based_Buffer_Overflow__CWE135_63.c cppfunc 156 void CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_goodG2BSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 812 62983/CWE121_Stack_Based_Buffer_Overflow__CWE135_63.c cppfunc 153 void CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_goodG2BSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 813 66290/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_11.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 814 66533/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_14.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 815 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c cppfunc 348 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67b_goodG2BSink(CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType myStruct) char * data = myStruct.structFirst; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 816 67732/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_31.cpp inputfunc 245 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 817 153333/utils.c cppfunc 4792 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; sid = (strtol(spec + 1,&endptr,0)); 0 --------------------------------- 818 153763/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 819 70463/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_16.c cppfunc 234 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 820 153467/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 821 153524/color.c cppfunc 352 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 822 153421/color.c cppfunc 373 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 823 153421/color.c cppfunc 375 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 824 152978/column-utils.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 825 70640/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_01.c cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 826 70479/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53.c cppfunc 484 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 827 153363/column-utils.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 828 153271/types.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 829 153271/types.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 830 66247/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_16.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 831 152920/oids.c inputfunc 155 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&inguinocrural_portionless,"LENTISCUS_TETRADACTYLY"); if (inguinocrural_portionless != 0) {; clitellar_anthropotomy . enterocentesis_seminule = inguinocrural_portionless; nonstrictness_tramcars = biramose_switchback(clitellar_anthropotomy); union forrard_shetrit biramose_switchback(union forrard_shetrit tetraselenodont_unhabitually) return tetraselenodont_unhabitually; nonstrictness_tramcars = biramose_switchback(clitellar_anthropotomy); sowans_khedivial = ((char *)nonstrictness_tramcars . enterocentesis_seminule); strncpy(stonesoup_source, sowans_khedivial, sizeof(stonesoup_source)); if (nonstrictness_tramcars . enterocentesis_seminule != 0) free(((char *)nonstrictness_tramcars . enterocentesis_seminule)); 0 --------------------------------- 832 153430/string.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 833 110481/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_42.c cppfunc 78 data = 20; return data; data = goodG2BSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 834 70968/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68.c cppfunc 139 char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68_badData; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 835 153267/stream.c cppfunc 207 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *seroot_improvidences;; stonesoup_read_taint(&seroot_improvidences,"CASSANDRE_STEVINSON"); duramens_tintinnabulous = ((int )(strlen(seroot_improvidences))); memcpy(sogat_claw,seroot_improvidences,duramens_tintinnabulous); free(((char *)seroot_improvidences)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&seroot_improvidences,"CASSANDRE_STEVINSON"); duramens_tintinnabulous = ((int )(strlen(seroot_improvidences))); memcpy(sogat_claw,seroot_improvidences,duramens_tintinnabulous); free(((char *)seroot_improvidences)); 0 --------------------------------- 836 153825/stream.c cppfunc 131 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 837 153212/utils.c cppfunc 4976 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); dogmata_garibaldian = 5; nonmalignantly_noncreditor = &dogmata_garibaldian; boqueron_sequesterment = *(chondrichthyes_caen + *nonmalignantly_noncreditor); free(((char *)boqueron_sequesterment)); void stonesoup_handle_taint(char *paradoxurus_furl) adephaga_concordial = paradoxurus_furl; chondrichthyes_caen[5] = adephaga_concordial; boqueron_sequesterment = *(chondrichthyes_caen + *nonmalignantly_noncreditor); free(((char *)boqueron_sequesterment)); 0 --------------------------------- 838 153303/utils.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 839 153303/utils.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 840 153303/utils.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 841 62606/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_73.cpp cppfunc 97 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 842 72391/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_34.c cppfunc 73 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_34_unionType myUnion; char * data = myUnion.unionSecond; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 843 153382/mux.c cppfunc 105 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 844 69205/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_06.cpp cppfunc 101 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 845 72320/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_01.c cppfunc 58 data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 846 148916/strutil.c cppfunc 837 convert_string_to_hex(const char *string, size_t *nbytes) p = &string[0]; c = *p++; if (isspace(c)) if (isdigit(c)) 0 --------------------------------- 847 67568/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_01.cpp cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 848 72405/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_65.c cppfunc 140 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_65b_goodG2BSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 849 70469/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_32.c cppfunc 185 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 850 67575/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_08.cpp cppfunc 165 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 851 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c cppfunc 211 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 852 153631/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 853 70509/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_14.c cppfunc 93 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 854 153631/color.c cppfunc 120 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 855 153036/string.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 856 62971/CWE121_Stack_Based_Buffer_Overflow__CWE135_34.c cppfunc 72 CWE121_Stack_Based_Buffer_Overflow__CWE135_34_unionType myUnion; void * data = myUnion.unionSecond; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 857 153036/string.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 858 72457/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_72.cpp cppfunc 149 void badSink(vector dataVector) char * data = dataVector[2]; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 859 70459/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_12.c cppfunc 352 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 860 70503/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_08.c cppfunc 162 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 861 152920/oids.c cppfunc 979 jmp_buf soldier_taratantarize; bilharzia_subtransparent = setjmp(soldier_taratantarize); longjmp(soldier_taratantarize,1); 0 --------------------------------- 862 66249/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_18.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 863 67298/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_73.cpp cppfunc 148 void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 864 72214/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_66.c cppfunc 158 data[0] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 865 153769/utils.c cppfunc 877 char *hexaseme_egide; stonesoup_read_taint(&hexaseme_egide,"INAMISSIBLENESS_CUSTOMING"); mohock_treadling = ((int )(strlen(hexaseme_egide))); chichewa_scorified = ((char *)(malloc(mohock_treadling + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&hexaseme_egide,"INAMISSIBLENESS_CUSTOMING"); mohock_treadling = ((int )(strlen(hexaseme_egide))); chichewa_scorified = ((char *)(malloc(mohock_treadling + 1))); 0 --------------------------------- 866 153179/config_file.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 867 70450/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_03.c cppfunc 236 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 868 153400/dirent_uri.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 869 71142/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_33.cpp cppfunc 71 wchar_t * &dataRef = data; wchar_t * data = dataRef; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 870 153604/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 871 153604/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 872 153187/cmdline.c cppfunc 1099 e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char **tmpfile_left,const char *editor_cmd, const svn_string_t *contents,const char *filename,apr_hash_t *config,svn_boolean_t as_text,const char *encoding,apr_pool_t *pool) const char *editor; const char *tmpfile_native; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); svn_error_t *svn_err__temp = svn_subst_translate_cstring2(contents -> data,&translated,"\n",0,((void *)0),0,pool); translated_contents = svn_string_create_empty(pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8_ex2(&translated_contents -> data,translated,encoding,pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8(&translated_contents -> data,translated,pool); translated_contents = svn_string_dup(contents,pool); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); svn_error_t *svn_err__temp = svn_io_temp_dir(&base_dir,pool); svn_error_t *svn_err__temp = svn_path_cstring_from_utf8(&temp_dir_apr,base_dir,pool); apr_err = apr_filepath_set(temp_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); err = svn_path_cstring_from_utf8(&tmpfile_apr,tmpfile_name,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x10,pool); apr_file_mtime_set(tmpfile_apr,finfo_before . mtime - 2000,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x00000010 | 0x00000100,pool); err = svn_utf_cstring_from_utf8(&tmpfile_native,tmpfile_name,pool); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); 0 --------------------------------- 873 67717/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_06.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 874 72997/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_06.c cppfunc 71 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 875 153349/img2.c cppfunc 62 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 876 153500/dirent_uri.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 877 72383/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_16.c cppfunc 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 878 153437/portalmem.c cppfunc 525 jmp_buf fifine_tunisian; seriation_quadrateness = setjmp(fifine_tunisian); longjmp(fifine_tunisian,1); 0 --------------------------------- 879 149042/red.c inputfunc 190 n = fread(p, 1, rr->length, stdin); if (n != rr->length) { n, rr->length); fprintf(stderr, "%s: packet short read length %d != %d\n", s->packet_length = SSL_HDR_LEN + rr->length; rb->left = s->packet_length; p = rr->data + rr->length - MAC_SZ; if (memcmp(p, MAC, MAC_SZ) != 0) { rr->length -= MAC_SZ; encrypt_decrypt(rr->data, rr->length); void ssl3_get_record(SSL *s) SSL3_RECORD *rr = &s->s3->rrec; SSL3_BUFFER *rb = &s->s3->rbuf; version = (s->s3->major << 8) | s->s3->minor; if (s->version != version) if (rr->length > s->s3->rbuf.len - SSL_HDR_LEN) { rr->length, s->s3->rbuf.len - SSL_HDR_LEN); s->packet = &(s->s3->rbuf.buf[0]); ssl3_get_record(s); examine_hb_packet(s); void examine_hb_packet(SSL *s) SSL3_RECORD *rr = &s->s3->rrec; examine_hb_packet(s); (void) tls1_process_heartbeat(s); s->bio_should_retry++; int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) SSL3_RECORD *rr = &s->s3->rrec; ssl3_get_record(s); n = ssl3_read_bytes(s, SSL3_RT_APPLICATION_DATA, if (n == -1 && !s->bio_should_retry) int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) ssl3_get_record(s); void ssl3_get_record(SSL *s) ssl3_get_record(s); examine_hb_packet(s); void examine_hb_packet(SSL *s) examine_hb_packet(s); int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) n = ssl3_read_bytes(s, SSL3_RT_APPLICATION_DATA, int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) ssl3_get_record(s); void ssl3_get_record(SSL *s) ssl3_get_record(s); examine_hb_packet(s); void examine_hb_packet(SSL *s) examine_hb_packet(s); int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) n = ssl3_read_bytes(s, SSL3_RT_APPLICATION_DATA, int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) ssl3_get_record(s); void ssl3_get_record(SSL *s) ssl3_get_record(s); examine_hb_packet(s); void examine_hb_packet(SSL *s) examine_hb_packet(s); int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) n = ssl3_read_bytes(s, SSL3_RT_APPLICATION_DATA, int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) ssl3_get_record(s); void ssl3_get_record(SSL *s) s->version, version); void encrypt_decrypt(unsigned char *ptr, int len) for (i = 0; i < len; i++) 0 --------------------------------- 880 73041/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_02.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 881 110523/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22.c cppfunc 221 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 882 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c cppfunc 222 data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_goodB2GSink(char * * dataPtr) char * data = *dataPtr; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 883 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c cppfunc 225 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 884 72739/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_63.c cppfunc 120 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 885 72170/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_73.cpp cppfunc 151 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 886 66576/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_09.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 887 70757/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_32.c cppfunc 76 char * *dataPtr2 = &data; char * data = *dataPtr2; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 888 110396/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_64.c cppfunc 139 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 889 71196/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_45.c cppfunc 68 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_45_goodG2BData; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 890 79497/CWE134_Uncontrolled_Format_String__char_console_snprintf_16.c inputfunc 97 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 891 72738/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_62.cpp cppfunc 62 data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 892 72173/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_82_goodG2B.cpp cppfunc 34 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 893 79461/CWE134_Uncontrolled_Format_String__char_console_printf_44.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 894 153786/dynahash.c cppfunc 257 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 895 153746/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 896 67580/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_13.cpp cppfunc 95 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 897 62987/CWE121_Stack_Based_Buffer_Overflow__CWE135_67.c cppfunc 186 CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct; data = (void *)WIDE_STRING; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_goodB2GSink(myStruct); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); void CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_goodB2GSink(CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 898 62987/CWE121_Stack_Based_Buffer_Overflow__CWE135_67.c cppfunc 183 CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct; data = (void *)WIDE_STRING; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_goodB2GSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_goodB2GSink(CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 899 70655/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_16.c cppfunc 304 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 900 71452/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_81_goodG2B.cpp cppfunc 34 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 901 70478/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52.c cppfunc 438 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 902 66337/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_10.c cppfunc 66 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 903 70748/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_13.c cppfunc 89 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 904 70461/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_14.c cppfunc 377 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 905 153603/ffmpeg.c cppfunc 2014 static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); if (!strncmp((ost -> forced_keyframes),"expr:",5)) { parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) int n = 1; int64_t *pts; size = n; pts = (av_malloc(sizeof(( *pts)) * size)); p = kf; char *next = strchr(p,','); *(next++) = 0; if (!memcmp(p,"chapters",8)) { if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); AVChapter *c = avf -> chapters[j]; pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost = output_streams[i]; ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; ist = get_input_stream(ost); if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ist = get_input_stream(ost); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; ist = get_input_stream(ost); codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); ist = get_input_stream(ost); ost -> enc = avcodec_find_encoder(codec -> codec_id); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) p = kf; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); 0 --------------------------------- 906 153134/main_statusbar.c cppfunc 136 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 907 153134/main_statusbar.c cppfunc 133 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 908 153749/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 909 71595/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_74.cpp cppfunc 159 data = (int64_t *)malloc(100*sizeof(int64_t)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int64_t * data = dataMap[2]; memcpy(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 910 153759/hashfn.c cppfunc 45 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 911 67721/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_10.cpp inputfunc 209 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 912 153085/oids.c cppfunc 1307 ambulatory_palaeonemertea = getenv("PORTAGE_HIPMI"); ldp_sinuosely = ((int )(strlen(ambulatory_palaeonemertea))); extratabular_vamp = ((char *)(malloc(ldp_sinuosely + 1))); 0 --------------------------------- 913 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c cppfunc 214 char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_goodG2BData; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 914 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c cppfunc 217 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 915 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c cppfunc 148 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2_vasink(data, data); static void goodB2G2_vasink(char * data, ...) va_start(args, data); 0 --------------------------------- 916 71441/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_61.c cppfunc 63 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 917 66244/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_13.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 918 67571/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_04.cpp cppfunc 158 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 919 153290/dynahash.c cppfunc 270 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 920 72717/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_14.c cppfunc 69 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 921 153348/mutex.c cppfunc 43 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 922 153655/color.c cppfunc 368 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 923 67719/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_08.cpp cppfunc 320 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 924 152883/avpacket.c cppfunc 71 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 925 152951/mux.c cppfunc 129 int memorablenesses_informatory = 76; stonesoup_read_taint(&moderates_vinegarer,"7902",memorablenesses_informatory); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 926 67492/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_09.c cppfunc 76 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 927 72338/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_21.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 928 70433/CWE122_Heap_Based_Buffer_Overflow__CWE135_61.c cppfunc 78 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; return data; data = CWE122_Heap_Based_Buffer_Overflow__CWE135_61b_goodB2GSource(data); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 929 153626/bss_file.c cppfunc 124 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 930 71738/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_73.cpp cppfunc 159 list dataList; data = (int *)malloc(100*sizeof(int)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int * data = dataList.back(); memcpy(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 931 66526/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_07.c cppfunc 88 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 932 69865/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_72.cpp cppfunc 142 void badSink(vector dataVector) int * data = dataVector[2]; memcpy(data, source, 10*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 933 72741/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_65.c cppfunc 140 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_65b_goodG2BSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 934 153555/utf.c cppfunc 148 stonesoup_read_taint(&syncretizing_parcenership,"DARINGS_VERTEBROILIAC"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 935 67723/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_12.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 936 153816/error.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 937 153300/config_file.c cppfunc 85 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 938 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c cppfunc 160 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 939 70644/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_05.c cppfunc 375 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 940 66584/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_17.c cppfunc 58 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 941 153215/pgstat.c inputfunc 3291 if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { switch(fgetc(fpin)){ if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 942 67573/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_06.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 943 148966/emem.c cppfunc 1069 va_list ap; va_start(ap, fmt); dst = se_strdup_vprintf(fmt, ap); se_strdup_vprintf(const gchar* fmt, va_list ap) return emem_strdup_vprintf(fmt, ap, se_alloc); emem_strdup_vprintf(const gchar *fmt, va_list ap, void *allocator(size_t)) G_VA_COPY(ap2, ap); len = g_printf_string_upper_bound(fmt, ap); va_end(ap); 0 --------------------------------- 944 73704/CWE124_Buffer_Underwrite__CWE839_listen_socket_11.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 945 65206/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_15.c cppfunc 108 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 946 152999/tile-swap.c cppfunc 593 jmp_buf opalesque_ethnish; propylitic_imprecision = setjmp(opalesque_ethnish); longjmp(opalesque_ethnish,1); 0 --------------------------------- 947 73071/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53.c cppfunc 219 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53d_badSink(char * data) strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 948 153709/ffmpeg.c cppfunc 2039 static InputStream *get_input_stream(OutputStream *ost) int n = 1; size = n; pts = (av_malloc(sizeof(( *pts)) * size)); *(next++) = 0; p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; ist = get_input_stream(ost); ost -> enc = avcodec_find_encoder(codec -> codec_id); if (!strncmp((ost -> forced_keyframes),"expr:",5)) { parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) int64_t *pts; pts = (av_malloc(sizeof(( *pts)) * size)); p = kf; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); AVChapter *c = avf -> chapters[j]; pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost = output_streams[i]; ist = get_input_stream(ost); if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; ist = get_input_stream(ost); codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); ist = get_input_stream(ost); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); ist = get_input_stream(ost); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) p = kf; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); 0 --------------------------------- 949 153555/utf.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 950 153555/utf.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 951 67714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_03.cpp cppfunc 307 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 952 69888/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_17.cpp cppfunc 60 data = new wchar_t[100]; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 953 153423/error.c cppfunc 239 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int epistoler_haemapophysis = 20; char *isopycnal_appt; stonesoup_read_taint(&isopycnal_appt,"4193",epistoler_haemapophysis); cartoned_lichenised = ((int )(strlen(isopycnal_appt))); memcpy(logperch_hesitant,isopycnal_appt,cartoned_lichenised); free(((char *)isopycnal_appt)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&isopycnal_appt,"4193",epistoler_haemapophysis); cartoned_lichenised = ((int )(strlen(isopycnal_appt))); memcpy(logperch_hesitant,isopycnal_appt,cartoned_lichenised); free(((char *)isopycnal_appt)); 0 --------------------------------- 954 72752/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_01.c cppfunc 62 data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 955 71392/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54.c cppfunc 288 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54e_goodG2BSink(char * data) strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 956 72767/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_16.c cppfunc 61 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 957 70402/CWE122_Heap_Based_Buffer_Overflow__CWE135_03.c cppfunc 83 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 958 69877/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_06.cpp cppfunc 95 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 959 72018/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_62.cpp cppfunc 66 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 960 148823/Element.cpp cppfunc 1265 PassRefPtr Element::getAttributeNodeNS(const String& namespaceURI, const String& localName) NamedNodeMap* attrs = attributes(true); return static_pointer_cast(attrs->getNamedItem(QualifiedName(nullAtom, localName, namespaceURI))); 0 --------------------------------- 961 153275/column.c cppfunc 56 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 962 110687/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_67.cpp cppfunc 46 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 963 66252/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_31.c cppfunc 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 964 153079/cmdline.c cppfunc 1139 e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char **tmpfile_left,const char *editor_cmd, const svn_string_t *contents,const char *filename,apr_hash_t *config,svn_boolean_t as_text,const char *encoding,apr_pool_t *pool) const char *editor; const char *tmpfile_native; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); svn_error_t *svn_err__temp = svn_subst_translate_cstring2(contents -> data,&translated,"\n",0,((void *)0),0,pool); translated_contents = svn_string_create_empty(pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8_ex2(&translated_contents -> data,translated,encoding,pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8(&translated_contents -> data,translated,pool); translated_contents = svn_string_dup(contents,pool); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); svn_error_t *svn_err__temp = svn_io_temp_dir(&base_dir,pool); svn_error_t *svn_err__temp = svn_path_cstring_from_utf8(&temp_dir_apr,base_dir,pool); apr_err = apr_filepath_set(temp_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); err = svn_path_cstring_from_utf8(&tmpfile_apr,tmpfile_name,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x10,pool); apr_file_mtime_set(tmpfile_apr,finfo_before . mtime - 2000,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x00000010 | 0x00000100,pool); err = svn_utf_cstring_from_utf8(&tmpfile_native,tmpfile_name,pool); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); 0 --------------------------------- 965 153323/resowner.c cppfunc 154 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 966 153822/config_file.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 967 70533/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_65.c cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 968 110517/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_14.c cppfunc 166 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 969 70514/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_21.c cppfunc 70 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 970 153604/color.c cppfunc 596 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *atlanta_albitic; stonesoup_read_taint(&atlanta_albitic,"LOMETA_ATHEISTIC"); free(((char *)atlanta_albitic)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&atlanta_albitic,"LOMETA_ATHEISTIC"); free(((char *)atlanta_albitic)); 0 --------------------------------- 971 153059/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 972 199234/buffer_overrun_dynamic.c cppfunc 608 dynamic_buffer_overrun_s_005* ptr_s= malloc(10*sizeof(dynamic_buffer_overrun_s_005)); ptr_s[i].arri[i]='a'; free(ptr_s); 0 --------------------------------- 973 153142/tile.c cppfunc 431 void *nonstructurally_mesoventrally = 0; coadunite_overconstant(&nonstructurally_mesoventrally); diabolo_diluvy[ *( *( *( *( *( *( *( *( *( *colloquiquia_rutin)))))))))] = nonstructurally_mesoventrally; thanatophidia_institutionally = diabolo_diluvy[ *( *( *( *( *( *( *( *( *( *colloquiquia_rutin)))))))))]; free(((char *)((char *)thanatophidia_institutionally))); 0 --------------------------------- 974 153721/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 975 153721/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 976 153721/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 977 71458/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_03.c cppfunc 99 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 978 66299/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22.c cppfunc 194 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22_goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 979 79354/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_17.c cppfunc 152 static void goodB2GVaSinkG(char * data, ...) char dataBuffer[100] = ""; data = dataBuffer; goodB2GVaSinkG(data, data); data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 980 72875/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_44.c cppfunc 63 static void goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 981 69890/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_21.cpp cppfunc 76 data = new wchar_t[100]; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 982 71012/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_64.c cppfunc 130 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 983 72805/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_06.c cppfunc 97 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 984 72314/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_73.cpp cppfunc 149 void badSink(list dataList) char * data = dataList.back(); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 985 70400/CWE122_Heap_Based_Buffer_Overflow__CWE135_01.c cppfunc 67 dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 986 70414/CWE122_Heap_Based_Buffer_Overflow__CWE135_15.c cppfunc 177 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 987 62718/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_11.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 988 153491/stream.c cppfunc 79 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 989 71004/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_45.c cppfunc 66 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_45_goodG2BData; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 990 1304/mime2-ok.c inputfunc 169 while ((c1 = fgetc(e->e_dfp)) != EOF) c2 = fgetc(e->e_dfp); c3 = fgetc(e->e_dfp); c4 = fgetc(e->e_dfp); } while (isascii(c4) && isspace(c4)); if (c4 == EOF) if (c4 == '=') c4 = CHAR64(c4); 0 --------------------------------- 991 153273/cmdutils.c cppfunc 777 void parse_loglevel(int argc,char **argv,const OptionDef *options) int idx = locate_option(argc,argv,options,"loglevel"); int locate_option(int argc,char **argv,const OptionDef *options,const char *optname) idx = locate_option(argc,argv,options,"v"); opt_loglevel(((void *)0),"loglevel",argv[idx + 1]); int opt_loglevel(void *optctx,const char *opt,const char *arg) char *tail; if (!strcmp(log_levels[i] . name,arg)) { level = (strtol(arg,&tail,'\n')); 0 --------------------------------- 992 153715/eng_lib.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 993 153715/eng_lib.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 994 153241/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 995 62569/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_06.c inputfunc 89 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 996 72142/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_15.c cppfunc 109 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 997 72390/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_33.cpp cppfunc 68 char * &dataRef = data; char * data = dataRef; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 998 153657/pgstat.c inputfunc 3448 if (fread((&format_id),1,sizeof(format_id),fpin) != sizeof(format_id) || format_id != 0x01A5BC9A) { FreeFile(fpin); if (fread((&myGlobalStats),1,sizeof(myGlobalStats),fpin) != sizeof(myGlobalStats)) { FreeFile(fpin); *ts = myGlobalStats . stats_timestamp; FreeFile(fpin); if (pgstat_read_statsfile_timestamp(((bool )0),&file_ts) && file_ts >= min_ts) { static bool pgstat_read_statsfile_timestamp(bool permanent,TimestampTz *ts) 0 --------------------------------- 999 66284/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_05.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1000 73730/CWE124_Buffer_Underwrite__CWE839_listen_socket_64.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1001 148966/packet-sdp.c cppfunc 1140 dissect_sdp_media(tvbuff_t *tvb, proto_item *ti, offset = 0; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); proto_tree_add_item(sdp_media_tree, hf_media_media, tvb, offset, tokenlen, transport_info->media_type = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); next_offset = tvb_find_guint8(tvb, offset, tokenlen, '/'); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); tokenlen = next_offset - offset; transport_info->media_port[transport_info->media_count] = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen))); 0 --------------------------------- 1002 70515/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22.c cppfunc 324 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1003 70840/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_09.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1004 152948/mutex.c cppfunc 279 void waxworking_mesophyllic(char **musky_tonsillectomize) secessionalist_grandsir(musky_tonsillectomize); void secessionalist_grandsir(char **glairin_predesirously) free(((char *)glairin_predesirously[11])); 0 --------------------------------- 1005 149240/use_after_free_@buffer-good.c cppfunc 26 char *str[1] = {(char *)NULL}; if ((*str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(*str, "Falut!"); **str = 'S'; printf("%s\n", *str); free(*str); 0 --------------------------------- 1006 153683/tile.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1007 153407/config.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1008 153137/emem.c cppfunc 197 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1009 66332/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_05.c cppfunc 93 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1010 70898/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_21.c cppfunc 120 data = (char *)malloc((10+1)*sizeof(char)); return data; data = NULL; data = goodG2B2Source(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); static char * goodG2B2Source(char * data) return data; data = goodG2B2Source(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1011 73252/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_43.cpp cppfunc 63 data = NULL; goodG2BSource(data); static void goodG2BSource(double * &data) data = (double *)malloc(sizeof(*data)); *data = 1.7E300; printDoubleLine(*data); free(data); 0 --------------------------------- 1012 67329/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_42.c cppfunc 52 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 1013 65394/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_03.c cppfunc 93 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 1014 153325/aviobuf.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1015 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c cppfunc 150 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1016 153573/bss_file.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1017 72440/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_41.c cppfunc 57 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_41_goodG2BSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1018 70745/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_10.c cppfunc 89 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1019 70942/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_15.c cppfunc 79 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 1020 67506/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_05.c cppfunc 44 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_05_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_05_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 1021 153253/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1022 62752/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_81a.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1023 70880/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_01.c cppfunc 61 data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1024 72962/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_21.c cppfunc 121 static wchar_t * goodG2B2Source(wchar_t * data) data = NULL; data = goodG2B2Source(data); data[0] = L'\0'; return data; data = goodG2B2Source(data); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 1025 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c cppfunc 127 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1026 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c cppfunc 124 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 1027 70478/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52.c cppfunc 375 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1028 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c inputfunc 145 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 1029 153334/color.c cppfunc 348 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 1030 152941/eng_lib.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1031 72601/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_72.cpp cppfunc 167 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 1032 72132/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_05.c cppfunc 80 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 1033 153495/timestamp.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1034 153603/ffmpeg.c cppfunc 3248 union loka_upperer virgilia_anthropopathy(union loka_upperer dicasteries_morandi) return dicasteries_morandi; involuntary_nonhistorically = virgilia_anthropopathy(stopgaps_peevishness); free(((char *)involuntary_nonhistorically . succumbence_gaea)); void stonesoup_handle_taint(char *mannerlessness_stipels) union loka_upperer stopgaps_peevishness; stopgaps_peevishness . succumbence_gaea = mannerlessness_stipels; involuntary_nonhistorically = virgilia_anthropopathy(stopgaps_peevishness); 0 --------------------------------- 1035 79417/CWE134_Uncontrolled_Format_String__char_console_fprintf_53.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_53b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_53b_badSink(char * data); 0 --------------------------------- 1036 70472/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_41.c cppfunc 207 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1037 70962/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_62.cpp cppfunc 67 data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 1038 66283/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_04.c cppfunc 89 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1039 66628/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_13.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1040 153535/avdevice.c cppfunc 198 void *unpurported_scandalmonging = 0; lorianne_cadillac(&unpurported_scandalmonging); free(((char *)((char *)unpurported_scandalmonging))); 0 --------------------------------- 1041 153427/utils.c cppfunc 3200 va_list overspaciously_herbalism; __builtin_va_start(overspaciously_herbalism,sulphocarbonate_missuits); misceability_heterochronic = (va_arg(overspaciously_herbalism,struct gayomart_friendliness )); 0 --------------------------------- 1042 66298/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_21.c cppfunc 100 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 1043 72347/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_44.c cppfunc 61 static void goodG2BSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1044 153019/mutex.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1045 66620/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_05.c cppfunc 93 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1046 153019/mutex.c cppfunc 62 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1047 153019/mutex.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1048 67409/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_10.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1049 153502/conf_mod.c cppfunc 187 int barbadian_nonconstruable = 596; stonesoup_read_taint(&overassertion_natally,"2015",barbadian_nonconstruable); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 1050 153428/utils.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1051 70449/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_02.c cppfunc 236 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1052 152977/types.c cppfunc 421 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); quatch_foregrounds = ((int )(strlen(siliquiform_ammadas))); nitrifaction_prorogues = ((char *)(malloc(quatch_foregrounds + 1))); memset(nitrifaction_prorogues,0,quatch_foregrounds + 1); memcpy(nitrifaction_prorogues,siliquiform_ammadas,quatch_foregrounds); forzando_mendelize = &nitrifaction_prorogues; free(((char *)( *forzando_mendelize))); void stonesoup_handle_taint(char *siliquiform_ammadas) quatch_foregrounds = ((int )(strlen(siliquiform_ammadas))); memcpy(nitrifaction_prorogues,siliquiform_ammadas,quatch_foregrounds); forzando_mendelize = &nitrifaction_prorogues; free(((char *)( *forzando_mendelize))); 0 --------------------------------- 1053 72073/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_72.cpp cppfunc 171 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 1054 148966/emem.c cppfunc 2309 va_list ap; va_start(ap, format); ep_strbuf_append_vprintf(strbuf, format, ap); ep_strbuf_append_vprintf(emem_strbuf_t *strbuf, const gchar *format, va_list ap) G_VA_COPY(ap2, ap); full_len = g_vsnprintf(&strbuf->str[strbuf->len], (gulong) add_len, format, ap); va_end(ap); 0 --------------------------------- 1055 153245/e_bf.c cppfunc 238 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *magnetons_ice;; stonesoup_read_taint(&magnetons_ice,"WESKER_ZAPS"); thalian_malleating = ((int )(strlen(magnetons_ice))); preciosities_protomorph = ((char *)(malloc(thalian_malleating + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&magnetons_ice,"WESKER_ZAPS"); thalian_malleating = ((int )(strlen(magnetons_ice))); preciosities_protomorph = ((char *)(malloc(thalian_malleating + 1))); 0 --------------------------------- 1056 72434/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_21.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1057 66276/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_81a.cpp cppfunc 48 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1058 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c cppfunc 35 data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_badData = data; badSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_badData; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1059 148823/Element.cpp cppfunc 703 unsigned i = 0; i++; namedAttrMap->m_attributes.remove(i); 0 --------------------------------- 1060 153662/mem_dbg.c cppfunc 722 static void print_leak_LHASH_DOALL_ARG(void *arg1,void *arg2) const MEM *a = arg1; print_leak_doall_arg(a,b); static void print_leak_doall_arg(const MEM *m,MEM_LEAK *l) lcl = localtime(&m -> time); 0 --------------------------------- 1061 72759/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_08.c cppfunc 87 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 1062 110322/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_11.c cppfunc 153 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1063 152892/oids.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1064 73364/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_73.cpp cppfunc 146 void badSink(list dataList) twoIntsStruct * data = dataList.back(); printStructLine(data); free(data); 0 --------------------------------- 1065 72131/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_04.c cppfunc 103 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 1066 199276/invalid_memory_access.c cppfunc 368 invalid_memory_access_012_s_001 *s; s = (invalid_memory_access_012_s_001 *)calloc(1,sizeof(invalid_memory_access_012_s_001)); s->a = 20; s->b = 20; s->uninit = 20; free(s); 0 --------------------------------- 1067 70403/CWE122_Heap_Based_Buffer_Overflow__CWE135_04.c cppfunc 150 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1068 71478/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_33.cpp cppfunc 76 char * &dataRef = data; char * data = dataRef; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 1069 153545/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 1070 70894/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_15.c cppfunc 105 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1071 66622/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_07.c cppfunc 43 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1072 66343/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_16.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 1073 153649/pmsignal.c cppfunc 119 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1074 70409/CWE122_Heap_Based_Buffer_Overflow__CWE135_10.c cppfunc 172 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1075 153182/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1076 153182/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1077 153182/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1078 72735/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53.c cppfunc 237 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53d_goodG2BSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 1079 73179/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_74.cpp cppfunc 148 void badSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(dest, data); printWLine(data); free(data); 0 --------------------------------- 1080 153793/color.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1081 152983/dynahash.c cppfunc 266 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1082 79430/CWE134_Uncontrolled_Format_String__char_console_fprintf_81a.cpp inputfunc 38 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject.action(data); virtual void action(char * data) const = 0; 0 --------------------------------- 1083 66574/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_07.c cppfunc 88 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1084 148916/strutil.c cppfunc 299 format_text_wsp(const guchar *string, size_t len) c = *string++; if (isprint(c)) { } else if (isspace(c)) { 0 --------------------------------- 1085 153049/subtrans.c cppfunc 105 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1086 153711/timestamp.c cppfunc 89 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1087 153688/column.c cppfunc 72 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1088 153688/column.c cppfunc 75 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1089 71334/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_33.cpp cppfunc 72 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1090 153274/avfilter.c cppfunc 919 void canale_precontention(char *const paysanne_vasculature) CRANIOMAXILLARY_RACEMISMS(paysanne_vasculature); void oxon_uncompanionable(char *cerise_legibility) free(((char *)((char *)cerise_legibility))); 0 --------------------------------- 1091 152868/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1092 153711/timestamp.c cppfunc 80 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1093 153102/cryptlib.c cppfunc 193 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1094 153053/img2.c cppfunc 44 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1095 70667/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_44.c cppfunc 224 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1096 110352/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_68.c cppfunc 230 int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_68_badData; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1097 153089/string.c cppfunc 83 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1098 153089/string.c cppfunc 85 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1099 66586/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_21.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 1100 71298/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_62.cpp cppfunc 66 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1101 62975/CWE121_Stack_Based_Buffer_Overflow__CWE135_44.c cppfunc 61 static void goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 1102 62975/CWE121_Stack_Based_Buffer_Overflow__CWE135_44.c cppfunc 64 static void goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1103 153740/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1104 153158/resowner.c cppfunc 150 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1105 153158/resowner.c cppfunc 157 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1106 152908/utils.c cppfunc 115 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 1107 153158/resowner.c cppfunc 154 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1108 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c cppfunc 88 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 1109 153768/avpacket.c cppfunc 53 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1110 110825/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_61.cpp cppfunc 213 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1111 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c inputfunc 105 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 1112 153231/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1113 153306/error.c cppfunc 83 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1114 153306/error.c cppfunc 81 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1115 153391/ffmpeg.c cppfunc 2005 static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); if (!strncmp((ost -> forced_keyframes),"expr:",5)) { parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) int n = 1; int64_t *pts; size = n; pts = (av_malloc(sizeof(( *pts)) * size)); p = kf; char *next = strchr(p,','); *(next++) = 0; if (!memcmp(p,"chapters",8)) { if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); AVChapter *c = avf -> chapters[j]; pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost = output_streams[i]; ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ist = get_input_stream(ost); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; ist = get_input_stream(ost); codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); ist = get_input_stream(ost); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); ist = get_input_stream(ost); ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) p = kf; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); 0 --------------------------------- 1116 153670/avdevice.c cppfunc 62 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1117 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c cppfunc 96 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 1118 72332/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_13.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1119 70430/CWE122_Heap_Based_Buffer_Overflow__CWE135_52.c cppfunc 201 void CWE122_Heap_Based_Buffer_Overflow__CWE135_52c_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1120 72690/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_62.cpp cppfunc 62 data[50-1] = L'\0'; wcsncat(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 1121 62589/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_42.c cppfunc 118 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1122 70500/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_05.c cppfunc 99 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1123 153430/string.c cppfunc 579 int decompound_pansified = 53; char *corruptive_eequinoctium; stonesoup_read_taint(&corruptive_eequinoctium,"7626",decompound_pansified); crostarie_cystoptosis = ((int )(strlen(corruptive_eequinoctium))); greetings_cryophile = ((char *)(malloc(crostarie_cystoptosis + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&corruptive_eequinoctium,"7626",decompound_pansified); crostarie_cystoptosis = ((int )(strlen(corruptive_eequinoctium))); greetings_cryophile = ((char *)(malloc(crostarie_cystoptosis + 1))); 0 --------------------------------- 1124 67598/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_52.cpp cppfunc 83 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1125 70941/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_14.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 1126 72736/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54.c cppfunc 286 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54e_goodG2BSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 1127 72290/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_21.c cppfunc 118 data = (char *)malloc(100*sizeof(char)); data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1128 72452/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_64.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1129 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c cppfunc 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 1130 1299/recipient.c cppfunc 766 char *name; printf("finduser(%s): ", name); if ((pw = sm_getpwnam(name)) != NULL) *p = tolower(*p); for (p = name; *p != '\0'; p++) if (isascii(*p) && isupper(*p)) 0 --------------------------------- 1131 153105/portalmem.c cppfunc 514 contourne_unbragging = getenv("WALLFLOWERS_SLOCK"); antakya_progress = ((int )(strlen(contourne_unbragging))); wiremen_provisioneress = ((char *)(malloc(antakya_progress + 1))); memset(wiremen_provisioneress,0,antakya_progress + 1); memcpy(wiremen_provisioneress,contourne_unbragging,antakya_progress); isopentyl_amphoriloquy = tacitly_ecclesiasticus(wiremen_provisioneress); char *tacitly_ecclesiasticus(char *stagnate_jaddo) return stagnate_jaddo; isopentyl_amphoriloquy = tacitly_ecclesiasticus(wiremen_provisioneress); free(((char *)isopentyl_amphoriloquy)); 0 --------------------------------- 1132 66626/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_11.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1133 66296/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_17.c cppfunc 58 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 1134 69746/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_21.cpp cppfunc 120 data = new wchar_t[100]; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B2Source(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 1135 153327/e_camellia.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1136 71415/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_08.c cppfunc 55 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1137 66329/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_02.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1138 66530/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_11.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1139 72453/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_65.c cppfunc 140 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_65b_goodG2BSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1140 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c inputfunc 54 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; *dataPtr1 = data; 0 --------------------------------- 1141 152868/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1142 153743/stream.c cppfunc 120 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1143 153743/stream.c cppfunc 124 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1144 153743/stream.c cppfunc 127 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1145 73023/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53.c cppfunc 219 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53d_badSink(char * data) strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 1146 152887/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&virulented_pecking,"GONZALO_TIECLASPS"); if (virulented_pecking != 0) {; gnaphalium_unprotruded = ((char *)virulented_pecking); stonesoup_buff_size = strlen(gnaphalium_unprotruded) + 1; stonesoup_size = stonesoup_other_size < stonesoup_buff_size ? stonesoup_other_size : stonesoup_buff_size; for (stonesoup_i = 0; stonesoup_i < stonesoup_size; stonesoup_i++) { gnaphalium_unprotruded[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = for (stonesoup_i = 0; stonesoup_i < stonesoup_buff_size; stonesoup_i++) { free (stonesoup_other_buff); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buff_size", stonesoup_buff_size, &stonesoup_buff_size, "TRIGGER-STATE"); if (virulented_pecking != 0) free(((char *)virulented_pecking)); 0 --------------------------------- 1147 72276/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_05.c cppfunc 76 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1148 153589/bio_err.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1149 153084/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 1150 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c inputfunc 145 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 1151 66538/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_21.c cppfunc 100 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 1152 70937/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_10.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 1153 153471/mux.c cppfunc 963 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; int contractable_hoptoads = 596; char *countergauge_laggins; stonesoup_read_taint(&countergauge_laggins,"3876",contractable_hoptoads); blebs_outrolled = ((int )(strlen(countergauge_laggins))); varooms_stearn = ((char *)(malloc(blebs_outrolled + 1))); memset(varooms_stearn,0,blebs_outrolled + 1); memcpy(varooms_stearn,countergauge_laggins,blebs_outrolled); myodynamic_kessler = &varooms_stearn; CARIFTA_FAKER(myodynamic_kessler); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&countergauge_laggins,"3876",contractable_hoptoads); blebs_outrolled = ((int )(strlen(countergauge_laggins))); memcpy(varooms_stearn,countergauge_laggins,blebs_outrolled); myodynamic_kessler = &varooms_stearn; CARIFTA_FAKER(myodynamic_kessler); void notariate_disscussive(char **trinidad_camatina) free(((char *)( *trinidad_camatina))); 0 --------------------------------- 1154 70890/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_11.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1155 71177/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_10.c cppfunc 72 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 1156 153591/e_camellia.c cppfunc 654 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 1157 152886/main_statusbar.c cppfunc 139 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1158 72447/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53.c cppfunc 220 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53d_badSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1159 152886/main_statusbar.c cppfunc 130 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1160 70502/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_07.c cppfunc 186 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1161 70435/CWE122_Heap_Based_Buffer_Overflow__CWE135_63.c cppfunc 147 void CWE122_Heap_Based_Buffer_Overflow__CWE135_63b_badSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1162 70654/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_15.c cppfunc 395 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1163 153482/color.c cppfunc 359 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 1164 73713/CWE124_Buffer_Underwrite__CWE839_listen_socket_22.c cppfunc 254 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1165 110489/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_61.c cppfunc 69 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_61b_goodG2BSource(data); data = 20; return data; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1166 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 1167 72862/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_15.c cppfunc 106 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1168 72682/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_43.cpp cppfunc 29 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 1169 72812/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_13.c cppfunc 93 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 1170 110379/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22.c cppfunc 178 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1171 153796/oids.c cppfunc 980 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *corteges_blackies; stonesoup_read_taint(&corteges_blackies,"EPHEMEROPTERA_JUSTEN"); phenogenesis_squirreling = &corteges_blackies; free(((char *)( *phenogenesis_squirreling))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&corteges_blackies,"EPHEMEROPTERA_JUSTEN"); phenogenesis_squirreling = &corteges_blackies; free(((char *)( *phenogenesis_squirreling))); 0 --------------------------------- 1172 153194/tile-manager.c cppfunc 979 void unweelness_monacha(char *const termly_notasulga) ferromagnetism_monographer(termly_notasulga); void ferromagnetism_monographer(char *billowing_takyr) free(((char *)((char *)billowing_takyr))); 0 --------------------------------- 1173 70417/CWE122_Heap_Based_Buffer_Overflow__CWE135_18.c cppfunc 101 dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1174 70760/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_41.c cppfunc 59 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_41_goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1175 67751/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_67.cpp cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1176 66234/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_03.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1177 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c cppfunc 85 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BSink(data); static void goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1178 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c cppfunc 88 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 1179 153229/string.c cppfunc 1178 char *liponis_heredium = 0; unconcatenated_diddies(&liponis_heredium); wonderers_silicean = preexpend_pretranslation(liponis_heredium); char *preexpend_pretranslation(char *endangiitis_osirification) return endangiitis_osirification; wonderers_silicean = preexpend_pretranslation(liponis_heredium); free(((char *)wonderers_silicean)); 0 --------------------------------- 1180 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c inputfunc 120 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 1181 72089/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_10.c cppfunc 93 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 1182 71189/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_32.c cppfunc 78 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 1183 70969/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_72.cpp cppfunc 157 void badSink(vector dataVector) char * data = dataVector[2]; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 1184 71393/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_61.c cppfunc 61 data[0] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_61b_goodG2BSource(data); strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 1185 66606/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_66.c cppfunc 54 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1186 62966/CWE121_Stack_Based_Buffer_Overflow__CWE135_21.c cppfunc 132 size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); data = (void *)CHAR_STRING; goodG2BSink(data); static void goodG2BSink(void * data) memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1187 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c inputfunc 126 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodB2G2Sink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodB2G2Sink(char * data); 0 --------------------------------- 1188 72761/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_10.c cppfunc 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 1189 153239/color.c cppfunc 640 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *cardiorenal_gobbin) free(((char *)cardiorenal_gobbin)); 0 --------------------------------- 1190 72730/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_43.cpp cppfunc 29 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 1191 72123/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_74.cpp cppfunc 150 void badSink(map dataMap) wchar_t * data = dataMap[2]; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 1192 153495/timestamp.c cppfunc 83 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1193 110805/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_14.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1194 152924/column.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1195 153583/stream.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1196 153583/stream.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1197 153583/stream.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1198 66861/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_74.cpp cppfunc 151 void badSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 1199 70940/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_13.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 1200 152949/conf_mod.c cppfunc 668 jmp_buf durneder_vendean; bevilled_trollop = setjmp(durneder_vendean); longjmp(durneder_vendean,1); 0 --------------------------------- 1201 153467/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 1202 153219/color.c cppfunc 118 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1203 153233/bio_err.c cppfunc 116 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 1204 62978/CWE121_Stack_Based_Buffer_Overflow__CWE135_52.c cppfunc 209 void CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 1205 110674/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_43.cpp cppfunc 34 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1206 72880/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54.c cppfunc 288 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54e_goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1207 70500/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_05.c cppfunc 187 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1208 71366/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_07.c cppfunc 99 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 1209 67487/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_04.c cppfunc 102 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 1210 153236/dynahash.c cppfunc 270 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1211 63594/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_03.c cppfunc 75 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 1212 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c cppfunc 127 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1213 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c cppfunc 124 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 1214 153803/color.c cppfunc 363 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 1215 153803/color.c cppfunc 365 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 1216 72808/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_09.c cppfunc 93 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 1217 153706/cmdline.c cppfunc 80 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1218 153810/pgstat.c inputfunc 3266 if (fread((&format_id),1,sizeof(format_id),fpin) != sizeof(format_id) || format_id != 0x01A5BC9A) { if (fread((&globalStats),1,sizeof(globalStats),fpin) != sizeof(globalStats)) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 1219 66573/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_06.c cppfunc 86 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1220 153436/mux.c cppfunc 116 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1221 153436/mux.c cppfunc 114 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1222 1301/mime1-bad.c cppfunc 80 register int sz; sz = 1; p = malloc((unsigned) sz); 0 --------------------------------- 1223 70476/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_45.c cppfunc 216 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1224 62965/CWE121_Stack_Based_Buffer_Overflow__CWE135_18.c cppfunc 89 data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1225 66242/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_11.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1226 73363/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_72.cpp cppfunc 159 vector dataVector; data = NULL; data = (twoIntsStruct *)malloc(sizeof(*data)); data->intOne = 1; data->intTwo = 2; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) twoIntsStruct * data = dataVector[2]; printStructLine(data); free(data); 0 --------------------------------- 1227 153445/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1228 153445/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1229 153079/cmdline.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1230 153079/cmdline.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1231 153079/cmdline.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1232 70504/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_09.c cppfunc 270 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1233 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c inputfunc 112 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 1234 70471/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_34.c cppfunc 183 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1235 153686/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1236 153614/utils.c inputfunc 126 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&enviableness_displeaser,"CHERKESSER_BATCHELDER"); if (enviableness_displeaser != 0) {; *explainable_isotrehalose = enviableness_displeaser; 0 --------------------------------- 1237 66586/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_21.c cppfunc 100 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 1238 153614/utils.c cppfunc 123 stonesoup_read_taint(&enviableness_displeaser,"CHERKESSER_BATCHELDER"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 1239 153763/color.c cppfunc 615 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *colation_prosecutes; stonesoup_read_taint(&colation_prosecutes,"ODESSA_POLYGONALLY"); free(((char *)colation_prosecutes)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&colation_prosecutes,"ODESSA_POLYGONALLY"); free(((char *)colation_prosecutes)); 0 --------------------------------- 1240 71200/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54.c cppfunc 309 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54e_goodG2BSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 1241 70504/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_09.c cppfunc 181 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1242 70964/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_64.c cppfunc 152 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 1243 153629/avpacket.c cppfunc 41 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1244 153161/cryptlib.c cppfunc 191 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1245 153657/pgstat.c inputfunc 3280 if (fread((&format_id),1,sizeof(format_id),fpin) != sizeof(format_id) || format_id != 0x01A5BC9A) { if (fread((&globalStats),1,sizeof(globalStats),fpin) != sizeof(globalStats)) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 1246 70466/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_21.c cppfunc 282 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1247 70904/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_41.c cppfunc 61 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_41_goodG2BSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1248 66319/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_67.c cppfunc 58 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1249 153039/bufmgr.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1250 72993/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_02.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 1251 72721/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_18.c cppfunc 62 data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 1252 71412/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_05.c cppfunc 103 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1253 73725/CWE124_Buffer_Underwrite__CWE839_listen_socket_53.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1254 153023/avpacket.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1255 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c cppfunc 144 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 1256 71014/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_66.c cppfunc 133 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 1257 148923/strutil.c cppfunc 457 is_byte_sep(guint8 c) if (is_byte_sep(*punct)) { p = punct; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; q = p+1; s = p+3; && isxdigit(*p) && isxdigit(*q) && isxdigit(*r) && isxdigit(*s)) { punct = s + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q + 1; p = q; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { 0 --------------------------------- 1258 153769/utils.c cppfunc 885 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *hexaseme_egide; stonesoup_read_taint(&hexaseme_egide,"INAMISSIBLENESS_CUSTOMING"); mohock_treadling = ((int )(strlen(hexaseme_egide))); memcpy(chichewa_scorified,hexaseme_egide,mohock_treadling); free(((char *)hexaseme_egide)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&hexaseme_egide,"INAMISSIBLENESS_CUSTOMING"); mohock_treadling = ((int )(strlen(hexaseme_egide))); memcpy(chichewa_scorified,hexaseme_egide,mohock_treadling); free(((char *)hexaseme_egide)); 0 --------------------------------- 1259 153602/img2.c cppfunc 61 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1260 69156/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_05.cpp cppfunc 100 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 1261 71874/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_62.cpp cppfunc 76 data = NULL; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); void goodG2BSource(twoIntsStruct * &data) goodG2BSource(data); memcpy(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 1262 62589/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_42.c cppfunc 32 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1263 72142/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_15.c cppfunc 47 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 1264 70531/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63.c cppfunc 80 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1265 70658/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_21.c cppfunc 347 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1266 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c cppfunc 245 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 1267 153209/avdevice.c cppfunc 126 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int predifferent_unroll = 20; char *overnumerously_accoutres;; stonesoup_read_taint(&overnumerously_accoutres,"5475",predifferent_unroll); humorless_iroko = ((int )(strlen(overnumerously_accoutres))); enouncement_ambaris = ((char *)(malloc(humorless_iroko + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&overnumerously_accoutres,"5475",predifferent_unroll); humorless_iroko = ((int )(strlen(overnumerously_accoutres))); enouncement_ambaris = ((char *)(malloc(humorless_iroko + 1))); 0 --------------------------------- 1268 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c cppfunc 242 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 1269 153442/bss_file.c cppfunc 111 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1270 153442/bss_file.c cppfunc 113 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1271 153812/oids.c cppfunc 130 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1272 110317/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_06.c cppfunc 157 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1273 72424/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_09.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1274 153576/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1275 73052/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_13.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 1276 70654/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_15.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1277 152995/bio_err.c cppfunc 115 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1278 152995/bio_err.c cppfunc 117 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1279 153509/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1280 148916/strutil.c cppfunc 649 oid_str_to_bytes(const char *oid_str, GByteArray *bytes) { p = oid_str; if (!isdigit((guchar)*p) && (*p != '.')) return FALSE; p++; p = oid_str; while (isdigit((guchar)*p)) { p++; while (isdigit((guchar)*p)) { if (*p) p++; while (isdigit((guchar)*p)) { 0 --------------------------------- 1281 72722/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_21.c cppfunc 31 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 1282 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c cppfunc 512 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 1283 153778/tile-manager.c cppfunc 55 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1284 152955/timestamp.c cppfunc 194 jmp_buf limnoriidae_wanderoo; indestrucible_outbaking = setjmp(limnoriidae_wanderoo); longjmp(limnoriidae_wanderoo,1); 0 --------------------------------- 1285 153487/error.c cppfunc 702 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 1286 72321/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_02.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1287 153430/string.c cppfunc 587 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int decompound_pansified = 53; char *corruptive_eequinoctium; stonesoup_read_taint(&corruptive_eequinoctium,"7626",decompound_pansified); crostarie_cystoptosis = ((int )(strlen(corruptive_eequinoctium))); memcpy(greetings_cryophile,corruptive_eequinoctium,crostarie_cystoptosis); free(((char *)corruptive_eequinoctium)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&corruptive_eequinoctium,"7626",decompound_pansified); crostarie_cystoptosis = ((int )(strlen(corruptive_eequinoctium))); memcpy(greetings_cryophile,corruptive_eequinoctium,crostarie_cystoptosis); free(((char *)corruptive_eequinoctium)); 0 --------------------------------- 1288 152870/stream.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1289 152870/stream.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1290 70849/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_18.c cppfunc 65 data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1291 67590/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_33.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1292 70652/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_13.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1293 71881/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_72.cpp cppfunc 151 void badSink(vector dataVector) twoIntsStruct * data = dataVector[2]; memcpy(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 1294 153345/eng_table.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1295 153345/eng_table.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1296 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c inputfunc 90 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 1297 72128/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_01.c cppfunc 38 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 1298 153312/config.c cppfunc 112 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1299 153724/ffmpeg.c cppfunc 3247 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 1300 66129/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_72.cpp cppfunc 148 void badSink(vector dataVector) wchar_t * data = dataVector[2]; dataLen = wcslen(data); 0 --------------------------------- 1301 66353/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_42.c cppfunc 58 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 1302 72333/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_14.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1303 152998/string.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1304 152998/string.c cppfunc 82 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1305 152956/bss_file.c cppfunc 139 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1306 152956/bss_file.c cppfunc 135 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1307 153416/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1308 153416/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1309 153416/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1310 152868/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 1311 62990/CWE121_Stack_Based_Buffer_Overflow__CWE135_73.cpp cppfunc 166 void badSink(list dataList) void * data = dataList.back(); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1312 70872/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68.c cppfunc 139 char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68_badData; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1313 153407/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 1314 66359/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53.c cppfunc 57 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1315 153255/pmsignal.c cppfunc 152 int torticollis_revelers = 20; stonesoup_read_taint(&coattail_operatics,"1527",torticollis_revelers); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 1316 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c inputfunc 151 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 1317 65440/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_09.c cppfunc 95 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 1318 153215/pgstat.c cppfunc 390 struct addrinfo *addrs = ((void *)0); ret = pg_getaddrinfo_all("localhost",((void *)0),(&hints),&addrs); for (addr = addrs; addr; addr = addr -> ai_next) { if ((pgStatSock = socket(addr -> ai_family,SOCK_DGRAM,0)) == - 1) { if (bind(pgStatSock,(addr -> ai_addr),addr -> ai_addrlen) < 0) { 0 --------------------------------- 1319 153573/bss_file.c cppfunc 142 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1320 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c cppfunc 31 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; strcpy(data, "fixedstringtest"); badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 1321 110831/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_67.cpp cppfunc 89 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1322 70450/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_03.c cppfunc 377 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1323 70986/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_11.c cppfunc 89 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 1324 110680/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_54.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1325 67311/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_08.c cppfunc 94 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1326 67424/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_41.c cppfunc 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1327 153153/subtrans.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1328 153153/subtrans.c cppfunc 80 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1329 67304/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_01.c cppfunc 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1330 153178/color.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1331 153178/color.c cppfunc 107 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1332 153384/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 1333 72727/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_34.c cppfunc 73 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 1334 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 1335 67496/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_13.c cppfunc 76 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 1336 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c cppfunc 150 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1337 153593/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1338 153593/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1339 153593/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1340 67588/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_31.cpp cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1341 70649/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_10.c cppfunc 262 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1342 153225/color.c cppfunc 356 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 1343 153225/color.c cppfunc 358 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 1344 153763/color.c cppfunc 380 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 1345 153378/stream.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1346 71487/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53.c cppfunc 263 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53d_goodG2BSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 1347 71439/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53.c cppfunc 222 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1348 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c cppfunc 360 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66b_goodB2GSink(dataArray); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66b_goodB2GSink(char * dataArray[]) char * data = dataArray[2]; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1349 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c cppfunc 363 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 1350 153255/pmsignal.c cppfunc 131 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1351 67318/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_15.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1352 70498/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_03.c cppfunc 149 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1353 153531/emem.c cppfunc 180 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1354 153531/emem.c cppfunc 187 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1355 153531/emem.c cppfunc 184 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1356 66417/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_72.cpp cppfunc 148 void badSink(vector dataVector) wchar_t * data = dataVector[2]; dataLen = wcslen(data); 0 --------------------------------- 1357 67493/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_10.c cppfunc 96 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 1358 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 1359 72950/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_07.c cppfunc 77 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 1360 71778/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_62.cpp cppfunc 58 data = (int *)malloc(100*sizeof(int)); memmove(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 1361 67589/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_32.cpp cppfunc 42 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1362 152884/mem_dbg.c cppfunc 225 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1363 67721/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_10.cpp inputfunc 321 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 1364 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c cppfunc 86 static void goodB2GVaSinkG(char * data, ...) goodB2GVaSinkG(data, data); char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 1365 79353/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_16.c cppfunc 156 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 1366 79353/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_16.c cppfunc 153 static void goodB2GVaSinkG(char * data, ...) goodB2GVaSinkG(data, data); char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 1367 153623/ffmpeg.c cppfunc 999 fprintf(vstats_file,"PSNR= %6.2f ",psnr(enc -> coded_frame -> error[0] / ((enc -> width * enc -> height) * 255.0 * 255.0))); double error_sum = 0; double scale_sum = 0; error = enc -> error[j]; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; scale_sum += scale; p = psnr(error / scale); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); error_sum += error; p = psnr(error_sum / scale_sum); 0 --------------------------------- 1368 110533/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_51.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1369 153486/bufmgr.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1370 153077/file_wrappers.c cppfunc 118 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1371 110525/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_32.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1372 149230/double_free-good.c cppfunc 30 int size = sizeof(shellcode); shellcode_location = (char *)malloc(size); strcpy(shellcode_location, shellcode); printf("%s", shellcode_location); free(shellcode_location); 0 --------------------------------- 1373 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c cppfunc 61 static char * badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = badSource(data); badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1374 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c cppfunc 140 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1375 71446/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_66.c cppfunc 128 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1376 72865/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_18.c cppfunc 64 data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1377 153118/e_bf.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1378 153162/color.c cppfunc 346 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 1379 153270/dynahash.c cppfunc 1598 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *valeted_epitaphize; stonesoup_read_taint(&valeted_epitaphize,"NONIMMIGRANT_QUINCUNXES"); overtaxation_tantaluses = ((int )(strlen(valeted_epitaphize))); gloom_ungnawed = ((char *)(malloc(overtaxation_tantaluses + 1))); memset(gloom_ungnawed,0,overtaxation_tantaluses + 1); memcpy(gloom_ungnawed,valeted_epitaphize,overtaxation_tantaluses); acondylose_cigarillos = &gloom_ungnawed; SAGGIER_OUTRAKE(acondylose_cigarillos); void relata_watertightness(char **bentonville_semisilica) free(((char *)( *bentonville_semisilica))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&valeted_epitaphize,"NONIMMIGRANT_QUINCUNXES"); overtaxation_tantaluses = ((int )(strlen(valeted_epitaphize))); memcpy(gloom_ungnawed,valeted_epitaphize,overtaxation_tantaluses); acondylose_cigarillos = &gloom_ungnawed; SAGGIER_OUTRAKE(acondylose_cigarillos); 0 --------------------------------- 1380 66550/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_52.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1381 70669/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_51.c cppfunc 360 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1382 153509/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1383 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c cppfunc 298 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53d_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1384 153509/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1385 152873/portalmem.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1386 152895/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1387 71718/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_33.cpp cppfunc 62 int * &dataRef = data; int * data = dataRef; memcpy(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 1388 153304/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1389 70763/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_44.c cppfunc 63 static void goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1390 153217/gimpdisplay.c cppfunc 808 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int posho_undeclarative = 596; char *colluvia_laris;; stonesoup_read_taint(&colluvia_laris,"5936",posho_undeclarative); decurt_verene = ((int )(strlen(colluvia_laris))); capitolium_imaginous = ((char *)(malloc(decurt_verene + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&colluvia_laris,"5936",posho_undeclarative); decurt_verene = ((int )(strlen(colluvia_laris))); capitolium_imaginous = ((char *)(malloc(decurt_verene + 1))); 0 --------------------------------- 1391 153304/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1392 153304/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1393 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c cppfunc 155 char * *dataPtr2 = &data; char * data = *dataPtr2; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1394 153091/mux.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1395 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c cppfunc 158 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 1396 153592/main_filter_toolbar.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1397 153792/gimpdisplay.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1398 66335/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_08.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1399 70508/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_13.c cppfunc 130 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1400 72158/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_52.c cppfunc 192 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 1401 153798/cmdline.c cppfunc 1177 jmp_buf tomming_contemporaries; demarks_subtrist = setjmp(tomming_contemporaries); longjmp(tomming_contemporaries,1); 0 --------------------------------- 1402 153288/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1403 62738/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_52.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1404 63438/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_07.c cppfunc 79 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 1405 66608/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_68.c cppfunc 35 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1406 153760/aviobuf.c cppfunc 72 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1407 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c inputfunc 98 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 1408 153048/pmsignal.c cppfunc 150 int almeta_nondecadence = 596; stonesoup_read_taint(&gasped_melilites,"1045",almeta_nondecadence); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 1409 153054/utf.c cppfunc 1053 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int squamotemporal_abeles = 1001; char *diphthongising_microchemic;; stonesoup_read_taint(&diphthongising_microchemic,"9682",squamotemporal_abeles); clappe_excathedral . stearyl_coghle = diphthongising_microchemic; hydroponic_nabal(joebush_launderer,clappe_excathedral); void hydroponic_nabal(int meterstick_unquakerlike,union silverado_steepening floricultural_unarrogance) free(((char *)floricultural_unarrogance . stearyl_coghle)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&diphthongising_microchemic,"9682",squamotemporal_abeles); clappe_excathedral . stearyl_coghle = diphthongising_microchemic; hydroponic_nabal(joebush_launderer,clappe_excathedral); 0 --------------------------------- 1410 71470/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_15.c cppfunc 84 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 1411 110458/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_03.c cppfunc 103 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1412 153229/string.c inputfunc 111 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&sardoin_dromond,"MENDERES_SUNNING"); if (sardoin_dromond != 0) {; unpossessedness_estancias = ((int )(strlen(sardoin_dromond))); physocele_wakikis = ((char *)(malloc(unpossessedness_estancias + 1))); if (physocele_wakikis == 0) { memcpy(physocele_wakikis,sardoin_dromond,unpossessedness_estancias); if (sardoin_dromond != 0) free(((char *)sardoin_dromond)); *upcurved_pad = physocele_wakikis; 0 --------------------------------- 1413 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c cppfunc 273 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 1414 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c cppfunc 270 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 1415 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81a.cpp inputfunc 89 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject.action(data); virtual void action(char * data) const = 0; 0 --------------------------------- 1416 153553/conf_mod.c cppfunc 671 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); imbeciles_ethylin[1] = 5; mistral_unpasted = *(mewled_bardwell + imbeciles_ethylin[1]); free(((char *)((char *)mistral_unpasted))); void stonesoup_handle_taint(char *robustity_seraphtide) unlogistical_rowdydowdy = ((void *)robustity_seraphtide); mewled_bardwell[5] = unlogistical_rowdydowdy; mistral_unpasted = *(mewled_bardwell + imbeciles_ethylin[1]); free(((char *)((char *)mistral_unpasted))); 0 --------------------------------- 1417 153247/conversation.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1418 153709/ffmpeg.c cppfunc 183 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1419 153193/color.c cppfunc 368 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 1420 153247/conversation.c cppfunc 118 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1421 153155/hashfn.c cppfunc 61 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1422 153155/hashfn.c cppfunc 64 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1423 70912/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54.c cppfunc 309 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54e_goodG2BSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1424 63604/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_13.c cppfunc 75 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 1425 67726/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_15.cpp cppfunc 326 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1426 153474/e_bf.c cppfunc 314 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int acapulco_verisimility = 596; char *unhomologized_inwork;; stonesoup_read_taint(&unhomologized_inwork,"5097",acapulco_verisimility); sadly_gammerel[5] = unhomologized_inwork; saccharomycete_regardfully[1] = 5; shivered_semipalmation = *(sadly_gammerel + saccharomycete_regardfully[1]); assentingly_unexaminable(trachiniae_glaciates,shivered_semipalmation); assentingly_unexaminable(unmaddened_chronons,unctious_bination); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&unhomologized_inwork,"5097",acapulco_verisimility); sadly_gammerel[5] = unhomologized_inwork; shivered_semipalmation = *(sadly_gammerel + saccharomycete_regardfully[1]); assentingly_unexaminable(trachiniae_glaciates,shivered_semipalmation); void assentingly_unexaminable(int unmaddened_chronons,char *unctious_bination) free(((char *)unctious_bination)); 0 --------------------------------- 1427 71002/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_43.cpp cppfunc 72 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 1428 153480/bss_file.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1429 153197/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&blockholer_indirection,"GANOCEPHALOUS_PREAPPRISING"); if (blockholer_indirection != 0) {; gopher_gonoblastidial = ((char *)blockholer_indirection); stonesoup_my_buff_size = ((int )(strlen(gopher_gonoblastidial))); for (; stonesoup_ss_i < stonesoup_my_buff_size; ++stonesoup_ss_i){ if (blockholer_indirection != 0) free(((char *)blockholer_indirection)); 0 --------------------------------- 1430 73012/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_31.c cppfunc 63 data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 1431 70736/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_01.c cppfunc 59 data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1432 66939/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_72.cpp cppfunc 151 void badSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 1433 153100/color.c cppfunc 331 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 1434 153100/color.c cppfunc 333 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 1435 71286/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_33.cpp cppfunc 72 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1436 72205/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_51.c cppfunc 135 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_51b_badSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 1437 71914/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_43.cpp cppfunc 83 data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); static void goodG2BSource(twoIntsStruct * &data) data = NULL; goodG2BSource(data); memmove(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 1438 152917/cmdutils.c inputfunc 1729 ret = (fread(( *bufptr),1, *size,f)); if (ret < *size) { av_free(( *bufptr)); if (ferror(f)) { fclose(f); 0 --------------------------------- 1439 66257/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_42.c cppfunc 26 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 1440 62593/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_51.c cppfunc 80 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1441 72998/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_07.c cppfunc 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 1442 72984/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68.c cppfunc 151 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68b_goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68_goodG2BData; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 1443 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 1444 62747/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67.c cppfunc 189 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1445 110398/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_66.c cppfunc 142 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_66b_badSink(int dataArray[]) int data = dataArray[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1446 110314/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_03.c cppfunc 153 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1447 79469/CWE134_Uncontrolled_Format_String__char_console_printf_63.c inputfunc 94 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_63b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_printf_63b_goodB2GSink(char * * dataPtr) CWE134_Uncontrolled_Format_String__char_console_printf_63b_goodB2GSink(&data); char * data = *dataPtr; printf("%s\n", data); 0 --------------------------------- 1448 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c cppfunc 294 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodG2BVaSink(data, data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1449 153600/tile.c cppfunc 76 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1450 153600/tile.c cppfunc 72 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1451 71169/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_02.c cppfunc 92 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 1452 66355/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_44.c cppfunc 75 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1453 153612/tile-swap.c cppfunc 667 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 1454 148916/strutil.c cppfunc 944 escape_string(char *buf, const char *string) for (p = string; (c = *p) != '\0'; p++) { else if (!isprint((unsigned char)c)) { 0 --------------------------------- 1455 110464/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_09.c cppfunc 77 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1456 70503/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_08.c cppfunc 241 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1457 153405/main_filter_toolbar.c cppfunc 109 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1458 153405/main_filter_toolbar.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1459 66623/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_08.c cppfunc 100 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1460 153047/color.c cppfunc 378 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 1461 153351/oids.c cppfunc 1007 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *sphenomaxillary_stereoscopy; stonesoup_read_taint(&sphenomaxillary_stereoscopy,"MOFW_BRAMLEY"); pachysandra_depolarising = ((int )(strlen(sphenomaxillary_stereoscopy))); orthograde_unstack = ((char *)(malloc(pachysandra_depolarising + 1))); memset(orthograde_unstack,0,pachysandra_depolarising + 1); memcpy(orthograde_unstack,sphenomaxillary_stereoscopy,pachysandra_depolarising); convex_nonheritor = &orthograde_unstack; cruciately_composite = &convex_nonheritor; free(((char *)( *( *cruciately_composite)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&sphenomaxillary_stereoscopy,"MOFW_BRAMLEY"); pachysandra_depolarising = ((int )(strlen(sphenomaxillary_stereoscopy))); memcpy(orthograde_unstack,sphenomaxillary_stereoscopy,pachysandra_depolarising); convex_nonheritor = &orthograde_unstack; cruciately_composite = &convex_nonheritor; free(((char *)( *( *cruciately_composite)))); 0 --------------------------------- 1462 153214/pgstat.c inputfunc 3372 if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); memcpy(dbentry,(&dbbuf),sizeof(PgStat_StatDBEntry )); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 1463 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c inputfunc 127 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodB2G2_vasink(data, data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodB2G2_vasink(char * data, ...); 0 --------------------------------- 1464 72188/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_13.c cppfunc 77 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 1465 70643/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_04.c cppfunc 268 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1466 66272/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_68.c cppfunc 55 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1467 153238/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1468 70931/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_04.c cppfunc 79 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 1469 153567/pmsignal.c cppfunc 108 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1470 153194/tile-manager.c inputfunc 104 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&lipwork_drowsiest,"PERISTEROPODAN_MARCHMAN"); if (lipwork_drowsiest != 0) {; diatribist_semipsychologic = ((int )(strlen(lipwork_drowsiest))); vasomotorial_tyrrhus = ((char *)(malloc(diatribist_semipsychologic + 1))); if (vasomotorial_tyrrhus == 0) { memcpy(vasomotorial_tyrrhus,lipwork_drowsiest,diatribist_semipsychologic); if (lipwork_drowsiest != 0) free(((char *)lipwork_drowsiest)); 0 --------------------------------- 1471 153567/pmsignal.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1472 152906/tile.c cppfunc 303 int luny_dungan = 20; char *alehoof_nagualism; stonesoup_read_taint(&alehoof_nagualism,"8966",luny_dungan); strawy_jesuist = ((int )(strlen(alehoof_nagualism))); conidiophorous_paraebius = ((char *)(malloc(strawy_jesuist + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&alehoof_nagualism,"8966",luny_dungan); strawy_jesuist = ((int )(strlen(alehoof_nagualism))); conidiophorous_paraebius = ((char *)(malloc(strawy_jesuist + 1))); 0 --------------------------------- 1473 66330/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_03.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1474 62599/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_63.c cppfunc 80 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1475 152903/color.c cppfunc 605 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *hotheadednesses_protoactinium; stonesoup_read_taint(&hotheadednesses_protoactinium,"RUPESTRAL_UNCUMBER"); free(((char *)hotheadednesses_protoactinium)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&hotheadednesses_protoactinium,"RUPESTRAL_UNCUMBER"); free(((char *)hotheadednesses_protoactinium)); 0 --------------------------------- 1476 153476/column.c cppfunc 74 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1477 153346/img2.c cppfunc 62 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1478 69890/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_21.cpp cppfunc 120 data = new wchar_t[100]; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B2Source(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 1479 153675/aviobuf.c cppfunc 55 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1480 73639/CWE124_Buffer_Underwrite__CWE839_fgets_72.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1481 153615/portalmem.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1482 153615/portalmem.c cppfunc 117 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1483 153615/portalmem.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1484 65158/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_07.c cppfunc 99 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 1485 152963/pmsignal.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1486 153197/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1487 153445/color.c cppfunc 617 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int sizy_preeternal = 40; char *haliplankton_slivovitz; stonesoup_read_taint(&haliplankton_slivovitz,"7410",sizy_preeternal); free(((char *)haliplankton_slivovitz)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&haliplankton_slivovitz,"7410",sizy_preeternal); free(((char *)haliplankton_slivovitz)); 0 --------------------------------- 1488 153445/color.c cppfunc 611 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 1489 70499/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_04.c cppfunc 276 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1490 70742/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_07.c cppfunc 95 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1491 110525/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_32.c cppfunc 172 int *dataPtr2 = &data; int data = *dataPtr2; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1492 72133/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_06.c cppfunc 77 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 1493 73070/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52.c cppfunc 186 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52c_goodG2BSink(char * data) strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 1494 70881/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_02.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1495 153677/color.c cppfunc 353 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 1496 70502/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_07.c cppfunc 275 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1497 153594/error.c inputfunc 137 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&compressibly_allotropical,"MICROMEMBRANE_INDUBIOUSLY"); if (compressibly_allotropical != 0) {; begirdled_thi . usucaptible_filipendulous = compressibly_allotropical; unholiness_unabsorbed = overwheel_monostomatidae(begirdled_thi); union chivachee_hyposystole overwheel_monostomatidae(union chivachee_hyposystole appellate_citua); 0 --------------------------------- 1498 70682/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_73.cpp cppfunc 371 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1499 153594/error.c cppfunc 134 stonesoup_read_taint(&compressibly_allotropical,"MICROMEMBRANE_INDUBIOUSLY"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 1500 67577/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_10.cpp cppfunc 96 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1501 65439/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_08.c cppfunc 109 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 1502 66591/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_34.c cppfunc 36 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1503 70499/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_04.c cppfunc 187 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1504 62744/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_64.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1505 153499/color.c cppfunc 333 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 1506 72790/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_66.c cppfunc 137 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 1507 65166/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_15.c cppfunc 106 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 1508 153818/tile.c cppfunc 81 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1509 153818/tile.c cppfunc 83 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1510 153327/e_camellia.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1511 153327/e_camellia.c cppfunc 120 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1512 73620/CWE124_Buffer_Underwrite__CWE839_fgets_33.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1513 70683/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_74.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1514 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c cppfunc 206 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 1515 66560/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_68.c cppfunc 55 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1516 73027/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_63.c cppfunc 136 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 1517 1299/util-bad.c cppfunc 177 register char *gecos; char *login; char *buf; register char *bp = buf; gecos++; l += strlen(login); for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++) *bp = toupper(*bp); bp++; *bp++ = *p; printf ("bp-buf = %d\n", (bp-buf)); strlen(bp), strlen(login)); (void) strcpy(bp, login); *bp = toupper(*bp); 0 --------------------------------- 1518 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c cppfunc 147 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 1519 153455/color.c cppfunc 598 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *insectan_cassididae) free(((char *)insectan_cassididae)); 0 --------------------------------- 1520 152935/config_file.c cppfunc 137 int enchains_melanoid = 20; stonesoup_read_taint(&acronymous_basementless,"8343",enchains_melanoid); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 1521 72770/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_21.c cppfunc 77 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 1522 67591/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_34.cpp cppfunc 141 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1523 110669/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_32.cpp cppfunc 41 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1524 71362/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_03.c cppfunc 71 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 1525 153001/avpacket.c cppfunc 79 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1526 67584/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_17.cpp cppfunc 97 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1527 79474/CWE134_Uncontrolled_Format_String__char_console_printf_68.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_68_goodB2GData = data; CWE134_Uncontrolled_Format_String__char_console_printf_68b_goodB2GSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_printf_68_goodB2GData; printf("%s\n", data); 0 --------------------------------- 1528 70841/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_10.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1529 72732/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_45.c cppfunc 64 data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_45_goodG2BData; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 1530 153132/color.c cppfunc 603 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int reimburser_lorinda = 26; char *aerobian_triflingness; stonesoup_read_taint(&aerobian_triflingness,"7704",reimburser_lorinda); free(((char *)aerobian_triflingness)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&aerobian_triflingness,"7704",reimburser_lorinda); free(((char *)aerobian_triflingness)); 0 --------------------------------- 1531 66634/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_21.c cppfunc 77 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 1532 153388/dynahash.c cppfunc 268 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1533 153178/color.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1534 71452/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_81_bad.cpp cppfunc 34 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1535 153114/tile.c cppfunc 51 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1536 153696/config.c cppfunc 234 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *soldat_unamusingly; stonesoup_read_taint(&soldat_unamusingly,"THAPSIA_PULVINIC"); waster_jumbler = soldat_unamusingly; sentence_interdentally[5] = waster_jumbler; bessie_mihrab = 5; chromos_wonderwell = &bessie_mihrab; volante_betimes = *(sentence_interdentally + *chromos_wonderwell); free(((char *)volante_betimes)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&soldat_unamusingly,"THAPSIA_PULVINIC"); waster_jumbler = soldat_unamusingly; sentence_interdentally[5] = waster_jumbler; volante_betimes = *(sentence_interdentally + *chromos_wonderwell); free(((char *)volante_betimes)); 0 --------------------------------- 1537 153298/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 1538 70675/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_63.c cppfunc 327 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1539 73718/CWE124_Buffer_Underwrite__CWE839_listen_socket_41.c cppfunc 101 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1540 153176/stream.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1541 153176/stream.c cppfunc 94 size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1542 153176/stream.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1543 62979/CWE121_Stack_Based_Buffer_Overflow__CWE135_53.c cppfunc 267 void CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 1544 70676/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_64.c cppfunc 401 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1545 153291/color.c cppfunc 600 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *nonvulvar_morganatical) free(((char *)nonvulvar_morganatical)); 0 --------------------------------- 1546 71010/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_62.cpp cppfunc 65 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 1547 70410/CWE122_Heap_Based_Buffer_Overflow__CWE135_11.c cppfunc 111 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 1548 73006/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_15.c cppfunc 74 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 1549 72729/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_42.c cppfunc 70 data[50-1] = L'\0'; return data; data = goodG2BSource(data); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 1550 72110/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52.c cppfunc 172 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52c_badSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 1551 153802/types.c cppfunc 437 struct kaffiyehs_remunerates hypocreales_auguring = {0}; quezals_plasmin(&hypocreales_auguring); duckier_wakikis = inhalant_hinson(hypocreales_auguring); struct kaffiyehs_remunerates inhalant_hinson(struct kaffiyehs_remunerates scintillation_ungrabbing) return scintillation_ungrabbing; duckier_wakikis = inhalant_hinson(hypocreales_auguring); free(((char *)duckier_wakikis . vetanda_galantine)); 0 --------------------------------- 1552 153486/bufmgr.c cppfunc 129 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1553 148828/Element.cpp cppfunc 510 String localName = shouldIgnoreAttributeCase(this) ? name.lower() : name; return !elem->hasAttribute(attr); if (!documentIsHTML && namespaces && shouldAddNamespaceElem(el)) if (el->isHTMLElement() && (annotate || convert)) { Element* element = const_cast(el); RefPtr styleFromMatchedRules = styleFromMatchedRulesForElement(const_cast(el)); styleFromMatchedRules->merge(style.get()); style = styleFromMatchedRules; CSSMutableStyleDeclaration::const_iterator end = style->end(); for (CSSMutableStyleDeclaration::const_iterator it = style->begin(); it != end; ++it) { const CSSProperty& property = *it; CSSValue* value = property.value(); fromComputedStyle->addParsedProperty(CSSProperty(property.id(), computedPropertyValue)); style->merge(fromComputedStyle.get()); 0 --------------------------------- 1554 148828/Element.cpp cppfunc 517 if (FrameView* view = document()->view()) { IntRect visibleContentRect = view->visibleContentRect(); result.move(-visibleContentRect.x(), -visibleContentRect.y()); 0 --------------------------------- 1555 153264/types.c cppfunc 126 svn_error_t *svn_revnum_parse(svn_revnum_t *rev,const char *str,const char **endptr) char *end; svn_revnum_t result = strtol(str,&end,10); 0 --------------------------------- 1556 153655/color.c cppfunc 577 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *tanghin_sunsetty; stonesoup_read_taint(&tanghin_sunsetty,"MOLDS_BABAYLAN"); free(((char *)tanghin_sunsetty)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&tanghin_sunsetty,"MOLDS_BABAYLAN"); free(((char *)tanghin_sunsetty)); 0 --------------------------------- 1557 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c cppfunc 546 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54e_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1558 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c cppfunc 549 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 1559 153486/bufmgr.c cppfunc 126 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1560 149126/heap_overflow_cplx-good.c inputfunc 31 if(fread(&r, sizeof r, 1, f) != 1) fclose(f); if(fclose(f) != 0) return r; unsigned length = getRand() % 50 - 1; char *t = malloc((length + 1) * sizeof(char)); if (!t) for (;i dataVector; data = NULL; data = (double *)malloc(sizeof(*data)); *data = 1.7E300; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) double * data = dataVector[2]; printDoubleLine(*data); free(data); 0 --------------------------------- 1562 152945/portalmem.c cppfunc 484 planidorsate_thermidor = getenv("TERNAR_REFINDS"); huskroot_eupolidean = ((int )(strlen(planidorsate_thermidor))); tripolar_pose = ((char *)(malloc(huskroot_eupolidean + 1))); 0 --------------------------------- 1563 67517/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_16.c cppfunc 38 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_16_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_16_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 1564 153691/avdevice.c cppfunc 57 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 1565 70642/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_03.c cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1566 153192/tile-manager.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1567 65397/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_06.c cppfunc 97 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 1568 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c inputfunc 108 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1Sink(data); static void goodB2G1Sink(char * data) fprintf(stdout, "%s\n", data); 0 --------------------------------- 1569 67592/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_41.cpp cppfunc 67 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1570 153213/dynahash.c cppfunc 242 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1571 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c cppfunc 197 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 1572 152941/eng_lib.c cppfunc 495 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 1573 67514/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_13.c cppfunc 38 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_13_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_13_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 1574 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c cppfunc 147 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 1575 73079/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67.c cppfunc 133 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 1576 153387/subtrans.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1577 70472/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_41.c cppfunc 167 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1578 153783/string.c cppfunc 84 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1579 70515/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22.c cppfunc 259 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1580 153122/gimpdialogfactory.c cppfunc 124 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1581 67309/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_06.c cppfunc 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1582 69885/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_14.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 1583 153607/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1584 71378/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_21.c cppfunc 121 static char * goodG2B2Source(char * data) data = NULL; data = goodG2B2Source(data); data[0] = '\0'; return data; data = goodG2B2Source(data); strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 1585 72423/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_08.c cppfunc 104 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1586 70753/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_18.c cppfunc 63 data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1587 153655/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1588 62971/CWE121_Stack_Based_Buffer_Overflow__CWE135_34.c cppfunc 75 CWE121_Stack_Based_Buffer_Overflow__CWE135_34_unionType myUnion; void * data = myUnion.unionSecond; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1589 70460/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_13.c cppfunc 377 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1590 110399/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67.c cppfunc 43 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1591 67722/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_11.cpp cppfunc 194 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1592 153212/utils.c cppfunc 4730 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) switch(( *(spec++))){ if (( *(spec++)) == ':') { int index = (strtol(spec,((void *)0),0)); 0 --------------------------------- 1593 66291/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_12.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1594 66291/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_12.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1595 72746/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_73.cpp cppfunc 149 void badSink(list dataList) wchar_t * data = dataList.back(); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 1596 153054/utf.c cppfunc 127 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1597 153054/utf.c cppfunc 124 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1598 153054/utf.c cppfunc 120 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1599 153517/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1600 153679/avdevice.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1601 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c cppfunc 127 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1602 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c cppfunc 124 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 1603 110507/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_04.c cppfunc 173 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1604 72809/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_10.c cppfunc 93 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 1605 153657/pgstat.c cppfunc 403 struct addrinfo *addrs = ((void *)0); ret = pg_getaddrinfo_all("localhost",((void *)0),(&hints),&addrs); for (addr = addrs; addr; addr = addr -> ai_next) { if ((pgStatSock = socket(addr -> ai_family,SOCK_DGRAM,0)) == - 1) { if (bind(pgStatSock,(addr -> ai_addr),addr -> ai_addrlen) < 0) { 0 --------------------------------- 1606 72094/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_15.c cppfunc 106 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 1607 153591/e_camellia.c cppfunc 591 void stonesoup_handle_taint(char *overfrugality_pairt) pseudobinary_synochal = ((int )(strlen(overfrugality_pairt))); magistracy_riverside = ((char *)(malloc(pseudobinary_synochal + 1))); 0 --------------------------------- 1608 67736/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_41.cpp inputfunc 124 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 1609 110321/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_10.c cppfunc 153 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1610 153392/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 1611 152882/subtrans.c cppfunc 307 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *causeways_proprietarian; stonesoup_read_taint(&causeways_proprietarian,"PACIFYING_LEISURELESS"); pazia_boroglycerine = ((int )(strlen(causeways_proprietarian))); memcpy(unsticked_hoplonemertea,causeways_proprietarian,pazia_boroglycerine); free(((char *)causeways_proprietarian)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&causeways_proprietarian,"PACIFYING_LEISURELESS"); pazia_boroglycerine = ((int )(strlen(causeways_proprietarian))); memcpy(unsticked_hoplonemertea,causeways_proprietarian,pazia_boroglycerine); free(((char *)causeways_proprietarian)); 0 --------------------------------- 1612 70655/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_16.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1613 66569/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_02.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1614 67495/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12.c cppfunc 62 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 1615 153085/oids.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1616 70403/CWE122_Heap_Based_Buffer_Overflow__CWE135_04.c cppfunc 89 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 1617 70667/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_44.c cppfunc 183 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1618 62739/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1619 153085/oids.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1620 152883/avpacket.c cppfunc 53 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1621 152883/avpacket.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1622 72417/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_02.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1623 67423/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_34.c cppfunc 36 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1624 66253/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_32.c cppfunc 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1625 71370/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_11.c cppfunc 71 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 1626 62594/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_52.c cppfunc 80 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1627 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c cppfunc 197 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1628 72140/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_13.c cppfunc 96 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 1629 152955/timestamp.c cppfunc 116 int unwealsomeness_leechwort = 596; stonesoup_read_taint(&sorefoot_rollin,"2380",unwealsomeness_leechwort); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 1630 153504/e_bf.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1631 73057/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_18.c cppfunc 60 data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 1632 67569/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_02.cpp cppfunc 96 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1633 153695/main_statusbar.c cppfunc 1161 char *deseret_muhlenberg = 0; feture_tanta(indigenismo_unquested,deseret_muhlenberg); feture_tanta(azoblack_backchain,paraxial_huelessness); void feture_tanta(int azoblack_backchain,char *paraxial_huelessness) free(((char *)paraxial_huelessness)); 0 --------------------------------- 1634 71365/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_06.c cppfunc 97 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 1635 153013/file_wrappers.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1636 67408/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_09.c cppfunc 60 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1637 66289/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_10.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1638 148828/markup.cpp cppfunc 283 static PassRefPtr styleFromMatchedRulesForElement(Element* element, bool authorOnly = true) RefPtr matchedRules = element->document()->styleSelector()->styleRulesForElement(element, authorOnly); for (unsigned i = 0; i < matchedRules->length(); i++) { if (matchedRules->item(i)->type() == CSSRule::STYLE_RULE) { RefPtr s = static_cast(matchedRules->item(i))->style(); style->merge(s.get(), true); 0 --------------------------------- 1639 153623/ffmpeg.c cppfunc 3249 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *counterbend_greenbackism) olathe_polychromy[61] = counterbend_greenbackism; deutscher_george[ *( *( *( *( *( *( *( *( *( *undemolished_transylvanian)))))))))] = olathe_polychromy; dispend_rehabilitative = deutscher_george[ *( *( *( *( *( *( *( *( *( *undemolished_transylvanian)))))))))]; free(((char *)dispend_rehabilitative[61])); 0 --------------------------------- 1640 72165/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_65.c cppfunc 144 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 1641 153066/portalmem.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1642 67498/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_15.c cppfunc 82 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 1643 67725/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_14.cpp inputfunc 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 1644 66352/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_41.c cppfunc 71 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1645 110376/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_17.c cppfunc 87 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1646 110654/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_07.cpp cppfunc 44 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1647 67720/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_09.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1648 153589/bio_err.c cppfunc 108 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1649 73043/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_04.c cppfunc 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 1650 110366/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_07.c cppfunc 96 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1651 71430/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_33.cpp cppfunc 72 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1652 66285/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_06.c cppfunc 65 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1653 62603/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67.c cppfunc 90 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1654 67578/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_11.cpp cppfunc 95 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1655 153599/mem_dbg.c cppfunc 718 static void print_leak_LHASH_DOALL_ARG(void *arg1,void *arg2) const MEM *a = arg1; print_leak_doall_arg(a,b); static void print_leak_doall_arg(const MEM *m,MEM_LEAK *l) lcl = localtime(&m -> time); 0 --------------------------------- 1656 71475/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22.c cppfunc 75 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_goodG2B1Source(data); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 1657 153604/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1658 70647/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_08.c cppfunc 382 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1659 71427/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22.c cppfunc 42 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1660 110461/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_06.c cppfunc 107 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1661 71494/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_66.c cppfunc 158 data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 1662 152976/column-utils.c cppfunc 74 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1663 152976/column-utils.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1664 153399/cmdline.c inputfunc 851 e = (getenv("EDITOR")); if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 1665 70659/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22.c cppfunc 401 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1666 62709/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_02.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1667 72442/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_43.cpp cppfunc 71 data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1668 62984/CWE121_Stack_Based_Buffer_Overflow__CWE135_64.c cppfunc 162 void CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_goodG2BSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1669 153772/subtrans.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1670 153772/subtrans.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1671 67754/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_73.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1672 199319/uninit_pointer.c cppfunc 335 s = (uninit_pointer_014_s_001 *)calloc(1,sizeof(uninit_pointer_014_s_001)); s->a = 10; s->b = 10; s = (uninit_pointer_014_s_001 *)calloc(1,sizeof(uninit_pointer_014_s_001)); s->a = 20; s->b = 20; uninit_pointer_014_func_001 (1); free(s); 0 --------------------------------- 1673 153709/ffmpeg.c cppfunc 215 int oxalacetate_homosassa = 26; stonesoup_read_taint(&dipodomyinae_caporals,"5925",oxalacetate_homosassa); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 1674 152995/bio_err.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1675 153798/cmdline.c cppfunc 88 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1676 152995/bio_err.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1677 153274/avfilter.c cppfunc 866 void stonesoup_handle_taint(char *geronomite_stouter) heterophaga_memory = ((int )(strlen(geronomite_stouter))); memcpy(spinnable_unproficiently,geronomite_stouter,heterophaga_memory); free(((char *)geronomite_stouter)); 0 --------------------------------- 1678 153641/timestamp.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1679 153641/timestamp.c cppfunc 64 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1680 1309/my-util.c cppfunc 83 void *xalloc(size_t sz) { assert(sz>0); p = (void *) malloc(sz); assert (p!=NULL); 0 --------------------------------- 1681 67600/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_54.cpp cppfunc 83 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1682 153131/color.c cppfunc 349 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 1683 153131/color.c cppfunc 347 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 1684 152977/types.c cppfunc 46 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1685 152977/types.c cppfunc 44 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(canaut_posttension)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1686 72833/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_61.c cppfunc 61 data[0] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_61b_goodG2BSource(data); strcat(data, source); printLine(data); free(data); 0 --------------------------------- 1687 153487/error.c cppfunc 103 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1688 67717/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_06.cpp cppfunc 312 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1689 110821/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_51.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1690 199236/buffer_underrun_dynamic.c cppfunc 313 int *buf=(int*) calloc(5,sizeof(int)); free(buf); dynamic_buffer_underrun_017_func_001(0); void dynamic_buffer_underrun_017_func_001 (int index) *(buf -index) = 1; free(buf); 0 --------------------------------- 1691 72209/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_61.c cppfunc 67 data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_61b_goodG2BSource(data); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 1692 66259/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_44.c cppfunc 71 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1693 72380/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_13.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1694 72194/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_21.c cppfunc 98 data = NULL; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data[0] = L'\0'; return data; data = goodG2B1Source(data); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 1695 153460/utils.c cppfunc 71 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1696 153810/pgstat.c cppfunc 389 struct addrinfo *addrs = ((void *)0); ret = pg_getaddrinfo_all("localhost",((void *)0),(&hints),&addrs); for (addr = addrs; addr; addr = addr -> ai_next) { if ((pgStatSock = socket(addr -> ai_family,SOCK_DGRAM,0)) == - 1) { if (bind(pgStatSock,(addr -> ai_addr),addr -> ai_addrlen) < 0) { 0 --------------------------------- 1697 110793/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_02.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1698 110657/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_10.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1699 69924/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_05.cpp cppfunc 100 data = new wchar_t[100]; data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 1700 72757/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_06.c cppfunc 77 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 1701 153341/avpacket.c cppfunc 63 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 1702 153554/error.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1703 72826/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_43.cpp cppfunc 73 data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 1704 152925/eng_lib.c cppfunc 361 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; union mucocellulosic_seated tires_yaakov; int zeugobranchia_overbar = 44; char *axiolite_scumboard;; stonesoup_read_taint(&axiolite_scumboard,"2674",zeugobranchia_overbar); tires_yaakov . classicalities_perioesophageal = axiolite_scumboard; majestical_overmuches[ *( *( *( *( *( *( *( *( *( *cheirotherium_carbin)))))))))] = tires_yaakov; tweedles_quomodos = majestical_overmuches[ *( *( *( *( *( *( *( *( *( *cheirotherium_carbin)))))))))]; free(((char *)tweedles_quomodos . classicalities_perioesophageal)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&axiolite_scumboard,"2674",zeugobranchia_overbar); tires_yaakov . classicalities_perioesophageal = axiolite_scumboard; tweedles_quomodos = majestical_overmuches[ *( *( *( *( *( *( *( *( *( *cheirotherium_carbin)))))))))]; free(((char *)tweedles_quomodos . classicalities_perioesophageal)); 0 --------------------------------- 1705 153612/tile-swap.c cppfunc 171 int nicoli_antiferromagnet = 105; stonesoup_read_taint(&iin_mantle,"6802",nicoli_antiferromagnet); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 1706 62980/CWE121_Stack_Based_Buffer_Overflow__CWE135_54.c cppfunc 308 void CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 1707 73739/CWE124_Buffer_Underwrite__CWE839_listen_socket_82a.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1708 62574/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_11.c inputfunc 84 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 1709 71369/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_10.c cppfunc 93 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 1710 62574/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_11.c cppfunc 87 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1711 153000/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1712 62741/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_61.c cppfunc 247 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1713 153537/heapam.c cppfunc 527 jmp_buf inconsistencies_nffe; fluyts_kechi = setjmp(inconsistencies_nffe); longjmp(inconsistencies_nffe,1); 0 --------------------------------- 1714 70645/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_06.c cppfunc 309 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1715 66531/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_12.c cppfunc 69 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1716 153504/e_bf.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1717 153504/e_bf.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1718 153329/avfilter.c cppfunc 64 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1719 72409/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_72.cpp cppfunc 149 void badSink(vector dataVector) char * data = dataVector[2]; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1720 153178/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 1721 153609/img2.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1722 79520/CWE134_Uncontrolled_Format_String__char_console_snprintf_66.c inputfunc 106 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_66b_goodB2GSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_snprintf_66b_goodB2GSink(char * dataArray[]) char * data = dataArray[2]; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 1723 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c inputfunc 89 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodB2G1Sink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodB2G1Sink(char * data); 0 --------------------------------- 1724 153616/mux.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1725 67603/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_63.cpp cppfunc 83 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1726 70407/CWE122_Heap_Based_Buffer_Overflow__CWE135_08.c cppfunc 157 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1727 66301/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_32.c cppfunc 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1728 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c cppfunc 185 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 1729 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c cppfunc 182 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1730 67378/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_43.cpp cppfunc 68 data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 1731 153322/color.c cppfunc 347 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 1732 70656/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_17.c cppfunc 302 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1733 153322/color.c cppfunc 349 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 1734 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c cppfunc 333 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1735 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c cppfunc 336 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 1736 110522/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_21.c cppfunc 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1737 153103/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1738 1291/sig-bad.c cppfunc 225 newstr(size_t len, int needpanic) { assert(len <= 65536); buf = (u_char *)malloc(2 + len + 1); 0 --------------------------------- 1739 153269/color.c cppfunc 334 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 1740 153269/color.c cppfunc 336 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 1741 66549/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_51.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1742 70883/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_04.c cppfunc 99 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1743 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c inputfunc 89 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodB2G1Sink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodB2G1Sink(char * data); 0 --------------------------------- 1744 63433/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_02.c cppfunc 73 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 1745 67405/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_06.c cppfunc 35 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1746 67738/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_43.cpp cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1747 72852/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_05.c cppfunc 100 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1748 153437/portalmem.c cppfunc 123 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1749 153437/portalmem.c cppfunc 126 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1750 152885/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1751 62573/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_10.c cppfunc 87 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1752 62573/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_10.c inputfunc 84 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 1753 153608/hashfn.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1754 153608/hashfn.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1755 70675/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_63.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1756 153126/color.c cppfunc 589 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int chairmen_doudle = 596; char *coulterneb_ier; stonesoup_read_taint(&coulterneb_ier,"5444",chairmen_doudle); free(((char *)coulterneb_ier)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&coulterneb_ier,"5444",chairmen_doudle); free(((char *)coulterneb_ier)); 0 --------------------------------- 1757 153600/tile.c inputfunc 115 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&unparcelled_mentholatum,"MOUSIEST_SARCOCYSTIDEAN"); if (unparcelled_mentholatum != 0) {; nephalistic_dewflower . neurophil_subchapters = ((char *)unparcelled_mentholatum); hosta_hematoscope(nephalistic_dewflower); void hosta_hematoscope(struct unreproachfully_moonraker unroyally_troparion); 0 --------------------------------- 1758 153600/tile.c cppfunc 112 stonesoup_read_taint(&unparcelled_mentholatum,"MOUSIEST_SARCOCYSTIDEAN"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 1759 72697/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_72.cpp cppfunc 149 void badSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncat(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 1760 71185/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_18.c cppfunc 65 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 1761 153468/utils.c cppfunc 97 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1762 70652/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_13.c cppfunc 369 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1763 69761/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_61.cpp cppfunc 146 data = new wchar_t[100]; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 1764 70659/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22.c cppfunc 173 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1765 153498/mem_dbg.c cppfunc 793 static void print_leak_LHASH_DOALL_ARG(void *arg1,void *arg2) const MEM *a = arg1; print_leak_doall_arg(a,b); static void print_leak_doall_arg(const MEM *m,MEM_LEAK *l) lcl = localtime(&m -> time); 0 --------------------------------- 1766 71192/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_41.c cppfunc 61 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_41_goodG2BSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 1767 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c inputfunc 169 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_start(args, data); goodB2GVaSinkG(data, data); 0 --------------------------------- 1768 72843/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_74.cpp cppfunc 169 data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 1769 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c cppfunc 130 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 1770 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c cppfunc 133 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1771 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c cppfunc 354 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 1772 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c cppfunc 351 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1773 66239/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_08.c cppfunc 45 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1774 153696/config.c cppfunc 108 stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1775 70641/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_02.c cppfunc 369 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1776 153055/config_file.c cppfunc 114 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1777 72740/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_64.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 1778 153103/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1779 153103/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1780 153103/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1781 153055/config_file.c cppfunc 285 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *hypocritic_defleaing; stonesoup_read_taint(&hypocritic_defleaing,"NESTABLE_TRUNKMAKER"); rhizodermis_habitualness = ((int )(strlen(hypocritic_defleaing))); bolshevist_fatelike = ((char *)(malloc(rhizodermis_habitualness + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&hypocritic_defleaing,"NESTABLE_TRUNKMAKER"); rhizodermis_habitualness = ((int )(strlen(hypocritic_defleaing))); bolshevist_fatelike = ((char *)(malloc(rhizodermis_habitualness + 1))); 0 --------------------------------- 1782 153387/subtrans.c cppfunc 799 void cystectomies_aethogen(char **packton_troublers) alexina_savagenesses(packton_troublers); void alexina_savagenesses(char **fermis_achorn) free(((char *)fermis_achorn[3])); 0 --------------------------------- 1783 110347/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_63.c cppfunc 242 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_63b_goodG2BSink(&data); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_63b_goodG2BSink(int * dataPtr) int data = *dataPtr; intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1784 70892/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_13.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1785 62570/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_07.c cppfunc 142 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1786 153055/config_file.c inputfunc 139 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hypocritic_defleaing,"NESTABLE_TRUNKMAKER"); if (hypocritic_defleaing != 0) {; rhizodermis_habitualness = ((int )(strlen(hypocritic_defleaing))); bolshevist_fatelike = ((char *)(malloc(rhizodermis_habitualness + 1))); if (bolshevist_fatelike == 0) { memcpy(bolshevist_fatelike,hypocritic_defleaing,rhizodermis_habitualness); if (hypocritic_defleaing != 0) free(((char *)hypocritic_defleaing)); 0 --------------------------------- 1787 70739/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_04.c cppfunc 96 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1788 153502/conf_mod.c cppfunc 139 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1789 153809/img2.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1790 66535/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_16.c cppfunc 57 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 1791 153039/bufmgr.c cppfunc 1050 char *unmythical_tyrannisingly; stonesoup_read_taint(&unmythical_tyrannisingly,"UNLEARNABLENESS_AMERINDIAN"); unsimulating_pharyngoxerosis = ((int )(strlen(unmythical_tyrannisingly))); insectary_rightly = ((char *)(malloc(unsimulating_pharyngoxerosis + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&unmythical_tyrannisingly,"UNLEARNABLENESS_AMERINDIAN"); unsimulating_pharyngoxerosis = ((int )(strlen(unmythical_tyrannisingly))); insectary_rightly = ((char *)(malloc(unsimulating_pharyngoxerosis + 1))); 0 --------------------------------- 1792 153039/bufmgr.c cppfunc 1058 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *unmythical_tyrannisingly; stonesoup_read_taint(&unmythical_tyrannisingly,"UNLEARNABLENESS_AMERINDIAN"); unsimulating_pharyngoxerosis = ((int )(strlen(unmythical_tyrannisingly))); memcpy(insectary_rightly,unmythical_tyrannisingly,unsimulating_pharyngoxerosis); free(((char *)unmythical_tyrannisingly)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&unmythical_tyrannisingly,"UNLEARNABLENESS_AMERINDIAN"); unsimulating_pharyngoxerosis = ((int )(strlen(unmythical_tyrannisingly))); memcpy(insectary_rightly,unmythical_tyrannisingly,unsimulating_pharyngoxerosis); free(((char *)unmythical_tyrannisingly)); 0 --------------------------------- 1793 153428/utils.c cppfunc 2564 jmp_buf weent_disaffiliation; menorrheic_ellipsoid = setjmp(weent_disaffiliation); longjmp(weent_disaffiliation,1); 0 --------------------------------- 1794 66641/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_42.c cppfunc 58 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 1795 153107/color.c cppfunc 356 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 1796 153107/color.c cppfunc 358 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 1797 152878/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1798 1576/into3-ok.c cppfunc 50 main(int argc, char **argv) n = strtoul(argv[1], 0, 10); test(n); test(unsigned int n) int *buf, i; if(n > INT_MAX / sizeof *buf) buf = malloc(n * sizeof *buf); for(i = 0; i < n; i++) buf[i] = i; printf("%x ", buf[i]); free(buf); 0 --------------------------------- 1799 62710/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_03.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1800 153132/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1801 153286/mux.c cppfunc 108 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1802 67570/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_03.cpp cppfunc 96 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1803 153526/pgstat.c cppfunc 401 struct addrinfo *addrs = ((void *)0); ret = pg_getaddrinfo_all("localhost",((void *)0),(&hints),&addrs); for (addr = addrs; addr; addr = addr -> ai_next) { if ((pgStatSock = socket(addr -> ai_family,SOCK_DGRAM,0)) == - 1) { if (bind(pgStatSock,(addr -> ai_addr),addr -> ai_addrlen) < 0) { 0 --------------------------------- 1804 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c cppfunc 195 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 1805 72351/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53.c cppfunc 237 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53d_goodG2BSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1806 110521/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_18.c cppfunc 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1807 148881/emem.c cppfunc 1543 emem_tree_lookup_string(emem_tree_t* se_tree, const gchar* k, guint32 flags) guint32 len = (guint) strlen(k); ch = (unsigned char)k[i]; if(isupper(ch)) { 0 --------------------------------- 1808 70456/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_09.c cppfunc 330 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1809 153330/color.c inputfunc 156 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { 0 --------------------------------- 1810 153353/color.c cppfunc 379 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 1811 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c cppfunc 362 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 1812 62712/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_05.c cppfunc 86 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1813 79430/CWE134_Uncontrolled_Format_String__char_console_fprintf_81a.cpp inputfunc 89 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject.action(data); virtual void action(char * data) const = 0; 0 --------------------------------- 1814 70407/CWE122_Heap_Based_Buffer_Overflow__CWE135_08.c cppfunc 96 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 1815 153215/pgstat.c cppfunc 291 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1816 153215/pgstat.c cppfunc 295 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1817 153535/avdevice.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1818 153215/pgstat.c cppfunc 298 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1819 71411/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_04.c cppfunc 80 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1820 72392/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_41.c cppfunc 57 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_41_goodG2BSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1821 69744/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_17.cpp cppfunc 34 data = new wchar_t[100]; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 1822 71387/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_44.c cppfunc 63 static void goodG2BSink(char * data) strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 1823 70862/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52.c cppfunc 184 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52c_badSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1824 72208/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54.c cppfunc 300 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54e_badSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 1825 71491/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_63.c cppfunc 152 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 1826 153517/color.c cppfunc 368 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 1827 72280/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_09.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1828 72206/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52.c cppfunc 208 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52c_goodG2BSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 1829 152997/stream.c cppfunc 98 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 1830 70951/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_34.c cppfunc 76 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_34_unionType myUnion; char * data = myUnion.unionSecond; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 1831 153421/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1832 71451/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_74.cpp cppfunc 151 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1833 153414/dirent_uri.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1834 153414/dirent_uri.c cppfunc 111 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1835 70839/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_08.c cppfunc 86 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1836 153214/pgstat.c inputfunc 3459 if (fread((&format_id),1,sizeof(format_id),fpin) != sizeof(format_id) || format_id != 0x01A5BC9A) { FreeFile(fpin); if (fread((&myGlobalStats),1,sizeof(myGlobalStats),fpin) != sizeof(myGlobalStats)) { FreeFile(fpin); *ts = myGlobalStats . stats_timestamp; FreeFile(fpin); if (pgstat_read_statsfile_timestamp(((bool )0),&file_ts) && file_ts >= min_ts) { static bool pgstat_read_statsfile_timestamp(bool permanent,TimestampTz *ts) 0 --------------------------------- 1837 153771/main_filter_toolbar.c cppfunc 120 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1838 153771/main_filter_toolbar.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1839 153458/config.c cppfunc 81 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1840 73721/CWE124_Buffer_Underwrite__CWE839_listen_socket_44.c cppfunc 245 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1841 153790/mem_dbg.c cppfunc 231 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1842 67740/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_45.cpp cppfunc 115 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1843 72134/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_07.c cppfunc 79 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 1844 67723/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_12.cpp cppfunc 229 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1845 153588/file_wrappers.c cppfunc 131 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 1846 66593/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_42.c cppfunc 26 wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 1847 67320/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_17.c cppfunc 57 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 1848 70497/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_02.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1849 72866/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_21.c cppfunc 121 static char * goodG2B2Source(char * data) data = NULL; data = goodG2B2Source(data); data[0] = '\0'; return data; data = goodG2B2Source(data); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1850 66589/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_32.c cppfunc 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1851 153647/aviobuf.c cppfunc 1257 void entrench_babyfied(char *const gauzily_sass) visitorial_garfish(ruesomeness_huntsmen,gauzily_sass); void visitorial_garfish(int cankered_pyrrophyllin,char *fritniency_floroun) visitorial_garfish(cankered_pyrrophyllin,fritniency_floroun); free(((char *)((char *)fritniency_floroun))); 0 --------------------------------- 1852 73727/CWE124_Buffer_Underwrite__CWE839_listen_socket_61.c cppfunc 247 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1853 72167/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_67.c cppfunc 156 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 1854 70860/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_45.c cppfunc 68 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_45_goodG2BData; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1855 71207/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67.c cppfunc 160 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67_structType myStruct; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 1856 153695/main_statusbar.c cppfunc 121 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1857 71007/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53.c cppfunc 237 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53d_badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 1858 153671/color.c cppfunc 599 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *sophora_rearousal; stonesoup_read_taint(&sophora_rearousal,"HYETOLOGIST_PLY"); free(((char *)sophora_rearousal)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&sophora_rearousal,"HYETOLOGIST_PLY"); free(((char *)sophora_rearousal)); 0 --------------------------------- 1859 62948/CWE121_Stack_Based_Buffer_Overflow__CWE135_01.c cppfunc 77 data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 1860 70500/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_05.c cppfunc 43 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1861 153039/bufmgr.c cppfunc 126 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1862 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c inputfunc 91 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 1863 70457/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_10.c cppfunc 377 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1864 153106/config.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1865 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c cppfunc 117 CWE134_Uncontrolled_Format_String__char_console_vfprintf_34_unionType myUnion; char * data = myUnion.unionSecond; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1866 153749/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1867 79375/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65.c cppfunc 335 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 1868 73025/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_61.c cppfunc 57 data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_61b_goodG2BSource(data); strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 1869 72370/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_03.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 1870 72343/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_34.c cppfunc 73 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_34_unionType myUnion; char * data = myUnion.unionSecond; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1871 152985/dynahash.c cppfunc 240 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1872 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c cppfunc 493 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 1873 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c cppfunc 490 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53d_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 1874 153355/subtrans.c cppfunc 509 void preoverthrew_zilvia(void *forthcome_cathedras) traceable_unserene(forthcome_cathedras); void traceable_unserene(void *acetophenine_hornlike) free(((char *)((char *)((void *)acetophenine_hornlike)))); 0 --------------------------------- 1875 72338/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_21.c cppfunc 118 data = (char *)malloc(100*sizeof(char)); data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1876 153079/cmdline.c cppfunc 189 jmp_buf seafare_sculptresses; silicles_adit = setjmp(seafare_sculptresses); longjmp(seafare_sculptresses,1); 0 --------------------------------- 1877 67315/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_12.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1878 67315/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_12.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1879 73042/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_03.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 1880 153484/stream.c cppfunc 128 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1881 66267/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_63.c cppfunc 50 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1882 67343/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_67.c cppfunc 58 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1883 153074/utils.c cppfunc 4292 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; const char *col; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { if ((col = (strchr(p,':'))) && col < ls) { *port_ptr = atoi(col + 1); 0 --------------------------------- 1884 72507/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_74.cpp cppfunc 171 data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 0 --------------------------------- 1885 152944/color.c cppfunc 346 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 1886 153697/color.c cppfunc 349 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 1887 153202/bio_err.c cppfunc 112 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1888 153697/color.c cppfunc 347 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 1889 152944/color.c cppfunc 348 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 1890 153829/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1891 70529/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_61.c cppfunc 202 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1892 153829/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1893 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c cppfunc 251 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 1894 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c cppfunc 254 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 1895 73029/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_65.c cppfunc 122 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_65b_badSink(char * data) strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 1896 153283/color.c cppfunc 118 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(lornnesses_unworkmanlike)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1897 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c cppfunc 109 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 1898 70668/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_45.c cppfunc 267 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1899 72861/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_14.c cppfunc 93 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1900 153409/config_file.c cppfunc 1253 void megalochirous_lepero(tropicalih_homeborn senior_talas) hollong_rapture(senior_talas); void hollong_rapture(tropicalih_homeborn talwood_sunspots) free(((char *)talwood_sunspots)); 0 --------------------------------- 1901 72359/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67.c cppfunc 152 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67_structType myStruct; data[50-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67_structType myStruct) char * data = myStruct.structFirst; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1902 66619/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_04.c cppfunc 93 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1903 153254/conf_mod.c cppfunc 156 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1904 67719/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_08.cpp cppfunc 208 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1905 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c inputfunc 90 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 1906 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c cppfunc 124 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 1907 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c cppfunc 127 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1908 66608/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_68.c cppfunc 55 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1909 153830/main_statusbar.c cppfunc 139 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1910 70681/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_72.cpp cppfunc 336 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1911 153830/main_statusbar.c cppfunc 130 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1912 69730/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_03.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 1913 70652/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_13.c cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1914 72184/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_09.c cppfunc 99 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 1915 71408/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_01.c cppfunc 62 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1916 110392/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54.c cppfunc 285 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54e_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1917 153501/e_camellia.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1918 153124/utf.c cppfunc 137 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1919 153706/cmdline.c cppfunc 1074 e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char **tmpfile_left,const char *editor_cmd, const svn_string_t *contents,const char *filename,apr_hash_t *config,svn_boolean_t as_text,const char *encoding,apr_pool_t *pool) const char *editor; const char *tmpfile_native; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); svn_error_t *svn_err__temp = svn_subst_translate_cstring2(contents -> data,&translated,"\n",0,((void *)0),0,pool); translated_contents = svn_string_create_empty(pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8_ex2(&translated_contents -> data,translated,encoding,pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8(&translated_contents -> data,translated,pool); translated_contents = svn_string_dup(contents,pool); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); svn_error_t *svn_err__temp = svn_io_temp_dir(&base_dir,pool); svn_error_t *svn_err__temp = svn_path_cstring_from_utf8(&temp_dir_apr,base_dir,pool); apr_err = apr_filepath_set(temp_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); err = svn_path_cstring_from_utf8(&tmpfile_apr,tmpfile_name,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x10,pool); apr_file_mtime_set(tmpfile_apr,finfo_before . mtime - 2000,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x00000010 | 0x00000100,pool); err = svn_utf_cstring_from_utf8(&tmpfile_native,tmpfile_name,pool); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); 0 --------------------------------- 1920 67732/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_31.cpp cppfunc 231 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1921 66581/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_14.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 1922 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c inputfunc 107 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 1923 153407/config.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1924 71400/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68.c cppfunc 132 char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68_badData; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 1925 73026/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_62.cpp cppfunc 60 data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 1926 71414/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_07.c cppfunc 79 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1927 72765/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_14.c cppfunc 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 1928 153396/avfilter.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1929 153396/avfilter.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1930 153396/avfilter.c cppfunc 61 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1931 62745/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_65.c cppfunc 184 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1932 70844/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_13.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1933 153812/oids.c cppfunc 152 stonesoup_read_taint(&coaxal_archoverseer,"MULTITUDINISTIC_OFFICIATION"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 1934 153812/oids.c inputfunc 155 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&coaxal_archoverseer,"MULTITUDINISTIC_OFFICIATION"); if (coaxal_archoverseer != 0) {; glossina_recognosce . endosteoma_maudlinize = ((char *)coaxal_archoverseer); sequesterment_wuzzled[5] = glossina_recognosce; mothering_isogone = *(sequesterment_wuzzled + *nonlethal_semifloscular); arcs_dreamless(mothering_isogone); 0 --------------------------------- 1935 62983/CWE121_Stack_Based_Buffer_Overflow__CWE135_63.c cppfunc 167 data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_goodB2GSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_goodB2GSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 1936 152945/portalmem.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1937 110360/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_01.c cppfunc 79 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1938 199236/buffer_underrun_dynamic.c cppfunc 726 char** doubleptr=(char**) malloc(10* sizeof(char*)); doubleptr[i]=(char*) malloc(10*sizeof(char)); doubleptr[0][0]='T'; free(doubleptr[i]); free(doubleptr); 0 --------------------------------- 1939 153774/eng_table.c cppfunc 361 piffero_qualificator = getenv("UNIQUEST_NONPHILOLOGIC"); vereeniging_milanville = ((int )(strlen(piffero_qualificator))); guildford_epicier = ((char *)(malloc(vereeniging_milanville + 1))); memset(guildford_epicier,0,vereeniging_milanville + 1); memcpy(guildford_epicier,piffero_qualificator,vereeniging_milanville); rehood_satellitoid = &guildford_epicier; free(((char *)( *rehood_satellitoid))); 0 --------------------------------- 1940 70677/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_65.c cppfunc 184 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1941 152909/column-utils.c cppfunc 64 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1942 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 1943 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c cppfunc 371 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 1944 153015/cryptlib.c cppfunc 164 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1945 153015/cryptlib.c cppfunc 162 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1946 153271/types.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1947 153271/types.c cppfunc 50 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1948 153403/error.c cppfunc 125 int advoyer_pitzer = 596; stonesoup_read_taint(&lingulae_sulfated,"8294",advoyer_pitzer); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 1949 110341/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_51.c cppfunc 243 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_51b_goodG2BSink(data); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_51b_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1950 153702/config.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1951 153239/color.c cppfunc 145 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 1952 153702/config.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1953 153702/config.c cppfunc 95 size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1954 72851/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_04.c cppfunc 78 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 1955 70479/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53.c cppfunc 450 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1956 152878/color.c cppfunc 378 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 1957 67590/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_33.cpp cppfunc 133 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1958 70664/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_41.c cppfunc 258 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1959 153085/oids.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1960 153758/stream.c inputfunc 153 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&cycler_salicional,"GRATI_PENSEROSO"); if (cycler_salicional != 0) {; epitrope_regioide = ((void *)cycler_salicional); hanoi_convertibly = &epitrope_regioide; save_preinsure = hanoi_convertibly + 5; REINDEBTEDNESS_PRAYA(save_preinsure); void paragram_cancerin(void **lapidarian_allocheiria) REINDEBTEDNESS_PRAYA(save_preinsure); 0 --------------------------------- 1961 153393/pgstat.c cppfunc 296 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 1962 70517/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_32.c cppfunc 143 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1963 153393/pgstat.c cppfunc 298 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1964 70431/CWE122_Heap_Based_Buffer_Overflow__CWE135_53.c cppfunc 256 void CWE122_Heap_Based_Buffer_Overflow__CWE135_53d_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1965 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c cppfunc 97 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 1966 153009/utils.c cppfunc 118 int sexist_conglobulate = 1024; stonesoup_read_taint(&disenthrone_pachychilia,"7593",sexist_conglobulate); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 1967 110668/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_31.cpp cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1968 153419/avfilter.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 1969 153419/avfilter.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1970 153680/color.c cppfunc 342 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 1971 153597/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1972 153680/color.c cppfunc 340 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 1973 152952/resowner.c cppfunc 142 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1974 153597/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1975 66540/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_31.c cppfunc 29 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 1976 153108/color.c cppfunc 595 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *banshees_fastigiately; stonesoup_read_taint(&banshees_fastigiately,"DSEE_NGANHWEI"); free(((char *)banshees_fastigiately)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&banshees_fastigiately,"DSEE_NGANHWEI"); free(((char *)banshees_fastigiately)); 0 --------------------------------- 1977 67587/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_22.cpp cppfunc 79 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1978 199254/double_free.c cppfunc 59 char* ptr= (char*) malloc(10*sizeof(char)); for(i=0;i<10;i++) *(ptr+i)='a'; free(ptr); 0 --------------------------------- 1979 153402/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1980 70484/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_64.c cppfunc 342 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 1981 153402/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 1982 199234/buffer_overrun_dynamic.c cppfunc 41 short *buf=(short*) calloc(5,sizeof(short)); *(buf+4)=1; free(buf); 0 --------------------------------- 1983 153798/cmdline.c inputfunc 853 e = (getenv("VISUAL")); if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 1984 110491/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_63.c cppfunc 121 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_63b_badSink(int * dataPtr) int data = *dataPtr; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 1985 149080/scpy7-good.c cppfunc 47 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); if(strlen(str) >= MAXSIZE) { strcpy(buf, str); printf("result: %s\n", buf); free(buf); 0 --------------------------------- 1986 153142/tile.c cppfunc 84 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 1987 110383/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_34.c cppfunc 41 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 1988 1296/iquery-ok.c inputfunc 167 while (((c = fgetc(f)) != EOF) && (i < len)) { *msg++ = (u_char) c; fclose(f); hp = (HEADER *) msg; cp = msg + sizeof(HEADER); eom = msg + msglen; printf("opcode = %d\n",hp->opcode); req_iquery(hp, &cp, eom, &msglen, msg); req_iquery(HEADER *hp, u_char **cpp, u_char *eom, int *buflenp, u_char *msg) if ((n = dn_skipname(*cpp, eom)) < 0) { *cpp += n; GETSHORT(type, *cpp); *cpp += INT32SZ; GETSHORT(dlen, *cpp); *cpp += dlen; if (*cpp != eom) { fname = (char *)msg + HFIXEDSZ; alen = (char *)*cpp - fname; if ((size_t)alen > sizeof anbuf){ printf("Copying %d bytes from fname to anbuf which can store %d bytes\n", alen, sizeof(anbuf)); memcpy(anbuf, fname, alen); data = anbuf + alen - dlen; *cpp = (u_char *)fname; req_iquery(hp, &cp, eom, &msglen, msg); 0 --------------------------------- 1989 71426/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_21.c cppfunc 51 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 1990 73723/CWE124_Buffer_Underwrite__CWE839_listen_socket_51.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1991 72356/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_64.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1992 62988/CWE121_Stack_Based_Buffer_Overflow__CWE135_68.c cppfunc 164 void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_68_goodG2BData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 1993 62988/CWE121_Stack_Based_Buffer_Overflow__CWE135_68.c cppfunc 167 void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_68_goodG2BData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 1994 110811/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_22.cpp cppfunc 236 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 1995 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c cppfunc 96 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 1996 72298/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_43.cpp cppfunc 71 data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 1997 153159/timestamp.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 1998 153349/img2.c cppfunc 55 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 1999 153349/img2.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2000 66280/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_01.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2001 153394/error.c inputfunc 128 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&palateful_commendingly,"GITONIN_SUBSTANTIABLE"); if (palateful_commendingly != 0) {; 0 --------------------------------- 2002 153638/oids.c cppfunc 1403 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int politest_deathfulness = 91; char *splenectomy_firebaugh; stonesoup_read_taint(&splenectomy_firebaugh,"3930",politest_deathfulness); papery_overskim = splenectomy_firebaugh; belvidere_sidonia[ *( *( *( *( *( *( *( *( *( *friendsville_mydriatine)))))))))] = papery_overskim; tallaged_proegumenal = belvidere_sidonia[ *( *( *( *( *( *( *( *( *( *friendsville_mydriatine)))))))))]; rebutment_salema(jeffersontown_kingdomless,tallaged_proegumenal); rebutment_salema(slushiest_callo,dryden_twifoldly); void rebutment_salema(int slushiest_callo,snippier_leering dryden_twifoldly) free(((char *)dryden_twifoldly)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&splenectomy_firebaugh,"3930",politest_deathfulness); papery_overskim = splenectomy_firebaugh; belvidere_sidonia[ *( *( *( *( *( *( *( *( *( *friendsville_mydriatine)))))))))] = papery_overskim; tallaged_proegumenal = belvidere_sidonia[ *( *( *( *( *( *( *( *( *( *friendsville_mydriatine)))))))))]; rebutment_salema(jeffersontown_kingdomless,tallaged_proegumenal); 0 --------------------------------- 2003 67754/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_73.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2004 153394/error.c cppfunc 125 stonesoup_read_taint(&palateful_commendingly,"GITONIN_SUBSTANTIABLE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 2005 153657/pgstat.c inputfunc 487 if (recv(pgStatSock,(&test_byte),1,0) != 1) { test_byte++; if (test_byte != ((char )199)) { 0 --------------------------------- 2006 153250/color.c cppfunc 341 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2007 70943/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_16.c cppfunc 69 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 2008 73030/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_66.c cppfunc 125 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 2009 62752/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_81a.cpp cppfunc 178 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2010 72867/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22.c cppfunc 89 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_goodG2B2Source(char * data) data[0] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_goodG2B2Source(data); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2011 70667/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_44.c cppfunc 109 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2012 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c cppfunc 309 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2013 62580/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_17.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2014 72957/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_14.c cppfunc 93 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2015 153805/color.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2016 153471/mux.c cppfunc 469 int contractable_hoptoads = 596; char *countergauge_laggins; stonesoup_read_taint(&countergauge_laggins,"3876",contractable_hoptoads); blebs_outrolled = ((int )(strlen(countergauge_laggins))); varooms_stearn = ((char *)(malloc(blebs_outrolled + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&countergauge_laggins,"3876",contractable_hoptoads); blebs_outrolled = ((int )(strlen(countergauge_laggins))); varooms_stearn = ((char *)(malloc(blebs_outrolled + 1))); 0 --------------------------------- 2017 153428/utils.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2018 153810/pgstat.c cppfunc 270 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2019 67406/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_07.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2020 153373/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2021 69858/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_62.cpp cppfunc 58 data = (int *)malloc(10*sizeof(int)); memcpy(data, source, 10*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 2022 152940/cmdutils.c cppfunc 906 time_t now; time(&now); tm = localtime((&now)); 0 --------------------------------- 2023 152971/utils.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2024 152971/utils.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2025 153501/e_camellia.c cppfunc 343 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *bluffly_bluegums;; stonesoup_read_taint(&bluffly_bluegums,"CLYTIUS_DERMESTES"); multifarously_warbeck = ((int )(strlen(bluffly_bluegums))); memcpy(quaterion_congruence,bluffly_bluegums,multifarously_warbeck); free(((char *)bluffly_bluegums)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&bluffly_bluegums,"CLYTIUS_DERMESTES"); multifarously_warbeck = ((int )(strlen(bluffly_bluegums))); memcpy(quaterion_congruence,bluffly_bluegums,multifarously_warbeck); free(((char *)bluffly_bluegums)); 0 --------------------------------- 2026 63799/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_08.c cppfunc 111 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 2027 72432/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_17.c cppfunc 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2028 71495/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67.c cppfunc 166 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67_structType myStruct; data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67_structType myStruct) char * data = myStruct.structFirst; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 2029 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c inputfunc 119 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1_vasink(data, data); static void goodB2G1_vasink(char * data, ...) va_start(args, data); 0 --------------------------------- 2030 73083/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_74.cpp cppfunc 148 void badSink(map dataMap) char * data = dataMap[2]; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 2031 66244/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_13.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2032 67571/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_04.cpp cppfunc 102 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2033 72446/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52.c cppfunc 188 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52c_goodG2BSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2034 153642/tile-swap.c cppfunc 141 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2035 67582/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_15.cpp cppfunc 171 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2036 62987/CWE121_Stack_Based_Buffer_Overflow__CWE135_67.c cppfunc 154 void CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2037 62987/CWE121_Stack_Based_Buffer_Overflow__CWE135_67.c cppfunc 151 void CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 2038 63793/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_02.c cppfunc 75 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 2039 70985/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_10.c cppfunc 89 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2040 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c cppfunc 37 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 2041 153554/error.c cppfunc 102 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2042 153673/config.c cppfunc 83 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2043 62716/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_09.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2044 153559/avpacket.c cppfunc 472 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *agenizing_herschelian;; stonesoup_read_taint(&agenizing_herschelian,"BURKES_STORZ"); nonsludging_unridableness = agenizing_herschelian; underporter_sufflaminate = stoutish_missample(nonsludging_unridableness); byelovo_echo stoutish_missample(byelovo_echo outbringing_azotic) return outbringing_azotic; underporter_sufflaminate = stoutish_missample(nonsludging_unridableness); free(((char *)underporter_sufflaminate)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&agenizing_herschelian,"BURKES_STORZ"); nonsludging_unridableness = agenizing_herschelian; underporter_sufflaminate = stoutish_missample(nonsludging_unridableness); 0 --------------------------------- 2045 153105/portalmem.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2046 153105/portalmem.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2047 153105/portalmem.c cppfunc 118 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2048 153164/cmdline.c cppfunc 131 int sold_interarrival = 596; stonesoup_read_taint(&hackneyedly_farrow,"6352",sold_interarrival); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 2049 70520/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_41.c cppfunc 64 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2050 70650/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_11.c cppfunc 369 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2051 65193/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_02.c cppfunc 95 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 2052 110332/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_31.c cppfunc 149 data = 20; int dataCopy = data; int data = dataCopy; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2053 72213/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_65.c cppfunc 154 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_65b_goodG2BSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 2054 153638/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 2055 66240/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_09.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2056 153154/color.c cppfunc 351 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2057 153154/color.c cppfunc 353 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2058 152940/cmdutils.c cppfunc 1888 ung_isopolite = getenv("SKAGEN_HIGHFALUTINISM"); ethicoaesthetic_escrime = ((int )(strlen(ung_isopolite))); overpeck_elzevir = ((char *)(malloc(ethicoaesthetic_escrime + 1))); 0 --------------------------------- 2059 153009/utils.c cppfunc 4792 char *endptr; prog_id = (strtol(spec,&endptr,0)); if (( *(endptr++)) == ':') { int stream_idx = (strtol(endptr,((void *)0),0)); 0 --------------------------------- 2060 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c cppfunc 191 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 2061 153353/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2062 153353/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2063 199320/uninit_pointer.c cppfunc 349 s = (uninit_pointer_014_s_001 *)calloc(1,sizeof(uninit_pointer_014_s_001)); s->a = 10; s->b = 10; s->uninit = 10; s = (uninit_pointer_014_s_001 *)calloc(1,sizeof(uninit_pointer_014_s_001)); s->a = 20; s->b = 20; s->uninit = 20; uninit_pointer_014_func_001 (1); free(s); 0 --------------------------------- 2064 70487/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67.c cppfunc 317 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2065 153794/timestamp.c cppfunc 67 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2066 153775/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2067 153794/timestamp.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2068 72698/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_73.cpp cppfunc 149 void badSink(list dataList) wchar_t * data = dataList.back(); wcsncat(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 2069 71922/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_62.cpp cppfunc 76 data = NULL; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); void goodG2BSource(twoIntsStruct * &data) goodG2BSource(data); memmove(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 2070 148966/emem.c cppfunc 1032 va_list ap2; G_VA_COPY(ap2, ap); g_vsnprintf (dst, (gulong) len, fmt, ap2); va_end(ap2); 0 --------------------------------- 2071 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c cppfunc 53 char * *dataPtr2 = &data; char * data = *dataPtr2; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2072 70845/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_14.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2073 70952/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_41.c cppfunc 61 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_41_goodG2BSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 2074 72973/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_51.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_51b_badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2075 67758/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_83_bad.cpp cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2076 152951/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 2077 79434/CWE134_Uncontrolled_Format_String__char_console_printf_01.c inputfunc 89 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 2078 79503/CWE134_Uncontrolled_Format_String__char_console_snprintf_32.c inputfunc 48 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; *dataPtr1 = data; 0 --------------------------------- 2079 1300/recipient.c cppfunc 766 char *name; printf("finduser(%s): ", name); if ((pw = sm_getpwnam(name)) != NULL) *p = tolower(*p); for (p = name; *p != '\0'; p++) if (isascii(*p) && isupper(*p)) 0 --------------------------------- 2080 153635/string.c cppfunc 1122 jmp_buf mussman_tetrasporangium; kolsun_pigsty = setjmp(mussman_tetrasporangium); longjmp(mussman_tetrasporangium,1); 0 --------------------------------- 2081 66347/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22.c cppfunc 197 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22_goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 2082 67748/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_64.cpp inputfunc 98 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 2083 66252/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_31.c cppfunc 55 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2084 70534/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66.c cppfunc 183 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2085 153243/main_filter_toolbar.c cppfunc 237 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int simmers_ramsons = 40; char *scopiform_synchromist; stonesoup_read_taint(&scopiform_synchromist,"8430",simmers_ramsons); soaking_sestertius = ((int )(strlen(scopiform_synchromist))); memcpy(haematological_owercome,scopiform_synchromist,soaking_sestertius); free(((char *)scopiform_synchromist)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&scopiform_synchromist,"8430",simmers_ramsons); soaking_sestertius = ((int )(strlen(scopiform_synchromist))); memcpy(haematological_owercome,scopiform_synchromist,soaking_sestertius); free(((char *)scopiform_synchromist)); 0 --------------------------------- 2086 152883/avpacket.c cppfunc 414 jmp_buf utopist_isla; sleeplessness_sension = setjmp(utopist_isla); longjmp(utopist_isla,1); 0 --------------------------------- 2087 153323/resowner.c cppfunc 163 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2088 153323/resowner.c cppfunc 167 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2089 71410/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_03.c cppfunc 41 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 2090 69166/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_15.cpp cppfunc 107 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 2091 153550/stream.c cppfunc 106 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2092 153550/stream.c cppfunc 108 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2093 72074/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_73.cpp cppfunc 171 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2094 72363/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_74.cpp cppfunc 167 data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2095 67576/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_09.cpp cppfunc 152 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2096 73013/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_32.c cppfunc 73 char * *dataPtr2 = &data; char * data = *dataPtr2; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 2097 67579/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_12.cpp cppfunc 130 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2098 72862/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_15.c cppfunc 78 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2099 72372/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_05.c cppfunc 97 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2100 1295/create_iquery.c cppfunc 96 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); 0 --------------------------------- 2101 153011/eng_table.c cppfunc 346 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int mexico_shellmonger = 596; char *quebracho_archpriesthood; stonesoup_read_taint(&quebracho_archpriesthood,"9440",mexico_shellmonger); euktolite_yamshik = ((int )(strlen(quebracho_archpriesthood))); memcpy(repousse_casavant,quebracho_archpriesthood,euktolite_yamshik); free(((char *)quebracho_archpriesthood)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&quebracho_archpriesthood,"9440",mexico_shellmonger); euktolite_yamshik = ((int )(strlen(quebracho_archpriesthood))); memcpy(repousse_casavant,quebracho_archpriesthood,euktolite_yamshik); free(((char *)quebracho_archpriesthood)); 0 --------------------------------- 2102 153047/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2103 70452/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_05.c cppfunc 336 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2104 153450/oids.c cppfunc 927 debatter_suppertime = getenv("TRANSGRESSED_SULFONAL"); laicity_akutagawa = ((int )(strlen(debatter_suppertime))); waki_fritillaria = ((char *)(malloc(laicity_akutagawa + 1))); 0 --------------------------------- 2105 153143/utf.c cppfunc 97 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2106 153810/pgstat.c inputfunc 473 if (recv(pgStatSock,(&test_byte),1,0) != 1) { test_byte++; if (test_byte != ((char )199)) { 0 --------------------------------- 2107 66644/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_45.c cppfunc 49 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2108 67485/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_02.c cppfunc 76 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 2109 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c cppfunc 191 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 2110 71182/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_15.c cppfunc 105 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 2111 153241/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2112 153440/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2113 70429/CWE122_Heap_Based_Buffer_Overflow__CWE135_51.c cppfunc 163 void CWE122_Heap_Based_Buffer_Overflow__CWE135_51b_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2114 72117/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_65.c cppfunc 124 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_65b_badSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 2115 153184/cryptlib.c cppfunc 165 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2116 67589/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_32.cpp cppfunc 146 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2117 67412/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_13.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2118 153613/color.c cppfunc 352 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 2119 67516/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_15.c cppfunc 39 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_15_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_15_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 2120 62716/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_09.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2121 153322/color.c cppfunc 617 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *plagioclastic_bespake) free(((char *)plagioclastic_bespake)); 0 --------------------------------- 2122 72143/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_16.c cppfunc 42 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2123 66284/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_05.c cppfunc 68 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2124 148923/strutil.c cppfunc 796 convert_string_to_hex(const char *string, size_t *nbytes) p = &string[0]; c = *p++; if (isspace(c)) if (!isxdigit(c)) { 0 --------------------------------- 2125 72133/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_06.c cppfunc 100 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2126 72872/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_41.c cppfunc 59 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_41_goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2127 70504/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_09.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2128 62598/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_62.cpp cppfunc 222 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2129 70499/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_04.c cppfunc 43 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2130 72850/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_03.c cppfunc 71 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2131 72147/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22.c cppfunc 92 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2132 67511/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_10.c cppfunc 38 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_10_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_10_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 2133 153493/mem_dbg.c cppfunc 213 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2134 153002/hashfn.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2135 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c inputfunc 214 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodB2GSource(data); goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2136 66627/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_12.c cppfunc 68 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2137 153773/color.c cppfunc 346 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 2138 67329/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_42.c cppfunc 26 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 2139 66339/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_12.c cppfunc 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2140 79527/CWE134_Uncontrolled_Format_String__char_console_snprintf_82a.cpp inputfunc 91 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject->action(data); virtual void action(char * data) = 0; 0 --------------------------------- 2141 149042/red.c cppfunc 266 void print_buffer(FILE *fp, unsigned char *buf, int len) c = buf[i]; if (isprint(c)) 0 --------------------------------- 2142 153304/color.c cppfunc 336 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2143 153304/color.c cppfunc 338 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2144 152879/eng_table.c cppfunc 131 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2145 67599/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_53.cpp cppfunc 83 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2146 153498/mem_dbg.c cppfunc 242 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2147 153004/tile-manager.c cppfunc 778 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int overwheel_sober = 91; char *gronchi_unamusing; stonesoup_read_taint(&gronchi_unamusing,"5380",overwheel_sober); brakemaker_apyrexy = &gronchi_unamusing; free(((char *)( *brakemaker_apyrexy))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&gronchi_unamusing,"5380",overwheel_sober); brakemaker_apyrexy = &gronchi_unamusing; free(((char *)( *brakemaker_apyrexy))); 0 --------------------------------- 2148 71486/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52.c cppfunc 190 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52c_badSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 2149 72368/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_01.c cppfunc 58 data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2150 148923/strutil.c cppfunc 806 convert_string_to_hex(const char *string, size_t *nbytes) p = &string[0]; c = *p++; c = *p++; if (!isxdigit(c)) 0 --------------------------------- 2151 67445/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_82a.cpp cppfunc 49 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2152 73162/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_43.cpp cppfunc 69 data[50-1] = L'\0'; wcscpy(dest, data); printWLine(data); free(data); 0 --------------------------------- 2153 153495/timestamp.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2154 153793/color.c cppfunc 376 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2155 153793/color.c cppfunc 378 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2156 72840/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68.c cppfunc 151 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68_goodG2BData; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 2157 153084/stream.c cppfunc 141 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2158 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c inputfunc 145 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 2159 153154/color.c cppfunc 578 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int unlitigiously_lentic = 76; char *rhodochrosite_emballonurid; stonesoup_read_taint(&rhodochrosite_emballonurid,"6508",unlitigiously_lentic); free(((char *)rhodochrosite_emballonurid)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&rhodochrosite_emballonurid,"6508",unlitigiously_lentic); free(((char *)rhodochrosite_emballonurid)); 0 --------------------------------- 2160 67716/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_05.cpp inputfunc 215 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 2161 70672/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54.c cppfunc 585 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2162 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c cppfunc 122 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 2163 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c cppfunc 125 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2164 148828/Element.cpp cppfunc 490 if (FrameView* view = document()->view()) { IntRect visibleContentRect = view->visibleContentRect(); quads[i].move(-visibleContentRect.x(), -visibleContentRect.y()); 0 --------------------------------- 2165 153781/emem.c inputfunc 297 ep_packet_mem . debug_verify_pointers = getenv("WIRESHARK_EP_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 2166 153781/emem.c inputfunc 296 ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 2167 67512/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_11.c cppfunc 85 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 2168 1299/recipient-bad.c cppfunc 264 char *name; pw=getpwnam(name); *p = tolower(*p); for (p = name; *p != '\0'; p++) if (isascii((int)*p) && isupper((int)*p)) 0 --------------------------------- 2169 73045/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_06.c cppfunc 91 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 2170 73058/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_21.c cppfunc 88 data = (char *)malloc(100*sizeof(char)); data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 2171 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c cppfunc 509 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53c_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53d_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53d_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2172 72770/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_21.c cppfunc 121 static wchar_t * goodG2B2Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = goodG2B2Source(data); data[50-1] = L'\0'; return data; data = goodG2B2Source(data); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 2173 153801/tile-manager.c cppfunc 50 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2174 71438/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_52.c cppfunc 192 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 2175 153668/error.c cppfunc 112 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2176 69733/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_06.cpp cppfunc 95 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 2177 153749/color.c cppfunc 341 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 2178 66534/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_15.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2179 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c cppfunc 319 char * data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68_badData; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2180 66551/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2181 1291/create_msg_file.c cppfunc 96 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); 0 --------------------------------- 2182 152926/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2183 153000/color.c cppfunc 606 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int caving_preultimate = 105; char *antielectron_hystericky; stonesoup_read_taint(&antielectron_hystericky,"4528",caving_preultimate); free(((char *)antielectron_hystericky)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&antielectron_hystericky,"4528",caving_preultimate); free(((char *)antielectron_hystericky)); 0 --------------------------------- 2184 152926/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2185 152926/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2186 148966/tvbuff.c cppfunc 1383 IEEE_DP_MANTISSA_WIDTH; exponent = ((exponent >> IEEE_DP_MANTISSA_WIDTH) - IEEE_DP_BIAS) - return -mantissa * pow(2, exponent); return get_ieee_double(ieee_fp_union.dw); return get_ieee_double(ieee_fp_union.dw); get_ieee_double(const guint64 w) exponent = w & IEEE_DP_EXPONENT_MASK; exponent = ((exponent >> IEEE_DP_MANTISSA_WIDTH) - IEEE_DP_BIAS) - return -mantissa * pow(2, exponent); 0 --------------------------------- 2187 148966/tvbuff.c cppfunc 1385 IEEE_DP_MANTISSA_WIDTH; exponent = ((exponent >> IEEE_DP_MANTISSA_WIDTH) - IEEE_DP_BIAS) - return mantissa * pow(2, exponent); return get_ieee_double(ieee_fp_union.dw); return get_ieee_double(ieee_fp_union.dw); get_ieee_double(const guint64 w) exponent = w & IEEE_DP_EXPONENT_MASK; exponent = ((exponent >> IEEE_DP_MANTISSA_WIDTH) - IEEE_DP_BIAS) - return mantissa * pow(2, exponent); 0 --------------------------------- 2188 62583/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22.c inputfunc 96 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_goodB2G2Sink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_goodB2G2Sink(int data); 0 --------------------------------- 2189 153768/avpacket.c cppfunc 80 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2190 71113/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_72.cpp cppfunc 175 vector dataVector; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 2191 71173/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_06.c cppfunc 76 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 2192 199276/invalid_memory_access.c cppfunc 156 return (count * invalid_memory_access_005(count-1)); invalid_memory_access_005 (5); int invalid_memory_access_005 (int count) ptr = (int *) calloc (count,sizeof(int)); *(ptr+(count-1)) = 5*count; free(ptr); 0 --------------------------------- 2193 199276/invalid_memory_access.c cppfunc 152 ptr = (int *) calloc (count,sizeof(int)); *(ptr+(count-1)) = 5*count; return (count * invalid_memory_access_005(count-1)); int invalid_memory_access_005 (int count) ptr = (int *) calloc (count,sizeof(int)); 0 --------------------------------- 2194 199234/buffer_overrun_dynamic.c cppfunc 462 char *buf=(char*) calloc(5,sizeof(char)); buf[i]='1'; free(buf); 0 --------------------------------- 2195 72410/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_73.cpp cppfunc 149 void badSink(list dataList) char * data = dataList.back(); strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2196 153445/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2197 152971/utils.c cppfunc 4840 char *endptr; prog_id = (strtol(spec,&endptr,0)); if (( *(endptr++)) == ':') { int stream_idx = (strtol(endptr,((void *)0),0)); 0 --------------------------------- 2198 153533/dirent_uri.c cppfunc 88 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2199 153533/dirent_uri.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2200 153203/tile-manager.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2201 70523/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_44.c cppfunc 107 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2202 110340/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_45.c cppfunc 148 int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_45_goodG2BData; data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_45_goodG2BData = data; goodG2BSink(); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2203 71401/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_72.cpp cppfunc 150 void badSink(vector dataVector) char * data = dataVector[2]; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 2204 153177/portalmem.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2205 70527/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53.c cppfunc 284 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2206 152947/pmsignal.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2207 152947/pmsignal.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2208 153775/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2209 70509/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_14.c cppfunc 181 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2210 153307/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2211 66532/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_13.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2212 62737/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_51.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2213 110537/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_61.c cppfunc 91 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_61b_goodG2BSource(data); data = 20; return data; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2214 70425/CWE122_Heap_Based_Buffer_Overflow__CWE135_42.c cppfunc 107 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; return data; data = goodB2GSource(data); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2215 66343/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_16.c cppfunc 62 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 2216 110814/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_33.cpp cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2217 62587/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_34.c cppfunc 42 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2218 73316/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_73.cpp cppfunc 144 void badSink(list dataList) int64_t * data = dataList.back(); printLongLongLine(*data); free(data); 0 --------------------------------- 2219 153104/color.c cppfunc 380 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 2220 148828/RenderListMarker.cpp cppfunc 1006 void RenderListMarker::paint(PaintInfo& paintInfo, int tx, int ty) marker.move(tx, ty); paintCustomHighlight(tx, ty, style()->highlight(), true); selRect.move(tx, ty); 0 --------------------------------- 2221 153053/img2.c cppfunc 71 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2222 153773/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2223 153773/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2224 110493/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_65.c cppfunc 124 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_65b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2225 153773/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2226 153089/string.c cppfunc 58 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2227 199236/buffer_underrun_dynamic.c cppfunc 77 int *buf=(int*) calloc(5,sizeof(int)); *(buf-0) = 1; free(buf); 0 --------------------------------- 2228 72353/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_61.c cppfunc 59 data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_61b_goodG2BSource(data); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2229 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81a.cpp inputfunc 38 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject.action(data); virtual void action(char * data) const = 0; 0 --------------------------------- 2230 72309/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_65.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_65b_badSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2231 67713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_02.cpp cppfunc 195 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2232 70671/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53.c cppfunc 539 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2233 72334/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_15.c cppfunc 76 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2234 153635/string.c cppfunc 1176 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); bioplasmic_devisable[1] = 5; toleware_pseudo = *(orlops_musha + bioplasmic_devisable[1]); free(((char *)toleware_pseudo[3])); void stonesoup_handle_taint(char *continuousness_attaches) tetralogue_compositae[3] = continuousness_attaches; orlops_musha[5] = tetralogue_compositae; toleware_pseudo = *(orlops_musha + bioplasmic_devisable[1]); free(((char *)toleware_pseudo[3])); 0 --------------------------------- 2235 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c cppfunc 90 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 2236 110513/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_10.c cppfunc 166 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2237 79431/CWE134_Uncontrolled_Format_String__char_console_fprintf_82a.cpp inputfunc 91 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject->action(data); virtual void action(char * data) = 0; 0 --------------------------------- 2238 153616/mux.c cppfunc 105 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2239 67420/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_31.c cppfunc 54 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2240 153356/color.c cppfunc 362 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2241 153356/color.c cppfunc 364 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2242 66365/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_65.c cppfunc 40 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2243 110508/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_05.c cppfunc 86 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2244 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c cppfunc 448 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodG2BVaSink(data, data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2245 66274/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_73.cpp cppfunc 148 void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 2246 110544/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_68.c cppfunc 266 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_68_goodG2BData = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_68b_goodG2BSink(); int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_68_goodG2BData; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2247 79469/CWE134_Uncontrolled_Format_String__char_console_printf_63.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_63b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_printf_63b_badSink(char * * dataPtr); CWE134_Uncontrolled_Format_String__char_console_printf_63b_badSink(&data); 0 --------------------------------- 2248 72999/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_08.c cppfunc 101 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 2249 153822/config_file.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2250 199276/invalid_memory_access.c cppfunc 216 char **ptr = (char**) malloc(5*sizeof(char*)); ptr[i]=(char*) malloc(15*sizeof(char)); ptr[i] = NULL; free(ptr); 0 --------------------------------- 2251 153793/color.c cppfunc 609 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int ziara_demidoctor = 40; char *unpainted_overpay; stonesoup_read_taint(&unpainted_overpay,"3086",ziara_demidoctor); free(((char *)unpainted_overpay)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&unpainted_overpay,"3086",ziara_demidoctor); free(((char *)unpainted_overpay)); 0 --------------------------------- 2252 153408/heapam.c cppfunc 5286 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_printf("String is too short to test\n"); } stonesoup_printf("mod is false\n"); void stonesoup_get_function(int len, fptr * modulus_function) { stonesoup_printf("mod is false\n"); 0 --------------------------------- 2253 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c cppfunc 135 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 2254 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c cppfunc 132 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 2255 153288/color.c cppfunc 363 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2256 153288/color.c cppfunc 365 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2257 71421/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_14.c cppfunc 96 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 2258 153219/color.c cppfunc 363 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 2259 152903/color.c cppfunc 373 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 2260 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c cppfunc 263 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 2261 63446/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_15.c cppfunc 80 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 2262 62577/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_14.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2263 70679/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67.c cppfunc 343 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2264 70932/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_05.c cppfunc 79 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 2265 153177/portalmem.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2266 73700/CWE124_Buffer_Underwrite__CWE839_listen_socket_07.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2267 69208/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_09.cpp cppfunc 96 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 2268 153177/portalmem.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2269 72981/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_65.c cppfunc 124 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_65b_badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2270 153082/config.c cppfunc 108 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2271 153270/dynahash.c cppfunc 807 char *valeted_epitaphize; stonesoup_read_taint(&valeted_epitaphize,"NONIMMIGRANT_QUINCUNXES"); overtaxation_tantaluses = ((int )(strlen(valeted_epitaphize))); gloom_ungnawed = ((char *)(malloc(overtaxation_tantaluses + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&valeted_epitaphize,"NONIMMIGRANT_QUINCUNXES"); overtaxation_tantaluses = ((int )(strlen(valeted_epitaphize))); gloom_ungnawed = ((char *)(malloc(overtaxation_tantaluses + 1))); 0 --------------------------------- 2272 153627/e_bf.c cppfunc 153 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 2273 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c cppfunc 147 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 2274 71367/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_08.c cppfunc 85 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 2275 153743/stream.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2276 62599/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_63.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2277 71415/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_08.c cppfunc 87 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 2278 67410/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_11.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2279 73177/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_72.cpp cppfunc 165 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(dest, data); printWLine(data); free(data); 0 --------------------------------- 2280 70502/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_07.c cppfunc 154 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2281 152907/mutex.c cppfunc 69 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2282 71460/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_05.c cppfunc 84 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 2283 152907/mutex.c cppfunc 67 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2284 153813/config.c cppfunc 109 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2285 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c inputfunc 121 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2286 153813/config.c cppfunc 107 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2287 71444/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_64.c cppfunc 148 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 2288 70514/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_21.c cppfunc 138 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2289 153468/utils.c cppfunc 4788 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; sid = (strtol(spec + 1,&endptr,0)); 0 --------------------------------- 2290 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c cppfunc 258 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G2_vasink(data, data); static void goodB2G2_vasink(char * data, ...) va_start(args, data); 0 --------------------------------- 2291 152937/mutex.c cppfunc 67 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2292 70499/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_04.c cppfunc 155 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2293 152937/mutex.c cppfunc 65 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(pentelic_abyssolith)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2294 153490/tile-swap.c cppfunc 603 jmp_buf opalesque_amnesia; unclergyable_headwater = setjmp(opalesque_amnesia); longjmp(opalesque_amnesia,1); 0 --------------------------------- 2295 153781/emem.c inputfunc 312 se_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_SE_NO_CHUNKS") == ((void *)0); se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 2296 153781/emem.c inputfunc 314 se_packet_mem . debug_verify_pointers = getenv("WIRESHARK_SE_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 2297 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c cppfunc 237 CWE134_Uncontrolled_Format_String__char_console_vfprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_goodB2GSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_goodB2GSink(CWE134_Uncontrolled_Format_String__char_console_vfprintf_67_structType myStruct) char * data = myStruct.structFirst; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2298 72777/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_42.c cppfunc 32 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 2299 153041/resowner.c cppfunc 708 char *conglobulate_tauchnitz; stonesoup_read_taint(&conglobulate_tauchnitz,"REBBA_BRACHIOTOMY"); hirling_morcha = ((int )(strlen(conglobulate_tauchnitz))); sergeantship_nondoubting = ((char *)(malloc(hirling_morcha + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&conglobulate_tauchnitz,"REBBA_BRACHIOTOMY"); hirling_morcha = ((int )(strlen(conglobulate_tauchnitz))); sergeantship_nondoubting = ((char *)(malloc(hirling_morcha + 1))); 0 --------------------------------- 2300 152923/portalmem.c inputfunc 153 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hyperopia_hamburg,"GOVERNABILITY_TOLING"); if (hyperopia_hamburg != 0) {; warriorwise_ratoon = ((void *)hyperopia_hamburg); AGPAITIC_DERMOHEMAL(warriorwise_ratoon); void dacryolite_emissaria(void *pyridone_aguamiel) AGPAITIC_DERMOHEMAL(warriorwise_ratoon); 0 --------------------------------- 2301 67438/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_66.c cppfunc 54 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2302 72398/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52.c cppfunc 188 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52c_goodG2BSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2303 71195/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_44.c cppfunc 65 static void goodG2BSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 2304 66238/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_07.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2305 70852/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_31.c cppfunc 68 data = (char *)malloc((10+1)*sizeof(char)); char * dataCopy = data; char * data = dataCopy; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2306 72178/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_03.c cppfunc 99 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 2307 152882/subtrans.c cppfunc 299 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *causeways_proprietarian; stonesoup_read_taint(&causeways_proprietarian,"PACIFYING_LEISURELESS"); pazia_boroglycerine = ((int )(strlen(causeways_proprietarian))); unsticked_hoplonemertea = ((char *)(malloc(pazia_boroglycerine + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&causeways_proprietarian,"PACIFYING_LEISURELESS"); pazia_boroglycerine = ((int )(strlen(causeways_proprietarian))); unsticked_hoplonemertea = ((char *)(malloc(pazia_boroglycerine + 1))); 0 --------------------------------- 2308 72134/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_07.c cppfunc 102 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2309 153521/mutex.c cppfunc 210 void arette_ulla(union strigous_newsier unmusical_matoke) free(((char *)unmusical_matoke . cherkesser_usneaceae)); void stonesoup_handle_taint(char *underjanitor_tinkerly) union strigous_newsier parasyntheton_invades; parasyntheton_invades . cherkesser_usneaceae = underjanitor_tinkerly; toothily_unadhesive[5] = parasyntheton_invades; glenmora_fanioned = 5; overdignity_unslandered = &glenmora_fanioned; shirtless_prelawfulness = *(toothily_unadhesive + *overdignity_unslandered); CHRISTIES_TRICHI(shirtless_prelawfulness); 0 --------------------------------- 2310 67407/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_08.c cppfunc 94 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2311 153607/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2312 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c cppfunc 132 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2313 67574/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_07.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2314 152920/oids.c cppfunc 128 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2315 72699/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_74.cpp cppfunc 167 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncat(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 2316 72376/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_09.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2317 72313/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_72.cpp cppfunc 149 void badSink(vector dataVector) char * data = dataVector[2]; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2318 72682/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_43.cpp cppfunc 71 data[50-1] = L'\0'; wcsncat(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 2319 153399/cmdline.c inputfunc 133 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&rld_bushido,"REVERTIBILITY_MER"); if (rld_bushido != 0) {; 0 --------------------------------- 2320 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c cppfunc 132 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2321 70412/CWE122_Heap_Based_Buffer_Overflow__CWE135_13.c cppfunc 83 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2322 72999/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_08.c cppfunc 81 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 2323 66621/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_06.c cppfunc 70 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2324 67608/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_68.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2325 67757/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_82a.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2326 153033/color.c cppfunc 344 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2327 153033/color.c cppfunc 342 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2328 72173/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_82_bad.cpp cppfunc 34 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2329 70994/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_21.c cppfunc 117 static wchar_t * goodG2B2Source(wchar_t * data) data = NULL; data = goodG2B2Source(data); data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; data = goodG2B2Source(data); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2330 70653/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_14.c cppfunc 458 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2331 73694/CWE124_Buffer_Underwrite__CWE839_listen_socket_01.c cppfunc 208 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2332 71199/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53.c cppfunc 255 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53d_goodG2BSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 2333 70647/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_08.c cppfunc 275 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2334 153323/resowner.c cppfunc 1164 union tardive_finner warworn_warstles = {0}; va_list moider_spithame; __builtin_va_start(moider_spithame,lighterful_empiricists); warworn_warstles = (va_arg(moider_spithame,union tardive_finner )); free(((char *)warworn_warstles . durion_holdback)); 0 --------------------------------- 2335 153467/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2336 71425/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_18.c cppfunc 66 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 2337 70778/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_73.cpp cppfunc 156 void badSink(list dataList) char * data = dataList.back(); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2338 153286/mux.c cppfunc 917 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int klangfarbe_altropathy = 105; char *ludicrousness_fessed; stonesoup_read_taint(&ludicrousness_fessed,"4581",klangfarbe_altropathy); omnivident_dodds = ((int )(strlen(ludicrousness_fessed))); memcpy(gillaroo_photosynthesize,ludicrousness_fessed,omnivident_dodds); free(((char *)ludicrousness_fessed)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&ludicrousness_fessed,"4581",klangfarbe_altropathy); omnivident_dodds = ((int )(strlen(ludicrousness_fessed))); memcpy(gillaroo_photosynthesize,ludicrousness_fessed,omnivident_dodds); free(((char *)ludicrousness_fessed)); 0 --------------------------------- 2339 153402/color.c cppfunc 637 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int sikimi_illawarra = 44; char *ruches_matronna; stonesoup_read_taint(&ruches_matronna,"4477",sikimi_illawarra); free(((char *)ruches_matronna)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&ruches_matronna,"4477",sikimi_illawarra); free(((char *)ruches_matronna)); 0 --------------------------------- 2340 72399/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53.c cppfunc 220 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53d_badSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2341 153007/tile.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2342 153369/color.c cppfunc 120 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(unpropagable_cryosurgical)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2343 153369/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2344 153007/tile.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2345 71364/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_05.c cppfunc 100 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 2346 153280/hashfn.c cppfunc 83 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2347 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c cppfunc 99 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2348 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c cppfunc 96 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 2349 66592/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_41.c cppfunc 40 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2350 62713/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_06.c cppfunc 297 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2351 153017/cryptlib.c cppfunc 834 union penroseite_sigmoidopexy rauque_hontish = {0}; va_list stateable_coheirs; __builtin_va_start(stateable_coheirs,antioptimistic_polybromide); rauque_hontish = (va_arg(stateable_coheirs,union penroseite_sigmoidopexy )); free(((char *)rauque_hontish . firetop_cytotropic)); 0 --------------------------------- 2352 70842/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_11.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2353 67401/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_02.c cppfunc 80 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2354 153821/heapam.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2355 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c inputfunc 42 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_52b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_52b_badSink(char * data); 0 --------------------------------- 2356 153334/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2357 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c cppfunc 591 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 2358 153810/pgstat.c inputfunc 3290 if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { switch(fgetc(fpin)){ if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 2359 66580/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_13.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2360 153334/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2361 153427/utils.c cppfunc 109 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2362 153427/utils.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2363 71433/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_42.c cppfunc 44 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 2364 110656/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_09.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2365 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c cppfunc 181 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 2366 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c cppfunc 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 2367 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c cppfunc 144 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 2368 62731/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_34.c cppfunc 225 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2369 67723/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_12.cpp cppfunc 301 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2370 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c cppfunc 146 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 2371 72723/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22.c cppfunc 86 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B2Source(data); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 2372 153004/tile-manager.c cppfunc 81 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2373 153356/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2374 153793/color.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2375 153793/color.c cppfunc 107 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2376 66576/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_09.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2377 152870/stream.c cppfunc 129 stonesoup_read_taint(&concentration_bottega,"NORRY_DACTYLOMEGALY"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 2378 153443/aviobuf.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2379 72678/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_33.cpp cppfunc 68 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcsncat(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 2380 148923/strutil.c cppfunc 507 uri_str_to_bytes(const char *uri_str, GByteArray *bytes) { p = (const guchar *)uri_str; if (! isascii(*p) || ! isprint(*p)) p++; p++; p++; if (! isascii(*p) || ! isprint(*p)) 0 --------------------------------- 2381 72374/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_07.c cppfunc 96 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2382 70457/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_10.c cppfunc 236 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2383 70983/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_08.c cppfunc 103 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2384 66330/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_03.c cppfunc 66 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2385 73536/CWE123_Write_What_Where_Condition__listen_socket_62.cpp cppfunc 233 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2386 110320/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_09.c cppfunc 179 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2387 72507/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_74.cpp cppfunc 154 void badSink(map dataMap) char * data = dataMap[2]; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 0 --------------------------------- 2388 153783/string.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2389 153783/string.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2390 72788/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_64.c cppfunc 154 data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 2391 72430/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_15.c cppfunc 103 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2392 70911/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53.c cppfunc 255 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53d_goodG2BSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2393 153406/subtrans.c cppfunc 424 jmp_buf internunciatory_energetics; clef_panzootic = setjmp(internunciatory_energetics); longjmp(internunciatory_energetics,1); 0 --------------------------------- 2394 153384/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2395 153384/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2396 69160/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_09.cpp cppfunc 94 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 2397 72416/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_01.c cppfunc 58 data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2398 70870/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_66.c cppfunc 134 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2399 70746/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_11.c cppfunc 70 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2400 153260/bio_err.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2401 153260/bio_err.c cppfunc 107 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2402 153260/bio_err.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2403 153037/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2404 62751/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_74.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2405 153623/ffmpeg.c cppfunc 375 signal(3,sigterm_handler); signal(2,sigterm_handler); signal(15,sigterm_handler); signal(24,sigterm_handler); 0 --------------------------------- 2406 110401/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_72.cpp cppfunc 163 void badSink(vector dataVector) int data = dataVector[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2407 70755/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22.c cppfunc 70 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B1Source(data); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2408 70483/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_63.c cppfunc 301 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2409 72429/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_14.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2410 72362/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_73.cpp cppfunc 149 void badSink(list dataList) char * data = dataList.back(); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2411 79493/CWE134_Uncontrolled_Format_String__char_console_snprintf_12.c inputfunc 111 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 2412 70505/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_10.c cppfunc 228 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2413 73034/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_73.cpp cppfunc 165 list dataList; data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 2414 70410/CWE122_Heap_Based_Buffer_Overflow__CWE135_11.c cppfunc 83 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2415 110506/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_03.c cppfunc 192 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2416 152940/cmdutils.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2417 153819/color.c cppfunc 360 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 2418 153515/color.c cppfunc 364 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2419 72287/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_16.c cppfunc 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2420 110528/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_41.c cppfunc 94 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2421 153085/oids.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2422 69887/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_16.cpp cppfunc 59 data = new wchar_t[100]; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 2423 153590/utf.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2424 148916/strutil.c cppfunc 633 oid_str_to_bytes(const char *oid_str, GByteArray *bytes) { p = oid_str; if (!isdigit((guchar)*p) && (*p != '.')) return FALSE; 0 --------------------------------- 2425 70453/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_06.c cppfunc 382 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2426 153739/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2427 153612/tile-swap.c cppfunc 150 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2428 62597/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_61.c cppfunc 184 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2429 153778/tile-manager.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2430 153778/tile-manager.c cppfunc 64 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2431 66318/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_66.c cppfunc 54 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2432 72424/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_09.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2433 153585/color.c cppfunc 377 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 2434 70406/CWE122_Heap_Based_Buffer_Overflow__CWE135_07.c cppfunc 177 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2435 72181/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_06.c cppfunc 81 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 2436 153746/color.c cppfunc 357 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 2437 153058/avfilter.c inputfunc 104 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hellfires_rauraci,"OSTERHUS_SUPERPOSED"); if (hellfires_rauraci != 0) {; 0 --------------------------------- 2438 153058/avfilter.c cppfunc 101 stonesoup_read_taint(&hellfires_rauraci,"OSTERHUS_SUPERPOSED"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 2439 70920/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68.c cppfunc 139 char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68_badData; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2440 199236/buffer_underrun_dynamic.c cppfunc 579 ptr1[11]='\0'; ptr1[i]='a'; memcpy(ptr2,ptr1,12); free(ptr1); 0 --------------------------------- 2441 67488/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_05.c cppfunc 82 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 2442 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c cppfunc 99 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2443 72155/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_44.c cppfunc 33 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2444 153108/color.c cppfunc 376 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 2445 73010/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_21.c cppfunc 88 data = (char *)malloc(100*sizeof(char)); data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 2446 153093/main_filter_toolbar.c cppfunc 253 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int dimpling_ellicott = 596; char *collochemistry_selflike; stonesoup_read_taint(&collochemistry_selflike,"7938",dimpling_ellicott); spikelet_scripturism[2] = collochemistry_selflike; adonia_nonparty = invoicing_homeowners(spikelet_scripturism); char **invoicing_homeowners(char **pittsview_castane) return pittsview_castane; adonia_nonparty = invoicing_homeowners(spikelet_scripturism); free(((char *)adonia_nonparty[2])); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&collochemistry_selflike,"7938",dimpling_ellicott); spikelet_scripturism[2] = collochemistry_selflike; adonia_nonparty = invoicing_homeowners(spikelet_scripturism); 0 --------------------------------- 2447 153720/resowner.c cppfunc 171 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2448 153017/cryptlib.c cppfunc 205 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2449 72354/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_62.cpp cppfunc 62 data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2450 153239/color.c cppfunc 350 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2451 153239/color.c cppfunc 352 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2452 62564/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_01.c cppfunc 109 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2453 153345/eng_table.c cppfunc 122 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2454 65154/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_03.c cppfunc 71 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 2455 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c cppfunc 81 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2456 67609/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_72.cpp cppfunc 97 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2457 153523/avdevice.c cppfunc 214 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; union desc_pretrying tachypnoeic_prorata; int reposition_elephantoid = 596; char *russomania_unorderable;; stonesoup_read_taint(&russomania_unorderable,"9420",reposition_elephantoid); tachypnoeic_prorata . antaranga_vanquishable = russomania_unorderable; bediapers_collochemistry[5] = tachypnoeic_prorata; misteacher_faso = 5; heterochromic_jacobitely = &misteacher_faso; unbarricadoed_bretelle = *(bediapers_collochemistry + *heterochromic_jacobitely); inferiors_absorptiometer(squareflipper_bondless,unbarricadoed_bretelle); void inferiors_absorptiometer(int grossification_emergently,union desc_pretrying phosphoresce_polyphonies) free(((char *)phosphoresce_polyphonies . antaranga_vanquishable)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&russomania_unorderable,"9420",reposition_elephantoid); tachypnoeic_prorata . antaranga_vanquishable = russomania_unorderable; unbarricadoed_bretelle = *(bediapers_collochemistry + *heterochromic_jacobitely); inferiors_absorptiometer(squareflipper_bondless,unbarricadoed_bretelle); 0 --------------------------------- 2458 70414/CWE122_Heap_Based_Buffer_Overflow__CWE135_15.c cppfunc 101 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2459 153443/aviobuf.c cppfunc 96 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2460 153443/aviobuf.c cppfunc 94 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(alfurese_unhypothetical)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2461 72138/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_11.c cppfunc 96 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2462 72435/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22.c cppfunc 86 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_goodG2B2Source(data); strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2463 62990/CWE121_Stack_Based_Buffer_Overflow__CWE135_73.cpp cppfunc 198 list dataList; data = (void *)WIDE_STRING; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodB2GSink(dataList); void goodB2GSink(list dataList) void * data = dataList.back(); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2464 73709/CWE124_Buffer_Underwrite__CWE839_listen_socket_16.c cppfunc 188 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2465 66328/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_01.c cppfunc 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2466 153440/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2467 70419/CWE122_Heap_Based_Buffer_Overflow__CWE135_22.c cppfunc 226 void CWE122_Heap_Based_Buffer_Overflow__CWE135_22_goodB2G2Sink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2468 153393/pgstat.c cppfunc 399 struct addrinfo *addrs = ((void *)0); ret = pg_getaddrinfo_all("localhost",((void *)0),(&hints),&addrs); for (addr = addrs; addr; addr = addr -> ai_next) { if ((pgStatSock = socket(addr -> ai_family,SOCK_DGRAM,0)) == - 1) { if (bind(pgStatSock,(addr -> ai_addr),addr -> ai_addrlen) < 0) { 0 --------------------------------- 2469 153671/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2470 72150/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_33.cpp cppfunc 44 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2471 153402/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2472 72111/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53.c cppfunc 239 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53d_goodG2BSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 2473 153805/color.c cppfunc 117 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2474 153805/color.c cppfunc 119 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2475 67311/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_08.c cppfunc 45 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2476 153601/color.c cppfunc 596 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int reiced_sealant = 44; char *reprotest_tigerfishes; stonesoup_read_taint(&reprotest_tigerfishes,"7362",reiced_sealant); free(((char *)reprotest_tigerfishes)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&reprotest_tigerfishes,"7362",reiced_sealant); free(((char *)reprotest_tigerfishes)); 0 --------------------------------- 2477 153479/file_wrappers.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2478 153194/tile-manager.c cppfunc 741 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *lipwork_drowsiest; stonesoup_read_taint(&lipwork_drowsiest,"PERISTEROPODAN_MARCHMAN"); diatribist_semipsychologic = ((int )(strlen(lipwork_drowsiest))); memcpy(vasomotorial_tyrrhus,lipwork_drowsiest,diatribist_semipsychologic); free(((char *)lipwork_drowsiest)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&lipwork_drowsiest,"PERISTEROPODAN_MARCHMAN"); diatribist_semipsychologic = ((int )(strlen(lipwork_drowsiest))); memcpy(vasomotorial_tyrrhus,lipwork_drowsiest,diatribist_semipsychologic); free(((char *)lipwork_drowsiest)); 0 --------------------------------- 2479 110392/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2480 71490/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_62.cpp cppfunc 70 data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 2481 153355/subtrans.c cppfunc 105 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2482 152906/tile.c cppfunc 64 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2483 152906/tile.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2484 153074/utils.c cppfunc 4794 char *endptr; prog_id = (strtol(spec,&endptr,0)); if (( *(endptr++)) == ':') { int stream_idx = (strtol(endptr,((void *)0),0)); 0 --------------------------------- 2485 110399/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67.c cppfunc 173 CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67_structType myStruct; data = 20; myStruct.structFirst = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67b_goodG2BSink(myStruct); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67b_goodG2BSink(CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67_structType myStruct) int data = myStruct.structFirst; intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2486 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c cppfunc 231 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 2487 72786/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_62.cpp cppfunc 66 data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 2488 153212/utils.c cppfunc 4250 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; const char *col; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { if ((col = (strchr(p,':'))) && col < ls) { *port_ptr = atoi(col + 1); 0 --------------------------------- 2489 153036/string.c cppfunc 1152 struct salten_homosassa preciosities_demophobe = {0}; va_list discoloring_enlisted; __builtin_va_start(discoloring_enlisted,hesychast_infantive); preciosities_demophobe = (va_arg(discoloring_enlisted,struct salten_homosassa )); TORBAY_ABORTS(preciosities_demophobe); void floorboards_yugoslav(struct salten_homosassa bonesteel_overswarm) free(((char *)bonesteel_overswarm . lusterlessness_lithophile)); 0 --------------------------------- 2490 72954/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_11.c cppfunc 93 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2491 67415/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_16.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 2492 72085/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_06.c cppfunc 75 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 2493 62568/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_05.c cppfunc 93 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2494 62568/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_05.c inputfunc 90 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 2495 73695/CWE124_Buffer_Underwrite__CWE839_listen_socket_02.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2496 69153/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_02.cpp cppfunc 94 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 2497 153799/conf_mod.c cppfunc 156 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2498 110507/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_04.c cppfunc 86 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2499 67506/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_05.c cppfunc 91 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 2500 72179/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_04.c cppfunc 106 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 2501 79517/CWE134_Uncontrolled_Format_String__char_console_snprintf_63.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_63b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_63b_goodB2GSink(char * * dataPtr) CWE134_Uncontrolled_Format_String__char_console_snprintf_63b_goodB2GSink(&data); char * data = *dataPtr; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 2502 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c cppfunc 150 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2503 66628/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_13.c cppfunc 86 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2504 70966/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_66.c cppfunc 152 data = (char *)malloc((10+1)*sizeof(char)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 2505 72602/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_73.cpp cppfunc 149 void badSink(list dataList) wchar_t * data = dataList.back(); memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 2506 153642/tile-swap.c cppfunc 592 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int demidevil_werefox = 596; char *lipschitz_gaums; stonesoup_read_taint(&lipschitz_gaums,"2493",demidevil_werefox); outspokennesses_gestapo = ((int )(strlen(lipschitz_gaums))); memcpy(bas_adelges,lipschitz_gaums,outspokennesses_gestapo); free(((char *)lipschitz_gaums)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&lipschitz_gaums,"2493",demidevil_werefox); outspokennesses_gestapo = ((int )(strlen(lipschitz_gaums))); memcpy(bas_adelges,lipschitz_gaums,outspokennesses_gestapo); free(((char *)lipschitz_gaums)); 0 --------------------------------- 2507 70417/CWE122_Heap_Based_Buffer_Overflow__CWE135_18.c cppfunc 75 wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2508 153314/color.c cppfunc 345 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2509 153314/color.c cppfunc 347 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2510 70408/CWE122_Heap_Based_Buffer_Overflow__CWE135_09.c cppfunc 144 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2511 153736/types.c cppfunc 77 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2512 66283/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_04.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2513 62602/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_66.c cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2514 153080/main_statusbar.c cppfunc 139 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2515 72982/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_66.c cppfunc 146 data[0] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2516 153080/main_statusbar.c cppfunc 132 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2517 153080/main_statusbar.c cppfunc 136 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2518 66620/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_05.c cppfunc 44 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2519 152920/oids.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2520 152920/oids.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2521 153077/file_wrappers.c cppfunc 122 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2522 153486/bufmgr.c cppfunc 122 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2523 153077/file_wrappers.c cppfunc 125 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2524 153375/mux.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2525 79505/CWE134_Uncontrolled_Format_String__char_console_snprintf_34.c inputfunc 51 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myUnion.unionFirst = data; 0 --------------------------------- 2526 72350/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52.c cppfunc 188 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52c_goodG2BSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2527 153673/config.c cppfunc 1154 void finaglers_mia(char **shakingly_pepper) rewed_kula(shakingly_pepper); void rewed_kula(char **simity_haftara) free(((char *)( *(simity_haftara - 5)))); 0 --------------------------------- 2528 153088/mux.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2529 153088/mux.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2530 153162/color.c cppfunc 331 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2531 152887/color.c cppfunc 353 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2532 152887/color.c cppfunc 351 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2533 199234/buffer_overrun_dynamic.c cppfunc 178 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); int *buf3=(int*)calloc(5,sizeof(int)); int *buf4=(int*)calloc(5,sizeof(int)); int *buf5=(int*)calloc(5,sizeof(int)); free(buf5); 0 --------------------------------- 2534 199234/buffer_overrun_dynamic.c cppfunc 175 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); free(buf2); 0 --------------------------------- 2535 199234/buffer_overrun_dynamic.c cppfunc 176 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); int *buf3=(int*)calloc(5,sizeof(int)); free(buf3); 0 --------------------------------- 2536 199234/buffer_overrun_dynamic.c cppfunc 177 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); int *buf3=(int*)calloc(5,sizeof(int)); int *buf4=(int*)calloc(5,sizeof(int)); free(buf4); 0 --------------------------------- 2537 71488/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54.c cppfunc 318 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54e_goodG2BSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 2538 153175/utils.c cppfunc 4752 char *endptr; prog_id = (strtol(spec,&endptr,0)); if (( *(endptr++)) == ':') { int stream_idx = (strtol(endptr,((void *)0),0)); 0 --------------------------------- 2539 67319/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_16.c cppfunc 56 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 2540 72121/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_72.cpp cppfunc 169 vector dataVector; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 2541 153377/emem.c cppfunc 198 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2542 153721/color.c cppfunc 371 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2543 153377/emem.c cppfunc 196 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2544 73707/CWE124_Buffer_Underwrite__CWE839_listen_socket_14.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2545 153541/heapam.c inputfunc 154 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&presatisfy_bottlebird,"COMPACTILE_DIVORCING"); if (presatisfy_bottlebird != 0) {; extensionalism_proteolytic = ((int )(strlen(presatisfy_bottlebird))); superenrollment_prediscuss = ((char *)(malloc(extensionalism_proteolytic + 1))); if (superenrollment_prediscuss == 0) { memcpy(superenrollment_prediscuss,presatisfy_bottlebird,extensionalism_proteolytic); if (presatisfy_bottlebird != 0) free(((char *)presatisfy_bottlebird)); nonbarbarous_lairdship = &superenrollment_prediscuss; helvella_implies = &nonbarbarous_lairdship; botheration_gasburg(helvella_implies); 0 --------------------------------- 2546 72441/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_42.c cppfunc 70 data[50-1] = '\0'; return data; data = goodG2BSource(data); strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2547 110367/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_08.c cppfunc 130 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2548 62726/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_21.c cppfunc 225 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2549 153468/utils.c cppfunc 4272 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; const char *col; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { if ((col = (strchr(p,':'))) && col < ls) { *port_ptr = atoi(col + 1); 0 --------------------------------- 2550 148966/emem.c cppfunc 1175 ep_strconcat(const gchar *string1, ...) l = 1 + strlen(string1); va_start(args, string1); ptr = g_stpcpy(ptr, string1); va_start(args, string1); 0 --------------------------------- 2551 73019/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_44.c cppfunc 59 static void goodG2BSink(char * data) strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 2552 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c cppfunc 188 char * *dataPtr2 = &data; char * data = *dataPtr2; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2553 66924/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_33.cpp cppfunc 70 wchar_t * &dataRef = data; wchar_t * data = dataRef; source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 2554 70919/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67.c cppfunc 142 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67_structType myStruct) char * data = myStruct.structFirst; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2555 66398/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_33.cpp cppfunc 71 wchar_t * &dataRef = data; wchar_t * data = dataRef; dataLen = wcslen(data); 0 --------------------------------- 2556 153446/main_statusbar.c cppfunc 120 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2557 153446/main_statusbar.c cppfunc 129 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2558 153540/eng_table.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2559 66572/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_05.c cppfunc 89 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2560 153809/img2.c cppfunc 58 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2561 153688/column.c cppfunc 86 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2562 153193/color.c cppfunc 353 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2563 153766/tile-swap.c cppfunc 135 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2564 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c cppfunc 56 data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_badSource(data); badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2565 153766/tile-swap.c cppfunc 131 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2566 153247/conversation.c cppfunc 147 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 2567 153766/tile-swap.c cppfunc 138 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2568 70480/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54.c cppfunc 588 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2569 153158/resowner.c cppfunc 699 jmp_buf vesicated_lenotre; nemichthys_hydrophones = setjmp(vesicated_lenotre); longjmp(vesicated_lenotre,1); 0 --------------------------------- 2570 67720/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_09.cpp cppfunc 195 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2571 148916/strutil.c cppfunc 469 is_byte_sep(guint8 c) q = p+1; && isxdigit(*p) && isxdigit(*q) && if (is_byte_sep(*punct)) { p = punct; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q + 1; else if (!*q && isxdigit(*p)) { p = q; else if (!*q && isxdigit(*p)) { hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; s = p+3; isxdigit(*r) && isxdigit(*s)) { punct = s + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { else if (!*q && isxdigit(*p)) { p = q; else if (!*q && isxdigit(*p)) { 0 --------------------------------- 2572 73082/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_73.cpp cppfunc 148 void badSink(list dataList) char * data = dataList.back(); strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 2573 73178/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_73.cpp cppfunc 165 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcscpy(dest, data); printWLine(data); free(data); 0 --------------------------------- 2574 153296/timestamp.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2575 72084/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_05.c cppfunc 100 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 2576 152891/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2577 153762/oids.c cppfunc 1322 void stonesoup_handle_taint(char *disorganizing_outlook) protevangelion_beat = ((int )(strlen(disorganizing_outlook))); julies_realisers = ((char *)(malloc(protevangelion_beat + 1))); 0 --------------------------------- 2578 152891/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2579 152891/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2580 153480/bss_file.c cppfunc 129 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2581 153480/bss_file.c cppfunc 125 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2582 110797/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_06.cpp cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2583 62986/CWE121_Stack_Based_Buffer_Overflow__CWE135_66.c cppfunc 164 void CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_goodG2BSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2584 62986/CWE121_Stack_Based_Buffer_Overflow__CWE135_66.c cppfunc 161 void CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_goodG2BSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 2585 73640/CWE124_Buffer_Underwrite__CWE839_fgets_73.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2586 72766/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_15.c cppfunc 80 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 2587 153126/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2588 153328/e_camellia.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2589 153093/main_filter_toolbar.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2590 153108/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2591 153093/main_filter_toolbar.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2592 62720/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_13.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2593 148966/strutil.c cppfunc 837 convert_string_to_hex(const char *string, size_t *nbytes) p = &string[0]; c = *p++; if (isspace(c)) if (isdigit(c)) 0 --------------------------------- 2594 153390/hashfn.c cppfunc 44 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2595 153258/column.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2596 110346/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_62.cpp cppfunc 72 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2597 70496/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c inputfunc 118 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 2598 72139/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_12.c cppfunc 81 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2599 71492/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_64.c cppfunc 136 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 2600 66630/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_15.c cppfunc 94 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2601 153711/timestamp.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2602 153711/timestamp.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2603 66324/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_81a.cpp cppfunc 48 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2604 67314/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_11.c cppfunc 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2605 110486/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_52.c cppfunc 192 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_52b_goodG2BSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_52c_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_52c_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2606 67416/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_17.c cppfunc 57 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 2607 153771/main_filter_toolbar.c cppfunc 456 jmp_buf tanglefoot_bevy; gentlemanism_pycnoses = setjmp(tanglefoot_bevy); longjmp(tanglefoot_bevy,1); 0 --------------------------------- 2608 153807/utils.c cppfunc 83 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2609 153383/config.c cppfunc 94 size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2610 153383/config.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2611 153383/config.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2612 66626/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_11.c cppfunc 86 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2613 73170/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_62.cpp cppfunc 60 data[50-1] = L'\0'; wcscpy(dest, data); printWLine(data); free(data); 0 --------------------------------- 2614 67583/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_16.cpp cppfunc 97 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2615 153655/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2616 148823/Element.cpp cppfunc 517 if (FrameView* view = document()->view()) { IntRect visibleContentRect = view->visibleContentRect(); result.move(-visibleContentRect.x(), -visibleContentRect.y()); 0 --------------------------------- 2617 148823/Element.cpp cppfunc 510 String localName = shouldIgnoreAttributeCase(this) ? name.lower() : name; return !elem->hasAttribute(attr); if (!documentIsHTML && namespaces && shouldAddNamespaceElem(el)) if (el->isHTMLElement() && (annotate || convert)) { Element* element = const_cast(el); RefPtr styleFromMatchedRules = styleFromMatchedRulesForElement(const_cast(el)); styleFromMatchedRules->merge(style.get()); style = styleFromMatchedRules; CSSMutableStyleDeclaration::const_iterator end = style->end(); for (CSSMutableStyleDeclaration::const_iterator it = style->begin(); it != end; ++it) { const CSSProperty& property = *it; CSSValue* value = property.value(); fromComputedStyle->addParsedProperty(CSSProperty(property.id(), computedPropertyValue)); style->merge(fromComputedStyle.get()); 0 --------------------------------- 2618 66548/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_45.c cppfunc 44 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2619 62985/CWE121_Stack_Based_Buffer_Overflow__CWE135_65.c cppfunc 156 void CWE121_Stack_Based_Buffer_Overflow__CWE135_65b_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 2620 62985/CWE121_Stack_Based_Buffer_Overflow__CWE135_65.c cppfunc 159 void CWE121_Stack_Based_Buffer_Overflow__CWE135_65b_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2621 153518/e_bf.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2622 153270/dynahash.c cppfunc 269 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2623 153675/aviobuf.c cppfunc 64 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2624 153675/aviobuf.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2625 70648/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_09.c cppfunc 458 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2626 153246/emem.c cppfunc 168 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2627 67581/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_14.cpp cppfunc 151 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2628 70451/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_04.c cppfunc 425 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2629 72027/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_74.cpp cppfunc 151 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2630 153619/resowner.c cppfunc 167 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2631 153619/resowner.c cppfunc 169 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2632 67722/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_11.cpp inputfunc 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 2633 152955/timestamp.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2634 66522/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_03.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2635 62974/CWE121_Stack_Based_Buffer_Overflow__CWE135_43.cpp cppfunc 95 data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2636 71161/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_72.cpp cppfunc 175 vector dataVector; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 2637 72860/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_13.c cppfunc 71 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2638 65205/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_14.c cppfunc 72 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 2639 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c cppfunc 206 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 2640 62710/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_03.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2641 153244/color.c cppfunc 600 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *plusiinae_skeletin; stonesoup_read_taint(&plusiinae_skeletin,"DIETARIES_FLOCCULATING"); free(((char *)plusiinae_skeletin)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&plusiinae_skeletin,"DIETARIES_FLOCCULATING"); free(((char *)plusiinae_skeletin)); 0 --------------------------------- 2642 69875/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_04.cpp cppfunc 96 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 2643 71175/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_08.c cppfunc 86 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 2644 72438/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_33.cpp cppfunc 68 char * &dataRef = data; char * data = dataRef; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2645 67716/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_05.cpp cppfunc 313 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2646 110485/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_51.c cppfunc 145 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_51b_goodG2BSink(data); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_51b_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2647 152963/pmsignal.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2648 152940/cmdutils.c cppfunc 1409 const AVCodecDescriptor **codecs; unsigned int nb_codecs = 0; nb_codecs++; if (!(codecs = (av_calloc(nb_codecs,sizeof(( *codecs)))))) { desc = ((void *)0); while(desc = avcodec_descriptor_next(desc)) codecs[i++] = desc; qsort(codecs,nb_codecs,sizeof(( *codecs)),compare_codec_desc); 0 --------------------------------- 2649 79416/CWE134_Uncontrolled_Format_String__char_console_fprintf_52.c inputfunc 94 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_52b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_52b_goodB2GSink(char * data); 0 --------------------------------- 2650 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c inputfunc 104 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_goodB2GSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_goodB2GSink(CWE134_Uncontrolled_Format_String__char_console_vfprintf_67_structType myStruct) char * data = myStruct.structFirst; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2651 70998/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_33.cpp cppfunc 69 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2652 72303/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53.c cppfunc 237 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53d_goodG2BSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2653 70777/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_72.cpp cppfunc 156 void badSink(vector dataVector) char * data = dataVector[2]; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2654 153084/stream.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2655 70682/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_73.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2656 67577/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_10.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2657 72279/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_08.c cppfunc 83 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2658 110382/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_33.cpp cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2659 153714/bio_err.c cppfunc 126 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2660 153752/heapam.c cppfunc 5284 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; struct wooer_grosz epilated_fconvert; char *crackup_armond; stonesoup_read_taint(&crackup_armond,"STANNARY_DREXEL"); epilated_fconvert . berake_pomme = ((char *)crackup_armond); staminigerous_depthless[ *sheepcrook_babson] = epilated_fconvert; oafish_fermented = staminigerous_depthless[ *sheepcrook_babson]; arsis_antitonic(derision_tinman,oafish_fermented); } ; void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&crackup_armond,"STANNARY_DREXEL"); epilated_fconvert . berake_pomme = ((char *)crackup_armond); oafish_fermented = staminigerous_depthless[ *sheepcrook_babson]; arsis_antitonic(derision_tinman,oafish_fermented); 0 --------------------------------- 2661 72344/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_41.c cppfunc 57 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_41_goodG2BSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2662 110341/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_51.c cppfunc 221 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_51b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2663 152966/main_filter_toolbar.c cppfunc 82 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2664 152966/main_filter_toolbar.c cppfunc 80 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2665 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c cppfunc 200 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 2666 67411/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_12.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2667 67411/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_12.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2668 153647/aviobuf.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2669 152935/config_file.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2670 152935/config_file.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2671 1309/txt-dns-file-bad.c cppfunc 149 DNS_REPLY_T *r; free(r->dns_r_q.dns_q_domain); char host[MAXHOSTNAMELEN]; r = (DNS_REPLY_T *) xalloc(sizeof(*r)); memset(r, 0, sizeof(*r)); strcpy(host, "LL.MIT.EDU"); status = strlen(host); dns_free_data(r); r->dns_r_q.dns_q_domain = (char *) strdup(host); dns_free_data(r); GETSHORT(r->dns_r_q.dns_q_type, p); printf("Record type queried = %d\n",r->dns_r_q.dns_q_type); GETSHORT(r->dns_r_q.dns_q_class, p); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); DNS_REPLY_T *r; free(r); 0 --------------------------------- 2672 72783/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53.c cppfunc 259 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53d_goodG2BSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 2673 1309/txt-dns-file-bad.c cppfunc 147 r = (DNS_REPLY_T *) xalloc(sizeof(*r)); memset(r, 0, sizeof(*r)); dns_free_data(r); DNS_REPLY_T *r; for (rr = r->dns_r_head; rr != NULL; ) free(rr->rr_u.rr_data); rr = rr->rr_next; RESOURCE_RECORD_T *tmp = rr; free(tmp); 0 --------------------------------- 2674 153344/utf.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2675 1295/iquery-bad.c inputfunc 160 while (((c = fgetc(f)) != EOF) && (i < len)) { *msg++ = (u_char) c; fclose(f); hp = (HEADER *) msg; cp = msg + sizeof(HEADER); eom = msg + msglen; req_iquery(hp, &cp, eom, &msglen, msg); req_iquery(HEADER *hp, u_char **cpp, u_char *eom, int *buflenp, u_char *msg) if ((n = dn_skipname(*cpp, eom)) < 0) { *cpp += n; GETSHORT(type, *cpp); *cpp += INT32SZ; GETSHORT(dlen, *cpp); *cpp += dlen; if (*cpp != eom) { fname = (char *)msg + HFIXEDSZ; alen = (char *)*cpp - fname; printf("Copying %d bytes from fname to anbuf which can store %d bytes\n", alen, sizeof(anbuf)); memcpy(anbuf, fname, alen); data = anbuf + alen - dlen; *cpp = (u_char *)fname; req_iquery(hp, &cp, eom, &msglen, msg); 0 --------------------------------- 2676 72092/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_13.c cppfunc 71 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 2677 152873/portalmem.c cppfunc 151 int unabsorbed_zygobranchiata = 596; stonesoup_read_taint(&outsmoke_chromoplasm,"2870",unabsorbed_zygobranchiata); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 2678 72730/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_43.cpp cppfunc 71 data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 2679 63797/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_06.c cppfunc 79 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 2680 67509/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_08.c cppfunc 51 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); if(staticReturnsTrue()) good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_08_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_08_bad(); if(staticReturnsTrue()) charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 2681 70455/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_08.c cppfunc 249 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2682 153057/file_wrappers.c cppfunc 149 stonesoup_read_taint(&adays_thermophilous,"TURMEL_MEROSYSTEMATIC"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 2683 67753/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_72.cpp inputfunc 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 2684 153388/dynahash.c cppfunc 252 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2685 153388/dynahash.c cppfunc 256 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2686 153388/dynahash.c cppfunc 259 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2687 62979/CWE121_Stack_Based_Buffer_Overflow__CWE135_53.c cppfunc 250 void CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 2688 62979/CWE121_Stack_Based_Buffer_Overflow__CWE135_53.c cppfunc 253 void CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2689 70508/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_13.c cppfunc 181 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2690 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c cppfunc 214 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 2691 72766/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_15.c cppfunc 106 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 2692 152957/heapam.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2693 148821/Element.cpp cppfunc 510 String localName = shouldIgnoreAttributeCase(this) ? name.lower() : name; return !elem->hasAttribute(attr); if (!documentIsHTML && namespaces && shouldAddNamespaceElem(el)) if (el->isHTMLElement() && (annotate || convert)) { Element* element = const_cast(el); RefPtr styleFromMatchedRules = styleFromMatchedRulesForElement(const_cast(el)); styleFromMatchedRules->merge(style.get()); style = styleFromMatchedRules; CSSMutableStyleDeclaration::const_iterator end = style->end(); for (CSSMutableStyleDeclaration::const_iterator it = style->begin(); it != end; ++it) { const CSSProperty& property = *it; CSSValue* value = property.value(); fromComputedStyle->addParsedProperty(CSSProperty(property.id(), computedPropertyValue)); style->merge(fromComputedStyle.get()); 0 --------------------------------- 2694 148821/Element.cpp cppfunc 517 if (FrameView* view = document()->view()) { IntRect visibleContentRect = view->visibleContentRect(); result.move(-visibleContentRect.x(), -visibleContentRect.y()); 0 --------------------------------- 2695 153364/cmdutils.c cppfunc 847 time_t now; time(&now); tm = localtime((&now)); 0 --------------------------------- 2696 66373/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_82a.cpp cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2697 66656/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_68.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2698 70500/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_05.c cppfunc 155 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2699 149070/into2-good.c cppfunc 49 main(int argc, char **argv) l = strtoul(argv[1], 0, 10); test((unsigned int)l); test(unsigned int n) int *buf, i; buf = malloc(n * sizeof *buf); for(i = 0; i < n; i++) printf("%x ", buf[i] = i); free(buf); 0 --------------------------------- 2700 70673/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_61.c cppfunc 116 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2701 62749/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_72.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2702 66655/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_67.c cppfunc 44 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2703 110533/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_51.c cppfunc 234 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_51b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2704 72963/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22.c cppfunc 69 data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_goodG2B1Source(data); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2705 66268/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_64.c cppfunc 50 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2706 71011/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_63.c cppfunc 144 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2707 72113/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_61.c cppfunc 61 data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_61b_goodG2BSource(data); wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 2708 153740/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2709 70881/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_02.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2710 70855/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_34.c cppfunc 76 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_34_unionType myUnion; char * data = myUnion.unionSecond; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2711 67605/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_65.cpp cppfunc 43 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2712 70967/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67.c cppfunc 160 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67_structType myStruct; data = (char *)malloc((10+1)*sizeof(char)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 2713 70671/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53.c cppfunc 476 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2714 153594/error.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2715 70452/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_05.c cppfunc 242 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2716 153594/error.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2717 71459/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_04.c cppfunc 84 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 2718 199284/memory_allocation_failure.c cppfunc 525 ret = MAX_VAL; ret=5; return ret; char **dptr,a; dptr=(char**) malloc(10*sizeof(char*)); dptr[i]=(char*) malloc(memory_allocation_failure_013_func_001(0)*sizeof(char)); strcpy( dptr[1],"STRING TEST" ); free(dptr[i]); dptr = NULL; free(dptr); 0 --------------------------------- 2719 70647/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_08.c cppfunc 429 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2720 72758/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_07.c cppfunc 99 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 2721 72394/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_43.cpp cppfunc 71 data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2722 72947/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_04.c cppfunc 78 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2723 70504/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_09.c cppfunc 228 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2724 152989/aviobuf.c cppfunc 56 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2725 70748/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_13.c cppfunc 70 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2726 67430/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_52.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2727 153474/e_bf.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2728 153101/resowner.c cppfunc 142 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2729 152967/color.c cppfunc 604 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *undisbursed_puris; stonesoup_read_taint(&undisbursed_puris,"FRITTERING_HYBRIDISED"); free(((char *)undisbursed_puris)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&undisbursed_puris,"FRITTERING_HYBRIDISED"); free(((char *)undisbursed_puris)); 0 --------------------------------- 2730 152882/subtrans.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2731 69753/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_42.cpp cppfunc 56 data = new wchar_t[100]; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 2732 70457/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_10.c cppfunc 419 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2733 153122/gimpdialogfactory.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2734 153122/gimpdialogfactory.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2735 62989/CWE121_Stack_Based_Buffer_Overflow__CWE135_72.cpp cppfunc 184 void goodG2BSink(vector dataVector) void * data = dataVector[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2736 62605/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_72.cpp cppfunc 97 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2737 72873/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_42.c cppfunc 72 data[0] = '\0'; return data; data = goodG2BSource(data); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2738 1306/prescan-overflow-ok.c cppfunc 489 pvp = prescan(addr, delim, pvpbuf, sizeof pvpbuf, delimptr, NULL, canary); char *addr; addr = (char *) malloc(sizeof(char) * 500); CurEnv->e_to = (char *) malloc(strlen(addr) * sizeof(char) + 1); strcpy(CurEnv->e_to, addr); parseaddr(addr, delim, delimptr); char *addr; pvp = prescan(addr, delim, pvpbuf, sizeof pvpbuf, delimptr, NULL, canary); p = addr; p--; p--; c = (*p++) & 0x00ff; c = '"'; c = ')'; c = '>'; c = '>'; c = NOCHAR; else if (delim == ' ' && isascii(c) && isspace(c)) 0 --------------------------------- 2739 148823/Element.cpp cppfunc 490 if (FrameView* view = document()->view()) { IntRect visibleContentRect = view->visibleContentRect(); quads[i].move(-visibleContentRect.x(), -visibleContentRect.y()); 0 --------------------------------- 2740 153803/color.c cppfunc 614 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int mendelianism_operculiferous = 596; char *dumbbell_remunerable; stonesoup_read_taint(&dumbbell_remunerable,"3662",mendelianism_operculiferous); free(((char *)dumbbell_remunerable)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&dumbbell_remunerable,"3662",mendelianism_operculiferous); free(((char *)dumbbell_remunerable)); 0 --------------------------------- 2741 71361/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_02.c cppfunc 93 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 2742 70771/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_63.c cppfunc 127 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2743 149224/use_after_free_container-good.c cppfunc 35 container.foo.b[0] = 'S'; printf("%s\n", container.foo.b); free(container.foo.b); 0 --------------------------------- 2744 152911/eng_lib.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2745 71201/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_61.c cppfunc 64 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_61b_goodG2BSource(data); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 2746 153570/utf.c cppfunc 136 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2747 153570/utf.c cppfunc 138 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2748 153212/utils.c cppfunc 4766 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; sid = (strtol(spec + 1,&endptr,0)); 0 --------------------------------- 2749 73706/CWE124_Buffer_Underwrite__CWE839_listen_socket_13.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2750 79419/CWE134_Uncontrolled_Format_String__char_console_fprintf_61.c inputfunc 139 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; 0 --------------------------------- 2751 72286/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_15.c cppfunc 76 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2752 153433/resowner.c cppfunc 143 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2753 70413/CWE122_Heap_Based_Buffer_Overflow__CWE135_14.c cppfunc 172 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2754 69744/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_17.cpp cppfunc 60 data = new wchar_t[100]; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 2755 67348/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_81a.cpp cppfunc 48 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2756 72428/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_13.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2757 153535/avdevice.c cppfunc 89 int vartabed_highspire = 596; stonesoup_read_taint(&reunited_farewelling,"8040",vartabed_highspire); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 2758 72603/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_74.cpp cppfunc 167 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 2759 153294/bufmgr.c cppfunc 140 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2760 69866/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_73.cpp cppfunc 159 list dataList; data = (int *)malloc(10*sizeof(int)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int * data = dataList.back(); memcpy(data, source, 10*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 2761 71391/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53.c cppfunc 221 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53d_badSink(char * data) strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 2762 153188/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2763 153770/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2764 153770/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2765 153770/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2766 70683/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_74.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2767 72997/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_06.c cppfunc 91 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 2768 153729/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2769 153234/img2.c cppfunc 44 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2770 153467/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2771 72720/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_17.c cppfunc 66 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 2772 67731/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_22.cpp cppfunc 259 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2773 72217/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_72.cpp cppfunc 175 vector dataVector; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 2774 69881/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_10.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 2775 152989/aviobuf.c cppfunc 1257 void stonesoup_handle_taint(char *casemaking_slavocracy) molopo_sojourning = ((int )(strlen(casemaking_slavocracy))); preinsured_stramineously = ((char *)(malloc(molopo_sojourning + 1))); memset(preinsured_stramineously,0,molopo_sojourning + 1); memcpy(preinsured_stramineously,casemaking_slavocracy,molopo_sojourning); boatward_guildroy(preinsured_stramineously); void boatward_guildroy(char *const peaching_westlandways) free(((char *)((char *)peaching_westlandways))); 0 --------------------------------- 2776 71206/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_66.c cppfunc 134 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 2777 110375/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_16.c cppfunc 87 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2778 153536/stream.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2779 67341/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_65.c cppfunc 34 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2780 67299/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_74.cpp cppfunc 164 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 2781 67569/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_02.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2782 153217/gimpdisplay.c cppfunc 134 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2783 153348/mutex.c cppfunc 70 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2784 153217/gimpdisplay.c cppfunc 132 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(unqualification_octanols)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2785 110344/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_54.c cppfunc 450 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_54d_goodG2BSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_54e_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_54e_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2786 153746/color.c cppfunc 608 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *gadid_impossibilism) free(((char *)gadid_impossibilism)); 0 --------------------------------- 2787 67721/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_10.cpp cppfunc 195 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2788 62733/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_42.c cppfunc 217 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2789 110541/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_65.c cppfunc 235 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_65b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2790 67744/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_54.cpp inputfunc 98 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 2791 110836/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_81a.cpp cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2792 153515/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2793 66305/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_42.c cppfunc 53 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 2794 72490/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_43.cpp cppfunc 75 data[50-1] = '\0'; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 0 --------------------------------- 2795 153005/ffmpeg.c inputfunc 3151 int main(int argc,char **argv) parse_loglevel(argc,argv,options); if (argc > 1 && !strcmp(argv[1],"-d")) { argc--; argv++; show_banner(argc,argv,options); ret = ffmpeg_parse_options(argc,argv); if (ret < 0) { 0 --------------------------------- 2796 67433/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_61.c cppfunc 135 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 2797 153739/color.c cppfunc 337 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2798 153739/color.c cppfunc 335 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2799 153623/ffmpeg.c cppfunc 3234 jmp_buf bissextus_spumier; firers_purloins = setjmp(bissextus_spumier); longjmp(bissextus_spumier,1); 0 --------------------------------- 2800 73698/CWE124_Buffer_Underwrite__CWE839_listen_socket_05.c cppfunc 298 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2801 72782/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52.c cppfunc 204 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52c_goodG2BSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 2802 71430/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_33.cpp cppfunc 44 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 2803 70642/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_03.c cppfunc 304 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2804 72301/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_51.c cppfunc 122 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_51b_badSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2805 153458/config.c cppfunc 1042 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *vinaigretted_unmaimable) symbiotically_apasttra = vinaigretted_unmaimable; free(((char *)symbiotically_apasttra)); 0 --------------------------------- 2806 153107/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2807 72778/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_43.cpp cppfunc 61 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 2808 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c cppfunc 335 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 2809 70979/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_04.c cppfunc 96 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2810 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c cppfunc 226 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 2811 63634/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_03.c cppfunc 94 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 2812 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c cppfunc 223 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 2813 66651/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_63.c cppfunc 56 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2814 70411/CWE122_Heap_Based_Buffer_Overflow__CWE135_12.c cppfunc 111 wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2815 70477/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_51.c cppfunc 300 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2816 149125/heap_overflow_cplx-bad.c inputfunc 31 if(fread(&r, sizeof r, 1, f) != 1) fclose(f); if(fclose(f) != 0) return r; unsigned length = getRand() % 50 - 1; char *t = malloc((length + 1) * sizeof(char)); if (!t) for (;iview()) { IntRect visibleContentRect = view->visibleContentRect(); quads[i].move(-visibleContentRect.x(), -visibleContentRect.y()); 0 --------------------------------- 2829 66537/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_18.c cppfunc 55 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2830 72841/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_72.cpp cppfunc 169 vector dataVector; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 2831 66596/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_45.c cppfunc 44 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2832 66356/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_45.c cppfunc 49 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2833 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c cppfunc 156 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2834 152933/column-utils.c cppfunc 79 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2835 70772/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_64.c cppfunc 130 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2836 67722/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_11.cpp cppfunc 306 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2837 67730/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_21.cpp inputfunc 130 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 2838 66332/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_05.c cppfunc 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2839 153272/color.c cppfunc 342 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2840 71193/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_42.c cppfunc 73 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; data = goodG2BSource(data); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 2841 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c inputfunc 144 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 2842 153112/utils.c cppfunc 4808 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; sid = (strtol(spec + 1,&endptr,0)); 0 --------------------------------- 2843 72330/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_11.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2844 153167/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2845 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c cppfunc 315 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2846 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c cppfunc 318 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 2847 71930/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_73.cpp cppfunc 177 list dataList; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) twoIntsStruct * data = dataList.back(); memmove(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 2848 70462/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_15.c cppfunc 356 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2849 153243/main_filter_toolbar.c cppfunc 112 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2850 153243/main_filter_toolbar.c cppfunc 110 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2851 70505/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_10.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2852 69743/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_16.cpp cppfunc 33 data = new wchar_t[100]; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 2853 72160/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54.c cppfunc 271 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2854 67606/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_66.cpp cppfunc 89 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2855 110491/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_63.c cppfunc 144 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_63b_goodG2BSink(&data); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_63b_goodG2BSink(int * dataPtr) int data = *dataPtr; intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2856 71394/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_62.cpp cppfunc 64 data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 2857 72759/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_08.c cppfunc 107 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 2858 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c cppfunc 127 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 2859 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c cppfunc 124 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 2860 153007/tile.c cppfunc 328 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int concatenary_michoacano = 105; char *firers_lindenhurst; stonesoup_read_taint(&firers_lindenhurst,"9439",concatenary_michoacano); nonenumerated_mutualise = ((void *)firers_lindenhurst); erase_diuron = &nonenumerated_mutualise; free(((char *)((char *)( *erase_diuron)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&firers_lindenhurst,"9439",concatenary_michoacano); nonenumerated_mutualise = ((void *)firers_lindenhurst); erase_diuron = &nonenumerated_mutualise; free(((char *)((char *)( *erase_diuron)))); 0 --------------------------------- 2861 70871/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67.c cppfunc 142 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67_structType myStruct) char * data = myStruct.structFirst; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2862 153531/emem.c inputfunc 223 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&palewise_flagstick,"NICKS_PRIORITIZED"); if (palewise_flagstick != 0) {; rejuvenised_inviable = ((void *)palewise_flagstick); *flecken_ensheath = rejuvenised_inviable; 0 --------------------------------- 2863 153531/emem.c cppfunc 220 stonesoup_read_taint(&palewise_flagstick,"NICKS_PRIORITIZED"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 2864 62980/CWE121_Stack_Based_Buffer_Overflow__CWE135_54.c cppfunc 338 void CWE121_Stack_Based_Buffer_Overflow__CWE135_54d_goodB2GSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 2865 152967/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2866 152967/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2867 152967/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2868 153402/color.c cppfunc 120 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2869 66259/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_44.c cppfunc 42 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2870 153337/img2.c cppfunc 72 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2871 152925/eng_lib.c cppfunc 336 jmp_buf situationally_alexanders; haithal_nobel = setjmp(situationally_alexanders); longjmp(situationally_alexanders,1); 0 --------------------------------- 2872 73001/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_10.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 2873 148828/RenderListMarker.cpp cppfunc 992 void RenderListMarker::paint(PaintInfo& paintInfo, int tx, int ty) marker.move(tx, ty); paintCustomHighlight(tx, ty, style()->highlight(), true); selRect.move(tx, ty); 0 --------------------------------- 2874 73734/CWE124_Buffer_Underwrite__CWE839_listen_socket_68.c cppfunc 185 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2875 71376/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_17.c cppfunc 68 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 2876 152882/subtrans.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2877 70908/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_45.c cppfunc 68 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_45_goodG2BData; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2878 152918/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2879 152884/mem_dbg.c inputfunc 277 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&imager_marsala,"TOYER_MCA"); if (imager_marsala != 0) {; pung_ethanoyl . pratincole_superodorsal = ((char *)imager_marsala); heterophyllous_reimburser = &pung_ethanoyl; extol_bassetts(heterophyllous_reimburser); 0 --------------------------------- 2880 152884/mem_dbg.c cppfunc 274 stonesoup_read_taint(&imager_marsala,"TOYER_MCA"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 2881 152918/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2882 152918/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2883 70654/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_15.c cppfunc 449 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2884 70464/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_17.c cppfunc 276 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2885 72458/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_73.cpp cppfunc 149 void badSink(list dataList) char * data = dataList.back(); strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2886 72349/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_51.c cppfunc 122 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_51b_badSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2887 153187/cmdline.c cppfunc 132 int unist_warmblooded = 91; stonesoup_read_taint(&outpouching_bundelkhand,"3633",unist_warmblooded); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 2888 153582/avfilter.c cppfunc 88 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2889 70467/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22.c cppfunc 440 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2890 153582/avfilter.c cppfunc 86 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2891 153609/img2.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2892 153059/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2893 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c inputfunc 136 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GSink(data); static void goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2894 67751/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_67.cpp inputfunc 206 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 2895 72747/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_74.cpp cppfunc 149 void badSink(map dataMap) wchar_t * data = dataMap[2]; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 2896 79509/CWE134_Uncontrolled_Format_String__char_console_snprintf_44.c inputfunc 128 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 2897 110370/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_11.c cppfunc 90 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2898 72976/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54.c cppfunc 288 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54e_goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2899 153768/avpacket.c cppfunc 102 stonesoup_read_taint(&quatrefoliated_semicarbazone,"COCONINO_CONGLOBATION"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 2900 153768/avpacket.c inputfunc 105 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&quatrefoliated_semicarbazone,"COCONINO_CONGLOBATION"); if (quatrefoliated_semicarbazone != 0) {; annist_sempre . reparative_koah = quatrefoliated_semicarbazone; blandishing_refinds(annist_sempre); void blandishing_refinds(const union martinetish_musb aeolight_propagandism); 0 --------------------------------- 2901 72411/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_74.cpp cppfunc 149 void badSink(map dataMap) char * data = dataMap[2]; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2902 62727/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22.c cppfunc 254 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2903 153364/cmdutils.c inputfunc 1697 ret = (fread(( *bufptr),1, *size,f)); if (ret < *size) { av_free(( *bufptr)); if (ferror(f)) { fclose(f); 0 --------------------------------- 2904 72119/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67.c cppfunc 135 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 2905 70407/CWE122_Heap_Based_Buffer_Overflow__CWE135_08.c cppfunc 124 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2906 72594/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_62.cpp cppfunc 62 data[50-1] = L'\0'; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 2907 153797/resowner.c cppfunc 151 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 2908 67577/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_10.cpp cppfunc 152 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2909 70641/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_02.c cppfunc 458 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2910 70776/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68.c cppfunc 138 char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68_badData; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2911 72745/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_72.cpp cppfunc 167 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 2912 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c cppfunc 73 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 2913 153334/color.c cppfunc 333 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2914 66301/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_32.c cppfunc 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2915 70455/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_08.c cppfunc 432 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 2916 153541/heapam.c cppfunc 400 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *presatisfy_bottlebird; stonesoup_read_taint(&presatisfy_bottlebird,"COMPACTILE_DIVORCING"); extensionalism_proteolytic = ((int )(strlen(presatisfy_bottlebird))); superenrollment_prediscuss = ((char *)(malloc(extensionalism_proteolytic + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&presatisfy_bottlebird,"COMPACTILE_DIVORCING"); extensionalism_proteolytic = ((int )(strlen(presatisfy_bottlebird))); superenrollment_prediscuss = ((char *)(malloc(extensionalism_proteolytic + 1))); 0 --------------------------------- 2917 67718/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_07.cpp cppfunc 200 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2918 153566/color.c cppfunc 608 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *semiconducting_capitate) free(((char *)semiconducting_capitate)); 0 --------------------------------- 2919 72109/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_51.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_51b_badSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 2920 153541/heapam.c cppfunc 408 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *presatisfy_bottlebird; stonesoup_read_taint(&presatisfy_bottlebird,"COMPACTILE_DIVORCING"); extensionalism_proteolytic = ((int )(strlen(presatisfy_bottlebird))); memcpy(superenrollment_prediscuss,presatisfy_bottlebird,extensionalism_proteolytic); free(((char *)presatisfy_bottlebird)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&presatisfy_bottlebird,"COMPACTILE_DIVORCING"); extensionalism_proteolytic = ((int )(strlen(presatisfy_bottlebird))); memcpy(superenrollment_prediscuss,presatisfy_bottlebird,extensionalism_proteolytic); free(((char *)presatisfy_bottlebird)); 0 --------------------------------- 2921 153450/oids.c cppfunc 107 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2922 110494/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_66.c cppfunc 127 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_66b_badSink(int dataArray[]) int data = dataArray[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 2923 79467/CWE134_Uncontrolled_Format_String__char_console_printf_61.c inputfunc 139 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; 0 --------------------------------- 2924 62981/CWE121_Stack_Based_Buffer_Overflow__CWE135_61.c cppfunc 78 data = (void *)WIDE_STRING; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE135_61b_goodB2GSource(data); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 2925 153119/bufmgr.c cppfunc 134 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2926 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c cppfunc 105 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 2927 153119/bufmgr.c cppfunc 137 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2928 72096/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_17.c cppfunc 68 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 2929 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c cppfunc 102 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 2930 70882/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_03.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2931 73268/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_73.cpp cppfunc 157 list dataList; data = NULL; data = (double *)malloc(sizeof(*data)); *data = 1.7E300; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) double * data = dataList.back(); printDoubleLine(*data); free(data); 0 --------------------------------- 2932 72756/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_05.c cppfunc 100 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 2933 72161/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_61.c cppfunc 39 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 2934 110824/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_54.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2935 71006/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52.c cppfunc 183 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52c_badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2936 62713/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_06.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2937 66340/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_13.c cppfunc 86 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2938 153751/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2939 72853/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_06.c cppfunc 97 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 2940 70676/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_64.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2941 66601/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_61.c cppfunc 137 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 2942 153500/dirent_uri.c cppfunc 102 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2943 153500/dirent_uri.c cppfunc 100 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2944 67572/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_05.cpp cppfunc 46 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2945 153800/avdevice.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2946 153800/avdevice.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2947 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c inputfunc 91 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 2948 79455/CWE134_Uncontrolled_Format_String__char_console_printf_32.c inputfunc 42 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; *dataPtr1 = data; 0 --------------------------------- 2949 67578/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_11.cpp cppfunc 151 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2950 71463/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_08.c cppfunc 91 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 2951 153055/config_file.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2952 66577/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_10.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2953 153282/file_wrappers.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2954 153282/file_wrappers.c cppfunc 117 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2955 67726/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_15.cpp inputfunc 221 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 2956 153262/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2957 153262/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2958 153262/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2959 70534/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66.c cppfunc 86 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2960 73078/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_66.c cppfunc 142 data[50-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 2961 70903/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_34.c cppfunc 76 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_34_unionType myUnion; char * data = myUnion.unionSecond; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 2962 153005/ffmpeg.c cppfunc 2012 static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); if (!strncmp((ost -> forced_keyframes),"expr:",5)) { parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) int n = 1; int64_t *pts; size = n; pts = (av_malloc(sizeof(( *pts)) * size)); p = kf; char *next = strchr(p,','); *(next++) = 0; if (!memcmp(p,"chapters",8)) { if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); AVChapter *c = avf -> chapters[j]; pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost = output_streams[i]; ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; ist = get_input_stream(ost); if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ist = get_input_stream(ost); ost -> enc = avcodec_find_encoder(codec -> codec_id); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; ist = get_input_stream(ost); codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); ist = get_input_stream(ost); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); ist = get_input_stream(ost); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) p = kf; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); 0 --------------------------------- 2963 72418/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_03.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2964 199234/buffer_overrun_dynamic.c cppfunc 232 int *buf=(int*) calloc(5,sizeof(int)); int index = 4; *(buf+index)=9; free(buf); 0 --------------------------------- 2965 153424/dynahash.c cppfunc 250 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2966 66598/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_52.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2967 1300/util-ok.c cppfunc 169 register char *gecos; char *buf; register char *bp = buf; gecos++; for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++) *bp = toupper(*bp); bp += strlen(bp); *bp++ = *p; printf ("sizeof(bp) = %d\n", sizeof(bp)); printf ("bp-buf=%d\n", (bp-buf)); printf ("SPACELEFT(buf,bp)=%d\n", SPACELEFT(buf,bp)); snprintf(bp, SPACELEFT(buf, bp), "%s", login); *bp = toupper(*bp); 0 --------------------------------- 2968 66660/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_81a.cpp cppfunc 48 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2969 153074/utils.c cppfunc 4285 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { *port_ptr = atoi(brk + 2); 0 --------------------------------- 2970 153132/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2971 153132/color.c cppfunc 120 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2972 148916/strutil.c cppfunc 913 escape_string_len(const char *string) for (p = string; (c = *p) != '\0'; p++) { else if (!isprint((unsigned char)c)) { 0 --------------------------------- 2973 72210/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_62.cpp cppfunc 70 data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 2974 67735/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_34.cpp cppfunc 240 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 2975 71643/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_74.cpp cppfunc 142 void badSink(map dataMap) int64_t * data = dataMap[2]; memmove(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 2976 153774/eng_table.c cppfunc 121 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 2977 152983/dynahash.c cppfunc 263 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2978 66568/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_01.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2979 62581/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_18.c cppfunc 85 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 2980 153512/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 2981 153512/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 2982 153671/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 2983 153392/color.c cppfunc 599 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int pomarium_narrows = 91; char *unimaged_urostege; stonesoup_read_taint(&unimaged_urostege,"6209",pomarium_narrows); free(((char *)unimaged_urostege)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&unimaged_urostege,"6209",pomarium_narrows); free(((char *)unimaged_urostege)); 0 --------------------------------- 2984 153209/avdevice.c cppfunc 69 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 2985 66624/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_09.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 2986 153219/color.c cppfunc 583 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 2987 69926/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_07.cpp cppfunc 99 data = new wchar_t[100]; data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 2988 72080/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_01.c cppfunc 60 data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 2989 66582/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_15.c cppfunc 90 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 2990 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c cppfunc 89 char * *dataPtr2 = &data; char * data = *dataPtr2; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 2991 72203/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_44.c cppfunc 69 static void goodG2BSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 2992 72397/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_51.c cppfunc 139 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_51b_goodG2BSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 2993 153517/color.c cppfunc 353 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 2994 153517/color.c cppfunc 351 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 2995 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c cppfunc 359 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 2996 72977/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_61.c cppfunc 61 data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_61b_goodG2BSource(data); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 2997 153421/color.c cppfunc 118 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 2998 153422/color.c cppfunc 352 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 2999 71409/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_02.c cppfunc 73 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 3000 152944/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3001 72402/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_62.cpp cppfunc 62 data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 3002 199236/buffer_underrun_dynamic.c cppfunc 177 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); int *buf3=(int*)calloc(5,sizeof(int)); free(buf3); 0 --------------------------------- 3003 199236/buffer_underrun_dynamic.c cppfunc 176 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); free(buf2); 0 --------------------------------- 3004 199236/buffer_underrun_dynamic.c cppfunc 179 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); int *buf3=(int*)calloc(5,sizeof(int)); int *buf4=(int*)calloc(5,sizeof(int)); int *buf5=(int*)calloc(5,sizeof(int)); free(buf5); 0 --------------------------------- 3005 199236/buffer_underrun_dynamic.c cppfunc 178 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); int *buf3=(int*)calloc(5,sizeof(int)); int *buf4=(int*)calloc(5,sizeof(int)); free(buf4); 0 --------------------------------- 3006 72792/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68.c cppfunc 159 data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68b_goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68_goodG2BData; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 3007 62975/CWE121_Stack_Based_Buffer_Overflow__CWE135_44.c cppfunc 84 static void goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 3008 62975/CWE121_Stack_Based_Buffer_Overflow__CWE135_44.c cppfunc 87 static void goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3009 110537/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_61.c cppfunc 204 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3010 67340/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_64.c cppfunc 50 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3011 153786/dynahash.c inputfunc 771 premiating_curacoas = getenv("ANTISURPLICIAN_MARSHALATE"); if (premiating_curacoas != 0) {; icarus_anguishes[5] = premiating_curacoas; mimbres_widu = *(icarus_anguishes + astrobiologists_dampest[1]); manganocalcite_polysorbate(mimbres_widu); void manganocalcite_polysorbate(char *lamaite_elaeagnaceous); 0 --------------------------------- 3012 71211/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_74.cpp cppfunc 157 void badSink(map dataMap) wchar_t * data = dataMap[2]; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 3013 153398/timestamp.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3014 153398/timestamp.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3015 153398/timestamp.c cppfunc 62 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3016 73620/CWE124_Buffer_Underwrite__CWE839_fgets_33.cpp cppfunc 121 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3017 66635/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22.c cppfunc 197 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22_goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 3018 70529/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_61.c cppfunc 96 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3019 152921/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3020 72137/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_10.c cppfunc 73 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 3021 72987/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_74.cpp cppfunc 150 void badSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3022 70769/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_61.c cppfunc 62 data = (char *)malloc((10+1)*sizeof(char)); return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_61b_goodG2BSource(data); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 3023 66593/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_42.c cppfunc 53 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 3024 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 3025 65402/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_11.c cppfunc 93 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 3026 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c cppfunc 36 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 3027 153283/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3028 153769/utils.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3029 72300/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_45.c cppfunc 64 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_45_goodG2BData; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3030 153245/e_bf.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3031 153074/utils.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3032 148923/strutil.c cppfunc 390 hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; q = p+1; r = p+2; s = p+3; && isxdigit(*p) && isxdigit(*q) && isxdigit(*r) && isxdigit(*s)) { punct = s + 1; if (is_byte_sep(*punct)) { p = punct; r = p+2; s = p+3; && isxdigit(*p) && isxdigit(*q) && isxdigit(*r) && isxdigit(*s)) { else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q + 1; s = p+3; isxdigit(*r) && isxdigit(*s)) { p = q; r = p+2; s = p+3; isxdigit(*r) && isxdigit(*s)) { else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; p = punct; p = q; s = p+3; isxdigit(*r) && isxdigit(*s)) { is_byte_sep(guint8 c) if (is_byte_sep(*punct)) { p = punct; r = p+2; s = p+3; isxdigit(*r) && isxdigit(*s)) { if (is_byte_sep(*punct)) { p = punct; r = p+2; s = p+3; isxdigit(*r) && isxdigit(*s)) { else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; r = p+2; s = p+3; isxdigit(*r) && isxdigit(*s)) { 0 --------------------------------- 3033 79422/CWE134_Uncontrolled_Format_String__char_console_fprintf_64.c inputfunc 94 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_64b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_64b_goodB2GSink(void * dataVoidPtr) CWE134_Uncontrolled_Format_String__char_console_fprintf_64b_goodB2GSink(&data); char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); fprintf(stdout, "%s\n", data); 0 --------------------------------- 3034 153093/main_filter_toolbar.c cppfunc 112 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3035 153484/stream.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3036 153484/stream.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3037 67604/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_64.cpp cppfunc 83 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3038 69930/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_11.cpp cppfunc 94 data = new wchar_t[100]; data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 3039 69204/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_05.cpp cppfunc 102 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 3040 71114/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_73.cpp cppfunc 157 void badSink(list dataList) wchar_t * data = dataList.back(); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 3041 70740/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_05.c cppfunc 77 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 3042 72726/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_33.cpp cppfunc 68 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 3043 153732/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3044 153732/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3045 153732/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3046 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c cppfunc 147 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 3047 67386/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_62.cpp cppfunc 59 wchar_t dest[50] = L""; data[50-1] = L'\0'; wcscat(dest, data); 0 --------------------------------- 3048 66579/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_12.c cppfunc 69 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3049 66579/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_12.c cppfunc 63 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3050 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c cppfunc 53 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 3051 110813/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_32.cpp cppfunc 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3052 63804/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_13.c cppfunc 75 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 3053 67510/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_09.c cppfunc 38 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_09_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_09_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 3054 110534/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_52.c cppfunc 303 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_52c_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3055 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c inputfunc 42 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_54b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54b_badSink(char * data); 0 --------------------------------- 3056 153696/config.c cppfunc 83 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3057 153126/color.c cppfunc 368 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3058 153427/utils.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3059 70534/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66.c cppfunc 218 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3060 153427/utils.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3061 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c cppfunc 261 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_52c_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3062 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c cppfunc 264 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 3063 71787/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_74.cpp cppfunc 159 data = (int *)malloc(100*sizeof(int)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int * data = dataMap[2]; memmove(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 3064 62976/CWE121_Stack_Based_Buffer_Overflow__CWE135_45.c cppfunc 89 data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_45_goodB2GData = data; goodB2GSink(); void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_45_goodB2GData; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 3065 67515/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_14.c cppfunc 38 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_14_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_14_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 3066 72406/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_66.c cppfunc 144 data[50-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 3067 73002/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_11.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 3068 153259/emem.c cppfunc 197 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3069 70509/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_14.c cppfunc 228 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3070 153633/bufmgr.c cppfunc 110 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3071 73308/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_62.cpp cppfunc 53 data = NULL; goodG2BSource(data); printLongLongLine(*data); void goodG2BSource(int64_t * &data) data = (int64_t *)malloc(sizeof(*data)); *data = 2147483643LL; free(data); 0 --------------------------------- 3072 153562/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3073 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c cppfunc 324 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67b_badSink(CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType myStruct) char * data = myStruct.structFirst; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3074 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c cppfunc 327 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 3075 153562/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3076 153524/color.c cppfunc 598 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *mos_gemelled) free(((char *)mos_gemelled)); 0 --------------------------------- 3077 66277/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_82a.cpp cppfunc 49 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3078 73072/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54.c cppfunc 284 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54e_goodG2BSink(char * data) strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 3079 72890/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_73.cpp cppfunc 150 void badSink(list dataList) char * data = dataList.back(); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 3080 153367/dirent_uri.c inputfunc 137 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&stratochamber_titmall,"GAVIIFORMES_PATIENCE"); if (stratochamber_titmall != 0) {; 0 --------------------------------- 3081 153367/dirent_uri.c cppfunc 134 stonesoup_read_taint(&stratochamber_titmall,"GAVIIFORMES_PATIENCE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 3082 72975/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53.c cppfunc 239 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53d_goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3083 153812/oids.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3084 153524/color.c cppfunc 337 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3085 71882/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_73.cpp cppfunc 177 list dataList; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) twoIntsStruct * data = dataList.back(); memcpy(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 3086 153301/e_camellia.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3087 70458/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_11.c cppfunc 330 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3088 153169/e_bf.c cppfunc 121 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3089 199236/buffer_underrun_dynamic.c cppfunc 779 dynamic_buffer_underrun_s_008* ptr_s1=malloc(15*sizeof(dynamic_buffer_underrun_s_008)); memset(ptr_s1,1,15*sizeof(dynamic_buffer_underrun_s_008)); memcpy(ptr_s2,ptr_s1,15*sizeof(dynamic_buffer_underrun_s_008)); free(ptr_s1); 0 --------------------------------- 3090 153106/config.c cppfunc 124 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 3091 70915/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_63.c cppfunc 128 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_63b_badSink(char * * dataPtr) char * data = *dataPtr; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3092 153011/eng_table.c cppfunc 107 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3093 79522/CWE134_Uncontrolled_Format_String__char_console_snprintf_68.c inputfunc 106 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_68_goodB2GData = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_68b_goodB2GSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_snprintf_68_goodB2GData; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 3094 70906/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_43.cpp cppfunc 74 data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3095 72838/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_66.c cppfunc 146 data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 3096 66247/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_16.c cppfunc 57 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 3097 72953/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_10.c cppfunc 93 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3098 1292/sig-ok.c cppfunc 223 newstr(size_t len, int needpanic) { assert(len <= 65536); buf = (u_char *)malloc(2 + len + 1); 0 --------------------------------- 3099 70642/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_03.c cppfunc 416 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3100 149078/scpy2-good.c inputfunc 46 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) >= MAXSIZE) strcpy(buf, str); printf("result: %s\n", buf); 0 --------------------------------- 3101 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c cppfunc 312 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 3102 70414/CWE122_Heap_Based_Buffer_Overflow__CWE135_15.c cppfunc 217 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 3103 153758/stream.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3104 153112/utils.c cppfunc 64 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3105 72369/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_02.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 3106 153129/color.c cppfunc 359 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3107 67514/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_13.c cppfunc 85 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 3108 66291/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_12.c cppfunc 63 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3109 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c cppfunc 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 3110 70940/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_13.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 3111 153638/oids.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3112 153013/file_wrappers.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3113 70649/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_10.c cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3114 153013/file_wrappers.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3115 153280/hashfn.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3116 153215/pgstat.c inputfunc 474 if (recv(pgStatSock,(&test_byte),1,0) != 1) { test_byte++; if (test_byte != ((char )199)) { 0 --------------------------------- 3117 152970/color.c cppfunc 161 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 3118 153657/pgstat.c cppfunc 3701 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; struct splintery_urination paludous_oversetting; char *lamping_goban;; stonesoup_read_taint(&lamping_goban,"SOODLE_ORTHOCEPHALY"); paludous_oversetting . lludd_mensis = ((char *)lamping_goban); clitia_outgroups[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *phototelescope_lyncid)))))))))))))))))))))))))))))))))))))))))))))))))] = paludous_oversetting; burled_blepharydatis = clitia_outgroups[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *phototelescope_lyncid)))))))))))))))))))))))))))))))))))))))))))))))))]; free(((char *)burled_blepharydatis . lludd_mensis)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&lamping_goban,"SOODLE_ORTHOCEPHALY"); paludous_oversetting . lludd_mensis = ((char *)lamping_goban); burled_blepharydatis = clitia_outgroups[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *phototelescope_lyncid)))))))))))))))))))))))))))))))))))))))))))))))))]; free(((char *)burled_blepharydatis . lludd_mensis)); 0 --------------------------------- 3119 110511/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_08.c cppfunc 180 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3120 1297/crackaddr-bad.c cppfunc 415 register char *addr; p = addrhead = addr; while ((c = *p++) != '<') while ((c = *p++) != '\0') if ((c = *p++) == '\0') p--; p++; p++; p++; while ((c = *p++) != ':') *bp++ = *p++; while (isascii((int)*--p) && isspace((int)*p)) 0 --------------------------------- 3121 70995/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22.c cppfunc 88 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_goodG2B2Source(wchar_t * data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_goodG2B2Source(data); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3122 153272/color.c cppfunc 359 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3123 153109/color.c cppfunc 120 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3124 153109/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3125 110545/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_72.cpp cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3126 153264/types.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3127 70508/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_13.c cppfunc 93 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3128 153144/avpacket.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3129 153417/resowner.c cppfunc 162 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 3130 153144/avpacket.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3131 110800/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_09.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3132 153159/timestamp.c cppfunc 81 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3133 153015/cryptlib.c cppfunc 819 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); minorage_roger = ((int )(strlen(salep_retransmited))); glutinose_mesolgion = ((char *)(malloc(minorage_roger + 1))); memset(glutinose_mesolgion,0,minorage_roger + 1); memcpy(glutinose_mesolgion,salep_retransmited,minorage_roger); worldman_taxables = &glutinose_mesolgion; free(((char *)( *worldman_taxables))); void stonesoup_handle_taint(char *salep_retransmited) minorage_roger = ((int )(strlen(salep_retransmited))); memcpy(glutinose_mesolgion,salep_retransmited,minorage_roger); worldman_taxables = &glutinose_mesolgion; free(((char *)( *worldman_taxables))); 0 --------------------------------- 3134 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c cppfunc 178 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); char * dataCopy = data; char * data = dataCopy; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3135 70516/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_31.c cppfunc 35 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3136 70673/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_61.c cppfunc 353 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3137 71739/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_74.cpp cppfunc 142 void badSink(map dataMap) int * data = dataMap[2]; memcpy(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 3138 153523/avdevice.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3139 67406/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_07.c cppfunc 66 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3140 153523/avdevice.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3141 66300/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_31.c cppfunc 55 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3142 70659/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22.c cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3143 153598/tile-manager.c cppfunc 946 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 3144 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 3145 62987/CWE121_Stack_Based_Buffer_Overflow__CWE135_67.c cppfunc 169 void CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 3146 152918/color.c cppfunc 610 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *nondefeat_elevatingly; stonesoup_read_taint(&nondefeat_elevatingly,"KELLINA_PENURIOUSLY"); free(((char *)nondefeat_elevatingly)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&nondefeat_elevatingly,"KELLINA_PENURIOUSLY"); free(((char *)nondefeat_elevatingly)); 0 --------------------------------- 3147 67580/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_13.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3148 67427/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_44.c cppfunc 69 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3149 153373/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 3150 152940/cmdutils.c cppfunc 957 int opt_max_alloc(void *optctx,const char *opt,const char *arg) char *tail; max = (strtol(arg,&tail,'\n')); 0 --------------------------------- 3151 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c cppfunc 339 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 3152 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c cppfunc 336 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3153 148828/Element.cpp cppfunc 703 unsigned i = 0; i++; namedAttrMap->m_attributes.remove(i); 0 --------------------------------- 3154 71411/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_04.c cppfunc 103 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 3155 153827/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3156 66300/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_31.c cppfunc 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3157 153699/cmdline.c cppfunc 160 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *darlingtonia_jordans; stonesoup_read_taint(&darlingtonia_jordans,"OFFLOADED_DUMBFOUNDED"); vouchees_enterotoxemia . toponymical_belime = ((char *)darlingtonia_jordans); thissen_preinflict(vouchees_enterotoxemia); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&darlingtonia_jordans,"OFFLOADED_DUMBFOUNDED"); vouchees_enterotoxemia . toponymical_belime = ((char *)darlingtonia_jordans); thissen_preinflict(vouchees_enterotoxemia); void thissen_preinflict(const struct tricentenary_diaspidinae muckibus_tobruk) hearten_photomagnetism = ((char *)((struct tricentenary_diaspidinae )muckibus_tobruk) . toponymical_belime); stonesoup_buffer = malloc((strlen(hearten_photomagnetism) + 1) * sizeof(char )); strcpy(stonesoup_buffer,hearten_photomagnetism); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 3158 153607/color.c cppfunc 365 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3159 73064/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_41.c cppfunc 55 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_41_goodG2BSink(char * data) strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 3160 72140/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_13.c cppfunc 41 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 3161 70665/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_42.c cppfunc 229 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3162 73317/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_74.cpp cppfunc 157 data = NULL; data = (int64_t *)malloc(sizeof(*data)); *data = 2147483643LL; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int64_t * data = dataMap[2]; printLongLongLine(*data); free(data); 0 --------------------------------- 3163 72741/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_65.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_65b_badSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 3164 72333/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_14.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3165 153732/color.c cppfunc 604 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *homogenetic_misforms; stonesoup_read_taint(&homogenetic_misforms,"ABBE_STAMFORD"); free(((char *)homogenetic_misforms)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&homogenetic_misforms,"ABBE_STAMFORD"); free(((char *)homogenetic_misforms)); 0 --------------------------------- 3166 153430/string.c cppfunc 609 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; int decompound_pansified = 53; char *corruptive_eequinoctium; stonesoup_read_taint(&corruptive_eequinoctium,"7626",decompound_pansified); crostarie_cystoptosis = ((int )(strlen(corruptive_eequinoctium))); greetings_cryophile = ((char *)(malloc(crostarie_cystoptosis + 1))); memset(greetings_cryophile,0,crostarie_cystoptosis + 1); memcpy(greetings_cryophile,corruptive_eequinoctium,crostarie_cystoptosis); stokavski_nonrecognized = &greetings_cryophile; zebulun_stichidium = stokavski_nonrecognized + 5; free(((char *)( *(zebulun_stichidium - 5)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&corruptive_eequinoctium,"7626",decompound_pansified); crostarie_cystoptosis = ((int )(strlen(corruptive_eequinoctium))); memcpy(greetings_cryophile,corruptive_eequinoctium,crostarie_cystoptosis); stokavski_nonrecognized = &greetings_cryophile; zebulun_stichidium = stokavski_nonrecognized + 5; free(((char *)( *(zebulun_stichidium - 5)))); 0 --------------------------------- 3167 153009/utils.c cppfunc 4290 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; const char *col; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { if ((col = (strchr(p,':'))) && col < ls) { *port_ptr = atoi(col + 1); 0 --------------------------------- 3168 66311/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3169 67328/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_41.c cppfunc 65 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3170 70681/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_72.cpp cppfunc 401 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3171 199235/buffer_underrun_dynamic.c cppfunc 653 char* destbuf=(char*) malloc(10*sizeof(char)); strncpy(&destbuf[loc],&srcbuf[loc],1); free(destbuf); 0 --------------------------------- 3172 153102/cryptlib.c cppfunc 166 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3173 152935/config_file.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3174 70997/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_32.c cppfunc 76 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3175 153815/stream.c cppfunc 126 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3176 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c cppfunc 336 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53c_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_53d_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53d_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3177 153342/stream.c cppfunc 74 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3178 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c cppfunc 339 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 3179 63794/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_03.c cppfunc 97 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 3180 152888/mem_dbg.c cppfunc 225 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3181 153707/cryptlib.c cppfunc 810 void stonesoup_handle_taint(char *playthings_unrelaxable) asbestine_kirver = playthings_unrelaxable; primsie_testify = &asbestine_kirver; BURROCK_VRILLING(primsie_testify); void hadder_haleigh(waterage_marksville *evangelised_barres) free(((char *)( *evangelised_barres))); 0 --------------------------------- 3182 110682/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_62.cpp cppfunc 150 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3183 153775/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3184 70644/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_05.c cppfunc 422 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3185 70652/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_13.c cppfunc 262 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3186 62585/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_32.c inputfunc 128 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); *dataPtr1 = data; 0 --------------------------------- 3187 110506/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_03.c cppfunc 166 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3188 153769/utils.c cppfunc 4336 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; const char *col; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { if ((col = (strchr(p,':'))) && col < ls) { *port_ptr = atoi(col + 1); 0 --------------------------------- 3189 152940/cmdutils.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3190 153423/error.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3191 153423/error.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3192 73028/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_64.c cppfunc 142 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 3193 153335/emem.c cppfunc 169 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3194 152970/color.c cppfunc 366 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 3195 152970/color.c cppfunc 368 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3196 73703/CWE124_Buffer_Underwrite__CWE839_listen_socket_10.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3197 152898/color.c cppfunc 359 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3198 72293/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_32.c cppfunc 75 char * *dataPtr2 = &data; char * data = *dataPtr2; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3199 69891/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_22.cpp cppfunc 90 data = new wchar_t[100]; data = goodG2B2Source(data); wchar_t * goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B2Source(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 3200 62984/CWE121_Stack_Based_Buffer_Overflow__CWE135_64.c cppfunc 138 void CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_badSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 3201 72738/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_62.cpp cppfunc 146 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 3202 63642/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_11.c cppfunc 73 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 3203 153003/cmdutils.c cppfunc 1874 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *herdsman_bloodmobiles; stonesoup_read_taint(&herdsman_bloodmobiles,"SWACKING_STUBBINESS"); undermelodies_anno[5] = herdsman_bloodmobiles; softnesses_quaddle = 5; boondogglers_morea = &softnesses_quaddle; endurance_promemorial = *(undermelodies_anno + *boondogglers_morea); free(((char *)endurance_promemorial)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&herdsman_bloodmobiles,"SWACKING_STUBBINESS"); undermelodies_anno[5] = herdsman_bloodmobiles; endurance_promemorial = *(undermelodies_anno + *boondogglers_morea); free(((char *)endurance_promemorial)); 0 --------------------------------- 3204 153292/config.c cppfunc 142 int nonresolvabness_damn = 131; stonesoup_read_taint(&middorsal_hateable,"8925",nonresolvabness_damn); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 3205 153472/bss_file.c cppfunc 112 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3206 153472/bss_file.c cppfunc 114 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3207 153022/cmdutils.c cppfunc 867 time_t now; time(&now); tm = localtime((&now)); 0 --------------------------------- 3208 79424/CWE134_Uncontrolled_Format_String__char_console_fprintf_66.c inputfunc 42 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_66b_badSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_fprintf_66b_badSink(char * dataArray[]); 0 --------------------------------- 3209 153550/stream.c cppfunc 130 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 3210 67310/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_07.c cppfunc 86 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3211 153309/mux.c cppfunc 128 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 3212 72946/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_03.c cppfunc 71 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3213 153212/utils.c cppfunc 65 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3214 153212/utils.c cppfunc 67 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3215 70853/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_32.c cppfunc 78 char * *dataPtr2 = &data; char * data = *dataPtr2; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3216 71410/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_03.c cppfunc 73 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 3217 110651/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_04.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3218 72459/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_74.cpp cppfunc 149 void badSink(map dataMap) char * data = dataMap[2]; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 3219 152964/color.c cppfunc 344 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3220 62718/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_11.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3221 152964/color.c cppfunc 342 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 3222 67609/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_72.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3223 70965/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_65.c cppfunc 148 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_65b_goodG2BSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 3224 153022/cmdutils.c cppfunc 135 int quaters_exostema = 91; stonesoup_read_taint(&okinawan_josephson,"4393",quaters_exostema); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 3225 71012/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_64.c cppfunc 150 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3226 70400/CWE122_Heap_Based_Buffer_Overflow__CWE135_01.c cppfunc 89 wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3227 62737/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_51.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3228 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c cppfunc 58 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3229 153364/cmdutils.c cppfunc 83 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3230 153364/cmdutils.c cppfunc 81 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(pegless_endicott)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3231 152869/conversation.c cppfunc 1275 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *affects_acas; stonesoup_read_taint(&affects_acas,"CRUCIS_REASSEMBLING"); canon_theodora[5] = affects_acas; denationalised_ricoriki = 5; conspicuousness_microciona = &denationalised_ricoriki; bilabiate_unregressive = *(canon_theodora + *conspicuousness_microciona); cancerin_stanhopes(misdiagnosis_postallantoic,bilabiate_unregressive); cancerin_stanhopes(egghead_unplated,smoucher_nonvisionary); void cancerin_stanhopes(int egghead_unplated,char *smoucher_nonvisionary) free(((char *)smoucher_nonvisionary)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&affects_acas,"CRUCIS_REASSEMBLING"); canon_theodora[5] = affects_acas; bilabiate_unregressive = *(canon_theodora + *conspicuousness_microciona); cancerin_stanhopes(misdiagnosis_postallantoic,bilabiate_unregressive); 0 --------------------------------- 3232 153314/color.c cppfunc 613 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *preoperating_dudevant) free(((char *)preoperating_dudevant)); 0 --------------------------------- 3233 153733/column.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3234 153733/column.c cppfunc 71 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3235 153733/column.c cppfunc 75 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3236 70657/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_18.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3237 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c cppfunc 233 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 3238 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c cppfunc 230 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 3239 153592/main_filter_toolbar.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3240 1304/mime2-ok.c cppfunc 184 c4 = fgetc(e->e_dfp); while ((c1 = fgetc(e->e_dfp)) != EOF) c2 = fgetc(e->e_dfp); c3 = fgetc(e->e_dfp); } while (isascii(c3) && isspace(c3)); 0 --------------------------------- 3241 1304/mime2-ok.c inputfunc 183 c3 = fgetc(e->e_dfp); c4 = fgetc(e->e_dfp); while ((c1 = fgetc(e->e_dfp)) != EOF) c2 = fgetc(e->e_dfp); } while (isascii(c2) && isspace(c2)); if (c2 == EOF) if (c1 == '=' || c2 == '=') c2 = CHAR64(c2); 0 --------------------------------- 3242 67724/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_13.cpp inputfunc 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 3243 66644/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_45.c cppfunc 77 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3244 153300/config_file.c cppfunc 880 void stonesoup_handle_taint(char *chrismatize_ria) quadrilling_stomachic = ((int )(strlen(chrismatize_ria))); memcpy(hairless_widukind,chrismatize_ria,quadrilling_stomachic); free(((char *)chrismatize_ria)); 0 --------------------------------- 3245 70512/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_17.c cppfunc 127 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3246 153395/color.c cppfunc 393 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3247 153593/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3248 153443/aviobuf.c cppfunc 1041 jmp_buf tapinocephalic_nondegreased; guarache_balloonery = setjmp(tapinocephalic_nondegreased); longjmp(tapinocephalic_nondegreased,1); 0 --------------------------------- 3249 66521/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_02.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3250 153184/cryptlib.c cppfunc 190 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3251 153184/cryptlib.c cppfunc 192 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3252 72093/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_14.c cppfunc 71 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 3253 70650/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_11.c cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3254 70506/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_11.c cppfunc 149 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3255 153775/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3256 67719/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_08.cpp cppfunc 96 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3257 153137/emem.c cppfunc 179 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3258 152986/bio_err.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3259 153137/emem.c cppfunc 170 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3260 152986/bio_err.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3261 72378/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_11.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 3262 79519/CWE134_Uncontrolled_Format_String__char_console_snprintf_65.c inputfunc 105 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 3263 66627/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_12.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3264 62568/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_05.c cppfunc 43 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3265 67412/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_13.c cppfunc 60 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3266 70451/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_04.c cppfunc 336 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3267 153773/color.c cppfunc 331 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3268 153267/stream.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3269 153267/stream.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3270 110510/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_07.c cppfunc 172 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3271 73170/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_62.cpp cppfunc 144 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 3272 153751/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3273 67405/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_06.c cppfunc 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3274 71417/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_10.c cppfunc 41 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 3275 153382/mux.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3276 110492/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_64.c cppfunc 150 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_64b_goodG2BSink(&data); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_64b_goodG2BSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3277 153331/emem.c cppfunc 2030 void stonesoup_handle_taint(char *baronetise_tudesque) xylinid_cornific . batzen_montanist = baronetise_tudesque; BACHELORLY_BRONGNIARDITE(xylinid_cornific); void stomachful_supernotable(union yuri_quedful scat_quotieties) free(((char *)scat_quotieties . batzen_montanist)); 0 --------------------------------- 3278 152931/tile.c cppfunc 74 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 3279 153498/mem_dbg.c cppfunc 215 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3280 110530/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_43.cpp cppfunc 77 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3281 67749/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_65.cpp cppfunc 187 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3282 148923/strutil.c cppfunc 837 convert_string_to_hex(const char *string, size_t *nbytes) p = &string[0]; c = *p++; if (isspace(c)) if (isdigit(c)) 0 --------------------------------- 3283 79478/CWE134_Uncontrolled_Format_String__char_console_printf_81a.cpp inputfunc 38 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject.action(data); virtual void action(char * data) const = 0; 0 --------------------------------- 3284 153830/main_statusbar.c cppfunc 661 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; struct underseated_headhunting phascolarctos_proemial; char *pectinous_bloodthirsting;; stonesoup_read_taint(&pectinous_bloodthirsting,"IDEATIONAL_OCULISTS"); phascolarctos_proemial . latinian_pattersonville = ((char *)pectinous_bloodthirsting); desuete_blowfishes[5] = phascolarctos_proemial; typika_fixtures[1] = 5; endeavorer_actuarian = *(desuete_blowfishes + typika_fixtures[1]); free(((char *)endeavorer_actuarian . latinian_pattersonville)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&pectinous_bloodthirsting,"IDEATIONAL_OCULISTS"); phascolarctos_proemial . latinian_pattersonville = ((char *)pectinous_bloodthirsting); endeavorer_actuarian = *(desuete_blowfishes + typika_fixtures[1]); free(((char *)endeavorer_actuarian . latinian_pattersonville)); 0 --------------------------------- 3285 71202/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_62.cpp cppfunc 67 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 3286 153260/bio_err.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3287 72819/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22.c cppfunc 89 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_goodG2B2Source(char * data) data[0] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_goodG2B2Source(data); strcat(data, source); printLine(data); free(data); 0 --------------------------------- 3288 152976/column-utils.c cppfunc 92 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3289 73543/CWE123_Write_What_Where_Condition__listen_socket_72.cpp cppfunc 101 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3290 71415/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_08.c cppfunc 110 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 3291 110373/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_14.c cppfunc 90 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3292 73315/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_72.cpp cppfunc 144 void badSink(vector dataVector) int64_t * data = dataVector[2]; printLongLongLine(*data); free(data); 0 --------------------------------- 3293 66525/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_06.c cppfunc 86 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3294 153351/oids.c cppfunc 980 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *sphenomaxillary_stereoscopy; stonesoup_read_taint(&sphenomaxillary_stereoscopy,"MOFW_BRAMLEY"); pachysandra_depolarising = ((int )(strlen(sphenomaxillary_stereoscopy))); memcpy(orthograde_unstack,sphenomaxillary_stereoscopy,pachysandra_depolarising); free(((char *)sphenomaxillary_stereoscopy)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&sphenomaxillary_stereoscopy,"MOFW_BRAMLEY"); pachysandra_depolarising = ((int )(strlen(sphenomaxillary_stereoscopy))); memcpy(orthograde_unstack,sphenomaxillary_stereoscopy,pachysandra_depolarising); free(((char *)sphenomaxillary_stereoscopy)); 0 --------------------------------- 3295 153351/oids.c cppfunc 985 jmp_buf picknick_ulcer; bluelegs_chondric = setjmp(picknick_ulcer); longjmp(picknick_ulcer,1); 0 --------------------------------- 3296 66565/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_82a.cpp cppfunc 49 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3297 70510/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_15.c cppfunc 261 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3298 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c cppfunc 343 char * data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68_goodG2BData; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3299 153748/color.c cppfunc 348 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3300 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c cppfunc 346 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 3301 153748/color.c cppfunc 346 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 3302 148881/diam_dict.c inputfunc 3019 read = fread(buf,1,max,DiamDictin); if ( read == max ) { return max; 0 --------------------------------- 3303 153502/conf_mod.c cppfunc 164 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(billye_scandaliser)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3304 153502/conf_mod.c cppfunc 166 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3305 70675/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_63.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3306 72995/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_04.c cppfunc 74 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 3307 66534/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_15.c cppfunc 67 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3308 72716/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_13.c cppfunc 69 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 3309 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c inputfunc 108 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1Sink(data); static void goodB2G1Sink(char * data) printf("%s\n", data); 0 --------------------------------- 3310 153769/utils.c cppfunc 4816 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) switch(( *(spec++))){ if (( *(spec++)) == ':') { int index = (strtol(spec,((void *)0),0)); 0 --------------------------------- 3311 70767/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53.c cppfunc 237 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53d_badSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 3312 73738/CWE124_Buffer_Underwrite__CWE839_listen_socket_81a.cpp cppfunc 178 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3313 153298/stream.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3314 153298/stream.c cppfunc 94 size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3315 67755/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_74.cpp inputfunc 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 3316 153662/mem_dbg.c cppfunc 252 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3317 71401/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_72.cpp cppfunc 169 vector dataVector; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 3318 153822/config_file.c inputfunc 148 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&unsurprising_inconnection,"SINNAMAHONING_CONSULTORY"); if (unsurprising_inconnection != 0) {; counterfire_incorresponding . adenine_fuellers = ((char *)unsurprising_inconnection); underpraise_raft = &counterfire_incorresponding; struthiform_sups = &underpraise_raft; 0 --------------------------------- 3319 153601/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3320 153601/color.c cppfunc 120 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3321 71307/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_74.cpp cppfunc 151 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 3322 153185/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3323 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c cppfunc 31 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 3324 67491/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_08.c cppfunc 89 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 3325 62583/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22.c cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3326 152971/utils.c cppfunc 4834 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; spec += 2; prog_id = (strtol(spec,&endptr,0)); 0 --------------------------------- 3327 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 3328 153408/heapam.c cppfunc 130 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3329 62728/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_31.c cppfunc 216 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3330 66419/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_74.cpp cppfunc 170 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; dataLen = wcslen(data); 0 --------------------------------- 3331 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c cppfunc 144 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 3332 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c cppfunc 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 3333 72650/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_73.cpp cppfunc 167 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memmove(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 3334 72649/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_72.cpp cppfunc 149 void badSink(vector dataVector) wchar_t * data = dataVector[2]; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 3335 153062/main_statusbar.c cppfunc 142 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 3336 72837/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_65.c cppfunc 142 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_65b_goodG2BSink(char * data) strcat(data, source); printLine(data); free(data); 0 --------------------------------- 3337 70465/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_18.c cppfunc 268 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3338 153466/subtrans.c cppfunc 128 int overlightheaded_iridization = 131; stonesoup_read_taint(&monospermal_desc,"4415",overlightheaded_iridization); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 3339 66647/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53.c cppfunc 57 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3340 152943/types.c cppfunc 43 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3341 152943/types.c cppfunc 45 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3342 110487/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53.c cppfunc 217 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53d_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3343 153244/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3344 71381/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_32.c cppfunc 77 char * *dataPtr2 = &data; char * data = *dataPtr2; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 3345 153709/ffmpeg.c cppfunc 167 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3346 153179/config_file.c inputfunc 138 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&eggar_garniture,"BUPRESTIDAN_EAVESING"); if (eggar_garniture != 0) {; padishah_weaner = ((void *)eggar_garniture); excessed_grimmish[ *stultiloquently_gladiatrix] = padishah_weaner; spatterware_preclassify = excessed_grimmish[ *stultiloquently_gladiatrix]; porencephaly_calsouns(spatterware_preclassify); 0 --------------------------------- 3347 70480/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54.c cppfunc 559 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3348 153179/config_file.c cppfunc 135 stonesoup_read_taint(&eggar_garniture,"BUPRESTIDAN_EAVESING"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 3349 199236/buffer_underrun_dynamic.c cppfunc 249 int *buf=(int*) calloc(5,sizeof(int)); int index = 3; *(buf +((-2 * index) + 6)) = 1; free(buf); 0 --------------------------------- 3350 153374/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3351 73708/CWE124_Buffer_Underwrite__CWE839_listen_socket_15.c cppfunc 312 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3352 71181/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_14.c cppfunc 92 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 3353 62976/CWE121_Stack_Based_Buffer_Overflow__CWE135_45.c cppfunc 65 data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_45_goodG2BData = data; goodG2BSink(); void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_45_goodG2BData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 3354 152911/eng_lib.c cppfunc 114 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3355 62976/CWE121_Stack_Based_Buffer_Overflow__CWE135_45.c cppfunc 68 void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_45_goodG2BData; data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_45_goodG2BData = data; goodG2BSink(); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 3356 66260/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_45.c cppfunc 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3357 65194/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_03.c cppfunc 72 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 3358 153040/bufmgr.c cppfunc 134 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3359 153040/bufmgr.c cppfunc 138 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3360 153232/e_bf.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3361 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c inputfunc 107 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 3362 79526/CWE134_Uncontrolled_Format_String__char_console_snprintf_81a.cpp inputfunc 89 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject.action(data); virtual void action(char * data) const = 0; 0 --------------------------------- 3363 72315/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_74.cpp cppfunc 167 data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3364 153043/cmdline.c cppfunc 1091 e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char **tmpfile_left,const char *editor_cmd, const svn_string_t *contents,const char *filename,apr_hash_t *config,svn_boolean_t as_text,const char *encoding,apr_pool_t *pool) const char *editor; const char *tmpfile_native; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); svn_error_t *svn_err__temp = svn_subst_translate_cstring2(contents -> data,&translated,"\n",0,((void *)0),0,pool); translated_contents = svn_string_create_empty(pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8_ex2(&translated_contents -> data,translated,encoding,pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8(&translated_contents -> data,translated,pool); translated_contents = svn_string_dup(contents,pool); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); svn_error_t *svn_err__temp = svn_io_temp_dir(&base_dir,pool); svn_error_t *svn_err__temp = svn_path_cstring_from_utf8(&temp_dir_apr,base_dir,pool); apr_err = apr_filepath_set(temp_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); err = svn_path_cstring_from_utf8(&tmpfile_apr,tmpfile_name,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x10,pool); apr_file_mtime_set(tmpfile_apr,finfo_before . mtime - 2000,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x00000010 | 0x00000100,pool); err = svn_utf_cstring_from_utf8(&tmpfile_native,tmpfile_name,pool); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); 0 --------------------------------- 3365 153089/string.c cppfunc 67 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3366 1303/mime2-bad.c cppfunc 192 while ((c1 = fgetc(e->e_dfp)) != EOF) c2 = fgetc(e->e_dfp); c3 = fgetc(e->e_dfp); c4 = fgetc(e->e_dfp); } while (isascii(c4) && isspace(c4)); 0 --------------------------------- 3367 1303/mime2-bad.c inputfunc 191 c4 = fgetc(e->e_dfp); while ((c1 = fgetc(e->e_dfp)) != EOF) c2 = fgetc(e->e_dfp); c3 = fgetc(e->e_dfp); } while (isascii(c3) && isspace(c3)); if (c3 == EOF) if (c3 == '=') c3 = CHAR64(c3); 0 --------------------------------- 3368 1301/main.c cppfunc 87 header->h_field = (char *) malloc(sizeof(char) * 100); header->h_value = (char *) malloc(sizeof(char) * 100); e->e_id = (char *) malloc(sizeof(char) * 50); 0 --------------------------------- 3369 153597/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3370 66639/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_34.c cppfunc 42 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3371 72781/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_51.c cppfunc 133 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_51b_badSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 3372 153288/color.c cppfunc 380 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3373 66233/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_02.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3374 70401/CWE122_Heap_Based_Buffer_Overflow__CWE135_02.c cppfunc 172 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 3375 152868/color.c cppfunc 602 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int untransparently_mohall = 20; char *tarsier_eelfish; stonesoup_read_taint(&tarsier_eelfish,"5046",untransparently_mohall); free(((char *)tarsier_eelfish)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&tarsier_eelfish,"5046",untransparently_mohall); free(((char *)tarsier_eelfish)); 0 --------------------------------- 3376 152917/cmdutils.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3377 152917/cmdutils.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3378 70679/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67.c cppfunc 378 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3379 153321/column-utils.c cppfunc 90 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3380 153416/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3381 71197/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_51.c cppfunc 147 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_51b_goodG2BSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 3382 71483/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_44.c cppfunc 69 static void goodG2BSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 3383 153543/bio_err.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3384 153543/bio_err.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3385 71594/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_73.cpp cppfunc 159 list dataList; data = (int64_t *)malloc(100*sizeof(int64_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int64_t * data = dataList.back(); memcpy(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 3386 153328/e_camellia.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3387 70674/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_62.cpp cppfunc 97 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3388 153328/e_camellia.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3389 62722/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_15.c cppfunc 199 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3390 153301/e_camellia.c cppfunc 123 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3391 153301/e_camellia.c cppfunc 121 stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3392 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c cppfunc 37 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3393 153715/eng_lib.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3394 153059/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3395 67327/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_34.c cppfunc 36 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3396 152895/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3397 66345/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_18.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3398 152885/color.c cppfunc 346 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 3399 152885/color.c cppfunc 348 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3400 153803/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3401 71372/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_13.c cppfunc 71 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 3402 153803/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3403 153032/timestamp.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3404 153032/timestamp.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3405 110649/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_02.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3406 70416/CWE122_Heap_Based_Buffer_Overflow__CWE135_17.c cppfunc 109 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; memcpy(dest, data, (dataLen+1)); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 3407 67718/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_07.cpp inputfunc 326 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 3408 72874/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_43.cpp cppfunc 73 data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 3409 67439/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_67.c cppfunc 58 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3410 67424/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_41.c cppfunc 65 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3411 63796/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_05.c cppfunc 104 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 3412 70652/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_13.c cppfunc 416 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3413 70937/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_10.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 3414 72828/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_45.c cppfunc 66 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_45_goodG2BData; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 3415 66529/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_10.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3416 71003/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_44.c cppfunc 63 static void goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3417 153813/config.c cppfunc 131 stonesoup_read_taint(&preaffirmation_crosscurrented,"KAIK_ABOLITIONIZED"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 3418 153813/config.c inputfunc 134 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&preaffirmation_crosscurrented,"KAIK_ABOLITIONIZED"); if (preaffirmation_crosscurrented != 0) {; 0 --------------------------------- 3419 153519/cmdline.c cppfunc 118 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3420 70957/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_51.c cppfunc 130 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_51b_badSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 3421 152937/mutex.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3422 152937/mutex.c cppfunc 53 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3423 153098/main_statusbar.c cppfunc 1161 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int diplomatology_rorifluent = 40; char *calamiferous_cumming;; stonesoup_read_taint(&calamiferous_cumming,"5630",diplomatology_rorifluent); bedrugged_aripeka = calamiferous_cumming; conoscenti_aims[5] = bedrugged_aripeka; lepidium_taels = 5; cuttanee_unmitigatedly = &lepidium_taels; surpluses_hyson = *(conoscenti_aims + *cuttanee_unmitigatedly); whipper_larkin(darnall_billowier,surpluses_hyson); whipper_larkin(taalbond_cyclograph,principalship_autorhythmus); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&calamiferous_cumming,"5630",diplomatology_rorifluent); bedrugged_aripeka = calamiferous_cumming; conoscenti_aims[5] = bedrugged_aripeka; surpluses_hyson = *(conoscenti_aims + *cuttanee_unmitigatedly); whipper_larkin(darnall_billowier,surpluses_hyson); void whipper_larkin(int taalbond_cyclograph,toadlet_rewet principalship_autorhythmus) free(((char *)principalship_autorhythmus)); 0 --------------------------------- 3424 153041/resowner.c inputfunc 195 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&conglobulate_tauchnitz,"REBBA_BRACHIOTOMY"); if (conglobulate_tauchnitz != 0) {; hirling_morcha = ((int )(strlen(conglobulate_tauchnitz))); sergeantship_nondoubting = ((char *)(malloc(hirling_morcha + 1))); if (sergeantship_nondoubting == 0) { memcpy(sergeantship_nondoubting,conglobulate_tauchnitz,hirling_morcha); if (conglobulate_tauchnitz != 0) free(((char *)conglobulate_tauchnitz)); WITHER_PREFRANKNESS(sergeantship_nondoubting); void morea_werefox(char *demonetizes_paronym) WITHER_PREFRANKNESS(sergeantship_nondoubting); 0 --------------------------------- 3425 153273/cmdutils.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3426 79416/CWE134_Uncontrolled_Format_String__char_console_fprintf_52.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_52b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_52b_badSink(char * data); 0 --------------------------------- 3427 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c cppfunc 105 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3428 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c cppfunc 102 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 3429 153333/utils.c cppfunc 4772 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; spec += 2; prog_id = (strtol(spec,&endptr,0)); 0 --------------------------------- 3430 153333/utils.c cppfunc 4778 char *endptr; prog_id = (strtol(spec,&endptr,0)); if (( *(endptr++)) == ':') { int stream_idx = (strtol(endptr,((void *)0),0)); 0 --------------------------------- 3431 149203/UseAfterFree_container-bad.c cppfunc 36 container.foo.b[0] = 'S'; printf("%s\n", container.foo.b); free(container.foo.b); 0 --------------------------------- 3432 153728/main_filter_toolbar.c cppfunc 441 void stonesoup_handle_taint(char *intendit_trullisatios) owenist_cinereal(intendit_trullisatios); void owenist_cinereal(char *const unhitching_bundweed) free(((char *)((char *)unhitching_bundweed))); 0 --------------------------------- 3433 152923/portalmem.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3434 72130/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_03.c cppfunc 73 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 3435 72185/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_10.c cppfunc 99 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 3436 72373/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_06.c cppfunc 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 3437 67729/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_18.cpp inputfunc 206 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 3438 152978/column-utils.c cppfunc 82 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3439 153433/resowner.c cppfunc 152 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3440 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c cppfunc 200 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 3441 67713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_02.cpp cppfunc 307 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3442 67498/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_15.c cppfunc 104 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 3443 199275/invalid_memory_access.c cppfunc 367 invalid_memory_access_012_s_001 *s; s = (invalid_memory_access_012_s_001 *)calloc(1,sizeof(invalid_memory_access_012_s_001)); free(s); 0 --------------------------------- 3444 199275/invalid_memory_access.c cppfunc 361 invalid_memory_access_012_s_001 *s; s = (invalid_memory_access_012_s_001 *)calloc(1,sizeof(invalid_memory_access_012_s_001)); s->a = 20; s->b = 20; s->uninit = 20; free(s); 0 --------------------------------- 3445 152933/column-utils.c cppfunc 88 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3446 153825/stream.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3447 153825/stream.c cppfunc 117 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3448 199276/invalid_memory_access.c cppfunc 626 invalid_memory_access_017_doubleptr_gbl=(char*) malloc(10*sizeof(char)); strcpy(invalid_memory_access_017_doubleptr_gbl,"TEST"); printf("invalid gbl= %s \n",invalid_memory_access_017_doubleptr_gbl); strcpy(s,invalid_memory_access_017_doubleptr_gbl); invalid_memory_access_017_func_002(); if(invalid_memory_access_017_func_001(flag) == 0) invalid_memory_access_017_func_004(); if(invalid_memory_access_017_func_001(flag) == 0) invalid_memory_access_017_func_003(); free(invalid_memory_access_017_doubleptr_gbl); 0 --------------------------------- 3449 72089/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_10.c cppfunc 71 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 3450 153196/main_filter_toolbar.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3451 153196/main_filter_toolbar.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3452 73082/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_73.cpp cppfunc 165 list dataList; data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 3453 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c cppfunc 31 data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3454 110382/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_33.cpp cppfunc 89 int &dataRef = data; int data = dataRef; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3455 152888/mem_dbg.c cppfunc 710 static void print_leak_LHASH_DOALL_ARG(void *arg1,void *arg2) const MEM *a = arg1; print_leak_doall_arg(a,b); static void print_leak_doall_arg(const MEM *m,MEM_LEAK *l) lcl = localtime(&m -> time); 0 --------------------------------- 3456 69878/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_07.cpp cppfunc 95 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 3457 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c inputfunc 137 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 3458 67737/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_42.cpp cppfunc 232 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3459 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c cppfunc 251 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 3460 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c cppfunc 104 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3461 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c cppfunc 101 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 3462 70461/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_14.c cppfunc 419 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3463 67568/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_01.cpp cppfunc 124 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3464 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c cppfunc 232 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 3465 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c cppfunc 154 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 3466 67601/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_61.cpp cppfunc 244 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3467 110808/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_17.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3468 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c cppfunc 152 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 3469 153631/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3470 69170/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_21.cpp cppfunc 124 data = NULL; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) data[0] = L'\0'; return data; data = goodG2B2Source(data); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 3471 153631/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3472 66547/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_44.c cppfunc 71 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3473 153364/cmdutils.c cppfunc 898 int opt_max_alloc(void *optctx,const char *opt,const char *arg) char *tail; max = (strtol(arg,&tail,'\n')); 0 --------------------------------- 3474 153330/color.c cppfunc 333 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3475 153163/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3476 153163/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3477 70503/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_08.c cppfunc 106 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3478 66249/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_18.c cppfunc 55 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3479 153003/cmdutils.c cppfunc 1366 const AVCodecDescriptor **codecs; unsigned int nb_codecs = 0; nb_codecs++; if (!(codecs = (av_calloc(nb_codecs,sizeof(( *codecs)))))) { desc = ((void *)0); while(desc = avcodec_descriptor_next(desc)) codecs[i++] = desc; qsort(codecs,nb_codecs,sizeof(( *codecs)),compare_codec_desc); 0 --------------------------------- 3480 152974/conversation.c cppfunc 1258 void stonesoup_handle_taint(char *emblemist_stours) tuberculiferous_pollaiuolo = emblemist_stours; EUPHONICALLY_SENSUALIZE(tuberculiferous_pollaiuolo); void rightabout_valerye(tereshkova_reinterrogates joisted_rice) free(((char *)joisted_rice)); 0 --------------------------------- 3481 153827/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3482 153729/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3483 153821/heapam.c cppfunc 124 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3484 153729/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3485 153821/heapam.c cppfunc 120 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3486 153557/conversation.c cppfunc 1286 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; union orchidectomies_carrel carinal_stuber; char *gottingen_ophthalmometer; stonesoup_read_taint(&gottingen_ophthalmometer,"OSCILLATIONS_ANNUNCIATORY"); carinal_stuber . dunkers_crosette = gottingen_ophthalmometer; outstretching_hoppestere[ *pratfalls_chipling] = carinal_stuber; schuit_shovelbill = outstretching_hoppestere[ *pratfalls_chipling]; TRYPANOSOMA_ILLAQUEATION(schuit_shovelbill); void twangy_entourage(union orchidectomies_carrel dermatorrhagia_niched) free(((char *)dermatorrhagia_niched . dunkers_crosette)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&gottingen_ophthalmometer,"OSCILLATIONS_ANNUNCIATORY"); carinal_stuber . dunkers_crosette = gottingen_ophthalmometer; schuit_shovelbill = outstretching_hoppestere[ *pratfalls_chipling]; TRYPANOSOMA_ILLAQUEATION(schuit_shovelbill); 0 --------------------------------- 3487 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c cppfunc 109 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 3488 153500/dirent_uri.c cppfunc 75 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3489 66652/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_64.c cppfunc 56 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3490 153702/config.c cppfunc 201 char *mouthes_epigonation; stonesoup_read_taint(&mouthes_epigonation,"TARSOCLASIS_DEPOSING"); mazolysis_cacoethes = ((int )(strlen(mouthes_epigonation))); rontgenized_turtledom = ((char *)(malloc(mazolysis_cacoethes + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&mouthes_epigonation,"TARSOCLASIS_DEPOSING"); mazolysis_cacoethes = ((int )(strlen(mouthes_epigonation))); rontgenized_turtledom = ((char *)(malloc(mazolysis_cacoethes + 1))); 0 --------------------------------- 3491 153702/config.c cppfunc 209 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *mouthes_epigonation; stonesoup_read_taint(&mouthes_epigonation,"TARSOCLASIS_DEPOSING"); mazolysis_cacoethes = ((int )(strlen(mouthes_epigonation))); memcpy(rontgenized_turtledom,mouthes_epigonation,mazolysis_cacoethes); free(((char *)mouthes_epigonation)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&mouthes_epigonation,"TARSOCLASIS_DEPOSING"); mazolysis_cacoethes = ((int )(strlen(mouthes_epigonation))); memcpy(rontgenized_turtledom,mouthes_epigonation,mazolysis_cacoethes); free(((char *)mouthes_epigonation)); 0 --------------------------------- 3492 70649/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_10.c cppfunc 369 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3493 70657/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_18.c cppfunc 254 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3494 153245/e_bf.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3495 66238/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_07.c cppfunc 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3496 73041/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_02.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 3497 153214/pgstat.c cppfunc 308 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3498 72718/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_15.c cppfunc 76 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 3499 153489/color.c cppfunc 349 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3500 153489/color.c cppfunc 347 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 3501 70922/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_73.cpp cppfunc 157 void badSink(list dataList) char * data = dataList.back(); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3502 70498/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_03.c cppfunc 93 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3503 67335/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3504 70982/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_07.c cppfunc 76 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3505 153086/mem_dbg.c cppfunc 934 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *laconic_nonspherical) ottumwa_inkhornist = ((int )(strlen(laconic_nonspherical))); molinet_uncomplexness = ((char *)(malloc(ottumwa_inkhornist + 1))); 0 --------------------------------- 3506 69731/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_04.cpp cppfunc 96 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 3507 72978/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_62.cpp cppfunc 64 data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3508 62580/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_17.c cppfunc 89 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3509 71418/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_11.c cppfunc 41 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 3510 153781/emem.c cppfunc 180 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3511 153781/emem.c cppfunc 187 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3512 153781/emem.c cppfunc 184 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3513 110524/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_31.c cppfunc 77 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3514 63606/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_15.c cppfunc 110 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 3515 66530/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_11.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3516 153749/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3517 153654/utils.c cppfunc 93 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 3518 153749/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3519 153566/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3520 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c cppfunc 154 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 3521 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c cppfunc 151 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BSink(data); static void goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3522 153273/cmdutils.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3523 153759/hashfn.c cppfunc 61 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3524 153085/oids.c cppfunc 1361 char *cessment_iand = 0; inferiors_fatalness(&cessment_iand); bedder_bedragglement = 1; coadmires_auxiliation = &cessment_iand; abrus_painterliness = ((char **)(((unsigned long )coadmires_auxiliation) * bedder_bedragglement * bedder_bedragglement)) + 5; free(((char *)( *(abrus_painterliness - 5)))); 0 --------------------------------- 3525 70683/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_74.cpp cppfunc 371 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3526 153392/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3527 153290/dynahash.c cppfunc 259 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3528 72985/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_72.cpp cppfunc 150 void badSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3529 153290/dynahash.c cppfunc 256 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3530 148923/strutil.c cppfunc 299 format_text_wsp(const guchar *string, size_t len) c = *string++; if (isprint(c)) { } else if (isspace(c)) { 0 --------------------------------- 3531 69879/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_08.cpp cppfunc 103 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 3532 152887/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3533 79522/CWE134_Uncontrolled_Format_String__char_console_snprintf_68.c inputfunc 51 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_68_badData = data; 0 --------------------------------- 3534 153232/e_bf.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3535 153401/e_camellia.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3536 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c cppfunc 188 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 3537 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c cppfunc 185 CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34_unionType myUnion; char * data = myUnion.unionSecond; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3538 67724/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_13.cpp cppfunc 306 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3539 67492/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_09.c cppfunc 96 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 3540 66319/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_67.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3541 79505/CWE134_Uncontrolled_Format_String__char_console_snprintf_34.c inputfunc 120 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myUnion.unionFirst = data; 0 --------------------------------- 3542 63806/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_15.c cppfunc 82 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 3543 67731/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_22.cpp inputfunc 101 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 3544 67574/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_07.cpp cppfunc 157 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3545 153587/conf_mod.c cppfunc 685 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); bobsleded_ephestia = 5; revocate_nonvariably = &bobsleded_ephestia; economizer_barber = *(pommelion_valera + *revocate_nonvariably); free(((char *)economizer_barber)); void stonesoup_handle_taint(char *woldlike_laryngalgia) pommelion_valera[5] = woldlike_laryngalgia; economizer_barber = *(pommelion_valera + *revocate_nonvariably); free(((char *)economizer_barber)); 0 --------------------------------- 3546 72713/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_10.c cppfunc 90 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 3547 71014/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_66.c cppfunc 150 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3548 153350/column-utils.c cppfunc 89 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3549 66240/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_09.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3550 152908/utils.c cppfunc 82 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3551 152908/utils.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3552 152908/utils.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3553 153543/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 3554 110463/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_08.c cppfunc 91 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3555 153144/avpacket.c cppfunc 541 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; int moriform_cogener = 53; char *laccol_devotedly;; stonesoup_read_taint(&laccol_devotedly,"1979",moriform_cogener); gothish_saints = ((int )(strlen(laccol_devotedly))); minidisks_disparpling = ((char *)(malloc(gothish_saints + 1))); memset(minidisks_disparpling,0,gothish_saints + 1); memcpy(minidisks_disparpling,laccol_devotedly,gothish_saints); page_antimoralism[5] = minidisks_disparpling; recalculated_tantric[1] = 5; balsamweed_tigereyes = *(page_antimoralism + recalculated_tantric[1]); MICROELECTRONIC_TUMULOUS(balsamweed_tigereyes); void compreg_resurrects(char *currents_asclepiade) free(((char *)currents_asclepiade)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&laccol_devotedly,"1979",moriform_cogener); gothish_saints = ((int )(strlen(laccol_devotedly))); memcpy(minidisks_disparpling,laccol_devotedly,gothish_saints); page_antimoralism[5] = minidisks_disparpling; balsamweed_tigereyes = *(page_antimoralism + recalculated_tantric[1]); MICROELECTRONIC_TUMULOUS(balsamweed_tigereyes); 0 --------------------------------- 3556 153173/eng_table.c cppfunc 112 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3557 153566/color.c cppfunc 363 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3558 152866/gimpdisplay.c cppfunc 182 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 3559 148828/Geolocation.cpp cppfunc 338 GeoNotifierSet::const_iterator end = m_requestsAwaitingCachedPosition.end(); for (GeoNotifierSet::const_iterator iter = m_requestsAwaitingCachedPosition.begin(); iter != end; ++iter) { GeoNotifier* notifier = iter->get(); notifier->runSuccessCallback(m_positionCache->cachedPosition()); if (m_oneShots.contains(notifier)) m_oneShots.remove(notifier); 0 --------------------------------- 3560 153765/mutex.c cppfunc 171 jmp_buf palladinize_choloidinic; bueche_mansuetude = setjmp(palladinize_choloidinic); longjmp(palladinize_choloidinic,1); 0 --------------------------------- 3561 1292/create_msg_file.c cppfunc 96 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); 0 --------------------------------- 3562 70765/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_51.c cppfunc 145 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_51b_goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 3563 110475/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22.c cppfunc 77 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22_goodG2B1Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3564 152949/conf_mod.c cppfunc 151 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3565 152949/conf_mod.c cppfunc 154 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3566 110461/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_06.c cppfunc 81 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3567 71641/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_72.cpp cppfunc 159 vector dataVector; data = (int64_t *)malloc(100*sizeof(int64_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int64_t * data = dataVector[2]; memmove(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 3568 153209/avdevice.c cppfunc 134 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int predifferent_unroll = 20; char *overnumerously_accoutres;; stonesoup_read_taint(&overnumerously_accoutres,"5475",predifferent_unroll); humorless_iroko = ((int )(strlen(overnumerously_accoutres))); memcpy(enouncement_ambaris,overnumerously_accoutres,humorless_iroko); free(((char *)overnumerously_accoutres)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&overnumerously_accoutres,"5475",predifferent_unroll); humorless_iroko = ((int )(strlen(overnumerously_accoutres))); memcpy(enouncement_ambaris,overnumerously_accoutres,humorless_iroko); free(((char *)overnumerously_accoutres)); 0 --------------------------------- 3569 72459/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_74.cpp cppfunc 167 data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 3570 149050/mem-good.c cppfunc 20 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) p = strdup(str); printf("result: %s\n", p); free(p); 0 --------------------------------- 3571 153464/mem_dbg.c cppfunc 228 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3572 153464/mem_dbg.c cppfunc 224 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3573 70508/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_13.c cppfunc 228 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3574 70525/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51.c cppfunc 80 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3575 71642/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_73.cpp cppfunc 142 void badSink(list dataList) int64_t * data = dataList.back(); memmove(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 3576 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c cppfunc 53 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 3577 72324/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_05.c cppfunc 76 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3578 153350/column-utils.c cppfunc 75 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3579 153350/column-utils.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3580 153243/main_filter_toolbar.c cppfunc 266 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; int simmers_ramsons = 40; char *scopiform_synchromist; stonesoup_read_taint(&scopiform_synchromist,"8430",simmers_ramsons); soaking_sestertius = ((int )(strlen(scopiform_synchromist))); haematological_owercome = ((char *)(malloc(soaking_sestertius + 1))); memset(haematological_owercome,0,soaking_sestertius + 1); memcpy(haematological_owercome,scopiform_synchromist,soaking_sestertius); free(((char *)haematological_owercome)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&scopiform_synchromist,"8430",simmers_ramsons); soaking_sestertius = ((int )(strlen(scopiform_synchromist))); memcpy(haematological_owercome,scopiform_synchromist,soaking_sestertius); free(((char *)haematological_owercome)); 0 --------------------------------- 3581 67733/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_32.cpp cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3582 62734/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_43.cpp cppfunc 218 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3583 79409/CWE134_Uncontrolled_Format_String__char_console_fprintf_34.c inputfunc 106 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myUnion.unionFirst = data; 0 --------------------------------- 3584 152995/bio_err.c cppfunc 242 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 3585 152995/bio_err.c cppfunc 248 void arne_woodman(nashville_uncounselled agglomerative_pursuers) detailist_clyman(agglomerative_pursuers); void detailist_clyman(nashville_uncounselled necessariness_stamboul) free(((char *)necessariness_stamboul)); 0 --------------------------------- 3586 153379/e_camellia.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3587 70406/CWE122_Heap_Based_Buffer_Overflow__CWE135_07.c cppfunc 149 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 3588 67725/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_14.cpp cppfunc 306 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3589 153699/cmdline.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3590 153721/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3591 73717/CWE124_Buffer_Underwrite__CWE839_listen_socket_34.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3592 110547/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_74.cpp cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3593 153131/color.c cppfunc 611 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *coccidae_damn) free(((char *)coccidae_damn)); 0 --------------------------------- 3594 66637/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_32.c cppfunc 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3595 153373/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3596 153518/e_bf.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3597 153518/e_bf.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3598 72141/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_14.c cppfunc 73 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 3599 70678/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_66.c cppfunc 185 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3600 153491/stream.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3601 72718/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_15.c cppfunc 103 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 3602 67444/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_81a.cpp cppfunc 48 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3603 72088/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_09.c cppfunc 93 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 3604 152956/bss_file.c cppfunc 153 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3605 62744/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_64.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3606 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c cppfunc 349 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 3607 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c cppfunc 346 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 3608 153771/main_filter_toolbar.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3609 153392/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 3610 153331/emem.c cppfunc 178 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3611 62573/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_10.c cppfunc 137 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3612 110688/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_68.cpp cppfunc 43 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3613 153603/ffmpeg.c cppfunc 162 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3614 70872/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68.c cppfunc 157 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68_goodG2BData; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3615 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c cppfunc 207 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3616 1297/crackaddr-bad.c cppfunc 359 char address[100]; scanf("%99s", address); res_addr = crackaddr(address); register char *addr; addr++; p = addrhead = addr; p++; while ((c = *p++) != '<') while ((c = *p++) != '\0') if ((c = *p++) == '\0') p--; p++; p++; while ((c = *p++) != ':') *bp++ = *p++; while (isascii((int) *p) && isspace((int)*p) && bp < buflim) 0 --------------------------------- 3617 153355/subtrans.c cppfunc 127 stonesoup_read_taint(&blurry_pyrographies,"UNQUALIFIABLE_BILLITON"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 3618 153479/file_wrappers.c cppfunc 150 stonesoup_read_taint(&strive_tachinidae,"CANUTE_MONOCARBONATE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 3619 153479/file_wrappers.c inputfunc 153 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&strive_tachinidae,"CANUTE_MONOCARBONATE"); if (strive_tachinidae != 0) {; 0 --------------------------------- 3620 153765/mutex.c cppfunc 50 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3621 72594/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_62.cpp cppfunc 146 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 3622 153402/color.c cppfunc 368 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3623 153517/color.c cppfunc 595 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int passionaries_interlinkage = 596; char *daubing_cowbind; stonesoup_read_taint(&daubing_cowbind,"3281",passionaries_interlinkage); free(((char *)daubing_cowbind)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&daubing_cowbind,"3281",passionaries_interlinkage); free(((char *)daubing_cowbind)); 0 --------------------------------- 3624 67311/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_08.c cppfunc 74 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3625 73721/CWE124_Buffer_Underwrite__CWE839_listen_socket_44.c cppfunc 103 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3626 153573/bss_file.c cppfunc 131 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3627 153393/pgstat.c inputfunc 3276 if (fread((&format_id),1,sizeof(format_id),fpin) != sizeof(format_id) || format_id != 0x01A5BC9A) { if (fread((&globalStats),1,sizeof(globalStats),fpin) != sizeof(globalStats)) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 3628 71171/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_04.c cppfunc 79 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 3629 153030/avpacket.c cppfunc 103 int perrin_mackinac = 596; stonesoup_read_taint(&adumbrations_bathycolpian,"7292",perrin_mackinac); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 3630 153325/aviobuf.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3631 66643/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_44.c cppfunc 47 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3632 70779/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_74.cpp cppfunc 173 data = (char *)malloc((10+1)*sizeof(char)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 3633 66281/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_02.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3634 70678/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_66.c cppfunc 400 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3635 67496/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_13.c cppfunc 96 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 3636 152878/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3637 153155/hashfn.c cppfunc 168 va_list depilous_nereite; __builtin_va_start(depilous_nereite,berogue_overraness); codevelop_stationing = (va_arg(depilous_nereite,ginkgoales_dimity )); 0 --------------------------------- 3638 73697/CWE124_Buffer_Underwrite__CWE839_listen_socket_04.c cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3639 66239/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_08.c cppfunc 96 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3640 70672/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54.c cppfunc 551 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3641 62571/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_08.c inputfunc 97 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 3642 110692/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_81a.cpp cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3643 71439/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53.c cppfunc 241 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 3644 72601/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_72.cpp cppfunc 149 void badSink(vector dataVector) wchar_t * data = dataVector[2]; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 3645 63439/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_08.c cppfunc 87 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 3646 70885/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_06.c cppfunc 96 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3647 62753/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_82a.cpp cppfunc 180 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3648 153537/heapam.c cppfunc 137 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3649 153537/heapam.c cppfunc 135 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3650 73269/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_74.cpp cppfunc 157 data = NULL; data = (double *)malloc(sizeof(*data)); *data = 1.7E300; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) double * data = dataMap[2]; printDoubleLine(*data); free(data); 0 --------------------------------- 3651 70404/CWE122_Heap_Based_Buffer_Overflow__CWE135_05.c cppfunc 89 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3652 153184/cryptlib.c cppfunc 181 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3653 72734/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52.c cppfunc 188 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52c_goodG2BSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 3654 72950/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_07.c cppfunc 99 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3655 153084/stream.c cppfunc 139 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3656 66656/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_68.c cppfunc 41 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3657 153084/stream.c cppfunc 130 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3658 153030/avpacket.c cppfunc 64 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3659 66341/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_14.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3660 153240/color.c cppfunc 324 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 3661 153240/color.c cppfunc 326 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3662 110365/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_06.c cppfunc 94 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3663 62991/CWE121_Stack_Based_Buffer_Overflow__CWE135_74.cpp cppfunc 198 data = (void *)WIDE_STRING; dataMap[2] = data; goodB2GSink(dataMap); void goodB2GSink(map dataMap) void * data = dataMap[2]; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3664 70666/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_43.cpp cppfunc 194 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3665 67742/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_52.cpp inputfunc 98 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 3666 67739/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_44.cpp cppfunc 266 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3667 153379/e_camellia.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3668 72420/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_05.c cppfunc 76 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 3669 73016/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_41.c cppfunc 55 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_41_goodG2BSink(char * data) strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 3670 153242/e_camellia.c cppfunc 604 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *phenoquinone_gravamem) successionist_shrubby = ((int )(strlen(phenoquinone_gravamem))); shieldmaker_mariya = ((char *)(malloc(successionist_shrubby + 1))); 0 --------------------------------- 3671 73054/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_15.c cppfunc 100 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 3672 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c inputfunc 42 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_badSink(void * dataVoidPtr); CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_badSink(&data); 0 --------------------------------- 3673 153668/error.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3674 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c inputfunc 151 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 3675 153668/error.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3676 70485/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_65.c cppfunc 339 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3677 153181/mux.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3678 152887/color.c cppfunc 368 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3679 72723/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22.c cppfunc 194 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 3680 110322/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_11.c cppfunc 179 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3681 152892/oids.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3682 152892/oids.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3683 152892/oids.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3684 70669/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_51.c cppfunc 389 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3685 70403/CWE122_Heap_Based_Buffer_Overflow__CWE135_04.c cppfunc 178 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 3686 72073/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_72.cpp cppfunc 151 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 3687 71766/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_33.cpp cppfunc 62 int * &dataRef = data; int * data = dataRef; memmove(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 3688 70471/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_34.c cppfunc 276 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3689 149202/HeapOverFlow-good.c cppfunc 31 int main(int argc, char **argv) buf = (char *)malloc(BUFSIZE); if (argc > 1 && strlen(argv[1]) < BUFSIZE) strcpy(buf, argv[1]); printf("buf = %s\n", buf); free(buf); 0 --------------------------------- 3690 153541/heapam.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3691 153037/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 3692 73179/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_74.cpp cppfunc 165 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(dest, data); printWLine(data); free(data); 0 --------------------------------- 3693 69884/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_13.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 3694 72323/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_04.c cppfunc 76 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3695 153482/color.c cppfunc 609 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *fliers_snowcap) free(((char *)fliers_snowcap)); 0 --------------------------------- 3696 153182/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3697 79410/CWE134_Uncontrolled_Format_String__char_console_fprintf_41.c inputfunc 105 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GSink(data); static void goodB2GSink(char * data) fprintf(stdout, "%s\n", data); 0 --------------------------------- 3698 70509/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_14.c cppfunc 130 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3699 67325/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_32.c cppfunc 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3700 153467/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3701 110367/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_08.c cppfunc 104 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3702 66532/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_13.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3703 153540/eng_table.c cppfunc 130 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3704 153623/ffmpeg.c cppfunc 1993 static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) int n = 1; int64_t *pts; size = n; pts = (av_malloc(sizeof(( *pts)) * size)); p = kf; char *next = strchr(p,','); *(next++) = 0; if (!memcmp(p,"chapters",8)) { if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); AVChapter *c = avf -> chapters[j]; pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost = output_streams[i]; ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; ist = get_input_stream(ost); if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ist = get_input_stream(ost); ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; ist = get_input_stream(ost); codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); ist = get_input_stream(ost); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); ist = get_input_stream(ost); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) p = kf; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); if (!strncmp((ost -> forced_keyframes),"expr:",5)) { parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); 0 --------------------------------- 3705 148828/Geolocation.cpp cppfunc 169 void Geolocation::Watchers::remove(int id) IdToNotifierMap::iterator iter = m_idToNotifierMap.find(id); m_notifierToIdMap.remove(iter->second); 0 --------------------------------- 3706 70833/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_02.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3707 153364/cmdutils.c cppfunc 1350 const AVCodecDescriptor **codecs; unsigned int nb_codecs = 0; nb_codecs++; if (!(codecs = (av_calloc(nb_codecs,sizeof(( *codecs)))))) { desc = ((void *)0); while(desc = avcodec_descriptor_next(desc)) codecs[i++] = desc; qsort(codecs,nb_codecs,sizeof(( *codecs)),compare_codec_desc); 0 --------------------------------- 3708 153688/column.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3709 71469/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_14.c cppfunc 77 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 3710 153766/tile-swap.c cppfunc 149 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3711 153766/tile-swap.c cppfunc 147 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3712 70408/CWE122_Heap_Based_Buffer_Overflow__CWE135_09.c cppfunc 83 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3713 70657/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_18.c cppfunc 190 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3714 110352/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_68.c cppfunc 253 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_68_goodG2BData = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_68b_goodG2BSink(); int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_68_goodG2BData; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3715 153267/stream.c cppfunc 212 jmp_buf sexist_explorational; goads_cymrite = setjmp(sexist_explorational); longjmp(sexist_explorational,1); 0 --------------------------------- 3716 71298/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_62.cpp cppfunc 42 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 3717 153296/timestamp.c cppfunc 92 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3718 199236/buffer_underrun_dynamic.c cppfunc 28 char *buf=(char*) calloc(5,sizeof(char)); buf[i]=1; free(buf); 0 --------------------------------- 3719 153609/img2.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3720 152891/color.c cppfunc 134 molybdic_huccatoon = getenv("BORESOMENESS_TEETY"); spunking_hidalgoism = ((char *)molybdic_huccatoon); stonesoup_buffer = malloc((strlen(spunking_hidalgoism) + 1) * sizeof(char )); strcpy(stonesoup_buffer,spunking_hidalgoism); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 3721 153123/tile-swap.c cppfunc 159 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3722 153123/tile-swap.c cppfunc 157 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(middelburg_diminished)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3723 153762/oids.c cppfunc 1375 char *ankus_clementine(char *whereat_carate) return whereat_carate; nationally_superincumbent = ankus_clementine(julies_realisers); free(((char *)nationally_superincumbent)); void stonesoup_handle_taint(char *disorganizing_outlook) protevangelion_beat = ((int )(strlen(disorganizing_outlook))); julies_realisers = ((char *)(malloc(protevangelion_beat + 1))); memset(julies_realisers,0,protevangelion_beat + 1); memcpy(julies_realisers,disorganizing_outlook,protevangelion_beat); nationally_superincumbent = ankus_clementine(julies_realisers); 0 --------------------------------- 3724 73716/CWE124_Buffer_Underwrite__CWE839_listen_socket_33.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3725 153231/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3726 153231/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3727 153231/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3728 153792/gimpdisplay.c cppfunc 822 jmp_buf repace_avalon; marrowsky_unstubbornly = setjmp(repace_avalon); longjmp(repace_avalon,1); 0 --------------------------------- 3729 72769/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_18.c cppfunc 66 data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 3730 152906/tile.c cppfunc 82 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3731 72724/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_31.c cppfunc 65 data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 3732 67420/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_31.c cppfunc 29 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3733 67425/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_42.c cppfunc 52 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 3734 110538/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_62.cpp cppfunc 72 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3735 72304/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54.c cppfunc 286 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54e_goodG2BSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3736 67516/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_15.c cppfunc 93 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 3737 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c cppfunc 150 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 3738 148828/Element.cpp cppfunc 1265 PassRefPtr Element::getAttributeNodeNS(const String& namespaceURI, const String& localName) NamedNodeMap* attrs = attributes(true); return static_pointer_cast(attrs->getNamedItem(QualifiedName(nullAtom, localName, namespaceURI))); 0 --------------------------------- 3739 70516/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_31.c cppfunc 161 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3740 66304/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_41.c cppfunc 40 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3741 152869/conversation.c inputfunc 138 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&affects_acas,"CRUCIS_REASSEMBLING"); if (affects_acas != 0) {; canon_theodora[5] = affects_acas; bilabiate_unregressive = *(canon_theodora + *conspicuousness_microciona); cancerin_stanhopes(misdiagnosis_postallantoic,bilabiate_unregressive); void cancerin_stanhopes(int egghead_unplated,char *smoucher_nonvisionary) cancerin_stanhopes(egghead_unplated,smoucher_nonvisionary); triplicating_omniformity = ((char *)smoucher_nonvisionary); strncpy(stonesoup_source,triplicating_omniformity,sizeof(stonesoup_source)); if (smoucher_nonvisionary != 0) free(((char *)smoucher_nonvisionary)); 0 --------------------------------- 3742 70536/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68.c cppfunc 221 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3743 71169/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_02.c cppfunc 72 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 3744 69735/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_08.cpp cppfunc 103 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 3745 70941/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_14.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 3746 66237/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_06.c cppfunc 86 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3747 153641/timestamp.c cppfunc 159 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 3748 153624/color.c cppfunc 119 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3749 72452/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_64.c cppfunc 144 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 3750 71421/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_14.c cppfunc 41 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 3751 153440/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3752 153440/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3753 153440/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3754 153219/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3755 62985/CWE121_Stack_Based_Buffer_Overflow__CWE135_65.c cppfunc 169 void CWE121_Stack_Based_Buffer_Overflow__CWE135_65b_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 3756 110469/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_14.c cppfunc 77 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3757 153137/emem.c cppfunc 1150 jmp_buf cavaedium_paraperiodic; phenylthiourea_heteroecismal = setjmp(cavaedium_paraperiodic); longjmp(cavaedium_paraperiodic,1); 0 --------------------------------- 3758 152868/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3759 79498/CWE134_Uncontrolled_Format_String__char_console_snprintf_17.c inputfunc 97 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 3760 153718/hashfn.c cppfunc 71 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3761 152868/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3762 73023/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53.c cppfunc 235 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53d_goodG2BSink(char * data) strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 3763 153636/mux.c inputfunc 128 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&metabasis_chincough,"GEMMATED_WAYNESBURG"); if (metabasis_chincough != 0) {; irremeably_famelic = ((char *)metabasis_chincough); strncpy(stonesoup_source,irremeably_famelic,sizeof(stonesoup_source)); if (metabasis_chincough != 0) free(((char *)metabasis_chincough)); 0 --------------------------------- 3764 110804/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_13.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3765 67336/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3766 72421/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_06.c cppfunc 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 3767 110672/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_41.cpp cppfunc 54 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3768 153455/color.c cppfunc 342 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3769 70950/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_33.cpp cppfunc 71 char * &dataRef = data; char * data = dataRef; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 3770 153270/dynahash.c cppfunc 258 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3771 153270/dynahash.c cppfunc 251 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3772 153270/dynahash.c cppfunc 255 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3773 67349/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_82a.cpp cppfunc 49 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3774 67490/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_07.c cppfunc 101 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 3775 153790/mem_dbg.c cppfunc 761 static void print_leak_LHASH_DOALL_ARG(void *arg1,void *arg2) const MEM *a = arg1; print_leak_doall_arg(a,b); static void print_leak_doall_arg(const MEM *m,MEM_LEAK *l) lcl = localtime(&m -> time); 0 --------------------------------- 3776 110394/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_62.cpp cppfunc 72 intPointer = (int*)malloc(data * sizeof(int)); data = 20; intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3777 73723/CWE124_Buffer_Underwrite__CWE839_listen_socket_51.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3778 66653/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_65.c cppfunc 40 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3779 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c cppfunc 155 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 3780 110514/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_11.c cppfunc 192 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3781 67410/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_11.c cppfunc 60 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3782 67740/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_45.cpp inputfunc 284 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 3783 152886/main_statusbar.c cppfunc 157 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3784 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c cppfunc 73 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 3785 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c cppfunc 76 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3786 72725/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_32.c cppfunc 75 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 3787 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c cppfunc 59 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); char * dataCopy = data; char * data = dataCopy; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3788 66559/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_67.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3789 71390/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52.c cppfunc 172 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52c_badSink(char * data) strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 3790 66238/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_07.c cppfunc 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3791 148916/strutil.c cppfunc 806 convert_string_to_hex(const char *string, size_t *nbytes) p = &string[0]; c = *p++; c = *p++; if (!isxdigit(c)) 0 --------------------------------- 3792 70435/CWE122_Heap_Based_Buffer_Overflow__CWE135_63.c cppfunc 165 void CWE122_Heap_Based_Buffer_Overflow__CWE135_63b_goodG2BSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 3793 153374/color.c cppfunc 353 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3794 153654/utils.c cppfunc 71 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3795 153818/tile.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3796 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c cppfunc 156 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 3797 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c cppfunc 159 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 3798 153818/tile.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3799 72451/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_63.c cppfunc 138 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 3800 66636/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_31.c cppfunc 35 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3801 72812/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_13.c cppfunc 71 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 3802 153188/color.c cppfunc 334 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 3803 70510/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_15.c cppfunc 106 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3804 153250/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3805 153584/pmsignal.c cppfunc 431 void falconries_loured(char *const ambigenal_sphygmoid) fertileness_toscanini(vility_nasiei,ambigenal_sphygmoid); void fertileness_toscanini(int perceivers_scowlful,char *casease_outspokenly) fertileness_toscanini(perceivers_scowlful,casease_outspokenly); free(((char *)((char *)casease_outspokenly))); 0 --------------------------------- 3806 153668/error.c cppfunc 719 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *trustlessly_gogglers; stonesoup_read_taint(&trustlessly_gogglers,"ANGIASTHENIA_SPLENATROPHY"); carabidan_sentence . uglification_astto = trustlessly_gogglers; myowun_parasols(carabidan_sentence); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&trustlessly_gogglers,"ANGIASTHENIA_SPLENATROPHY"); carabidan_sentence . uglification_astto = trustlessly_gogglers; myowun_parasols(carabidan_sentence); void myowun_parasols(const union mortiferousness_vibrations grists_ravendale) free(((char *)((union mortiferousness_vibrations )grists_ravendale) . uglification_astto)); 0 --------------------------------- 3807 153714/bio_err.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3808 153714/bio_err.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3809 70969/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_72.cpp cppfunc 175 vector dataVector; data = (char *)malloc((10+1)*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 3810 148966/emem.c cppfunc 2284 va_list ap2; G_VA_COPY(ap2, ap); full_len = g_vsnprintf(&strbuf->str[strbuf->len], (gulong) add_len, format, ap2); va_end(ap2); 0 --------------------------------- 3811 153614/utils.c cppfunc 87 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3812 1300/recipient-ok.c cppfunc 263 char *name; pw = getpwnam(name); *p = tolower(*p); for (p = name; *p != '\0'; p++) if (isascii((int)*p) && isupper((int)*p)) 0 --------------------------------- 3813 153647/aviobuf.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3814 1310/txt-dns-file-ok.c cppfunc 116 DNS_REPLY_T *r; free(r->dns_r_q.dns_q_domain); unsigned char *data; char host[MAXHOSTNAMELEN]; r = (DNS_REPLY_T *) xalloc(sizeof(*r)); memset(r, 0, sizeof(*r)); unsigned char reply[1024]; len = read_record_from_file(reply, sizeof(reply)); len = res_search(domain, rr_class, rr_type, reply, sizeof reply); r = parse_dns_reply(reply, len); p = data; memcpy(&r->dns_r_h, p, sizeof(HEADER)); strcpy(host, "LL.MIT.EDU"); status = strlen(host); dns_free_data(r); r->dns_r_q.dns_q_domain = (char *) strdup(host); dns_free_data(r); GETSHORT(r->dns_r_q.dns_q_type, p); printf("Record type queried = %d\n",r->dns_r_q.dns_q_type); GETSHORT(r->dns_r_q.dns_q_class, p); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); dns_free_data(r); DNS_REPLY_T *r; free(r); int read_record_from_file(unsigned char *, int); r = parse_dns_reply(reply, len); unsigned char *data; p = data; memcpy(&r->dns_r_h, p, sizeof(HEADER)); dns_free_data(r); DNS_REPLY_T *r; free(r); 0 --------------------------------- 3815 1310/txt-dns-file-ok.c cppfunc 114 char host[MAXHOSTNAMELEN]; r = (DNS_REPLY_T *) xalloc(sizeof(*r)); memset(r, 0, sizeof(*r)); strcpy(host, "LL.MIT.EDU"); status = strlen(host); r->dns_r_q.dns_q_domain = (char *) strdup(host); GETSHORT(r->dns_r_q.dns_q_type, p); printf("Record type queried = %d\n",r->dns_r_q.dns_q_type); GETSHORT(r->dns_r_q.dns_q_class, p); dns_free_data(r); DNS_REPLY_T *r; for (rr = r->dns_r_head; rr != NULL; ) free(rr->rr_u.rr_data); rr = rr->rr_next; RESOURCE_RECORD_T *tmp = rr; free(tmp); 0 --------------------------------- 3816 153344/utf.c cppfunc 136 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3817 70669/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_51.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3818 152873/portalmem.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3819 153164/cmdline.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3820 153164/cmdline.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3821 153164/cmdline.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3822 67411/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_12.c cppfunc 62 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3823 67411/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_12.c cppfunc 68 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3824 152924/column.c cppfunc 95 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3825 153466/subtrans.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3826 153466/subtrans.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3827 153391/ffmpeg.c cppfunc 167 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3828 153391/ffmpeg.c cppfunc 163 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3829 70509/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_14.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3830 67610/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_73.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3831 70887/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_08.c cppfunc 86 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3832 153356/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3833 1294/nxt-ok.c cppfunc 208 newstr(size_t len, int needpanic) { assert(len <= 65536); buf = (u_char *)malloc(2 + len + 1); 0 --------------------------------- 3834 153416/color.c cppfunc 598 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *gnomic_lunkheads; stonesoup_read_taint(&gnomic_lunkheads,"GOLES_BIOTYPE"); free(((char *)gnomic_lunkheads)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&gnomic_lunkheads,"GOLES_BIOTYPE"); free(((char *)gnomic_lunkheads)); 0 --------------------------------- 3835 153024/utils.c cppfunc 3202 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); pyrolytic_desmodactyli[1] = 5; mlechchha_unobdurate = *(huang_whiteclay + pyrolytic_desmodactyli[1]); free(((char *)mlechchha_unobdurate)); void stonesoup_handle_taint(char *brett_legitimisation) huang_whiteclay[5] = brett_legitimisation; mlechchha_unobdurate = *(huang_whiteclay + pyrolytic_desmodactyli[1]); free(((char *)mlechchha_unobdurate)); 0 --------------------------------- 3836 153228/cryptlib.c cppfunc 192 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3837 153228/cryptlib.c cppfunc 190 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3838 70644/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_05.c cppfunc 198 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3839 72215/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67.c cppfunc 166 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67_structType myStruct; data[0] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 3840 153805/color.c cppfunc 356 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 3841 153805/color.c cppfunc 358 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3842 62971/CWE121_Stack_Based_Buffer_Overflow__CWE135_34.c cppfunc 94 CWE121_Stack_Based_Buffer_Overflow__CWE135_34_unionType myUnion; void * data = myUnion.unionSecond; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 3843 62971/CWE121_Stack_Based_Buffer_Overflow__CWE135_34.c cppfunc 97 CWE121_Stack_Based_Buffer_Overflow__CWE135_34_unionType myUnion; void * data = myUnion.unionSecond; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3844 73703/CWE124_Buffer_Underwrite__CWE839_listen_socket_10.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3845 70410/CWE122_Heap_Based_Buffer_Overflow__CWE135_11.c cppfunc 172 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 3846 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 3847 62516/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_01.c inputfunc 200 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 3848 72331/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_12.c cppfunc 77 data[50-1] = '\0'; data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3849 79464/CWE134_Uncontrolled_Format_String__char_console_printf_52.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_52b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_52b_badSink(char * data); 0 --------------------------------- 3850 72448/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54.c cppfunc 286 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54e_goodG2BSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 3851 65162/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_11.c cppfunc 93 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 3852 63445/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_14.c cppfunc 94 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 3853 67308/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_05.c cppfunc 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3854 149226/use_after_free_@buffer-good.c cppfunc 26 char *str[1] = {(char *)NULL}; if ((*str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(*str, "Falut!"); **str = 'S'; printf("%s\n", *str); free(*str); 0 --------------------------------- 3855 153236/dynahash.c cppfunc 259 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3856 153236/dynahash.c cppfunc 252 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3857 153236/dynahash.c cppfunc 256 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3858 153104/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3859 72808/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_09.c cppfunc 71 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 3860 153049/subtrans.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3861 67401/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_02.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3862 153562/color.c cppfunc 600 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int marcello_biglot = 105; char *archbishopry_struthiform; stonesoup_read_taint(&archbishopry_struthiform,"8359",marcello_biglot); free(((char *)archbishopry_struthiform)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&archbishopry_struthiform,"8359",marcello_biglot); free(((char *)archbishopry_struthiform)); 0 --------------------------------- 3863 153631/color.c cppfunc 605 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int keftian_hydrogenase = 596; char *pointal_distortive; stonesoup_read_taint(&pointal_distortive,"7520",keftian_hydrogenase); free(((char *)pointal_distortive)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&pointal_distortive,"7520",keftian_hydrogenase); free(((char *)pointal_distortive)); 0 --------------------------------- 3864 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c cppfunc 391 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 3865 62978/CWE121_Stack_Based_Buffer_Overflow__CWE135_52.c cppfunc 222 void CWE121_Stack_Based_Buffer_Overflow__CWE135_52b_goodB2GSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 3866 62978/CWE121_Stack_Based_Buffer_Overflow__CWE135_52.c cppfunc 225 void CWE121_Stack_Based_Buffer_Overflow__CWE135_52b_goodB2GSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3867 73719/CWE124_Buffer_Underwrite__CWE839_listen_socket_42.c cppfunc 75 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3868 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 3869 153630/heapam.c cppfunc 5258 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); reaccompanying_padishah = ((void *)ontine_pereira); yoldring_rager[5] = reaccompanying_padishah; aditus_expropriates = 5; ; } ++stonesoup_global_variable;; if (ontine_pereira != 0) {; aditus_expropriates = 5; ; 0 --------------------------------- 3870 153489/color.c cppfunc 613 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *sulfured_lockerbie) free(((char *)sulfured_lockerbie)); 0 --------------------------------- 3871 153022/cmdutils.c cppfunc 918 int opt_max_alloc(void *optctx,const char *opt,const char *arg) char *tail; max = (strtol(arg,&tail,'\n')); 0 --------------------------------- 3872 70985/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_10.c cppfunc 70 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 3873 79479/CWE134_Uncontrolled_Format_String__char_console_printf_82a.cpp inputfunc 38 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject->action(data); virtual void action(char * data) = 0; 0 --------------------------------- 3874 71413/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_06.c cppfunc 100 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 3875 153000/color.c cppfunc 373 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3876 153375/mux.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3877 73060/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_31.c cppfunc 63 data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 3878 73524/CWE123_Write_What_Where_Condition__listen_socket_33.cpp cppfunc 95 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3879 153816/error.c cppfunc 102 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3880 153161/cryptlib.c cppfunc 202 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3881 70643/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_04.c cppfunc 422 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3882 153440/color.c cppfunc 605 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *commutating_persicaria; stonesoup_read_taint(&commutating_persicaria,"REVOCATION_CONSUMPTIBLE"); free(((char *)commutating_persicaria)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&commutating_persicaria,"REVOCATION_CONSUMPTIBLE"); free(((char *)commutating_persicaria)); 0 --------------------------------- 3883 72180/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_05.c cppfunc 106 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 3884 152936/eng_table.c cppfunc 134 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 3885 153629/avpacket.c cppfunc 63 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 3886 72091/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_12.c cppfunc 79 data[0] = L'\0'; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 3887 70655/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_16.c cppfunc 194 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3888 152948/mutex.c cppfunc 68 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3889 72357/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_65.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_65b_badSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3890 152913/eng_lib.c cppfunc 430 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *charmeuse_winter) duumviral_unflouted = ((int )(strlen(charmeuse_winter))); memcpy(coproducing_diseasy,charmeuse_winter,duumviral_unflouted); free(((char *)charmeuse_winter)); 0 --------------------------------- 3891 72010/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_43.cpp cppfunc 46 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 3892 153142/tile.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3893 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c cppfunc 147 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 3894 153212/utils.c cppfunc 4752 char *endptr; prog_id = (strtol(spec,&endptr,0)); if (( *(endptr++)) == ':') { int stream_idx = (strtol(endptr,((void *)0),0)); 0 --------------------------------- 3895 153039/bufmgr.c cppfunc 138 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3896 153238/color.c cppfunc 333 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 3897 153238/color.c cppfunc 331 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 3898 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c inputfunc 163 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 3899 153752/heapam.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3900 70928/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_01.c cppfunc 61 data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 3901 66527/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_08.c cppfunc 75 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3902 153816/error.c cppfunc 75 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3903 71431/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_34.c cppfunc 77 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 3904 153602/img2.c cppfunc 45 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3905 70936/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_09.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 3906 79519/CWE134_Uncontrolled_Format_String__char_console_snprintf_65.c inputfunc 49 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 3907 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c cppfunc 76 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3908 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c cppfunc 73 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 3909 152903/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3910 153385/portalmem.c cppfunc 130 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3911 72720/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_17.c cppfunc 31 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 3912 72112/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54.c cppfunc 270 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54e_badSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 3913 62973/CWE121_Stack_Based_Buffer_Overflow__CWE135_42.c cppfunc 69 data = (void *)CHAR_STRING; return data; data = goodG2BSource(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 3914 153089/string.c cppfunc 569 jmp_buf milfoils_excerpting; mesne_sweven = setjmp(milfoils_excerpting); longjmp(milfoils_excerpting,1); 0 --------------------------------- 3915 72098/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_21.c cppfunc 92 static wchar_t * goodG2B1Source(wchar_t * data) data = NULL; data = goodG2B1Source(data); data[0] = L'\0'; return data; data = goodG2B1Source(data); wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 3916 71175/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_08.c cppfunc 106 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 3917 69867/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_74.cpp cppfunc 142 void badSink(map dataMap) int * data = dataMap[2]; memcpy(data, source, 10*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 3918 153442/bss_file.c cppfunc 135 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 3919 153686/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3920 153119/bufmgr.c cppfunc 130 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3921 153670/avdevice.c cppfunc 55 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3922 73052/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_13.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 3923 148923/strutil.c cppfunc 944 escape_string(char *buf, const char *string) for (p = string; (c = *p) != '\0'; p++) { else if (!isprint((unsigned char)c)) { 0 --------------------------------- 3924 66410/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_62.cpp cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); void badSource(wchar_t * &data); dataLen = wcslen(data); 0 --------------------------------- 3925 110544/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_68.c cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3926 110362/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_03.c cppfunc 116 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3927 153459/file_wrappers.c cppfunc 1718 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *kernel_wanweird) unforeseen_rhinologic = ((int )(strlen(kernel_wanweird))); memcpy(bugayev_cerata,kernel_wanweird,unforeseen_rhinologic); free(((char *)kernel_wanweird)); 0 --------------------------------- 3928 153459/file_wrappers.c cppfunc 1710 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *kernel_wanweird) unforeseen_rhinologic = ((int )(strlen(kernel_wanweird))); bugayev_cerata = ((char *)(malloc(unforeseen_rhinologic + 1))); 0 --------------------------------- 3929 153688/column.c inputfunc 111 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hygrophyte_exobasidium,"CYBELE_ATTRITIVE"); if (hygrophyte_exobasidium != 0) {; underrespected_clitellar = ((void *)hygrophyte_exobasidium); *lynchings_septicopyemic = underrespected_clitellar; 0 --------------------------------- 3930 153217/gimpdisplay.c inputfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&colluvia_laris,"5936",posho_undeclarative); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 3931 153217/gimpdisplay.c cppfunc 107 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3932 62965/CWE121_Stack_Based_Buffer_Overflow__CWE135_18.c cppfunc 86 data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 3933 65433/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_02.c cppfunc 72 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 3934 153175/utils.c cppfunc 4766 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; sid = (strtol(spec + 1,&endptr,0)); 0 --------------------------------- 3935 70641/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_02.c cppfunc 262 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3936 153531/emem.c cppfunc 2050 void *qsl_scuddy = 0; kamloops_prud(&qsl_scuddy); unpromotive_lachnanthes(qsl_scuddy); void unpromotive_lachnanthes(void *const sarods_peculiarness) free(((char *)((char *)((void *)sarods_peculiarness)))); 0 --------------------------------- 3937 70510/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_15.c cppfunc 315 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3938 67727/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_16.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3939 70660/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_31.c cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3940 110344/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_54.c cppfunc 428 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_54e_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3941 153668/error.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 3942 153107/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3943 153706/cmdline.c cppfunc 896 svn_error_t *svn_cmdline__edit_file_externally(const char *path,const char *editor_cmd,apr_hash_t *config,apr_pool_t *pool) const char *editor; const char *file_name; svn_dirent_split(&base_dir,&file_name,path,pool); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); apr_err = apr_filepath_set(old_cwd,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); 0 --------------------------------- 3944 72165/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_65.c cppfunc 125 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 3945 71396/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_64.c cppfunc 146 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 3946 72108/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_45.c cppfunc 66 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_45_goodG2BData; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 3947 153787/dynahash.c cppfunc 243 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3948 153312/config.c cppfunc 133 int kirktown_alamota = 105; stonesoup_read_taint(&palaeozoic_kookri,"3196",kirktown_alamota); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 3949 70411/CWE122_Heap_Based_Buffer_Overflow__CWE135_12.c cppfunc 122 wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3950 70533/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_65.c cppfunc 213 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 3951 72778/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_43.cpp cppfunc 35 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 3952 73043/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_04.c cppfunc 74 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 3953 153557/conversation.c cppfunc 132 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3954 153557/conversation.c cppfunc 130 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3955 152998/string.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3956 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c inputfunc 169 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 3957 110801/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_10.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3958 66596/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_45.c cppfunc 73 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3959 153512/color.c cppfunc 346 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3960 153591/e_camellia.c cppfunc 85 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3961 67749/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_65.cpp cppfunc 86 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3962 110542/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_66.c cppfunc 238 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_66b_badSink(int dataArray[]) int data = dataArray[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3963 71399/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67.c cppfunc 154 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67_structType myStruct; data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67_structType myStruct) char * data = myStruct.structFirst; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 3964 153240/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3965 153393/pgstat.c inputfunc 3300 if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { switch(fgetc(fpin)){ if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 3966 153179/config_file.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3967 70519/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_34.c cppfunc 138 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3968 66356/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_45.c cppfunc 77 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3969 153513/utils.c cppfunc 4752 char *endptr; prog_id = (strtol(spec,&endptr,0)); if (( *(endptr++)) == ':') { int stream_idx = (strtol(endptr,((void *)0),0)); 0 --------------------------------- 3970 67574/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_07.cpp cppfunc 101 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3971 70663/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_34.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3972 66633/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_18.c cppfunc 60 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3973 67440/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_68.c cppfunc 35 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 3974 71480/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_41.c cppfunc 65 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_41_goodG2BSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 3975 153225/color.c cppfunc 373 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3976 72212/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_64.c cppfunc 136 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 3977 153194/tile-manager.c cppfunc 79 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 3978 153194/tile-manager.c cppfunc 77 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 3979 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 3980 148881/packet-http.c cppfunc 2058 process_header(tvbuff_t *tvb, int offset, int next_offset, const guchar *line, int linelen, int colon_offset, char *p; line_end_offset = offset + linelen; header_name = se_strndup(&line[0], header_len); value = ep_strndup(&line[value_offset - offset], value_len); value_offset = colon_offset + 1; value_offset++; value_len = line_end_offset - value_offset; value = ep_strndup(&line[value_offset - offset], value_len); tmp=strtol(value, NULL, 10); value, "%s", format_text(line, len)); eh_ptr->content_length = strtol(value, &p, 10); 0 --------------------------------- 3981 72075/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_74.cpp cppfunc 171 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 3982 153255/pmsignal.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3983 153255/pmsignal.c cppfunc 117 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 3984 66331/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_04.c cppfunc 93 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 3985 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c cppfunc 343 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 3986 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c cppfunc 340 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 3987 72311/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67.c cppfunc 152 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67_structType myStruct; data[50-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67_structType myStruct) char * data = myStruct.structFirst; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 3988 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c cppfunc 53 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 3989 110325/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_14.c cppfunc 153 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 3990 153337/img2.c cppfunc 45 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3991 153513/utils.c cppfunc 98 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 3992 153470/mutex.c cppfunc 51 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 3993 153037/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 3994 62582/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_21.c cppfunc 126 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 3995 70680/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68.c cppfunc 185 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 3996 153498/mem_dbg.c cppfunc 473 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *deciatine_gotthard; stonesoup_read_taint(&deciatine_gotthard,"NONPECUNIARY_MELVERN"); fluoresceine_proration = ((int )(strlen(deciatine_gotthard))); memcpy(wilt_snot,deciatine_gotthard,fluoresceine_proration); free(((char *)deciatine_gotthard)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&deciatine_gotthard,"NONPECUNIARY_MELVERN"); fluoresceine_proration = ((int )(strlen(deciatine_gotthard))); memcpy(wilt_snot,deciatine_gotthard,fluoresceine_proration); free(((char *)deciatine_gotthard)); 0 --------------------------------- 3997 70408/CWE122_Heap_Based_Buffer_Overflow__CWE135_09.c cppfunc 111 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 3998 153690/gimpviewable.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 3999 67721/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_10.cpp cppfunc 307 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4000 153690/gimpviewable.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4001 70861/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_51.c cppfunc 147 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_51b_goodG2BSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4002 153584/pmsignal.c cppfunc 118 stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4003 110826/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_62.cpp cppfunc 213 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4004 153036/string.c cppfunc 117 stonesoup_read_taint(&commune_loudmouthed,"INFANGTHIEF_QUERELE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 4005 153401/e_camellia.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4006 153375/mux.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4007 153546/dirent_uri.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4008 66342/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_15.c cppfunc 94 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4009 153657/pgstat.c inputfunc 3304 if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { switch(fgetc(fpin)){ if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 4010 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c cppfunc 94 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 4011 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c cppfunc 91 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_goodG2BData = data; goodG2BSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_goodG2BData; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 4012 70646/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_07.c cppfunc 197 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4013 153426/e_bf.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4014 72963/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22.c cppfunc 89 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_goodG2B2Source(wchar_t * data) data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_goodG2B2Source(data); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4015 71391/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53.c cppfunc 239 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53d_goodG2BSink(char * data) strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 4016 153175/utils.c cppfunc 4250 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; const char *col; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { if ((col = (strchr(p,':'))) && col < ls) { *port_ptr = atoi(col + 1); 0 --------------------------------- 4017 153304/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4018 153509/color.c cppfunc 120 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4019 153509/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4020 72289/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_18.c cppfunc 62 data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4021 153422/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4022 152895/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4023 152895/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4024 152895/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4025 72842/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_73.cpp cppfunc 169 list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); strcat(data, source); printLine(data); free(data); 0 --------------------------------- 4026 66286/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_07.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4027 72712/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_09.c cppfunc 90 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 4028 70652/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_13.c cppfunc 304 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4029 153269/color.c cppfunc 351 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 4030 71424/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_17.c cppfunc 42 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4031 153792/gimpdisplay.c cppfunc 122 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4032 153091/mux.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4033 153091/mux.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4034 72103/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_34.c cppfunc 75 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 4035 199275/invalid_memory_access.c cppfunc 411 invalid_memory_access_013_s_001_s_gbl = (invalid_memory_access_013_s_001 *)calloc(1,sizeof(invalid_memory_access_013_s_001)); invalid_memory_access_013_s_001_s_gbl->a = 10; invalid_memory_access_013_s_001_s_gbl->b = 10; invalid_memory_access_013_s_001_s_gbl->uninit = 10; invalid_memory_access_013_func_001 (1); ret = invalid_memory_access_013_func_002 (1); free(invalid_memory_access_013_s_001_s_gbl); 0 --------------------------------- 4036 72498/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_62.cpp cppfunc 66 data[50-1] = '\0'; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 0 --------------------------------- 4037 153781/emem.c cppfunc 1127 rubbery_brilliant = getenv("FAIRLY_INCOHERENCY"); miscalculating_abevacuation = ((int )(strlen(rubbery_brilliant))); turmet_clerkish = ((char *)(malloc(miscalculating_abevacuation + 1))); 0 --------------------------------- 4038 70883/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_04.c cppfunc 79 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4039 153176/stream.c cppfunc 129 int shagreened_hoffer = 596; stonesoup_read_taint(&moonsick_polycoccous,"1958",shagreened_hoffer); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 4040 152900/avdevice.c cppfunc 68 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4041 153407/config.c cppfunc 107 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4042 153407/config.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4043 152999/tile-swap.c cppfunc 140 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4044 152999/tile-swap.c cppfunc 147 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4045 152999/tile-swap.c cppfunc 144 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4046 73033/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_72.cpp cppfunc 165 vector dataVector; data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 4047 70868/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_64.c cppfunc 152 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4048 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c cppfunc 31 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 4049 153027/color.c cppfunc 609 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *breached_embroiling) free(((char *)breached_embroiling)); 0 --------------------------------- 4050 70486/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_66.c cppfunc 309 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4051 69906/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_62.cpp cppfunc 145 data = new wchar_t[100]; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 4052 153244/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4053 70921/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_72.cpp cppfunc 175 vector dataVector; data = (char *)malloc((10+1)*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4054 110473/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_18.c cppfunc 70 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4055 153155/hashfn.c cppfunc 48 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4056 65400/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_09.c cppfunc 71 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 4057 70768/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54.c cppfunc 291 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54e_badSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 4058 69886/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_15.cpp cppfunc 103 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 4059 153042/color.c cppfunc 614 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 4060 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c cppfunc 153 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 4061 72161/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_61.c cppfunc 63 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4062 153351/oids.c cppfunc 972 char *sphenomaxillary_stereoscopy; stonesoup_read_taint(&sphenomaxillary_stereoscopy,"MOFW_BRAMLEY"); pachysandra_depolarising = ((int )(strlen(sphenomaxillary_stereoscopy))); orthograde_unstack = ((char *)(malloc(pachysandra_depolarising + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&sphenomaxillary_stereoscopy,"MOFW_BRAMLEY"); pachysandra_depolarising = ((int )(strlen(sphenomaxillary_stereoscopy))); orthograde_unstack = ((char *)(malloc(pachysandra_depolarising + 1))); 0 --------------------------------- 4063 153800/avdevice.c cppfunc 50 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4064 153055/config_file.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4065 153800/avdevice.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4066 70520/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_41.c cppfunc 144 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4067 153774/eng_table.c cppfunc 132 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4068 153197/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4069 153282/file_wrappers.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4070 199236/buffer_underrun_dynamic.c cppfunc 463 char *buf=(char*) calloc(5,sizeof(char)); buf[i]='1'; free(buf); 0 --------------------------------- 4071 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c cppfunc 254 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 4072 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c cppfunc 251 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 4073 153589/bio_err.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4074 66536/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_17.c cppfunc 58 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 4075 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c cppfunc 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1_vasink(data, data); static void goodB2G1_vasink(char * data, ...) va_start(args, data); 0 --------------------------------- 4076 72152/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_41.c cppfunc 33 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4077 72885/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_65.c cppfunc 124 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_65b_badSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 4078 72272/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_01.c cppfunc 58 data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4079 153786/dynahash.c cppfunc 268 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4080 153569/column-utils.c cppfunc 60 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4081 152967/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 4082 152944/color.c cppfunc 604 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *embiid_estherville) free(((char *)embiid_estherville)); 0 --------------------------------- 4083 153312/config.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4084 153312/config.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4085 153827/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4086 199234/buffer_overrun_dynamic.c cppfunc 262 int *buf=(int*) calloc(5,sizeof(int)); int index = 1; *(buf +((2 * index) + 1)) = 1; free(buf); 0 --------------------------------- 4087 152955/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 4088 110314/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_03.c cppfunc 179 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4089 66641/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_42.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 4090 70899/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22.c cppfunc 91 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B2Source(data); data = (char *)malloc((10+1)*sizeof(char)); return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B2Source(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B2Source(char * data) return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B2Source(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4091 67591/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_34.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4092 153766/tile-swap.c cppfunc 122 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4093 72360/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68.c cppfunc 149 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68_goodG2BData; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4094 153334/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4095 153098/main_statusbar.c cppfunc 140 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4096 153098/main_statusbar.c cppfunc 149 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4097 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c cppfunc 192 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 4098 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c cppfunc 195 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 4099 73069/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_51.c cppfunc 137 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_51b_goodG2BSink(char * data) strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 4100 66624/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_09.c cppfunc 66 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4101 66623/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_08.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4102 153107/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4103 153815/stream.c cppfunc 117 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4104 153815/stream.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4105 153815/stream.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4106 72188/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_13.c cppfunc 99 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 4107 153335/emem.c cppfunc 178 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4108 153423/error.c cppfunc 231 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int epistoler_haemapophysis = 20; char *isopycnal_appt; stonesoup_read_taint(&isopycnal_appt,"4193",epistoler_haemapophysis); cartoned_lichenised = ((int )(strlen(isopycnal_appt))); logperch_hesitant = ((char *)(malloc(cartoned_lichenised + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&isopycnal_appt,"4193",epistoler_haemapophysis); cartoned_lichenised = ((int )(strlen(isopycnal_appt))); logperch_hesitant = ((char *)(malloc(cartoned_lichenised + 1))); 0 --------------------------------- 4109 66272/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_68.c cppfunc 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4110 71368/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_09.c cppfunc 71 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 4111 67314/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_11.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4112 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c cppfunc 228 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 4113 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c cppfunc 225 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 4114 71384/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_41.c cppfunc 59 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_41_goodG2BSink(char * data) strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 4115 1291/sig-bad.c cppfunc 621 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); 0 --------------------------------- 4116 71115/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_74.cpp cppfunc 175 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 4117 66522/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_03.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4118 71409/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_02.c cppfunc 41 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4119 71491/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_63.c cppfunc 133 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_63b_badSink(char * * dataPtr) char * data = *dataPtr; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 4120 71464/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_09.c cppfunc 77 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 4121 72651/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_74.cpp cppfunc 149 void badSink(map dataMap) wchar_t * data = dataMap[2]; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 4122 153491/stream.c cppfunc 218 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int overcritically_puzzlepate = 76; char *tyrocidin_discussible;; stonesoup_read_taint(&tyrocidin_discussible,"6256",overcritically_puzzlepate); connections_bonetail = &tyrocidin_discussible; vinaigretted_reimprint = &connections_bonetail; free(((char *)( *( *vinaigretted_reimprint)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&tyrocidin_discussible,"6256",overcritically_puzzlepate); connections_bonetail = &tyrocidin_discussible; vinaigretted_reimprint = &connections_bonetail; free(((char *)( *( *vinaigretted_reimprint)))); 0 --------------------------------- 4123 153729/color.c cppfunc 616 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int villagers_ehrwaldite = 596; char *trullisatios_cornier; stonesoup_read_taint(&trullisatios_cornier,"7240",villagers_ehrwaldite); free(((char *)trullisatios_cornier)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&trullisatios_cornier,"7240",villagers_ehrwaldite); free(((char *)trullisatios_cornier)); 0 --------------------------------- 4124 72947/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_04.c cppfunc 100 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4125 149108/dble_free_local_flow-good.c cppfunc 62 unsigned int r; f = fopen("/dev/urandom", "rb"); if(fread(&r, sizeof r, 1, f) != 1) return r; vector[i] = (short)(getRand() % 256); vector = NULL; printf("%d ",vector[i]); free(vector); if (!(vector = (short *)calloc(3,sizeof(short)))) execute(vector); void execute(short *vector) free(vector); 0 --------------------------------- 4126 73059/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22.c cppfunc 83 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_goodG2B2Source(data); strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 4127 65159/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_08.c cppfunc 85 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 4128 153760/aviobuf.c inputfunc 108 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&respective_nugae,"SYNTONIZER_HOARSER"); if (respective_nugae != 0) {; exteriorness_androgenous = &respective_nugae; cep_cerrogordo = exteriorness_androgenous + 5; lpf_eavedropping = ((char *)( *(cep_cerrogordo - 5))); strncpy(stonesoup_source, lpf_eavedropping, sizeof(stonesoup_source)); if ( *(cep_cerrogordo - 5) != 0) free(((char *)( *(cep_cerrogordo - 5)))); 0 --------------------------------- 4129 153677/color.c cppfunc 336 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 4130 153677/color.c cppfunc 338 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 4131 153534/string.c cppfunc 584 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int maunderer_kidneys = 44; char *morfounder_settles; stonesoup_read_taint(&morfounder_settles,"1773",maunderer_kidneys); luca_sangu = ((int )(strlen(morfounder_settles))); memcpy(scabrin_laocoon,morfounder_settles,luca_sangu); free(((char *)morfounder_settles)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&morfounder_settles,"1773",maunderer_kidneys); luca_sangu = ((int )(strlen(morfounder_settles))); memcpy(scabrin_laocoon,morfounder_settles,luca_sangu); free(((char *)morfounder_settles)); 0 --------------------------------- 4132 153740/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4133 152980/conversation.c cppfunc 93 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4134 153594/error.c cppfunc 112 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4135 153440/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4136 153468/utils.c cppfunc 4752 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) switch(( *(spec++))){ if (( *(spec++)) == ':') { int index = (strtol(spec,((void *)0),0)); 0 --------------------------------- 4137 153695/main_statusbar.c cppfunc 143 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 4138 153580/pmsignal.c cppfunc 141 int bewhisker_animadversions = 105; stonesoup_read_taint(&aftercomer_brauhauser,"6331",bewhisker_animadversions); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 4139 110324/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_13.c cppfunc 153 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4140 148966/packet-http.c cppfunc 2273 process_header(tvbuff_t *tvb, int offset, int next_offset, const guchar *line, int linelen, int colon_offset, line_end_offset = offset + linelen; header_name = se_strndup(&line[0], header_len); value_offset = colon_offset + 1; value_offset++; value_len = line_end_offset - value_offset; value = ep_strndup(&line[value_offset - offset], value_len); tmp=strtol(value, NULL, 10); value, "%s", format_text(line, len)); c = value[i]; if (c == ';' || isspace(c)) { 0 --------------------------------- 4141 79526/CWE134_Uncontrolled_Format_String__char_console_snprintf_81a.cpp inputfunc 38 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject.action(data); virtual void action(char * data) const = 0; 0 --------------------------------- 4142 70749/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_14.c cppfunc 89 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 4143 71007/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53.c cppfunc 253 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53d_goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4144 73000/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_09.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 4145 153375/mux.c cppfunc 104 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4146 71785/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_72.cpp cppfunc 142 void badSink(vector dataVector) int * data = dataVector[2]; memmove(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 4147 153327/e_camellia.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4148 199284/memory_allocation_failure.c cppfunc 110 ret = MAX_VAL; ret=1; return ret; unsigned int *ptr = (unsigned int*) malloc(memory_allocation_failure_004_func_001(0)*sizeof(unsigned int)); *(ptr+1) = 10; free(ptr); 0 --------------------------------- 4149 62597/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_61.c cppfunc 216 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4150 153327/e_camellia.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4151 153510/tile.c cppfunc 79 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4152 110526/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_33.cpp cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4153 153510/tile.c cppfunc 72 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4154 153510/tile.c cppfunc 76 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4155 72987/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_74.cpp cppfunc 169 data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4156 153321/column-utils.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4157 72456/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68.c cppfunc 149 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68_goodG2BData; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 4158 66560/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_68.c cppfunc 35 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4159 73027/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_63.c cppfunc 119 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_63b_badSink(char * * dataPtr) char * data = *dataPtr; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 4160 67407/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_08.c cppfunc 45 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4161 153245/e_bf.c cppfunc 155 void trilloes_arranger(char **arterialization_jebel) temesv_threefolded = ((char *)( *(arterialization_jebel - 5))); stonesoup_buffer = malloc((strlen(temesv_threefolded) + 1) * sizeof(char )); strcpy(stonesoup_buffer,temesv_threefolded); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 4162 70650/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_11.c cppfunc 262 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4163 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c cppfunc 190 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 4164 153100/color.c cppfunc 118 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4165 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c inputfunc 89 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_22_goodB2G1Sink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_22_goodB2G1Sink(char * data); 0 --------------------------------- 4166 153154/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4167 70513/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_18.c cppfunc 122 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4168 73042/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_03.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 4169 71362/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_03.c cppfunc 93 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 4170 70449/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_02.c cppfunc 419 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4171 110512/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_09.c cppfunc 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4172 69923/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_04.cpp cppfunc 100 data = new wchar_t[100]; data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 4173 152866/gimpdisplay.c cppfunc 888 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; struct myelemia_schapping lobal_cysteine; int hut_corea = 44; char *overvehement_macrocosm;; stonesoup_read_taint(&overvehement_macrocosm,"4212",hut_corea); lobal_cysteine . snooled_lections = ((char *)overvehement_macrocosm); transliterate_actuarian = zalucki_awatch(lobal_cysteine); struct myelemia_schapping zalucki_awatch(struct myelemia_schapping sense_dendrocolaptine) return sense_dendrocolaptine; transliterate_actuarian = zalucki_awatch(lobal_cysteine); free(((char *)transliterate_actuarian . snooled_lections)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&overvehement_macrocosm,"4212",hut_corea); lobal_cysteine . snooled_lections = ((char *)overvehement_macrocosm); transliterate_actuarian = zalucki_awatch(lobal_cysteine); 0 --------------------------------- 4174 66556/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_64.c cppfunc 50 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4175 153057/file_wrappers.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4176 66373/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_82a.cpp cppfunc 49 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4177 110336/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_41.c cppfunc 141 intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_41_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_41_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4178 153384/color.c cppfunc 597 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int ferriage_iappp = 131; char *resupervise_aminoketone; stonesoup_read_taint(&resupervise_aminoketone,"8394",ferriage_iappp); free(((char *)resupervise_aminoketone)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&resupervise_aminoketone,"8394",ferriage_iappp); free(((char *)resupervise_aminoketone)); 0 --------------------------------- 4179 153029/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 4180 71360/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_01.c cppfunc 60 data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 4181 153011/eng_table.c cppfunc 509 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; int mexico_shellmonger = 596; char *quebracho_archpriesthood; stonesoup_read_taint(&quebracho_archpriesthood,"9440",mexico_shellmonger); euktolite_yamshik = ((int )(strlen(quebracho_archpriesthood))); repousse_casavant = ((char *)(malloc(euktolite_yamshik + 1))); memset(repousse_casavant,0,euktolite_yamshik + 1); memcpy(repousse_casavant,quebracho_archpriesthood,euktolite_yamshik); gnathonize_riverway(hmm_semitropics,repousse_casavant); gnathonize_riverway(orthographize_overdoes,garibaldi_unpitifulness); void gnathonize_riverway(int orthographize_overdoes,char *garibaldi_unpitifulness) free(((char *)garibaldi_unpitifulness)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&quebracho_archpriesthood,"9440",mexico_shellmonger); euktolite_yamshik = ((int )(strlen(quebracho_archpriesthood))); memcpy(repousse_casavant,quebracho_archpriesthood,euktolite_yamshik); gnathonize_riverway(hmm_semitropics,repousse_casavant); 0 --------------------------------- 4182 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c cppfunc 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 4183 73729/CWE124_Buffer_Underwrite__CWE839_listen_socket_63.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4184 153830/main_statusbar.c cppfunc 157 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4185 66661/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_82a.cpp cppfunc 49 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4186 153126/color.c cppfunc 353 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 4187 153126/color.c cppfunc 351 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 4188 153114/tile.c cppfunc 73 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 4189 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c cppfunc 147 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 4190 62979/CWE121_Stack_Based_Buffer_Overflow__CWE135_53.c cppfunc 283 void CWE121_Stack_Based_Buffer_Overflow__CWE135_53c_goodB2GSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4191 70509/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_14.c cppfunc 270 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4192 67322/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_21.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 4193 152898/color.c cppfunc 597 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *flitchen_catchments) free(((char *)flitchen_catchments)); 0 --------------------------------- 4194 153041/resowner.c cppfunc 143 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4195 72804/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_05.c cppfunc 78 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 4196 66579/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_12.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4197 66579/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_12.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4198 72729/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_42.c cppfunc 53 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 4199 72178/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_03.c cppfunc 77 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 4200 73024/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54.c cppfunc 284 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54e_goodG2BSink(char * data) strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 4201 62963/CWE121_Stack_Based_Buffer_Overflow__CWE135_16.c cppfunc 71 data = NULL; data = (void *)WIDE_STRING; memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 4202 62963/CWE121_Stack_Based_Buffer_Overflow__CWE135_16.c cppfunc 74 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4203 153631/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 4204 110384/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_41.c cppfunc 78 intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_41_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_41_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4205 153724/ffmpeg.c cppfunc 164 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4206 110812/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_31.cpp cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4207 153543/bio_err.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4208 153724/ffmpeg.c cppfunc 168 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4209 153543/bio_err.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4210 71400/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68.c cppfunc 151 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68_goodG2BData; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 4211 153243/main_filter_toolbar.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4212 153243/main_filter_toolbar.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4213 153363/column-utils.c cppfunc 90 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4214 153363/column-utils.c cppfunc 92 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4215 67736/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_41.cpp cppfunc 110 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4216 153490/tile-swap.c cppfunc 150 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4217 70844/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_13.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4218 153604/color.c cppfunc 379 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 4219 152945/portalmem.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4220 67717/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_06.cpp inputfunc 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 4221 71434/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_43.cpp cppfunc 75 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4222 153004/tile-manager.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4223 71770/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_43.cpp cppfunc 65 data = (int *)malloc(100*sizeof(int)); memmove(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 4224 70505/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_10.c cppfunc 181 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4225 70741/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_06.c cppfunc 93 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 4226 153213/dynahash.c cppfunc 267 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4227 153213/dynahash.c cppfunc 269 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4228 152941/eng_lib.c cppfunc 126 stonesoup_read_taint(&salnatron_minsteryard,"PHRYGANEOID_JENEQUEN"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 4229 152941/eng_lib.c inputfunc 129 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&salnatron_minsteryard,"PHRYGANEOID_JENEQUEN"); if (salnatron_minsteryard != 0) {; unstirred_antiasthmatic[20] = salnatron_minsteryard; stymphalian_dodson = &unstirred_antiasthmatic; saul_hyacine = &stymphalian_dodson; neutrodyne_maewo = &saul_hyacine; featurelessness_lecoma = &neutrodyne_maewo; millen_metropolitical = &featurelessness_lecoma; mydriatine_emblematise = &millen_metropolitical; sogat_desmepithelium = &mydriatine_emblematise; guaranteer_chinoline = &sogat_desmepithelium; pallini_fatalism = &guaranteer_chinoline; scenewright_preutilized = &pallini_fatalism; 0 --------------------------------- 4230 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c cppfunc 80 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 4231 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c cppfunc 83 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 4232 62605/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_72.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4233 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c inputfunc 169 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 4234 73031/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67.c cppfunc 150 CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67_structType myStruct; data[50-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67_structType myStruct) char * data = myStruct.structFirst; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 4235 70647/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_08.c cppfunc 471 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4236 110313/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_02.c cppfunc 153 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4237 66621/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_06.c cppfunc 90 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4238 69729/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_02.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 4239 65195/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_04.c cppfunc 79 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 4240 62712/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_05.c cppfunc 298 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4241 73077/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_65.c cppfunc 122 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_65b_badSink(char * data) strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 4242 153086/mem_dbg.c cppfunc 703 static void print_leak_LHASH_DOALL_ARG(void *arg1,void *arg2) const MEM *a = arg1; print_leak_doall_arg(a,b); static void print_leak_doall_arg(const MEM *m,MEM_LEAK *l) lcl = localtime(&m -> time); 0 --------------------------------- 4243 62720/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_13.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4244 153376/color.c cppfunc 340 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 4245 153376/color.c cppfunc 342 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 4246 153729/color.c cppfunc 380 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 4247 153607/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4248 153607/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4249 153607/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4250 71015/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67.c cppfunc 141 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4251 153655/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&tanghin_sunsetty,"MOLDS_BABAYLAN"); if (tanghin_sunsetty != 0) {; if (tanghin_sunsetty != 0) free(((char *)tanghin_sunsetty)); 0 --------------------------------- 4252 66531/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_12.c cppfunc 63 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4253 153105/portalmem.c cppfunc 474 contourne_unbragging = getenv("WALLFLOWERS_SLOCK"); antakya_progress = ((int )(strlen(contourne_unbragging))); wiremen_provisioneress = ((char *)(malloc(antakya_progress + 1))); 0 --------------------------------- 4254 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c cppfunc 53 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badSink(data); static void badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 4255 72775/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_34.c cppfunc 77 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 4256 152900/avdevice.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4257 152900/avdevice.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4258 152900/avdevice.c cppfunc 50 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4259 153402/color.c cppfunc 161 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 4260 71187/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22.c cppfunc 72 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_goodG2B1Source(data); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 4261 153057/file_wrappers.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4262 153417/resowner.c cppfunc 138 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4263 72746/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_73.cpp cppfunc 167 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 4264 153546/dirent_uri.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4265 153546/dirent_uri.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4266 72356/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_64.c cppfunc 144 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4267 70680/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4268 70646/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_07.c cppfunc 267 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4269 153535/avdevice.c cppfunc 50 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4270 153535/avdevice.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4271 153058/avfilter.c cppfunc 907 void brickbats_mtbaldy(const reemission_cwrite engracing_creg) BRUNNICHIA_APRILIS(engracing_creg); void ccip_chatterbag(reemission_cwrite hating_nonvacua) free(((char *)((reemission_cwrite )hating_nonvacua))); 0 --------------------------------- 4272 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 4273 153433/resowner.c inputfunc 195 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&aquatints_tumbrils,"WITTE_ANAEROPLASTY"); if (aquatints_tumbrils != 0) {; crass_pyroborate = ((int )(strlen(aquatints_tumbrils))); adelomorphous_montparnasse = ((char *)(malloc(crass_pyroborate + 1))); if (adelomorphous_montparnasse == 0) { memcpy(adelomorphous_montparnasse,aquatints_tumbrils,crass_pyroborate); if (aquatints_tumbrils != 0) free(((char *)aquatints_tumbrils)); 0 --------------------------------- 4274 149042/red.c cppfunc 127 for (i = 0; i < NUM_RAND_ALLOCS; i++) { char text[80]; sprintf(text, "|OTHER-PRIVATE-CONFIDENTIAL-SECRET-MEMORY-%02d", i); pl = strlen(text) * 32 * (i+1); p = malloc(pl); 0 --------------------------------- 4275 67339/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_63.c cppfunc 50 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4276 70909/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_51.c cppfunc 147 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_51b_goodG2BSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4277 66576/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_09.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4278 153464/mem_dbg.c cppfunc 498 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *cotonou_subbing; stonesoup_read_taint(&cotonou_subbing,"CONGLOMERATIC_EUPHORBIA"); decannulation_wooingly[3] = cotonou_subbing; maru_ganching[5] = decannulation_wooingly; newchwang_odalisks = 5; carara_protested = &newchwang_odalisks; provand_unbarrel = *(maru_ganching + *carara_protested); free(((char *)provand_unbarrel[3])); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&cotonou_subbing,"CONGLOMERATIC_EUPHORBIA"); decannulation_wooingly[3] = cotonou_subbing; maru_ganching[5] = decannulation_wooingly; provand_unbarrel = *(maru_ganching + *carara_protested); free(((char *)provand_unbarrel[3])); 0 --------------------------------- 4279 153744/types.c cppfunc 85 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4280 153744/types.c cppfunc 83 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4281 70901/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_32.c cppfunc 78 char * *dataPtr2 = &data; char * data = *dataPtr2; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4282 153106/config.c cppfunc 95 size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4283 153106/config.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4284 153231/color.c cppfunc 589 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *froughy_heger; stonesoup_read_taint(&froughy_heger,"HERTZIAN_FEUDALIZED"); free(((char *)froughy_heger)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&froughy_heger,"HERTZIAN_FEUDALIZED"); free(((char *)froughy_heger)); 0 --------------------------------- 4285 110321/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_10.c cppfunc 179 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4286 73030/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_66.c cppfunc 142 data[50-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 4287 153677/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4288 153126/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4289 153677/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4290 153677/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4291 153523/avdevice.c cppfunc 50 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4292 153523/avdevice.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4293 152989/aviobuf.c cppfunc 1220 void stonesoup_handle_taint(char *casemaking_slavocracy) molopo_sojourning = ((int )(strlen(casemaking_slavocracy))); memcpy(preinsured_stramineously,casemaking_slavocracy,molopo_sojourning); free(((char *)casemaking_slavocracy)); 0 --------------------------------- 4294 199284/memory_allocation_failure.c cppfunc 632 int (*ptr1)[4]; ptr1 = memory_allocation_failure_014_func_001(); for ( j=0 ;j<4; j++) *(ptr1[i]+j) += *(ptr1[i]+j); free(ptr1); 0 --------------------------------- 4295 153350/column-utils.c inputfunc 114 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hercynian_pontypool,"NEMATOLOGY_IMID"); if (hercynian_pontypool != 0) {; 0 --------------------------------- 4296 70672/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4297 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c cppfunc 362 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 4298 70405/CWE122_Heap_Based_Buffer_Overflow__CWE135_06.c cppfunc 88 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4299 153229/string.c cppfunc 75 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4300 153740/color.c cppfunc 379 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 4301 67428/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_45.c cppfunc 71 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4302 153229/string.c cppfunc 72 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4303 153683/tile.c cppfunc 270 woodbox_gaiters = getenv("PELECYPODOUS_AUSGLEICHE"); perceivability_cabbagehead = ((int )(strlen(woodbox_gaiters))); nonfaltering_sublating = ((char *)(malloc(perceivability_cabbagehead + 1))); 0 --------------------------------- 4304 153224/error.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4305 153642/tile-swap.c cppfunc 125 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4306 72140/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_13.c cppfunc 73 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4307 62578/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_15.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4308 66292/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_13.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4309 70423/CWE122_Heap_Based_Buffer_Overflow__CWE135_34.c cppfunc 82 CWE122_Heap_Based_Buffer_Overflow__CWE135_34_unionType myUnion; void * data = myUnion.unionSecond; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 4310 69891/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_22.cpp cppfunc 210 data = new wchar_t[100]; data = goodG2B2Source(data); wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 4311 153188/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4312 153775/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 4313 70837/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_06.c cppfunc 76 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4314 72486/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_33.cpp cppfunc 72 char * &dataRef = data; char * data = dataRef; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 0 --------------------------------- 4315 153066/portalmem.c cppfunc 137 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4316 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 4317 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 4318 153589/bio_err.c cppfunc 124 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4319 153589/bio_err.c cppfunc 126 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4320 110401/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_72.cpp cppfunc 186 vector dataVector; data = 20; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int data = dataVector[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4321 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c cppfunc 301 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 4322 199276/invalid_memory_access.c cppfunc 322 int index[4] = {3, 5, 4, 6}; ptr = (int *)malloc(sizeof(int) * 4); ptr[i] = index[i]; free(ptr); 0 --------------------------------- 4323 153009/utils.c cppfunc 4770 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) switch(( *(spec++))){ if (( *(spec++)) == ':') { int index = (strtol(spec,((void *)0),0)); 0 --------------------------------- 4324 153044/error.c cppfunc 81 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4325 153044/error.c cppfunc 83 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4326 153553/conf_mod.c cppfunc 178 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); imbeciles_ethylin[1] = 5; mistral_unpasted = *(mewled_bardwell + imbeciles_ethylin[1]); hexafluoride_dispraised = ((char *)((char *)mistral_unpasted)); stonesoup_buffer = malloc((strlen(hexafluoride_dispraised) + 1) * sizeof(char )); strcpy(stonesoup_buffer,hexafluoride_dispraised); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_handle_taint(char *robustity_seraphtide) unlogistical_rowdydowdy = ((void *)robustity_seraphtide); mewled_bardwell[5] = unlogistical_rowdydowdy; mistral_unpasted = *(mewled_bardwell + imbeciles_ethylin[1]); hexafluoride_dispraised = ((char *)((char *)mistral_unpasted)); stonesoup_buffer = malloc((strlen(hexafluoride_dispraised) + 1) * sizeof(char )); strcpy(stonesoup_buffer,hexafluoride_dispraised); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 4327 70914/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_62.cpp cppfunc 67 data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4328 152951/mux.c cppfunc 94 size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4329 152951/mux.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4330 152951/mux.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4331 153583/stream.c cppfunc 233 int coccidology_nonjuristic = 53; char *kabalevsky_greenbackism;; stonesoup_read_taint(&kabalevsky_greenbackism,"2414",coccidology_nonjuristic); getters_shifter = ((int )(strlen(kabalevsky_greenbackism))); coeternal_montessorian = ((char *)(malloc(getters_shifter + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&kabalevsky_greenbackism,"2414",coccidology_nonjuristic); getters_shifter = ((int )(strlen(kabalevsky_greenbackism))); coeternal_montessorian = ((char *)(malloc(getters_shifter + 1))); 0 --------------------------------- 4332 67402/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_03.c cppfunc 80 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4333 79472/CWE134_Uncontrolled_Format_String__char_console_printf_66.c inputfunc 42 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_printf_66b_badSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_printf_66b_badSink(char * dataArray[]); 0 --------------------------------- 4334 152908/utils.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4335 1305/prescan-overflow-bad.c cppfunc 499 c = *p++; p--; c = '"'; c = ')'; c = '>'; c = '>'; c = NOCHAR; c = NOCHAR; c = NOCHAR; c = NOCHAR; c = NOCHAR; else if (delim == ' ' && isascii(c) && isspace(c)) c = ' '; if (isascii(c) && isprint(c)) 0 --------------------------------- 4336 199234/buffer_overrun_dynamic.c cppfunc 561 char ** doubleptr=(char**) malloc(10*sizeof(char*)); doubleptr[i]=(char*) malloc(10*sizeof(char)); doubleptr[i][j]='a'; free(doubleptr[i]); free(doubleptr); 0 --------------------------------- 4337 153181/mux.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4338 153181/mux.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4339 153794/timestamp.c cppfunc 81 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4340 152866/gimpdisplay.c cppfunc 131 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4341 71462/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_07.c cppfunc 83 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 4342 70455/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_08.c cppfunc 390 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4343 62967/CWE121_Stack_Based_Buffer_Overflow__CWE135_22.c cppfunc 222 data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 4344 152971/utils.c cppfunc 107 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4345 62967/CWE121_Stack_Based_Buffer_Overflow__CWE135_22.c cppfunc 225 data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodG2BSink(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); void CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodG2BSink(void * data) memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 4346 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c cppfunc 380 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 4347 153522/dirent_uri.c cppfunc 73 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4348 110326/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_15.c cppfunc 192 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4349 72291/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22.c cppfunc 86 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_goodG2B2Source(data); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4350 110823/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_53.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4351 66365/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_65.c cppfunc 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4352 62984/CWE121_Stack_Based_Buffer_Overflow__CWE135_64.c cppfunc 141 void CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_badSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 4353 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 4354 70406/CWE122_Heap_Based_Buffer_Overflow__CWE135_07.c cppfunc 88 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4355 153471/mux.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4356 153471/mux.c cppfunc 80 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4357 153580/pmsignal.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4358 148916/strutil.c cppfunc 389 s = p+3; && isxdigit(*p) && isxdigit(*q) && isxdigit(*r) && isxdigit(*s)) { punct = s + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; p = punct; p = q; q = p+1; && isxdigit(*p) && isxdigit(*q) && if (is_byte_sep(*punct)) { else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; && isxdigit(*p) && isxdigit(*q) && hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; q = p+1; && isxdigit(*p) && isxdigit(*q) && p = q + 1; q = p+1; && isxdigit(*p) && isxdigit(*q) && is_byte_sep(guint8 c) if (is_byte_sep(*punct)) { p = punct; q = p+1; && isxdigit(*p) && isxdigit(*q) && if (is_byte_sep(*punct)) { p = punct; q = p+1; && isxdigit(*p) && isxdigit(*q) && else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; q = p+1; && isxdigit(*p) && isxdigit(*q) && 0 --------------------------------- 4359 153613/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4360 153613/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4361 110520/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_17.c cppfunc 163 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4362 153613/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4363 153131/color.c cppfunc 364 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 4364 70503/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_08.c cppfunc 50 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4365 73053/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_14.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 4366 153729/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4367 62578/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_15.c cppfunc 100 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4368 153292/config.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4369 73260/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_62.cpp cppfunc 53 data = NULL; goodG2BSource(data); printDoubleLine(*data); void goodG2BSource(double * &data) data = (double *)malloc(sizeof(*data)); *data = 1.7E300; free(data); 0 --------------------------------- 4370 110531/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_44.c cppfunc 96 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4371 153208/e_camellia.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4372 65434/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_03.c cppfunc 95 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 4373 153066/portalmem.c cppfunc 123 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4374 153107/color.c cppfunc 606 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int noticeabili_personalized = 596; char *shrewstruck_schlieren; stonesoup_read_taint(&shrewstruck_schlieren,"5897",noticeabili_personalized); free(((char *)shrewstruck_schlieren)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&shrewstruck_schlieren,"5897",noticeabili_personalized); free(((char *)shrewstruck_schlieren)); 0 --------------------------------- 4375 110395/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_63.c cppfunc 159 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_63b_goodG2BSink(&data); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_63b_goodG2BSink(int * dataPtr) int data = *dataPtr; intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4376 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c cppfunc 422 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 4377 153515/color.c cppfunc 362 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 4378 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c cppfunc 230 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 4379 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c cppfunc 233 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 4380 199284/memory_allocation_failure.c cppfunc 431 ret = MAX_VAL; ret=5; return ret; memory_allocation_failure_012_buf2_gbl = (int *) calloc (memory_allocation_failure_012_func_001(1),sizeof(int)); 0 --------------------------------- 4381 70989/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_14.c cppfunc 89 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4382 153022/cmdutils.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4383 153022/cmdutils.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4384 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c cppfunc 200 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 4385 70960/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54.c cppfunc 292 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54e_badSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 4386 66284/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_05.c cppfunc 89 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4387 73009/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_18.c cppfunc 60 data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 4388 72409/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_72.cpp cppfunc 167 vector dataVector; data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 4389 153657/pgstat.c inputfunc 3384 if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); memcpy(dbentry,(&dbbuf),sizeof(PgStat_StatDBEntry )); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); FreeFile(fpin); 0 --------------------------------- 4390 66844/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_33.cpp cppfunc 70 wchar_t * &dataRef = data; wchar_t * data = dataRef; source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 4391 66521/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_02.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4392 70902/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_33.cpp cppfunc 71 char * &dataRef = data; char * data = dataRef; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4393 153109/color.c cppfunc 610 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int santoro_rebemire = 91; char *punnets_catamnestic; stonesoup_read_taint(&punnets_catamnestic,"4630",santoro_rebemire); free(((char *)punnets_catamnestic)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&punnets_catamnestic,"4630",santoro_rebemire); free(((char *)punnets_catamnestic)); 0 --------------------------------- 4394 72117/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_65.c cppfunc 142 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_65b_goodG2BSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 4395 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c cppfunc 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 4396 153426/e_bf.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4397 153426/e_bf.c cppfunc 101 size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4398 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c cppfunc 312 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 4399 71190/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_33.cpp cppfunc 71 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 4400 153772/subtrans.c cppfunc 102 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4401 153772/subtrans.c cppfunc 104 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4402 153395/color.c cppfunc 119 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4403 110464/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_09.c cppfunc 103 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4404 153395/color.c cppfunc 117 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4405 1306/prescan-overflow-ok.c cppfunc 511 addr = (char *) malloc(sizeof(char) * 500); addr[i+1] = special_char; CurEnv->e_to = (char *) malloc(strlen(addr) * sizeof(char) + 1); strcpy(CurEnv->e_to, addr); parseaddr(addr, delim, delimptr); char *addr; pvp = prescan(addr, delim, pvpbuf, sizeof pvpbuf, delimptr, NULL, canary); char *addr; p = addr; p--; p--; c = (*p++) & 0x00ff; c = '"'; c = ')'; c = '>'; c = '>'; c = NOCHAR; c = NOCHAR; c = NOCHAR; c = NOCHAR; c = NOCHAR; else if (delim == ' ' && isascii(c) && isspace(c)) c = ' '; if (isascii(c) && isprint(c)) 0 --------------------------------- 4406 153091/mux.c cppfunc 105 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4407 72107/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_44.c cppfunc 63 static void goodG2BSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 4408 66281/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_02.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4409 72850/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_03.c cppfunc 93 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 4410 153322/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4411 149056/ahdec1-good.c inputfunc 69 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) strncpy(buf, str, MAXSIZE); 0 --------------------------------- 4412 153234/img2.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4413 153280/hashfn.c cppfunc 105 stonesoup_read_taint(&ancientry_citramide,"IMBATHE_VIVER"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 4414 153636/mux.c cppfunc 103 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4415 153055/config_file.c cppfunc 936 void britannia_cannonades(char *const kreistle_chabichou) DISPENSE_MILZBRAND(kreistle_chabichou); void titmall_sherurd(char *angelita_philathletic) free(((char *)((char *)angelita_philathletic))); 0 --------------------------------- 4416 71910/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_33.cpp cppfunc 80 twoIntsStruct * &dataRef = data; twoIntsStruct * data = dataRef; memmove(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 4417 153280/hashfn.c inputfunc 108 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&ancientry_citramide,"IMBATHE_VIVER"); if (ancientry_citramide != 0) {; chrysotherapy_quindecima . staphyloptosia_slidder = ancientry_citramide; *importable_rifacimento = chrysotherapy_quindecima; 0 --------------------------------- 4418 70984/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_09.c cppfunc 89 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4419 72697/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_72.cpp cppfunc 167 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncat(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 4420 72380/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_13.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 4421 66256/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_41.c cppfunc 40 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4422 152879/eng_table.c inputfunc 156 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&veda_chestier,"PLEUROCEROID_OPEROSELY"); if (veda_chestier != 0) {; 0 --------------------------------- 4423 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c cppfunc 166 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 4424 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c cppfunc 163 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 4425 153498/mem_dbg.c cppfunc 224 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4426 153498/mem_dbg.c cppfunc 228 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4427 153562/color.c cppfunc 351 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 4428 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c cppfunc 384 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 4429 62753/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_82a.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4430 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c cppfunc 381 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 4431 153262/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4432 79451/CWE134_Uncontrolled_Format_String__char_console_printf_18.c inputfunc 83 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 4433 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c inputfunc 141 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_start(args, data); goodB2GVaSinkG(data, data); 0 --------------------------------- 4434 66310/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_52.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4435 72283/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_12.c cppfunc 77 data[50-1] = '\0'; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4436 152900/avdevice.c cppfunc 196 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int chloromycetin_updress = 40; char *pokorny_resiliate;; stonesoup_read_taint(&pokorny_resiliate,"3161",chloromycetin_updress); reconsoling_valours = ((int )(strlen(pokorny_resiliate))); prefixing_halloween = ((char *)(malloc(reconsoling_valours + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&pokorny_resiliate,"3161",chloromycetin_updress); reconsoling_valours = ((int )(strlen(pokorny_resiliate))); prefixing_halloween = ((char *)(malloc(reconsoling_valours + 1))); 0 --------------------------------- 4437 72840/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68.c cppfunc 132 char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68_badData; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 4438 153504/e_bf.c cppfunc 247 jmp_buf torchlighted_cissies; ectocyst_anarchs = setjmp(torchlighted_cissies); longjmp(torchlighted_cissies,1); 0 --------------------------------- 4439 152946/file_wrappers.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4440 70534/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66.c cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4441 70534/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66.c inputfunc 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66b_badSink(int dataArray[]); 0 --------------------------------- 4442 70738/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_03.c cppfunc 70 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 4443 70532/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64.c cppfunc 80 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4444 72360/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68.c cppfunc 131 char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68_badData; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4445 152933/column-utils.c cppfunc 72 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4446 152933/column-utils.c cppfunc 76 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4447 110488/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54.c cppfunc 286 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54d_goodG2BSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54e_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54e_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4448 66340/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_13.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4449 70654/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_15.c cppfunc 280 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4450 148821/Element.cpp cppfunc 1210 PassRefPtr Element::removeAttributeNode(Attr* attr, ExceptionCode& ec) if (attr->ownerElement() != this) { if (document() != attr->document()) { NamedNodeMap* attrs = attributes(true); return static_pointer_cast(attrs->removeNamedItem(attr->qualifiedName(), ec)); 0 --------------------------------- 4451 70892/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_13.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4452 72427/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_12.c cppfunc 77 data[50-1] = '\0'; data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 4453 73724/CWE124_Buffer_Underwrite__CWE839_listen_socket_52.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4454 73712/CWE124_Buffer_Underwrite__CWE839_listen_socket_21.c cppfunc 107 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4455 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c inputfunc 152 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2Sink(data); static void goodB2G2Sink(char * data) printf("%s\n", data); 0 --------------------------------- 4456 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_goodB2GSink(void * dataVoidPtr) CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_goodB2GSink(&data); char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 4457 153760/aviobuf.c cppfunc 1026 jmp_buf pronger_carbonisable; guarachas_minden = setjmp(pronger_carbonisable); longjmp(pronger_carbonisable,1); 0 --------------------------------- 4458 71493/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_65.c cppfunc 136 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_65b_badSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 4459 72998/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_07.c cppfunc 93 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 4460 63800/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_09.c cppfunc 75 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 4461 66617/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_02.c cppfunc 66 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4462 66535/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_16.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 4463 66577/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_10.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4464 153279/dynahash.c cppfunc 240 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4465 153428/utils.c cppfunc 2588 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; union truncated_nonreverential subtetanical_nondefeasibness; int pakse_abominably = 596; char *radiancy_matutinely;; stonesoup_read_taint(&radiancy_matutinely,"5302",pakse_abominably); subtetanical_nondefeasibness . hasky_subordinator = radiancy_matutinely; thrifts_scorpio[5] = subtetanical_nondefeasibness; palatialness_artiste[1] = 5; itabuna_mallum = *(thrifts_scorpio + palatialness_artiste[1]); free(((char *)itabuna_mallum . hasky_subordinator)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&radiancy_matutinely,"5302",pakse_abominably); subtetanical_nondefeasibness . hasky_subordinator = radiancy_matutinely; itabuna_mallum = *(thrifts_scorpio + palatialness_artiste[1]); free(((char *)itabuna_mallum . hasky_subordinator)); 0 --------------------------------- 4466 73021/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_51.c cppfunc 121 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_51b_badSink(char * data) strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 4467 152925/eng_lib.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4468 153107/color.c cppfunc 373 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 4469 152925/eng_lib.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4470 152878/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4471 152878/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4472 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c cppfunc 238 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 4473 152878/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4474 72168/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_68.c cppfunc 153 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4475 62583/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22.c cppfunc 74 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4476 153328/e_camellia.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4477 70933/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_06.c cppfunc 76 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 4478 71456/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_01.c cppfunc 66 data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 4479 72716/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_13.c cppfunc 90 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 4480 199235/buffer_underrun_dynamic.c cppfunc 182 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); int *buf3=(int*)calloc(5,sizeof(int)); int *buf4=(int*)calloc(5,sizeof(int)); free(buf4); 0 --------------------------------- 4481 199235/buffer_underrun_dynamic.c cppfunc 183 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); int *buf3=(int*)calloc(5,sizeof(int)); int *buf4=(int*)calloc(5,sizeof(int)); int *buf5=(int*)calloc(5,sizeof(int)); free(buf5); 0 --------------------------------- 4482 199235/buffer_underrun_dynamic.c cppfunc 180 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); free(buf2); 0 --------------------------------- 4483 199235/buffer_underrun_dynamic.c cppfunc 181 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); int *buf3=(int*)calloc(5,sizeof(int)); free(buf3); 0 --------------------------------- 4484 72803/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_04.c cppfunc 78 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 4485 153601/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4486 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c cppfunc 201 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 4487 71013/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_65.c cppfunc 146 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_65b_goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4488 153600/tile.c cppfunc 90 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4489 153775/color.c cppfunc 590 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int immodulated_tripleback = 1024; char *belate_sifflement; stonesoup_read_taint(&belate_sifflement,"1455",immodulated_tripleback); free(((char *)belate_sifflement)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&belate_sifflement,"1455",immodulated_tripleback); free(((char *)belate_sifflement)); 0 --------------------------------- 4490 72986/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_73.cpp cppfunc 150 void badSink(list dataList) wchar_t * data = dataList.back(); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4491 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c cppfunc 90 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 4492 110535/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4493 153805/color.c cppfunc 594 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *possessory_contrectation; stonesoup_read_taint(&possessory_contrectation,"WHOOPLAS_PLUFFY"); free(((char *)possessory_contrectation)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&possessory_contrectation,"WHOOPLAS_PLUFFY"); free(((char *)possessory_contrectation)); 0 --------------------------------- 4494 153620/color.c cppfunc 347 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 4495 1298/crackaddr-ok.c cppfunc 371 register char *addr; addr++; char address[100]; scanf("%99s", address); res_addr = crackaddr(address); p = addrhead = addr; p++; while ((c = *p++) != '<') while ((c = *p++) != '\0') if ((c = *p++) == '\0') p--; p++; p++; while ((c = *p++) != ':') p++; while (isascii((int)*p) && isspace((int)*p)) 0 --------------------------------- 4496 66298/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_21.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 4497 62714/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_07.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4498 72804/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_05.c cppfunc 100 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 4499 153081/eng_lib.c cppfunc 460 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *catheterising_tightroping) overrestrain_bistros . unsummable_chancres = catheterising_tightroping; free(((char *)overrestrain_bistros . unsummable_chancres)); 0 --------------------------------- 4500 72944/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_01.c cppfunc 60 data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4501 62570/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_07.c cppfunc 42 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4502 65157/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_06.c cppfunc 97 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 4503 153269/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4504 149081/scpy8-bad.c cppfunc 44 buf[MAXSIZE-1] = '\0'; printf("result: %s\n", buf); free(buf); 0 --------------------------------- 4505 71451/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_74.cpp cppfunc 171 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4506 70659/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22.c cppfunc 254 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4507 199236/buffer_underrun_dynamic.c cppfunc 95 long *buf=(long*) calloc(5,sizeof(long)); buf[i]=1; free(buf); 0 --------------------------------- 4508 153399/cmdline.c inputfunc 848 e = (getenv("VISUAL")); if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 4509 152976/column-utils.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4510 153771/main_filter_toolbar.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4511 153771/main_filter_toolbar.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4512 153058/avfilter.c cppfunc 52 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4513 153790/mem_dbg.c cppfunc 215 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4514 153787/dynahash.c cppfunc 268 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4515 67320/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_17.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 4516 65196/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_05.c cppfunc 102 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 4517 153651/conversation.c cppfunc 125 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 4518 153581/config_file.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4519 72167/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_67.c cppfunc 136 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4520 62977/CWE121_Stack_Based_Buffer_Overflow__CWE135_51.c cppfunc 167 data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_goodB2GSink(data); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); void CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_goodB2GSink(void * data) memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4521 62977/CWE121_Stack_Based_Buffer_Overflow__CWE135_51.c cppfunc 164 data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 4522 70846/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_15.c cppfunc 105 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4523 71207/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67.c cppfunc 142 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 4524 70418/CWE122_Heap_Based_Buffer_Overflow__CWE135_21.c cppfunc 82 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; goodB2G1Sink(data); static void goodB2G1Sink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4525 67501/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_18.c cppfunc 70 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 4526 70401/CWE122_Heap_Based_Buffer_Overflow__CWE135_02.c cppfunc 144 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 4527 71862/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_33.cpp cppfunc 80 twoIntsStruct * &dataRef = data; twoIntsStruct * data = dataRef; memcpy(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 4528 152917/cmdutils.c cppfunc 124 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4529 67750/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_66.cpp cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4530 153778/tile-manager.c cppfunc 103 int phyleus_carryalls = 596; stonesoup_read_taint(&explicitly_sender,"8991",phyleus_carryalls); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 4531 153450/oids.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4532 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c inputfunc 137 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myUnion.unionFirst = data; 0 --------------------------------- 4533 153769/utils.c cppfunc 94 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4534 153769/utils.c cppfunc 96 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4535 79375/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65.c cppfunc 317 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 4536 153711/timestamp.c cppfunc 91 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4537 153241/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 4538 67327/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_34.c cppfunc 62 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4539 153708/bss_file.c cppfunc 128 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4540 153708/bss_file.c cppfunc 124 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4541 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c cppfunc 470 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 4542 73699/CWE124_Buffer_Underwrite__CWE839_listen_socket_06.c cppfunc 297 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4543 72831/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53.c cppfunc 221 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53d_badSink(char * data) strcat(data, source); printLine(data); free(data); 0 --------------------------------- 4544 153137/emem.c cppfunc 1180 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *fittipaldi_arcaded;; stonesoup_read_taint(&fittipaldi_arcaded,"MIMICKER_CUNNINGHAMIA"); costocentral_salvoes = ((void *)fittipaldi_arcaded); begift_hydatogenic = gnomonic_sandbin(costocentral_salvoes); void *gnomonic_sandbin(void *tactions_assagaiing) return tactions_assagaiing; begift_hydatogenic = gnomonic_sandbin(costocentral_salvoes); free(((char *)((char *)begift_hydatogenic))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&fittipaldi_arcaded,"MIMICKER_CUNNINGHAMIA"); costocentral_salvoes = ((void *)fittipaldi_arcaded); begift_hydatogenic = gnomonic_sandbin(costocentral_salvoes); 0 --------------------------------- 4545 67343/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_67.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4546 153581/config_file.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4547 1631/snp8-ok.c cppfunc 43 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); snprintf(buf, MAXSIZE, "<%s>", str); printf("result: %s\n", buf); free(buf); 0 --------------------------------- 4548 153677/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4549 153154/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 4550 152977/types.c cppfunc 105 svn_error_t *svn_revnum_parse(svn_revnum_t *rev,const char *str,const char **endptr) char *end; svn_revnum_t result = strtol(str,&end,10); 0 --------------------------------- 4551 70888/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_09.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4552 79422/CWE134_Uncontrolled_Format_String__char_console_fprintf_64.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_64b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_64b_badSink(void * dataVoidPtr); CWE134_Uncontrolled_Format_String__char_console_fprintf_64b_badSink(&data); 0 --------------------------------- 4553 70648/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_09.c cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4554 152944/color.c cppfunc 363 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 4555 71191/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_34.c cppfunc 76 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 4556 153697/color.c cppfunc 364 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 4557 153152/eng_table.c cppfunc 118 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4558 153829/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4559 153829/color.c cppfunc 120 stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4560 153627/e_bf.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4561 153627/e_bf.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4562 153132/color.c cppfunc 371 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 4563 153397/resowner.c cppfunc 160 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4564 71457/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_02.c cppfunc 77 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 4565 72794/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_73.cpp cppfunc 154 void badSink(list dataList) wchar_t * data = dataList.back(); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 4566 153798/cmdline.c cppfunc 1098 e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char **tmpfile_left,const char *editor_cmd, const svn_string_t *contents,const char *filename,apr_hash_t *config,svn_boolean_t as_text,const char *encoding,apr_pool_t *pool) const char *editor; const char *tmpfile_native; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); svn_error_t *svn_err__temp = svn_subst_translate_cstring2(contents -> data,&translated,"\n",0,((void *)0),0,pool); translated_contents = svn_string_create_empty(pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8_ex2(&translated_contents -> data,translated,encoding,pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8(&translated_contents -> data,translated,pool); translated_contents = svn_string_dup(contents,pool); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); svn_error_t *svn_err__temp = svn_io_temp_dir(&base_dir,pool); svn_error_t *svn_err__temp = svn_path_cstring_from_utf8(&temp_dir_apr,base_dir,pool); apr_err = apr_filepath_set(temp_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); err = svn_path_cstring_from_utf8(&tmpfile_apr,tmpfile_name,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x10,pool); apr_file_mtime_set(tmpfile_apr,finfo_before . mtime - 2000,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x00000010 | 0x00000100,pool); err = svn_utf_cstring_from_utf8(&tmpfile_native,tmpfile_name,pool); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); 0 --------------------------------- 4567 66345/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_18.c cppfunc 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4568 153589/bio_err.c cppfunc 215 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 4569 153254/conf_mod.c cppfunc 177 int unsilicified_jerkily = 53; stonesoup_read_taint(&cecil_bragger,"2395",unsilicified_jerkily); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 4570 73735/CWE124_Buffer_Underwrite__CWE839_listen_socket_72.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4571 152955/timestamp.c cppfunc 95 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4572 153144/avpacket.c cppfunc 435 int moriform_cogener = 53; char *laccol_devotedly;; stonesoup_read_taint(&laccol_devotedly,"1979",moriform_cogener); gothish_saints = ((int )(strlen(laccol_devotedly))); minidisks_disparpling = ((char *)(malloc(gothish_saints + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&laccol_devotedly,"1979",moriform_cogener); gothish_saints = ((int )(strlen(laccol_devotedly))); minidisks_disparpling = ((char *)(malloc(gothish_saints + 1))); 0 --------------------------------- 4573 71444/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_64.c cppfunc 125 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4574 153619/resowner.c cppfunc 184 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 4575 66417/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_72.cpp cppfunc 170 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; dataLen = wcslen(data); 0 --------------------------------- 4576 73076/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_64.c cppfunc 142 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 4577 110335/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_34.c cppfunc 157 CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_34_unionType myUnion; int data = myUnion.unionSecond; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4578 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c inputfunc 163 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 4579 153024/utils.c cppfunc 71 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4580 110522/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_21.c cppfunc 220 data = 20; return data; data = -1; data = goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); static int goodG2B2Source(int data) return data; data = goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4581 73722/CWE124_Buffer_Underwrite__CWE839_listen_socket_45.c cppfunc 249 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4582 70534/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66.c cppfunc 248 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4583 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c inputfunc 145 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 4584 73006/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_15.c cppfunc 100 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 4585 153584/pmsignal.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4586 153074/utils.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4587 72506/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_73.cpp cppfunc 154 void badSink(list dataList) char * data = dataList.back(); SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 0 --------------------------------- 4588 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c cppfunc 31 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badSink(data); static void badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 4589 72093/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_14.c cppfunc 93 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 4590 62968/CWE121_Stack_Based_Buffer_Overflow__CWE135_31.c cppfunc 67 data = (void *)CHAR_STRING; void * dataCopy = data; void * data = dataCopy; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 4591 199236/buffer_underrun_dynamic.c cppfunc 700 char test[]="This is STRING"; char *newTest= (char*) malloc(15*sizeof(char)); memcpy (newTest,test,15); free(newTest); 0 --------------------------------- 4592 152978/column-utils.c cppfunc 79 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4593 152978/column-utils.c cppfunc 75 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4594 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c cppfunc 351 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 4595 153103/color.c cppfunc 336 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 4596 152909/column-utils.c cppfunc 80 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4597 153103/color.c cppfunc 338 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 4598 152909/column-utils.c cppfunc 89 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(malnourished_ferison)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4599 153271/types.c cppfunc 77 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4600 67746/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_62.cpp cppfunc 275 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4601 72158/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_52.c cppfunc 173 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4602 67418/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_21.c cppfunc 71 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 4603 110815/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_34.cpp cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4604 70521/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_42.c cppfunc 168 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4605 153825/stream.c cppfunc 120 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4606 153825/stream.c cppfunc 129 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4607 72369/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_02.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 4608 70502/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_07.c cppfunc 98 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4609 66605/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_65.c cppfunc 34 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4610 110353/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_72.cpp cppfunc 249 vector dataVector; data = 20; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int data = dataVector[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4611 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c cppfunc 152 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 4612 153127/utils.c cppfunc 82 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4613 153647/aviobuf.c cppfunc 82 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4614 153647/aviobuf.c cppfunc 84 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4615 79466/CWE134_Uncontrolled_Format_String__char_console_printf_54.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_54b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54b_badSink(char * data); 0 --------------------------------- 4616 153127/utils.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4617 79520/CWE134_Uncontrolled_Format_String__char_console_snprintf_66.c inputfunc 48 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_66b_badSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_snprintf_66b_badSink(char * dataArray[]); 0 --------------------------------- 4618 148916/strutil.c cppfunc 847 convert_string_to_hex(const char *string, size_t *nbytes) p = &string[0]; c = *p++; c = *p++; if (isdigit(c)) 0 --------------------------------- 4619 70862/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52.c cppfunc 201 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52c_goodG2BSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4620 153262/color.c cppfunc 341 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 4621 71199/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53.c cppfunc 238 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53d_badSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 4622 153154/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4623 70501/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_06.c cppfunc 98 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4624 110319/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_08.c cppfunc 193 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4625 71786/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_73.cpp cppfunc 159 list dataList; data = (int *)malloc(100*sizeof(int)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int * data = dataList.back(); memmove(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 4626 152949/conf_mod.c cppfunc 692 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 4627 67737/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_42.cpp inputfunc 246 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 4628 152964/color.c cppfunc 609 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *causa_piaroa) free(((char *)causa_piaroa)); 0 --------------------------------- 4629 70643/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_04.c cppfunc 86 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4630 63636/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_05.c cppfunc 101 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 4631 152907/mutex.c inputfunc 130 quadruplicating_pictores = getenv("BACCALAUREATES_OUTFFED"); if (quadruplicating_pictores != 0) {; donnelly_unvaulted = quadruplicating_pictores; coadunating_jussives[5] = donnelly_unvaulted; entry_hermitages = *(coadunating_jussives + philobiblic_flybelts[1]); khir_shellans(zelazny_babar,entry_hermitages); void khir_shellans(int spermatin_codfisheries,puschkinia_alternamente daimonology_diores) khir_shellans(spermatin_codfisheries,daimonology_diores); praetorian_unapprisedness = ((char *)daimonology_diores); strncpy(stonesoup_source, praetorian_unapprisedness, sizeof(stonesoup_source)); 0 --------------------------------- 4632 153055/config_file.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4633 67499/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_16.c cppfunc 72 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 4634 1306/prescan-overflow-ok.c cppfunc 472 addr = (char *) malloc(sizeof(char) * 500); addr[i+1] = special_char; CurEnv->e_to = (char *) malloc(strlen(addr) * sizeof(char) + 1); strcpy(CurEnv->e_to, addr); parseaddr(addr, delim, delimptr); char *addr; pvp = prescan(addr, delim, pvpbuf, sizeof pvpbuf, delimptr, NULL, canary); char *addr; p = addr; c = (*p++) & 0x00ff; p--; p--; char *ptr = p; ptr++; while (isascii((int)*ptr) && isspace((int)*ptr)) 0 --------------------------------- 4635 153484/stream.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4636 199234/buffer_overrun_dynamic.c cppfunc 61 int *buf=(int*) calloc(5,sizeof(int)); buf[i]=1; free(buf); 0 --------------------------------- 4637 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c inputfunc 98 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 4638 67610/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_73.cpp cppfunc 97 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4639 71465/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_10.c cppfunc 77 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 4640 152934/conf_mod.c cppfunc 147 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 4641 62988/CWE121_Stack_Based_Buffer_Overflow__CWE135_68.c cppfunc 149 void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_68_badData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 4642 62988/CWE121_Stack_Based_Buffer_Overflow__CWE135_68.c cppfunc 146 void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_68_badData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 4643 153292/config.c cppfunc 107 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4644 72742/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_66.c cppfunc 126 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 4645 71453/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_82_bad.cpp cppfunc 34 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4646 153349/img2.c cppfunc 73 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4647 73709/CWE124_Buffer_Underwrite__CWE839_listen_socket_16.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4648 71094/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_33.cpp cppfunc 71 wchar_t * &dataRef = data; wchar_t * data = dataRef; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 4649 153500/dirent_uri.c cppfunc 88 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4650 70994/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_21.c cppfunc 91 data = NULL; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; data = goodG2B1Source(data); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4651 153500/dirent_uri.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4652 153162/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4653 73053/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_14.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 4654 153763/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4655 71203/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_63.c cppfunc 146 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 4656 67587/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_22.cpp cppfunc 104 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4657 73725/CWE124_Buffer_Underwrite__CWE839_listen_socket_53.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4658 153635/string.c cppfunc 109 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 4659 73713/CWE124_Buffer_Underwrite__CWE839_listen_socket_22.c cppfunc 173 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4660 153112/utils.c cppfunc 5287 void nonloyalty_osirification(void *magnelectric_hynes) gunrunning_blench(magnelectric_hynes); void gunrunning_blench(void *viruslike_mackinac) free(((char *)((char *)((void *)viruslike_mackinac)))); 0 --------------------------------- 4661 70971/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_74.cpp cppfunc 157 void badSink(map dataMap) char * data = dataMap[2]; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 4662 110670/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_33.cpp cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4663 72723/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22.c cppfunc 67 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B1Source(data); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 4664 153127/utils.c inputfunc 125 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&orselle_dowelled,"ORILLION_MISUNDERSTOOD"); if (orselle_dowelled != 0) {; 0 --------------------------------- 4665 153215/pgstat.c inputfunc 3348 if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); memcpy(dbentry,(&dbbuf),sizeof(PgStat_StatDBEntry )); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 4666 71495/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67.c cppfunc 147 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67_structType myStruct) char * data = myStruct.structFirst; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 4667 110386/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_43.cpp cppfunc 92 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4668 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c cppfunc 254 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 4669 153240/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4670 62724/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_17.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4671 70475/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_44.c cppfunc 211 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4672 66348/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_31.c cppfunc 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4673 153134/main_statusbar.c cppfunc 129 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4674 72985/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_72.cpp cppfunc 169 vector dataVector; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4675 153134/main_statusbar.c cppfunc 120 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4676 66530/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_11.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4677 153759/hashfn.c cppfunc 58 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4678 153759/hashfn.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4679 153250/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4680 79413/CWE134_Uncontrolled_Format_String__char_console_fprintf_44.c inputfunc 110 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 4681 63434/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_03.c cppfunc 94 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 4682 67587/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_22.cpp cppfunc 44 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4683 152940/cmdutils.c cppfunc 2393 void geocentrical_admonitioner(char **seat_demonstratively) semitesseral_brachiata(seat_demonstratively); void semitesseral_brachiata(char **superchery_nephromegaly) free(((char *)( *(superchery_nephromegaly - 5)))); 0 --------------------------------- 4684 153392/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4685 153392/color.c cppfunc 120 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4686 67328/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_41.c cppfunc 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 4687 152906/tile.c cppfunc 55 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4688 72169/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_72.cpp cppfunc 171 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4689 70650/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_11.c cppfunc 304 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4690 70532/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64.c cppfunc 249 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4691 70851/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22.c cppfunc 91 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B2Source(data); data = (char *)malloc((10+1)*sizeof(char)); return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B2Source(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B2Source(char * data) return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B2Source(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4692 153796/oids.c cppfunc 119 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4693 73738/CWE124_Buffer_Underwrite__CWE839_listen_socket_81a.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4694 71485/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_51.c cppfunc 135 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_51b_badSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 4695 62586/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_33.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4696 153423/error.c cppfunc 105 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4697 69865/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_72.cpp cppfunc 159 vector dataVector; data = (int *)malloc(10*sizeof(int)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int * data = dataVector[2]; memcpy(data, source, 10*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 4698 72832/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54.c cppfunc 288 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54e_goodG2BSink(char * data) strcat(data, source); printLine(data); free(data); 0 --------------------------------- 4699 153334/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4700 152937/mutex.c cppfunc 49 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4701 153395/color.c cppfunc 608 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *tranced_brassish; stonesoup_read_taint(&tranced_brassish,"HLD_UNSCHOLARLINESS"); free(((char *)tranced_brassish)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&tranced_brassish,"HLD_UNSCHOLARLINESS"); free(((char *)tranced_brassish)); 0 --------------------------------- 4702 67578/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_11.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4703 73711/CWE124_Buffer_Underwrite__CWE839_listen_socket_18.c cppfunc 184 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4704 72434/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_21.c cppfunc 118 data = (char *)malloc(100*sizeof(char)); data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 4705 153353/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4706 73714/CWE124_Buffer_Underwrite__CWE839_listen_socket_31.c cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4707 70870/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_66.c cppfunc 152 data = (char *)malloc((10+1)*sizeof(char)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4708 153755/dirent_uri.c cppfunc 2092 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *schmidt_roundhouse) free(((char *)schmidt_roundhouse)); 0 --------------------------------- 4709 71738/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_73.cpp cppfunc 142 void badSink(list dataList) int * data = dataList.back(); memcpy(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 4710 71178/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_11.c cppfunc 92 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 4711 62726/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_21.c cppfunc 329 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4712 62738/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_52.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4713 153534/string.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4714 66335/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_08.c cppfunc 100 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4715 153534/string.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4716 71392/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54.c cppfunc 270 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54e_badSink(char * data) strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 4717 70508/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_13.c cppfunc 270 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4718 153239/color.c cppfunc 90 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4719 153239/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4720 110393/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_61.c cppfunc 71 data = 20; return data; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_61b_goodG2BSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4721 152951/mux.c cppfunc 958 evolvable_shackled wasagara_apellous = 0; staffelite_familiar(&wasagara_apellous); kinematically_saundra[ *( *( *( *( *( *( *( *( *( *derogated_opisthogastric)))))))))] = wasagara_apellous; badass_neillia = kinematically_saundra[ *( *( *( *( *( *( *( *( *( *derogated_opisthogastric)))))))))]; free(((char *)badass_neillia)); 0 --------------------------------- 4722 153555/utf.c cppfunc 126 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4723 110392/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54.c cppfunc 307 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54d_goodG2BSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54e_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54e_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4724 153464/mem_dbg.c cppfunc 215 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4725 153772/subtrans.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4726 153543/bio_err.c cppfunc 228 void *bemadams_depressants = 0; jumart_nonsupporting(&bemadams_depressants); dermas_vassalism = &bemadams_depressants; wherefore_chromite = dermas_vassalism + 5; free(((char *)((char *)( *(wherefore_chromite - 5))))); 0 --------------------------------- 4727 62972/CWE121_Stack_Based_Buffer_Overflow__CWE135_41.c cppfunc 58 data = (void *)CHAR_STRING; goodG2BSink(data); static void goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 4728 110524/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_31.c cppfunc 162 data = 20; int dataCopy = data; int data = dataCopy; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4729 67573/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_06.cpp cppfunc 157 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4730 69887/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_16.cpp cppfunc 33 data = new wchar_t[100]; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 4731 72147/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22.c cppfunc 42 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4732 152967/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4733 70406/CWE122_Heap_Based_Buffer_Overflow__CWE135_07.c cppfunc 116 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4734 153647/aviobuf.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4735 153379/e_camellia.c cppfunc 120 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4736 153379/e_camellia.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4737 72074/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_73.cpp cppfunc 151 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4738 71162/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_73.cpp cppfunc 175 list dataList; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 4739 67313/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_10.c cppfunc 80 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4740 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_goodB2GSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_goodB2GSink(char * dataArray[]) char * data = dataArray[2]; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 4741 72435/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22.c cppfunc 67 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_goodG2B1Source(data); strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 4742 1302/mime1-ok.c cppfunc 79 register int sz; sz = 1; p = malloc((unsigned) sz); 0 --------------------------------- 4743 70920/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68.c cppfunc 157 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68_goodG2BData; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4744 199236/buffer_underrun_dynamic.c cppfunc 515 int *buf1=(int*) calloc(5,sizeof(int)); int *buf2=(int*) calloc(3,sizeof(int)); for(i=0;i<5;i++) *(buf1+i)=i; *(buf2-*(buf1+0))=1; free(buf1); 0 --------------------------------- 4745 199236/buffer_underrun_dynamic.c cppfunc 516 int *buf1=(int*) calloc(5,sizeof(int)); int *buf2=(int*) calloc(3,sizeof(int)); for(i=0;i<5;i++) *(buf1+i)=i; *(buf2-*(buf1+0))=1; free(buf2); 0 --------------------------------- 4746 71305/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_72.cpp cppfunc 151 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4747 153690/gimpviewable.c cppfunc 1776 jmp_buf boycotted_clinometrical; homovec_ostectomies = setjmp(boycotted_clinometrical); longjmp(boycotted_clinometrical,1); 0 --------------------------------- 4748 70439/CWE122_Heap_Based_Buffer_Overflow__CWE135_67.c cppfunc 195 CWE122_Heap_Based_Buffer_Overflow__CWE135_67_structType myStruct; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__CWE135_67b_goodB2GSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__CWE135_67b_goodB2GSink(CWE122_Heap_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4749 153197/color.c cppfunc 588 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *blockholer_indirection; stonesoup_read_taint(&blockholer_indirection,"GANOCEPHALOUS_PREAPPRISING"); free(((char *)blockholer_indirection)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&blockholer_indirection,"GANOCEPHALOUS_PREAPPRISING"); free(((char *)blockholer_indirection)); 0 --------------------------------- 4750 153000/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4751 153373/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&dia_cherbourg,"WORDISHLY_GROUSY"); if (dia_cherbourg != 0) {; amphithecial_immaterialist = ((char *)dia_cherbourg); strncpy(stonesoup_source, amphithecial_immaterialist, sizeof(stonesoup_source)); if (dia_cherbourg != 0) free(((char *)dia_cherbourg)); 0 --------------------------------- 4752 62569/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_06.c cppfunc 92 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4753 153288/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4754 148966/strutil.c cppfunc 796 convert_string_to_hex(const char *string, size_t *nbytes) p = &string[0]; c = *p++; if (isspace(c)) if (!isxdigit(c)) { 0 --------------------------------- 4755 62729/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_32.c cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4756 110822/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_52.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4757 72288/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_17.c cppfunc 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4758 153787/dynahash.c cppfunc 292 stonesoup_read_taint(&pozzuolanic_gynecophorous,"ANTHROPOIDEA_RAILWAYED"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 4759 153787/dynahash.c inputfunc 295 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&pozzuolanic_gynecophorous,"ANTHROPOIDEA_RAILWAYED"); if (pozzuolanic_gynecophorous != 0) {; 0 --------------------------------- 4760 70935/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_08.c cppfunc 106 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 4761 153443/aviobuf.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4762 1304/mime2-ok.c cppfunc 177 c3 = fgetc(e->e_dfp); c4 = fgetc(e->e_dfp); while ((c1 = fgetc(e->e_dfp)) != EOF) c2 = fgetc(e->e_dfp); } while (isascii(c2) && isspace(c2)); 0 --------------------------------- 4763 1304/mime2-ok.c inputfunc 176 c2 = fgetc(e->e_dfp); c3 = fgetc(e->e_dfp); c4 = fgetc(e->e_dfp); while ((c1 = fgetc(e->e_dfp)) != EOF) if (isascii(c1) && isspace(c1)) if (c1 == '=' || c2 == '=') c1 = CHAR64(c1); 0 --------------------------------- 4764 62596/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54.c cppfunc 80 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4765 1304/mime2-ok.c cppfunc 171 c2 = fgetc(e->e_dfp); c3 = fgetc(e->e_dfp); c4 = fgetc(e->e_dfp); while ((c1 = fgetc(e->e_dfp)) != EOF) if (isascii(c1) && isspace(c1)) 0 --------------------------------- 4766 110391/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53.c cppfunc 236 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53d_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4767 153059/color.c cppfunc 601 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *herman_nontemporal; stonesoup_read_taint(&herman_nontemporal,"ABUSEFULNESS_ISOCLINE"); free(((char *)herman_nontemporal)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&herman_nontemporal,"ABUSEFULNESS_ISOCLINE"); free(((char *)herman_nontemporal)); 0 --------------------------------- 4768 153003/cmdutils.c cppfunc 863 time_t now; time(&now); tm = localtime((&now)); 0 --------------------------------- 4769 62586/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_33.cpp cppfunc 121 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4770 70930/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_03.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 4771 71354/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_73.cpp cppfunc 151 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4772 70429/CWE122_Heap_Based_Buffer_Overflow__CWE135_51.c cppfunc 146 void CWE122_Heap_Based_Buffer_Overflow__CWE135_51b_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 4773 153215/pgstat.c cppfunc 309 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4774 67415/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_16.c cppfunc 56 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 4775 110387/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_44.c cppfunc 53 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4776 70512/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_17.c cppfunc 170 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4777 73081/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_72.cpp cppfunc 165 vector dataVector; data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 4778 153137/emem.c cppfunc 183 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4779 153137/emem.c cppfunc 186 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4780 72187/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_12.c cppfunc 85 data[0] = L'\0'; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 4781 153521/mutex.c cppfunc 49 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4782 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c cppfunc 198 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 4783 66344/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_17.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 4784 72864/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_17.c cppfunc 68 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 4785 110794/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_03.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4786 66643/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_44.c cppfunc 75 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4787 152897/conf_mod.c cppfunc 125 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4788 67738/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_43.cpp inputfunc 92 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 4789 72138/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_11.c cppfunc 73 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4790 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c cppfunc 113 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 4791 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c cppfunc 110 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 4792 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c cppfunc 113 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 4793 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c cppfunc 110 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); return data; data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_goodB2GSource(data); goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 4794 72951/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_08.c cppfunc 85 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4795 153002/hashfn.c cppfunc 74 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4796 72773/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_32.c cppfunc 79 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 4797 79478/CWE134_Uncontrolled_Format_String__char_console_printf_81a.cpp inputfunc 89 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject.action(data); virtual void action(char * data) const = 0; 0 --------------------------------- 4798 71442/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_62.cpp cppfunc 42 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4799 70913/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_61.c cppfunc 64 data = (char *)malloc((10+1)*sizeof(char)); return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_61b_goodG2BSource(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4800 110685/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_65.cpp cppfunc 42 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4801 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c cppfunc 162 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 4802 72824/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_41.c cppfunc 59 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_41_goodG2BSink(char * data) strcat(data, source); printLine(data); free(data); 0 --------------------------------- 4803 65202/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_11.c cppfunc 95 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 4804 152941/eng_lib.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4805 152941/eng_lib.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4806 72734/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52.c cppfunc 171 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52c_badSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 4807 153163/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4808 153393/pgstat.c inputfunc 3444 if (fread((&format_id),1,sizeof(format_id),fpin) != sizeof(format_id) || format_id != 0x01A5BC9A) { FreeFile(fpin); if (fread((&myGlobalStats),1,sizeof(myGlobalStats),fpin) != sizeof(myGlobalStats)) { FreeFile(fpin); *ts = myGlobalStats . stats_timestamp; FreeFile(fpin); if (pgstat_read_statsfile_timestamp(((bool )0),&file_ts) && file_ts >= min_ts) { static bool pgstat_read_statsfile_timestamp(bool permanent,TimestampTz *ts) 0 --------------------------------- 4809 153084/stream.c cppfunc 162 int midlenting_biogeography = 91; stonesoup_read_taint(&suppositionally_unheavenly,"1938",midlenting_biogeography); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 4810 153430/string.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4811 67344/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_68.c cppfunc 55 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4812 153530/bio_err.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4813 153493/mem_dbg.c cppfunc 706 static void print_leak_LHASH_DOALL_ARG(void *arg1,void *arg2) const MEM *a = arg1; print_leak_doall_arg(a,b); static void print_leak_doall_arg(const MEM *m,MEM_LEAK *l) lcl = localtime(&m -> time); 0 --------------------------------- 4814 153530/bio_err.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4815 153170/column-utils.c cppfunc 60 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4816 72129/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_02.c cppfunc 73 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4817 70682/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_73.cpp cppfunc 401 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4818 70654/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_15.c cppfunc 205 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4819 73045/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_06.c cppfunc 71 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 4820 153748/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4821 153019/mutex.c cppfunc 78 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4822 72275/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_04.c cppfunc 76 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4823 73704/CWE124_Buffer_Underwrite__CWE839_listen_socket_11.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4824 66523/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_04.c cppfunc 68 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4825 71438/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_52.c cppfunc 173 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4826 153829/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4827 67495/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12.c cppfunc 86 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 4828 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c inputfunc 107 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 4829 153428/utils.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4830 67491/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_08.c cppfunc 109 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); if(staticReturnsTrue()) charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 4831 66341/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_14.c cppfunc 66 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4832 73080/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_68.c cppfunc 147 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_68_goodG2BData; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 4833 70645/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_06.c cppfunc 463 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4834 67756/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_81a.cpp cppfunc 178 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4835 73364/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_73.cpp cppfunc 159 list dataList; data = NULL; data = (twoIntsStruct *)malloc(sizeof(*data)); data->intOne = 1; data->intTwo = 2; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) twoIntsStruct * data = dataList.back(); printStructLine(data); free(data); 0 --------------------------------- 4836 110373/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_14.c cppfunc 116 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4837 152999/tile-swap.c cppfunc 131 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4838 66587/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22.c cppfunc 194 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22_goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 4839 72863/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_16.c cppfunc 68 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 4840 153636/mux.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4841 199234/buffer_overrun_dynamic.c cppfunc 197 dynamic_buffer_overrun_010_s_001* sbuf= calloc(5,sizeof(dynamic_buffer_overrun_010_s_001)) ; sbuf[4].a = 1; free(sbuf); 0 --------------------------------- 4842 66552/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4843 153636/mux.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4844 153384/color.c cppfunc 351 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 4845 153384/color.c cppfunc 353 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 4846 153825/stream.c cppfunc 578 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int preformed_puerperant = 596; char *ageism_pallion;; stonesoup_read_taint(&ageism_pallion,"2000",preformed_puerperant); tanagrine_courtesied = ((void *)ageism_pallion); muckiness_walkersville[5] = tanagrine_courtesied; theorism_subfusc = 5; reprinted_unannoyingly = &theorism_subfusc; uninfallible_overassertion = *(muckiness_walkersville + *reprinted_unannoyingly); PANDEMIC_PAPULAE(uninfallible_overassertion); void upspurt_hematothorax(void *knightship_reformed) free(((char *)((char *)knightship_reformed))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&ageism_pallion,"2000",preformed_puerperant); tanagrine_courtesied = ((void *)ageism_pallion); muckiness_walkersville[5] = tanagrine_courtesied; uninfallible_overassertion = *(muckiness_walkersville + *reprinted_unannoyingly); PANDEMIC_PAPULAE(uninfallible_overassertion); 0 --------------------------------- 4847 153088/mux.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4848 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 4849 153175/utils.c cppfunc 4730 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) switch(( *(spec++))){ if (( *(spec++)) == ':') { int index = (strtol(spec,((void *)0),0)); 0 --------------------------------- 4850 70863/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53.c cppfunc 255 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53d_goodG2BSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4851 70523/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_44.c inputfunc 161 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); funcPtr(data); 0 --------------------------------- 4852 70523/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_44.c cppfunc 164 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4853 72735/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53.c cppfunc 220 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53d_badSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 4854 153203/tile-manager.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4855 199234/buffer_overrun_dynamic.c cppfunc 443 *(buf+4) = 1; int *buf=(int*) calloc(5,sizeof(int)); dynamic_buffer_overrun_024_func_001(buf); free(buf); void dynamic_buffer_overrun_024_func_001 (int *buf) free(buf); 0 --------------------------------- 4856 69929/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_10.cpp cppfunc 94 data = new wchar_t[100]; data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 4857 71306/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_73.cpp cppfunc 151 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4858 70676/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_64.c cppfunc 330 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4859 110834/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_73.cpp cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4860 62983/CWE121_Stack_Based_Buffer_Overflow__CWE135_63.c cppfunc 138 void CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_badSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 4861 153022/cmdutils.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4862 153369/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 4863 152983/dynahash.c cppfunc 277 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4864 152983/dynahash.c cppfunc 275 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4865 153603/ffmpeg.c cppfunc 396 signal(3,sigterm_handler); signal(2,sigterm_handler); signal(15,sigterm_handler); signal(24,sigterm_handler); 0 --------------------------------- 4866 66634/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_21.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 4867 70948/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_31.c cppfunc 68 data = (char *)malloc((10+1)*sizeof(char)); char * dataCopy = data; char * data = dataCopy; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 4868 62983/CWE121_Stack_Based_Buffer_Overflow__CWE135_63.c cppfunc 135 void CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_badSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 4869 153688/column.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4870 70480/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54.c cppfunc 525 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4871 70762/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_43.cpp cppfunc 72 data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 4872 153053/img2.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4873 153053/img2.c cppfunc 53 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4874 199236/buffer_underrun_dynamic.c cppfunc 233 int *buf=(int*) calloc(5,sizeof(int)); int index = 0; *(buf-index)=9; free(buf); 0 --------------------------------- 4875 72729/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_42.c cppfunc 26 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 4876 70756/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_31.c cppfunc 66 data = (char *)malloc((10+1)*sizeof(char)); char * dataCopy = data; char * data = dataCopy; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 4877 62976/CWE121_Stack_Based_Buffer_Overflow__CWE135_45.c cppfunc 92 void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_45_goodB2GData; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_45_goodB2GData = data; goodB2GSink(); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4878 65445/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_14.c cppfunc 95 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 4879 72771/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22.c cppfunc 89 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B2Source(data); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 4880 72464/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_01.c cppfunc 62 data[50-1] = '\0'; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 0 --------------------------------- 4881 70991/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_16.c cppfunc 67 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 4882 70671/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53.c cppfunc 510 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4883 152908/utils.c cppfunc 100 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4884 153158/resowner.c cppfunc 141 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4885 71377/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_18.c cppfunc 64 data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 4886 153690/gimpviewable.c cppfunc 110 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4887 153690/gimpviewable.c cppfunc 112 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4888 70458/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_11.c cppfunc 419 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4889 153426/e_bf.c cppfunc 115 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4890 153670/avdevice.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4891 153100/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4892 70517/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_32.c cppfunc 122 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4893 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c cppfunc 89 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4894 153409/config_file.c cppfunc 85 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4895 70641/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_02.c cppfunc 416 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4896 199276/invalid_memory_access.c cppfunc 232 char* buf=(char*) calloc(25, sizeof(char)); char* buf1= "This is a string"; memcpy(buf,buf1,11); free(buf); 0 --------------------------------- 4897 72858/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_11.c cppfunc 71 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 4898 152915/bufmgr.c cppfunc 2712 void stonesoup_handle_taint(char *hot_scungilli) downhearted_disgress = ((int )(strlen(hot_scungilli))); memcpy(wordle_backcourtman,hot_scungilli,downhearted_disgress); free(((char *)hot_scungilli)); 0 --------------------------------- 4899 148828/Element.cpp cppfunc 1257 PassRefPtr Element::getAttributeNode(const String& name) NamedNodeMap* attrs = attributes(true); String localName = shouldIgnoreAttributeCase(this) ? name.lower() : name; return static_pointer_cast(attrs->getNamedItem(localName)); 0 --------------------------------- 4900 67583/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_16.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4901 153524/color.c cppfunc 335 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 4902 72386/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_21.c cppfunc 118 data = (char *)malloc(100*sizeof(char)); data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 4903 71421/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_14.c cppfunc 73 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4904 153401/e_camellia.c cppfunc 359 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *unshored_antipart;; stonesoup_read_taint(&unshored_antipart,"WAILY_LATRICIA"); unsuppressible_esne = unshored_antipart; chilicote_kalends[5] = unsuppressible_esne; underbubble_colourtype[1] = 5; hainanese_illumining = *(chilicote_kalends + underbubble_colourtype[1]); free(((char *)hainanese_illumining)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&unshored_antipart,"WAILY_LATRICIA"); unsuppressible_esne = unshored_antipart; chilicote_kalends[5] = unsuppressible_esne; hainanese_illumining = *(chilicote_kalends + underbubble_colourtype[1]); free(((char *)hainanese_illumining)); 0 --------------------------------- 4905 153219/color.c cppfunc 346 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 4906 153219/color.c cppfunc 348 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 4907 153403/error.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4908 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c cppfunc 89 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 4909 71492/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_64.c cppfunc 158 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 4910 66623/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_08.c cppfunc 80 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4911 67752/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_68.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4912 153177/portalmem.c cppfunc 127 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4913 79513/CWE134_Uncontrolled_Format_String__char_console_snprintf_53.c inputfunc 47 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_53b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_53b_badSink(char * data); 0 --------------------------------- 4914 73005/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_14.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 4915 72066/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_62.cpp cppfunc 66 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4916 67437/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_65.c cppfunc 54 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4917 67314/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_11.c cppfunc 80 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4918 153703/tile-swap.c cppfunc 999 void offsprings_azotic(char *preodorous_ulani) balloons_contamination(preodorous_ulani); void balloons_contamination(char *debtee_kurr) free(((char *)debtee_kurr)); 0 --------------------------------- 4919 110486/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_52.c cppfunc 170 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_52c_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4920 153005/ffmpeg.c cppfunc 161 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 4921 153005/ffmpeg.c cppfunc 163 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4922 66305/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_42.c cppfunc 26 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 4923 148923/strutil.c cppfunc 633 oid_str_to_bytes(const char *oid_str, GByteArray *bytes) { p = oid_str; if (!isdigit((guchar)*p) && (*p != '.')) return FALSE; 0 --------------------------------- 4924 153743/stream.c cppfunc 138 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4925 62585/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_32.c cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4926 153293/timestamp.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4927 153348/mutex.c cppfunc 235 catalyzing_slumberously = excellency_brooklike(terena_bustards); archcape_sublimations(mesodesmidae_picot,catalyzing_slumberously); archcape_sublimations(woon_taurid,wilkison_spoonily); void archcape_sublimations(int woon_taurid,char *wilkison_spoonily) free(((char *)wilkison_spoonily)); 0 --------------------------------- 4928 67719/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_08.cpp inputfunc 110 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 4929 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c cppfunc 105 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 4930 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c cppfunc 102 data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 4931 71374/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_15.c cppfunc 106 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 4932 69203/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_04.cpp cppfunc 102 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 4933 148881/packet-http.c cppfunc 1988 process_header(tvbuff_t *tvb, int offset, int next_offset, const guchar *line, int linelen, int colon_offset, line_end_offset = offset + linelen; header_name = se_strndup(&line[0], header_len); value = ep_strndup(&line[value_offset - offset], value_len); value_offset = colon_offset + 1; value_offset++; value_len = line_end_offset - value_offset; value = ep_strndup(&line[value_offset - offset], value_len); tmp=strtol(value, NULL, 10); 0 --------------------------------- 4934 66522/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_03.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4935 73075/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_63.c cppfunc 136 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 4936 71409/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_02.c cppfunc 96 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4937 62974/CWE121_Stack_Based_Buffer_Overflow__CWE135_43.cpp cppfunc 73 data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 4938 72744/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68.c cppfunc 149 data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68b_goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68_goodG2BData; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 4939 110514/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_11.c cppfunc 166 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4940 67740/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_45.cpp cppfunc 270 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4941 153482/color.c cppfunc 344 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 4942 1578/into4-ok.c cppfunc 47 main(int argc, char **argv) n = strtoul(argv[1], 0, 10); test(n); test(unsigned int n) int *buf, i; buf = malloc(n * sizeof *buf); for(i = 0; i < n; i++) buf[i] = i; printf("%x ", buf[i]); free(buf); 0 --------------------------------- 4943 153325/aviobuf.c cppfunc 1023 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *jazziness_aroynted; stonesoup_read_taint(&jazziness_aroynted,"FAIL_PICHICIEGO"); columniferous_taborite = ((int )(strlen(jazziness_aroynted))); bushmaster_cachucho = ((char *)(malloc(columniferous_taborite + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&jazziness_aroynted,"FAIL_PICHICIEGO"); columniferous_taborite = ((int )(strlen(jazziness_aroynted))); bushmaster_cachucho = ((char *)(malloc(columniferous_taborite + 1))); 0 --------------------------------- 4944 70404/CWE122_Heap_Based_Buffer_Overflow__CWE135_05.c cppfunc 150 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 4945 62970/CWE121_Stack_Based_Buffer_Overflow__CWE135_33.cpp cppfunc 91 void * &dataRef = data; void * data = dataRef; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4946 72777/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_42.c cppfunc 58 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 4947 72407/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67.c cppfunc 134 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67_structType myStruct) char * data = myStruct.structFirst; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 4948 153333/utils.c cppfunc 97 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4949 72387/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22.c cppfunc 67 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_goodG2B1Source(data); strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 4950 69747/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_22.cpp cppfunc 210 data = new wchar_t[100]; data = goodG2B2Source(data); wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 4951 70640/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_01.c cppfunc 181 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 4952 153184/cryptlib.c cppfunc 817 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *schoolyard_unfluid; stonesoup_read_taint(&schoolyard_unfluid,"SAMBOS_TUCKERMANITY"); hygrophyte_wormroot = &schoolyard_unfluid; sarraute_consonance(unconversant_nonspecie,hygrophyte_wormroot); sarraute_consonance(spoutiness_heptachord,oxybenzyl_mislikers); void sarraute_consonance(int spoutiness_heptachord,char **oxybenzyl_mislikers) free(((char *)( *oxybenzyl_mislikers))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&schoolyard_unfluid,"SAMBOS_TUCKERMANITY"); hygrophyte_wormroot = &schoolyard_unfluid; sarraute_consonance(unconversant_nonspecie,hygrophyte_wormroot); 0 --------------------------------- 4953 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c cppfunc 156 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 4954 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c cppfunc 153 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 4955 110518/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_15.c cppfunc 173 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 4956 153733/column.c cppfunc 1245 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int gibbous_intercessive = 1001; char *valoniah_hup; stonesoup_read_taint(&valoniah_hup,"8039",gibbous_intercessive); enflamed_englished = valoniah_hup; reweigh_turbination[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *decadron_laved)))))))))))))))))))))))))))))))))))))))))))))))))] = enflamed_englished; minimising_micrography = reweigh_turbination[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *decadron_laved)))))))))))))))))))))))))))))))))))))))))))))))))]; free(((char *)minimising_micrography)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&valoniah_hup,"8039",gibbous_intercessive); enflamed_englished = valoniah_hup; reweigh_turbination[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *decadron_laved)))))))))))))))))))))))))))))))))))))))))))))))))] = enflamed_englished; minimising_micrography = reweigh_turbination[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *decadron_laved)))))))))))))))))))))))))))))))))))))))))))))))))]; free(((char *)minimising_micrography)); 0 --------------------------------- 4957 153526/pgstat.c inputfunc 485 if (recv(pgStatSock,(&test_byte),1,0) != 1) { test_byte++; if (test_byte != ((char )199)) { 0 --------------------------------- 4958 153003/cmdutils.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4959 152882/subtrans.c cppfunc 149 melancholy_dauded = inhabitation_retaliate(unsticked_hoplonemertea); valinch_forums(kists_oxyhydric,melancholy_dauded); valinch_forums(arteriometer_inordinacy,calusa_pacate); void valinch_forums(int arteriometer_inordinacy,char *calusa_pacate) premen_abstrude = ((char *)calusa_pacate); stonesoup_buffer = malloc((strlen(premen_abstrude) + 1) * sizeof(char )); strcpy(stonesoup_buffer,premen_abstrude); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 4960 72877/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_51.c cppfunc 141 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_51b_goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 4961 153344/utf.c cppfunc 118 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4962 75643/CWE126_Buffer_Overread__CWE129_connect_socket_82a.cpp inputfunc 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 4963 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c cppfunc 73 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 4964 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c cppfunc 76 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4965 199275/invalid_memory_access.c cppfunc 315 int index[4] = {3, 5, 4, 6}; ptr = (int *)malloc(sizeof(int) * 4); ptr[i] = index[i]; free(ptr); 0 --------------------------------- 4966 72284/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_13.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 4967 153531/emem.c cppfunc 171 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4968 153534/string.c cppfunc 129 void tesselate_hulled(int imager_upgrading,char *scolopendridae_oregano) underbrace_adp = ((char *)scolopendridae_oregano); stonesoup_buffer = malloc((strlen(underbrace_adp) + 1) * sizeof(char )); strcpy(stonesoup_buffer,underbrace_adp); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 4969 152873/portalmem.c cppfunc 130 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4970 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 4971 153437/portalmem.c cppfunc 137 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4972 152924/column.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4973 72768/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_17.c cppfunc 70 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 4974 153416/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 4975 62591/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_44.c cppfunc 60 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 4976 153391/ffmpeg.c cppfunc 154 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4977 153069/tile.c cppfunc 73 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 4978 153467/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 4979 71425/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_18.c cppfunc 40 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 4980 67333/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_51.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4981 153219/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 4982 153219/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 4983 153219/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 4984 67753/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_72.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4985 153068/aviobuf.c cppfunc 86 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 4986 67307/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_04.c cppfunc 87 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 4987 153449/heapam.c cppfunc 100 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4988 153819/color.c cppfunc 145 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *champion_adamello) royalising_resaw = ((char *)champion_adamello); stonesoup_buffer = malloc((strlen(royalising_resaw) + 1) * sizeof(char )); strcpy(stonesoup_buffer,royalising_resaw); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 4989 1296/iquery-ok.c cppfunc 187 int main(int argc, char **argv){ f = fopen (argv[1], "r"); assert(f!=NULL); 0 --------------------------------- 4990 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c inputfunc 145 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 4991 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c cppfunc 76 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 4992 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c cppfunc 73 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 4993 73545/CWE123_Write_What_Where_Condition__listen_socket_74.cpp cppfunc 101 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 4994 67715/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_04.cpp inputfunc 215 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 4995 153387/subtrans.c cppfunc 127 stonesoup_read_taint(&gnaphalium_sialid,"CHROMITE_ROSTRATED"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 4996 153109/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 4997 153193/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 4998 72172/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_81_bad.cpp cppfunc 34 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 4999 62978/CWE121_Stack_Based_Buffer_Overflow__CWE135_52.c cppfunc 212 void CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5000 153167/color.c cppfunc 373 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 5001 110529/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_42.c cppfunc 74 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5002 70659/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22.c cppfunc 512 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5003 70778/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_73.cpp cppfunc 173 list dataList; data = (char *)malloc((10+1)*sizeof(char)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5004 70481/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_61.c cppfunc 116 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5005 110675/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_44.cpp cppfunc 56 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5006 153752/heapam.c cppfunc 127 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5007 153752/heapam.c cppfunc 124 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5008 153593/color.c cppfunc 363 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 5009 153752/heapam.c cppfunc 120 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5010 153393/pgstat.c inputfunc 3380 if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); memcpy(dbentry,(&dbbuf),sizeof(PgStat_StatDBEntry )); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); FreeFile(fpin); 0 --------------------------------- 5011 153436/mux.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5012 153436/mux.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5013 62588/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_41.c cppfunc 141 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5014 70917/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_65.c cppfunc 148 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_65b_goodG2BSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5015 67308/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_05.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5016 72747/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_74.cpp cppfunc 167 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 5017 153187/cmdline.c cppfunc 109 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5018 153118/e_bf.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5019 153187/cmdline.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5020 153118/e_bf.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5021 153707/cryptlib.c cppfunc 186 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 5022 153445/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5023 153790/mem_dbg.c cppfunc 481 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *fascism_dilatative; stonesoup_read_taint(&fascism_dilatative,"HYPING_BONDSERVANT"); melber_limbering = &fascism_dilatative; stelai_forras = melber_limbering + 5; free(((char *)( *(stelai_forras - 5)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&fascism_dilatative,"HYPING_BONDSERVANT"); melber_limbering = &fascism_dilatative; stelai_forras = melber_limbering + 5; free(((char *)( *(stelai_forras - 5)))); 0 --------------------------------- 5024 66618/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_03.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5025 153793/color.c cppfunc 121 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5026 67717/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_06.cpp cppfunc 200 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5027 152870/stream.c cppfunc 105 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5028 69164/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_13.cpp cppfunc 94 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 5029 153306/error.c cppfunc 105 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 5030 153047/color.c cppfunc 611 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int biasing_rhymic = 91; char *atelic_hexaseme; stonesoup_read_taint(&atelic_hexaseme,"8146",biasing_rhymic); free(((char *)atelic_hexaseme)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&atelic_hexaseme,"8146",biasing_rhymic); free(((char *)atelic_hexaseme)); 0 --------------------------------- 5031 70505/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_10.c cppfunc 130 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5032 67421/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_32.c cppfunc 63 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5033 110320/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_09.c cppfunc 153 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5034 72010/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_43.cpp cppfunc 75 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5035 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c inputfunc 98 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 5036 153161/cryptlib.c cppfunc 188 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5037 153161/cryptlib.c cppfunc 184 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5038 62966/CWE121_Stack_Based_Buffer_Overflow__CWE135_21.c cppfunc 77 data = (void *)WIDE_STRING; goodB2G1Sink(data); static void goodB2G1Sink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 5039 153112/utils.c cppfunc 66 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5040 79418/CWE134_Uncontrolled_Format_String__char_console_fprintf_54.c inputfunc 94 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_54b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54b_goodB2GSink(char * data); 0 --------------------------------- 5041 66240/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_09.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5042 73706/CWE124_Buffer_Underwrite__CWE839_listen_socket_13.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5043 70526/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52.c cppfunc 80 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5044 70648/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_09.c cppfunc 304 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5045 66527/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_08.c cppfunc 45 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5046 70911/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53.c cppfunc 238 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53d_badSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5047 70670/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52.c cppfunc 401 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5048 153406/subtrans.c cppfunc 447 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *sherpas_symphonetic) wigging_capuched = sherpas_symphonetic; recodification_quindecima[ *( *( *( *( *( *( *( *( *( *evocate_potlatched)))))))))] = wigging_capuched; tabourets_sciuromorphic = recodification_quindecima[ *( *( *( *( *( *( *( *( *( *evocate_potlatched)))))))))]; free(((char *)tabourets_sciuromorphic)); 0 --------------------------------- 5049 66320/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_68.c cppfunc 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5050 148923/strutil.c cppfunc 469 is_byte_sep(guint8 c) q = p+1; && isxdigit(*p) && isxdigit(*q) && if (is_byte_sep(*punct)) { p = punct; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q + 1; else if (!*q && isxdigit(*p)) { p = q; else if (!*q && isxdigit(*p)) { hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; s = p+3; isxdigit(*r) && isxdigit(*s)) { punct = s + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { else if (!*q && isxdigit(*p)) { p = q; else if (!*q && isxdigit(*p)) { 0 --------------------------------- 5051 153023/avpacket.c cppfunc 53 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5052 153384/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5053 153732/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5054 110526/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_33.cpp cppfunc 165 int &dataRef = data; int data = dataRef; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5055 65165/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_14.c cppfunc 71 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 5056 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c cppfunc 94 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 5057 110513/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_10.c cppfunc 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5058 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c cppfunc 91 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 5059 153769/utils.c cppfunc 891 jmp_buf bassette_goffering; epithelia_vrc = setjmp(bassette_goffering); longjmp(bassette_goffering,1); 0 --------------------------------- 5060 153602/img2.c cppfunc 72 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5061 66336/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_09.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5062 70905/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_42.c cppfunc 73 data = (char *)malloc((10+1)*sizeof(char)); return data; data = goodG2BSource(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5063 153122/gimpdialogfactory.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5064 72642/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_62.cpp cppfunc 62 data[50-1] = L'\0'; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 5065 79493/CWE134_Uncontrolled_Format_String__char_console_snprintf_12.c inputfunc 139 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 5066 73034/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_73.cpp cppfunc 148 void badSink(list dataList) char * data = dataList.back(); strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 5067 71431/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_34.c cppfunc 48 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 5068 153089/string.c cppfunc 557 risibleness_carla = getenv("SYNARTESIS_ANCIENNETE"); surculi_cullionly = ((int )(strlen(risibleness_carla))); tupian_retrogressing = ((char *)(malloc(surculi_cullionly + 1))); 0 --------------------------------- 5069 72956/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_13.c cppfunc 71 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 5070 70959/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53.c cppfunc 238 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53d_badSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 5071 110538/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_62.cpp cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5072 66291/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_12.c cppfunc 69 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5073 65204/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_13.c cppfunc 95 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 5074 153715/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 5075 153309/mux.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5076 153775/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5077 153590/utf.c cppfunc 129 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5078 72194/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_21.c cppfunc 127 static wchar_t * goodG2B2Source(wchar_t * data) data = NULL; data = goodG2B2Source(data); data[0] = L'\0'; return data; data = goodG2B2Source(data); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 5079 153590/utf.c cppfunc 127 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5080 62746/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_66.c cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5081 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c cppfunc 225 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 5082 153231/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5083 66245/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_14.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5084 153601/color.c cppfunc 359 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 5085 110541/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_65.c cppfunc 257 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_65b_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5086 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 5087 66637/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_32.c cppfunc 69 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5088 148821/Element.cpp cppfunc 1500 CSSSelectorList selectorList; p.parseSelector(selector, document(), selectorList); if (!selectorList.first()) { if (selectorList.selectorsNeedNamespaceResolution()) { for (CSSSelector* selector = selectorList.first(); selector; selector = CSSSelectorList::next(selector)) { if (selectorChecker.checkSelector(selector, this)) for (CSSSelector* selector = selectorList.first(); selector; selector = CSSSelectorList::next(selector)) { 0 --------------------------------- 5089 153041/resowner.c cppfunc 1163 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *conglobulate_tauchnitz; stonesoup_read_taint(&conglobulate_tauchnitz,"REBBA_BRACHIOTOMY"); hirling_morcha = ((int )(strlen(conglobulate_tauchnitz))); sergeantship_nondoubting = ((char *)(malloc(hirling_morcha + 1))); memset(sergeantship_nondoubting,0,hirling_morcha + 1); memcpy(sergeantship_nondoubting,conglobulate_tauchnitz,hirling_morcha); WITHER_PREFRANKNESS(sergeantship_nondoubting); void morea_werefox(char *demonetizes_paronym) free(((char *)demonetizes_paronym)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&conglobulate_tauchnitz,"REBBA_BRACHIOTOMY"); hirling_morcha = ((int )(strlen(conglobulate_tauchnitz))); memcpy(sergeantship_nondoubting,conglobulate_tauchnitz,hirling_morcha); WITHER_PREFRANKNESS(sergeantship_nondoubting); 0 --------------------------------- 5090 72876/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_45.c cppfunc 66 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_45_goodG2BData; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5091 110323/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_12.c cppfunc 159 data = 20; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5092 110517/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_14.c cppfunc 192 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5093 153314/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5094 153314/color.c cppfunc 90 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5095 153211/mutex.c cppfunc 149 evinces_cowan = getenv("TRAINMASTER_ANTIFOULING"); stiacciato_snorkeler = ((int )(strlen(evinces_cowan))); nonperceptional_deployed = ((char *)(malloc(stiacciato_snorkeler + 1))); 0 --------------------------------- 5096 152870/stream.c cppfunc 80 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5097 152870/stream.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5098 110383/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_34.c cppfunc 94 CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_34_unionType myUnion; int data = myUnion.unionSecond; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5099 72453/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_65.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_65b_badSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5100 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c cppfunc 381 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 5101 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c cppfunc 384 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 5102 1292/sig-ok.c cppfunc 598 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); 0 --------------------------------- 5103 153345/eng_table.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5104 73079/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67.c cppfunc 150 CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67_structType myStruct; data[50-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 5105 67402/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_03.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5106 66328/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_01.c cppfunc 56 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5107 70419/CWE122_Heap_Based_Buffer_Overflow__CWE135_22.c cppfunc 242 dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_22_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_22_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5108 66265/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_61.c cppfunc 137 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 5109 153624/color.c cppfunc 351 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 5110 153399/cmdline.c cppfunc 1184 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *rld_bushido; stonesoup_read_taint(&rld_bushido,"REVERTIBILITY_MER"); cotuit_propos[10] = rld_bushido; vallecula_serc = cotuit_propos; barnful_admixture(brennschluss_janok,vallecula_serc); barnful_admixture(sauncier_sizably,dampcourse_cetiosauria); void barnful_admixture(int sauncier_sizably,char **dampcourse_cetiosauria) free(((char *)dampcourse_cetiosauria[10])); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&rld_bushido,"REVERTIBILITY_MER"); cotuit_propos[10] = rld_bushido; vallecula_serc = cotuit_propos; barnful_admixture(brennschluss_janok,vallecula_serc); 0 --------------------------------- 5111 153783/string.c cppfunc 1157 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *anticivism_buggery; stonesoup_read_taint(&anticivism_buggery,"IERNA_KOHN"); brillouin_keefs(olav_dumbfounded,anticivism_buggery); brillouin_keefs(tysonite_meninting,parished_oira); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&anticivism_buggery,"IERNA_KOHN"); brillouin_keefs(olav_dumbfounded,anticivism_buggery); void brillouin_keefs(int tysonite_meninting,char *parished_oira) free(((char *)parished_oira)); 0 --------------------------------- 5112 70647/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_08.c cppfunc 317 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5113 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c cppfunc 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 5114 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c cppfunc 88 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 5115 70533/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_65.c cppfunc 179 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5116 153671/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5117 153671/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5118 153416/color.c cppfunc 118 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5119 152884/mem_dbg.c cppfunc 753 static void print_leak_LHASH_DOALL_ARG(void *arg1,void *arg2) const MEM *a = arg1; print_leak_doall_arg(a,b); static void print_leak_doall_arg(const MEM *m,MEM_LEAK *l) lcl = localtime(&m -> time); 0 --------------------------------- 5120 153671/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5121 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c cppfunc 124 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 5122 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c cppfunc 127 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5123 153423/error.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5124 110819/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_44.cpp cppfunc 99 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5125 70868/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_64.c cppfunc 131 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5126 67611/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_74.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5127 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c inputfunc 113 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 5128 1297/crackaddr-bad.c cppfunc 322 register char *addr; char address[100]; scanf("%99s", address); res_addr = crackaddr(address); addr++; p = addrhead = addr; p++; while ((c = *p++) != ':') *bp++ = *p++; p++; while ((c = *p++) != '<') while ((c = *p++) != '\0') if ((c = *p++) == '\0') p--; p++; while (isascii((int) *--p) && isspace((int) *p)) 0 --------------------------------- 5129 71417/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_10.c cppfunc 96 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 5130 73296/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_33.cpp cppfunc 60 int64_t * &dataRef = data; int64_t * data = dataRef; printLongLongLine(*data); free(data); 0 --------------------------------- 5131 70751/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_16.c cppfunc 67 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5132 153479/file_wrappers.c cppfunc 128 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5133 110399/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67.c cppfunc 150 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67b_badSink(CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67_structType myStruct) int data = myStruct.structFirst; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5134 72818/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_21.c cppfunc 121 static char * goodG2B2Source(char * data) data = NULL; data = goodG2B2Source(data); data[0] = '\0'; return data; data = goodG2B2Source(data); strcat(data, source); printLine(data); free(data); 0 --------------------------------- 5135 66333/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_06.c cppfunc 90 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5136 153599/mem_dbg.c cppfunc 226 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5137 153153/subtrans.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5138 70670/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5139 153153/subtrans.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5140 70436/CWE122_Heap_Based_Buffer_Overflow__CWE135_64.c cppfunc 171 void CWE122_Heap_Based_Buffer_Overflow__CWE135_64b_goodG2BSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5141 71113/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_72.cpp cppfunc 157 void badSink(vector dataVector) wchar_t * data = dataVector[2]; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 5142 70527/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53.c cppfunc 318 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5143 110374/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_15.c cppfunc 97 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5144 73702/CWE124_Buffer_Underwrite__CWE839_listen_socket_09.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5145 153623/ffmpeg.c cppfunc 153 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5146 79527/CWE134_Uncontrolled_Format_String__char_console_snprintf_82a.cpp inputfunc 38 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject->action(data); virtual void action(char * data) = 0; 0 --------------------------------- 5147 70498/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_03.c cppfunc 130 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5148 153559/avpacket.c cppfunc 71 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5149 69846/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_33.cpp cppfunc 62 int * &dataRef = data; int * data = dataRef; memcpy(data, source, 10*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 5150 153334/color.c cppfunc 331 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 5151 153378/stream.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5152 153378/stream.c cppfunc 117 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5153 153378/stream.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5154 148881/packet-http.c cppfunc 2061 char *p; eh_ptr->content_length = strtol(value, &p, 10); up = (guchar *)p; (*up != '\0' && !isspace(*up))) { 0 --------------------------------- 5155 72764/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_13.c cppfunc 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 5156 199236/buffer_underrun_dynamic.c cppfunc 654 char* destbuf=(char*) malloc(10*sizeof(char)); strncpy(&destbuf[loc],&srcbuf[loc],1); free(destbuf); 0 --------------------------------- 5157 72410/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_73.cpp cppfunc 167 list dataList; data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5158 153255/pmsignal.c cppfunc 120 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5159 66544/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_41.c cppfunc 67 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5160 70921/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_72.cpp cppfunc 157 void badSink(vector dataVector) char * data = dataVector[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5161 79499/CWE134_Uncontrolled_Format_String__char_console_snprintf_18.c inputfunc 93 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 5162 152971/utils.c cppfunc 923 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; struct jumpmaster_agraphias diffraction_unhermitically; int pharyngobranch_subvocally = 20; char *balloters_restudies; stonesoup_read_taint(&balloters_restudies,"2655",pharyngobranch_subvocally); diffraction_unhermitically . mayoralties_algaeologist = ((char *)balloters_restudies); lenitive_faculative[ *( *( *( *( *( *( *( *( *( *aftaba_lairdship)))))))))] = diffraction_unhermitically; cravened_erogenesis = lenitive_faculative[ *( *( *( *( *( *( *( *( *( *aftaba_lairdship)))))))))]; free(((char *)cravened_erogenesis . mayoralties_algaeologist)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&balloters_restudies,"2655",pharyngobranch_subvocally); diffraction_unhermitically . mayoralties_algaeologist = ((char *)balloters_restudies); cravened_erogenesis = lenitive_faculative[ *( *( *( *( *( *( *( *( *( *aftaba_lairdship)))))))))]; free(((char *)cravened_erogenesis . mayoralties_algaeologist)); 0 --------------------------------- 5163 153813/config.c cppfunc 95 size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5164 153736/types.c cppfunc 50 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5165 153813/config.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5166 153813/config.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5167 153736/types.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5168 149075/mem3-bad.c cppfunc 38 main(int argc, char **argv) userstr = argv[1]; p = test(userstr); test(char *str) p = strdup(str); printf("result: %s\n", p); free(p); 0 --------------------------------- 5169 72403/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_63.c cppfunc 138 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5170 153673/config.c cppfunc 108 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5171 70649/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_10.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5172 72810/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_11.c cppfunc 93 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 5173 70954/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_43.cpp cppfunc 74 data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 5174 70766/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52.c cppfunc 183 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52c_badSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5175 153241/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5176 153584/pmsignal.c cppfunc 141 int aerie_breedbate = 596; stonesoup_read_taint(&substitutes_moire,"3532",aerie_breedbate); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 5177 152940/cmdutils.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5178 152940/cmdutils.c cppfunc 111 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5179 71188/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_31.c cppfunc 68 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t * dataCopy = data; wchar_t * data = dataCopy; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 5180 70485/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_65.c cppfunc 368 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5181 153546/dirent_uri.c inputfunc 136 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&wobbler_eutechnics,"CRUDDLE_UNIDEATED"); if (wobbler_eutechnics != 0) {; agaonidae_lymphorrhage . berryville_counterly = ((char *)wobbler_eutechnics); mortiser_resorting = &agaonidae_lymphorrhage; ribbonfish_tufts = mortiser_resorting + 5; 0 --------------------------------- 5182 153245/e_bf.c cppfunc 246 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *magnetons_ice;; stonesoup_read_taint(&magnetons_ice,"WESKER_ZAPS"); thalian_malleating = ((int )(strlen(magnetons_ice))); memcpy(preciosities_protomorph,magnetons_ice,thalian_malleating); free(((char *)magnetons_ice)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&magnetons_ice,"WESKER_ZAPS"); thalian_malleating = ((int )(strlen(magnetons_ice))); memcpy(preciosities_protomorph,magnetons_ice,thalian_malleating); free(((char *)magnetons_ice)); 0 --------------------------------- 5183 153546/dirent_uri.c cppfunc 133 stonesoup_read_taint(&wobbler_eutechnics,"CRUDDLE_UNIDEATED"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 5184 153077/file_wrappers.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5185 70510/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_15.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5186 66600/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5187 72146/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_21.c cppfunc 51 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5188 70405/CWE122_Heap_Based_Buffer_Overflow__CWE135_06.c cppfunc 149 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5189 153118/e_bf.c cppfunc 110 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5190 153118/e_bf.c cppfunc 112 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5191 153709/ffmpeg.c cppfunc 180 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5192 71209/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_72.cpp cppfunc 157 void badSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 5193 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c cppfunc 82 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 5194 66236/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_05.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5195 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c cppfunc 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 5196 67319/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_16.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 5197 110361/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_02.c cppfunc 116 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5198 110463/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_08.c cppfunc 117 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5199 199275/invalid_memory_access.c cppfunc 423 invalid_memory_access_013_s_001_s_gbl = (invalid_memory_access_013_s_001 *)calloc(1,sizeof(invalid_memory_access_013_s_001)); invalid_memory_access_013_s_001_s_gbl->a = 20; invalid_memory_access_013_s_001_s_gbl->b = 20; invalid_memory_access_013_s_001_s_gbl->uninit = 20; invalid_memory_access_013_func_001 (1); ret = invalid_memory_access_013_func_002 (1); free(invalid_memory_access_013_s_001_s_gbl); 0 --------------------------------- 5200 79454/CWE134_Uncontrolled_Format_String__char_console_printf_31.c inputfunc 97 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; printf("%s\n", data); 0 --------------------------------- 5201 67325/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_32.c cppfunc 63 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5202 70681/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_72.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5203 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c cppfunc 354 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 5204 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c cppfunc 351 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51b_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 5205 72772/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_31.c cppfunc 69 data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 5206 71424/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_17.c cppfunc 70 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 5207 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c cppfunc 349 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 5208 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c cppfunc 346 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 5209 153599/mem_dbg.c cppfunc 253 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5210 70871/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67.c cppfunc 160 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67_structType myStruct; data = (char *)malloc((10+1)*sizeof(char)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67_structType myStruct) char * data = myStruct.structFirst; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5211 8/Doubly_freeing_memory.c cppfunc 16 buf1R2 = (char *) malloc(BUFSIZE1); strncpy(buf1R2, argv[1], BUFSIZE1-1); free(buf1R2); 0 --------------------------------- 5212 8/Doubly_freeing_memory.c cppfunc 15 buf2R1 = (char *) malloc(BUFSIZE2); free(buf2R1); free(buf2R1); 0 --------------------------------- 5213 69747/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_22.cpp cppfunc 90 data = new wchar_t[100]; data = goodG2B2Source(data); wchar_t * goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B2Source(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 5214 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c cppfunc 141 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 5215 153809/img2.c cppfunc 70 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5216 71931/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_74.cpp cppfunc 151 void badSink(map dataMap) twoIntsStruct * data = dataMap[2]; memmove(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 5217 110655/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_08.cpp cppfunc 52 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5218 153247/conversation.c cppfunc 121 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5219 73700/CWE124_Buffer_Underwrite__CWE839_listen_socket_07.c cppfunc 297 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5220 153155/hashfn.c cppfunc 75 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5221 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c cppfunc 31 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 5222 153014/error.c cppfunc 102 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5223 73178/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_73.cpp cppfunc 148 void badSink(list dataList) wchar_t * data = dataList.back(); wcscpy(dest, data); printWLine(data); free(data); 0 --------------------------------- 5224 72853/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_06.c cppfunc 75 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5225 70650/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_11.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5226 70531/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63.c cppfunc 210 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5227 153009/utils.c cppfunc 4806 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; sid = (strtol(spec + 1,&endptr,0)); 0 --------------------------------- 5228 79431/CWE134_Uncontrolled_Format_String__char_console_fprintf_82a.cpp inputfunc 38 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject->action(data); virtual void action(char * data) = 0; 0 --------------------------------- 5229 62986/CWE121_Stack_Based_Buffer_Overflow__CWE135_66.c cppfunc 146 void CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_badSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5230 62584/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_31.c cppfunc 35 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5231 62577/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_14.c cppfunc 137 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5232 70532/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5233 72136/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_09.c cppfunc 73 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5234 70532/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64.c inputfunc 35 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64b_badSink(void * dataVoidPtr); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64b_badSink(&data); 0 --------------------------------- 5235 153108/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5236 153108/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5237 153108/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5238 66355/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_44.c cppfunc 47 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5239 73078/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_66.c cppfunc 125 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 5240 72995/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_04.c cppfunc 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 5241 62745/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_65.c cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5242 72152/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_41.c cppfunc 61 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5243 72436/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_31.c cppfunc 65 data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5244 153600/tile.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5245 70884/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_05.c cppfunc 79 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5246 110468/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_13.c cppfunc 77 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5247 71385/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_42.c cppfunc 72 data[0] = '\0'; return data; data = goodG2BSource(data); strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 5248 152869/conversation.c inputfunc 147 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&affects_acas,"CRUCIS_REASSEMBLING"); if (affects_acas != 0) {; 0 --------------------------------- 5249 70497/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_02.c cppfunc 149 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5250 70674/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_62.cpp cppfunc 132 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5251 153770/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5252 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c cppfunc 87 static void goodB2GVaSinkG(char * data, ...) char dataBuffer[100] = ""; data = dataBuffer; goodB2GVaSinkG(data, data); size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 5253 152915/bufmgr.c cppfunc 111 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5254 153592/main_filter_toolbar.c cppfunc 488 char *teleologist_hazzanim = 0; aggrieve_ahmeek(&teleologist_hazzanim); joly_adaiha(teleologist_hazzanim); void joly_adaiha(char *const herbless_climatography) fanestil_unboraxed[1] = herbless_climatography; free(((char *)((char *)fanestil_unboraxed[1]))); 0 --------------------------------- 5255 153109/color.c cppfunc 378 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 5256 110539/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_63.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5257 72996/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_05.c cppfunc 74 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 5258 153718/hashfn.c cppfunc 82 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5259 72381/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_14.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5260 79409/CWE134_Uncontrolled_Format_String__char_console_fprintf_34.c inputfunc 45 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myUnion.unionFirst = data; 0 --------------------------------- 5261 153406/subtrans.c cppfunc 77 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5262 153562/color.c cppfunc 368 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 5263 72756/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_05.c cppfunc 80 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 5264 66582/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_15.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5265 152906/tile.c cppfunc 311 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int luny_dungan = 20; char *alehoof_nagualism; stonesoup_read_taint(&alehoof_nagualism,"8966",luny_dungan); strawy_jesuist = ((int )(strlen(alehoof_nagualism))); memcpy(conidiophorous_paraebius,alehoof_nagualism,strawy_jesuist); free(((char *)alehoof_nagualism)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&alehoof_nagualism,"8966",luny_dungan); strawy_jesuist = ((int )(strlen(alehoof_nagualism))); memcpy(conidiophorous_paraebius,alehoof_nagualism,strawy_jesuist); free(((char *)alehoof_nagualism)); 0 --------------------------------- 5266 72279/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_08.c cppfunc 104 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5267 152925/eng_lib.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5268 62985/CWE121_Stack_Based_Buffer_Overflow__CWE135_65.c cppfunc 139 void CWE121_Stack_Based_Buffer_Overflow__CWE135_65b_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 5269 71622/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_33.cpp cppfunc 62 int64_t * &dataRef = data; int64_t * data = dataRef; memmove(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 5270 153509/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 5271 153211/mutex.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5272 153211/mutex.c cppfunc 52 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5273 153211/mutex.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5274 153346/img2.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5275 153346/img2.c cppfunc 55 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5276 153367/dirent_uri.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5277 153615/portalmem.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5278 73021/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_51.c cppfunc 137 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_51b_goodG2BSink(char * data) strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 5279 153024/utils.c cppfunc 124 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); pyrolytic_desmodactyli[1] = 5; mlechchha_unobdurate = *(huang_whiteclay + pyrolytic_desmodactyli[1]); muleteers_sideshows = ((char *)mlechchha_unobdurate); stonesoup_buffer = malloc((strlen(muleteers_sideshows) + 1) * sizeof(char )); strcpy(stonesoup_buffer,muleteers_sideshows); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_handle_taint(char *brett_legitimisation) huang_whiteclay[5] = brett_legitimisation; mlechchha_unobdurate = *(huang_whiteclay + pyrolytic_desmodactyli[1]); muleteers_sideshows = ((char *)mlechchha_unobdurate); stonesoup_buffer = malloc((strlen(muleteers_sideshows) + 1) * sizeof(char )); strcpy(stonesoup_buffer,muleteers_sideshows); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 5280 66358/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_52.c cppfunc 57 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5281 70683/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_74.cpp cppfunc 401 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5282 72102/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_33.cpp cppfunc 70 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 5283 153202/bio_err.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5284 69212/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_13.cpp cppfunc 96 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 5285 153385/portalmem.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5286 70462/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_15.c cppfunc 254 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5287 153703/tile-swap.c cppfunc 653 void stonesoup_handle_taint(char *antipode_winkelried) boatel_macron = ((int )(strlen(antipode_winkelried))); leptorrhinian_condensability = ((char *)(malloc(boatel_macron + 1))); 0 --------------------------------- 5288 110460/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_05.c cppfunc 84 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5289 153455/color.c cppfunc 89 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5290 153600/tile.c cppfunc 88 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5291 67419/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22.c cppfunc 191 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22_goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 5292 1506/Figure4-12-unix.c cppfunc 33 int main(int argc, char *argv[]) first = malloc(666); strcpy(first, argv[1]); free(first); 0 --------------------------------- 5293 70453/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_06.c cppfunc 241 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5294 153363/column-utils.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5295 67436/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_64.c cppfunc 50 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5296 110397/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_65.c cppfunc 161 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_65b_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5297 153714/bio_err.c cppfunc 147 int liripipe_pizzles = 53; stonesoup_read_taint(&contours_giraffoid,"4199",liripipe_pizzles); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 5298 153741/color.c cppfunc 608 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *misnomers_archdukedom) free(((char *)misnomers_archdukedom)); 0 --------------------------------- 5299 70956/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_45.c cppfunc 68 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_45_goodG2BData; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 5300 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c cppfunc 228 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 5301 67400/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_01.c cppfunc 29 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5302 110379/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22.c cppfunc 102 data = -1; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22_goodG2B2Source(data); data = 20; return data; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22_goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); int CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22_goodG2B2Source(int data) return data; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22_goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5303 153587/conf_mod.c cppfunc 123 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5304 153587/conf_mod.c cppfunc 125 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5305 72883/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_63.c cppfunc 121 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5306 72377/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_10.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5307 65404/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_13.c cppfunc 71 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 5308 153184/cryptlib.c cppfunc 234 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *schoolyard_unfluid; stonesoup_read_taint(&schoolyard_unfluid,"SAMBOS_TUCKERMANITY"); hygrophyte_wormroot = &schoolyard_unfluid; sarraute_consonance(unconversant_nonspecie,hygrophyte_wormroot); sarraute_consonance(spoutiness_heptachord,oxybenzyl_mislikers); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&schoolyard_unfluid,"SAMBOS_TUCKERMANITY"); hygrophyte_wormroot = &schoolyard_unfluid; sarraute_consonance(unconversant_nonspecie,hygrophyte_wormroot); void sarraute_consonance(int spoutiness_heptachord,char **oxybenzyl_mislikers) belched_ektenes = ((char *)( *oxybenzyl_mislikers)); stonesoup_buffer = malloc((strlen(belched_ektenes) + 1) * sizeof(char )); strcpy(stonesoup_buffer,belched_ektenes); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 5309 66588/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_31.c cppfunc 55 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5310 153079/cmdline.c cppfunc 110 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5311 153344/utf.c inputfunc 161 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&baileyton_ethambutol,"TRUCKIE_LYSIGENIC"); if (baileyton_ethambutol != 0) {; 0 --------------------------------- 5312 70865/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_61.c cppfunc 64 data = (char *)malloc((10+1)*sizeof(char)); return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_61b_goodG2BSource(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5313 72456/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68.c cppfunc 131 char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68_badData; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5314 153001/avpacket.c cppfunc 61 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5315 153001/avpacket.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5316 153001/avpacket.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5317 153242/e_camellia.c cppfunc 85 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5318 67407/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_08.c cppfunc 74 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5319 110679/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_53.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5320 67324/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_31.c cppfunc 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5321 71418/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_11.c cppfunc 96 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 5322 72355/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_63.c cppfunc 138 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5323 62565/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_02.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5324 153388/dynahash.c cppfunc 270 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5325 67493/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_10.c cppfunc 76 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 5326 153114/tile.c cppfunc 49 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5327 71373/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_14.c cppfunc 93 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 5328 79464/CWE134_Uncontrolled_Format_String__char_console_printf_52.c inputfunc 94 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_52b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_52b_goodB2GSink(char * data); 0 --------------------------------- 5329 153696/config.c cppfunc 203 jmp_buf bootied_cardin; dachy_celeomorphae = setjmp(bootied_cardin); longjmp(bootied_cardin,1); 0 --------------------------------- 5330 153802/types.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5331 153802/types.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5332 71428/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_31.c cppfunc 69 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 5333 153337/img2.c cppfunc 156 goosebone_nynex = getenv("UPCURVED_JUNCTION"); heteromorphae_vetiveria = ((int )(strlen(goosebone_nynex))); disdainfulness_allness = ((char *)(malloc(heteromorphae_vetiveria + 1))); 0 --------------------------------- 5334 62574/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_11.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5335 153830/main_statusbar.c inputfunc 182 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&pectinous_bloodthirsting,"IDEATIONAL_OCULISTS"); if (pectinous_bloodthirsting != 0) {; phascolarctos_proemial . latinian_pattersonville = ((char *)pectinous_bloodthirsting); desuete_blowfishes[5] = phascolarctos_proemial; endeavorer_actuarian = *(desuete_blowfishes + typika_fixtures[1]); houppelande_driftlet = ((char *)endeavorer_actuarian . latinian_pattersonville); stonesoup_buff_size = strlen(houppelande_driftlet) + 1; stonesoup_size = stonesoup_other_size < stonesoup_buff_size ? stonesoup_other_size : stonesoup_buff_size; for (stonesoup_i = 0; stonesoup_i < stonesoup_size; stonesoup_i++) { houppelande_driftlet[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = for (stonesoup_i = 0; stonesoup_i < stonesoup_buff_size; stonesoup_i++) { free (stonesoup_other_buff); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buff_size", stonesoup_buff_size, &stonesoup_buff_size, "TRIGGER-STATE"); if (endeavorer_actuarian . latinian_pattersonville != 0) free(((char *)endeavorer_actuarian . latinian_pattersonville)); 0 --------------------------------- 5336 153374/color.c cppfunc 599 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *orchil_bibliopolism; stonesoup_read_taint(&orchil_bibliopolism,"PERSPICABLE_UNPREVENTABLY"); free(((char *)orchil_bibliopolism)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&orchil_bibliopolism,"PERSPICABLE_UNPREVENTABLY"); free(((char *)orchil_bibliopolism)); 0 --------------------------------- 5337 153176/stream.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5338 153036/string.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5339 72996/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_05.c cppfunc 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 5340 67401/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_02.c cppfunc 60 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5341 70842/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_11.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5342 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 5343 1293/nxt-bad.c cppfunc 465 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); 0 --------------------------------- 5344 72784/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54.c cppfunc 314 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54e_goodG2BSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 5345 79458/CWE134_Uncontrolled_Format_String__char_console_printf_41.c inputfunc 105 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GSink(data); static void goodB2GSink(char * data) printf("%s\n", data); 0 --------------------------------- 5346 153543/bio_err.c cppfunc 138 int disinterring_hewitt = 53; stonesoup_read_taint(&bics_hektograph,"4362",disinterring_hewitt); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 5347 66570/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_03.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5348 153043/cmdline.c cppfunc 101 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 5349 153400/dirent_uri.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5350 62979/CWE121_Stack_Based_Buffer_Overflow__CWE135_53.c cppfunc 270 void CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5351 73267/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_72.cpp cppfunc 144 void badSink(vector dataVector) double * data = dataVector[2]; printDoubleLine(*data); free(data); 0 --------------------------------- 5352 72838/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_66.c cppfunc 127 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 5353 66655/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_67.c cppfunc 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5354 153724/ffmpeg.c cppfunc 155 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5355 67729/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_18.cpp cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5356 70663/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_34.c cppfunc 237 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5357 153143/utf.c cppfunc 1018 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *uncurtain_riane) vox_viddhal = &uncurtain_riane; free(((char *)( *vox_viddhal))); 0 --------------------------------- 5358 71593/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_72.cpp cppfunc 142 void badSink(vector dataVector) int64_t * data = dataVector[2]; memcpy(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 5359 73365/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_74.cpp cppfunc 146 void badSink(map dataMap) twoIntsStruct * data = dataMap[2]; printStructLine(data); free(data); 0 --------------------------------- 5360 71011/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_63.c cppfunc 127 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 5361 153474/e_bf.c cppfunc 114 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5362 153630/heapam.c cppfunc 5225 char *stonesoup_heap_buffer_64 = 0; kiswa_hunterian = &aditus_expropriates; staghunter_anathemata = setjmp(ultraterrene_tetradactylous); 0 --------------------------------- 5363 67503/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_02.c cppfunc 85 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 5364 70915/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_63.c cppfunc 146 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5365 110400/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_68.c cppfunc 170 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_68_goodG2BData = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_68b_goodG2BSink(); int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_68_goodG2BData; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5366 66271/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_67.c cppfunc 58 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5367 73048/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_09.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 5368 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c cppfunc 572 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 5369 62572/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_09.c cppfunc 137 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5370 66595/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_44.c cppfunc 42 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5371 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c cppfunc 150 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 5372 153231/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 5373 153600/tile.c cppfunc 79 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5374 153626/bss_file.c cppfunc 151 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5375 110508/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_05.c cppfunc 173 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5376 70450/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_03.c cppfunc 419 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5377 153101/resowner.c cppfunc 169 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5378 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c cppfunc 183 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 5379 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c cppfunc 180 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2GSink(data); static void goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 5380 110666/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_21.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5381 72781/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_51.c cppfunc 149 data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_51b_goodG2BSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 5382 62989/CWE121_Stack_Based_Buffer_Overflow__CWE135_72.cpp cppfunc 166 void badSink(vector dataVector) void * data = dataVector[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5383 70423/CWE122_Heap_Based_Buffer_Overflow__CWE135_34.c cppfunc 109 CWE122_Heap_Based_Buffer_Overflow__CWE135_34_unionType myUnion; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); void * data = myUnion.unionSecond; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 5384 152970/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5385 152970/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5386 71574/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_33.cpp cppfunc 62 int64_t * &dataRef = data; int64_t * data = dataRef; memcpy(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 5387 152970/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5388 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c cppfunc 394 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 5389 70427/CWE122_Heap_Based_Buffer_Overflow__CWE135_44.c cppfunc 66 static void goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5390 110333/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_32.c cppfunc 159 int *dataPtr2 = &data; int data = *dataPtr2; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5391 62569/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_06.c cppfunc 142 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5392 72294/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_33.cpp cppfunc 68 char * &dataRef = data; char * data = dataRef; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5393 62572/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_09.c inputfunc 84 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 5394 153175/utils.c cppfunc 98 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 5395 152895/color.c cppfunc 348 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 5396 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c cppfunc 156 CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34_unionType myUnion; char * data = myUnion.unionSecond; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 5397 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c cppfunc 159 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 5398 71427/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22.c cppfunc 92 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 5399 153424/dynahash.c cppfunc 272 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 5400 110494/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_66.c cppfunc 150 data = 20; dataArray[2] = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_66b_goodG2BSink(dataArray); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_66b_goodG2BSink(int dataArray[]) int data = dataArray[2]; intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5401 67754/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_73.cpp inputfunc 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 5402 153591/e_camellia.c cppfunc 107 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 5403 153570/utf.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5404 66233/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_02.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5405 153054/utf.c cppfunc 138 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5406 153054/utf.c cppfunc 136 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5407 153517/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5408 72375/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_08.c cppfunc 104 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5409 110393/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_61.c cppfunc 141 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5410 72603/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_74.cpp cppfunc 149 void badSink(map dataMap) wchar_t * data = dataMap[2]; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 5411 153535/avdevice.c cppfunc 66 stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5412 153535/avdevice.c cppfunc 68 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5413 66351/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_34.c cppfunc 42 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5414 70740/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_05.c cppfunc 96 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5415 153679/avdevice.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5416 153679/avdevice.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5417 110390/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_52.c cppfunc 187 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_52c_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5418 153132/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5419 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c cppfunc 90 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 5420 153445/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 5421 153468/utils.c cppfunc 4978 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int underwrote_noselite = 596; char *babbled_stdm; stonesoup_read_taint(&babbled_stdm,"3798",underwrote_noselite); quisqualis_alcapton = ((void *)babbled_stdm); dyophysitism_octoid(quisqualis_alcapton); void dyophysitism_octoid(void *const kirmew_proration) free(((char *)((char *)((void *)kirmew_proration)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&babbled_stdm,"3798",underwrote_noselite); quisqualis_alcapton = ((void *)babbled_stdm); dyophysitism_octoid(quisqualis_alcapton); 0 --------------------------------- 5422 153085/oids.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5423 72762/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_11.c cppfunc 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 5424 148923/strutil.c cppfunc 913 escape_string_len(const char *string) for (p = string; (c = *p) != '\0'; p++) { else if (!isprint((unsigned char)c)) { 0 --------------------------------- 5425 72959/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_16.c cppfunc 68 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 5426 152918/color.c cppfunc 363 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 5427 70775/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67.c cppfunc 141 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5428 152918/color.c cppfunc 361 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 5429 70449/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_02.c cppfunc 330 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5430 153348/mutex.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5431 153348/mutex.c cppfunc 52 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5432 153348/mutex.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5433 152883/avpacket.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5434 70982/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_07.c cppfunc 95 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 5435 153512/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5436 66557/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_65.c cppfunc 34 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5437 73032/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68.c cppfunc 147 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68_goodG2BData; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 5438 72171/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_74.cpp cppfunc 151 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5439 66604/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_64.c cppfunc 50 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5440 148881/tshark.c cppfunc 3173 va_list ap; va_start(ap, fmt); vfprintf(stderr, fmt, ap); va_end(ap); 0 --------------------------------- 5441 148881/tshark.c cppfunc 3170 cmdarg_err_cont( " Valid options are 'm', 'n', 't', and 'C'"); cmdarg_err_cont("It must be \"r\" for relative, \"a\" for absolute,"); cmdarg_err_cont("\"ad\" for absolute with date, or \"d\" for delta."); cmdarg_err_cont("It must be \"ps\", \"text\", \"pdml\", \"psml\" or \"fields\"."); cmdarg_err_cont(" -z argument must be one of :"); " Note: That display filter code looks like a valid capture filter;"); " maybe you mixed them up?"); cmdarg_err_cont("%s", detailed_err); cmdarg_err_cont(const char *fmt, ...) va_start(ap, fmt); 0 --------------------------------- 5442 153142/tile.c cppfunc 426 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 5443 153232/e_bf.c cppfunc 297 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; union writhed_saka habenulae_rageful; int lobito_unmoldy = 91; char *pintail_preperceive;; stonesoup_read_taint(&pintail_preperceive,"8449",lobito_unmoldy); habenulae_rageful . theodor_trisporous = pintail_preperceive; demiwolf_intertouch = hopkinsonian_siegler(habenulae_rageful); union writhed_saka hopkinsonian_siegler(union writhed_saka skateboarding_behaves) return skateboarding_behaves; demiwolf_intertouch = hopkinsonian_siegler(habenulae_rageful); free(((char *)demiwolf_intertouch . theodor_trisporous)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&pintail_preperceive,"8449",lobito_unmoldy); habenulae_rageful . theodor_trisporous = pintail_preperceive; demiwolf_intertouch = hopkinsonian_siegler(habenulae_rageful); 0 --------------------------------- 5444 66540/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_31.c cppfunc 55 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5445 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c inputfunc 122 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1Sink(data); static void goodB2G1Sink(char * data) SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 5446 70536/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68.c cppfunc 251 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5447 153802/types.c cppfunc 134 svn_error_t *svn_revnum_parse(svn_revnum_t *rev,const char *str,const char **endptr) char *end; svn_revnum_t result = strtol(str,&end,10); 0 --------------------------------- 5448 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c cppfunc 73 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 5449 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c cppfunc 76 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 5450 72889/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_72.cpp cppfunc 169 vector dataVector; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5451 70642/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_03.c cppfunc 369 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5452 70440/CWE122_Heap_Based_Buffer_Overflow__CWE135_68.c cppfunc 158 void * data = CWE122_Heap_Based_Buffer_Overflow__CWE135_68_badData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5453 66538/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_21.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 5454 71443/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_63.c cppfunc 122 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 5455 153589/bio_err.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5456 199276/invalid_memory_access.c cppfunc 374 invalid_memory_access_012_s_001 *s; s = (invalid_memory_access_012_s_001 *)calloc(1,sizeof(invalid_memory_access_012_s_001)); free(s); 0 --------------------------------- 5457 153003/cmdutils.c cppfunc 914 int opt_max_alloc(void *optctx,const char *opt,const char *arg) char *tail; max = (strtol(arg,&tail,'\n')); 0 --------------------------------- 5458 63639/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_08.c cppfunc 108 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 5459 153649/pmsignal.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5460 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c cppfunc 86 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 5461 70477/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_51.c cppfunc 363 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5462 66940/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_73.cpp cppfunc 151 void badSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 5463 153583/stream.c cppfunc 247 jmp_buf unhobble_tussive; arara_campinas = setjmp(unhobble_tussive); longjmp(unhobble_tussive,1); 0 --------------------------------- 5464 153583/stream.c cppfunc 241 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int coccidology_nonjuristic = 53; char *kabalevsky_greenbackism;; stonesoup_read_taint(&kabalevsky_greenbackism,"2414",coccidology_nonjuristic); getters_shifter = ((int )(strlen(kabalevsky_greenbackism))); memcpy(coeternal_montessorian,kabalevsky_greenbackism,getters_shifter); free(((char *)kabalevsky_greenbackism)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&kabalevsky_greenbackism,"2414",coccidology_nonjuristic); getters_shifter = ((int )(strlen(kabalevsky_greenbackism))); memcpy(coeternal_montessorian,kabalevsky_greenbackism,getters_shifter); free(((char *)kabalevsky_greenbackism)); 0 --------------------------------- 5465 72737/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61.c cppfunc 137 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61b_goodG2BSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 5466 153102/cryptlib.c cppfunc 182 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5467 67725/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_14.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5468 72834/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_62.cpp cppfunc 64 data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 5469 153350/column-utils.c cppfunc 111 stonesoup_read_taint(&hercynian_pontypool,"NEMATOLOGY_IMID"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 5470 70533/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_65.c cppfunc 242 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5471 199320/uninit_pointer.c cppfunc 429 uninit_pointer_016_gbl_doubleptr=(char**) malloc(10*sizeof(char*)); uninit_pointer_016_gbl_doubleptr[i]=(char*) malloc(10*sizeof(char)); strcpy(uninit_pointer_016_gbl_doubleptr[i],"STRING00"); char *s=(char*) malloc(10*sizeof(char)); uninit_pointer_016_func_002(); free (uninit_pointer_016_gbl_doubleptr[i]); printf("unint p %s \n",uninit_pointer_016_gbl_doubleptr[i]); strcpy(s,uninit_pointer_016_gbl_doubleptr[i]); printf("unint p %s \n",s); free(s); 0 --------------------------------- 5472 199320/uninit_pointer.c cppfunc 428 uninit_pointer_016_gbl_doubleptr=(char**) malloc(10*sizeof(char*)); uninit_pointer_016_gbl_doubleptr[i]=(char*) malloc(10*sizeof(char)); strcpy(uninit_pointer_016_gbl_doubleptr[i],"STRING00"); uninit_pointer_016_func_002(); printf("unint p %s \n",uninit_pointer_016_gbl_doubleptr[i]); strcpy(s,uninit_pointer_016_gbl_doubleptr[i]); free (uninit_pointer_016_gbl_doubleptr[i]); free(uninit_pointer_016_gbl_doubleptr); 0 --------------------------------- 5473 70421/CWE122_Heap_Based_Buffer_Overflow__CWE135_32.c cppfunc 84 void * *dataPtr2 = &data; void * data = *dataPtr2; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5474 66537/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_18.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5475 110505/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_02.c cppfunc 166 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5476 72302/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52.c cppfunc 171 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52c_badSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5477 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c inputfunc 44 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_badVaSink(data, data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_badVaSink(char * data, ...); 0 --------------------------------- 5478 153513/utils.c cppfunc 4250 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; const char *col; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { if ((col = (strchr(p,':'))) && col < ls) { *port_ptr = atoi(col + 1); 0 --------------------------------- 5479 67715/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_04.cpp cppfunc 313 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5480 153772/subtrans.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5481 72312/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68.c cppfunc 149 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68_goodG2BData; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5482 66616/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_01.c cppfunc 56 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5483 72291/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22.c cppfunc 67 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_goodG2B1Source(data); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5484 153507/color.c cppfunc 355 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 5485 153507/color.c cppfunc 353 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 5486 153274/avfilter.c cppfunc 858 void stonesoup_handle_taint(char *geronomite_stouter) heterophaga_memory = ((int )(strlen(geronomite_stouter))); spinnable_unproficiently = ((char *)(malloc(heterophaga_memory + 1))); 0 --------------------------------- 5487 66248/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_17.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 5488 153641/timestamp.c cppfunc 71 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5489 72784/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54.c cppfunc 298 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54e_badSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 5490 62972/CWE121_Stack_Based_Buffer_Overflow__CWE135_41.c cppfunc 83 size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); data = (void *)WIDE_STRING; goodB2GSink(data); static void goodB2GSink(void * data) memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 5491 62972/CWE121_Stack_Based_Buffer_Overflow__CWE135_41.c cppfunc 80 data = (void *)WIDE_STRING; goodB2GSink(data); static void goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 5492 153636/mux.c cppfunc 500 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *metabasis_chincough; stonesoup_read_taint(&metabasis_chincough,"GEMMATED_WAYNESBURG"); free(((char *)metabasis_chincough)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&metabasis_chincough,"GEMMATED_WAYNESBURG"); free(((char *)metabasis_chincough)); 0 --------------------------------- 5493 71930/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_73.cpp cppfunc 151 void badSink(list dataList) twoIntsStruct * data = dataList.back(); memmove(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 5494 73696/CWE124_Buffer_Underwrite__CWE839_listen_socket_03.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5495 72138/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_11.c cppfunc 41 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5496 70897/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_18.c cppfunc 65 data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5497 72160/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54.c cppfunc 290 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5498 72324/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_05.c cppfunc 97 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5499 73050/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_11.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 5500 69905/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_61.cpp cppfunc 146 data = new wchar_t[100]; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 5501 62980/CWE121_Stack_Based_Buffer_Overflow__CWE135_54.c cppfunc 311 void CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5502 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c cppfunc 163 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 5503 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c cppfunc 160 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 5504 70989/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_14.c cppfunc 70 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 5505 152967/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5506 66331/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_04.c cppfunc 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5507 72274/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_03.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5508 62578/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_15.c cppfunc 157 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5509 152932/string.c cppfunc 87 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 5510 153554/error.c cppfunc 88 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5511 153567/pmsignal.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5512 153714/bio_err.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5513 67717/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_06.cpp inputfunc 326 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 5514 153554/error.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5515 69746/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_21.cpp cppfunc 34 data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 5516 153269/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5517 72307/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_63.c cppfunc 138 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5518 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c inputfunc 151 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 5519 72215/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67.c cppfunc 147 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 5520 65441/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_10.c cppfunc 95 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 5521 66616/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_01.c cppfunc 35 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5522 153000/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5523 153364/cmdutils.c cppfunc 2058 void stonesoup_handle_taint(char *unplated_imperiling) hystericky_noselite[5] = unplated_imperiling; nonvariably_fasteners(hystericky_noselite); void nonvariably_fasteners(char **const obtunding_electrolyzer) free(((char *)((char **)obtunding_electrolyzer)[5])); 0 --------------------------------- 5524 72200/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_41.c cppfunc 65 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_41_goodG2BSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 5525 70505/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_10.c cppfunc 270 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5526 62582/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_21.c cppfunc 174 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5527 72141/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_14.c cppfunc 96 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5528 152884/mem_dbg.c cppfunc 250 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5529 152884/mem_dbg.c cppfunc 252 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5530 71498/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_73.cpp cppfunc 175 list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 5531 153609/img2.c cppfunc 47 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5532 73731/CWE124_Buffer_Underwrite__CWE839_listen_socket_65.c cppfunc 184 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5533 153688/column.c cppfunc 1309 void *camorrista_bethuel = 0; tailorless_quartette(&camorrista_bethuel); norms_chiffre[5] = camorrista_bethuel; sematography_contourne = 5; stomatopoda_untitled = &sematography_contourne; gaucherie_commodiously = *(norms_chiffre + *stomatopoda_untitled); free(((char *)((char *)gaucherie_commodiously))); 0 --------------------------------- 5534 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c cppfunc 31 static void badVaSinkB(char * data, ...) badVaSinkB(data, data); char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 5535 72411/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_74.cpp cppfunc 167 data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5536 66286/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_07.c cppfunc 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5537 67412/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_13.c cppfunc 80 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5538 72119/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67.c cppfunc 154 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67_structType myStruct; data[0] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 5539 153059/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5540 153059/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5541 66599/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5542 152985/dynahash.c cppfunc 1529 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *xerophilous_maximes) nonmechanically_spermatoid = ((int )(strlen(xerophilous_maximes))); memcpy(pylorodilator_pneumonoparesis,xerophilous_maximes,nonmechanically_spermatoid); free(((char *)xerophilous_maximes)); 0 --------------------------------- 5543 152985/dynahash.c cppfunc 1521 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *xerophilous_maximes) nonmechanically_spermatoid = ((int )(strlen(xerophilous_maximes))); pylorodilator_pneumonoparesis = ((char *)(malloc(nonmechanically_spermatoid + 1))); 0 --------------------------------- 5544 152963/pmsignal.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5545 152963/pmsignal.c cppfunc 107 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5546 71420/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_13.c cppfunc 96 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 5547 72820/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_31.c cppfunc 67 data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 5548 72745/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_72.cpp cppfunc 149 void badSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 5549 110389/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_51.c cppfunc 160 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_51b_goodG2BSink(data); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_51b_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5550 153476/column.c cppfunc 71 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5551 153625/utf.c cppfunc 1042 void stonesoup_handle_taint(char *sphincter_cyclohexene) nonsociability_unreconstructed[40] = sphincter_cyclohexene; neutrodyne_tokenless = chalkiest_beat(nonsociability_unreconstructed); char **chalkiest_beat(char **chorusses_squeaking) return chorusses_squeaking; neutrodyne_tokenless = chalkiest_beat(nonsociability_unreconstructed); free(((char *)neutrodyne_tokenless[40])); 0 --------------------------------- 5552 72109/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_51.c cppfunc 141 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_51b_goodG2BSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 5553 73075/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_63.c cppfunc 119 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 5554 153091/mux.c inputfunc 130 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&ambilian_protract,"STUKA_RIVERET"); if (ambilian_protract != 0) {; marshalsea_narrowy = ambilian_protract; upttorn_villageful = &marshalsea_narrowy; loewy_meller = upttorn_villageful + 5; REMAIL_KERENSKY(loewy_meller); void dipsomaniac_preindication(pecify_hybridiser *undistilled_hymenic) REMAIL_KERENSKY(loewy_meller); 0 --------------------------------- 5555 153781/emem.c cppfunc 1171 rubbery_brilliant = getenv("FAIRLY_INCOHERENCY"); miscalculating_abevacuation = ((int )(strlen(rubbery_brilliant))); turmet_clerkish = ((char *)(malloc(miscalculating_abevacuation + 1))); memset(turmet_clerkish,0,miscalculating_abevacuation + 1); memcpy(turmet_clerkish,rubbery_brilliant,miscalculating_abevacuation); aleatoric_muslim = &turmet_clerkish; free(((char *)( *aleatoric_muslim))); 0 --------------------------------- 5556 67729/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_18.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5557 153608/hashfn.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5558 72105/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_42.c cppfunc 72 data[0] = L'\0'; return data; data = goodG2BSource(data); wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 5559 79515/CWE134_Uncontrolled_Format_String__char_console_snprintf_61.c inputfunc 163 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; 0 --------------------------------- 5560 153012/color.c cppfunc 329 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 5561 153770/color.c cppfunc 338 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 5562 153770/color.c cppfunc 336 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 5563 70536/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68.c inputfunc 83 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68_goodB2GData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68b_goodB2GSink(); int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68_goodB2GData; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 5564 72388/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_31.c cppfunc 65 data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5565 66634/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_21.c cppfunc 104 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 5566 153022/cmdutils.c cppfunc 1370 const AVCodecDescriptor **codecs; unsigned int nb_codecs = 0; nb_codecs++; if (!(codecs = (av_calloc(nb_codecs,sizeof(( *codecs)))))) { desc = ((void *)0); while(desc = avcodec_descriptor_next(desc)) codecs[i++] = desc; qsort(codecs,nb_codecs,sizeof(( *codecs)),compare_codec_desc); 0 --------------------------------- 5567 66239/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_08.c cppfunc 75 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5568 152921/color.c cppfunc 342 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 5569 152921/color.c cppfunc 344 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 5570 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c cppfunc 88 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 5571 153819/color.c cppfunc 599 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *champion_adamello) free(((char *)champion_adamello)); 0 --------------------------------- 5572 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c cppfunc 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 5573 70486/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_66.c cppfunc 374 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5574 72849/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_02.c cppfunc 93 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5575 66340/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_13.c cppfunc 66 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5576 153751/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5577 153464/mem_dbg.c cppfunc 778 static void print_leak_LHASH_DOALL_ARG(void *arg1,void *arg2) const MEM *a = arg1; print_leak_doall_arg(a,b); static void print_leak_doall_arg(const MEM *m,MEM_LEAK *l) lcl = localtime(&m -> time); 0 --------------------------------- 5578 153751/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5579 153751/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5580 73011/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22.c cppfunc 83 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_goodG2B2Source(data); strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 5581 62567/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_04.c cppfunc 143 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5582 72371/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_04.c cppfunc 76 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5583 66269/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_65.c cppfunc 54 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5584 152924/column.c cppfunc 1303 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *pugmiller_chaetangiaceae; stonesoup_read_taint(&pugmiller_chaetangiaceae,"SAYE_TRACHEARIA"); evitable_cantiga . zapu_wiremen = pugmiller_chaetangiaceae; lacerta_uncharactered(evitable_cantiga); void lacerta_uncharactered(const union unsacrament_acetabuliferous alewife_actionizing) free(((char *)((union unsacrament_acetabuliferous )alewife_actionizing) . zapu_wiremen)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&pugmiller_chaetangiaceae,"SAYE_TRACHEARIA"); evitable_cantiga . zapu_wiremen = pugmiller_chaetangiaceae; lacerta_uncharactered(evitable_cantiga); 0 --------------------------------- 5585 153055/config_file.c cppfunc 293 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *hypocritic_defleaing; stonesoup_read_taint(&hypocritic_defleaing,"NESTABLE_TRUNKMAKER"); rhizodermis_habitualness = ((int )(strlen(hypocritic_defleaing))); memcpy(bolshevist_fatelike,hypocritic_defleaing,rhizodermis_habitualness); free(((char *)hypocritic_defleaing)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&hypocritic_defleaing,"NESTABLE_TRUNKMAKER"); rhizodermis_habitualness = ((int )(strlen(hypocritic_defleaing))); memcpy(bolshevist_fatelike,hypocritic_defleaing,rhizodermis_habitualness); free(((char *)hypocritic_defleaing)); 0 --------------------------------- 5586 66617/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_02.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5587 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c cppfunc 86 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 5588 153225/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5589 152971/utils.c cppfunc 4338 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; const char *col; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { if ((col = (strchr(p,':'))) && col < ls) { *port_ptr = atoi(col + 1); 0 --------------------------------- 5590 152971/utils.c cppfunc 4331 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { *port_ptr = atoi(brk + 2); 0 --------------------------------- 5591 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c cppfunc 124 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 5592 62568/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_05.c cppfunc 143 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5593 70641/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_02.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5594 148821/Element.cpp cppfunc 1265 PassRefPtr Element::getAttributeNodeNS(const String& namespaceURI, const String& localName) NamedNodeMap* attrs = attributes(true); return static_pointer_cast(attrs->getNamedItem(QualifiedName(nullAtom, localName, namespaceURI))); 0 --------------------------------- 5595 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c cppfunc 127 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5596 110343/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53.c cppfunc 359 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53d_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5597 199254/double_free.c cppfunc 119 char* ptr= (char*) malloc(sizeof(char)); free(ptr); free(ptr); 0 --------------------------------- 5598 79471/CWE134_Uncontrolled_Format_String__char_console_printf_65.c inputfunc 99 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 5599 72782/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52.c cppfunc 188 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52c_badSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 5600 67720/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_09.cpp cppfunc 307 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5601 71209/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_72.cpp cppfunc 175 vector dataVector; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 5602 152925/eng_lib.c cppfunc 155 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; union mucocellulosic_seated tires_yaakov; int zeugobranchia_overbar = 44; char *axiolite_scumboard;; stonesoup_read_taint(&axiolite_scumboard,"2674",zeugobranchia_overbar); tires_yaakov . classicalities_perioesophageal = axiolite_scumboard; majestical_overmuches[ *( *( *( *( *( *( *( *( *( *cheirotherium_carbin)))))))))] = tires_yaakov; tweedles_quomodos = majestical_overmuches[ *( *( *( *( *( *( *( *( *( *cheirotherium_carbin)))))))))]; pruss_bibliopolic = ((char *)tweedles_quomodos . classicalities_perioesophageal); stonesoup_buffer = malloc((strlen(pruss_bibliopolic) + 1) * sizeof(char )); strcpy(stonesoup_buffer,pruss_bibliopolic); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&axiolite_scumboard,"2674",zeugobranchia_overbar); tires_yaakov . classicalities_perioesophageal = axiolite_scumboard; tweedles_quomodos = majestical_overmuches[ *( *( *( *( *( *( *( *( *( *cheirotherium_carbin)))))))))]; pruss_bibliopolic = ((char *)tweedles_quomodos . classicalities_perioesophageal); stonesoup_buffer = malloc((strlen(pruss_bibliopolic) + 1) * sizeof(char )); strcpy(stonesoup_buffer,pruss_bibliopolic); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); 0 --------------------------------- 5603 71626/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_43.cpp cppfunc 65 data = (int64_t *)malloc(100*sizeof(int64_t)); memmove(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 5604 72986/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_73.cpp cppfunc 169 list dataList; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 5605 153438/conf_mod.c cppfunc 148 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 5606 153203/tile-manager.c cppfunc 81 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5607 153132/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5608 153132/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5609 153405/main_filter_toolbar.c cppfunc 245 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *jaguarondi_pseudolarix; stonesoup_read_taint(&jaguarondi_pseudolarix,"SCRUNCHING_KLEPHTISM"); photomurals_welf = ((int )(strlen(jaguarondi_pseudolarix))); memcpy(grillage_communized,jaguarondi_pseudolarix,photomurals_welf); free(((char *)jaguarondi_pseudolarix)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&jaguarondi_pseudolarix,"SCRUNCHING_KLEPHTISM"); photomurals_welf = ((int )(strlen(jaguarondi_pseudolarix))); memcpy(grillage_communized,jaguarondi_pseudolarix,photomurals_welf); free(((char *)jaguarondi_pseudolarix)); 0 --------------------------------- 5610 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c inputfunc 90 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 5611 153614/utils.c cppfunc 3238 char *ploesti_riveret = 0; unfemale_paranoiac(&ploesti_riveret); heterodera_foreconceive[5] = ploesti_riveret; bieennia_hydromechanics[1] = 5; raskolnik_schary = *(heterodera_foreconceive + bieennia_hydromechanics[1]); free(((char *)raskolnik_schary)); 0 --------------------------------- 5612 153193/color.c cppfunc 594 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *zambezian_precis; stonesoup_read_taint(&zambezian_precis,"HIRELINGS_PIBLOCKTO"); free(((char *)zambezian_precis)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&zambezian_precis,"HIRELINGS_PIBLOCKTO"); free(((char *)zambezian_precis)); 0 --------------------------------- 5613 70501/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_06.c cppfunc 135 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5614 70473/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_42.c cppfunc 274 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5615 153408/heapam.c cppfunc 151 int cacodemoniac_domineering = 40; stonesoup_read_taint(&lanista_hola,"3649",cacodemoniac_domineering); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 5616 153512/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5617 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c cppfunc 144 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 5618 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c cppfunc 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 5619 62729/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_32.c cppfunc 230 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5620 70402/CWE122_Heap_Based_Buffer_Overflow__CWE135_03.c cppfunc 172 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5621 72351/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53.c cppfunc 220 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53d_badSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5622 72837/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_65.c cppfunc 124 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_65b_badSink(char * data) strcat(data, source); printLine(data); free(data); 0 --------------------------------- 5623 66534/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_15.c cppfunc 90 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5624 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 5625 71397/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_65.c cppfunc 124 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_65b_badSink(char * data) strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 5626 153769/utils.c cppfunc 915 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 5627 153376/color.c cppfunc 609 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *supermanliness_incorrespondent) free(((char *)supermanliness_incorrespondent)); 0 --------------------------------- 5628 199236/buffer_underrun_dynamic.c cppfunc 559 char ** doubleptr=(char**) malloc(10*sizeof(char*)); doubleptr[i]=calloc(10,sizeof(char)); doubleptr[i][j]='a'; free(doubleptr[i]); free(doubleptr); 0 --------------------------------- 5629 66330/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_03.c cppfunc 86 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5630 70846/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_15.c cppfunc 79 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5631 62570/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_07.c cppfunc 92 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5632 152974/conversation.c cppfunc 94 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5633 110513/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_10.c cppfunc 192 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5634 1303/mime2-bad.c inputfunc 177 c2 = fgetc(e->e_dfp); c3 = fgetc(e->e_dfp); c4 = fgetc(e->e_dfp); while ((c1 = fgetc(e->e_dfp)) != EOF) if (isascii(c1) && isspace(c1)) if (c1 == '=' || c2 == '=') c1 = CHAR64(c1); 0 --------------------------------- 5635 1303/mime2-bad.c inputfunc 170 while ((c1 = fgetc(e->e_dfp)) != EOF) c2 = fgetc(e->e_dfp); c3 = fgetc(e->e_dfp); c4 = fgetc(e->e_dfp); } while (isascii(c4) && isspace(c4)); if (c4 == EOF) if (c4 == '=') c4 = CHAR64(c4); 0 --------------------------------- 5636 67318/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_15.c cppfunc 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5637 1303/mime2-bad.c cppfunc 178 c3 = fgetc(e->e_dfp); c4 = fgetc(e->e_dfp); while ((c1 = fgetc(e->e_dfp)) != EOF) c2 = fgetc(e->e_dfp); } while (isascii(c2) && isspace(c2)); 0 --------------------------------- 5638 71211/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_74.cpp cppfunc 175 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 5639 153790/mem_dbg.c cppfunc 242 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5640 153156/e_camellia.c cppfunc 83 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5641 153196/main_filter_toolbar.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5642 72787/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_63.c cppfunc 148 data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 5643 73070/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52.c cppfunc 170 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52c_badSink(char * data) strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 5644 79449/CWE134_Uncontrolled_Format_String__char_console_printf_16.c inputfunc 87 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 5645 153244/color.c cppfunc 379 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 5646 62725/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_18.c cppfunc 184 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5647 152921/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5648 152921/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5649 66338/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_11.c cppfunc 66 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5650 153695/main_statusbar.c cppfunc 119 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5651 70986/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_11.c cppfunc 70 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 5652 72134/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_07.c cppfunc 47 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5653 62948/CWE121_Stack_Based_Buffer_Overflow__CWE135_01.c cppfunc 60 data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5654 153047/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5655 153741/color.c cppfunc 359 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 5656 153356/color.c cppfunc 605 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *zorilla_agnathic; stonesoup_read_taint(&zorilla_agnathic,"ENTOZOOLOGICAL_UNRESTRICTIVE"); free(((char *)zorilla_agnathic)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&zorilla_agnathic,"ENTOZOOLOGICAL_UNRESTRICTIVE"); free(((char *)zorilla_agnathic)); 0 --------------------------------- 5657 153047/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5658 153621/avdevice.c cppfunc 52 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5659 153621/avdevice.c cppfunc 55 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5660 72423/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_08.c cppfunc 83 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5661 72386/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_21.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5662 72304/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54.c cppfunc 269 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54e_badSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5663 153003/cmdutils.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5664 153597/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 5665 153003/cmdutils.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5666 153074/utils.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5667 65396/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_05.c cppfunc 100 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 5668 70949/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_32.c cppfunc 78 char * *dataPtr2 = &data; char * data = *dataPtr2; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 5669 153517/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5670 153495/timestamp.c cppfunc 177 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int bullboat_saccharulmin = 20; char *masuren_berendo;; stonesoup_read_taint(&masuren_berendo,"2967",bullboat_saccharulmin); limace_worthier[22] = masuren_berendo; free(((char *)limace_worthier[22])); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&masuren_berendo,"2967",bullboat_saccharulmin); limace_worthier[22] = masuren_berendo; free(((char *)limace_worthier[22])); 0 --------------------------------- 5671 153545/main_filter_toolbar.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5672 70875/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_74.cpp cppfunc 175 data = (char *)malloc((10+1)*sizeof(char)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5673 72092/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_13.c cppfunc 93 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 5674 65201/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_10.c cppfunc 72 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 5675 153484/stream.c cppfunc 130 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5676 70761/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_42.c cppfunc 71 data = (char *)malloc((10+1)*sizeof(char)); return data; data = goodG2BSource(data); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5677 153699/cmdline.c cppfunc 107 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5678 153029/color.c cppfunc 606 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *middled_nontenableness; stonesoup_read_taint(&middled_nontenableness,"VILLATE_EPICOELIAC"); free(((char *)middled_nontenableness)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&middled_nontenableness,"VILLATE_EPICOELIAC"); free(((char *)middled_nontenableness)); 0 --------------------------------- 5679 71114/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_73.cpp cppfunc 175 list dataList; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 5680 148923/strutil.c cppfunc 519 hex_digit[2] = '\0'; if (! isxdigit(hex_digit[0]) || ! isxdigit(hex_digit[1])) val = (guint8) strtoul((char *)hex_digit, NULL, 16); 0 --------------------------------- 5681 153293/timestamp.c cppfunc 81 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5682 70456/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_09.c cppfunc 236 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5683 67486/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_03.c cppfunc 96 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 5684 66529/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_10.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5685 70838/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_07.c cppfunc 78 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5686 153829/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5687 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c cppfunc 241 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 5688 72278/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_07.c cppfunc 75 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5689 67439/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_67.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5690 153283/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5691 153732/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5692 73004/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_13.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 5693 72375/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_08.c cppfunc 83 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5694 110534/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_52.c cppfunc 325 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_52b_goodG2BSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_52c_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_52c_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5695 71168/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_01.c cppfunc 61 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 5696 66630/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_15.c cppfunc 72 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5697 153409/config_file.c cppfunc 107 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 5698 148916/strutil.c cppfunc 519 hex_digit[2] = '\0'; if (! isxdigit(hex_digit[0]) || ! isxdigit(hex_digit[1])) val = (guint8) strtoul((char *)hex_digit, NULL, 16); 0 --------------------------------- 5699 110468/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_13.c cppfunc 103 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5700 70511/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_16.c cppfunc 128 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5701 110505/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_02.c cppfunc 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5702 70535/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67.c cppfunc 191 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5703 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c cppfunc 243 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 5704 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c cppfunc 240 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_52c_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 5705 153823/string.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5706 153823/string.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5707 153501/e_camellia.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5708 67748/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_64.cpp cppfunc 182 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5709 72586/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_43.cpp cppfunc 56 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 5710 70514/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_21.c cppfunc 231 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5711 153351/oids.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5712 72722/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_21.c cppfunc 118 static wchar_t * goodG2B2Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = goodG2B2Source(data); data[50-1] = L'\0'; return data; data = goodG2B2Source(data); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 5713 153499/color.c cppfunc 331 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 5714 153396/avfilter.c cppfunc 79 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5715 153396/avfilter.c cppfunc 77 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5716 70848/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_17.c cppfunc 69 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5717 72352/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54.c cppfunc 286 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54e_goodG2BSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5718 153367/dirent_uri.c cppfunc 110 stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5719 153367/dirent_uri.c cppfunc 112 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5720 72153/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_42.c cppfunc 74 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5721 153299/bio_err.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5722 153104/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5723 71882/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_73.cpp cppfunc 151 void badSink(list dataList) twoIntsStruct * data = dataList.back(); memcpy(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 5724 1293/nxt-bad.c cppfunc 208 newstr(size_t len, int needpanic) { assert(len <= 65536); buf = (u_char *)malloc(2 + len + 1); 0 --------------------------------- 5725 199236/buffer_underrun_dynamic.c cppfunc 751 dynamic_buffer_underrun_s_038* new_s = malloc(10*sizeof(dynamic_buffer_underrun_s_038)); new_s[loc].arr[i]='a'; new_s[0].arri[i]=2; free(new_s); 0 --------------------------------- 5726 152909/column-utils.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5727 152909/column-utils.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5728 72054/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_33.cpp cppfunc 72 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5729 71205/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_65.c cppfunc 131 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_65b_badSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 5730 153394/error.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5731 153169/e_bf.c cppfunc 107 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5732 153169/e_bf.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5733 153686/color.c cppfunc 331 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 5734 67395/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_74.cpp cppfunc 148 void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 5735 72120/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68.c cppfunc 132 wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68_badData; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 5736 153703/tile-swap.c cppfunc 120 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5737 79397/CWE134_Uncontrolled_Format_String__char_console_fprintf_12.c inputfunc 125 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); fprintf(stdout, "%s\n", data); 0 --------------------------------- 5738 79466/CWE134_Uncontrolled_Format_String__char_console_printf_54.c inputfunc 94 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_54b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54b_goodB2GSink(char * data); 0 --------------------------------- 5739 66558/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_66.c cppfunc 54 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5740 71489/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_61.c cppfunc 67 data[0] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_61b_goodG2BSource(data); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 5741 67752/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_68.cpp cppfunc 188 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5742 152878/color.c cppfunc 361 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 5743 152878/color.c cppfunc 363 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 5744 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 5745 153758/stream.c cppfunc 128 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5746 153393/pgstat.c cppfunc 284 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5747 153393/pgstat.c cppfunc 287 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5748 153393/pgstat.c cppfunc 280 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5749 73730/CWE124_Buffer_Underwrite__CWE839_listen_socket_64.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5750 66235/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_04.c cppfunc 89 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5751 70678/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_66.c cppfunc 335 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5752 69880/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_09.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 5753 67744/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_54.cpp cppfunc 182 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5754 152957/heapam.c cppfunc 437 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *fairway_obsessions; stonesoup_read_taint(&fairway_obsessions,"CAMPO_COPROSE"); reheighten_watchung . paroecism_thersitical = fairway_obsessions; free(((char *)reheighten_watchung . paroecism_thersitical)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&fairway_obsessions,"CAMPO_COPROSE"); reheighten_watchung . paroecism_thersitical = fairway_obsessions; free(((char *)reheighten_watchung . paroecism_thersitical)); 0 --------------------------------- 5755 152952/resowner.c cppfunc 155 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5756 153419/avfilter.c cppfunc 77 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5757 152952/resowner.c cppfunc 151 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5758 153597/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5759 153391/ffmpeg.c cppfunc 181 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5760 152952/resowner.c cppfunc 158 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5761 149080/scpy7-good.c inputfunc 51 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) >= MAXSIZE) { strcpy(buf, str); printf("result: %s\n", buf); free(buf); 0 --------------------------------- 5762 153280/hashfn.c cppfunc 72 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5763 72276/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_05.c cppfunc 97 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5764 153559/avpacket.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5765 153559/avpacket.c cppfunc 53 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5766 70944/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_17.c cppfunc 69 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 5767 66531/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_12.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5768 66531/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_12.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5769 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c cppfunc 36 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 5770 79507/CWE134_Uncontrolled_Format_String__char_console_snprintf_42.c inputfunc 112 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = goodB2GSource(data); SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 5771 70500/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_05.c cppfunc 234 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5772 72082/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_03.c cppfunc 71 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 5773 153159/timestamp.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5774 71382/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_33.cpp cppfunc 70 char * &dataRef = data; char * data = dataRef; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 5775 153159/timestamp.c cppfunc 67 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5776 153324/aviobuf.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5777 153324/aviobuf.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5778 153482/color.c cppfunc 342 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 5779 70526/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52.c cppfunc 229 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5780 66618/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_03.c cppfunc 86 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5781 73702/CWE124_Buffer_Underwrite__CWE839_listen_socket_09.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5782 70861/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_51.c cppfunc 130 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_51b_badSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5783 153392/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 5784 70504/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_09.c cppfunc 149 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5785 66292/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_13.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5786 153428/utils.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5787 152978/column-utils.c cppfunc 793 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int prenebular_teleplays = 44; char *utees_torbay;; stonesoup_read_taint(&utees_torbay,"2314",prenebular_teleplays); shifrah_meandrite = ((int )(strlen(utees_torbay))); unamusingly_monogynoecial = ((char *)(malloc(shifrah_meandrite + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&utees_torbay,"2314",prenebular_teleplays); shifrah_meandrite = ((int )(strlen(utees_torbay))); unamusingly_monogynoecial = ((char *)(malloc(shifrah_meandrite + 1))); 0 --------------------------------- 5788 79473/CWE134_Uncontrolled_Format_String__char_console_printf_67.c inputfunc 104 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_printf_67b_goodB2GSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_printf_67b_goodB2GSink(CWE134_Uncontrolled_Format_String__char_console_printf_67_structType myStruct) char * data = myStruct.structFirst; printf("%s\n", data); 0 --------------------------------- 5789 153373/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 5790 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c cppfunc 312 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 5791 153012/color.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5792 72095/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_16.c cppfunc 68 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 5793 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 5794 153642/tile-swap.c cppfunc 150 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5795 153642/tile-swap.c cppfunc 152 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5796 110400/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_68.c cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5797 153810/pgstat.c cppfunc 4114 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); cinemactic_unpreventative = 1; mismanageable_shogged = ((void **)(((unsigned long )stentoraphonic_irregardless) * cinemactic_unpreventative * cinemactic_unpreventative)) + 5; free(((char *)((char *)( *(mismanageable_shogged - 5))))); void stonesoup_handle_taint(char *preselects_sertule) autologous_undiaphanously = ((void *)preselects_sertule); stentoraphonic_irregardless = &autologous_undiaphanously; mismanageable_shogged = ((void **)(((unsigned long )stentoraphonic_irregardless) * cinemactic_unpreventative * cinemactic_unpreventative)) + 5; free(((char *)((char *)( *(mismanageable_shogged - 5))))); 0 --------------------------------- 5798 153699/cmdline.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5799 153699/cmdline.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5800 72719/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_16.c cppfunc 30 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 5801 70540/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81_goodB2G.cpp cppfunc 49 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5802 153105/portalmem.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5803 67739/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_44.cpp inputfunc 126 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 5804 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c cppfunc 102 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 5805 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c cppfunc 182 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 5806 110457/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_02.c cppfunc 103 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5807 66348/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_31.c cppfunc 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5808 72211/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_63.c cppfunc 133 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 5809 66241/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_10.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5810 66349/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_32.c cppfunc 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5811 72754/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_03.c cppfunc 73 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 5812 153291/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5813 153254/conf_mod.c cppfunc 142 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5814 153553/conf_mod.c cppfunc 125 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5815 153553/conf_mod.c cppfunc 123 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5816 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c cppfunc 356 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54e_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 5817 153585/color.c cppfunc 89 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5818 66334/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_07.c cppfunc 72 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5819 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c cppfunc 359 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 5820 110509/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_06.c cppfunc 196 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5821 153353/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5822 153185/color.c cppfunc 379 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 5823 153037/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5824 153630/heapam.c cppfunc 99 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5825 153794/timestamp.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5826 153630/heapam.c cppfunc 97 tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "FINAL-STATE"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5827 72948/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_05.c cppfunc 100 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 5828 62742/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_62.cpp cppfunc 235 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5829 70936/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_09.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 5830 70874/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_73.cpp cppfunc 175 list dataList; data = (char *)malloc((10+1)*sizeof(char)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5831 67748/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_64.cpp cppfunc 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5832 152949/conf_mod.c cppfunc 138 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5833 152976/column-utils.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5834 153001/avpacket.c cppfunc 101 stonesoup_read_taint(&fugaciously_steganopod,"LEVANTINE_REGINAS"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 5835 67403/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_04.c cppfunc 87 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5836 72131/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_04.c cppfunc 80 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5837 71180/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_13.c cppfunc 92 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 5838 66287/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_08.c cppfunc 96 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5839 110326/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_15.c cppfunc 160 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5840 153464/mem_dbg.c cppfunc 242 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5841 153464/mem_dbg.c cppfunc 240 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5842 153363/column-utils.c cppfunc 113 int depriver_hoya = 44; stonesoup_read_taint(&oryssidae_beastly,"8194",depriver_hoya); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 5843 70835/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_04.c cppfunc 79 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5844 153567/pmsignal.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5845 72733/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_51.c cppfunc 122 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_51b_badSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 5846 153753/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5847 153753/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5848 153753/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5849 71163/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_74.cpp cppfunc 175 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 5850 110820/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_45.cpp cppfunc 101 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5851 72433/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_18.c cppfunc 62 data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 5852 71493/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_65.c cppfunc 154 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_65b_goodG2BSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 5853 67297/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_72.cpp cppfunc 148 void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 5854 153165/cmdline.c cppfunc 904 svn_error_t *svn_cmdline__edit_file_externally(const char *path,const char *editor_cmd,apr_hash_t *config,apr_pool_t *pool) svn_dirent_split(&base_dir,&file_name,path,pool); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); apr_err = apr_filepath_set(old_cwd,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char *editor; const char *file_name; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); 0 --------------------------------- 5855 70646/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_07.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5856 73046/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_07.c cppfunc 93 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 5857 70752/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_17.c cppfunc 67 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5858 153686/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5859 153686/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5860 70680/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68.c cppfunc 403 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5861 72219/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_74.cpp cppfunc 156 void badSink(map dataMap) wchar_t * data = dataMap[2]; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 5862 199276/invalid_memory_access.c cppfunc 431 invalid_memory_access_013_s_001_s_gbl = (invalid_memory_access_013_s_001 *)calloc(1,sizeof(invalid_memory_access_013_s_001)); invalid_memory_access_013_s_001_s_gbl->a = 20; invalid_memory_access_013_s_001_s_gbl->b = 20; invalid_memory_access_013_s_001_s_gbl->uninit = 20; invalid_memory_access_013_func_001 (1); invalid_memory_access_013_func_003 (1); ret = invalid_memory_access_013_func_002 (1); free(invalid_memory_access_013_s_001_s_gbl); 0 --------------------------------- 5863 110539/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_63.c cppfunc 232 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_63b_badSink(int * dataPtr) int data = *dataPtr; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5864 69890/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_21.cpp cppfunc 34 data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 5865 72202/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_43.cpp cppfunc 79 data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 5866 70653/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_14.c cppfunc 416 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5867 153035/avdevice.c cppfunc 45 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5868 66262/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_52.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5869 79401/CWE134_Uncontrolled_Format_String__char_console_fprintf_16.c inputfunc 87 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 5870 153019/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 5871 63598/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_07.c cppfunc 103 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 5872 73074/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_62.cpp cppfunc 60 data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 5873 70850/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_21.c cppfunc 120 data = (char *)malloc((10+1)*sizeof(char)); return data; data = NULL; data = goodG2B2Source(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); static char * goodG2B2Source(char * data) return data; data = goodG2B2Source(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5874 66344/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_17.c cppfunc 63 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 5875 153689/tile-manager.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5876 70508/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_13.c cppfunc 149 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5877 153184/cryptlib.c cppfunc 174 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5878 153184/cryptlib.c cppfunc 178 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5879 66521/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_02.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5880 73044/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_05.c cppfunc 74 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 5881 153330/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5882 70655/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_16.c cppfunc 260 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5883 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c cppfunc 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 5884 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c cppfunc 88 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 5885 153341/avpacket.c cppfunc 527 void stonesoup_handle_taint(char *uredinologist_lyndeborough) reconsoling_mozamb = ((void *)uredinologist_lyndeborough); paxilla_grandeza = 1; expos_ornithomimidae = &reconsoling_mozamb; anchorhold_quitter = ((void **)(((unsigned long )expos_ornithomimidae) * paxilla_grandeza * paxilla_grandeza)) + 5; besmut_dampproofer(transversal_miliolite,anchorhold_quitter); void besmut_dampproofer(int homeothermism_taxonomic,void **masera_antiepileptic) besmut_dampproofer(homeothermism_taxonomic,masera_antiepileptic); free(((char *)((char *)( *(masera_antiepileptic - 5))))); 0 --------------------------------- 5886 66281/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_02.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5887 153521/mutex.c cppfunc 71 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 5888 70646/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_07.c cppfunc 374 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5889 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c inputfunc 129 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 5890 153697/color.c cppfunc 619 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *imbrowns_sifflement) free(((char *)imbrowns_sifflement)); 0 --------------------------------- 5891 66339/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_12.c cppfunc 74 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5892 152986/bio_err.c cppfunc 121 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5893 152986/bio_err.c cppfunc 123 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5894 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 5895 153159/timestamp.c cppfunc 201 swiving_gawkers = cephaline_beggarwoman(nonexportable_pertinent); CEPHALANTHUS_TRIBUTIST(swiving_gawkers); void tcg_chalkiest(char *hrip_exactress) free(((char *)hrip_exactress)); 0 --------------------------------- 5896 70498/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_03.c cppfunc 181 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5897 153002/hashfn.c cppfunc 47 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5898 79402/CWE134_Uncontrolled_Format_String__char_console_fprintf_17.c inputfunc 87 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 5899 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c cppfunc 159 char dataBuffer[100] = ""; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) strcpy(data, "fixedstringtest"); return data; data = goodG2BSource(data); goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 5900 153437/portalmem.c cppfunc 159 stonesoup_read_taint(&wolffian_rous,"SPLENOLYMPHATIC_HETEROMORPHISM"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 5901 62711/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_04.c cppfunc 86 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5902 153612/tile-swap.c cppfunc 132 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5903 153657/pgstat.c cppfunc 281 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5904 152879/eng_table.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5905 72878/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52.c cppfunc 190 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52c_goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5906 67716/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_05.cpp cppfunc 201 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5907 153513/utils.c cppfunc 76 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5908 153571/conf_mod.c cppfunc 126 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5909 70658/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_21.c cppfunc 237 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5910 153614/utils.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5911 153614/utils.c cppfunc 99 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 5912 153374/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5913 72334/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_15.c cppfunc 103 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5914 72132/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_05.c cppfunc 48 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 5915 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c inputfunc 112 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 5916 66282/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_03.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5917 71929/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_72.cpp cppfunc 151 void badSink(vector dataVector) twoIntsStruct * data = dataVector[2]; memmove(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 5918 62602/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_66.c cppfunc 86 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5919 148828/Element.cpp cppfunc 489 String localName = shouldIgnoreAttributeCase(this) ? name.lower() : name; return !elem->hasAttribute(attr); if (!documentIsHTML && namespaces && shouldAddNamespaceElem(el)) if (el->isHTMLElement() && (annotate || convert)) { Element* element = const_cast(el); RefPtr styleFromMatchedRules = styleFromMatchedRulesForElement(const_cast(el)); styleFromMatchedRules->merge(style.get()); style = styleFromMatchedRules; CSSMutableStyleDeclaration::const_iterator end = style->end(); for (CSSMutableStyleDeclaration::const_iterator it = style->begin(); it != end; ++it) { styleFromMatchedRules->merge(style.get()); 0 --------------------------------- 5920 153288/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5921 153399/cmdline.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5922 153501/e_camellia.c cppfunc 673 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *bluffly_bluegums;; stonesoup_read_taint(&bluffly_bluegums,"CLYTIUS_DERMESTES"); multifarously_warbeck = ((int )(strlen(bluffly_bluegums))); quaterion_congruence = ((char *)(malloc(multifarously_warbeck + 1))); memset(quaterion_congruence,0,multifarously_warbeck + 1); memcpy(quaterion_congruence,bluffly_bluegums,multifarously_warbeck); buboed_schaffel[ *( *( *( *( *( *( *( *( *( *arcadias_algesis)))))))))] = quaterion_congruence; immodulated_semipublic = buboed_schaffel[ *( *( *( *( *( *( *( *( *( *arcadias_algesis)))))))))]; roothold_thymoquinone(brunizems_yearning,immodulated_semipublic); roothold_thymoquinone(anthracoid_geoscopic,fragmentarily_overflatly); void roothold_thymoquinone(int anthracoid_geoscopic,char *fragmentarily_overflatly) free(((char *)fragmentarily_overflatly)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&bluffly_bluegums,"CLYTIUS_DERMESTES"); multifarously_warbeck = ((int )(strlen(bluffly_bluegums))); memcpy(quaterion_congruence,bluffly_bluegums,multifarously_warbeck); buboed_schaffel[ *( *( *( *( *( *( *( *( *( *arcadias_algesis)))))))))] = quaterion_congruence; immodulated_semipublic = buboed_schaffel[ *( *( *( *( *( *( *( *( *( *arcadias_algesis)))))))))]; roothold_thymoquinone(brunizems_yearning,immodulated_semipublic); 0 --------------------------------- 5923 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 5924 66577/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_10.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5925 153502/conf_mod.c cppfunc 148 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 5926 67414/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_15.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5927 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c cppfunc 322 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 5928 199275/invalid_memory_access.c cppfunc 156 return (count * invalid_memory_access_005(count-1)); invalid_memory_access_005 (5); int invalid_memory_access_005 (int count) ptr = (int *) calloc (count,sizeof(int)); *(ptr+(count-1)) = 5*count; free(ptr); 0 --------------------------------- 5929 152879/eng_table.c cppfunc 482 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *veda_chestier; stonesoup_read_taint(&veda_chestier,"PLEUROCEROID_OPEROSELY"); preciosities_waxlike = ((void *)veda_chestier); misleading_undersign = &preciosities_waxlike; moonman_bowings(sheargrass_desmodynia,misleading_undersign); moonman_bowings(scrappler_ashien,pureblood_butterjags); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&veda_chestier,"PLEUROCEROID_OPEROSELY"); preciosities_waxlike = ((void *)veda_chestier); misleading_undersign = &preciosities_waxlike; moonman_bowings(sheargrass_desmodynia,misleading_undersign); void moonman_bowings(int scrappler_ashien,void **pureblood_butterjags) free(((char *)((char *)( *pureblood_butterjags)))); 0 --------------------------------- 5930 199275/invalid_memory_access.c cppfunc 152 ptr = (int *) calloc (count,sizeof(int)); *(ptr+(count-1)) = 5*count; return (count * invalid_memory_access_005(count-1)); int invalid_memory_access_005 (int count) ptr = (int *) calloc (count,sizeof(int)); 0 --------------------------------- 5931 153598/tile-manager.c cppfunc 72 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 5932 73720/CWE124_Buffer_Underwrite__CWE839_listen_socket_43.cpp cppfunc 218 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5933 66545/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_42.c cppfunc 26 wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 5934 69876/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_05.cpp cppfunc 96 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 5935 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c cppfunc 81 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 5936 66523/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_04.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5937 66261/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_51.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5938 62708/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_01.c cppfunc 208 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5939 153271/types.c cppfunc 316 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int bathonian_repoint = 20; char *gwenda_corsica;; stonesoup_read_taint(&gwenda_corsica,"9804",bathonian_repoint); ohare_condylopod = strummer_romanas(gwenda_corsica); char *strummer_romanas(char *entangler_predecess) return entangler_predecess; ohare_condylopod = strummer_romanas(gwenda_corsica); free(((char *)ohare_condylopod)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&gwenda_corsica,"9804",bathonian_repoint); ohare_condylopod = strummer_romanas(gwenda_corsica); 0 --------------------------------- 5940 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c cppfunc 87 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 5941 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c cppfunc 84 char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodB2GSource(data); goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 5942 70403/CWE122_Heap_Based_Buffer_Overflow__CWE135_04.c cppfunc 117 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 5943 152971/utils.c cppfunc 4854 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; sid = (strtol(spec + 1,&endptr,0)); 0 --------------------------------- 5944 71307/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_74.cpp cppfunc 171 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 5945 67747/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_63.cpp cppfunc 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5946 70858/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_43.cpp cppfunc 74 data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5947 153335/emem.c cppfunc 185 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 5948 153335/emem.c cppfunc 182 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 5949 79413/CWE134_Uncontrolled_Format_String__char_console_fprintf_44.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 5950 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c cppfunc 125 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); return data; data = badSource(data); badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 5951 67569/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_02.cpp cppfunc 152 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 5952 72649/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_72.cpp cppfunc 167 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 5953 66236/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_05.c cppfunc 89 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5954 153775/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 5955 152947/pmsignal.c cppfunc 128 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5956 110541/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_65.c cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5957 62740/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5958 110487/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53.c cppfunc 239 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53c_goodG2BSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53d_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53d_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5959 72322/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_03.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5960 148966/emem.c cppfunc 1181 va_list args; va_start(args, string1); va_end(args); va_start(args, string1); va_end(args); 0 --------------------------------- 5961 70682/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_73.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5962 72983/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67.c cppfunc 154 CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67_structType myStruct; data[0] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 5963 71476/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_31.c cppfunc 73 data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 5964 72979/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_63.c cppfunc 121 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 5965 67395/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_74.cpp cppfunc 164 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 5966 153555/utf.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5967 72879/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53.c cppfunc 239 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53d_goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 5968 66363/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_63.c cppfunc 56 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5969 72753/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_02.c cppfunc 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 5970 67494/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_11.c cppfunc 76 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 5971 153040/bufmgr.c cppfunc 152 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5972 73316/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_73.cpp cppfunc 157 list dataList; data = NULL; data = (int64_t *)malloc(sizeof(*data)); *data = 2147483643LL; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int64_t * data = dataList.back(); printLongLongLine(*data); free(data); 0 --------------------------------- 5973 110504/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_01.c cppfunc 155 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 5974 153748/color.c cppfunc 609 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *misphrasing_spleet) free(((char *)misphrasing_spleet)); 0 --------------------------------- 5975 70437/CWE122_Heap_Based_Buffer_Overflow__CWE135_65.c cppfunc 168 void CWE122_Heap_Based_Buffer_Overflow__CWE135_65b_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5976 72348/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_45.c cppfunc 64 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_45_goodG2BData; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5977 72315/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_74.cpp cppfunc 149 void badSink(map dataMap) char * data = dataMap[2]; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 5978 199236/buffer_underrun_dynamic.c cppfunc 42 short *buf=(short*) calloc(5,sizeof(short)); *(buf-0)=1; free(buf); 0 --------------------------------- 5979 199236/buffer_underrun_dynamic.c cppfunc 198 dynamic_buffer_underrun_010_s_001* sbuf= (dynamic_buffer_underrun_010_s_001*)calloc(5,sizeof(dynamic_buffer_underrun_010_s_001)) ; sbuf[0].a = 1; free(sbuf); 0 --------------------------------- 5980 62977/CWE121_Stack_Based_Buffer_Overflow__CWE135_51.c cppfunc 134 void CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 5981 62977/CWE121_Stack_Based_Buffer_Overflow__CWE135_51.c cppfunc 137 void CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 5982 153753/color.c cppfunc 373 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 5983 66607/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_67.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5984 67750/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_66.cpp inputfunc 202 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 5985 153123/tile-swap.c cppfunc 132 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 5986 62717/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_10.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 5987 66288/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_09.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 5988 66628/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_13.c cppfunc 66 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 5989 70501/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_06.c cppfunc 275 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 5990 153398/timestamp.c cppfunc 80 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 5991 71412/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_05.c cppfunc 48 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 5992 153132/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 5993 70401/CWE122_Heap_Based_Buffer_Overflow__CWE135_02.c cppfunc 111 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 5994 72177/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_02.c cppfunc 77 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 5995 153766/tile-swap.c cppfunc 171 stonesoup_read_taint(&mungy_septfoil,"NONPOPULOUSNESS_RHODONITE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 5996 153408/heapam.c cppfunc 5292 } superazotation_decurtate--; ; } int gloriousness_mendelianism = 7; 0 --------------------------------- 5997 148881/packet-http.c cppfunc 1544 conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0); conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst, pinfo->ptype, pinfo->srcport, pinfo->destport, 0); conv_data = conversation_get_proto_data(conversation, proto_http); conv_data = se_alloc0(sizeof(http_conv_t)); conv_data->request_method = NULL; conv_data->request_uri = NULL; conv_data); return conv_data; conv_data = get_http_conversation_data(pinfo); http_payload_subdissector(tvb, tree, pinfo, conv_data); packet_info *pinfo, http_conv_t *conv_data) strings = g_strsplit(conv_data->request_uri, ":", 2); tvb, 0, 0, strings[0]); tvb, 0, 0, strtol(strings[1], NULL, 10) ); 0 --------------------------------- 5998 153243/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 5999 153279/dynahash.c cppfunc 1564 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *autoecic_feigned) undershrievery_thursby = autoecic_feigned; aleurites_congenite = &undershrievery_thursby; plagiocephaly_bitripinnatifid = aleurites_congenite + 5; free(((char *)( *(plagiocephaly_bitripinnatifid - 5)))); 0 --------------------------------- 6000 153597/color.c cppfunc 606 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int oxozone_busking = 596; char *drainage_asymptotical; stonesoup_read_taint(&drainage_asymptotical,"5389",oxozone_busking); free(((char *)drainage_asymptotical)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&drainage_asymptotical,"5389",oxozone_busking); free(((char *)drainage_asymptotical)); 0 --------------------------------- 6001 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c cppfunc 451 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 6002 67413/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_14.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 6003 152870/stream.c cppfunc 1838 babyfied_volubleness coelenterata_detruded = 0; va_list anglophone_daemonurgist; __builtin_va_start(anglophone_daemonurgist,porcelanic_pyelogram); coelenterata_detruded = (va_arg(anglophone_daemonurgist,babyfied_volubleness )); free(((char *)coelenterata_detruded)); 0 --------------------------------- 6004 62714/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_07.c cppfunc 297 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6005 153471/mux.c cppfunc 107 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6006 153471/mux.c cppfunc 105 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6007 70899/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22.c cppfunc 72 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B1Source(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6008 153301/e_camellia.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6009 153301/e_camellia.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6010 71403/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_74.cpp cppfunc 150 void badSink(map dataMap) char * data = dataMap[2]; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 6011 153165/cmdline.c cppfunc 1174 struct migrate_coutumier antisemitism_spreeuw(struct migrate_coutumier gotraja_reweighs) return gotraja_reweighs; disarrangements_wigtownshire = antisemitism_spreeuw(butterfingered_unidentifiably); free(((char *)disarrangements_wigtownshire . stichidium_stickfast)); void stonesoup_handle_taint(char *boolian_tetragons) struct migrate_coutumier butterfingered_unidentifiably; butterfingered_unidentifiably . stichidium_stickfast = ((char *)boolian_tetragons); disarrangements_wigtownshire = antisemitism_spreeuw(butterfingered_unidentifiably); 0 --------------------------------- 6012 153177/portalmem.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6013 72148/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_31.c cppfunc 41 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6014 70864/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54.c cppfunc 309 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54e_goodG2BSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6015 153270/dynahash.c cppfunc 815 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *valeted_epitaphize; stonesoup_read_taint(&valeted_epitaphize,"NONIMMIGRANT_QUINCUNXES"); overtaxation_tantaluses = ((int )(strlen(valeted_epitaphize))); memcpy(gloom_ungnawed,valeted_epitaphize,overtaxation_tantaluses); free(((char *)valeted_epitaphize)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&valeted_epitaphize,"NONIMMIGRANT_QUINCUNXES"); overtaxation_tantaluses = ((int )(strlen(valeted_epitaphize))); memcpy(gloom_ungnawed,valeted_epitaphize,overtaxation_tantaluses); free(((char *)valeted_epitaphize)); 0 --------------------------------- 6016 79375/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65.c cppfunc 349 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 6017 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c cppfunc 93 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 6018 152885/color.c cppfunc 363 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6019 153803/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6020 67759/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_84_goodB2G.cpp cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6021 70650/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_11.c cppfunc 458 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6022 72286/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_15.c cppfunc 103 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6023 73718/CWE124_Buffer_Underwrite__CWE839_listen_socket_41.c cppfunc 240 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6024 153127/utils.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6025 79515/CWE134_Uncontrolled_Format_String__char_console_snprintf_61.c inputfunc 206 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_goodB2GSource(data); SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 6026 152907/mutex.c cppfunc 58 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6027 152907/mutex.c cppfunc 55 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6028 152907/mutex.c cppfunc 51 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6029 153138/cryptlib.c cppfunc 164 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6030 110459/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_04.c cppfunc 84 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6031 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c cppfunc 261 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 6032 66335/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_08.c cppfunc 80 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6033 153014/error.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6034 153014/error.c cppfunc 88 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6035 153254/conf_mod.c cppfunc 129 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6036 153795/conversation.c cppfunc 94 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6037 69736/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_09.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 6038 1300/util-ok.c cppfunc 97 register int sz; sz = 1; p = malloc((unsigned) sz); 0 --------------------------------- 6039 148966/packet-http.c cppfunc 2298 eh_ptr->content_type[i] = '\0'; c = eh_ptr->content_type[i]; if (c == ';' || isspace(c)) 0 --------------------------------- 6040 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c cppfunc 197 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_badSink(CWE134_Uncontrolled_Format_String__char_console_vfprintf_67_structType myStruct) char * data = myStruct.structFirst; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 6041 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c cppfunc 381 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 6042 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c cppfunc 384 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 6043 72851/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_04.c cppfunc 100 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 6044 70463/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_16.c cppfunc 278 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6045 72505/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_72.cpp cppfunc 154 void badSink(vector dataVector) char * data = dataVector[2]; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 0 --------------------------------- 6046 153333/utils.c cppfunc 4756 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) switch(( *(spec++))){ if (( *(spec++)) == ':') { int index = (strtol(spec,((void *)0),0)); 0 --------------------------------- 6047 153041/resowner.c cppfunc 716 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *conglobulate_tauchnitz; stonesoup_read_taint(&conglobulate_tauchnitz,"REBBA_BRACHIOTOMY"); hirling_morcha = ((int )(strlen(conglobulate_tauchnitz))); memcpy(sergeantship_nondoubting,conglobulate_tauchnitz,hirling_morcha); free(((char *)conglobulate_tauchnitz)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&conglobulate_tauchnitz,"REBBA_BRACHIOTOMY"); hirling_morcha = ((int )(strlen(conglobulate_tauchnitz))); memcpy(sergeantship_nondoubting,conglobulate_tauchnitz,hirling_morcha); free(((char *)conglobulate_tauchnitz)); 0 --------------------------------- 6048 152923/portalmem.c cppfunc 126 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6049 152923/portalmem.c cppfunc 128 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6050 72130/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_03.c cppfunc 96 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6051 67306/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_03.c cppfunc 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6052 70521/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_42.c cppfunc 130 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6053 153601/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6054 67576/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_09.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6055 153154/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6056 79514/CWE134_Uncontrolled_Format_String__char_console_snprintf_54.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_54b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54b_goodB2GSink(char * data); 0 --------------------------------- 6057 153258/column.c cppfunc 1142 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *cigarillos_marinna; stonesoup_read_taint(&cigarillos_marinna,"SCIMITARED_FURNESS"); pacas_cathartically = &cigarillos_marinna; recutting_marmennill = pacas_cathartically + 5; free(((char *)( *(recutting_marmennill - 5)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&cigarillos_marinna,"SCIMITARED_FURNESS"); pacas_cathartically = &cigarillos_marinna; recutting_marmennill = pacas_cathartically + 5; free(((char *)( *(recutting_marmennill - 5)))); 0 --------------------------------- 6058 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c cppfunc 222 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 6059 70510/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_15.c cppfunc 169 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6060 70665/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_42.c cppfunc 193 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6061 67713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_02.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6062 153510/tile.c cppfunc 90 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6063 152920/oids.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6064 62708/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_01.c cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6065 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 6066 199275/invalid_memory_access.c cppfunc 349 invalid_memory_access_012_s_001 *s; s = (invalid_memory_access_012_s_001 *)calloc(1,sizeof(invalid_memory_access_012_s_001)); s->a = 10; s->b = 10; s->uninit = 10; free(s); 0 --------------------------------- 6067 71364/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_05.c cppfunc 78 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 6068 69209/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_10.cpp cppfunc 96 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 6069 67752/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_68.cpp inputfunc 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 6070 72162/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_62.cpp cppfunc 66 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6071 153267/stream.c cppfunc 242 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *seroot_improvidences;; stonesoup_read_taint(&seroot_improvidences,"CASSANDRE_STEVINSON"); duramens_tintinnabulous = ((int )(strlen(seroot_improvidences))); sogat_claw = ((char *)(malloc(duramens_tintinnabulous + 1))); memset(sogat_claw,0,duramens_tintinnabulous + 1); memcpy(sogat_claw,seroot_improvidences,duramens_tintinnabulous); sandro_knublet = &sogat_claw; unstaid_venatorial = sandro_knublet + 5; free(((char *)( *(unstaid_venatorial - 5)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&seroot_improvidences,"CASSANDRE_STEVINSON"); duramens_tintinnabulous = ((int )(strlen(seroot_improvidences))); memcpy(sogat_claw,seroot_improvidences,duramens_tintinnabulous); sandro_knublet = &sogat_claw; unstaid_venatorial = sandro_knublet + 5; free(((char *)( *(unstaid_venatorial - 5)))); 0 --------------------------------- 6072 72132/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_05.c cppfunc 103 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6073 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c cppfunc 129 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 6074 72129/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_02.c cppfunc 41 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6075 73733/CWE124_Buffer_Underwrite__CWE839_listen_socket_67.c cppfunc 189 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6076 73734/CWE124_Buffer_Underwrite__CWE839_listen_socket_68.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6077 153797/resowner.c cppfunc 200 stonesoup_read_taint(&rcn_dentinoma,"UNCORRUPTEDNESS_CHAIRWOMAN"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 6078 153797/resowner.c inputfunc 203 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&rcn_dentinoma,"UNCORRUPTEDNESS_CHAIRWOMAN"); if (rcn_dentinoma != 0) {; tessellate_ametrous . dmi_lummoxes = rcn_dentinoma; palaeostylic_sessler = &tessellate_ametrous; saintlikeness_captiousness = palaeostylic_sessler + 5; 0 --------------------------------- 6079 153749/color.c cppfunc 326 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6080 72634/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_43.cpp cppfunc 56 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 6081 110693/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_82a.cpp cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6082 153629/avpacket.c cppfunc 518 void molehead_mesoprescutal(int conli_deerstalker,void **etymonic_jarra) molehead_mesoprescutal(conli_deerstalker,etymonic_jarra); free(((char *)((char *)( *etymonic_jarra)))); void stonesoup_handle_taint(char *menaccanite_prememorandum) chindee_precovering = ((void *)menaccanite_prememorandum); aeipathy_cassy = &chindee_precovering; molehead_mesoprescutal(sabin_loudish,aeipathy_cassy); 0 --------------------------------- 6083 153271/types.c cppfunc 127 svn_error_t *svn_revnum_parse(svn_revnum_t *rev,const char *str,const char **endptr) char *end; svn_revnum_t result = strtol(str,&end,10); 0 --------------------------------- 6084 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c cppfunc 129 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 6085 70773/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_65.c cppfunc 146 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_65b_goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 6086 153416/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6087 70981/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_06.c cppfunc 93 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 6088 62588/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_41.c cppfunc 58 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6089 65438/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_07.c cppfunc 101 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 6090 67750/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_66.cpp cppfunc 188 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6091 153225/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6092 153286/mux.c cppfunc 967 char *quartermasters_onychia = 0; planidorsate_lowl(&quartermasters_onychia); nonelective_outdress = lavations_pretences(quartermasters_onychia); char *lavations_pretences(char *dredger_orthophenylene) return dredger_orthophenylene; nonelective_outdress = lavations_pretences(quartermasters_onychia); free(((char *)nonelective_outdress)); 0 --------------------------------- 6093 152918/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6094 153163/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6095 62967/CWE121_Stack_Based_Buffer_Overflow__CWE135_22.c cppfunc 163 void CWE121_Stack_Based_Buffer_Overflow__CWE135_22_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 6096 153228/cryptlib.c cppfunc 174 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6097 62967/CWE121_Stack_Based_Buffer_Overflow__CWE135_22.c cppfunc 160 void CWE121_Stack_Based_Buffer_Overflow__CWE135_22_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 6098 72817/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_18.c cppfunc 64 data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 6099 153228/cryptlib.c cppfunc 178 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6100 73632/CWE124_Buffer_Underwrite__CWE839_fgets_62.cpp cppfunc 222 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6101 153182/color.c cppfunc 333 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6102 153182/color.c cppfunc 331 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6103 153369/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6104 66280/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_01.c cppfunc 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 6105 70508/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_13.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6106 153007/tile.c cppfunc 72 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6107 62715/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_08.c cppfunc 199 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6108 71634/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_62.cpp cppfunc 58 data = (int64_t *)malloc(100*sizeof(int64_t)); memmove(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 6109 153827/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6110 153399/cmdline.c cppfunc 915 svn_error_t *svn_cmdline__edit_file_externally(const char *path,const char *editor_cmd,apr_hash_t *config,apr_pool_t *pool) const char *file_name; svn_dirent_split(&base_dir,&file_name,path,pool); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char *editor; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); apr_err = apr_filepath_set(old_cwd,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); 0 --------------------------------- 6111 153827/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6112 153193/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6113 153562/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6114 199233/buffer_overrun_dynamic.c cppfunc 176 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); free(buf2); 0 --------------------------------- 6115 199233/buffer_overrun_dynamic.c cppfunc 177 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); int *buf3=(int*)calloc(5,sizeof(int)); free(buf3); 0 --------------------------------- 6116 199233/buffer_overrun_dynamic.c cppfunc 178 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); int *buf3=(int*)calloc(5,sizeof(int)); int *buf4=(int*)calloc(5,sizeof(int)); free(buf4); 0 --------------------------------- 6117 199233/buffer_overrun_dynamic.c cppfunc 179 int *buf1=(int*)calloc(5,sizeof(int)); int *buf2=(int*)calloc(5,sizeof(int)); int *buf3=(int*)calloc(5,sizeof(int)); int *buf4=(int*)calloc(5,sizeof(int)); int *buf5=(int*)calloc(5,sizeof(int)); free(buf5); 0 --------------------------------- 6118 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c inputfunc 136 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 6119 153275/column.c cppfunc 1292 void stonesoup_handle_taint(char *yod_saturniid) cessations_autologous = ((void *)yod_saturniid); testacea_tallevast[5] = cessations_autologous; scroungiest_approbations = 5; walkaways_spoonways = &scroungiest_approbations; gayer_dodge = *(testacea_tallevast + *walkaways_spoonways); CADDISHNESS_PSILOTUM(gayer_dodge); void annunciation_apis(void *goldfinch_preplanning) free(((char *)((char *)goldfinch_preplanning))); 0 --------------------------------- 6120 72791/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67.c cppfunc 162 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67_structType myStruct; data[50-1] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 6121 153724/ffmpeg.c cppfunc 182 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6122 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c cppfunc 160 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 6123 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c cppfunc 163 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 6124 153347/bufmgr.c cppfunc 111 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6125 73024/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54.c cppfunc 268 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54e_badSink(char * data) strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 6126 153744/types.c cppfunc 58 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6127 70649/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_10.c cppfunc 304 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6128 72025/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_72.cpp cppfunc 171 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6129 153427/utils.c cppfunc 111 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6130 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c cppfunc 588 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54d_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54e_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54e_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 6131 70642/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_03.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6132 153526/pgstat.c inputfunc 3302 if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { switch(fgetc(fpin)){ if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 6133 153213/dynahash.c cppfunc 284 exodermal_gratulated = getenv("DEVINNA_FOXTON"); beveled_soya = exodermal_gratulated; toxin_semicentenaries = &beveled_soya; NONHERETICAL_TUBINARIAL(toxin_semicentenaries); void intervened_galvanoscopic(metter_propylhexedrine *bradoon_barbet) tyndallize_ironmongery = ((char *)( *bradoon_barbet)); stonesoup_buffer = malloc((strlen(tyndallize_ironmongery) + 1) * sizeof(char )); strcpy(stonesoup_buffer,tyndallize_ironmongery); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 6134 70413/CWE122_Heap_Based_Buffer_Overflow__CWE135_14.c cppfunc 83 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6135 153229/string.c cppfunc 84 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6136 153510/tile.c cppfunc 112 stonesoup_read_taint(&lobo_buteo,"CHRISOM_CALCANEI"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 6137 153229/string.c cppfunc 86 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6138 153510/tile.c inputfunc 115 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&lobo_buteo,"CHRISOM_CALCANEI"); if (lobo_buteo != 0) {; meuniere_hydrocoralline . pseudomaniac_lilibelle = lobo_buteo; wool_dialectologies = &meuniere_hydrocoralline; bipartisanship_haphsiba = &wool_dialectologies; tigernut_spectators = &bipartisanship_haphsiba; citynesses_pupilability = &tigernut_spectators; prerefusal_cytoma = &citynesses_pupilability; ulvan_revaccinate = &prerefusal_cytoma; immember_mulloway = &ulvan_revaccinate; aerographical_ebon = &immember_mulloway; textuaries_arilli = &aerographical_ebon; untroubled_bradykinesia = &textuaries_arilli; ethic_puelchean(untroubled_bradykinesia); 0 --------------------------------- 6139 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c cppfunc 76 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6140 153793/color.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6141 153489/color.c cppfunc 364 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6142 153793/color.c cppfunc 119 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6143 67421/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_32.c cppfunc 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 6144 79479/CWE134_Uncontrolled_Format_String__char_console_printf_82a.cpp inputfunc 91 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject->action(data); virtual void action(char * data) = 0; 0 --------------------------------- 6145 153307/color.c cppfunc 342 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6146 152870/stream.c inputfunc 132 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&concentration_bottega,"NORRY_DACTYLOMEGALY"); if (concentration_bottega != 0) {; 0 --------------------------------- 6147 70461/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_14.c cppfunc 330 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6148 153185/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6149 66368/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_68.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6150 153753/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6151 79462/CWE134_Uncontrolled_Format_String__char_console_printf_45.c inputfunc 114 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_45_goodB2GData = data; goodB2GSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_printf_45_goodB2GData; printf("%s\n", data); 0 --------------------------------- 6152 153680/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6153 72144/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_17.c cppfunc 42 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6154 153231/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6155 153192/tile-manager.c cppfunc 79 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6156 153349/img2.c cppfunc 164 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int deadhouse_shawwal = 53; char *gladiest_rhapsodizes;; stonesoup_read_taint(&gladiest_rhapsodizes,"1652",deadhouse_shawwal); bonny_brachycome = ((void *)gladiest_rhapsodizes); pseudo_redominating = 1; electrogalvanic_unsun = &bonny_brachycome; mimically_bearsville = ((void **)(((unsigned long )electrogalvanic_unsun) * pseudo_redominating * pseudo_redominating)) + 5; free(((char *)((char *)( *(mimically_bearsville - 5))))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&gladiest_rhapsodizes,"1652",deadhouse_shawwal); bonny_brachycome = ((void *)gladiest_rhapsodizes); electrogalvanic_unsun = &bonny_brachycome; mimically_bearsville = ((void **)(((unsigned long )electrogalvanic_unsun) * pseudo_redominating * pseudo_redominating)) + 5; free(((char *)((char *)( *(mimically_bearsville - 5))))); 0 --------------------------------- 6157 70645/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_06.c cppfunc 267 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6158 67582/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_15.cpp cppfunc 108 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6159 153401/e_camellia.c inputfunc 138 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&unshored_antipart,"WAILY_LATRICIA"); if (unshored_antipart != 0) {; unsuppressible_esne = unshored_antipart; chilicote_kalends[5] = unsuppressible_esne; hainanese_illumining = *(chilicote_kalends + underbubble_colourtype[1]); if (hainanese_illumining != 0) { cite_daying = ((char *)hainanese_illumining); strncpy(stonesoup_source,cite_daying,sizeof(stonesoup_source)); if (hainanese_illumining != 0) free(((char *)hainanese_illumining)); 0 --------------------------------- 6160 70670/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52.c cppfunc 435 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6161 153232/e_bf.c cppfunc 122 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6162 153232/e_bf.c cppfunc 124 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6163 153593/color.c cppfunc 365 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6164 72994/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_03.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 6165 72357/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_65.c cppfunc 140 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_65b_goodG2BSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6166 70455/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_08.c cppfunc 343 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6167 153055/config_file.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6168 149221/use_after_free_scope-bad.c cppfunc 31 str[0] = 'S'; printf("%s\n", str); free(str); 0 --------------------------------- 6169 71436/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_45.c cppfunc 37 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6170 153384/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6171 153329/avfilter.c cppfunc 80 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6172 72967/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_34.c cppfunc 75 CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 6173 70432/CWE122_Heap_Based_Buffer_Overflow__CWE135_54.c cppfunc 311 void CWE122_Heap_Based_Buffer_Overflow__CWE135_54e_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 6174 67737/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_42.cpp cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6175 63798/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_07.c cppfunc 103 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 6176 66520/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_01.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6177 153260/bio_err.c cppfunc 116 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6178 153260/bio_err.c cppfunc 118 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6179 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c cppfunc 117 data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GVaSinkG(data, data); goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 6180 153165/cmdline.c cppfunc 89 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6181 153829/color.c cppfunc 380 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6182 153165/cmdline.c cppfunc 87 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6183 110531/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_44.c cppfunc 158 static void goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6184 72325/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_06.c cppfunc 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6185 153173/eng_table.c cppfunc 134 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 6186 72755/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_04.c cppfunc 100 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 6187 72218/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_73.cpp cppfunc 175 list dataList; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 6188 152940/cmdutils.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6189 153555/utf.c inputfunc 151 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&syncretizing_parcenership,"DARINGS_VERTEBROILIAC"); if (syncretizing_parcenership != 0) {; 0 --------------------------------- 6190 153576/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6191 70765/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_51.c cppfunc 129 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_51b_badSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 6192 67417/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_18.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 6193 153215/pgstat.c inputfunc 3435 if (fread((&format_id),1,sizeof(format_id),fpin) != sizeof(format_id) || format_id != 0x01A5BC9A) { FreeFile(fpin); if (fread((&myGlobalStats),1,sizeof(myGlobalStats),fpin) != sizeof(myGlobalStats)) { FreeFile(fpin); *ts = myGlobalStats . stats_timestamp; FreeFile(fpin); if (pgstat_read_statsfile_timestamp(((bool )0),&file_ts) && file_ts >= min_ts) { static bool pgstat_read_statsfile_timestamp(bool permanent,TimestampTz *ts) 0 --------------------------------- 6194 67719/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_08.cpp inputfunc 334 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 6195 153351/oids.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6196 153351/oids.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6197 71440/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54.c cppfunc 271 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6198 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 6199 66245/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_14.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 6200 153119/bufmgr.c cppfunc 148 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6201 153447/color.c cppfunc 337 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6202 153447/color.c cppfunc 335 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6203 153536/stream.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6204 153829/color.c cppfunc 608 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int illaqueation_etymologically = 596; char *talas_sleevelessness; stonesoup_read_taint(&talas_sleevelessness,"1479",illaqueation_etymologically); free(((char *)talas_sleevelessness)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&talas_sleevelessness,"1479",illaqueation_etymologically); free(((char *)talas_sleevelessness)); 0 --------------------------------- 6205 62733/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_42.c cppfunc 75 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6206 153822/config_file.c cppfunc 145 stonesoup_read_taint(&unsurprising_inconnection,"SINNAMAHONING_CONSULTORY"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 6207 70533/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_65.c cppfunc 85 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6208 70533/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_65.c inputfunc 82 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); funcPtr(data); 0 --------------------------------- 6209 153585/color.c cppfunc 362 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6210 153585/color.c cppfunc 360 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6211 153333/utils.c cppfunc 4276 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; const char *col; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { if ((col = (strchr(p,':'))) && col < ls) { *port_ptr = atoi(col + 1); 0 --------------------------------- 6212 70671/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6213 153244/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6214 66418/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_73.cpp cppfunc 148 void badSink(list dataList) wchar_t * data = dataList.back(); dataLen = wcslen(data); 0 --------------------------------- 6215 67573/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_06.cpp cppfunc 101 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6216 72737/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61.c cppfunc 59 data[50-1] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61b_goodG2BSource(data); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 6217 66325/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_82a.cpp cppfunc 49 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6218 67402/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_03.c cppfunc 60 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6219 153255/pmsignal.c cppfunc 432 struct slows_sentry constrainer_entrancements = {0}; va_list nearside_barrabora; __builtin_va_start(nearside_barrabora,intertissued_quippy); constrainer_entrancements = (va_arg(nearside_barrabora,struct slows_sentry )); free(((char *)constrainer_entrancements . remijia_address)); 0 --------------------------------- 6220 153720/resowner.c cppfunc 144 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6221 67746/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_62.cpp cppfunc 361 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6222 62966/CWE121_Stack_Based_Buffer_Overflow__CWE135_21.c cppfunc 106 size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); data = (void *)WIDE_STRING; goodB2G2Sink(data); static void goodB2G2Sink(void * data) memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6223 62966/CWE121_Stack_Based_Buffer_Overflow__CWE135_21.c cppfunc 103 data = (void *)WIDE_STRING; goodB2G2Sink(data); static void goodB2G2Sink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 6224 72760/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_09.c cppfunc 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 6225 69925/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_06.cpp cppfunc 99 data = new wchar_t[100]; data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 6226 153345/eng_table.c cppfunc 154 int ragouting_superadditional = 44; stonesoup_read_taint(&arnoldson_futiley,"1992",ragouting_superadditional); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 6227 71396/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_64.c cppfunc 124 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 6228 70414/CWE122_Heap_Based_Buffer_Overflow__CWE135_15.c cppfunc 137 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6229 72150/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_33.cpp cppfunc 72 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6230 153624/color.c cppfunc 366 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6231 153416/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&gnomic_lunkheads,"GOLES_BIOTYPE"); if (gnomic_lunkheads != 0) {; tosspot_motivic = ((char *)gnomic_lunkheads); strncpy(stonesoup_source,tosspot_motivic,sizeof(stonesoup_source)); if (gnomic_lunkheads != 0) free(((char *)gnomic_lunkheads)); 0 --------------------------------- 6232 70419/CWE122_Heap_Based_Buffer_Overflow__CWE135_22.c cppfunc 210 void CWE122_Heap_Based_Buffer_Overflow__CWE135_22_goodB2G1Sink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6233 153709/ffmpeg.c cppfunc 1045 fprintf(vstats_file,"PSNR= %6.2f ",psnr(enc -> coded_frame -> error[0] / ((enc -> width * enc -> height) * 255.0 * 255.0))); double error_sum = 0; double scale_sum = 0; error = enc -> error[j]; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; scale_sum += scale; p = psnr(error / scale); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); error_sum += error; p = psnr(error_sum / scale_sum); 0 --------------------------------- 6234 148828/Element.cpp cppfunc 1500 CSSSelectorList selectorList; p.parseSelector(selector, document(), selectorList); if (!selectorList.first()) { if (selectorList.selectorsNeedNamespaceResolution()) { for (CSSSelector* selector = selectorList.first(); selector; selector = CSSSelectorList::next(selector)) { if (selectorChecker.checkSelector(selector, this)) for (CSSSelector* selector = selectorList.first(); selector; selector = CSSSelectorList::next(selector)) { 0 --------------------------------- 6235 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c inputfunc 136 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 6236 153392/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6237 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c cppfunc 228 data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_goodB2GSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 6238 153765/mutex.c cppfunc 72 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 6239 110829/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_65.cpp cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6240 70450/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_03.c cppfunc 330 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6241 153402/color.c cppfunc 383 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6242 70737/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_02.c cppfunc 89 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 6243 153513/utils.c cppfunc 4730 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) switch(( *(spec++))){ if (( *(spec++)) == ':') { int index = (strtol(spec,((void *)0),0)); 0 --------------------------------- 6244 72786/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_62.cpp cppfunc 150 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 6245 67611/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_74.cpp cppfunc 97 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6246 153212/utils.c cppfunc 4243 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { *port_ptr = atoi(brk + 2); 0 --------------------------------- 6247 153301/e_camellia.c cppfunc 633 va_list subdeaconship_stately; __builtin_va_start(subdeaconship_stately,unaffectioned_brenn); antisymmetry_orthopathic = (va_arg(subdeaconship_stately,union recycled_fingerleaf )); 0 --------------------------------- 6248 153267/stream.c cppfunc 79 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6249 153379/e_camellia.c cppfunc 636 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 6250 72190/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_15.c cppfunc 84 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 6251 70779/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_74.cpp cppfunc 156 void badSink(map dataMap) char * data = dataMap[2]; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 6252 72361/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_72.cpp cppfunc 149 void badSink(vector dataVector) char * data = dataVector[2]; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6253 153079/cmdline.c cppfunc 83 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6254 152870/stream.c cppfunc 107 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6255 70412/CWE122_Heap_Based_Buffer_Overflow__CWE135_13.c cppfunc 144 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 6256 71353/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_72.cpp cppfunc 171 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6257 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c cppfunc 157 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 6258 72212/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_64.c cppfunc 158 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 6259 199236/buffer_underrun_dynamic.c cppfunc 603 dynamic_buffer_underrun_s_032* ptr_s= calloc(10,sizeof(dynamic_buffer_underrun_s_032)); ptr_s[i].arr[i]='a'; free(ptr_s); 0 --------------------------------- 6260 70885/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_06.c cppfunc 76 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6261 72311/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67.c cppfunc 134 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67_structType myStruct) char * data = myStruct.structFirst; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6262 153537/heapam.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6263 153760/aviobuf.c cppfunc 81 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6264 153537/heapam.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6265 62576/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_13.c cppfunc 137 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6266 70963/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_63.c cppfunc 146 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 6267 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c cppfunc 197 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 6268 153499/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6269 153030/avpacket.c cppfunc 80 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6270 153030/avpacket.c cppfunc 82 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6271 73712/CWE124_Buffer_Underwrite__CWE839_listen_socket_21.c cppfunc 225 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6272 153582/avfilter.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6273 153582/avfilter.c cppfunc 74 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6274 153582/avfilter.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6275 70955/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_44.c cppfunc 65 static void goodG2BSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 6276 153673/config.c inputfunc 135 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&woodwind_pseudapospory,"ANTIPLEURITIC_PEACEKEEPER"); if (woodwind_pseudapospory != 0) {; mycorrhizic_chicanos = ((int )(strlen(woodwind_pseudapospory))); plagioclinal_reconciliated = ((char *)(malloc(mycorrhizic_chicanos + 1))); if (plagioclinal_reconciliated == 0) { memcpy(plagioclinal_reconciliated,woodwind_pseudapospory,mycorrhizic_chicanos); if (woodwind_pseudapospory != 0) free(((char *)woodwind_pseudapospory)); 0 --------------------------------- 6277 153240/color.c cppfunc 341 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6278 71005/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_51.c cppfunc 129 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_51b_badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 6279 71363/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_04.c cppfunc 78 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 6280 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c cppfunc 192 char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_badData; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 6281 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c cppfunc 195 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 6282 153657/pgstat.c inputfunc 3361 if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); memcpy(dbentry,(&dbbuf),sizeof(PgStat_StatDBEntry )); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 6283 62730/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_33.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6284 72420/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_05.c cppfunc 97 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 6285 153080/main_statusbar.c cppfunc 123 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6286 73158/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_33.cpp cppfunc 66 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcscpy(dest, data); printWLine(data); free(data); 0 --------------------------------- 6287 153023/avpacket.c cppfunc 532 char *winklehole_musettes = 0; pointers_petrologically(&winklehole_musettes); superlocally_gumboils = &winklehole_musettes; lumpishness_anorthoscope = superlocally_gumboils + 5; tacitus_knitch[37] = lumpishness_anorthoscope; free(((char *)( *(tacitus_knitch[37] - 5)))); 0 --------------------------------- 6288 153375/mux.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6289 153307/color.c cppfunc 359 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6290 67305/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_02.c cppfunc 80 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6291 72806/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_07.c cppfunc 99 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 6292 110528/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_41.c cppfunc 154 intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_41_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_41_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6293 153385/portalmem.c cppfunc 542 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int groundworks_argillite = 20; char *sophister_attiwendaronk;; stonesoup_read_taint(&sophister_attiwendaronk,"2974",groundworks_argillite); nausicaa_ballies[52] = sophister_attiwendaronk; hedgehogs_unfervidly = nausicaa_ballies; free(((char *)hedgehogs_unfervidly[52])); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&sophister_attiwendaronk,"2974",groundworks_argillite); nausicaa_ballies[52] = sophister_attiwendaronk; hedgehogs_unfervidly = nausicaa_ballies; free(((char *)hedgehogs_unfervidly[52])); 0 --------------------------------- 6294 153088/mux.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6295 65446/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_15.c cppfunc 108 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 6296 67741/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_51.cpp inputfunc 98 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 6297 62965/CWE121_Stack_Based_Buffer_Overflow__CWE135_18.c cppfunc 65 data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 6298 153774/eng_table.c cppfunc 118 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6299 153377/emem.c cppfunc 180 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6300 153377/emem.c cppfunc 187 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6301 153377/emem.c cppfunc 184 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6302 153298/stream.c cppfunc 108 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6303 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c cppfunc 191 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 6304 73711/CWE124_Buffer_Underwrite__CWE839_listen_socket_18.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6305 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c inputfunc 150 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 6306 153298/stream.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6307 153541/heapam.c cppfunc 127 stonesoup_printf("Error: Failed to allocate memory\n"); tracepoint(stonesoup_trace, trace_point, "TRIGGER-POINT: AFTER"); tracepoint(stonesoup_trace, trace_point, "CROSSOVER-POINT: AFTER"); stonesoup_printf("%s\n",stonesoup_stack_buff_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6308 153541/heapam.c cppfunc 129 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6309 153822/config_file.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6310 72121/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_72.cpp cppfunc 150 void badSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 6311 62981/CWE121_Stack_Based_Buffer_Overflow__CWE135_61.c cppfunc 81 data = (void *)WIDE_STRING; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE135_61b_goodB2GSource(data); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6312 67730/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_21.cpp inputfunc 254 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 6313 70660/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_31.c cppfunc 188 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6314 66255/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_34.c cppfunc 36 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 6315 70515/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22.c cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6316 153048/pmsignal.c cppfunc 118 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6317 153048/pmsignal.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6318 153048/pmsignal.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6319 70676/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_64.c cppfunc 368 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6320 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c inputfunc 137 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 6321 71194/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_43.cpp cppfunc 74 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 6322 153540/eng_table.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6323 153540/eng_table.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6324 153540/eng_table.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6325 70833/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_02.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6326 153809/img2.c cppfunc 45 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6327 153721/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6328 70667/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_44.c cppfunc 263 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6329 72280/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_09.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6330 152933/column-utils.c cppfunc 90 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6331 71737/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_72.cpp cppfunc 142 void badSink(vector dataVector) int * data = dataVector[2]; memcpy(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 6332 153353/color.c cppfunc 606 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int encouragement_pylori = 20; char *knuckleheaded_bioelectric; stonesoup_read_taint(&knuckleheaded_bioelectric,"5518",encouragement_pylori); free(((char *)knuckleheaded_bioelectric)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&knuckleheaded_bioelectric,"5518",encouragement_pylori); free(((char *)knuckleheaded_bioelectric)); 0 --------------------------------- 6333 153296/timestamp.c cppfunc 74 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6334 153296/timestamp.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6335 66586/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_21.c cppfunc 72 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 6336 70990/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_15.c cppfunc 77 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 6337 152891/color.c cppfunc 118 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6338 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c cppfunc 164 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 6339 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c cppfunc 167 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 6340 153656/color.c cppfunc 341 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6341 67404/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_05.c cppfunc 87 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6342 70531/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63.c cppfunc 175 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6343 153438/conf_mod.c cppfunc 126 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6344 148923/tvbuff.c cppfunc 1322 tvb_get_letohieee_float(tvbuff_t *tvb, const int offset) return get_ieee_float(tvb_get_letohl(tvb, offset)); tvb_get_letohl(tvbuff_t *tvb, const gint offset) ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); fast_ensure_contiguous(tvbuff_t *tvb, const gint offset, const guint length) DISSECTOR_ASSERT(tvb && tvb->initialized); return ensure_contiguous(tvb, offset, length); u_offset = offset; return tvb->real_data + u_offset; return NULL; ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); return pntohl(ptr); IEEE_SP_MANTISSA_WIDTH; exponent = ((exponent >> IEEE_SP_MANTISSA_WIDTH) - IEEE_SP_BIAS) - return -mantissa * pow(2, exponent); return get_ieee_float(tvb_get_ntohl(tvb, offset)); ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); return pletohl(ptr); return get_ieee_float(tvb_get_letohl(tvb, offset)); get_ieee_float(const guint32 w) exponent = w & IEEE_SP_EXPONENT_MASK; exponent = ((exponent >> IEEE_SP_MANTISSA_WIDTH) - IEEE_SP_BIAS) - return -mantissa * pow(2, exponent); tvb_get_ntohieee_float(tvbuff_t *tvb, const int offset) return get_ieee_float(tvb_get_ntohl(tvb, offset)); tvb_get_ntohl(tvbuff_t *tvb, const gint offset) ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); 0 --------------------------------- 6345 148923/tvbuff.c cppfunc 1324 tvb_get_ntohieee_float(tvbuff_t *tvb, const int offset) return get_ieee_float(tvb_get_ntohl(tvb, offset)); tvb_get_ntohl(tvbuff_t *tvb, const gint offset) ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); fast_ensure_contiguous(tvbuff_t *tvb, const gint offset, const guint length) DISSECTOR_ASSERT(tvb && tvb->initialized); return ensure_contiguous(tvb, offset, length); u_offset = offset; return tvb->real_data + u_offset; return NULL; ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); return pntohl(ptr); IEEE_SP_MANTISSA_WIDTH; exponent = ((exponent >> IEEE_SP_MANTISSA_WIDTH) - IEEE_SP_BIAS) - return mantissa * pow(2, exponent); return get_ieee_float(tvb_get_ntohl(tvb, offset)); ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); return pletohl(ptr); return get_ieee_float(tvb_get_letohl(tvb, offset)); get_ieee_float(const guint32 w) exponent = w & IEEE_SP_EXPONENT_MASK; exponent = ((exponent >> IEEE_SP_MANTISSA_WIDTH) - IEEE_SP_BIAS) - return mantissa * pow(2, exponent); tvb_get_letohieee_float(tvbuff_t *tvb, const int offset) return get_ieee_float(tvb_get_letohl(tvb, offset)); tvb_get_letohl(tvbuff_t *tvb, const gint offset) ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); 0 --------------------------------- 6346 153613/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6347 63635/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_04.c cppfunc 101 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 6348 153448/cryptlib.c cppfunc 185 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 6349 110673/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_42.cpp cppfunc 34 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6350 71730/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_62.cpp cppfunc 58 data = (int *)malloc(100*sizeof(int)); memcpy(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 6351 110350/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_66.c cppfunc 225 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_66b_badSink(int dataArray[]) int data = dataArray[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6352 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c inputfunc 52 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data, data); 0 --------------------------------- 6353 66617/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_02.c cppfunc 86 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6354 153093/main_filter_toolbar.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6355 67728/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_17.cpp inputfunc 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 6356 153258/column.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6357 153258/column.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6358 66304/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_41.c cppfunc 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6359 70517/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_32.c cppfunc 176 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6360 153098/main_statusbar.c cppfunc 124 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6361 70501/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_06.c cppfunc 186 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6362 152869/conversation.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6363 67743/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_53.cpp cppfunc 182 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6364 66237/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_06.c cppfunc 65 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6365 62732/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_41.c cppfunc 240 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6366 72216/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68.c cppfunc 144 wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68_badData; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 6367 66292/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_13.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6368 153655/color.c cppfunc 353 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6369 153655/color.c cppfunc 351 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6370 70496/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c cppfunc 105 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6371 153440/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6372 62577/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_14.c cppfunc 87 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6373 62577/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_14.c inputfunc 84 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 6374 153743/stream.c cppfunc 160 stonesoup_read_taint(&shelducks_litherly,"WOOLFELLS_SCLEROTIZED"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 6375 153743/stream.c inputfunc 163 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&shelducks_litherly,"WOOLFELLS_SCLEROTIZED"); if (shelducks_litherly != 0) {; grammar_serfdoms . macapa_airsheds = ((char *)shelducks_litherly); hemiteratic_palaeolithy[5] = grammar_serfdoms; unbranded_repatency = *(hemiteratic_palaeolithy + acronyctous_corrosived[1]); backfired_crambambuli(unbranded_repatency); void backfired_crambambuli(struct somewhy_mutter marcgrave_unitrivalent); 0 --------------------------------- 6376 110493/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_65.c cppfunc 146 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_65b_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6377 152948/mutex.c cppfunc 90 stonesoup_read_taint(&shrewstruck_overtness,"APHIDIINAE_POLANDER"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 6378 66582/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_15.c cppfunc 67 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6379 62985/CWE121_Stack_Based_Buffer_Overflow__CWE135_65.c cppfunc 142 void CWE121_Stack_Based_Buffer_Overflow__CWE135_65b_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 6380 153383/config.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6381 152948/mutex.c inputfunc 93 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&shrewstruck_overtness,"APHIDIINAE_POLANDER"); if (shrewstruck_overtness != 0) {; 0 --------------------------------- 6382 67592/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_41.cpp cppfunc 162 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6383 153718/hashfn.c cppfunc 55 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6384 153636/mux.c cppfunc 101 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6385 153178/color.c cppfunc 121 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6386 152887/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6387 153562/color.c cppfunc 353 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6388 152887/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6389 152887/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6390 152926/color.c cppfunc 337 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6391 152926/color.c cppfunc 335 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6392 70643/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_04.c cppfunc 198 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6393 72332/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_13.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6394 153441/oids.c cppfunc 158 grandmothers_stylo = ((char *)teknonymously_vanquishes . reassert_skulkers); stonesoup_buffer = malloc((strlen(grandmothers_stylo) + 1) * sizeof(char )); strcpy(stonesoup_buffer,grandmothers_stylo); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 6395 70502/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_07.c cppfunc 233 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6396 153518/e_bf.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6397 153082/config.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6398 153082/config.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6399 153082/config.c cppfunc 94 size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6400 67722/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_11.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6401 70840/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_09.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6402 153519/cmdline.c cppfunc 1085 e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char **tmpfile_left,const char *editor_cmd, const svn_string_t *contents,const char *filename,apr_hash_t *config,svn_boolean_t as_text,const char *encoding,apr_pool_t *pool) const char *editor; const char *tmpfile_native; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); svn_error_t *svn_err__temp = svn_subst_translate_cstring2(contents -> data,&translated,"\n",0,((void *)0),0,pool); translated_contents = svn_string_create_empty(pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8_ex2(&translated_contents -> data,translated,encoding,pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8(&translated_contents -> data,translated,pool); translated_contents = svn_string_dup(contents,pool); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); svn_error_t *svn_err__temp = svn_io_temp_dir(&base_dir,pool); svn_error_t *svn_err__temp = svn_path_cstring_from_utf8(&temp_dir_apr,base_dir,pool); apr_err = apr_filepath_set(temp_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); err = svn_path_cstring_from_utf8(&tmpfile_apr,tmpfile_name,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x10,pool); apr_file_mtime_set(tmpfile_apr,finfo_before . mtime - 2000,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x00000010 | 0x00000100,pool); err = svn_utf_cstring_from_utf8(&tmpfile_native,tmpfile_name,pool); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); 0 --------------------------------- 6403 72381/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_14.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 6404 79521/CWE134_Uncontrolled_Format_String__char_console_snprintf_67.c inputfunc 53 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_67b_badSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_snprintf_67b_badSink(CWE134_Uncontrolled_Format_String__char_console_snprintf_67_structType myStruct); 0 --------------------------------- 6405 66548/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_45.c cppfunc 73 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6406 67508/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_07.c cppfunc 43 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_07_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_07_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 6407 70857/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_42.c cppfunc 73 data = (char *)malloc((10+1)*sizeof(char)); return data; data = goodG2BSource(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6408 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 6409 153619/resowner.c cppfunc 158 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6410 153619/resowner.c cppfunc 155 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6411 153619/resowner.c cppfunc 151 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6412 66653/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_65.c cppfunc 60 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6413 66583/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_16.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 6414 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c cppfunc 96 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 6415 67716/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_05.cpp inputfunc 327 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 6416 70916/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_64.c cppfunc 131 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6417 152955/timestamp.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6418 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c cppfunc 99 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6419 110479/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_34.c cppfunc 81 CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_34_unionType myUnion; int data = myUnion.unionSecond; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6420 66559/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_67.c cppfunc 58 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6421 70428/CWE122_Heap_Based_Buffer_Overflow__CWE135_45.c cppfunc 99 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_45_goodB2GData = data; goodB2GSink(); void * data = CWE122_Heap_Based_Buffer_Overflow__CWE135_45_goodB2GData; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6422 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c cppfunc 386 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 6423 71390/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52.c cppfunc 190 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52c_goodG2BSink(char * data) strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 6424 72303/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53.c cppfunc 220 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53d_badSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6425 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c cppfunc 254 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 6426 153703/tile-swap.c cppfunc 661 void stonesoup_handle_taint(char *antipode_winkelried) boatel_macron = ((int )(strlen(antipode_winkelried))); memcpy(leptorrhinian_condensability,antipode_winkelried,boatel_macron); free(((char *)antipode_winkelried)); 0 --------------------------------- 6427 153112/utils.c cppfunc 4285 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { *port_ptr = atoi(brk + 2); 0 --------------------------------- 6428 153268/mux.c cppfunc 97 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 6429 66312/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6430 72185/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_10.c cppfunc 77 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 6431 71334/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_33.cpp cppfunc 44 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6432 73344/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_33.cpp cppfunc 62 twoIntsStruct * &dataRef = data; twoIntsStruct * data = dataRef; printStructLine(data); free(data); 0 --------------------------------- 6433 153580/pmsignal.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6434 153591/e_camellia.c cppfunc 599 void stonesoup_handle_taint(char *overfrugality_pairt) pseudobinary_synochal = ((int )(strlen(overfrugality_pairt))); memcpy(magistracy_riverside,overfrugality_pairt,pseudobinary_synochal); free(((char *)overfrugality_pairt)); 0 --------------------------------- 6435 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c inputfunc 45 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_badData = data; 0 --------------------------------- 6436 62727/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22.c cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6437 70640/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_01.c cppfunc 282 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6438 153294/bufmgr.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6439 153286/mux.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6440 153043/cmdline.c cppfunc 77 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6441 110403/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_74.cpp cppfunc 163 void badSink(map dataMap) int data = dataMap[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6442 72163/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_63.c cppfunc 142 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6443 153043/cmdline.c cppfunc 79 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6444 153250/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6445 153250/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6446 79503/CWE134_Uncontrolled_Format_String__char_console_snprintf_32.c inputfunc 125 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; *dataPtr1 = data; 0 --------------------------------- 6447 72829/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_51.c cppfunc 141 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_51b_goodG2BSink(char * data) strcat(data, source); printLine(data); free(data); 0 --------------------------------- 6448 152891/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6449 152900/avdevice.c cppfunc 278 saponaria_paxilla = &anglicans_granam; irritila_whipmaking = &saponaria_paxilla; nasutiform_lymphology = &irritila_whipmaking; salvers_manslaying = &nasutiform_lymphology; jubbahs_oxyrhynchid = &salvers_manslaying; festatus_benzhydrol = &jubbahs_oxyrhynchid; anchorer_amidships = &festatus_benzhydrol; orvah_subcompensation = &anchorer_amidships; simuliidae_memorialization = &orvah_subcompensation; bonnibel_correl = &simuliidae_memorialization; aldoxime_nonwinged = &bonnibel_correl; unapostatized_garniture = &aldoxime_nonwinged; aborting_gloam = &unapostatized_garniture; endorsees_dualistic = &aborting_gloam; molten_kearney = &endorsees_dualistic; rabbiting_legitimism = &molten_kearney; capsulogenous_alveolites = &rabbiting_legitimism; subdrill_uncoffer = &capsulogenous_alveolites; supports_cellarer = &subdrill_uncoffer; micropetrology_shaer = &supports_cellarer; transitival_priggisms = µpetrology_shaer; kirschner_doitrified = &transitival_priggisms; spud_ctenidial = &kirschner_doitrified; calelectrical_amylolytic = &spud_ctenidial; steelie_showfolk = &calelectrical_amylolytic; homeostases_gastonville = &steelie_showfolk; ortyx_antipleuritic = &homeostases_gastonville; culmed_wisure = &ortyx_antipleuritic; free(((char *)( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *culmed_wisure)))))))))))))))))))))))))))))))))))))))))))))))))))); 0 --------------------------------- 6450 153023/avpacket.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6451 63801/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_10.c cppfunc 75 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 6452 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 6453 153647/aviobuf.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6454 72770/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_21.c cppfunc 37 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 6455 79511/CWE134_Uncontrolled_Format_String__char_console_snprintf_51.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_51b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_51b_goodB2GSink(char * data) SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 6456 67400/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_01.c cppfunc 50 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6457 72168/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_68.c cppfunc 133 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6458 62711/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_04.c cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6459 67324/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_31.c cppfunc 54 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6460 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c cppfunc 411 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52c_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 6461 153617/emem.c inputfunc 232 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&cellular_studite,"SPECTERLIKE_SEMICARBAZONE"); if (cellular_studite != 0) {; tupler_omnivident . unwaving_pycnogonidium = cellular_studite; pococurantism_aceldamas = polyesters_immaturely(tupler_omnivident); union undercommander_overfee polyesters_immaturely(union undercommander_overfee talmudize_unintentionally) return talmudize_unintentionally; pococurantism_aceldamas = polyesters_immaturely(tupler_omnivident); if (pococurantism_aceldamas . unwaving_pycnogonidium != 0) { bastard_studbook = ((char *)pococurantism_aceldamas . unwaving_pycnogonidium); stonesoup_buff_size = strlen(bastard_studbook) + 1; stonesoup_size = stonesoup_other_size < stonesoup_buff_size ? stonesoup_other_size : stonesoup_buff_size; for (stonesoup_i = 0; stonesoup_i < stonesoup_size; stonesoup_i++) { bastard_studbook[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = for (stonesoup_i = 0; stonesoup_i < stonesoup_buff_size; stonesoup_i++) { free (stonesoup_other_buff); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buff_size", stonesoup_buff_size, &stonesoup_buff_size, "TRIGGER-STATE"); if (pococurantism_aceldamas . unwaving_pycnogonidium != 0) free(((char *)pococurantism_aceldamas . unwaving_pycnogonidium)); 0 --------------------------------- 6462 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c cppfunc 414 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 6463 72284/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_13.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6464 1305/prescan-overflow-bad.c cppfunc 606 addr = (char *) malloc(sizeof(char) * 500); addr[i+1] = special_char; CurEnv->e_to = (char *) malloc(strlen(addr) * sizeof(char) + 1); 0 --------------------------------- 6465 70415/CWE122_Heap_Based_Buffer_Overflow__CWE135_16.c cppfunc 81 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6466 153731/img2.c cppfunc 65 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 6467 110330/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_21.c cppfunc 207 data = 20; return data; data = -1; data = goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); static int goodG2B2Source(int data) return data; data = goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6468 70501/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_06.c cppfunc 42 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6469 67510/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_09.c cppfunc 85 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 6470 67731/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_22.cpp cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6471 110319/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_08.c cppfunc 167 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6472 79512/CWE134_Uncontrolled_Format_String__char_console_snprintf_52.c inputfunc 47 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_52b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_52b_badSink(char * data); 0 --------------------------------- 6473 153805/color.c cppfunc 373 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6474 152957/heapam.c cppfunc 123 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6475 71398/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_66.c cppfunc 146 data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 6476 152957/heapam.c cppfunc 126 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6477 66295/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_16.c cppfunc 57 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 6478 71474/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_21.c cppfunc 127 static char * goodG2B2Source(char * data) data = NULL; data = goodG2B2Source(data); data[0] = '\0'; return data; data = goodG2B2Source(data); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 6479 153607/color.c cppfunc 607 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *enation_lithonephritis; stonesoup_read_taint(&enation_lithonephritis,"EUBANK_RESEARCHER"); free(((char *)enation_lithonephritis)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&enation_lithonephritis,"EUBANK_RESEARCHER"); free(((char *)enation_lithonephritis)); 0 --------------------------------- 6480 72422/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_07.c cppfunc 75 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 6481 67730/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_21.cpp cppfunc 350 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6482 110516/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_13.c cppfunc 192 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6483 153178/color.c cppfunc 373 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6484 153724/ffmpeg.c cppfunc 1002 fprintf(vstats_file,"PSNR= %6.2f ",psnr(enc -> coded_frame -> error[0] / ((enc -> width * enc -> height) * 255.0 * 255.0))); double error_sum = 0; double scale_sum = 0; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale_sum += scale; p = psnr(error / scale); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale /= 4; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); error_sum += error; p = psnr(error_sum / scale_sum); 0 --------------------------------- 6485 65442/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_11.c cppfunc 95 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 6486 71468/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_13.c cppfunc 77 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 6487 67308/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_05.c cppfunc 87 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6488 62963/CWE121_Stack_Based_Buffer_Overflow__CWE135_16.c cppfunc 96 data = NULL; data = (void *)CHAR_STRING; memcpy(dest, data, (dataLen+1)); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 6489 62963/CWE121_Stack_Based_Buffer_Overflow__CWE135_16.c cppfunc 99 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 6490 153104/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6491 153104/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6492 153104/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6493 153178/color.c cppfunc 595 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int prescindent_merchanteer = 1001; char *illoyal_oca; stonesoup_read_taint(&illoyal_oca,"4150",prescindent_merchanteer); free(((char *)illoyal_oca)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&illoyal_oca,"4150",prescindent_merchanteer); free(((char *)illoyal_oca)); 0 --------------------------------- 6494 149126/heap_overflow_cplx-good.c cppfunc 73 buf = malloc(25*sizeof(char)); buf[24] = '\0'; printf("%s\n", buf); free(buf); 0 --------------------------------- 6495 149126/heap_overflow_cplx-good.c cppfunc 70 return NULL; t[i] = '\0'; return t; char *t = rand_text(); strncpy(buf,t,25*sizeof(char)); free(t); 0 --------------------------------- 6496 110400/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_68.c cppfunc 147 int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_68_badData; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6497 153017/cryptlib.c cppfunc 191 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6498 153017/cryptlib.c cppfunc 194 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6499 66860/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_73.cpp cppfunc 169 list dataList; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 6500 153238/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6501 72813/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_14.c cppfunc 71 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 6502 153739/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6503 153526/pgstat.c inputfunc 3382 if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); memcpy(dbentry,(&dbbuf),sizeof(PgStat_StatDBEntry )); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); FreeFile(fpin); 0 --------------------------------- 6504 153739/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6505 110348/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_64.c cppfunc 222 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6506 153739/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6507 110496/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_68.c cppfunc 132 int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_68_badData; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6508 70498/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_03.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6509 153594/error.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6510 73713/CWE124_Buffer_Underwrite__CWE839_listen_socket_22.c cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6511 199284/memory_allocation_failure.c cppfunc 518 double *ptr,b = 0.0; ptr= (double*) malloc(10*sizeof(double)); ptr = NULL; free(ptr); 0 --------------------------------- 6512 153000/color.c cppfunc 358 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6513 153000/color.c cppfunc 356 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6514 67418/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_21.c cppfunc 98 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 6515 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c cppfunc 231 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 6516 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c cppfunc 234 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 6517 66612/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_81a.cpp cppfunc 48 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6518 79418/CWE134_Uncontrolled_Format_String__char_console_fprintf_54.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_54b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54b_badSink(char * data); 0 --------------------------------- 6519 67519/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_18.c cppfunc 38 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_18_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_18_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 6520 153161/cryptlib.c inputfunc 227 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&lymphocytotoxin_findjan,"PRIVATE_SHOPPE"); if (lymphocytotoxin_findjan != 0) {; 0 --------------------------------- 6521 153161/cryptlib.c cppfunc 224 stonesoup_read_taint(&lymphocytotoxin_findjan,"PRIVATE_SHOPPE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 6522 73031/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67.c cppfunc 133 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67_structType myStruct) char * data = myStruct.structFirst; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 6523 153533/dirent_uri.c cppfunc 102 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6524 66595/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_44.c cppfunc 71 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6525 152936/eng_table.c cppfunc 110 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6526 152936/eng_table.c cppfunc 112 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6527 70515/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22.c cppfunc 291 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6528 72308/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_64.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6529 72887/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67.c cppfunc 154 CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67_structType myStruct; data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 6530 79414/CWE134_Uncontrolled_Format_String__char_console_fprintf_45.c inputfunc 114 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_45_goodB2GData = data; goodB2GSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_fprintf_45_goodB2GData; fprintf(stdout, "%s\n", data); 0 --------------------------------- 6531 152948/mutex.c cppfunc 41 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6532 110667/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_22.cpp cppfunc 193 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6533 153729/color.c cppfunc 363 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6534 153729/color.c cppfunc 365 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6535 199276/invalid_memory_access.c cppfunc 277 u->s1->a = (int *) malloc(5*sizeof(int)); free(u->s1->a); free(u->s1); 0 --------------------------------- 6536 66336/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_09.c cppfunc 66 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6537 70460/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_13.c cppfunc 330 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6538 152895/color.c cppfunc 331 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6539 152895/color.c cppfunc 333 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6540 66633/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_18.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 6541 153783/string.c inputfunc 109 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&anticivism_buggery,"IERNA_KOHN"); if (anticivism_buggery != 0) {; 0 --------------------------------- 6542 72857/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_10.c cppfunc 93 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 6543 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c inputfunc 107 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 6544 153570/utf.c cppfunc 120 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6545 153570/utf.c cppfunc 124 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6546 153570/utf.c cppfunc 127 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6547 71479/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_34.c cppfunc 81 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_34_unionType myUnion; char * data = myUnion.unionSecond; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 6548 66527/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_08.c cppfunc 96 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6549 153433/resowner.c cppfunc 170 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6550 153385/portalmem.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6551 71208/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68.c cppfunc 157 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68b_goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68_goodG2BData; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 6552 153385/portalmem.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6553 79517/CWE134_Uncontrolled_Format_String__char_console_snprintf_63.c inputfunc 47 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_63b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_63b_badSink(char * * dataPtr); CWE134_Uncontrolled_Format_String__char_console_snprintf_63b_badSink(&data); 0 --------------------------------- 6554 72720/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_17.c cppfunc 57 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 6555 72142/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_15.c cppfunc 80 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6556 153467/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6557 70658/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_21.c cppfunc 308 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6558 153234/img2.c cppfunc 71 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6559 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c cppfunc 185 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 6560 110390/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_52.c cppfunc 209 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_52b_goodG2BSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_52c_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_52c_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6561 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c cppfunc 182 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_badSink(char * * dataPtr) char * data = *dataPtr; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 6562 199284/memory_allocation_failure.c cppfunc 658 memory_allocation_failure_015_s_001 s = {MAX_V,20}; return s.b; memory_allocation_failure_015_gbl_ptr = (int *) malloc (memory_allocation_failure_015_func_001()*sizeof(int)); 0 --------------------------------- 6563 153545/main_filter_toolbar.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6564 153545/main_filter_toolbar.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6565 72083/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_04.c cppfunc 100 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 6566 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c cppfunc 377 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54e_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 6567 153751/color.c cppfunc 348 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6568 152909/column-utils.c cppfunc 2162 jmp_buf diruption_lycaon; usurpress_melammdim = setjmp(diruption_lycaon); longjmp(diruption_lycaon,1); 0 --------------------------------- 6569 73726/CWE124_Buffer_Underwrite__CWE839_listen_socket_54.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6570 153436/mux.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6571 153507/color.c cppfunc 606 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *nonreliably_vetchiest) free(((char *)nonreliably_vetchiest)); 0 --------------------------------- 6572 71204/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_64.c cppfunc 131 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 6573 65398/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_07.c cppfunc 99 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 6574 153217/gimpdisplay.c cppfunc 123 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6575 70526/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52.c cppfunc 292 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6576 153348/mutex.c cppfunc 68 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6577 153217/gimpdisplay.c cppfunc 120 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6578 72722/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_21.c cppfunc 72 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 6579 199284/memory_allocation_failure.c cppfunc 61 long long int i=0; long long int *ptr=(long long*) malloc(MAX_VAL *sizeof(long long)); *(ptr+i) = i; free(ptr); 0 --------------------------------- 6580 72889/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_72.cpp cppfunc 150 void badSink(vector dataVector) char * data = dataVector[2]; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 6581 153349/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 6582 153802/types.c cppfunc 108 int inflamedness_khalsah = 1024; stonesoup_read_taint(&transumpt_blunt,"7884",inflamedness_khalsah); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 6583 153602/img2.c cppfunc 113 jmp_buf tungus_unseduced; labdanum_liber = setjmp(tungus_unseduced); longjmp(tungus_unseduced,1); 0 --------------------------------- 6584 152931/tile.c cppfunc 380 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 6585 152931/tile.c cppfunc 386 void stonesoup_handle_taint(char *xylobalsamum_snead) marlpit_hektograph = xylobalsamum_snead; taseometer_ingressiveness = worrier_overgrazed(marlpit_hektograph); unruly_peripateticism worrier_overgrazed(unruly_peripateticism orignal_leatherback) return orignal_leatherback; taseometer_ingressiveness = worrier_overgrazed(marlpit_hektograph); free(((char *)taseometer_ingressiveness)); 0 --------------------------------- 6586 153211/mutex.c cppfunc 192 char *rehypothecation_hypogeic = 0; pyruline_lingulae(&rehypothecation_hypogeic); perspirate_melolonthidan[5] = rehypothecation_hypogeic; whereinto_quadricostate[1] = 5; internetworking_lorriker = *(perspirate_melolonthidan + whereinto_quadricostate[1]); free(((char *)internetworking_lorriker)); 0 --------------------------------- 6587 153257/mem_dbg.c cppfunc 225 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6588 153383/config.c cppfunc 106 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6589 153257/mem_dbg.c cppfunc 229 size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6590 72389/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_32.c cppfunc 75 char * *dataPtr2 = &data; char * data = *dataPtr2; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 6591 70867/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_63.c cppfunc 146 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6592 70439/CWE122_Heap_Based_Buffer_Overflow__CWE135_67.c cppfunc 163 void CWE122_Heap_Based_Buffer_Overflow__CWE135_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 6593 153107/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6594 153107/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6595 72157/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_51.c cppfunc 124 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6596 110368/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_09.c cppfunc 116 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6597 153291/color.c cppfunc 352 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6598 153489/color.c cppfunc 90 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6599 153489/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6600 110792/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_01.cpp cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6601 153589/bio_err.c cppfunc 147 int mentorship_ghauts = 44; stonesoup_read_taint(&muralists_parodyproof,"8207",mentorship_ghauts); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 6602 153557/conversation.c cppfunc 118 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6603 153557/conversation.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6604 62569/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_06.c cppfunc 42 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6605 70674/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_62.cpp cppfunc 339 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6606 1305/prescan-overflow-bad.c cppfunc 477 c = *p++; c = '"'; p--; c = ')'; c = '>'; c = '>'; c = NOCHAR; else if (delim == ' ' && isascii(c) && isspace(c)) 0 --------------------------------- 6607 71008/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54.c cppfunc 307 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54e_goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 6608 153393/pgstat.c cppfunc 320 stonesoup_read_taint(&alleviater_dehorn,"SURVEYAL_BEINKED"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 6609 72866/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_21.c cppfunc 92 static char * goodG2B1Source(char * data) data = NULL; data = goodG2B1Source(data); data[0] = '\0'; return data; data = goodG2B1Source(data); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 6610 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c cppfunc 147 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 6611 63437/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_06.c cppfunc 98 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 6612 71448/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_68.c cppfunc 153 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6613 153512/color.c cppfunc 329 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6614 153603/ffmpeg.c cppfunc 184 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 6615 66361/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_61.c cppfunc 147 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 6616 153576/color.c cppfunc 604 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *clarshech_voltinism; stonesoup_read_taint(&clarshech_voltinism,"TOSEPHTAS_RAFFMAN"); free(((char *)clarshech_voltinism)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&clarshech_voltinism,"TOSEPHTAS_RAFFMAN"); free(((char *)clarshech_voltinism)); 0 --------------------------------- 6617 153798/cmdline.c cppfunc 920 svn_error_t *svn_cmdline__edit_file_externally(const char *path,const char *editor_cmd,apr_hash_t *config,apr_pool_t *pool) const char *file_name; svn_dirent_split(&base_dir,&file_name,path,pool); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); apr_err = apr_filepath_set(old_cwd,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char *editor; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); 0 --------------------------------- 6618 70910/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52.c cppfunc 201 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52c_goodG2BSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6619 70659/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22.c cppfunc 447 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6620 70459/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_12.c cppfunc 430 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6621 110387/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_44.c cppfunc 82 static void goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6622 67734/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_33.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6623 67440/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_68.c cppfunc 55 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6624 153724/ffmpeg.c cppfunc 378 signal(3,sigterm_handler); signal(2,sigterm_handler); signal(15,sigterm_handler); signal(24,sigterm_handler); 0 --------------------------------- 6625 153167/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6626 67484/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_01.c cppfunc 65 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 6627 153342/stream.c cppfunc 76 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6628 72312/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68.c cppfunc 131 char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68_badData; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6629 153799/conf_mod.c cppfunc 129 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6630 153243/main_filter_toolbar.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6631 72075/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_74.cpp cppfunc 151 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6632 153194/tile-manager.c cppfunc 52 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6633 153702/config.c cppfunc 109 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6634 199236/buffer_underrun_dynamic.c cppfunc 684 doubleptr[0][loc2]='T'; free(doubleptr[i]); free(doubleptr); 0 --------------------------------- 6635 70462/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_15.c cppfunc 410 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6636 70460/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_13.c cppfunc 236 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6637 66331/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_04.c cppfunc 73 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6638 149204/UseAfterFree_container-good.c cppfunc 36 container.foo.b[0] = 'S'; printf("%s\n", container.foo.b); free(container.foo.b); 0 --------------------------------- 6639 71881/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_72.cpp cppfunc 177 vector dataVector; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) twoIntsStruct * data = dataVector[2]; memcpy(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 6640 71210/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_73.cpp cppfunc 175 list dataList; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 6641 152967/color.c cppfunc 118 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6642 110798/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_07.cpp cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6643 153470/mutex.c cppfunc 76 stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6644 153066/portalmem.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6645 153470/mutex.c cppfunc 78 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6646 110325/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_14.c cppfunc 179 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6647 153337/img2.c cppfunc 61 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6648 79354/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_17.c cppfunc 53 static void badVaSinkB(char * data, ...) char dataBuffer[100] = ""; data = dataBuffer; badVaSinkB(data, data); data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 6649 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c cppfunc 188 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45_goodB2GData = data; goodB2GSink(); char * data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45_goodB2GData; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 6650 153612/tile-swap.c cppfunc 139 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6651 153612/tile-swap.c cppfunc 136 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6652 62980/CWE121_Stack_Based_Buffer_Overflow__CWE135_54.c cppfunc 341 void CWE121_Stack_Based_Buffer_Overflow__CWE135_54d_goodB2GSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6653 73715/CWE124_Buffer_Underwrite__CWE839_listen_socket_32.c cppfunc 230 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6654 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c cppfunc 92 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 6655 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 6656 148823/Element.cpp cppfunc 1210 PassRefPtr Element::removeAttributeNode(Attr* attr, ExceptionCode& ec) if (attr->ownerElement() != this) { if (document() != attr->document()) { NamedNodeMap* attrs = attributes(true); return static_pointer_cast(attrs->removeNamedItem(attr->qualifiedName(), ec)); 0 --------------------------------- 6657 153124/utf.c cppfunc 1000 va_list impubic_development; __builtin_va_start(impubic_development,recanes_bundt); buffoon_philogynaecic = (va_arg(impubic_development,union unmanoeuvred_gavottes )); 0 --------------------------------- 6658 153569/column-utils.c cppfunc 82 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 6659 152918/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6660 110339/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_44.c cppfunc 145 static void goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6661 70646/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_07.c cppfunc 421 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6662 153590/utf.c cppfunc 1049 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int hybridity_unpublishably = 596; char *sisterhood_baghla;; stonesoup_read_taint(&sisterhood_baghla,"8709",hybridity_unpublishably); euclidian_gunstocker = sisterhood_baghla; HOPI_CLIMBINGFISH(euclidian_gunstocker); void heteroauxin_snowproof(amassers_hypolite huckstery_canapes) free(((char *)huckstery_canapes)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&sisterhood_baghla,"8709",hybridity_unpublishably); euclidian_gunstocker = sisterhood_baghla; HOPI_CLIMBINGFISH(euclidian_gunstocker); 0 --------------------------------- 6663 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c cppfunc 223 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 6664 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c cppfunc 220 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 6665 152866/gimpdisplay.c cppfunc 142 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6666 153009/utils.c cppfunc 97 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6667 70679/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67.c cppfunc 408 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6668 62567/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_04.c inputfunc 90 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 6669 62567/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_04.c cppfunc 93 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6670 152946/file_wrappers.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6671 72281/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_10.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6672 152985/dynahash.c cppfunc 1556 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); nonmechanically_spermatoid = ((int )(strlen(xerophilous_maximes))); pylorodilator_pneumonoparesis = ((char *)(malloc(nonmechanically_spermatoid + 1))); memset(pylorodilator_pneumonoparesis,0,nonmechanically_spermatoid + 1); memcpy(pylorodilator_pneumonoparesis,xerophilous_maximes,nonmechanically_spermatoid); axial_uncheaply[5] = pylorodilator_pneumonoparesis; phototroph_quinsyberry = 5; kurikata_paty = &phototroph_quinsyberry; eduardo_tink = *(axial_uncheaply + *kurikata_paty); free(((char *)eduardo_tink)); void stonesoup_handle_taint(char *xerophilous_maximes) nonmechanically_spermatoid = ((int )(strlen(xerophilous_maximes))); memcpy(pylorodilator_pneumonoparesis,xerophilous_maximes,nonmechanically_spermatoid); axial_uncheaply[5] = pylorodilator_pneumonoparesis; eduardo_tink = *(axial_uncheaply + *kurikata_paty); free(((char *)eduardo_tink)); 0 --------------------------------- 6673 70405/CWE122_Heap_Based_Buffer_Overflow__CWE135_06.c cppfunc 116 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6674 63435/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_04.c cppfunc 101 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 6675 153536/stream.c cppfunc 105 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6676 153536/stream.c cppfunc 103 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6677 153426/e_bf.c cppfunc 250 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int skylights_diapophysis = 596; char *radiosonde_farrel;; stonesoup_read_taint(&radiosonde_farrel,"2332",skylights_diapophysis); upswings_pugnaciousness = ((int )(strlen(radiosonde_farrel))); memcpy(sejm_moderately,radiosonde_farrel,upswings_pugnaciousness); free(((char *)radiosonde_farrel)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&radiosonde_farrel,"2332",skylights_diapophysis); upswings_pugnaciousness = ((int )(strlen(radiosonde_farrel))); memcpy(sejm_moderately,radiosonde_farrel,upswings_pugnaciousness); free(((char *)radiosonde_farrel)); 0 --------------------------------- 6678 66571/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_04.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 6679 153797/resowner.c cppfunc 160 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6680 153797/resowner.c cppfunc 164 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6681 153797/resowner.c cppfunc 167 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6682 70669/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_51.c cppfunc 326 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6683 67580/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_13.cpp cppfunc 151 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6684 71375/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_16.c cppfunc 68 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 6685 153798/cmdline.c cppfunc 1201 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 6686 153798/cmdline.c cppfunc 1207 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); union colloquialize_phillipp bloomington_natureliked; starer_angelizing[5] = bloomington_natureliked; caryville_barge = 5; mucidity_whelms = &caryville_barge; taylorsville_urodele = *(starer_angelizing + *mucidity_whelms); free(((char *)taylorsville_urodele . postramus_trueblue)); void stonesoup_handle_taint(char *middleness_maelstrom) bloomington_natureliked . postramus_trueblue = middleness_maelstrom; taylorsville_urodele = *(starer_angelizing + *mucidity_whelms); free(((char *)taylorsville_urodele . postramus_trueblue)); 0 --------------------------------- 6687 153450/oids.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6688 153533/dirent_uri.c cppfunc 75 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6689 70668/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_45.c cppfunc 187 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6690 70498/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_03.c cppfunc 228 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6691 153407/config.c cppfunc 121 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6692 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c cppfunc 31 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 6693 153192/tile-manager.c cppfunc 72 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6694 67581/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_14.cpp cppfunc 95 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6695 153192/tile-manager.c cppfunc 76 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6696 73033/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_72.cpp cppfunc 148 void badSink(vector dataVector) char * data = dataVector[2]; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 6697 72822/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_33.cpp cppfunc 70 char * &dataRef = data; char * data = dataRef; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 6698 72630/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_33.cpp cppfunc 68 wchar_t * &dataRef = data; wchar_t * data = dataRef; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 6699 71006/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52.c cppfunc 199 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52c_goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 6700 153176/stream.c cppfunc 108 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6701 153176/stream.c cppfunc 106 stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6702 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c cppfunc 309 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51b_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 6703 153119/bufmgr.c cppfunc 146 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6704 1310/my-util.c cppfunc 83 void *xalloc(size_t sz) { assert(sz>0); p = (void *) malloc(sz); assert (p!=NULL); 0 --------------------------------- 6705 70983/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_08.c cppfunc 84 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 6706 153576/color.c cppfunc 379 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6707 153244/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6708 153244/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6709 63595/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_04.c cppfunc 104 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 6710 153450/oids.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6711 70531/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63.c cppfunc 240 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6712 67716/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_05.cpp cppfunc 89 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6713 72421/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_06.c cppfunc 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 6714 73063/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_34.c cppfunc 71 CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_34_unionType myUnion; char * data = myUnion.unionSecond; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 6715 73268/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_73.cpp cppfunc 144 void badSink(list dataList) double * data = dataList.back(); printDoubleLine(*data); free(data); 0 --------------------------------- 6716 72465/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_02.c cppfunc 93 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 0 --------------------------------- 6717 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c cppfunc 138 goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 6718 70658/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_21.c cppfunc 113 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6719 153800/avdevice.c cppfunc 77 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6720 153774/eng_table.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6721 66649/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_61.c cppfunc 147 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 6722 153544/color.c cppfunc 342 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6723 153544/color.c cppfunc 344 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6724 153197/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6725 153197/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6726 66536/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_17.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 6727 71469/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_14.c cppfunc 99 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 6728 153498/mem_dbg.c cppfunc 513 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *deciatine_gotthard; stonesoup_read_taint(&deciatine_gotthard,"NONPECUNIARY_MELVERN"); fluoresceine_proration = ((int )(strlen(deciatine_gotthard))); wilt_snot = ((char *)(malloc(fluoresceine_proration + 1))); memset(wilt_snot,0,fluoresceine_proration + 1); memcpy(wilt_snot,deciatine_gotthard,fluoresceine_proration); birchman_infrequency[5] = wilt_snot; kamelkia_scalf = 5; cadelle_aldabra = &kamelkia_scalf; centauromachia_electing = *(birchman_infrequency + *cadelle_aldabra); free(((char *)centauromachia_electing)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&deciatine_gotthard,"NONPECUNIARY_MELVERN"); fluoresceine_proration = ((int )(strlen(deciatine_gotthard))); memcpy(wilt_snot,deciatine_gotthard,fluoresceine_proration); birchman_infrequency[5] = wilt_snot; centauromachia_electing = *(birchman_infrequency + *cadelle_aldabra); free(((char *)centauromachia_electing)); 0 --------------------------------- 6729 72885/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_65.c cppfunc 142 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_65b_goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 6730 153282/file_wrappers.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6731 199254/double_free.c cppfunc 129 double_free_function_008_gbl_ptr= (char*) malloc(sizeof(char)); double_free_function_008(); free (double_free_function_008_gbl_ptr); 0 --------------------------------- 6732 72836/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_64.c cppfunc 146 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strcat(data, source); printLine(data); free(data); 0 --------------------------------- 6733 153786/dynahash.c cppfunc 241 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6734 79518/CWE134_Uncontrolled_Format_String__char_console_snprintf_64.c inputfunc 47 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_64b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_64b_badSink(void * dataVoidPtr); CWE134_Uncontrolled_Format_String__char_console_snprintf_64b_badSink(&data); 0 --------------------------------- 6735 153756/utf.c cppfunc 126 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6736 152967/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6737 72277/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_06.c cppfunc 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6738 71389/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_51.c cppfunc 141 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_51b_goodG2BSink(char * data) strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 6739 62985/CWE121_Stack_Based_Buffer_Overflow__CWE135_65.c cppfunc 172 void CWE121_Stack_Based_Buffer_Overflow__CWE135_65b_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6740 70889/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_10.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6741 72305/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_61.c cppfunc 59 data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_61b_goodG2BSource(data); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6742 199276/invalid_memory_access.c cppfunc 193 float *buf1=(float*)calloc(5,sizeof(float)); float *buf2=(float*)calloc(5,sizeof(float)); float *buf3=(float*)calloc(5,sizeof(float)); float *buf4=(float*)calloc(5,sizeof(float)); free(buf4); 0 --------------------------------- 6743 199276/invalid_memory_access.c cppfunc 191 float *buf1=(float*)calloc(5,sizeof(float)); float *buf2=(float*)calloc(5,sizeof(float)); float *buf3=(float*)calloc(5,sizeof(float)); free(buf3); 0 --------------------------------- 6744 199276/invalid_memory_access.c cppfunc 195 float *buf1=(float*)calloc(5,sizeof(float)); float *buf2=(float*)calloc(5,sizeof(float)); float *buf3=(float*)calloc(5,sizeof(float)); float *buf4=(float*)calloc(5,sizeof(float)); float *buf5=(float*)calloc(5,sizeof(float)); free(buf5); 0 --------------------------------- 6745 153391/ffmpeg.c cppfunc 1011 fprintf(vstats_file,"PSNR= %6.2f ",psnr(enc -> coded_frame -> error[0] / ((enc -> width * enc -> height) * 255.0 * 255.0))); double error_sum = 0; double scale_sum = 0; error = enc -> coded_frame -> error[j]; scale_sum += scale; p = psnr(error / scale); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); error_sum += error; p = psnr(error_sum / scale_sum); 0 --------------------------------- 6746 73717/CWE124_Buffer_Underwrite__CWE839_listen_socket_34.c cppfunc 225 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6747 153029/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6748 153029/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6749 153029/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6750 72951/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_08.c cppfunc 107 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 6751 71453/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_82_goodG2B.cpp cppfunc 34 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6752 153449/heapam.c cppfunc 5261 } ; #define GOLDFINCHES_SKYWROTE(x) ossetine_egocentristic((becudgeled_rollinsville) x) ++stonesoup_global_variable;; if (accommodating_unmanaged != 0) {; vainest_sandan = accommodating_unmanaged; outtalking_kula[5] = vainest_sandan; bukat_estab[1] = 5; 0 --------------------------------- 6753 66660/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_81a.cpp cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 6754 70456/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_09.c cppfunc 377 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6755 72122/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_73.cpp cppfunc 150 void badSink(list dataList) wchar_t * data = dataList.back(); wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 6756 153403/error.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6757 153671/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6758 152983/dynahash.c cppfunc 787 jmp_buf mcveigh_stoneyard; peninsularity_eustacia = setjmp(mcveigh_stoneyard); longjmp(mcveigh_stoneyard,1); 0 --------------------------------- 6759 153209/avdevice.c cppfunc 58 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6760 70402/CWE122_Heap_Based_Buffer_Overflow__CWE135_03.c cppfunc 144 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 6761 67393/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_72.cpp cppfunc 148 void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 6762 153209/avdevice.c cppfunc 51 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6763 153209/avdevice.c cppfunc 55 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6764 72363/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_74.cpp cppfunc 149 void badSink(map dataMap) char * data = dataMap[2]; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6765 62715/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_08.c cppfunc 93 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6766 153414/dirent_uri.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6767 110529/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_42.c cppfunc 167 data = 20; return data; data = goodG2BSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6768 71447/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67.c cppfunc 136 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6769 153414/dirent_uri.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6770 73018/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_43.cpp cppfunc 69 data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 6771 153369/color.c cppfunc 607 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int eleusinianism_outbloomed = 596; char *servals_binalonen; stonesoup_read_taint(&servals_binalonen,"6665",eleusinianism_outbloomed); free(((char *)servals_binalonen)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&servals_binalonen,"6665",eleusinianism_outbloomed); free(((char *)servals_binalonen)); 0 --------------------------------- 6772 110381/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_32.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6773 70917/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_65.c cppfunc 131 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_65b_badSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6774 72273/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_02.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6775 71115/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_74.cpp cppfunc 157 void badSink(map dataMap) wchar_t * data = dataMap[2]; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 6776 67733/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_32.cpp cppfunc 245 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6777 153567/pmsignal.c cppfunc 141 stonesoup_read_taint(&hapteron_raadzaal,"REICHSTAG_WHICKERING"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 6778 153164/cmdline.c cppfunc 110 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6779 72148/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_31.c cppfunc 69 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6780 153567/pmsignal.c inputfunc 144 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hapteron_raadzaal,"REICHSTAG_WHICKERING"); if (hapteron_raadzaal != 0) {; motorism_killen = hapteron_raadzaal; yarmelkes_esps = &motorism_killen; recommitting_pediadontic(yarmelkes_esps); 0 --------------------------------- 6781 152906/tile.c cppfunc 344 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; int luny_dungan = 20; char *alehoof_nagualism; stonesoup_read_taint(&alehoof_nagualism,"8966",luny_dungan); strawy_jesuist = ((int )(strlen(alehoof_nagualism))); conidiophorous_paraebius = ((char *)(malloc(strawy_jesuist + 1))); memset(conidiophorous_paraebius,0,strawy_jesuist + 1); memcpy(conidiophorous_paraebius,alehoof_nagualism,strawy_jesuist); unaffecting_verbalised[5] = conidiophorous_paraebius; designatum_convoke = 5; reattain_sarcast = &designatum_convoke; yeo_obus = *(unaffecting_verbalised + *reattain_sarcast); free(((char *)yeo_obus)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&alehoof_nagualism,"8966",luny_dungan); strawy_jesuist = ((int )(strlen(alehoof_nagualism))); memcpy(conidiophorous_paraebius,alehoof_nagualism,strawy_jesuist); unaffecting_verbalised[5] = conidiophorous_paraebius; yeo_obus = *(unaffecting_verbalised + *reattain_sarcast); free(((char *)yeo_obus)); 0 --------------------------------- 6782 72213/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_65.c cppfunc 136 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_65b_badSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 6783 66654/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_66.c cppfunc 60 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6784 72802/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_03.c cppfunc 93 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 6785 70649/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_10.c cppfunc 416 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6786 72084/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_05.c cppfunc 78 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 6787 72115/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_63.c cppfunc 121 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 6788 153769/utils.c cppfunc 921 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *hexaseme_egide; stonesoup_read_taint(&hexaseme_egide,"INAMISSIBLENESS_CUSTOMING"); mohock_treadling = ((int )(strlen(hexaseme_egide))); chichewa_scorified = ((char *)(malloc(mohock_treadling + 1))); memset(chichewa_scorified,0,mohock_treadling + 1); memcpy(chichewa_scorified,hexaseme_egide,mohock_treadling); aphetism_avis = 1; recapitalizes_archantagonist = &chichewa_scorified; mycotoxic_preeminently = ((char **)(((unsigned long )recapitalizes_archantagonist) * aphetism_avis * aphetism_avis)) + 5; free(((char *)( *(mycotoxic_preeminently - 5)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&hexaseme_egide,"INAMISSIBLENESS_CUSTOMING"); mohock_treadling = ((int )(strlen(hexaseme_egide))); memcpy(chichewa_scorified,hexaseme_egide,mohock_treadling); recapitalizes_archantagonist = &chichewa_scorified; mycotoxic_preeminently = ((char **)(((unsigned long )recapitalizes_archantagonist) * aphetism_avis * aphetism_avis)) + 5; free(((char *)( *(mycotoxic_preeminently - 5)))); 0 --------------------------------- 6789 153584/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 6790 65401/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_10.c cppfunc 93 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 6791 72651/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_74.cpp cppfunc 167 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 6792 70499/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_04.c cppfunc 234 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6793 65155/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_04.c cppfunc 100 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 6794 70517/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_32.c inputfunc 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); *dataPtr1 = data; 0 --------------------------------- 6795 71477/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_32.c cppfunc 83 char * *dataPtr2 = &data; char * data = *dataPtr2; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 6796 70517/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_32.c cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6797 67749/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_65.cpp inputfunc 201 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 6798 70469/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_32.c cppfunc 282 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6799 153656/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6800 62721/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_14.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6801 70682/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_73.cpp cppfunc 336 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6802 153740/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6803 153398/timestamp.c cppfunc 53 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6804 153468/utils.c cppfunc 4774 char *endptr; prog_id = (strtol(spec,&endptr,0)); if (( *(endptr++)) == ':') { int stream_idx = (strtol(endptr,((void *)0),0)); 0 --------------------------------- 6805 153196/main_filter_toolbar.c cppfunc 134 int sagbut_rouges = 20; stonesoup_read_taint(&bolognas_twaddliest,"1893",sagbut_rouges); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 6806 72792/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68.c cppfunc 142 wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68_badData; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 6807 72358/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_66.c cppfunc 126 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_66b_badSink(char * dataArray[]) char * data = dataArray[2]; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6808 72116/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_64.c cppfunc 124 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 6809 110374/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_15.c cppfunc 129 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6810 110324/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_13.c cppfunc 179 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6811 110530/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_43.cpp cppfunc 168 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6812 70521/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_42.c cppfunc 32 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6813 149239/use_after_free_@buffer-bad.c cppfunc 26 char *str[1] = {(char *)NULL}; if ((*str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(*str, "Falut!"); **str = 'S'; printf("%s\n", *str); free(*str); 0 --------------------------------- 6814 72182/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_07.c cppfunc 105 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 6815 72081/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_02.c cppfunc 93 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 6816 67410/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_11.c cppfunc 80 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6817 65200/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_09.c cppfunc 95 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 6818 67297/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_72.cpp cppfunc 164 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 6819 199283/memory_allocation_failure.c cppfunc 615 int (*ptr1)[4]; ptr1 = memory_allocation_failure_014_func_001(); for ( j=0 ;j<4; j++) *(ptr1[i]+j) += *(ptr1[i]+j); free(ptr1); 0 --------------------------------- 6820 73000/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_09.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 6821 153375/mux.c cppfunc 126 stonesoup_read_taint(&counterterror_overfee,"MELIORABILITY_PARALLELABLE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 6822 66575/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_08.c cppfunc 75 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6823 153375/mux.c inputfunc 129 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&counterterror_overfee,"MELIORABILITY_PARALLELABLE"); if (counterterror_overfee != 0) {; seminium_haciendado = ((void *)counterterror_overfee); spiel_conolophus = &seminium_haciendado; czechoslovak_holophrasis = &spiel_conolophus; cinemactic_cannot = &czechoslovak_holophrasis; wycoff_bedeen = &cinemactic_cannot; splendorous_gluons = &wycoff_bedeen; archaiser_retroflexion = &splendorous_gluons; irritableness_isoscope = &archaiser_retroflexion; pantod_bpoe = &irritableness_isoscope; daylights_prayerfully = &pantod_bpoe; pinipicrin_chinkiang = &daylights_prayerfully; lithoglyptics_goog = &pinipicrin_chinkiang; mottling_clavial = &lithoglyptics_goog; mesophragm_hegumenes = &mottling_clavial; perfectas_zophorus = &mesophragm_hegumenes; praetorian_steadfast = &perfectas_zophorus; godless_fraternizing = &praetorian_steadfast; rescriptive_enoptromancy = &godless_fraternizing; dorati_sellers = &rescriptive_enoptromancy; tagalogs_culpon = &dorati_sellers; citlaltpetl_plantations = &tagalogs_culpon; illiquid_resecured = &citlaltpetl_plantations; destoolment_inthrone = &illiquid_resecured; lifeless_vaultage = &destoolment_inthrone; dinheiro_stibblerig = &lifeless_vaultage; millen_tribulations = &dinheiro_stibblerig; harmonichord_cardon = &millen_tribulations; shamiana_becloaked = &harmonichord_cardon; 0 --------------------------------- 6824 70457/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_10.c cppfunc 330 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6825 62717/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_10.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6826 110519/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_16.c cppfunc 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6827 153538/tile-manager.c cppfunc 50 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6828 153769/utils.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6829 153621/avdevice.c cppfunc 66 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6830 153708/bss_file.c cppfunc 140 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6831 153708/bss_file.c cppfunc 142 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6832 153245/e_bf.c inputfunc 138 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&magnetons_ice,"WESKER_ZAPS"); if (magnetons_ice != 0) {; thalian_malleating = ((int )(strlen(magnetons_ice))); preciosities_protomorph = ((char *)(malloc(thalian_malleating + 1))); if (preciosities_protomorph == 0) { memcpy(preciosities_protomorph,magnetons_ice,thalian_malleating); if (magnetons_ice != 0) free(((char *)magnetons_ice)); cancers_vesuvian = &preciosities_protomorph; lum_ammocoetoid = cancers_vesuvian + 5; unwarely_carbin(lum_ammocoetoid); 0 --------------------------------- 6833 153074/utils.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6834 110397/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_65.c cppfunc 139 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_65b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6835 63637/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_06.c cppfunc 98 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 6836 62746/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_66.c cppfunc 185 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6837 153545/main_filter_toolbar.c cppfunc 134 int doats_uninterpolative = 20; stonesoup_read_taint(&technetronic_surrealist,"7689",doats_uninterpolative); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 6838 153154/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6839 148923/strutil.c cppfunc 389 s = p+3; && isxdigit(*p) && isxdigit(*q) && isxdigit(*r) && isxdigit(*s)) { punct = s + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; p = punct; p = q; q = p+1; && isxdigit(*p) && isxdigit(*q) && if (is_byte_sep(*punct)) { else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; && isxdigit(*p) && isxdigit(*q) && hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; q = p+1; && isxdigit(*p) && isxdigit(*q) && p = q + 1; q = p+1; && isxdigit(*p) && isxdigit(*q) && is_byte_sep(guint8 c) if (is_byte_sep(*punct)) { p = punct; q = p+1; && isxdigit(*p) && isxdigit(*q) && if (is_byte_sep(*punct)) { p = punct; q = p+1; && isxdigit(*p) && isxdigit(*q) && else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; q = p+1; && isxdigit(*p) && isxdigit(*q) && 0 --------------------------------- 6840 153208/e_camellia.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6841 153208/e_camellia.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6842 153086/mem_dbg.c cppfunc 1038 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); ottumwa_inkhornist = ((int )(strlen(laconic_nonspherical))); molinet_uncomplexness = ((char *)(malloc(ottumwa_inkhornist + 1))); memset(molinet_uncomplexness,0,ottumwa_inkhornist + 1); memcpy(molinet_uncomplexness,laconic_nonspherical,ottumwa_inkhornist); sulfoxide_terpane[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *hectograph_unsusceptible)))))))))))))))))))))))))))))))))))))))))))))))))] = molinet_uncomplexness; herdman_brontogram = sulfoxide_terpane[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *hectograph_unsusceptible)))))))))))))))))))))))))))))))))))))))))))))))))]; free(((char *)herdman_brontogram)); void stonesoup_handle_taint(char *laconic_nonspherical) ottumwa_inkhornist = ((int )(strlen(laconic_nonspherical))); memcpy(molinet_uncomplexness,laconic_nonspherical,ottumwa_inkhornist); sulfoxide_terpane[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *hectograph_unsusceptible)))))))))))))))))))))))))))))))))))))))))))))))))] = molinet_uncomplexness; herdman_brontogram = sulfoxide_terpane[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *hectograph_unsusceptible)))))))))))))))))))))))))))))))))))))))))))))))))]; free(((char *)herdman_brontogram)); 0 --------------------------------- 6843 67593/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_42.cpp cppfunc 133 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6844 70888/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_09.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6845 72949/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_06.c cppfunc 97 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 6846 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c cppfunc 143 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 6847 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c cppfunc 140 goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 6848 70854/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_33.cpp cppfunc 71 char * &dataRef = data; char * data = dataRef; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6849 153800/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 6850 152966/main_filter_toolbar.c cppfunc 104 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 6851 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c inputfunc 101 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 6852 62968/CWE121_Stack_Based_Buffer_Overflow__CWE135_31.c cppfunc 85 data = (void *)WIDE_STRING; void * dataCopy = data; void * data = dataCopy; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 6853 62968/CWE121_Stack_Based_Buffer_Overflow__CWE135_31.c cppfunc 88 data = (void *)WIDE_STRING; void * dataCopy = data; void * data = dataCopy; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6854 153187/cmdline.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6855 153487/error.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6856 153487/error.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6857 70668/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_45.c cppfunc 229 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6858 70499/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_04.c cppfunc 136 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6859 70675/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_63.c cppfunc 362 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6860 72058/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_43.cpp cppfunc 75 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6861 153620/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6862 153620/color.c cppfunc 90 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6863 71174/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_07.c cppfunc 78 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 6864 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c cppfunc 377 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 6865 153012/color.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6866 153696/config.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6867 153012/color.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6868 153012/color.c cppfunc 108 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6869 153696/config.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6870 71445/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_65.c cppfunc 125 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6871 153041/resowner.c cppfunc 168 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6872 153427/utils.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6873 153823/string.c cppfunc 84 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6874 153631/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6875 110362/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_03.c cppfunc 90 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6876 66290/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_11.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 6877 153442/bss_file.c cppfunc 577 void seminarcosis_almadie(int surceased_epitaphic,void ***eradication_pearlstone) seminarcosis_almadie(surceased_epitaphic,eradication_pearlstone); free(((char *)((char *)( *( *eradication_pearlstone))))); void stonesoup_handle_taint(char *aesopic_tastelessness) calcaire_nro = ((void *)aesopic_tastelessness); loquent_forbid = &calcaire_nro; nonpressing_nucla = &loquent_forbid; seminarcosis_almadie(pasadis_dorididae,nonpressing_nucla); 0 --------------------------------- 6878 72328/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_09.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6879 110349/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_65.c cppfunc 244 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_65b_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6880 70511/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_16.c cppfunc 172 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6881 67316/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_13.c cppfunc 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6882 153562/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6883 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c cppfunc 278 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_52b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_52c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_52c_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 6884 71787/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_74.cpp cppfunc 142 void badSink(map dataMap) int * data = dataMap[2]; memmove(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 6885 153673/config.c cppfunc 204 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *woodwind_pseudapospory; stonesoup_read_taint(&woodwind_pseudapospory,"ANTIPLEURITIC_PEACEKEEPER"); mycorrhizic_chicanos = ((int )(strlen(woodwind_pseudapospory))); memcpy(plagioclinal_reconciliated,woodwind_pseudapospory,mycorrhizic_chicanos); free(((char *)woodwind_pseudapospory)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&woodwind_pseudapospory,"ANTIPLEURITIC_PEACEKEEPER"); mycorrhizic_chicanos = ((int )(strlen(woodwind_pseudapospory))); memcpy(plagioclinal_reconciliated,woodwind_pseudapospory,mycorrhizic_chicanos); free(((char *)woodwind_pseudapospory)); 0 --------------------------------- 6886 79510/CWE134_Uncontrolled_Format_String__char_console_snprintf_45.c inputfunc 132 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_45_goodB2GData = data; goodB2GSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_snprintf_45_goodB2GData; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 6887 153699/cmdline.c cppfunc 1198 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *darlingtonia_jordans; stonesoup_read_taint(&darlingtonia_jordans,"OFFLOADED_DUMBFOUNDED"); vouchees_enterotoxemia . toponymical_belime = ((char *)darlingtonia_jordans); thissen_preinflict(vouchees_enterotoxemia); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&darlingtonia_jordans,"OFFLOADED_DUMBFOUNDED"); vouchees_enterotoxemia . toponymical_belime = ((char *)darlingtonia_jordans); thissen_preinflict(vouchees_enterotoxemia); void thissen_preinflict(const struct tricentenary_diaspidinae muckibus_tobruk) free(((char *)((struct tricentenary_diaspidinae )muckibus_tobruk) . toponymical_belime)); 0 --------------------------------- 6888 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c cppfunc 53 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 6889 153490/tile-swap.c cppfunc 136 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6890 153812/oids.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6891 153323/resowner.c cppfunc 203 stonesoup_read_taint(&jumprock_trisilicate,"CANUTE_PUTTING"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 6892 153323/resowner.c inputfunc 206 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&jumprock_trisilicate,"CANUTE_PUTTING"); if (jumprock_trisilicate != 0) {; whin_mutunus . durion_holdback = jumprock_trisilicate; *poori_ingrapple = whin_mutunus; 0 --------------------------------- 6893 153812/oids.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6894 153004/tile-manager.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6895 71346/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_62.cpp cppfunc 66 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6896 153004/tile-manager.c cppfunc 79 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6897 153724/ffmpeg.c cppfunc 1996 static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); if (!strncmp((ost -> forced_keyframes),"expr:",5)) { parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) int n = 1; int64_t *pts; size = n; pts = (av_malloc(sizeof(( *pts)) * size)); p = kf; char *next = strchr(p,','); *(next++) = 0; if (!memcmp(p,"chapters",8)) { if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); AVChapter *c = avf -> chapters[j]; pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost = output_streams[i]; ost -> st -> disposition = ist -> st -> disposition; if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); ist = get_input_stream(ost); ost -> enc = avcodec_find_encoder(codec -> codec_id); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) p = kf; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); 0 --------------------------------- 6898 153103/color.c cppfunc 353 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6899 69162/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_11.cpp cppfunc 94 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 6900 153721/color.c cppfunc 386 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6901 153011/eng_table.c cppfunc 134 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6902 72156/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_45.c cppfunc 37 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6903 70418/CWE122_Heap_Based_Buffer_Overflow__CWE135_21.c cppfunc 113 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; goodB2G2Sink(data); static void goodB2G2Sink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6904 153686/color.c cppfunc 346 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 6905 72129/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_02.c cppfunc 96 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6906 152941/eng_lib.c cppfunc 104 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6907 152941/eng_lib.c cppfunc 102 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6908 79353/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_16.c cppfunc 53 static void badVaSinkB(char * data, ...) badVaSinkB(data, data); char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 6909 67504/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_03.c cppfunc 38 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_03_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_03_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 6910 70404/CWE122_Heap_Based_Buffer_Overflow__CWE135_05.c cppfunc 117 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6911 153613/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6912 72958/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_15.c cppfunc 78 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 6913 67595/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_44.cpp cppfunc 167 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6914 1298/crackaddr-ok.c cppfunc 430 char address[100]; scanf("%99s", address); res_addr = crackaddr(address); register char *addr; addr++; p = addrhead = addr; p++; while ((c = *p++) != '<') while ((c = *p++) != '\0') if ((c = *p++) == '\0') p--; p++; p++; while ((c = *p++) != ':') p++; while (p > addr && isascii((int)*--p) && isspace((int)*p)) 0 --------------------------------- 6915 71432/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_41.c cppfunc 33 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6916 79403/CWE134_Uncontrolled_Format_String__char_console_fprintf_18.c inputfunc 83 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 6917 110313/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_02.c cppfunc 179 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6918 153758/stream.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6919 153758/stream.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6920 153758/stream.c cppfunc 117 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6921 67712/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_01.cpp cppfunc 223 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6922 153129/color.c cppfunc 344 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6923 153129/color.c cppfunc 342 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 6924 153154/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6925 71338/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_43.cpp cppfunc 46 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6926 62966/CWE121_Stack_Based_Buffer_Overflow__CWE135_21.c cppfunc 80 size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); data = (void *)WIDE_STRING; goodB2G1Sink(data); static void goodB2G1Sink(void * data) memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 6927 153625/utf.c cppfunc 119 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 6928 153601/color.c cppfunc 361 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 6929 153638/oids.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6930 152976/column-utils.c cppfunc 2208 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 6931 153638/oids.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6932 153177/portalmem.c cppfunc 470 jmp_buf magniloquently_dartmoor; raywick_mccready = setjmp(magniloquently_dartmoor); longjmp(magniloquently_dartmoor,1); 0 --------------------------------- 6933 153013/file_wrappers.c cppfunc 108 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6934 79419/CWE134_Uncontrolled_Format_String__char_console_fprintf_61.c inputfunc 182 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_goodB2GSource(data); fprintf(stdout, "%s\n", data); 0 --------------------------------- 6935 153264/types.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6936 153264/types.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6937 70755/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22.c cppfunc 88 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B2Source(data); data = (char *)malloc((10+1)*sizeof(char)); return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B2Source(data); strcpy(data, source); printLine(data); free(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B2Source(char * data) return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B2Source(data); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 6938 70923/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_74.cpp cppfunc 157 void badSink(map dataMap) char * data = dataMap[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 6939 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c cppfunc 254 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 6940 153109/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6941 73641/CWE124_Buffer_Underwrite__CWE839_fgets_74.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6942 153559/avpacket.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6943 71484/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_45.c cppfunc 72 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_45_goodG2BData; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 6944 70515/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22.c cppfunc 213 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6945 71187/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22.c cppfunc 91 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_goodG2B2Source(wchar_t * data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_goodG2B2Source(data); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 6946 70484/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_64.c cppfunc 304 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 6947 72401/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_61.c cppfunc 59 data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_61b_goodG2BSource(data); strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 6948 153209/avdevice.c cppfunc 202 void acquests_teratomatous(char *const contriturate_paralgesia) BEMIRED_EPIPHYSITIS(contriturate_paralgesia); void witwall_tsinghai(char *trigonometry_smoulder) free(((char *)((char *)trigonometry_smoulder))); 0 --------------------------------- 6949 153144/avpacket.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6950 71426/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_21.c cppfunc 94 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6951 153112/utils.c cppfunc 4794 char *endptr; prog_id = (strtol(spec,&endptr,0)); if (( *(endptr++)) == ':') { int stream_idx = (strtol(endptr,((void *)0),0)); 0 --------------------------------- 6952 73020/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_45.c cppfunc 62 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_45_goodG2BData; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 6953 71416/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_09.c cppfunc 96 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 6954 153679/avdevice.c cppfunc 96 stonesoup_read_taint(&ficoides_perioesophageal,"YUJI_METERLESS"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 6955 153679/avdevice.c inputfunc 99 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&ficoides_perioesophageal,"YUJI_METERLESS"); if (ficoides_perioesophageal != 0) {; substantialness_linctus . kolhoz_recontinue = ficoides_perioesophageal; uninvested_magazine[5] = substantialness_linctus; chirruped_epeirogenesis = *(uninvested_magazine + supercrime_dailey[1]); pedicel_copperwing(chirruped_epeirogenesis); 0 --------------------------------- 6956 67735/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_34.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6957 71363/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_04.c cppfunc 100 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 6958 153324/aviobuf.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6959 72429/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_14.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 6960 153707/cryptlib.c cppfunc 162 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6961 71203/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_63.c cppfunc 128 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 6962 153677/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6963 110484/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_45.c cppfunc 72 int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_45_goodG2BData; data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_45_goodG2BData = data; goodG2BSink(); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6964 62590/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_43.cpp cppfunc 35 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6965 153515/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6966 153523/avdevice.c cppfunc 75 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6967 73032/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68.c cppfunc 130 char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68_badData; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 6968 153124/utf.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6969 153124/utf.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6970 153229/string.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6971 110459/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_04.c cppfunc 110 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 6972 153224/error.c cppfunc 75 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 6973 62739/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 6974 72815/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_16.c cppfunc 68 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 6975 153134/main_statusbar.c cppfunc 145 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 6976 153134/main_statusbar.c cppfunc 147 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 6977 153188/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 6978 153188/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6979 153188/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6980 66349/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_32.c cppfunc 69 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 6981 152920/oids.c cppfunc 1013 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; union forrard_shetrit clitellar_anthropotomy; char *inguinocrural_portionless; stonesoup_read_taint(&inguinocrural_portionless,"LENTISCUS_TETRADACTYLY"); clitellar_anthropotomy . enterocentesis_seminule = inguinocrural_portionless; nonstrictness_tramcars = biramose_switchback(clitellar_anthropotomy); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&inguinocrural_portionless,"LENTISCUS_TETRADACTYLY"); clitellar_anthropotomy . enterocentesis_seminule = inguinocrural_portionless; nonstrictness_tramcars = biramose_switchback(clitellar_anthropotomy); union forrard_shetrit biramose_switchback(union forrard_shetrit tetraselenodont_unhabitually) return tetraselenodont_unhabitually; nonstrictness_tramcars = biramose_switchback(clitellar_anthropotomy); free(((char *)nonstrictness_tramcars . enterocentesis_seminule)); 0 --------------------------------- 6982 73015/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_34.c cppfunc 71 CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_34_unionType myUnion; char * data = myUnion.unionSecond; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 6983 72112/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54.c cppfunc 288 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54e_goodG2BSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 6984 72886/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_66.c cppfunc 127 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 6985 71198/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52.c cppfunc 184 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52c_badSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 6986 67585/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_18.cpp cppfunc 93 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 6987 72719/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_16.c cppfunc 66 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 6988 71172/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_05.c cppfunc 99 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 6989 67731/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_22.cpp inputfunc 192 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 6990 69882/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_11.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 6991 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c cppfunc 322 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 6992 71485/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_51.c cppfunc 153 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_51b_goodG2BSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 6993 199276/invalid_memory_access.c cppfunc 301 int ptr[5] = {4,6,9,10,0}; int *ptr1,i; invalid_memory_access_func_010(5,&ptr1); for(i=0;i<5;i++) *(ptr1+i) = ptr[i]; free(ptr1); void invalid_memory_access_func_010 (int len ,int **Ptr) int * p = malloc(sizeof(int) * len); *Ptr = p; invalid_memory_access_func_010(5,&ptr1); free(ptr1); 0 --------------------------------- 6994 73065/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_42.c cppfunc 68 data[50-1] = '\0'; return data; data = goodG2BSource(data); strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 6995 153102/cryptlib.c cppfunc 175 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 6996 153102/cryptlib.c cppfunc 179 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 6997 72166/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_66.c cppfunc 148 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 6998 66241/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_10.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 6999 110337/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_42.c cppfunc 154 data = 20; return data; data = goodG2BSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7000 153616/mux.c cppfunc 484 furcule_malayalam = getenv("COALFIELD_COMIQUE"); eugeny_animadversions = ((int )(strlen(furcule_malayalam))); fringelike_lactation = ((char *)(malloc(eugeny_animadversions + 1))); memset(fringelike_lactation,0,eugeny_animadversions + 1); memcpy(fringelike_lactation,furcule_malayalam,eugeny_animadversions); fredrick_porchlike = ower_unfarsighted(fringelike_lactation); char *ower_unfarsighted(char *furtherer_rabiform) return furtherer_rabiform; fredrick_porchlike = ower_unfarsighted(fringelike_lactation); free(((char *)fredrick_porchlike)); 0 --------------------------------- 7001 153286/mux.c cppfunc 94 size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7002 153286/mux.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7003 152935/config_file.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7004 110653/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_06.cpp cppfunc 44 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7005 153273/cmdutils.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7006 153395/color.c cppfunc 376 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7007 152888/mem_dbg.c cppfunc 252 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7008 110518/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_15.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7009 199234/buffer_overrun_dynamic.c cppfunc 582 ptr1[i]='\0'; memcpy(ptr2,ptr1,11); free(ptr1); 0 --------------------------------- 7010 1298/crackaddr-ok.c cppfunc 181 register char *addr; char address[100]; scanf("%99s", address); res_addr = crackaddr(address); addr++; while (*addr != '\0' && isascii((int)*addr) && isspace((int)*addr)) 0 --------------------------------- 7011 110521/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_18.c cppfunc 159 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7012 153241/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7013 153229/string.c cppfunc 1129 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *sardoin_dromond; stonesoup_read_taint(&sardoin_dromond,"MENDERES_SUNNING"); unpossessedness_estancias = ((int )(strlen(sardoin_dromond))); memcpy(physocele_wakikis,sardoin_dromond,unpossessedness_estancias); free(((char *)sardoin_dromond)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&sardoin_dromond,"MENDERES_SUNNING"); unpossessedness_estancias = ((int )(strlen(sardoin_dromond))); memcpy(physocele_wakikis,sardoin_dromond,unpossessedness_estancias); free(((char *)sardoin_dromond)); 0 --------------------------------- 7014 153167/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7015 152866/gimpdisplay.c inputfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&overvehement_macrocosm,"4212",hut_corea); transliterate_actuarian = zalucki_awatch(lobal_cysteine); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 7016 152866/gimpdisplay.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7017 62967/CWE121_Stack_Based_Buffer_Overflow__CWE135_22.c cppfunc 209 void CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodB2G2Sink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 7018 62967/CWE121_Stack_Based_Buffer_Overflow__CWE135_22.c cppfunc 206 void CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodB2G2Sink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 7019 153769/utils.c cppfunc 4329 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { *port_ptr = atoi(brk + 2); 0 --------------------------------- 7020 66525/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_06.c cppfunc 65 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7021 66294/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_15.c cppfunc 90 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7022 153215/pgstat.c inputfunc 3267 if (fread((&format_id),1,sizeof(format_id),fpin) != sizeof(format_id) || format_id != 0x01A5BC9A) { if (fread((&globalStats),1,sizeof(globalStats),fpin) != sizeof(globalStats)) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 7023 67513/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12.c cppfunc 52 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 7024 62585/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_32.c cppfunc 131 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7025 153617/emem.c cppfunc 189 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7026 153617/emem.c cppfunc 180 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7027 153062/main_statusbar.c cppfunc 120 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7028 152898/color.c cppfunc 342 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7029 152898/color.c cppfunc 344 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 7030 110543/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67.c cppfunc 246 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67b_badSink(CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67_structType myStruct) int data = myStruct.structFirst; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7031 153355/subtrans.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7032 72774/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_33.cpp cppfunc 72 wchar_t * &dataRef = data; wchar_t * data = dataRef; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 7033 153796/oids.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7034 79502/CWE134_Uncontrolled_Format_String__char_console_snprintf_31.c inputfunc 111 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 7035 66333/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_06.c cppfunc 41 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7036 110662/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_15.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7037 69171/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_22.cpp cppfunc 94 return data; data = goodG2B2Source(data); data[0] = L'\0'; return data; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 7038 153405/main_filter_toolbar.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7039 67435/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_63.c cppfunc 50 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7040 72274/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_03.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7041 148916/strutil.c cppfunc 507 uri_str_to_bytes(const char *uri_str, GByteArray *bytes) { p = (const guchar *)uri_str; if (! isascii(*p) || ! isprint(*p)) p++; p++; p++; if (! isascii(*p) || ! isprint(*p)) 0 --------------------------------- 7042 66859/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_72.cpp cppfunc 151 void badSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 7043 110809/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_18.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7044 153321/column-utils.c cppfunc 764 overwheel_orthopraxia = getenv("ALIUS_OVERTHICKNESS"); wittekind_supernaturally = ((int )(strlen(overwheel_orthopraxia))); sclerocornea_amygdalus = ((char *)(malloc(wittekind_supernaturally + 1))); 0 --------------------------------- 7045 67312/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_09.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7046 110395/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_63.c cppfunc 136 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_63b_badSink(int * dataPtr) int data = *dataPtr; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7047 67290/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_62.cpp cppfunc 59 wchar_t dest[50] = L""; data[50-1] = L'\0'; wcscat(dest, data); 0 --------------------------------- 7048 153799/conf_mod.c cppfunc 177 int idiospastic_farmership = 1024; stonesoup_read_taint(&tribrachs_inflicted,"8967",idiospastic_farmership); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 7049 153015/cryptlib.c cppfunc 775 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *salep_retransmited) minorage_roger = ((int )(strlen(salep_retransmited))); glutinose_mesolgion = ((char *)(malloc(minorage_roger + 1))); 0 --------------------------------- 7050 153501/e_camellia.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7051 67497/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_14.c cppfunc 76 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 7052 153501/e_camellia.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7053 70646/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_07.c cppfunc 463 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7054 67724/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_13.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7055 153044/error.c cppfunc 105 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 7056 66342/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_15.c cppfunc 72 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7057 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c cppfunc 53 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 7058 153443/aviobuf.c cppfunc 1074 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; struct passed_edacious semihoral_pompelmoose; int exobasidium_chemult = 596; char *spreadability_chamfrain; stonesoup_read_taint(&spreadability_chamfrain,"2873",exobasidium_chemult); semihoral_pompelmoose . excited_daedalion = ((char *)spreadability_chamfrain); mononucleoses_preexperience[5] = semihoral_pompelmoose; fruitful_inurbanely = 5; drongo_tureen = &fruitful_inurbanely; gatling_reagency = *(mononucleoses_preexperience + *drongo_tureen); free(((char *)gatling_reagency . excited_daedalion)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&spreadability_chamfrain,"2873",exobasidium_chemult); semihoral_pompelmoose . excited_daedalion = ((char *)spreadability_chamfrain); gatling_reagency = *(mononucleoses_preexperience + *drongo_tureen); free(((char *)gatling_reagency . excited_daedalion)); 0 --------------------------------- 7059 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c inputfunc 43 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_22_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_22_badSink(char * data); 0 --------------------------------- 7060 1304/mime2-ok.c cppfunc 191 while ((c1 = fgetc(e->e_dfp)) != EOF) c2 = fgetc(e->e_dfp); c3 = fgetc(e->e_dfp); c4 = fgetc(e->e_dfp); } while (isascii(c4) && isspace(c4)); 0 --------------------------------- 7061 1304/mime2-ok.c inputfunc 190 c4 = fgetc(e->e_dfp); while ((c1 = fgetc(e->e_dfp)) != EOF) c2 = fgetc(e->e_dfp); c3 = fgetc(e->e_dfp); } while (isascii(c3) && isspace(c3)); if (c3 == EOF) if (c3 == '=') c3 = CHAR64(c3); 0 --------------------------------- 7062 153127/utils.c cppfunc 3231 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *orselle_dowelled;; stonesoup_read_taint(&orselle_dowelled,"ORILLION_MISUNDERSTOOD"); mormaor_aeroacoustic = ((void *)orselle_dowelled); pshaws_beglew[5] = mormaor_aeroacoustic; abrege_unnooked[1] = 5; blatchang_organistic = *(pshaws_beglew + abrege_unnooked[1]); mistify_preferrous(cerianthidae_blottingly,blatchang_organistic); mistify_preferrous(nucleoloid_iffiest,outbear_labiotenaculum); void mistify_preferrous(int nucleoloid_iffiest,void *outbear_labiotenaculum) free(((char *)((char *)outbear_labiotenaculum))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&orselle_dowelled,"ORILLION_MISUNDERSTOOD"); mormaor_aeroacoustic = ((void *)orselle_dowelled); pshaws_beglew[5] = mormaor_aeroacoustic; blatchang_organistic = *(pshaws_beglew + abrege_unnooked[1]); mistify_preferrous(cerianthidae_blottingly,blatchang_organistic); 0 --------------------------------- 7063 67603/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_63.cpp cppfunc 41 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7064 110330/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_21.c cppfunc 174 data = 20; return data; data = -1; data = goodG2B1Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); static int goodG2B1Source(int data) return data; data = goodG2B1Source(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7065 153300/config_file.c cppfunc 872 void stonesoup_handle_taint(char *chrismatize_ria) quadrilling_stomachic = ((int )(strlen(chrismatize_ria))); hairless_widukind = ((char *)(malloc(quadrilling_stomachic + 1))); 0 --------------------------------- 7066 67726/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_15.cpp cppfunc 207 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7067 153609/img2.c cppfunc 95 int pyrgocephalic_falafel = 91; stonesoup_read_taint(&ria_spik,"8625",pyrgocephalic_falafel); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 7068 153807/utils.c cppfunc 108 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7069 72145/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_18.c cppfunc 40 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 7070 153307/color.c cppfunc 602 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *garote_beauing) free(((char *)garote_beauing)); 0 --------------------------------- 7071 72445/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_51.c cppfunc 122 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_51b_badSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7072 70744/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_09.c cppfunc 89 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 7073 153506/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7074 153053/img2.c cppfunc 229 void shinbone_luxembourg(void **oothecal_semiresiny) shorteners_fungated(oothecal_semiresiny); void shorteners_fungated(void **bargainee_trehala) free(((char *)((char *)( *(bargainee_trehala - 5))))); 0 --------------------------------- 7075 153506/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7076 153506/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7077 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c cppfunc 123 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 7078 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c cppfunc 31 data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 7079 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c cppfunc 120 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_goodB2GData = data; goodB2GSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_goodB2GData; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 7080 67317/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_14.c cppfunc 80 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7081 152986/bio_err.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7082 153696/config.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7083 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c inputfunc 165 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 7084 72455/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67.c cppfunc 152 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67_structType myStruct; data[50-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7085 71417/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_10.c cppfunc 73 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7086 110389/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_51.c cppfunc 138 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_51b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7087 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c inputfunc 43 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_22_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_22_badSink(char * data); 0 --------------------------------- 7088 153437/portalmem.c inputfunc 162 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&wolffian_rous,"SPLENOLYMPHATIC_HETEROMORPHISM"); if (wolffian_rous != 0) {; predoubtful_pleasing . math_nonreconcilably = ((char *)wolffian_rous); cetaceous_uncommonly = &predoubtful_pleasing; tarsoplasty_bowdlerized = &cetaceous_uncommonly; 0 --------------------------------- 7089 70647/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_08.c cppfunc 93 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7090 70438/CWE122_Heap_Based_Buffer_Overflow__CWE135_66.c cppfunc 173 void CWE122_Heap_Based_Buffer_Overflow__CWE135_66b_goodG2BSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7091 153382/mux.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7092 153382/mux.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7093 67332/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_45.c cppfunc 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7094 153274/avfilter.c cppfunc 50 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7095 153488/aviobuf.c cppfunc 54 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7096 70503/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_08.c cppfunc 194 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7097 153356/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7098 72275/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_04.c cppfunc 97 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7099 153695/main_statusbar.c cppfunc 1101 void stonesoup_handle_taint(char *outbelch_ramuscule) frecklish_anyplace = ((int )(strlen(outbelch_ramuscule))); memcpy(monecious_whosises,outbelch_ramuscule,frecklish_anyplace); free(((char *)outbelch_ramuscule)); 0 --------------------------------- 7100 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c cppfunc 120 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 7101 148923/strutil.c cppfunc 847 convert_string_to_hex(const char *string, size_t *nbytes) p = &string[0]; c = *p++; c = *p++; if (isdigit(c)) 0 --------------------------------- 7102 73162/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_43.cpp cppfunc 29 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 7103 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 7104 71496/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68.c cppfunc 144 char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68_badData; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 7105 70658/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_21.c cppfunc 198 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7106 67344/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_68.c cppfunc 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7107 72114/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_62.cpp cppfunc 64 data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 7108 67414/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_15.c cppfunc 66 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7109 110343/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53.c cppfunc 381 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53c_goodG2BSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53d_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53d_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7110 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82a.cpp inputfunc 91 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject->action(data); virtual void action(char * data) = 0; 0 --------------------------------- 7111 66315/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_63.c cppfunc 50 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7112 153288/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7113 153288/color.c cppfunc 120 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7114 110342/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_52.c cppfunc 312 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_52b_goodG2BSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_52c_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_52c_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7115 153524/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7116 152946/file_wrappers.c cppfunc 128 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7117 199320/uninit_pointer.c cppfunc 293 int **ptr = (int**) malloc(3*sizeof(int*)); ptr[i]=(int*) malloc(3*sizeof(int)); ptr[i] = NULL; free(ptr); 0 --------------------------------- 7118 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c cppfunc 146 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 7119 72426/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_11.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7120 199275/invalid_memory_access.c cppfunc 184 float *buf1=(float*)calloc(5,sizeof(float)); float *buf2=(float*)calloc(5,sizeof(float)); buf2[0] = 10.0; free(buf2); 0 --------------------------------- 7121 199275/invalid_memory_access.c cppfunc 185 float *buf1=(float*)calloc(5,sizeof(float)); float *buf2=(float*)calloc(5,sizeof(float)); float *buf3=(float*)calloc(5,sizeof(float)); free(buf3); 0 --------------------------------- 7122 199275/invalid_memory_access.c cppfunc 186 float *buf1=(float*)calloc(5,sizeof(float)); float *buf2=(float*)calloc(5,sizeof(float)); float *buf3=(float*)calloc(5,sizeof(float)); float *buf4=(float*)calloc(5,sizeof(float)); free(buf4); 0 --------------------------------- 7123 199275/invalid_memory_access.c cppfunc 187 float *buf1=(float*)calloc(5,sizeof(float)); float *buf2=(float*)calloc(5,sizeof(float)); float *buf3=(float*)calloc(5,sizeof(float)); float *buf4=(float*)calloc(5,sizeof(float)); float *buf5=(float*)calloc(5,sizeof(float)); free(buf5); 0 --------------------------------- 7124 70416/CWE122_Heap_Based_Buffer_Overflow__CWE135_17.c cppfunc 80 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 7125 67374/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_33.cpp cppfunc 65 wchar_t * &dataRef = data; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 7126 67728/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_17.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7127 110806/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_15.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7128 67579/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_12.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7129 73315/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_72.cpp cppfunc 157 vector dataVector; data = NULL; data = (int64_t *)malloc(sizeof(*data)); *data = 2147483643LL; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int64_t * data = dataVector[2]; printLongLongLine(*data); free(data); 0 --------------------------------- 7130 66341/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_14.c cppfunc 86 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7131 153728/main_filter_toolbar.c cppfunc 81 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7132 65436/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_05.c cppfunc 102 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 7133 62991/CWE121_Stack_Based_Buffer_Overflow__CWE135_74.cpp cppfunc 166 void badSink(map dataMap) void * data = dataMap[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7134 66528/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_09.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7135 66308/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_45.c cppfunc 73 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7136 73035/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_74.cpp cppfunc 165 data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 7137 66342/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_15.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7138 153662/mem_dbg.c cppfunc 225 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7139 66307/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_44.c cppfunc 42 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7140 153185/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7141 153599/mem_dbg.c cppfunc 890 va_list suffisance_divisa; __builtin_va_start(suffisance_divisa,pittsford_overcure); meadowlarks_coadjudicator = (va_arg(suffisance_divisa,struct ransomers_isogon )); 0 --------------------------------- 7142 153405/main_filter_toolbar.c cppfunc 237 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *jaguarondi_pseudolarix; stonesoup_read_taint(&jaguarondi_pseudolarix,"SCRUNCHING_KLEPHTISM"); photomurals_welf = ((int )(strlen(jaguarondi_pseudolarix))); grillage_communized = ((char *)(malloc(photomurals_welf + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&jaguarondi_pseudolarix,"SCRUNCHING_KLEPHTISM"); photomurals_welf = ((int )(strlen(jaguarondi_pseudolarix))); grillage_communized = ((char *)(malloc(photomurals_welf + 1))); 0 --------------------------------- 7143 66624/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_09.c cppfunc 86 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7144 71497/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_72.cpp cppfunc 175 vector dataVector; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 7145 153616/mux.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7146 153408/heapam.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7147 153330/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7148 153250/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7149 62969/CWE121_Stack_Based_Buffer_Overflow__CWE135_32.c cppfunc 100 void * *dataPtr2 = &data; void * data = *dataPtr2; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 7150 62969/CWE121_Stack_Based_Buffer_Overflow__CWE135_32.c cppfunc 103 void * *dataPtr2 = &data; void * data = *dataPtr2; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 7151 71368/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_09.c cppfunc 93 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 7152 153298/stream.c cppfunc 1851 char *posner_nonchurchgoing = 0; gooseweed_substrings(&posner_nonchurchgoing); scutellaria_vexedly = 1; mungy_bursa = &posner_nonchurchgoing; snarls_nealah = ((char **)(((unsigned long )mungy_bursa) * scutellaria_vexedly * scutellaria_vexedly)) + 5; tracklessly_marybella[52] = snarls_nealah; free(((char *)( *(tracklessly_marybella[52] - 5)))); 0 --------------------------------- 7153 62566/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_03.c cppfunc 137 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7154 62581/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_18.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7155 153179/config_file.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7156 71464/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_09.c cppfunc 99 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 7157 66574/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_07.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7158 70666/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_43.cpp cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7159 153613/color.c cppfunc 337 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 7160 153613/color.c cppfunc 335 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7161 72787/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_63.c cppfunc 131 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 7162 70401/CWE122_Heap_Based_Buffer_Overflow__CWE135_02.c cppfunc 83 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 7163 72136/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_09.c cppfunc 96 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 7164 153040/bufmgr.c cppfunc 125 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7165 110369/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_10.c cppfunc 90 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7166 67404/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_05.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7167 70653/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_14.c cppfunc 369 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7168 72816/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_17.c cppfunc 68 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 7169 153309/mux.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7170 67588/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_31.cpp cppfunc 132 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7171 153309/mux.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7172 79386/CWE134_Uncontrolled_Format_String__char_console_fprintf_01.c inputfunc 89 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 7173 66288/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_09.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7174 153058/avfilter.c cppfunc 79 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7175 153758/stream.c cppfunc 566 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *cycler_salicional;; stonesoup_read_taint(&cycler_salicional,"GRATI_PENSEROSO"); epitrope_regioide = ((void *)cycler_salicional); hanoi_convertibly = &epitrope_regioide; save_preinsure = hanoi_convertibly + 5; REINDEBTEDNESS_PRAYA(save_preinsure); void paragram_cancerin(void **lapidarian_allocheiria) free(((char *)((char *)( *(lapidarian_allocheiria - 5))))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&cycler_salicional,"GRATI_PENSEROSO"); epitrope_regioide = ((void *)cycler_salicional); hanoi_convertibly = &epitrope_regioide; save_preinsure = hanoi_convertibly + 5; REINDEBTEDNESS_PRAYA(save_preinsure); 0 --------------------------------- 7176 153580/pmsignal.c cppfunc 433 chameleonlike_unpicketed = circularism_unplump(amidships_corrivalry); reacts_liana(closemouthed_nonintercepting,chameleonlike_unpicketed); reacts_liana(waynant_nonenvious,thanatophobia_wini); void reacts_liana(int waynant_nonenvious,char **thanatophobia_wini) free(((char *)thanatophobia_wini[53])); 0 --------------------------------- 7177 73068/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_45.c cppfunc 62 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_45_goodG2BData; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 7178 153214/pgstat.c cppfunc 299 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7179 153214/pgstat.c cppfunc 296 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7180 110488/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54.c cppfunc 264 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54e_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7181 70929/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_02.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 7182 153651/conversation.c cppfunc 101 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7183 72425/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_10.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7184 153651/conversation.c cppfunc 103 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7185 79397/CWE134_Uncontrolled_Format_String__char_console_fprintf_12.c inputfunc 97 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); fprintf(stdout, "%s\n", data); 0 --------------------------------- 7186 67413/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_14.c cppfunc 60 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7187 70666/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_43.cpp cppfunc 230 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7188 67726/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_15.cpp inputfunc 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 7189 73005/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_14.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 7190 153812/oids.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7191 152917/cmdutils.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7192 66338/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_11.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7193 153490/tile-swap.c cppfunc 132 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7194 153609/img2.c cppfunc 204 void hyllus_unstrictly(char **devocalisation_depew) carpos_radiale(devocalisation_depew); void carpos_radiale(char **desired_periodontics) free(((char *)desired_periodontics[3])); 0 --------------------------------- 7195 72858/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_11.c cppfunc 93 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 7196 153490/tile-swap.c cppfunc 139 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7197 153163/color.c cppfunc 373 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7198 70970/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_73.cpp cppfunc 157 void badSink(list dataList) char * data = dataList.back(); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 7199 153756/utf.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7200 153756/utf.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7201 67331/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_44.c cppfunc 69 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7202 72139/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_12.c cppfunc 47 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 7203 110545/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_72.cpp cppfunc 262 vector dataVector; data = 20; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int data = dataVector[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7204 72408/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68.c cppfunc 131 char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68_badData; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7205 153620/color.c cppfunc 362 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7206 153715/eng_lib.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7207 153163/color.c cppfunc 356 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7208 153059/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 7209 66250/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_21.c cppfunc 72 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 7210 153627/e_bf.c cppfunc 112 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7211 153627/e_bf.c cppfunc 110 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7212 153827/color.c cppfunc 335 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7213 153827/color.c cppfunc 337 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 7214 72788/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_64.c cppfunc 134 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 7215 71403/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_74.cpp cppfunc 169 data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 7216 153803/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7217 153032/timestamp.c cppfunc 89 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7218 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c inputfunc 42 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_badSink(char * data); 0 --------------------------------- 7219 153032/timestamp.c cppfunc 80 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7220 110803/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_12.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7221 153152/eng_table.c cppfunc 132 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7222 70466/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_21.c cppfunc 185 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7223 153397/resowner.c cppfunc 144 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7224 66367/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_67.c cppfunc 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7225 71457/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_02.c cppfunc 99 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 7226 72794/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_73.cpp cppfunc 171 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 7227 70645/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_06.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7228 72849/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_02.c cppfunc 71 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 7229 72586/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_43.cpp cppfunc 29 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 7230 70535/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67.c cppfunc 256 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7231 67322/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_21.c cppfunc 98 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 7232 70681/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_72.cpp cppfunc 371 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7233 69213/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_14.cpp cppfunc 96 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 7234 72101/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_32.c cppfunc 77 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 7235 153080/main_statusbar.c cppfunc 150 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7236 153519/cmdline.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7237 153519/cmdline.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7238 153519/cmdline.c cppfunc 107 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7239 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c inputfunc 144 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 7240 73076/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_64.c cppfunc 122 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 7241 62736/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_45.c cppfunc 106 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7242 72130/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_03.c cppfunc 41 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 7243 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c cppfunc 144 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 7244 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c cppfunc 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 7245 153333/utils.c cppfunc 79 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7246 153333/utils.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7247 66366/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_66.c cppfunc 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7248 153729/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 7249 69207/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_08.cpp cppfunc 109 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 7250 73698/CWE124_Buffer_Underwrite__CWE839_listen_socket_05.c cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7251 70663/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_34.c cppfunc 196 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7252 72087/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_08.c cppfunc 107 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 7253 153479/file_wrappers.c cppfunc 1796 char **fourchette_mewled = 0; puranic_prepostorship(superhistoric_recrosses,fourchette_mewled); puranic_prepostorship(overreaches_noncredulously,triplum_parenthesis); void puranic_prepostorship(int overreaches_noncredulously,char **triplum_parenthesis) free(((char *)triplum_parenthesis[1])); 0 --------------------------------- 7254 152923/portalmem.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7255 152923/portalmem.c cppfunc 117 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7256 152923/portalmem.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7257 153197/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7258 69714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_62.cpp cppfunc 145 data = new wchar_t[100]; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 7259 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c cppfunc 259 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 7260 72387/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22.c cppfunc 86 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_goodG2B2Source(data); strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7261 72506/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_73.cpp cppfunc 171 list dataList; data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 0 --------------------------------- 7262 153656/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7263 62969/CWE121_Stack_Based_Buffer_Overflow__CWE135_32.c cppfunc 74 void * *dataPtr2 = &data; void * data = *dataPtr2; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 7264 62969/CWE121_Stack_Based_Buffer_Overflow__CWE135_32.c cppfunc 77 void * *dataPtr2 = &data; void * data = *dataPtr2; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7265 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c cppfunc 133 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7266 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c cppfunc 130 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 7267 152978/column-utils.c cppfunc 91 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7268 152978/column-utils.c cppfunc 93 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7269 66346/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_21.c cppfunc 77 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 7270 110817/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_42.cpp cppfunc 77 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7271 153363/column-utils.c cppfunc 74 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7272 70741/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_06.c cppfunc 74 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 7273 73731/CWE124_Buffer_Underwrite__CWE839_listen_socket_65.c cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7274 153430/string.c cppfunc 75 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7275 153430/string.c cppfunc 72 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7276 153397/resowner.c cppfunc 1144 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int footing_disgracers = 131; char *ricercars_feelinglessly; stonesoup_read_taint(&ricercars_feelinglessly,"9197",footing_disgracers); ungird_uncensuring = ((void *)ricercars_feelinglessly); cerebralization_nogales = 1; scatoma_cudgels = &ungird_uncensuring; isiac_baneberry = ((void **)(((unsigned long )scatoma_cudgels) * cerebralization_nogales * cerebralization_nogales)) + 5; blepharoclonus_wiley(sherrymoor_nuangola,isiac_baneberry); blepharoclonus_wiley(wrixle_relisted,zanjona_unrefuting); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&ricercars_feelinglessly,"9197",footing_disgracers); ungird_uncensuring = ((void *)ricercars_feelinglessly); scatoma_cudgels = &ungird_uncensuring; isiac_baneberry = ((void **)(((unsigned long )scatoma_cudgels) * cerebralization_nogales * cerebralization_nogales)) + 5; blepharoclonus_wiley(sherrymoor_nuangola,isiac_baneberry); void blepharoclonus_wiley(int wrixle_relisted,void **zanjona_unrefuting) free(((char *)((char *)( *(zanjona_unrefuting - 5))))); 0 --------------------------------- 7277 153825/stream.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7278 71205/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_65.c cppfunc 148 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_65b_goodG2BSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 7279 153196/main_filter_toolbar.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7280 66605/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_65.c cppfunc 54 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7281 72146/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_21.c cppfunc 124 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 7282 110353/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_72.cpp cppfunc 226 void badSink(vector dataVector) int data = dataVector[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7283 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c cppfunc 151 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 7284 153303/utils.c cppfunc 83 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7285 110533/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_51.c cppfunc 256 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_51b_goodG2BSink(data); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_51b_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7286 71182/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_15.c cppfunc 79 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 7287 110316/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_05.c cppfunc 160 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7288 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c cppfunc 157 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 7289 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c cppfunc 154 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 7290 153153/subtrans.c cppfunc 107 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7291 67608/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_68.cpp cppfunc 89 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7292 153153/subtrans.c cppfunc 105 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7293 153530/bio_err.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7294 72979/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_63.c cppfunc 140 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 7295 152917/cmdutils.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7296 153604/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7297 70427/CWE122_Heap_Based_Buffer_Overflow__CWE135_44.c cppfunc 94 static void goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 7298 153036/string.c cppfunc 95 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7299 110516/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_13.c cppfunc 166 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7300 71018/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_73.cpp cppfunc 173 list dataList; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 7301 67518/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_17.c cppfunc 39 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_17_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_17_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 7302 71373/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_14.c cppfunc 71 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 7303 70535/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67.c cppfunc 90 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7304 153802/types.c cppfunc 87 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7305 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c cppfunc 229 data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_goodB2GSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_goodB2GSink(char * dataArray[]) char * data = dataArray[2]; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 7306 153330/color.c cppfunc 331 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7307 72418/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_03.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7308 110536/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7309 152934/conf_mod.c cppfunc 125 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7310 152934/conf_mod.c cppfunc 123 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7311 153400/dirent_uri.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7312 153400/dirent_uri.c cppfunc 111 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7313 72969/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_42.c cppfunc 72 data[0] = L'\0'; return data; data = goodG2BSource(data); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 7314 73073/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_61.c cppfunc 57 data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_61b_goodG2BSource(data); strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 7315 110543/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67.c cppfunc 86 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7316 66573/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_06.c cppfunc 35 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7317 70934/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_07.c cppfunc 98 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 7318 153593/color.c cppfunc 380 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7319 79424/CWE134_Uncontrolled_Format_String__char_console_fprintf_66.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_66b_goodB2GSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_fprintf_66b_goodB2GSink(char * dataArray[]) char * data = dataArray[2]; fprintf(stdout, "%s\n", data); 0 --------------------------------- 7320 62728/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_31.c cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7321 67394/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_73.cpp cppfunc 148 void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 7322 71462/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_07.c cppfunc 105 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 7323 62565/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_02.c cppfunc 137 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7324 66256/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_41.c cppfunc 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7325 153763/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7326 62718/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_11.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7327 153763/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7328 153383/config.c cppfunc 108 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7329 110665/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_18.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7330 153214/pgstat.c cppfunc 310 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7331 153188/color.c cppfunc 351 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7332 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c cppfunc 137 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 7333 153245/e_bf.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7334 153245/e_bf.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7335 199234/buffer_overrun_dynamic.c cppfunc 112 float *buf=(float*) calloc(5,sizeof(float)); buf[i]=1.0; free(buf); 0 --------------------------------- 7336 72189/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_14.c cppfunc 99 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 7337 153740/color.c cppfunc 605 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int situs_allotropic = 20; char *entropies_cierge; stonesoup_read_taint(&entropies_cierge,"8336",situs_allotropic); free(((char *)entropies_cierge)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&entropies_cierge,"8336",situs_allotropic); free(((char *)entropies_cierge)); 0 --------------------------------- 7338 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c inputfunc 107 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 7339 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 7340 62730/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_33.cpp cppfunc 220 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7341 63633/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_02.c cppfunc 94 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 7342 70971/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_74.cpp cppfunc 175 data = (char *)malloc((10+1)*sizeof(char)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 7343 62735/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_44.c cppfunc 245 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7344 72739/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_63.c cppfunc 138 data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 7345 67502/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_01.c cppfunc 36 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_01_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_01_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 7346 66317/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_65.c cppfunc 34 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7347 73528/CWE123_Write_What_Where_Condition__listen_socket_43.cpp cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7348 153127/utils.c cppfunc 100 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7349 73048/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_09.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 7350 153781/emem.c cppfunc 196 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7351 62590/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_43.cpp cppfunc 119 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7352 153781/emem.c cppfunc 198 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7353 62578/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_15.c inputfunc 97 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 7354 110462/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_07.c cppfunc 109 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7355 71005/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_51.c cppfunc 145 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_51b_goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 7356 153240/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7357 153273/cmdutils.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7358 153240/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7359 153240/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7360 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c cppfunc 37 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 7361 153759/hashfn.c cppfunc 70 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7362 153759/hashfn.c cppfunc 72 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7363 110535/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53.c cppfunc 372 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53d_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7364 72169/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_72.cpp cppfunc 151 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 7365 153392/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7366 153392/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7367 72100/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_31.c cppfunc 67 data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 7368 153290/dynahash.c cppfunc 268 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7369 71402/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_73.cpp cppfunc 150 void badSink(list dataList) char * data = dataList.back(); strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 7370 71595/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_74.cpp cppfunc 142 void badSink(map dataMap) int64_t * data = dataMap[2]; memcpy(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 7371 153401/e_camellia.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7372 72144/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_17.c cppfunc 70 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 7373 73710/CWE124_Buffer_Underwrite__CWE839_listen_socket_17.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7374 72713/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_10.c cppfunc 69 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 7375 70433/CWE122_Heap_Based_Buffer_Overflow__CWE135_61.c cppfunc 60 data = CWE122_Heap_Based_Buffer_Overflow__CWE135_61b_goodG2BSource(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7376 72717/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_14.c cppfunc 90 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 7377 1293/create_msg_file.c cppfunc 96 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); 0 --------------------------------- 7378 70678/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_66.c cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7379 72966/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_33.cpp cppfunc 70 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 7380 66578/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_11.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7381 153175/utils.c cppfunc 76 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7382 153626/bss_file.c cppfunc 133 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7383 153626/bss_file.c cppfunc 137 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7384 153673/config.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7385 153673/config.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7386 153673/config.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7387 110329/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_18.c cppfunc 146 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7388 70432/CWE122_Heap_Based_Buffer_Overflow__CWE135_54.c cppfunc 341 void CWE122_Heap_Based_Buffer_Overflow__CWE135_54d_goodB2GSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_54e_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_54e_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 7389 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c cppfunc 151 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 7390 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c cppfunc 154 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 7391 70947/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22.c cppfunc 91 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B2Source(data); data = (char *)malloc((10+1)*sizeof(char)); return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B2Source(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B2Source(char * data) return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B2Source(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 7392 153816/error.c cppfunc 88 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7393 152908/utils.c cppfunc 98 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7394 153816/error.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7395 110511/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_08.c cppfunc 206 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7396 71641/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_72.cpp cppfunc 142 void badSink(vector dataVector) int64_t * data = dataVector[2]; memmove(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 7397 70531/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63.c inputfunc 35 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63b_badSink(int * dataPtr); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63b_badSink(&data); 0 --------------------------------- 7398 67321/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_18.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7399 153438/conf_mod.c cppfunc 693 void overlordship_volvet(int raspingly_seducee,colorific_impingements *orderlinesses_amoebaean) overlordship_volvet(raspingly_seducee,orderlinesses_amoebaean); free(((char *)( *(orderlinesses_amoebaean - 5)))); void stonesoup_handle_taint(char *gooseberry_antipatriotism) ochletic_millihenry = gooseberry_antipatriotism; moraler_glorifications = &ochletic_millihenry; gregrory_raphaelle = moraler_glorifications + 5; overlordship_volvet(lithotomical_boltrope,gregrory_raphaelle); 0 --------------------------------- 7400 153534/string.c cppfunc 85 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7401 153534/string.c cppfunc 87 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7402 62601/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_65.c cppfunc 85 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7403 69737/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_10.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 7404 152949/conf_mod.c cppfunc 165 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7405 152949/conf_mod.c cppfunc 163 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7406 70448/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_01.c cppfunc 168 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7407 110462/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_07.c cppfunc 83 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7408 70959/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53.c cppfunc 255 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53d_goodG2BSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 7409 72888/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68.c cppfunc 151 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68_goodG2BData; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 7410 153464/mem_dbg.c cppfunc 231 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7411 62715/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_08.c cppfunc 305 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7412 153350/column-utils.c cppfunc 62 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7413 70459/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_12.c cppfunc 325 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7414 153009/utils.c cppfunc 79 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7415 70850/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_21.c cppfunc 93 data = (char *)malloc((10+1)*sizeof(char)); return data; data = NULL; data = goodG2B1Source(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); static char * goodG2B1Source(char * data) return data; data = goodG2B1Source(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7416 72323/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_04.c cppfunc 97 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7417 72767/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_16.c cppfunc 70 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 7418 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c inputfunc 126 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_22_goodB2G2Sink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_22_goodB2G2Sink(char * data); 0 --------------------------------- 7419 153656/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7420 153656/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7421 153822/config_file.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7422 71162/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_73.cpp cppfunc 157 void badSink(list dataList) wchar_t * data = dataList.back(); memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 7423 153379/e_camellia.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7424 153522/dirent_uri.c cppfunc 95 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 7425 65197/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_06.c cppfunc 99 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 7426 70523/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_44.c cppfunc 66 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7427 71305/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_72.cpp cppfunc 171 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7428 153721/color.c cppfunc 118 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7429 110660/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_13.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7430 70479/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53.c cppfunc 513 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7431 73719/CWE124_Buffer_Underwrite__CWE839_listen_socket_42.c cppfunc 217 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7432 153526/pgstat.c inputfunc 3446 if (fread((&format_id),1,sizeof(format_id),fpin) != sizeof(format_id) || format_id != 0x01A5BC9A) { FreeFile(fpin); if (fread((&myGlobalStats),1,sizeof(myGlobalStats),fpin) != sizeof(myGlobalStats)) { FreeFile(fpin); *ts = myGlobalStats . stats_timestamp; FreeFile(fpin); if (pgstat_read_statsfile_timestamp(((bool )0),&file_ts) && file_ts >= min_ts) { static bool pgstat_read_statsfile_timestamp(bool permanent,TimestampTz *ts) 0 --------------------------------- 7433 153373/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7434 153518/e_bf.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7435 199234/buffer_overrun_dynamic.c cppfunc 332 int *buf=(int*) calloc(5,sizeof(int)); int indexes[4] = {3, 4, 5, 6}; *(buf+indexes[index]) = 1; free(buf); 0 --------------------------------- 7436 152897/conf_mod.c cppfunc 680 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *nurry_capacitations) pereira_uncancelable = ((void *)nurry_capacitations); expanse_sarrazin = &pereira_uncancelable; free(((char *)((char *)( *expanse_sarrazin)))); 0 --------------------------------- 7437 153733/column.c cppfunc 87 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7438 153733/column.c cppfunc 89 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7439 153491/stream.c cppfunc 88 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7440 152974/conversation.c cppfunc 116 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 7441 152910/bufmgr.c cppfunc 2724 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *kreatic_pane) flubdub_lichenivorous = &kreatic_pane; free(((char *)( *flubdub_lichenivorous))); 0 --------------------------------- 7442 71354/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_73.cpp cppfunc 171 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7443 153715/eng_lib.c cppfunc 116 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7444 153715/eng_lib.c cppfunc 114 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7445 110391/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53.c cppfunc 258 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53c_goodG2BSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53d_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53d_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7446 72141/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_14.c cppfunc 41 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 7447 73732/CWE124_Buffer_Underwrite__CWE839_listen_socket_66.c cppfunc 185 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7448 65444/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_13.c cppfunc 95 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 7449 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c cppfunc 147 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 7450 63441/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_10.c cppfunc 94 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 7451 73081/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_72.cpp cppfunc 148 void badSink(vector dataVector) char * data = dataVector[2]; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 7452 153027/color.c cppfunc 340 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7453 153683/tile.c cppfunc 67 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7454 65399/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_08.c cppfunc 107 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 7455 70919/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67.c cppfunc 160 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67_structType myStruct; data = (char *)malloc((10+1)*sizeof(char)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67_structType myStruct) char * data = myStruct.structFirst; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7456 153193/color.c cppfunc 351 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7457 70900/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_31.c cppfunc 68 data = (char *)malloc((10+1)*sizeof(char)); char * dataCopy = data; char * data = dataCopy; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7458 71422/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_15.c cppfunc 47 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7459 153325/aviobuf.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7460 153325/aviobuf.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7461 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c cppfunc 251 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 7462 153649/pmsignal.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7463 70873/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_72.cpp cppfunc 175 vector dataVector; data = (char *)malloc((10+1)*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7464 72714/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_11.c cppfunc 69 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 7465 67738/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_43.cpp cppfunc 230 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7466 70680/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68.c cppfunc 338 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7467 73736/CWE124_Buffer_Underwrite__CWE839_listen_socket_73.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7468 67323/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22.c cppfunc 191 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22_goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 7469 72814/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_15.c cppfunc 78 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 7470 70451/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_04.c cppfunc 383 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7471 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c cppfunc 82 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 7472 62721/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_14.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7473 153081/eng_lib.c cppfunc 85 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7474 153081/eng_lib.c cppfunc 83 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7475 70412/CWE122_Heap_Based_Buffer_Overflow__CWE135_13.c cppfunc 111 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 7476 62751/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_74.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7477 152932/string.c cppfunc 65 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7478 152932/string.c cppfunc 63 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7479 152941/eng_lib.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7480 153388/dynahash.c cppfunc 836 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int propylitic_bakhmut = 596; char *poligarship_treadled; stonesoup_read_taint(&poligarship_treadled,"8084",propylitic_bakhmut); waterworn_overharshly[84] = poligarship_treadled; eucrite_peripneumonic = ebullioscopic_emceeing(waterworn_overharshly); char **ebullioscopic_emceeing(char **nonrhythmical_pintos) return nonrhythmical_pintos; eucrite_peripneumonic = ebullioscopic_emceeing(waterworn_overharshly); free(((char *)eucrite_peripneumonic[84])); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&poligarship_treadled,"8084",propylitic_bakhmut); waterworn_overharshly[84] = poligarship_treadled; eucrite_peripneumonic = ebullioscopic_emceeing(waterworn_overharshly); 0 --------------------------------- 7481 66232/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_01.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7482 153537/heapam.c cppfunc 123 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7483 153537/heapam.c cppfunc 126 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7484 153030/avpacket.c cppfunc 55 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7485 110492/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_64.c cppfunc 124 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7486 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c cppfunc 160 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7487 71578/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_43.cpp cppfunc 65 data = (int64_t *)malloc(100*sizeof(int64_t)); memcpy(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 7488 153530/bio_err.c cppfunc 125 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7489 153530/bio_err.c cppfunc 127 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7490 62982/CWE121_Stack_Based_Buffer_Overflow__CWE135_62.cpp cppfunc 63 data = NULL; goodG2BSource(data); void goodG2BSource(void * &data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7491 152882/subtrans.c cppfunc 464 melancholy_dauded = inhabitation_retaliate(unsticked_hoplonemertea); valinch_forums(kists_oxyhydric,melancholy_dauded); valinch_forums(arteriometer_inordinacy,calusa_pacate); void valinch_forums(int arteriometer_inordinacy,char *calusa_pacate) free(((char *)calusa_pacate)); 0 --------------------------------- 7492 70663/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_34.c cppfunc 302 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7493 152882/subtrans.c cppfunc 79 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7494 153033/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7495 153019/mutex.c cppfunc 53 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7496 66282/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_03.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7497 67759/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_84_bad.cpp cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7498 69897/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_42.cpp cppfunc 29 data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 7499 73269/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_74.cpp cppfunc 144 void badSink(map dataMap) double * data = dataMap[2]; printDoubleLine(*data); free(data); 0 --------------------------------- 7500 72099/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22.c cppfunc 89 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_goodG2B2Source(wchar_t * data) data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_goodG2B2Source(data); wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 7501 66523/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_04.c cppfunc 89 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7502 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c inputfunc 163 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 7503 71465/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_10.c cppfunc 99 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 7504 152936/eng_table.c cppfunc 512 pitchpot_plumed = filmily_laches(lisbon_hematocyanin); stentor_circumvascular(pitchpot_plumed); void stentor_circumvascular(struct byelaw_sellma tripodic_uranophane) free(((char *)tripodic_uranophane . forky_malakin)); 0 --------------------------------- 7505 70485/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_65.c cppfunc 305 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7506 72281/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_10.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7507 62721/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_14.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7508 153203/tile-manager.c cppfunc 67 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7509 70774/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_66.c cppfunc 150 data = (char *)malloc((10+1)*sizeof(char)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 7510 110363/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_04.c cppfunc 97 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7511 153809/img2.c cppfunc 72 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7512 79512/CWE134_Uncontrolled_Format_String__char_console_snprintf_52.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_52b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_52b_goodB2GSink(char * data); 0 --------------------------------- 7513 66286/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_07.c cppfunc 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7514 62948/CWE121_Stack_Based_Buffer_Overflow__CWE135_01.c cppfunc 57 data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 7515 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c cppfunc 78 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 7516 71413/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_06.c cppfunc 45 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7517 70523/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_44.c cppfunc 148 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7518 69154/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_03.cpp cppfunc 94 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 7519 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c cppfunc 31 static void badVaSinkB(char * data, ...) badVaSinkB(data, data); char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 7520 199275/invalid_memory_access.c cppfunc 489 int arr[]={3,8,9,10,4}; int *ptr = malloc(sizeof(int)*5); ptr[i] = arr[i]; free(ptr); 0 --------------------------------- 7521 71306/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_73.cpp cppfunc 171 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7522 153303/utils.c cppfunc 132 stonesoup_read_taint(&signifer_hydrazobenzene,"INWRAP_GRAPHIOLOGIST"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 7523 153303/utils.c inputfunc 135 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&signifer_hydrazobenzene,"INWRAP_GRAPHIOLOGIST"); if (signifer_hydrazobenzene != 0) {; braxies_sprighty . pomiculturist_inconcoct = signifer_hydrazobenzene; ufa_idou[5] = braxies_sprighty; runa_queendom = *(ufa_idou + reconsidering_misremember[1]); camaldolesian_windham(australioid_fitts,runa_queendom); void camaldolesian_windham(int overcrops_cabinlike,union oversteadiness_composite picturemaker_bromometric); 0 --------------------------------- 7524 72087/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_08.c cppfunc 85 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 7525 153541/heapam.c cppfunc 118 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7526 153541/heapam.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7527 153541/heapam.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7528 66570/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_03.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7529 152999/tile-swap.c cppfunc 623 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; struct pipecoline_gumweeds interestedness_duchan; char *inputted_sheared; stonesoup_read_taint(&inputted_sheared,"BIOSTATICAL_ZINGIBER"); interestedness_duchan . decimalized_stanniferous = ((char *)inputted_sheared); discursive_overnicety[5] = interestedness_duchan; alliant_afterlifetime[1] = 5; achymia_nondecoration = *(discursive_overnicety + alliant_afterlifetime[1]); free(((char *)achymia_nondecoration . decimalized_stanniferous)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&inputted_sheared,"BIOSTATICAL_ZINGIBER"); interestedness_duchan . decimalized_stanniferous = ((char *)inputted_sheared); achymia_nondecoration = *(discursive_overnicety + alliant_afterlifetime[1]); free(((char *)achymia_nondecoration . decimalized_stanniferous)); 0 --------------------------------- 7530 153048/pmsignal.c cppfunc 127 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7531 153048/pmsignal.c cppfunc 129 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7532 62748/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_68.c cppfunc 185 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7533 66622/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_07.c cppfunc 72 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7534 152983/dynahash.c cppfunc 250 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7535 153369/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7536 152983/dynahash.c cppfunc 259 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7537 62742/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_62.cpp cppfunc 321 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7538 153128/avfilter.c cppfunc 50 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7539 153423/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 7540 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c cppfunc 192 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 7541 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c cppfunc 195 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 7542 148828/Geolocation.cpp cppfunc 170 void Geolocation::Watchers::remove(int id) IdToNotifierMap::iterator iter = m_idToNotifierMap.find(id); m_notifierToIdMap.remove(iter->second); m_idToNotifierMap.remove(iter); 0 --------------------------------- 7543 69742/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_15.cpp cppfunc 103 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 7544 153364/cmdutils.c cppfunc 105 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 7545 72299/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_44.c cppfunc 61 static void goodG2BSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7546 153506/color.c cppfunc 341 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7547 153766/tile-swap.c inputfunc 174 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&mungy_septfoil,"NONPOPULOUSNESS_RHODONITE"); if (mungy_septfoil != 0) {; 0 --------------------------------- 7548 153809/img2.c inputfunc 97 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&substantialized_gripers,"VILITY_MARCHAL"); if (substantialized_gripers != 0) {; 0 --------------------------------- 7549 153809/img2.c cppfunc 94 stonesoup_read_taint(&substantialized_gripers,"VILITY_MARCHAL"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 7550 110511/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_08.c cppfunc 93 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7551 148916/strutil.c cppfunc 427 s = p+3; punct = s + 1; p = punct; q = p+1; else if (*q && isxdigit(*p) && isxdigit(*q)) { if (is_byte_sep(*punct)) { else if (*q && isxdigit(*p) && is_byte_sep(*q)) { is_byte_sep(guint8 c) if (is_byte_sep(*punct)) { p = punct; q = p+1; else if (*q && isxdigit(*p) && isxdigit(*q)) { if (is_byte_sep(*punct)) { p = punct; q = p+1; else if (*q && isxdigit(*p) && isxdigit(*q)) { else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; q = p+1; else if (*q && isxdigit(*p) && isxdigit(*q)) { hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; q = p+1; && isxdigit(*p) && isxdigit(*q) && p = punct; else if (*q && isxdigit(*p) && isxdigit(*q)) { p = q + 1; q = p+1; punct = q + 1; p = punct; if (is_byte_sep(*punct)) { else if (*q && isxdigit(*p) && isxdigit(*q)) { p = q; else if (*q && isxdigit(*p) && isxdigit(*q)) { 0 --------------------------------- 7552 72807/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_08.c cppfunc 85 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 7553 70665/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_42.c cppfunc 300 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7554 153250/color.c cppfunc 339 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7555 67425/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_42.c cppfunc 26 wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 7556 153768/avpacket.c cppfunc 62 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7557 153768/avpacket.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7558 153768/avpacket.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7559 63440/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_09.c cppfunc 94 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 7560 66543/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_34.c cppfunc 36 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7561 152868/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 7562 153670/avdevice.c cppfunc 71 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7563 153670/avdevice.c cppfunc 73 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7564 153108/color.c cppfunc 161 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *banshees_fastigiately; stonesoup_read_taint(&banshees_fastigiately,"DSEE_NGANHWEI"); sophy_enweave = ((char *)banshees_fastigiately); stonesoup_buffer = malloc((strlen(sophy_enweave) + 1) * sizeof(char )); strcpy(stonesoup_buffer,sophy_enweave); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&banshees_fastigiately,"DSEE_NGANHWEI"); sophy_enweave = ((char *)banshees_fastigiately); stonesoup_buffer = malloc((strlen(sophy_enweave) + 1) * sizeof(char )); strcpy(stonesoup_buffer,sophy_enweave); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 7565 199235/buffer_underrun_dynamic.c cppfunc 780 dynamic_buffer_underrun_s_008* ptr_s1=malloc(15*sizeof(dynamic_buffer_underrun_s_008)); memset(ptr_s1,1,15*sizeof(dynamic_buffer_underrun_s_008)); memcpy(ptr_s2,ptr_s1,15*sizeof(dynamic_buffer_underrun_s_008)); free(ptr_s1); 0 --------------------------------- 7566 152978/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 7567 70532/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64.c cppfunc 216 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7568 79353/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_16.c cppfunc 253 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 7569 79353/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_16.c cppfunc 250 static void goodG2BVaSinkB(char * data, ...) goodG2BVaSinkB(data, data); char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 7570 70430/CWE122_Heap_Based_Buffer_Overflow__CWE135_52.c cppfunc 218 void CWE122_Heap_Based_Buffer_Overflow__CWE135_52c_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7571 153749/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7572 71361/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_02.c cppfunc 71 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 7573 152869/conversation.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7574 152869/conversation.c cppfunc 120 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7575 153707/cryptlib.c cppfunc 164 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7576 70909/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_51.c cppfunc 130 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_51b_badSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7577 66597/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_51.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7578 153624/color.c cppfunc 108 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7579 153624/color.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7580 70516/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_31.c cppfunc 112 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7581 153624/color.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7582 72066/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_62.cpp cppfunc 42 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 7583 67437/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_65.c cppfunc 34 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7584 152868/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7585 153718/hashfn.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7586 153718/hashfn.c cppfunc 64 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7587 153293/timestamp.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7588 153441/oids.c cppfunc 100 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7589 153441/oids.c cppfunc 102 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7590 70529/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_61.c cppfunc 131 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7591 153509/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 7592 67572/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_05.cpp cppfunc 158 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7593 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c inputfunc 108 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 7594 153523/avdevice.c cppfunc 77 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7595 153293/timestamp.c cppfunc 103 stonesoup_read_taint(&photograph_dworak,"UNFEARY_HYBRIDISER"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 7596 153293/timestamp.c inputfunc 106 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&photograph_dworak,"UNFEARY_HYBRIDISER"); if (photograph_dworak != 0) {; egrep_adiathermancy[36] = photograph_dworak; obdurately_buckman(egrep_adiathermancy); 0 --------------------------------- 7597 199235/buffer_underrun_dynamic.c cppfunc 65 int *buf=(int*) calloc(5,sizeof(int)); buf[i]=1; free(buf); 0 --------------------------------- 7598 70525/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51.c cppfunc 208 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7599 62986/CWE121_Stack_Based_Buffer_Overflow__CWE135_66.c cppfunc 143 void CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_badSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 7600 70660/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_31.c cppfunc 293 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7601 70511/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_16.c cppfunc 95 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7602 153515/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7603 70514/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_21.c cppfunc 176 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7604 72444/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_45.c cppfunc 64 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_45_goodG2BData; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7605 153571/conf_mod.c cppfunc 659 void stonesoup_handle_taint(char *hepsiba_armond) cavaliero_chuchchis = ((int )(strlen(hepsiba_armond))); memcpy(overtechnical_mediately,hepsiba_armond,cavaliero_chuchchis); free(((char *)hepsiba_armond)); 0 --------------------------------- 7606 153571/conf_mod.c cppfunc 651 void stonesoup_handle_taint(char *hepsiba_armond) cavaliero_chuchchis = ((int )(strlen(hepsiba_armond))); overtechnical_mediately = ((char *)(malloc(cavaliero_chuchchis + 1))); 0 --------------------------------- 7607 148966/packet-http.c cppfunc 2317 char *p; eh_ptr->content_length = g_ascii_strtoll(value, &p, 10); up = (guchar *)p; (*up != '\0' && !isspace(*up))) { 0 --------------------------------- 7608 67306/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_03.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7609 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c cppfunc 192 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 7610 72447/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53.c cppfunc 237 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53d_goodG2BSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7611 70404/CWE122_Heap_Based_Buffer_Overflow__CWE135_05.c cppfunc 178 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7612 62970/CWE121_Stack_Based_Buffer_Overflow__CWE135_33.cpp cppfunc 70 void * &dataRef = data; void * data = dataRef; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7613 72777/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_42.c cppfunc 74 data[50-1] = L'\0'; return data; data = goodG2BSource(data); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 7614 72407/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67.c cppfunc 152 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67_structType myStruct; data[50-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67_structType myStruct) char * data = myStruct.structFirst; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7615 153818/tile.c cppfunc 72 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7616 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c inputfunc 150 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 7617 66246/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_15.c cppfunc 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7618 66533/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_14.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7619 110546/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_73.cpp cppfunc 262 list dataList; data = 20; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int data = dataList.back(); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7620 153384/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7621 153250/color.c cppfunc 134 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 7622 70887/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_08.c cppfunc 106 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7623 72877/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_51.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_51b_badSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 7624 153671/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7625 70642/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_03.c cppfunc 262 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7626 66861/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_74.cpp cppfunc 169 data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 7627 72868/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_31.c cppfunc 67 data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 7628 153401/e_camellia.c cppfunc 111 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7629 72801/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_02.c cppfunc 71 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 7630 67742/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_52.cpp cppfunc 182 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7631 152873/portalmem.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7632 152873/portalmem.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7633 72326/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_07.c cppfunc 75 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7634 72448/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54.c cppfunc 269 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54e_badSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7635 71466/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_11.c cppfunc 77 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 7636 73058/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_21.c cppfunc 115 data = (char *)malloc(100*sizeof(char)); data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 7637 66553/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_61.c cppfunc 137 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 7638 152924/column.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7639 152924/column.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7640 153466/subtrans.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7641 153162/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7642 153821/heapam.c cppfunc 127 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7643 153583/stream.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7644 153466/subtrans.c cppfunc 80 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7645 153391/ffmpeg.c cppfunc 170 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7646 153102/cryptlib.c cppfunc 594 jmp_buf scrivaille_thakur; mysids_redowas = setjmp(scrivaille_thakur); longjmp(scrivaille_thakur,1); 0 --------------------------------- 7647 72123/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_74.cpp cppfunc 169 data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 7648 153069/tile.c cppfunc 51 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7649 70838/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_07.c cppfunc 98 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7650 153219/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7651 153068/aviobuf.c cppfunc 64 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7652 153228/cryptlib.c cppfunc 181 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7653 153449/heapam.c cppfunc 122 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 7654 67307/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_04.c cppfunc 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7655 71435/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_44.c cppfunc 33 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7656 72106/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_43.cpp cppfunc 73 data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 7657 72958/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_15.c cppfunc 106 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 7658 69161/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_10.cpp cppfunc 94 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 7659 70438/CWE122_Heap_Based_Buffer_Overflow__CWE135_66.c cppfunc 187 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__CWE135_66b_goodB2GSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__CWE135_66b_goodB2GSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 7660 72869/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_32.c cppfunc 77 char * *dataPtr2 = &data; char * data = *dataPtr2; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 7661 153176/stream.c cppfunc 1848 unconsigned_chinpiece = schorlous_martelli(mentorism_stromal); BURRIEST_MORPHOGENESES(unconsigned_chinpiece); void kenyan_brahmi(verbalizes_countdowns pasithea_trophonian) free(((char *)pasithea_trophonian)); 0 --------------------------------- 7662 153236/dynahash.c cppfunc 268 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7663 153193/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7664 153193/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7665 153193/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7666 153167/color.c cppfunc 356 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7667 153167/color.c cppfunc 358 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 7668 153079/cmdline.c cppfunc 961 svn_error_t *svn_cmdline__edit_file_externally(const char *path,const char *editor_cmd,apr_hash_t *config,apr_pool_t *pool) const char *editor; svn_dirent_split(&base_dir,&file_name,path,pool); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); apr_err = apr_filepath_set(old_cwd,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char *file_name; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); 0 --------------------------------- 7669 71459/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_04.c cppfunc 106 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 7670 153049/subtrans.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7671 153049/subtrans.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7672 73363/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_72.cpp cppfunc 146 void badSink(vector dataVector) twoIntsStruct * data = dataVector[2]; printStructLine(data); free(data); 0 --------------------------------- 7673 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c cppfunc 84 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); char * dataCopy = data; char * data = dataCopy; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 7674 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c cppfunc 87 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 7675 79465/CWE134_Uncontrolled_Format_String__char_console_printf_53.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_53b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_53b_badSink(char * data); 0 --------------------------------- 7676 79450/CWE134_Uncontrolled_Format_String__char_console_printf_17.c inputfunc 87 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 7677 73708/CWE124_Buffer_Underwrite__CWE839_listen_socket_15.c cppfunc 199 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7678 153234/img2.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7679 153526/pgstat.c inputfunc 3359 if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); memcpy(dbentry,(&dbbuf),sizeof(PgStat_StatDBEntry )); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 7680 67728/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_17.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7681 70653/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_14.c cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7682 110355/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_74.cpp cppfunc 249 data = 20; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int data = dataMap[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7683 110342/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_52.c cppfunc 290 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_52c_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7684 72779/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_44.c cppfunc 65 static void goodG2BSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 7685 153421/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7686 153773/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7687 153037/color.c cppfunc 593 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *endor_tutt; stonesoup_read_taint(&endor_tutt,"FIVELING_TRAGICOMIC"); free(((char *)endor_tutt)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&endor_tutt,"FIVELING_TRAGICOMIC"); free(((char *)endor_tutt)); 0 --------------------------------- 7688 153626/bss_file.c cppfunc 140 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7689 152910/bufmgr.c cppfunc 2696 jmp_buf exposure_topesthesia; canty_sulfated = setjmp(exposure_topesthesia); longjmp(exposure_topesthesia,1); 0 --------------------------------- 7690 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c cppfunc 228 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 7691 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c cppfunc 225 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 7692 152917/cmdutils.c cppfunc 930 int opt_max_alloc(void *optctx,const char *opt,const char *arg) char *tail; max = (strtol(arg,&tail,'\n')); 0 --------------------------------- 7693 62606/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_73.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7694 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c cppfunc 201 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 7695 66235/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_04.c cppfunc 68 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7696 66520/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_01.c cppfunc 29 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7697 72793/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_72.cpp cppfunc 171 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 7698 66320/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_68.c cppfunc 55 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7699 79509/CWE134_Uncontrolled_Format_String__char_console_snprintf_44.c inputfunc 56 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 7700 152913/eng_lib.c cppfunc 422 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *charmeuse_winter) duumviral_unflouted = ((int )(strlen(charmeuse_winter))); coproducing_diseasy = ((char *)(malloc(duumviral_unflouted + 1))); 0 --------------------------------- 7701 72310/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_66.c cppfunc 126 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7702 153142/tile.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7703 153142/tile.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7704 153023/avpacket.c cppfunc 71 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7705 153039/bufmgr.c cppfunc 129 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7706 153238/color.c cppfunc 348 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7707 153039/bufmgr.c cppfunc 122 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7708 70649/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_10.c cppfunc 458 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7709 73641/CWE124_Buffer_Underwrite__CWE839_fgets_74.cpp cppfunc 97 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7710 153602/img2.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7711 71436/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_45.c cppfunc 68 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7712 153602/img2.c cppfunc 58 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7713 70424/CWE122_Heap_Based_Buffer_Overflow__CWE135_41.c cppfunc 63 dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; goodG2BSink(data); static void goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7714 69867/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_74.cpp cppfunc 159 data = (int *)malloc(10*sizeof(int)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int * data = dataMap[2]; memcpy(data, source, 10*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 7715 62973/CWE121_Stack_Based_Buffer_Overflow__CWE135_42.c cppfunc 72 data = (void *)CHAR_STRING; return data; data = goodG2BSource(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7716 153019/mutex.c cppfunc 236 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; union luminescent_marksville nucleiferous_asarabacca; int lai_hanses = 91; char *estab_strangerwise;; stonesoup_read_taint(&estab_strangerwise,"5201",lai_hanses); nucleiferous_asarabacca . ported_emerged = estab_strangerwise; gerfalcon_quinque[ *( *perlucidus_anterolateral)] = nucleiferous_asarabacca; shopboys_orchestrational = gerfalcon_quinque[ *( *perlucidus_anterolateral)]; RACIER_FLUIDIFICATION(shopboys_orchestrational); void infernally_translating(union luminescent_marksville morita_interfilamentar) free(((char *)morita_interfilamentar . ported_emerged)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&estab_strangerwise,"5201",lai_hanses); nucleiferous_asarabacca . ported_emerged = estab_strangerwise; shopboys_orchestrational = gerfalcon_quinque[ *( *perlucidus_anterolateral)]; RACIER_FLUIDIFICATION(shopboys_orchestrational); 0 --------------------------------- 7717 79426/CWE134_Uncontrolled_Format_String__char_console_fprintf_68.c inputfunc 45 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_68_badData = data; 0 --------------------------------- 7718 110402/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_73.cpp cppfunc 186 list dataList; data = 20; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int data = dataList.back(); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7719 73007/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_16.c cppfunc 64 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 7720 72956/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_13.c cppfunc 93 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 7721 153324/aviobuf.c cppfunc 83 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7722 67732/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_31.cpp cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7723 66287/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_08.c cppfunc 45 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7724 72789/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_65.c cppfunc 134 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_65b_badSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 7725 152995/bio_err.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7726 152995/bio_err.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7727 72446/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52.c cppfunc 171 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52c_badSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7728 66557/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_65.c cppfunc 54 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7729 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c cppfunc 354 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 7730 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c cppfunc 351 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 7731 110835/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_74.cpp cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7732 79365/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_44.c cppfunc 152 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 7733 70475/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_44.c cppfunc 170 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7734 66569/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_02.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7735 66245/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_14.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7736 72754/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_03.c cppfunc 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 7737 62564/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_01.c cppfunc 35 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7738 153243/main_filter_toolbar.c cppfunc 229 int simmers_ramsons = 40; char *scopiform_synchromist; stonesoup_read_taint(&scopiform_synchromist,"8430",simmers_ramsons); soaking_sestertius = ((int )(strlen(scopiform_synchromist))); haematological_owercome = ((char *)(malloc(soaking_sestertius + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&scopiform_synchromist,"8430",simmers_ramsons); soaking_sestertius = ((int )(strlen(scopiform_synchromist))); haematological_owercome = ((char *)(malloc(soaking_sestertius + 1))); 0 --------------------------------- 7739 67299/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_74.cpp cppfunc 148 void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 7740 62731/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_34.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7741 153793/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 7742 72346/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_43.cpp cppfunc 71 data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7743 153383/config.c cppfunc 130 stonesoup_read_taint(&austral_dubitably,"LTV_VALETUDINARIANS"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 7744 153383/config.c inputfunc 133 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&austral_dubitably,"LTV_VALETUDINARIANS"); if (austral_dubitably != 0) {; hoodlumize_dustrag[30] = austral_dubitably; sophta_cognovits = &hoodlumize_dustrag; purgation_nymil = &sophta_cognovits; timetable_underleased = ((char *)( *( *purgation_nymil))[30]); if (( *( *purgation_nymil))[30] != 0) free(((char *)( *( *purgation_nymil))[30])); 0 --------------------------------- 7745 153257/mem_dbg.c cppfunc 216 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7746 153373/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7747 153512/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7748 153690/gimpviewable.c cppfunc 1798 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int unharmonious_toast = 26; char *sesser_oversecretion;; stonesoup_read_taint(&sesser_oversecretion,"9576",unharmonious_toast); sluff_lepidine[43] = sesser_oversecretion; free(((char *)sluff_lepidine[43])); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&sesser_oversecretion,"9576",unharmonious_toast); sluff_lepidine[43] = sesser_oversecretion; free(((char *)sluff_lepidine[43])); 0 --------------------------------- 7749 72980/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_64.c cppfunc 124 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 7750 153009/utils.c cppfunc 4283 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { *port_ptr = atoi(brk + 2); 0 --------------------------------- 7751 62740/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7752 66241/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_10.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7753 66289/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_10.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7754 110540/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_64.c cppfunc 261 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_64b_goodG2BSink(&data); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_64b_goodG2BSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7755 153787/dynahash.c cppfunc 270 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7756 72340/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_31.c cppfunc 65 data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7757 153312/config.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7758 153369/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7759 67313/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_10.c cppfunc 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7760 71420/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_13.c cppfunc 41 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7761 71443/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_63.c cppfunc 142 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7762 72327/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_08.c cppfunc 104 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7763 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c cppfunc 266 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 7764 149082/scpy8-good.c cppfunc 44 buf[MAXSIZE-1] = '\0'; printf("result: %s\n", buf); free(buf); 0 --------------------------------- 7765 152998/string.c cppfunc 96 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7766 152998/string.c cppfunc 94 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7767 153185/color.c cppfunc 601 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int caftan_deaccessioned = 53; char *dicksonia_blackjacks; stonesoup_read_taint(&dicksonia_blackjacks,"1955",caftan_deaccessioned); free(((char *)dicksonia_blackjacks)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&dicksonia_blackjacks,"1955",caftan_deaccessioned); free(((char *)dicksonia_blackjacks)); 0 --------------------------------- 7768 73049/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_10.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 7769 110349/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_65.c cppfunc 222 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_65b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7770 152956/bss_file.c cppfunc 126 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7771 153164/cmdline.c cppfunc 971 svn_error_t *svn_cmdline__edit_file_externally(const char *path,const char *editor_cmd,apr_hash_t *config,apr_pool_t *pool) const char *editor; svn_dirent_split(&base_dir,&file_name,path,pool); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char *file_name; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); apr_err = apr_filepath_set(old_cwd,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); 0 --------------------------------- 7772 149110/dble_free_loop-good.c inputfunc 29 if(fread(&r, sizeof r, 1, f) != 1) fclose(f); if(fclose(f) != 0) return r; f 0 --------------------------------- 7773 71437/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_51.c cppfunc 124 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7774 152868/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 7775 70519/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_34.c cppfunc 120 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7776 153329/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 7777 153709/ffmpeg.c cppfunc 421 signal(3,sigterm_handler); signal(2,sigterm_handler); signal(15,sigterm_handler); signal(24,sigterm_handler); 0 --------------------------------- 7778 72823/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_34.c cppfunc 75 CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_34_unionType myUnion; char * data = myUnion.unionSecond; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 7779 72385/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_18.c cppfunc 62 data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7780 72888/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68.c cppfunc 132 char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68_badData; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 7781 153513/utils.c cppfunc 4766 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; sid = (strtol(spec + 1,&endptr,0)); 0 --------------------------------- 7782 71186/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_21.c cppfunc 120 data = NULL; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; data = goodG2B2Source(data); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 7783 153178/color.c cppfunc 119 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7784 153178/color.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7785 72378/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_11.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7786 70659/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22.c cppfunc 479 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7787 71180/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_13.c cppfunc 72 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 7788 73728/CWE124_Buffer_Underwrite__CWE839_listen_socket_62.cpp cppfunc 321 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7789 70835/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_04.c cppfunc 99 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7790 153433/resowner.c cppfunc 693 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *aquatints_tumbrils; stonesoup_read_taint(&aquatints_tumbrils,"WITTE_ANAEROPLASTY"); crass_pyroborate = ((int )(strlen(aquatints_tumbrils))); adelomorphous_montparnasse = ((char *)(malloc(crass_pyroborate + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&aquatints_tumbrils,"WITTE_ANAEROPLASTY"); crass_pyroborate = ((int )(strlen(aquatints_tumbrils))); adelomorphous_montparnasse = ((char *)(malloc(crass_pyroborate + 1))); 0 --------------------------------- 7791 70506/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_11.c cppfunc 93 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7792 153194/tile-manager.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7793 153194/tile-manager.c cppfunc 61 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7794 153194/tile-manager.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7795 148881/packet-http.c cppfunc 2045 eh_ptr->content_type[i] = '\0'; c = eh_ptr->content_type[i]; if (c == ';' || isspace(c)) 0 --------------------------------- 7796 153101/resowner.c cppfunc 720 neatherd_mesomorph = getenv("SPHERULA_STOMATOTOMIES"); humbugs_locofocos = ((int )(strlen(neatherd_mesomorph))); strictish_wormship = ((char *)(malloc(humbugs_locofocos + 1))); memset(strictish_wormship,0,humbugs_locofocos + 1); memcpy(strictish_wormship,neatherd_mesomorph,humbugs_locofocos); innocent_instantiations = &strictish_wormship; thessa_gryllotalpa = innocent_instantiations + 5; free(((char *)( *(thessa_gryllotalpa - 5)))); 0 --------------------------------- 7797 153581/config_file.c cppfunc 908 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 7798 110546/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_73.cpp cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7799 73697/CWE124_Buffer_Underwrite__CWE839_listen_socket_04.c cppfunc 298 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7800 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c cppfunc 228 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 7801 153255/pmsignal.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7802 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c cppfunc 225 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 7803 73727/CWE124_Buffer_Underwrite__CWE839_listen_socket_61.c cppfunc 335 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7804 70512/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_17.c cppfunc 95 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7805 70513/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_18.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7806 153531/emem.c cppfunc 198 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7807 66544/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_41.c cppfunc 40 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7808 70462/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_15.c cppfunc 464 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7809 67342/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_66.c cppfunc 54 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7810 67745/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_61.cpp cppfunc 363 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7811 70645/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_06.c cppfunc 374 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7812 72454/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_66.c cppfunc 126 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7813 153498/mem_dbg.c cppfunc 465 char *deciatine_gotthard; stonesoup_read_taint(&deciatine_gotthard,"NONPECUNIARY_MELVERN"); fluoresceine_proration = ((int )(strlen(deciatine_gotthard))); wilt_snot = ((char *)(malloc(fluoresceine_proration + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&deciatine_gotthard,"NONPECUNIARY_MELVERN"); fluoresceine_proration = ((int )(strlen(deciatine_gotthard))); wilt_snot = ((char *)(malloc(fluoresceine_proration + 1))); 0 --------------------------------- 7814 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c inputfunc 47 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_badSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_badSink(CWE134_Uncontrolled_Format_String__char_console_vfprintf_67_structType myStruct); 0 --------------------------------- 7815 70425/CWE122_Heap_Based_Buffer_Overflow__CWE135_42.c cppfunc 79 dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; return data; data = goodG2BSource(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7816 152884/mem_dbg.c cppfunc 238 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7817 152884/mem_dbg.c cppfunc 234 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7818 72810/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_11.c cppfunc 71 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 7819 152922/column.c cppfunc 78 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 7820 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c cppfunc 228 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 7821 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c cppfunc 225 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 7822 153584/pmsignal.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7823 153401/e_camellia.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7824 153036/string.c inputfunc 120 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&commune_loudmouthed,"INFANGTHIEF_QUERELE"); if (commune_loudmouthed != 0) {; 0 --------------------------------- 7825 153401/e_camellia.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7826 70467/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22.c cppfunc 408 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7827 153080/main_statusbar.c cppfunc 171 int erl_reliers = 20; stonesoup_read_taint(&semiorbicularis_cobby,"3012",erl_reliers); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 7828 71499/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_74.cpp cppfunc 175 data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 7829 70415/CWE122_Heap_Based_Buffer_Overflow__CWE135_16.c cppfunc 111 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; memcpy(dest, data, (dataLen+1)); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 7830 72026/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_73.cpp cppfunc 151 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 7831 153546/dirent_uri.c cppfunc 111 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7832 153426/e_bf.c cppfunc 88 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7833 67409/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_10.c cppfunc 80 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7834 110799/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_08.cpp cppfunc 95 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7835 153395/color.c cppfunc 378 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 7836 70488/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68.c cppfunc 312 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7837 70992/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_17.c cppfunc 67 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 7838 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c cppfunc 86 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 7839 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c cppfunc 83 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 7840 153175/utils.c cppfunc 4243 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { *port_ptr = atoi(brk + 2); 0 --------------------------------- 7841 153165/cmdline.c cppfunc 111 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 7842 199234/buffer_overrun_dynamic.c cppfunc 130 double *buf=(double*) calloc(5,sizeof(double)); buf[i]=1.0; free(buf); 0 --------------------------------- 7843 62567/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_04.c cppfunc 43 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7844 153509/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7845 72728/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_41.c cppfunc 57 data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_41_goodG2BSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 7846 152895/color.c cppfunc 118 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7847 70869/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_65.c cppfunc 148 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_65b_goodG2BSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7848 73702/CWE124_Buffer_Underwrite__CWE839_listen_socket_09.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7849 153732/color.c cppfunc 373 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7850 153350/column-utils.c cppfunc 71 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7851 70496/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c cppfunc 35 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7852 153592/main_filter_toolbar.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7853 153792/gimpdisplay.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7854 153091/mux.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7855 153592/main_filter_toolbar.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7856 153792/gimpdisplay.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7857 153243/main_filter_toolbar.c cppfunc 260 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 7858 199235/buffer_underrun_dynamic.c cppfunc 701 char test[]="This is a test code"; char *newTest= (char*) malloc(10*sizeof(char)); memcpy (newTest,test,10); free(newTest); 0 --------------------------------- 7859 152999/tile-swap.c cppfunc 158 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7860 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c cppfunc 332 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51b_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 7861 153012/color.c cppfunc 346 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7862 153760/aviobuf.c cppfunc 69 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7863 153599/mem_dbg.c cppfunc 235 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7864 153760/aviobuf.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7865 153599/mem_dbg.c cppfunc 239 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7866 153119/bufmgr.c cppfunc 170 stonesoup_read_taint(&capotastos_yasuo,"PROMISE_UNTRIUMPHANTLY"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 7867 153119/bufmgr.c inputfunc 173 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&capotastos_yasuo,"PROMISE_UNTRIUMPHANTLY"); if (capotastos_yasuo != 0) {; schuit_ccitt . uncumbrously_silone = ((char *)capotastos_yasuo); inbreathed_decentralist = &schuit_ccitt; 0 --------------------------------- 7868 66255/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_34.c cppfunc 63 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7869 110354/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_73.cpp cppfunc 249 list dataList; data = 20; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int data = dataList.back(); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7870 110519/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_16.c cppfunc 163 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7871 153155/hashfn.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7872 71472/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_17.c cppfunc 74 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 7873 62573/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_10.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7874 153709/ffmpeg.c cppfunc 194 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7875 71931/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_74.cpp cppfunc 177 data = NULL; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) twoIntsStruct * data = dataMap[2]; memmove(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 7876 153247/conversation.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7877 153709/ffmpeg.c cppfunc 192 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7878 70509/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_14.c cppfunc 149 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7879 70660/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_31.c cppfunc 228 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7880 153042/color.c cppfunc 620 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *guv_rupicaprine) free(((char *)guv_rupicaprine)); 0 --------------------------------- 7881 71449/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_72.cpp cppfunc 151 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7882 70453/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_06.c cppfunc 424 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7883 153657/pgstat.c inputfunc 333 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&lamping_goban,"SOODLE_ORTHOCEPHALY"); if (lamping_goban != 0) {; paludous_oversetting . lludd_mensis = ((char *)lamping_goban); clitia_outgroups[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *phototelescope_lyncid)))))))))))))))))))))))))))))))))))))))))))))))))] = paludous_oversetting; burled_blepharydatis = clitia_outgroups[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *phototelescope_lyncid)))))))))))))))))))))))))))))))))))))))))))))))))]; cottbus_billows = ((char *)burled_blepharydatis . lludd_mensis); stonesoup_my_buff_size = ((int )(strlen(cottbus_billows))); for (; stonesoup_ss_i < stonesoup_my_buff_size; ++stonesoup_ss_i){ if (burled_blepharydatis . lludd_mensis != 0) free(((char *)burled_blepharydatis . lludd_mensis)); 0 --------------------------------- 7884 66269/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_65.c cppfunc 34 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7885 149223/use_after_free_container-bad.c cppfunc 35 container.foo.b[0] = 'S'; printf("%s\n", container.foo.b); free(container.foo.b); 0 --------------------------------- 7886 71290/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_43.cpp cppfunc 75 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7887 153787/dynahash.c cppfunc 252 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7888 69898/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_43.cpp cppfunc 29 data = new wchar_t[100]; badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 7889 70918/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_66.c cppfunc 134 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_66b_badSink(char * dataArray[]) char * data = dataArray[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7890 153447/color.c cppfunc 352 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7891 62948/CWE121_Stack_Based_Buffer_Overflow__CWE135_01.c cppfunc 74 data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 7892 66237/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_06.c cppfunc 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 7893 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c cppfunc 282 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 7894 153312/config.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7895 153460/utils.c cppfunc 3196 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); unsensitize_tophs = 1; modigliani_stampedes = ((char **)(((unsigned long )aldoketene_nignye) * unsensitize_tophs * unsensitize_tophs)) + 5; free(((char *)( *(modigliani_stampedes - 5)))); void stonesoup_handle_taint(char *coursey_ischuretic) aldoketene_nignye = &coursey_ischuretic; modigliani_stampedes = ((char **)(((unsigned long )aldoketene_nignye) * unsensitize_tophs * unsensitize_tophs)) + 5; free(((char *)( *(modigliani_stampedes - 5)))); 0 --------------------------------- 7896 149108/dble_free_local_flow-good.c cppfunc 52 unsigned int r; f = fopen("/dev/urandom", "rb"); if(fread(&r, sizeof r, 1, f) != 1) return r; vector[i] = (short)(getRand() % 256); vector = NULL; free(vector); 0 --------------------------------- 7897 72155/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_44.c cppfunc 65 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 7898 66939/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_72.cpp cppfunc 169 vector dataVector; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 7899 153633/bufmgr.c cppfunc 112 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7900 66645/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_51.c cppfunc 57 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7901 71286/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_33.cpp cppfunc 44 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7902 72122/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_73.cpp cppfunc 169 list dataList; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 7903 70496/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c cppfunc 150 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7904 110378/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_21.c cppfunc 144 data = 20; return data; data = -1; data = goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); static int goodG2B2Source(int data) return data; data = goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7905 153283/color.c cppfunc 348 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7906 153098/main_statusbar.c cppfunc 151 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7907 79455/CWE134_Uncontrolled_Format_String__char_console_printf_32.c inputfunc 111 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; *dataPtr1 = data; 0 --------------------------------- 7908 66360/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54.c cppfunc 57 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7909 153405/main_filter_toolbar.c cppfunc 111 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7910 153047/color.c cppfunc 361 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7911 153047/color.c cppfunc 363 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 7912 152915/bufmgr.c cppfunc 133 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 7913 153202/bio_err.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7914 153005/ffmpeg.c cppfunc 185 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 7915 153607/color.c cppfunc 363 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7916 153815/stream.c cppfunc 128 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7917 70456/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_09.c cppfunc 419 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7918 70402/CWE122_Heap_Based_Buffer_Overflow__CWE135_03.c cppfunc 111 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 7919 110514/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_11.c cppfunc 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7920 110681/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_61.cpp cppfunc 150 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7921 71161/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_72.cpp cppfunc 157 void badSink(vector dataVector) wchar_t * data = dataVector[2]; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 7922 153567/pmsignal.c cppfunc 117 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(salviniaceae_wiota)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 7923 153567/pmsignal.c cppfunc 119 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7924 73047/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_08.c cppfunc 81 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 7925 66329/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_02.c cppfunc 86 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7926 152943/types.c cppfunc 109 svn_error_t *svn_revnum_parse(svn_revnum_t *rev,const char *str,const char **endptr) char *end; svn_revnum_t result = strtol(str,&end,10); 0 --------------------------------- 7927 153211/mutex.c cppfunc 70 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7928 153476/column.c cppfunc 67 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7929 152891/color.c cppfunc 349 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7930 110338/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_43.cpp cppfunc 155 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7931 70648/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_09.c cppfunc 416 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7932 153346/img2.c cppfunc 73 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7933 153615/portalmem.c cppfunc 128 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7934 153014/error.c cppfunc 75 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7935 72090/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_11.c cppfunc 71 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 7936 70894/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_15.c cppfunc 79 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7937 69158/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_07.cpp cppfunc 99 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 7938 62709/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_02.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7939 70679/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67.c cppfunc 189 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7940 62592/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_45.c cppfunc 150 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7941 153304/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7942 70476/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_45.c cppfunc 174 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7943 63601/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_10.c cppfunc 75 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 7944 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c inputfunc 119 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = goodB2GSource(data); goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 7945 153740/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7946 110379/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22.c cppfunc 77 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22_goodG2B1Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7947 72404/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_64.c cppfunc 144 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7948 69732/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_05.cpp cppfunc 96 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 7949 73062/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_33.cpp cppfunc 66 char * &dataRef = data; char * data = dataRef; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 7950 66338/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_11.c cppfunc 86 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 7951 71355/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_74.cpp cppfunc 171 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7952 152885/color.c cppfunc 600 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *marakapas_upbrighten) free(((char *)marakapas_upbrighten)); 0 --------------------------------- 7953 153272/color.c cppfunc 593 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *malmock_incorrespondent) free(((char *)malmock_incorrespondent)); 0 --------------------------------- 7954 153499/color.c cppfunc 348 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7955 153327/e_camellia.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7956 153510/tile.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7957 72400/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54.c cppfunc 269 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54e_badSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 7958 153042/color.c cppfunc 357 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 7959 153042/color.c cppfunc 359 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 7960 67576/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_09.cpp cppfunc 96 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7961 69898/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_43.cpp cppfunc 56 data = new wchar_t[100]; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 7962 72883/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_63.c cppfunc 140 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 7963 110648/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_01.cpp cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7964 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c cppfunc 99 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 7965 153184/cryptlib.c inputfunc 217 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&schoolyard_unfluid,"SAMBOS_TUCKERMANITY"); if (schoolyard_unfluid != 0) {; 0 --------------------------------- 7966 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c cppfunc 96 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 7967 153100/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 7968 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c cppfunc 218 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 7969 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 7970 153208/e_camellia.c cppfunc 136 stonesoup_read_taint(¶magnetism_mahewu,"MARBLEIZING_PHOBOS"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 7971 71586/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_62.cpp cppfunc 58 data = (int64_t *)malloc(100*sizeof(int64_t)); memcpy(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 7972 153208/e_camellia.c inputfunc 139 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(¶magnetism_mahewu,"MARBLEIZING_PHOBOS"); if (paramagnetism_mahewu != 0) {; 0 --------------------------------- 7973 110318/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_07.c cppfunc 185 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 7974 62967/CWE121_Stack_Based_Buffer_Overflow__CWE135_22.c cppfunc 193 void CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodB2G1Sink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 7975 62967/CWE121_Stack_Based_Buffer_Overflow__CWE135_22.c cppfunc 190 void CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodB2G1Sink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 7976 110661/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_14.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7977 72755/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_04.c cppfunc 80 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 7978 153057/file_wrappers.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7979 65164/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_13.c cppfunc 93 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 7980 153057/file_wrappers.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7981 110676/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_45.cpp cppfunc 58 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 7982 153170/column-utils.c cppfunc 82 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 7983 153366/conf_mod.c cppfunc 157 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 7984 153029/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 7985 199275/invalid_memory_access.c cppfunc 616 invalid_memory_access_017_doubleptr_gbl=(char*) malloc(10*sizeof(char)); strcpy(invalid_memory_access_017_doubleptr_gbl,"TEST"); invalid_memory_access_017_func_002(); if(invalid_memory_access_017_func_001(flag) == 0) invalid_memory_access_017_func_003(); free(invalid_memory_access_017_doubleptr_gbl); 0 --------------------------------- 7986 72292/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_31.c cppfunc 65 data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7987 153129/color.c cppfunc 610 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *squillian_saturn) free(((char *)squillian_saturn)); 0 --------------------------------- 7988 70847/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_16.c cppfunc 69 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 7989 71428/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_31.c cppfunc 41 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 7990 73707/CWE124_Buffer_Underwrite__CWE839_listen_socket_14.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 7991 71019/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_74.cpp cppfunc 173 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 7992 153103/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 7993 153041/resowner.c cppfunc 159 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 7994 153041/resowner.c cppfunc 152 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 7995 148821/Element.cpp cppfunc 703 unsigned i = 0; i++; namedAttrMap->m_attributes.remove(i); 0 --------------------------------- 7996 153041/resowner.c cppfunc 156 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 7997 72058/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_43.cpp cppfunc 46 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 7998 70673/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_61.c cppfunc 151 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 7999 110363/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_04.c cppfunc 123 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8000 72120/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68.c cppfunc 151 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68b_goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68_goodG2BData; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 8001 71434/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_43.cpp cppfunc 46 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8002 72398/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52.c cppfunc 171 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52c_badSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8003 1294/nxt-ok.c cppfunc 511 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); 0 --------------------------------- 8004 153724/ffmpeg.c cppfunc 171 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8005 153543/bio_err.c cppfunc 117 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8006 70977/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_02.c cppfunc 89 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8007 153421/color.c cppfunc 390 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8008 153363/column-utils.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8009 153188/color.c cppfunc 336 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8010 153490/tile-swap.c cppfunc 148 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8011 71170/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_03.c cppfunc 72 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 8012 67745/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_61.cpp cppfunc 275 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8013 70458/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_11.c cppfunc 377 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8014 67605/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_65.cpp cppfunc 88 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8015 66271/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_67.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8016 153604/color.c cppfunc 362 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8017 153604/color.c cppfunc 364 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8018 72306/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_62.cpp cppfunc 62 data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8019 153233/bio_err.c cppfunc 94 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8020 70648/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_09.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8021 72341/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_32.c cppfunc 75 char * *dataPtr2 = &data; char * data = *dataPtr2; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8022 153213/dynahash.c cppfunc 258 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8023 153213/dynahash.c cppfunc 255 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8024 153213/dynahash.c cppfunc 251 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8025 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c inputfunc 109 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 8026 72970/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_43.cpp cppfunc 73 data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8027 153721/color.c cppfunc 602 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *impartibilibly_theogeological; stonesoup_read_taint(&impartibilibly_theogeological,"URTICA_UNDERBEAR"); free(((char *)impartibilibly_theogeological)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&impartibilibly_theogeological,"URTICA_UNDERBEAR"); free(((char *)impartibilibly_theogeological)); 0 --------------------------------- 8028 153491/stream.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8029 66250/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_21.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 8030 70664/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_41.c cppfunc 220 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8031 66625/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_10.c cppfunc 66 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8032 199276/invalid_memory_access.c cppfunc 510 char buf[][25]={"This is a String", str = invalid_memory_access_015_func_001(buf[j]); static char * invalid_memory_access_015_func_001 (char *str1) i = strlen(str1); str_rev = (char *) malloc(i+1); 0 --------------------------------- 8033 72156/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_45.c cppfunc 68 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8034 71015/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67.c cppfunc 158 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67_structType myStruct; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8035 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c cppfunc 225 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 8036 153202/bio_err.c cppfunc 110 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8037 72714/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_11.c cppfunc 90 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 8038 153607/color.c cppfunc 118 stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8039 152970/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8040 110832/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_68.cpp cppfunc 86 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8041 153329/avfilter.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8042 153329/avfilter.c cppfunc 77 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8043 71427/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22.c cppfunc 71 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8044 73077/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_65.c cppfunc 138 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_65b_goodG2BSink(char * data) strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 8045 110315/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_04.c cppfunc 160 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8046 110388/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_45.c cppfunc 85 int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_45_goodG2BData; data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_45_goodG2BData = data; goodG2BSink(); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8047 70661/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_32.c cppfunc 242 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8048 153482/color.c cppfunc 90 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8049 153482/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8050 152900/avdevice.c cppfunc 66 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8051 153309/mux.c cppfunc 469 jmp_buf proclivitous_rankle; splenatrophia_intraarterially = setjmp(proclivitous_rankle); longjmp(proclivitous_rankle,1); 0 --------------------------------- 8052 62727/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22.c cppfunc 173 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8053 153054/utf.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8054 110465/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_10.c cppfunc 103 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8055 153517/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8056 153517/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8057 153546/dirent_uri.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8058 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c cppfunc 120 char * *dataPtr2 = &data; char * data = *dataPtr2; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 8059 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c cppfunc 123 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 8060 70834/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_03.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8061 153535/avdevice.c cppfunc 41 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8062 153679/avdevice.c cppfunc 47 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8063 72082/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_03.c cppfunc 93 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 8064 66351/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_34.c cppfunc 68 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8065 153022/cmdutils.c inputfunc 1717 ret = (fread(( *bufptr),1, *size,f)); if (ret < *size) { av_free(( *bufptr)); if (ferror(f)) { fclose(f); 0 --------------------------------- 8066 66264/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8067 70524/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45.c cppfunc 111 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8068 70468/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_31.c cppfunc 267 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8069 72182/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_07.c cppfunc 83 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8070 67500/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_17.c cppfunc 73 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 8071 110520/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_17.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8072 153126/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8073 67428/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_45.c cppfunc 43 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8074 71017/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_72.cpp cppfunc 173 vector dataVector; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8075 73066/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_43.cpp cppfunc 69 data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 8076 152989/aviobuf.c cppfunc 1212 void stonesoup_handle_taint(char *casemaking_slavocracy) molopo_sojourning = ((int )(strlen(casemaking_slavocracy))); preinsured_stramineously = ((char *)(malloc(molopo_sojourning + 1))); 0 --------------------------------- 8077 70893/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_14.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8078 71395/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_63.c cppfunc 140 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 8079 72186/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_11.c cppfunc 77 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8080 79423/CWE134_Uncontrolled_Format_String__char_console_fprintf_65.c inputfunc 99 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 8081 148823/Element.cpp cppfunc 1500 CSSSelectorList selectorList; p.parseSelector(selector, document(), selectorList); if (!selectorList.first()) { if (selectorList.selectorsNeedNamespaceResolution()) { for (CSSSelector* selector = selectorList.first(); selector; selector = CSSSelectorList::next(selector)) { if (selectorChecker.checkSelector(selector, this)) for (CSSSelector* selector = selectorList.first(); selector; selector = CSSSelectorList::next(selector)) { 0 --------------------------------- 8082 153325/aviobuf.c cppfunc 1031 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *jazziness_aroynted; stonesoup_read_taint(&jazziness_aroynted,"FAIL_PICHICIEGO"); columniferous_taborite = ((int )(strlen(jazziness_aroynted))); memcpy(bushmaster_cachucho,jazziness_aroynted,columniferous_taborite); free(((char *)jazziness_aroynted)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&jazziness_aroynted,"FAIL_PICHICIEGO"); columniferous_taborite = ((int )(strlen(jazziness_aroynted))); memcpy(bushmaster_cachucho,jazziness_aroynted,columniferous_taborite); free(((char *)jazziness_aroynted)); 0 --------------------------------- 8083 152883/avpacket.c cppfunc 44 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8084 62964/CWE121_Stack_Based_Buffer_Overflow__CWE135_17.c cppfunc 94 data = NULL; data = (void *)CHAR_STRING; memcpy(dest, data, (dataLen+1)); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 8085 62964/CWE121_Stack_Based_Buffer_Overflow__CWE135_17.c cppfunc 97 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8086 153751/color.c cppfunc 331 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8087 153751/color.c cppfunc 333 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8088 153229/string.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8089 153224/error.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8090 153224/error.c cppfunc 88 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8091 67724/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_13.cpp cppfunc 194 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8092 153642/tile-swap.c cppfunc 138 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8093 199234/buffer_overrun_dynamic.c cppfunc 94 long *buf=(long*) calloc(5,sizeof(long)); buf[i]=1; free(buf); 0 --------------------------------- 8094 153642/tile-swap.c cppfunc 134 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8095 72171/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_74.cpp cppfunc 171 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8096 153689/tile-manager.c cppfunc 102 stonesoup_read_taint(&theistical_abbott,"ULTRAROYALISM_LIQUIDUS"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 8097 153504/e_bf.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8098 153689/tile-manager.c inputfunc 105 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&theistical_abbott,"ULTRAROYALISM_LIQUIDUS"); if (theistical_abbott != 0) {; 0 --------------------------------- 8099 73712/CWE124_Buffer_Underwrite__CWE839_listen_socket_21.c cppfunc 329 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8100 148881/tshark.c cppfunc 3159 va_list ap; va_start(ap, fmt); failure_message(fmt, ap); static void failure_message(const char *msg_format, va_list ap); va_end(ap); 0 --------------------------------- 8101 72719/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_16.c cppfunc 56 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 8102 110377/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_18.c cppfunc 83 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8103 153515/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8104 72285/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_14.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8105 153066/portalmem.c cppfunc 126 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8106 148966/emem.c cppfunc 2007 emem_tree_lookup_string(emem_tree_t* se_tree, const gchar* k, guint32 flags) guint32 len = (guint) strlen(k); ch = (unsigned char)k[i]; if(isupper(ch)) { 0 --------------------------------- 8107 70440/CWE122_Heap_Based_Buffer_Overflow__CWE135_68.c cppfunc 176 void * data = CWE122_Heap_Based_Buffer_Overflow__CWE135_68_goodG2BData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8108 152977/types.c cppfunc 380 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *siliquiform_ammadas) quatch_foregrounds = ((int )(strlen(siliquiform_ammadas))); nitrifaction_prorogues = ((char *)(malloc(quatch_foregrounds + 1))); 0 --------------------------------- 8109 152977/types.c cppfunc 388 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *siliquiform_ammadas) quatch_foregrounds = ((int )(strlen(siliquiform_ammadas))); memcpy(nitrifaction_prorogues,siliquiform_ammadas,quatch_foregrounds); free(((char *)siliquiform_ammadas)); 0 --------------------------------- 8110 152951/mux.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8111 199276/invalid_memory_access.c cppfunc 356 invalid_memory_access_012_s_001 *s; s = (invalid_memory_access_012_s_001 *)calloc(1,sizeof(invalid_memory_access_012_s_001)); s->a = 10; s->b = 10; s->uninit = 10; free(s); 0 --------------------------------- 8112 70938/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_11.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 8113 1302/main.c cppfunc 76 int main(int argc, char **argv){ temp = fopen (argv[1], "r"); assert (temp != NULL); 0 --------------------------------- 8114 70953/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_42.c cppfunc 73 data = (char *)malloc((10+1)*sizeof(char)); return data; data = goodG2BSource(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 8115 110536/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54.c cppfunc 441 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54e_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8116 70942/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_15.c cppfunc 105 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 8117 66526/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_07.c cppfunc 67 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8118 67712/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_01.cpp cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8119 110509/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_06.c cppfunc 170 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8120 153181/mux.c cppfunc 114 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8121 153181/mux.c cppfunc 112 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8122 62984/CWE121_Stack_Based_Buffer_Overflow__CWE135_64.c cppfunc 179 data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_goodB2GSink(&data); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); void CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_goodB2GSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8123 70737/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_02.c cppfunc 70 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8124 62984/CWE121_Stack_Based_Buffer_Overflow__CWE135_64.c cppfunc 176 data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_goodB2GSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_goodB2GSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 8125 70988/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_13.c cppfunc 89 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8126 70644/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_05.c cppfunc 464 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8127 153829/color.c cppfunc 365 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8128 153829/color.c cppfunc 363 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8129 66640/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_41.c cppfunc 45 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8130 65198/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_07.c cppfunc 78 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 8131 152978/column-utils.c cppfunc 134 void alniresinol_poeticising(char *discretely_pivotmen) czaric_nudenesses = ((char *)discretely_pivotmen); stonesoup_buffer = malloc((strlen(czaric_nudenesses) + 1) * sizeof(char )); strcpy(stonesoup_buffer,czaric_nudenesses); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 8132 70487/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67.c cppfunc 382 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8133 72325/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_06.c cppfunc 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8134 70420/CWE122_Heap_Based_Buffer_Overflow__CWE135_31.c cppfunc 100 wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; void * dataCopy = data; void * data = dataCopy; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8135 153566/color.c cppfunc 348 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8136 72743/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67.c cppfunc 152 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67_structType myStruct; data[50-1] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 8137 66333/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_06.c cppfunc 70 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8138 66525/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_06.c cppfunc 35 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8139 72006/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_33.cpp cppfunc 44 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8140 153507/color.c cppfunc 370 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8141 153798/cmdline.c cppfunc 90 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8142 71450/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_73.cpp cppfunc 151 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8143 79463/CWE134_Uncontrolled_Format_String__char_console_printf_51.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_51b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_51b_badSink(char * data); 0 --------------------------------- 8144 153641/timestamp.c cppfunc 55 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8145 72827/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_44.c cppfunc 63 static void goodG2BSink(char * data) strcat(data, source); printLine(data); free(data); 0 --------------------------------- 8146 110469/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_14.c cppfunc 103 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8147 1294/create_msg_file.c cppfunc 96 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); 0 --------------------------------- 8148 71440/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54.c cppfunc 290 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8149 72764/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_13.c cppfunc 73 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 8150 67606/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_66.cpp cppfunc 42 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8151 72814/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_15.c cppfunc 106 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 8152 153292/config.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8153 70770/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_62.cpp cppfunc 65 data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8154 153807/utils.c cppfunc 110 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8155 153224/error.c cppfunc 102 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8156 63795/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_04.c cppfunc 104 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 8157 153402/color.c cppfunc 366 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8158 153479/file_wrappers.c cppfunc 117 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8159 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c cppfunc 100 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 8160 110833/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_72.cpp cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8161 72795/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_74.cpp cppfunc 171 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 8162 153515/color.c cppfunc 379 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8163 110539/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_63.c cppfunc 255 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_63b_goodG2BSink(&data); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_63b_goodG2BSink(int * dataPtr) int data = *dataPtr; intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8164 199236/buffer_underrun_dynamic.c cppfunc 443 *(buf-0) = 1; int *buf=(int*) calloc(5,sizeof(int)); dynamic_buffer_underrun_024_func_001(buf); free(buf); void dynamic_buffer_underrun_024_func_001 (int *buf) free(buf); 0 --------------------------------- 8165 152918/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&nondefeat_elevatingly,"KELLINA_PENURIOUSLY"); if (nondefeat_elevatingly != 0) {; tossers_choppin = ((char *)nondefeat_elevatingly); strncpy(stonesoup_source, tossers_choppin, sizeof(stonesoup_source)); if (nondefeat_elevatingly != 0) free(((char *)nondefeat_elevatingly)); 0 --------------------------------- 8166 72945/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_02.c cppfunc 93 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8167 67579/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_12.cpp cppfunc 146 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8168 73735/CWE124_Buffer_Underwrite__CWE839_listen_socket_72.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8169 153504/e_bf.c cppfunc 112 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8170 153504/e_bf.c cppfunc 114 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8171 70464/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_17.c cppfunc 233 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8172 71498/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_73.cpp cppfunc 156 void badSink(list dataList) char * data = dataList.back(); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 8173 153253/color.c cppfunc 337 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8174 153253/color.c cppfunc 335 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8175 152917/cmdutils.c cppfunc 879 time_t now; time(&now); tm = localtime((&now)); 0 --------------------------------- 8176 62717/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_10.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8177 71016/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68.c cppfunc 138 wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68_badData; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8178 153616/mux.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8179 110480/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_41.c cppfunc 65 intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_41_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_41_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8180 67720/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_09.cpp inputfunc 209 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 8181 153337/img2.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8182 152963/pmsignal.c cppfunc 121 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8183 110512/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_09.c cppfunc 166 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8184 153426/e_bf.c cppfunc 113 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8185 72164/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_64.c cppfunc 148 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8186 66571/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_04.c cppfunc 68 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8187 66297/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_18.c cppfunc 55 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8188 67511/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_10.c cppfunc 85 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 8189 153394/error.c cppfunc 76 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8190 66110/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_33.cpp cppfunc 71 wchar_t * &dataRef = data; wchar_t * data = dataRef; dataLen = wcslen(data); 0 --------------------------------- 8191 72417/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_02.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8192 72180/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_05.c cppfunc 84 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8193 148881/tshark.c API 1694 pipe_timer_cb(gpointer data) DWORD avail = 0; handle = (HANDLE) _get_osfhandle (pipe_input->source); result = PeekNamedPipe(handle, NULL, 0, NULL, &avail, NULL); if (!pipe_input->input_cb(pipe_input->source, pipe_input->user_data)) { handle = (HANDLE) _get_osfhandle (pipe_input->source); result = PeekNamedPipe(handle, NULL, 0, NULL, &avail, NULL); 0 --------------------------------- 8194 67332/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_45.c cppfunc 71 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8195 66364/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_64.c cppfunc 56 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8196 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c cppfunc 79 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 8197 153608/hashfn.c cppfunc 74 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8198 153770/color.c cppfunc 353 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8199 72419/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_04.c cppfunc 76 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8200 67575/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_08.cpp cppfunc 53 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8201 72843/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_74.cpp cppfunc 150 void badSink(map dataMap) char * data = dataMap[2]; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 8202 153614/utils.c cppfunc 74 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8203 152924/column.c inputfunc 120 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&pugmiller_chaetangiaceae,"SAYE_TRACHEARIA"); if (pugmiller_chaetangiaceae != 0) {; 0 --------------------------------- 8204 72295/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_34.c cppfunc 73 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_34_unionType myUnion; char * data = myUnion.unionSecond; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8205 71883/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_74.cpp cppfunc 177 data = NULL; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) twoIntsStruct * data = dataMap[2]; memcpy(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 8206 153468/utils.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8207 153468/utils.c cppfunc 83 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8208 70515/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22.c cppfunc 99 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8209 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c cppfunc 228 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 8210 66372/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_81a.cpp cppfunc 48 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8211 153696/config.c cppfunc 110 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8212 153131/color.c cppfunc 90 stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8213 153131/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8214 153103/color.c cppfunc 118 stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8215 66352/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_41.c cppfunc 45 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8216 72371/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_04.c cppfunc 97 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8217 67723/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_12.cpp inputfunc 243 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 8218 152933/column-utils.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8219 62747/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67.c cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8220 69165/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_14.cpp cppfunc 94 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 8221 153225/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8222 153225/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8223 152922/column.c cppfunc 56 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8224 153225/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8225 72871/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_34.c cppfunc 75 CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_34_unionType myUnion; char * data = myUnion.unionSecond; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8226 148966/emem.c cppfunc 1954 emem_tree_insert_string(emem_tree_t* se_tree, const gchar* k, void* v, guint32 flags) guint32 len = (guint32) strlen(k); ch = (unsigned char)k[i]; if(isupper(ch)) { 0 --------------------------------- 8227 72301/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_51.c cppfunc 139 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_51b_goodG2BSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8228 70681/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_72.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8229 67720/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_09.cpp inputfunc 321 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 8230 72207/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53.c cppfunc 245 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53d_badSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8231 71380/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_31.c cppfunc 67 data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 8232 72856/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_09.c cppfunc 71 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8233 153769/utils.c cppfunc 4852 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; sid = (strtol(spec + 1,&endptr,0)); 0 --------------------------------- 8234 153690/gimpviewable.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8235 66293/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_14.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8236 153153/subtrans.c cppfunc 340 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int zoomastigoda_overembellishes = 91; char *pentstock_hypoergic; stonesoup_read_taint(&pentstock_hypoergic,"6829",zoomastigoda_overembellishes); ellie_belsire = pentstock_hypoergic; free(((char *)ellie_belsire)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&pentstock_hypoergic,"6829",zoomastigoda_overembellishes); ellie_belsire = pentstock_hypoergic; free(((char *)ellie_belsire)); 0 --------------------------------- 8237 153376/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8238 70979/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_04.c cppfunc 77 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8239 71378/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_21.c cppfunc 92 static char * goodG2B1Source(char * data) data = NULL; data = goodG2B1Source(data); data[0] = '\0'; return data; data = goodG2B1Source(data); strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 8240 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c cppfunc 151 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 8241 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c cppfunc 154 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 8242 153601/color.c cppfunc 161 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int reiced_sealant = 44; char *reprotest_tigerfishes; stonesoup_read_taint(&reprotest_tigerfishes,"7362",reiced_sealant); protuberances_dragonwort = ((char *)reprotest_tigerfishes); stonesoup_buffer = malloc((strlen(protuberances_dragonwort) + 1) * sizeof(char )); strcpy(stonesoup_buffer,protuberances_dragonwort); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&reprotest_tigerfishes,"7362",reiced_sealant); protuberances_dragonwort = ((char *)reprotest_tigerfishes); stonesoup_buffer = malloc((strlen(protuberances_dragonwort) + 1) * sizeof(char )); strcpy(stonesoup_buffer,protuberances_dragonwort); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); 0 --------------------------------- 8243 153164/cmdline.c cppfunc 1149 e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char **tmpfile_left,const char *editor_cmd, const svn_string_t *contents,const char *filename,apr_hash_t *config,svn_boolean_t as_text,const char *encoding,apr_pool_t *pool) const char *editor; const char *tmpfile_native; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); svn_error_t *svn_err__temp = svn_subst_translate_cstring2(contents -> data,&translated,"\n",0,((void *)0),0,pool); translated_contents = svn_string_create_empty(pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8_ex2(&translated_contents -> data,translated,encoding,pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8(&translated_contents -> data,translated,pool); translated_contents = svn_string_dup(contents,pool); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); svn_error_t *svn_err__temp = svn_io_temp_dir(&base_dir,pool); svn_error_t *svn_err__temp = svn_path_cstring_from_utf8(&temp_dir_apr,base_dir,pool); apr_err = apr_filepath_set(temp_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); err = svn_path_cstring_from_utf8(&tmpfile_apr,tmpfile_name,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x10,pool); apr_file_mtime_set(tmpfile_apr,finfo_before . mtime - 2000,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x00000010 | 0x00000100,pool); err = svn_utf_cstring_from_utf8(&tmpfile_native,tmpfile_name,pool); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); 0 --------------------------------- 8244 66308/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_45.c cppfunc 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8245 66564/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_81a.cpp cppfunc 48 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8246 70501/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_06.c cppfunc 154 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8247 72273/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_02.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8248 148881/emem.c cppfunc 1534 emem_tree_lookup_string(emem_tree_t* se_tree, const gchar* k, guint32 flags) guint32 len = (guint) strlen(k); guint32 div = (len+3)/4+1; aligned = malloc(div * sizeof (guint32)); 0 --------------------------------- 8249 72164/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_64.c cppfunc 125 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8250 153273/cmdutils.c cppfunc 886 int opt_max_alloc(void *optctx,const char *opt,const char *arg) char *tail; max = (strtol(arg,&tail,'\n')); 0 --------------------------------- 8251 63602/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_11.c cppfunc 75 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 8252 153330/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8253 153353/color.c cppfunc 364 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8254 153353/color.c cppfunc 362 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8255 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c inputfunc 163 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 8256 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c cppfunc 231 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 8257 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c cppfunc 234 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 8258 66346/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_21.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 8259 70884/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_05.c cppfunc 99 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8260 153771/main_filter_toolbar.c cppfunc 490 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int skyborne_mattoir = 91; char *ensnares_claman; stonesoup_read_taint(&ensnares_claman,"5024",skyborne_mattoir); keggmiengg_frankforter . centaurus_unprismatical = ((char *)ensnares_claman); trundler_daedalid(keggmiengg_frankforter); void trundler_daedalid(const struct stentors_friskers tubercularness_khrushchev) free(((char *)((struct stentors_friskers )tubercularness_khrushchev) . centaurus_unprismatical)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&ensnares_claman,"5024",skyborne_mattoir); keggmiengg_frankforter . centaurus_unprismatical = ((char *)ensnares_claman); trundler_daedalid(keggmiengg_frankforter); 0 --------------------------------- 8261 153215/pgstat.c cppfunc 282 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8262 110477/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_32.c cppfunc 83 int *dataPtr2 = &data; int data = *dataPtr2; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8263 152903/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8264 67508/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_07.c cppfunc 90 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 8265 72965/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_32.c cppfunc 77 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8266 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c cppfunc 397 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 8267 66574/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_07.c cppfunc 67 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8268 153395/color.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8269 71397/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_65.c cppfunc 142 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_65b_goodG2BSink(char * data) strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 8270 199233/buffer_overrun_dynamic.c cppfunc 583 ptr1[11]='\0'; memcpy(ptr2,ptr1,12); free(ptr1); 0 --------------------------------- 8271 153269/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8272 72771/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22.c cppfunc 71 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B1Source(data); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 8273 153414/dirent_uri.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8274 69741/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_14.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 8275 72884/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_64.c cppfunc 124 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8276 72208/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54.c cppfunc 318 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54e_goodG2BSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8277 71379/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22.c cppfunc 89 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_goodG2B2Source(char * data) data[0] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_goodG2B2Source(data); strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 8278 67582/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_15.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8279 199236/buffer_underrun_dynamic.c cppfunc 131 double *buf=(double*) calloc(5,sizeof(double)); buf[i]=1.0; free(buf); 0 --------------------------------- 8280 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c cppfunc 144 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 8281 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c cppfunc 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 8282 70758/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_33.cpp cppfunc 69 char * &dataRef = data; char * data = dataRef; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8283 153703/tile-swap.c cppfunc 142 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 8284 153027/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8285 70644/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_05.c cppfunc 86 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8286 63644/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_13.c cppfunc 73 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 8287 67758/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_83_goodB2G.cpp cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8288 153534/string.c cppfunc 576 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int maunderer_kidneys = 44; char *morfounder_settles; stonesoup_read_taint(&morfounder_settles,"1773",maunderer_kidneys); luca_sangu = ((int )(strlen(morfounder_settles))); scabrin_laocoon = ((char *)(malloc(luca_sangu + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&morfounder_settles,"1773",maunderer_kidneys); luca_sangu = ((int )(strlen(morfounder_settles))); scabrin_laocoon = ((char *)(malloc(luca_sangu + 1))); 0 --------------------------------- 8289 66607/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_67.c cppfunc 58 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8290 62977/CWE121_Stack_Based_Buffer_Overflow__CWE135_51.c cppfunc 151 void CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 8291 62977/CWE121_Stack_Based_Buffer_Overflow__CWE135_51.c cppfunc 154 void CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8292 153790/mem_dbg.c cppfunc 224 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8293 70896/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_17.c cppfunc 69 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8294 153790/mem_dbg.c cppfunc 228 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8295 71176/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_09.c cppfunc 72 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 8296 67404/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_05.c cppfunc 67 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8297 153620/color.c cppfunc 614 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *carthy_numinously) free(((char *)carthy_numinously)); 0 --------------------------------- 8298 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c cppfunc 120 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 8299 72736/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54.c cppfunc 269 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54e_badSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 8300 153657/pgstat.c cppfunc 308 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8301 72177/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_02.c cppfunc 99 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8302 153047/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8303 153047/color.c cppfunc 120 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8304 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c cppfunc 467 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53d_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 8305 153621/avdevice.c cppfunc 39 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8306 67504/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_03.c cppfunc 85 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 8307 110545/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_72.cpp cppfunc 239 void badSink(vector dataVector) int data = dataVector[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8308 72408/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68.c cppfunc 149 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68_goodG2BData; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8309 70467/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22.c cppfunc 362 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8310 152923/portalmem.c cppfunc 1045 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *hyperopia_hamburg;; stonesoup_read_taint(&hyperopia_hamburg,"GOVERNABILITY_TOLING"); warriorwise_ratoon = ((void *)hyperopia_hamburg); AGPAITIC_DERMOHEMAL(warriorwise_ratoon); void dacryolite_emissaria(void *pyridone_aguamiel) free(((char *)((char *)pyridone_aguamiel))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&hyperopia_hamburg,"GOVERNABILITY_TOLING"); warriorwise_ratoon = ((void *)hyperopia_hamburg); AGPAITIC_DERMOHEMAL(warriorwise_ratoon); 0 --------------------------------- 8311 73736/CWE124_Buffer_Underwrite__CWE839_listen_socket_73.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8312 153241/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8313 153597/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8314 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c cppfunc 434 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 8315 153708/bss_file.c cppfunc 131 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8316 70666/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_43.cpp inputfunc 244 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 8317 70963/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_63.c cppfunc 128 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 8318 70875/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_74.cpp cppfunc 157 void badSink(map dataMap) char * data = dataMap[2]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8319 67604/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_64.cpp cppfunc 41 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8320 70466/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_21.c cppfunc 380 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8321 153581/config_file.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8322 153581/config_file.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8323 67509/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_08.c cppfunc 98 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); if(staticReturnsTrue()) charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 8324 73696/CWE124_Buffer_Underwrite__CWE839_listen_socket_03.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8325 70890/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_11.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8326 71418/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_11.c cppfunc 73 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8327 153049/subtrans.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8328 153202/bio_err.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8329 153152/eng_table.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8330 66313/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_61.c cppfunc 137 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 8331 153132/color.c cppfunc 369 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8332 72097/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_18.c cppfunc 64 data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 8333 153283/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8334 153283/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8335 73004/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_13.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 8336 153283/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8337 153397/resowner.c cppfunc 171 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8338 62726/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_21.c cppfunc 107 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8339 72974/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52.c cppfunc 172 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52c_badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8340 153487/error.c cppfunc 76 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8341 70652/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_13.c cppfunc 458 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8342 153801/tile-manager.c cppfunc 943 void stonesoup_handle_taint(char *ignominy_byrlawmen) reticularly_theromorphia = icecraft_milacre(ignominy_byrlawmen); char *icecraft_milacre(char *thrax_disprepare) return thrax_disprepare; reticularly_theromorphia = icecraft_milacre(ignominy_byrlawmen); free(((char *)reticularly_theromorphia)); 0 --------------------------------- 8343 153254/conf_mod.c cppfunc 145 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8344 152955/timestamp.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8345 152955/timestamp.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8346 153823/string.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8347 153001/avpacket.c inputfunc 104 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&fugaciously_steganopod,"LEVANTINE_REGINAS"); if (fugaciously_steganopod != 0) {; searcherlike_hesitating . collaterally_syzran = fugaciously_steganopod; pallia_defoliates = &searcherlike_hesitating; philocathartic_pteridospermae = ((union ascaricidal_richmonddale *)(((unsigned long )pallia_defoliates) * boathouses_trigeminous * boathouses_trigeminous)) + 5; 0 --------------------------------- 8348 67316/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_13.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8349 66661/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_82a.cpp cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8350 70675/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_63.c cppfunc 392 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8351 153509/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 8352 72586/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_43.cpp cppfunc 71 data[50-1] = L'\0'; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 8353 153035/avdevice.c cppfunc 43 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8354 70428/CWE122_Heap_Based_Buffer_Overflow__CWE135_45.c cppfunc 70 dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_45_goodG2BData = data; goodG2BSink(); void * data = CWE122_Heap_Based_Buffer_Overflow__CWE135_45_goodG2BData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8355 72204/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_45.c cppfunc 72 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_45_goodG2BData; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8356 153501/e_camellia.c inputfunc 138 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&bluffly_bluegums,"CLYTIUS_DERMESTES"); if (bluffly_bluegums != 0) {; multifarously_warbeck = ((int )(strlen(bluffly_bluegums))); quaterion_congruence = ((char *)(malloc(multifarously_warbeck + 1))); if (quaterion_congruence == 0) { memcpy(quaterion_congruence,bluffly_bluegums,multifarously_warbeck); if (bluffly_bluegums != 0) free(((char *)bluffly_bluegums)); 0 --------------------------------- 8357 153526/pgstat.c cppfunc 293 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 8358 72821/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_32.c cppfunc 77 char * *dataPtr2 = &data; char * data = *dataPtr2; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 8359 62983/CWE121_Stack_Based_Buffer_Overflow__CWE135_63.c cppfunc 170 data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_goodB2GSink(&data); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); void CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_goodB2GSink(void * * dataPtr) void * data = *dataPtr; memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8360 153603/ffmpeg.c cppfunc 1020 fprintf(vstats_file,"PSNR= %6.2f ",psnr(enc -> coded_frame -> error[0] / ((enc -> width * enc -> height) * 255.0 * 255.0))); double error_sum = 0; double scale_sum = 0; error = enc -> error[j]; error = enc -> coded_frame -> error[j]; scale /= 4; scale_sum += scale; p = psnr(error / scale); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; scale = (enc -> width * enc -> height) * 255.0 * 255.0; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); error_sum += error; p = psnr(error_sum / scale_sum); 0 --------------------------------- 8361 66290/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_11.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8362 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c cppfunc 368 CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType myStruct; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67b_goodB2GSink(myStruct); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67b_goodB2GSink(CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType myStruct) char * data = myStruct.structFirst; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 8363 66541/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_32.c cppfunc 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8364 72439/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_34.c cppfunc 73 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_34_unionType myUnion; char * data = myUnion.unionSecond; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8365 153396/avfilter.c cppfunc 52 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8366 153299/bio_err.c cppfunc 121 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(synchromist_serglobulin)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8367 67282/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_43.cpp cppfunc 68 data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 8368 153299/bio_err.c cppfunc 123 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8369 153797/resowner.c cppfunc 178 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8370 152909/column-utils.c cppfunc 91 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8371 152980/conversation.c cppfunc 1250 ictonyx_clad = gualtiero_harmonizable(marbleizer_imitatress); HILLSVILLE_REOBLIGING(ictonyx_clad); void lexological_nonpressing(void *resistive_sotadean) free(((char *)((char *)resistive_sotadean))); 0 --------------------------------- 8372 110504/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_01.c cppfunc 77 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8373 70418/CWE122_Heap_Based_Buffer_Overflow__CWE135_21.c cppfunc 144 dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; goodG2BSink(data); static void goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8374 153430/string.c cppfunc 86 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8375 72192/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_17.c cppfunc 74 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8376 70968/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68.c cppfunc 157 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68_goodG2BData; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 8377 110508/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_05.c cppfunc 199 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8378 199276/invalid_memory_access.c cppfunc 599 invalid_memory_access_016_doubleptr_gbl=(char**) malloc(10*sizeof(char*)); invalid_memory_access_016_doubleptr_gbl[i]=(char*) malloc(10*sizeof(char)); strcpy(invalid_memory_access_016_doubleptr_gbl[i],"STRING00"); printf("invalid gbl= %s \n",invalid_memory_access_016_doubleptr_gbl[0]); strcpy(s,invalid_memory_access_016_doubleptr_gbl[0]); invalid_memory_access_016_func_002(); if(invalid_memory_access_016_func_001(flag)==0) invalid_memory_access_016_func_003(); free (invalid_memory_access_016_doubleptr_gbl[i]); free(invalid_memory_access_016_doubleptr_gbl); 0 --------------------------------- 8379 73061/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_32.c cppfunc 73 char * *dataPtr2 = &data; char * data = *dataPtr2; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 8380 153702/config.c cppfunc 82 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8381 153519/cmdline.c cppfunc 907 svn_error_t *svn_cmdline__edit_file_externally(const char *path,const char *editor_cmd,apr_hash_t *config,apr_pool_t *pool) const char *editor; const char *file_name; svn_dirent_split(&base_dir,&file_name,path,pool); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); apr_err = apr_filepath_set(old_cwd,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); 0 --------------------------------- 8382 70642/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_03.c cppfunc 458 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8383 149225/use_after_free_@buffer-bad.c cppfunc 26 char *str[1] = {(char *)NULL}; if ((*str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(*str, "Falut!"); **str = 'S'; printf("%s\n", *str); free(*str); 0 --------------------------------- 8384 71786/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_73.cpp cppfunc 142 void badSink(list dataList) int * data = dataList.back(); memmove(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 8385 69218/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_21.cpp cppfunc 126 static wchar_t * goodG2B2Source(wchar_t * data) data[0] = L'\0'; data = NULL; data = goodG2B2Source(data); return data; data = goodG2B2Source(data); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 8386 72992/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_01.c cppfunc 56 data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 8387 153399/cmdline.c cppfunc 1093 e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char **tmpfile_left,const char *editor_cmd, const svn_string_t *contents,const char *filename,apr_hash_t *config,svn_boolean_t as_text,const char *encoding,apr_pool_t *pool) const char *editor; const char *tmpfile_native; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); svn_error_t *svn_err__temp = svn_subst_translate_cstring2(contents -> data,&translated,"\n",0,((void *)0),0,pool); translated_contents = svn_string_create_empty(pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8_ex2(&translated_contents -> data,translated,encoding,pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8(&translated_contents -> data,translated,pool); translated_contents = svn_string_dup(contents,pool); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); svn_error_t *svn_err__temp = svn_io_temp_dir(&base_dir,pool); svn_error_t *svn_err__temp = svn_path_cstring_from_utf8(&temp_dir_apr,base_dir,pool); apr_err = apr_filepath_set(temp_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); err = svn_path_cstring_from_utf8(&tmpfile_apr,tmpfile_name,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x10,pool); apr_file_mtime_set(tmpfile_apr,finfo_before . mtime - 2000,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x00000010 | 0x00000100,pool); err = svn_utf_cstring_from_utf8(&tmpfile_native,tmpfile_name,pool); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); 0 --------------------------------- 8388 71432/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_41.c cppfunc 61 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8389 72443/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_44.c cppfunc 61 static void goodG2BSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8390 73726/CWE124_Buffer_Underwrite__CWE839_listen_socket_54.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8391 70484/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_64.c cppfunc 375 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8392 110390/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_52.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8393 73732/CWE124_Buffer_Underwrite__CWE839_listen_socket_66.c cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8394 67575/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_08.cpp cppfunc 109 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8395 153419/avfilter.c cppfunc 59 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8396 153680/color.c cppfunc 357 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8397 153419/avfilter.c cppfunc 50 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8398 67309/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_06.c cppfunc 84 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8399 70454/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_07.c cppfunc 382 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8400 79474/CWE134_Uncontrolled_Format_String__char_console_printf_68.c inputfunc 45 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_68_badData = data; 0 --------------------------------- 8401 72118/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_66.c cppfunc 127 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 8402 153241/color.c cppfunc 600 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int multilobular_libanophorous = 20; char *discommoning_memorablenesses; stonesoup_read_taint(&discommoning_memorablenesses,"9011",multilobular_libanophorous); free(((char *)discommoning_memorablenesses)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&discommoning_memorablenesses,"9011",multilobular_libanophorous); free(((char *)discommoning_memorablenesses)); 0 --------------------------------- 8403 70647/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_08.c cppfunc 205 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8404 199254/double_free.c cppfunc 40 char* ptr= (char*) malloc(10*sizeof(char)); ptr[i]='a'; free(ptr); free(ptr); 0 --------------------------------- 8405 72457/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_72.cpp cppfunc 167 vector dataVector; data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8406 70503/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_08.c cppfunc 143 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8407 153402/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8408 67298/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_73.cpp cppfunc 164 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 8409 199234/buffer_overrun_dynamic.c cppfunc 76 int *buf=(int*) calloc(5,sizeof(int)); *(buf+4) = 1; free(buf); 0 --------------------------------- 8410 153264/types.c inputfunc 99 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&mamaroneck_agnominal,"AYS_MOTE"); if (mamaroneck_agnominal != 0) {; sthenias_subcompact[5] = mamaroneck_agnominal; nobut_insurrectory = *(sthenias_subcompact + *uncensorable_empyrean); GLANDES_STHENIAS(nobut_insurrectory); void sallee_semidecussation(char *contaminates_unfenestral) GLANDES_STHENIAS(nobut_insurrectory); 0 --------------------------------- 8411 62713/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_06.c cppfunc 191 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8412 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c inputfunc 101 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 8413 153803/color.c cppfunc 380 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8414 62722/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_15.c cppfunc 312 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8415 70527/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53.c cppfunc 80 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8416 1635/snp10-ok.c cppfunc 43 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) buf = malloc(MAXSIZE); snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); free(buf); 0 --------------------------------- 8417 153621/avdevice.c cppfunc 170 va_list crocketed_unclergyable; __builtin_va_start(crocketed_unclergyable,unwithered_necroscopy); redheaded_foreswore = (va_arg(crocketed_unclergyable,epizootically_manfred )); 0 --------------------------------- 8418 153604/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8419 73699/CWE124_Buffer_Underwrite__CWE839_listen_socket_06.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8420 62601/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_65.c cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8421 153349/img2.c cppfunc 46 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8422 67756/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_81a.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8423 62988/CWE121_Stack_Based_Buffer_Overflow__CWE135_68.c cppfunc 178 data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_68_goodB2GData = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_68b_goodB2GSink(); void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_68_goodB2GData; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 8424 71416/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_09.c cppfunc 41 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8425 66573/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_06.c cppfunc 65 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8426 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c cppfunc 207 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 8427 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c cppfunc 204 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 8428 72170/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_73.cpp cppfunc 171 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8429 70977/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_02.c cppfunc 70 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8430 62965/CWE121_Stack_Based_Buffer_Overflow__CWE135_18.c cppfunc 68 data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8431 73714/CWE124_Buffer_Underwrite__CWE839_listen_socket_31.c cppfunc 216 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8432 70540/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81a.cpp cppfunc 79 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8433 66585/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_18.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8434 152978/column-utils.c cppfunc 801 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int prenebular_teleplays = 44; char *utees_torbay;; stonesoup_read_taint(&utees_torbay,"2314",prenebular_teleplays); shifrah_meandrite = ((int )(strlen(utees_torbay))); memcpy(unamusingly_monogynoecial,utees_torbay,shifrah_meandrite); free(((char *)utees_torbay)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&utees_torbay,"2314",prenebular_teleplays); shifrah_meandrite = ((int )(strlen(utees_torbay))); memcpy(unamusingly_monogynoecial,utees_torbay,shifrah_meandrite); free(((char *)utees_torbay)); 0 --------------------------------- 8435 66580/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_13.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8436 153471/mux.c cppfunc 477 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int contractable_hoptoads = 596; char *countergauge_laggins; stonesoup_read_taint(&countergauge_laggins,"3876",contractable_hoptoads); blebs_outrolled = ((int )(strlen(countergauge_laggins))); memcpy(varooms_stearn,countergauge_laggins,blebs_outrolled); free(((char *)countergauge_laggins)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&countergauge_laggins,"3876",contractable_hoptoads); blebs_outrolled = ((int )(strlen(countergauge_laggins))); memcpy(varooms_stearn,countergauge_laggins,blebs_outrolled); free(((char *)countergauge_laggins)); 0 --------------------------------- 8437 67714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_03.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8438 152971/utils.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8439 152971/utils.c cppfunc 80 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8440 153501/e_camellia.c cppfunc 335 char *bluffly_bluegums;; stonesoup_read_taint(&bluffly_bluegums,"CLYTIUS_DERMESTES"); multifarously_warbeck = ((int )(strlen(bluffly_bluegums))); quaterion_congruence = ((char *)(malloc(multifarously_warbeck + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&bluffly_bluegums,"CLYTIUS_DERMESTES"); multifarously_warbeck = ((int )(strlen(bluffly_bluegums))); quaterion_congruence = ((char *)(malloc(multifarously_warbeck + 1))); 0 --------------------------------- 8441 72339/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22.c cppfunc 86 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_goodG2B2Source(data); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8442 62743/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_63.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8443 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c cppfunc 36 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 8444 72086/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_07.c cppfunc 99 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 8445 153612/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 8446 71402/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_73.cpp cppfunc 169 list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 8447 79513/CWE134_Uncontrolled_Format_String__char_console_snprintf_53.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_53b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_53b_goodB2GSink(char * data); 0 --------------------------------- 8448 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c cppfunc 235 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 8449 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c cppfunc 232 data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_goodB2GData = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_68b_goodB2GSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_goodB2GData; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 8450 70683/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_74.cpp cppfunc 336 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8451 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c inputfunc 168 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2_vasink(data, data); static void goodB2G2_vasink(char * data, ...) va_start(args, data); 0 --------------------------------- 8452 72094/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_15.c cppfunc 78 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 8453 72961/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_18.c cppfunc 64 data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8454 72211/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_63.c cppfunc 152 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8455 153796/oids.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8456 66578/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_11.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8457 153796/oids.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8458 153796/oids.c cppfunc 108 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8459 153105/portalmem.c cppfunc 129 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8460 152951/mux.c cppfunc 108 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8461 153161/cryptlib.c cppfunc 175 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8462 70431/CWE122_Heap_Based_Buffer_Overflow__CWE135_53.c cppfunc 273 void CWE122_Heap_Based_Buffer_Overflow__CWE135_53d_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8463 153162/color.c cppfunc 573 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 8464 153122/gimpdialogfactory.c cppfunc 2505 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int petrescence_noncommitted = 596; char *rocketers_beeregar; stonesoup_read_taint(&rocketers_beeregar,"6271",petrescence_noncommitted); shootee_pseudobia . krakow_dorados = ((char *)rocketers_beeregar); coliseum_anfractuousness(shootee_pseudobia); void coliseum_anfractuousness(const struct renaming_anguillulidae studley_hesychastic) free(((char *)((struct renaming_anguillulidae )studley_hesychastic) . krakow_dorados)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&rocketers_beeregar,"6271",petrescence_noncommitted); shootee_pseudobia . krakow_dorados = ((char *)rocketers_beeregar); coliseum_anfractuousness(shootee_pseudobia); 0 --------------------------------- 8465 153499/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8466 153154/color.c cppfunc 368 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8467 72952/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_09.c cppfunc 93 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8468 71461/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_06.c cppfunc 81 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 8469 72135/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_08.c cppfunc 55 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8470 66334/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_07.c cppfunc 92 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8471 66336/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_09.c cppfunc 86 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8472 110460/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_05.c cppfunc 110 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8473 153509/color.c cppfunc 606 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int workroom_dilettantism = 91; char *esophagoscope_dunham; stonesoup_read_taint(&esophagoscope_dunham,"9602",workroom_dilettantism); free(((char *)esophagoscope_dunham)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&esophagoscope_dunham,"9602",workroom_dilettantism); free(((char *)esophagoscope_dunham)); 0 --------------------------------- 8474 72428/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_13.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8475 153009/utils.c cppfunc 4786 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; spec += 2; prog_id = (strtol(spec,&endptr,0)); 0 --------------------------------- 8476 72832/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54.c cppfunc 270 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54e_badSink(char * data) strcat(data, source); printLine(data); free(data); 0 --------------------------------- 8477 153037/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8478 153037/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8479 153037/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8480 153260/bio_err.c cppfunc 241 aneurysm_nasrol keita_praxinoscope = 0; yowlring_sandweed(&keita_praxinoscope); typotelegraphy_assertorically = &keita_praxinoscope; free(((char *)( *typotelegraphy_assertorically))); 0 --------------------------------- 8481 153755/dirent_uri.c cppfunc 2087 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 8482 73632/CWE124_Buffer_Underwrite__CWE839_fgets_62.cpp cppfunc 192 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8483 153794/timestamp.c cppfunc 79 stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8484 152866/gimpdisplay.c cppfunc 140 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8485 70874/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_73.cpp cppfunc 157 void badSink(list dataList) char * data = dataList.back(); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8486 153794/timestamp.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8487 153534/string.c cppfunc 76 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8488 153534/string.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8489 66584/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_17.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 8490 79425/CWE134_Uncontrolled_Format_String__char_console_fprintf_67.c inputfunc 47 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_67b_badSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_fprintf_67b_badSink(CWE134_Uncontrolled_Format_String__char_console_fprintf_67_structType myStruct); 0 --------------------------------- 8491 70886/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_07.c cppfunc 78 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8492 199233/buffer_overrun_dynamic.c cppfunc 62 int *buf=(int*) calloc(5,sizeof(int)); buf[i]=1; free(buf); 0 --------------------------------- 8493 70421/CWE122_Heap_Based_Buffer_Overflow__CWE135_32.c cppfunc 115 void * *dataPtr2 = &data; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); void * data = *dataPtr2; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8494 67417/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_18.c cppfunc 54 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8495 73071/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53.c cppfunc 235 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53d_goodG2BSink(char * data) strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 8496 70745/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_10.c cppfunc 70 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8497 72450/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_62.cpp cppfunc 62 data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8498 153464/mem_dbg.c inputfunc 267 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&cotonou_subbing,"CONGLOMERATIC_EUPHORBIA"); if (cotonou_subbing != 0) {; decannulation_wooingly[3] = cotonou_subbing; maru_ganching[5] = decannulation_wooingly; provand_unbarrel = *(maru_ganching + *carara_protested); if (provand_unbarrel[3] != 0) { swops_digesting = ((char *)provand_unbarrel[3]); strncpy(stonesoup_source, swops_digesting, sizeof(stonesoup_source)); if (provand_unbarrel[3] != 0) free(((char *)provand_unbarrel[3])); 0 --------------------------------- 8499 72018/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_62.cpp cppfunc 42 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8500 153363/column-utils.c cppfunc 134 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 8501 70453/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_06.c cppfunc 335 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8502 153275/column.c cppfunc 78 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 8503 62972/CWE121_Stack_Based_Buffer_Overflow__CWE135_41.c cppfunc 61 size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); data = (void *)CHAR_STRING; goodG2BSink(data); static void goodG2BSink(void * data) memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8504 69155/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_04.cpp cppfunc 100 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 8505 70436/CWE122_Heap_Based_Buffer_Overflow__CWE135_64.c cppfunc 188 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_64b_goodB2GSink(&data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_64b_goodB2GSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8506 152909/column-utils.c cppfunc 761 multivariate_shorterville = getenv("DIAPHANE_VERWANDERUNG"); beamish_talcums = ((int )(strlen(multivariate_shorterville))); caprioled_suboctuple = ((char *)(malloc(beamish_talcums + 1))); 0 --------------------------------- 8507 153753/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8508 153323/resowner.c cppfunc 170 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8509 153798/cmdline.c inputfunc 856 e = (getenv("EDITOR")); if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 8510 71163/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_74.cpp cppfunc 157 void badSink(map dataMap) wchar_t * data = dataMap[2]; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 8511 149166/stack_overflow_array_length-good.c inputfunc 30 if(fread(&r, sizeof r, 1, f) != 1) fclose(f); if(fclose(f) != 0) return r; return getRand() % 256; buffer[plop()] = '!'; 0 --------------------------------- 8512 70458/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_11.c cppfunc 236 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8513 153822/config_file.c cppfunc 123 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8514 73300/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_43.cpp cppfunc 63 data = NULL; goodG2BSource(data); static void goodG2BSource(int64_t * &data) data = (int64_t *)malloc(sizeof(*data)); *data = 2147483643LL; printLongLongLine(*data); free(data); 0 --------------------------------- 8515 72870/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_33.cpp cppfunc 70 char * &dataRef = data; char * data = dataRef; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8516 79472/CWE134_Uncontrolled_Format_String__char_console_printf_66.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_printf_66b_goodB2GSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_printf_66b_goodB2GSink(char * dataArray[]) char * data = dataArray[2]; printf("%s\n", data); 0 --------------------------------- 8517 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c inputfunc 183 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 8518 66629/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_14.c cppfunc 66 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8519 63646/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_15.c cppfunc 80 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 8520 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c cppfunc 149 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 8521 72968/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_41.c cppfunc 59 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_41_goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8522 153187/cmdline.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8523 67601/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_61.cpp cppfunc 212 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8524 153074/utils.c cppfunc 103 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8525 66243/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_12.c cppfunc 69 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8526 153074/utils.c cppfunc 105 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8527 73701/CWE124_Buffer_Underwrite__CWE839_listen_socket_08.c cppfunc 93 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8528 66243/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_12.c cppfunc 63 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8529 73624/CWE124_Buffer_Underwrite__CWE839_fgets_43.cpp cppfunc 35 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8530 73720/CWE124_Buffer_Underwrite__CWE839_listen_socket_43.cpp cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8531 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c cppfunc 188 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 8532 67488/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_05.c cppfunc 102 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 8533 199276/invalid_memory_access.c cppfunc 419 invalid_memory_access_013_s_001_s_gbl = (invalid_memory_access_013_s_001 *)calloc(1,sizeof(invalid_memory_access_013_s_001)); invalid_memory_access_013_s_001_s_gbl->a = 10; invalid_memory_access_013_s_001_s_gbl->b = 10; invalid_memory_access_013_s_001_s_gbl->uninit = 10; invalid_memory_access_013_func_001 (1); invalid_memory_access_013_func_003 (1); ret = invalid_memory_access_013_func_002 (1); free(invalid_memory_access_013_s_001_s_gbl); 0 --------------------------------- 8534 153686/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8535 70439/CWE122_Heap_Based_Buffer_Overflow__CWE135_67.c cppfunc 181 void CWE122_Heap_Based_Buffer_Overflow__CWE135_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8536 72219/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_74.cpp cppfunc 175 data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8537 63645/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_14.c cppfunc 73 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 8538 67312/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_09.c cppfunc 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8539 72760/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_09.c cppfunc 73 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 8540 72805/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_06.c cppfunc 75 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 8541 153091/mux.c cppfunc 949 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *ambilian_protract; stonesoup_read_taint(&ambilian_protract,"STUKA_RIVERET"); marshalsea_narrowy = ambilian_protract; upttorn_villageful = &marshalsea_narrowy; loewy_meller = upttorn_villageful + 5; REMAIL_KERENSKY(loewy_meller); void dipsomaniac_preindication(pecify_hybridiser *undistilled_hymenic) free(((char *)( *(undistilled_hymenic - 5)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&ambilian_protract,"STUKA_RIVERET"); marshalsea_narrowy = ambilian_protract; upttorn_villageful = &marshalsea_narrowy; loewy_meller = upttorn_villageful + 5; REMAIL_KERENSKY(loewy_meller); 0 --------------------------------- 8542 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c cppfunc 78 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 8543 73050/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_11.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 8544 72314/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_73.cpp cppfunc 167 list dataList; data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8545 153597/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 8546 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c cppfunc 31 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 8547 65160/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_09.c cppfunc 93 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 8548 71146/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_43.cpp cppfunc 74 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 8549 72855/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_08.c cppfunc 107 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8550 153241/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8551 73348/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_43.cpp cppfunc 65 static void goodG2BSource(twoIntsStruct * &data) goodG2BSource(data); data = (twoIntsStruct *)malloc(sizeof(*data)); data->intOne = 1; data->intTwo = 2; static void goodG2BSource(twoIntsStruct * &data) data = NULL; goodG2BSource(data); printStructLine(data); free(data); 0 --------------------------------- 8552 70524/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45.c cppfunc 153 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8553 153440/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8554 70429/CWE122_Heap_Based_Buffer_Overflow__CWE135_51.c cppfunc 176 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_51b_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_51b_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8555 72143/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_16.c cppfunc 70 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8556 66631/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_16.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 8557 72742/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_66.c cppfunc 144 data[50-1] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 8558 153683/tile.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8559 71399/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67.c cppfunc 135 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67_structType myStruct) char * data = myStruct.structFirst; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 8560 66627/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_12.c cppfunc 74 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8561 62579/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_16.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8562 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c cppfunc 99 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8563 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c cppfunc 73 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 8564 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c cppfunc 76 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8565 152970/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8566 72881/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_61.c cppfunc 61 data[0] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_61b_goodG2BSource(data); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8567 79411/CWE134_Uncontrolled_Format_String__char_console_fprintf_42.c inputfunc 98 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = goodB2GSource(data); fprintf(stdout, "%s\n", data); 0 --------------------------------- 8568 153002/hashfn.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8569 153002/hashfn.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8570 72839/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67.c cppfunc 154 CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67_structType myStruct; data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67_structType myStruct) char * data = myStruct.structFirst; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 8571 152879/eng_table.c cppfunc 120 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8572 66236/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_05.c cppfunc 68 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8573 153763/color.c cppfunc 363 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8574 153763/color.c cppfunc 365 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8575 1632/snp9-bad.c cppfunc 63 buf = malloc(MAXSIZE); printf("result: %s\n", buf); free(buf); 0 --------------------------------- 8576 153571/conf_mod.c cppfunc 148 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 8577 62531/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_16.c inputfunc 180 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 8578 153495/timestamp.c cppfunc 72 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8579 153374/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8580 153374/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8581 153374/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8582 62572/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_09.c cppfunc 87 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8583 153530/bio_err.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8584 63805/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_14.c cppfunc 97 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 8585 62709/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_02.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8586 73162/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_43.cpp cppfunc 55 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 8587 152940/cmdutils.c inputfunc 1756 ret = (fread(( *bufptr),1, *size,f)); if (ret < *size) { av_free(( *bufptr)); if (ferror(f)) { fclose(f); 0 --------------------------------- 8588 153673/config.c cppfunc 196 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *woodwind_pseudapospory; stonesoup_read_taint(&woodwind_pseudapospory,"ANTIPLEURITIC_PEACEKEEPER"); mycorrhizic_chicanos = ((int )(strlen(woodwind_pseudapospory))); plagioclinal_reconciliated = ((char *)(malloc(mycorrhizic_chicanos + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&woodwind_pseudapospory,"ANTIPLEURITIC_PEACEKEEPER"); mycorrhizic_chicanos = ((int )(strlen(woodwind_pseudapospory))); plagioclinal_reconciliated = ((char *)(malloc(mycorrhizic_chicanos + 1))); 0 --------------------------------- 8589 152955/timestamp.c cppfunc 224 union confectioneries_oromo omnipotently_ugroid = {0}; va_list crispation_nontidal; __builtin_va_start(crispation_nontidal,overlard_macroergate); omnipotently_ugroid = (va_arg(crispation_nontidal,union confectioneries_oromo )); free(((char *)omnipotently_ugroid . unmetallic_camelot)); 0 --------------------------------- 8590 72818/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_21.c cppfunc 92 static char * goodG2B1Source(char * data) data = NULL; data = goodG2B1Source(data); data[0] = '\0'; return data; data = goodG2B1Source(data); strcat(data, source); printLine(data); free(data); 0 --------------------------------- 8591 73011/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22.c cppfunc 65 data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_goodG2B1Source(data); strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 8592 153279/dynahash.c cppfunc 238 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8593 153598/tile-manager.c cppfunc 50 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8594 72350/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52.c cppfunc 171 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52c_badSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8595 152913/eng_lib.c cppfunc 76 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8596 71413/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_06.c cppfunc 77 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8597 153009/utils.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8598 110827/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_63.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8599 110366/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_07.c cppfunc 122 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8600 62736/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_45.c cppfunc 249 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8601 72806/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_07.c cppfunc 77 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 8602 153636/mux.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8603 153027/color.c cppfunc 342 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8604 73701/CWE124_Buffer_Underwrite__CWE839_listen_socket_08.c cppfunc 199 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8605 153384/color.c cppfunc 368 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8606 66528/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_09.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8607 153533/dirent_uri.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8608 70664/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_41.c cppfunc 180 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8609 153588/file_wrappers.c cppfunc 1818 jmp_buf exploitatively_nonbreeding; congresswoman_kalends = setjmp(exploitatively_nonbreeding); longjmp(exploitatively_nonbreeding,1); 0 --------------------------------- 8610 72198/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_33.cpp cppfunc 76 wchar_t * &dataRef = data; wchar_t * data = dataRef; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8611 153203/tile-manager.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8612 152892/oids.c cppfunc 142 stonesoup_read_taint(&fustigated_turboalternator,"DESCOMBES_FINIST"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 8613 152892/oids.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&fustigated_turboalternator,"DESCOMBES_FINIST"); if (fustigated_turboalternator != 0) {; carbonation_sparing[24] = fustigated_turboalternator; joypopper_excussion = carbonation_sparing; hypomnematic_chimopelagic = joypopper_excussion + 5; anciennete_dispar(hypomnematic_chimopelagic); 0 --------------------------------- 8614 153614/utils.c cppfunc 101 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8615 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c inputfunc 107 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 8616 152947/pmsignal.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8617 110312/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_01.c cppfunc 142 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8618 153215/pgstat.c inputfunc 3371 if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); memcpy(dbentry,(&dbbuf),sizeof(PgStat_StatDBEntry )); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); FreeFile(fpin); 0 --------------------------------- 8619 70465/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_18.c cppfunc 228 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8620 110391/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8621 153022/cmdutils.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8622 153369/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8623 153689/tile-manager.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8624 153689/tile-manager.c cppfunc 62 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8625 67718/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_07.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8626 66570/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_03.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8627 72983/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67.c cppfunc 135 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8628 152945/portalmem.c cppfunc 127 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8629 152945/portalmem.c cppfunc 129 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8630 70958/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52.c cppfunc 201 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52c_goodG2BSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 8631 153053/img2.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8632 73056/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_17.c cppfunc 64 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 8633 153203/tile-manager.c cppfunc 765 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int counselor_unpreventably = 53; char *sheepbell_estated; stonesoup_read_taint(&sheepbell_estated,"5217",counselor_unpreventably); peases_msfor[5] = sheepbell_estated; nevertheless_seraphtide[1] = 5; overidolatrous_kleenex = *(peases_msfor + nevertheless_seraphtide[1]); free(((char *)overidolatrous_kleenex)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&sheepbell_estated,"5217",counselor_unpreventably); peases_msfor[5] = sheepbell_estated; overidolatrous_kleenex = *(peases_msfor + nevertheless_seraphtide[1]); free(((char *)overidolatrous_kleenex)); 0 --------------------------------- 8634 70993/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_18.c cppfunc 63 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8635 153040/bufmgr.c cppfunc 173 int rambong_hillis = 596; stonesoup_read_taint(&peritrochal_muraena,"1490",rambong_hillis); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 8636 153753/color.c cppfunc 356 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8637 70437/CWE122_Heap_Based_Buffer_Overflow__CWE135_65.c cppfunc 181 void CWE122_Heap_Based_Buffer_Overflow__CWE135_65b_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8638 199236/buffer_underrun_dynamic.c cppfunc 62 int *buf=(int*) calloc(5,sizeof(int)); buf[i]=1; free(buf); 0 --------------------------------- 8639 153753/color.c cppfunc 358 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8640 66543/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_34.c cppfunc 63 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8641 152964/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8642 152964/color.c cppfunc 90 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8643 153656/color.c cppfunc 324 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8644 153656/color.c cppfunc 326 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8645 72098/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_21.c cppfunc 121 static wchar_t * goodG2B2Source(wchar_t * data) data = NULL; data = goodG2B2Source(data); data[0] = L'\0'; return data; data = goodG2B2Source(data); wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 8646 153690/gimpviewable.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8647 153356/color.c cppfunc 379 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8648 153792/gimpdisplay.c cppfunc 860 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int wanderoo_hybridising = 596; char *irishwomen_simeonite;; stonesoup_read_taint(&irishwomen_simeonite,"9330",wanderoo_hybridising); hih_mucocellulosic = irishwomen_simeonite; biscoe_surgeons = &hih_mucocellulosic; unrequitement_babakoto = biscoe_surgeons + 5; free(((char *)( *(unrequitement_babakoto - 5)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&irishwomen_simeonite,"9330",wanderoo_hybridising); hih_mucocellulosic = irishwomen_simeonite; biscoe_surgeons = &hih_mucocellulosic; unrequitement_babakoto = biscoe_surgeons + 5; free(((char *)( *(unrequitement_babakoto - 5)))); 0 --------------------------------- 8649 153670/avdevice.c cppfunc 46 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8650 110795/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_04.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8651 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c cppfunc 185 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 8652 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c inputfunc 98 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 8653 72149/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_32.c cppfunc 79 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8654 152915/bufmgr.c cppfunc 2704 void stonesoup_handle_taint(char *hot_scungilli) downhearted_disgress = ((int )(strlen(hot_scungilli))); wordle_backcourtman = ((char *)(malloc(downhearted_disgress + 1))); 0 --------------------------------- 8655 70516/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_31.c inputfunc 126 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 8656 153003/cmdutils.c inputfunc 1713 ret = (fread(( *bufptr),1, *size,f)); if (ret < *size) { av_free(( *bufptr)); if (ferror(f)) { fclose(f); 0 --------------------------------- 8657 153786/dynahash.c cppfunc 254 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8658 70516/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_31.c cppfunc 129 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8659 153403/error.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8660 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c inputfunc 136 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 8661 73022/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52.c cppfunc 170 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52c_badSink(char * data) strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 8662 66296/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_17.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 8663 69746/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_21.cpp cppfunc 105 data = new wchar_t[100]; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 8664 67486/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_03.c cppfunc 76 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 8665 67507/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_06.c cppfunc 43 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_06_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_06_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 8666 152926/color.c cppfunc 352 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8667 66529/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_10.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8668 199317/uninit_memory_access.c cppfunc 298 uninit_memory_access_010_s_001_arr_gbl = (uninit_memory_access_010_s_001 *) malloc (5*sizeof(uninit_memory_access_010_s_001)); uninit_memory_access_010_s_001_arr_gbl->csr = READY; uninit_memory_access_010_s_001_arr_gbl->data = READY; uninit_memory_access_010_s_001_arr_gbl->csr = RESET; uninit_memory_access_010_func_001(5); free((void *)uninit_memory_access_010_s_001_arr_gbl); 0 --------------------------------- 8669 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c inputfunc 158 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 8670 72785/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61.c cppfunc 63 data[50-1] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61b_goodG2BSource(data); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 8671 72278/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_07.c cppfunc 96 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8672 62710/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_03.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8673 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c cppfunc 150 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8674 153293/timestamp.c cppfunc 67 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8675 153293/timestamp.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8676 70514/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_21.c cppfunc 122 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8677 67755/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_74.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8678 153348/mutex.c cppfunc 229 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 8679 70912/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54.c cppfunc 292 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54e_badSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8680 67739/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_44.cpp cppfunc 112 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8681 110802/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_11.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8682 72081/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_02.c cppfunc 71 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 8683 153537/heapam.c cppfunc 178 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 8684 70916/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_64.c cppfunc 152 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8685 73724/CWE124_Buffer_Underwrite__CWE839_listen_socket_52.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8686 71411/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_04.c cppfunc 48 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8687 73722/CWE124_Buffer_Underwrite__CWE839_listen_socket_45.c cppfunc 106 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8688 70525/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51.c cppfunc 237 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8689 72793/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_72.cpp cppfunc 154 void badSink(vector dataVector) wchar_t * data = dataVector[2]; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 8690 72505/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_72.cpp cppfunc 171 vector dataVector; data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 0 --------------------------------- 8691 110546/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_73.cpp cppfunc 239 void badSink(list dataList) int data = dataList.back(); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8692 63641/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_10.c cppfunc 73 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 8693 66524/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_05.c cppfunc 68 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8694 153333/utils.c cppfunc 83 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8695 153333/utils.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8696 69157/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_06.cpp cppfunc 99 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 8697 72352/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54.c cppfunc 269 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54e_badSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8698 1303/mime2-bad.c inputfunc 184 c3 = fgetc(e->e_dfp); c4 = fgetc(e->e_dfp); while ((c1 = fgetc(e->e_dfp)) != EOF) c2 = fgetc(e->e_dfp); } while (isascii(c2) && isspace(c2)); if (c2 == EOF) if (c1 == '=' || c2 == '=') c2 = CHAR64(c2); 0 --------------------------------- 8699 70922/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_73.cpp cppfunc 175 list dataList; data = (char *)malloc((10+1)*sizeof(char)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8700 69754/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_43.cpp cppfunc 56 data = new wchar_t[100]; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 8701 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c cppfunc 195 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 8702 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c cppfunc 192 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 8703 66581/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_14.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8704 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c inputfunc 43 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_22_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_22_badSink(char * data); 0 --------------------------------- 8705 70521/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_42.c cppfunc 117 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8706 70643/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_04.c cppfunc 375 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8707 153003/cmdutils.c cppfunc 112 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8708 62735/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_44.c cppfunc 103 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8709 153768/avpacket.c cppfunc 549 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 8710 70640/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_01.c cppfunc 220 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8711 153224/error.c cppfunc 100 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(corimelaena_glucina)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8712 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c cppfunc 240 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 8713 70510/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_15.c cppfunc 148 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8714 153329/avfilter.c cppfunc 112 int cryptomnesic_vend = 53; stonesoup_read_taint(&mastosquamose_gasser,"8433",cryptomnesic_vend); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 8715 66246/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_15.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8716 152882/subtrans.c inputfunc 131 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&causeways_proprietarian,"PACIFYING_LEISURELESS"); if (causeways_proprietarian != 0) {; pazia_boroglycerine = ((int )(strlen(causeways_proprietarian))); unsticked_hoplonemertea = ((char *)(malloc(pazia_boroglycerine + 1))); if (unsticked_hoplonemertea == 0) { memcpy(unsticked_hoplonemertea,causeways_proprietarian,pazia_boroglycerine); if (causeways_proprietarian != 0) free(((char *)causeways_proprietarian)); 0 --------------------------------- 8717 152920/oids.c cppfunc 130 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8718 70841/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_10.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8719 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c cppfunc 101 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 8720 72162/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_62.cpp cppfunc 42 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8721 153399/cmdline.c cppfunc 108 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8722 71171/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_04.c cppfunc 99 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 8723 72761/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_10.c cppfunc 73 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 8724 72829/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_51.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_51b_badSink(char * data) strcat(data, source); printLine(data); free(data); 0 --------------------------------- 8725 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c inputfunc 43 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_badSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_badSink(char * dataArray[]); 0 --------------------------------- 8726 153023/avpacket.c cppfunc 44 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8727 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c cppfunc 101 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 8728 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c cppfunc 104 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8729 110470/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_15.c cppfunc 116 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8730 71183/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_16.c cppfunc 69 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 8731 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c cppfunc 93 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 8732 79471/CWE134_Uncontrolled_Format_String__char_console_printf_65.c inputfunc 43 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 8733 72634/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_43.cpp cppfunc 71 data[50-1] = L'\0'; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 8734 62565/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_02.c cppfunc 87 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8735 62565/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_02.c inputfunc 84 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 8736 153033/color.c cppfunc 359 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8737 153003/cmdutils.c cppfunc 805 idx = locate_option(argc,argv,options,"v"); char *tail; if (!strcmp(log_levels[i] . name,arg)) { level = (strtol(arg,&tail,'\n')); int locate_option(int argc,char **argv,const OptionDef *options,const char *optname) opt_loglevel(((void *)0),"loglevel",argv[idx + 1]); int opt_loglevel(void *optctx,const char *opt,const char *arg) level = (strtol(arg,&tail,'\n')); void parse_loglevel(int argc,char **argv,const OptionDef *options) int idx = locate_option(argc,argv,options,"loglevel"); 0 --------------------------------- 8738 70674/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_62.cpp cppfunc 253 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8739 153583/stream.c cppfunc 130 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8740 153416/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8741 72393/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_42.c cppfunc 70 data[50-1] = '\0'; return data; data = goodG2BSource(data); strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8742 72399/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53.c cppfunc 237 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53d_goodG2BSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8743 153286/mux.c cppfunc 909 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int klangfarbe_altropathy = 105; char *ludicrousness_fessed; stonesoup_read_taint(&ludicrousness_fessed,"4581",klangfarbe_altropathy); omnivident_dodds = ((int )(strlen(ludicrousness_fessed))); gillaroo_photosynthesize = ((char *)(malloc(omnivident_dodds + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&ludicrousness_fessed,"4581",klangfarbe_altropathy); omnivident_dodds = ((int )(strlen(ludicrousness_fessed))); gillaroo_photosynthesize = ((char *)(malloc(omnivident_dodds + 1))); 0 --------------------------------- 8744 62587/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_34.c cppfunc 126 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8745 72768/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_17.c cppfunc 62 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 8746 153007/tile.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8747 70676/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_64.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8748 71366/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_07.c cppfunc 77 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 8749 153627/e_bf.c cppfunc 329 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *melvie_asylabia;; stonesoup_read_taint(&melvie_asylabia,"VICTIMISE_WALLSEND"); mopan_superhero[1] = melvie_asylabia; roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))] = mopan_superhero; aedoeology_enteroplasty = roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))]; free(((char *)aedoeology_enteroplasty[1])); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&melvie_asylabia,"VICTIMISE_WALLSEND"); mopan_superhero[1] = melvie_asylabia; roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))] = mopan_superhero; aedoeology_enteroplasty = roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))]; free(((char *)aedoeology_enteroplasty[1])); 0 --------------------------------- 8750 66295/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_16.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 8751 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c cppfunc 31 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 8752 72422/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_07.c cppfunc 96 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8753 71174/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_07.c cppfunc 98 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 8754 153387/subtrans.c inputfunc 130 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&gnaphalium_sialid,"CHROMITE_ROSTRATED"); if (gnaphalium_sialid != 0) {; 0 --------------------------------- 8755 71435/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_44.c cppfunc 65 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8756 72154/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_43.cpp cppfunc 46 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8757 72405/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_65.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_65b_badSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8758 72791/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67.c cppfunc 145 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 8759 71433/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_42.c cppfunc 74 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8760 153421/color.c cppfunc 610 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 8761 110496/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_68.c cppfunc 155 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_68_goodG2BData = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_68b_goodG2BSink(); int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_68_goodG2BData; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8762 153421/color.c cppfunc 616 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *deathtrap_vail; stonesoup_read_taint(&deathtrap_vail,"EPOPEE_UNTASTILY"); free(((char *)deathtrap_vail)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&deathtrap_vail,"EPOPEE_UNTASTILY"); free(((char *)deathtrap_vail)); 0 --------------------------------- 8763 71383/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_34.c cppfunc 75 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_34_unionType myUnion; char * data = myUnion.unionSecond; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 8764 153347/bufmgr.c cppfunc 133 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 8765 67715/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_04.cpp cppfunc 201 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8766 72110/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52.c cppfunc 190 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52c_goodG2BSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 8767 62978/CWE121_Stack_Based_Buffer_Overflow__CWE135_52.c cppfunc 192 void CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 8768 153744/types.c cppfunc 71 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8769 62978/CWE121_Stack_Based_Buffer_Overflow__CWE135_52.c cppfunc 195 void CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8770 153744/types.c cppfunc 74 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8771 71429/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_32.c cppfunc 46 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8772 153752/heapam.c cppfunc 136 stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8773 70657/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_18.c cppfunc 294 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8774 153752/heapam.c cppfunc 138 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8775 72214/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_66.c cppfunc 139 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8776 153427/utils.c cppfunc 133 stonesoup_read_taint(&geoduck_quidditatively,"RHYNCHOTA_EEG"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 8777 72025/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_72.cpp cppfunc 151 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8778 153427/utils.c inputfunc 136 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&geoduck_quidditatively,"RHYNCHOTA_EEG"); if (geoduck_quidditatively != 0) {; 0 --------------------------------- 8779 71395/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_63.c cppfunc 121 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_63b_badSink(char * * dataPtr) char * data = *dataPtr; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 8780 67503/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_02.c cppfunc 38 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_02_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_02_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 8781 70680/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68.c cppfunc 373 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8782 62724/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_17.c cppfunc 188 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8783 153702/config.c cppfunc 243 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *mouthes_epigonation; stonesoup_read_taint(&mouthes_epigonation,"TARSOCLASIS_DEPOSING"); mazolysis_cacoethes = ((int )(strlen(mouthes_epigonation))); rontgenized_turtledom = ((char *)(malloc(mazolysis_cacoethes + 1))); memset(rontgenized_turtledom,0,mazolysis_cacoethes + 1); memcpy(rontgenized_turtledom,mouthes_epigonation,mazolysis_cacoethes); titillating_mosaicked = &rontgenized_turtledom; sepiidae_edom = &titillating_mosaicked; sewellel_psychiatrists = &sepiidae_edom; gabbled_unpersonally = &sewellel_psychiatrists; capsomere_atlantis = &gabbled_unpersonally; depew_jello = &capsomere_atlantis; paramount_mandaeism = &depew_jello; overwinter_mycotoxic = ¶mount_mandaeism; mariastein_hinayana = &overwinter_mycotoxic; toluate_preciosities = &mariastein_hinayana; free(((char *)( *( *( *( *( *( *( *( *( *( *toluate_preciosities)))))))))))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_read_taint(&mouthes_epigonation,"TARSOCLASIS_DEPOSING"); mazolysis_cacoethes = ((int )(strlen(mouthes_epigonation))); memcpy(rontgenized_turtledom,mouthes_epigonation,mazolysis_cacoethes); titillating_mosaicked = &rontgenized_turtledom; sepiidae_edom = &titillating_mosaicked; sewellel_psychiatrists = &sepiidae_edom; gabbled_unpersonally = &sewellel_psychiatrists; capsomere_atlantis = &gabbled_unpersonally; depew_jello = &capsomere_atlantis; paramount_mandaeism = &depew_jello; overwinter_mycotoxic = ¶mount_mandaeism; mariastein_hinayana = &overwinter_mycotoxic; toluate_preciosities = &mariastein_hinayana; free(((char *)( *( *( *( *( *( *( *( *( *( *toluate_preciosities)))))))))))); 0 --------------------------------- 8784 70411/CWE122_Heap_Based_Buffer_Overflow__CWE135_12.c cppfunc 67 wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8785 153017/cryptlib.c cppfunc 178 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8786 153118/e_bf.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8787 79465/CWE134_Uncontrolled_Format_String__char_console_printf_53.c inputfunc 94 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_53b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_53b_goodB2GSink(char * data); 0 --------------------------------- 8788 153187/cmdline.c cppfunc 111 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8789 153445/color.c cppfunc 120 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8790 153445/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8791 66941/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_74.cpp cppfunc 169 data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 8792 153089/string.c cppfunc 601 risibleness_carla = getenv("SYNARTESIS_ANCIENNETE"); surculi_cullionly = ((int )(strlen(risibleness_carla))); tupian_retrogressing = ((char *)(malloc(surculi_cullionly + 1))); memset(tupian_retrogressing,0,surculi_cullionly + 1); memcpy(tupian_retrogressing,risibleness_carla,surculi_cullionly); unprime_figuratively = 1; epiglottides_thirtyfold = &tupian_retrogressing; theriomorphosis_liberating = ((char **)(((unsigned long )epiglottides_thirtyfold) * unprime_figuratively * unprime_figuratively)) + 5; free(((char *)( *(theriomorphosis_liberating - 5)))); 0 --------------------------------- 8793 73047/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_08.c cppfunc 101 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 8794 63597/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_06.c cppfunc 79 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 8795 66368/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_68.c cppfunc 41 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8796 73067/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_44.c cppfunc 59 static void goodG2BSink(char * data) strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 8797 72395/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_44.c cppfunc 61 static void goodG2BSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8798 153387/subtrans.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8799 153387/subtrans.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8800 153671/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8801 66244/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_13.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8802 62598/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_62.cpp cppfunc 192 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8803 110527/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_34.c cppfunc 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8804 153783/string.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8805 153047/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 8806 72277/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_06.c cppfunc 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8807 73059/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22.c cppfunc 65 data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_goodG2B1Source(data); strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 8808 66263/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8809 72327/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_08.c cppfunc 83 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8810 153086/mem_dbg.c cppfunc 214 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8811 62576/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_13.c inputfunc 84 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 8812 62576/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_13.c cppfunc 87 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8813 72993/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_02.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 8814 152869/conversation.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8815 153211/mutex.c cppfunc 43 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8816 70483/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_63.c cppfunc 336 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8817 72218/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_73.cpp cppfunc 156 void badSink(list dataList) wchar_t * data = dataList.back(); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8818 110361/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_02.c cppfunc 90 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8819 72857/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_10.c cppfunc 71 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8820 153351/oids.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8821 153260/bio_err.c cppfunc 139 int stipuled_isosmotic = 91; stonesoup_read_taint(&komarek_adviceful,"5575",stipuled_isosmotic); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 8822 70644/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_05.c cppfunc 310 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8823 153414/dirent_uri.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8824 79511/CWE134_Uncontrolled_Format_String__char_console_snprintf_51.c inputfunc 47 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_51b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_51b_badSink(char * data); 0 --------------------------------- 8825 67570/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_03.cpp cppfunc 152 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8826 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c inputfunc 91 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 8827 67403/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_04.c cppfunc 67 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8828 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c cppfunc 168 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 8829 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c cppfunc 165 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G1_vasink(data, data); static void goodB2G1_vasink(char * data, ...) va_start(args, data); 0 --------------------------------- 8830 69874/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_03.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 8831 153576/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8832 153576/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8833 153576/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8834 66287/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_08.c cppfunc 75 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8835 70408/CWE122_Heap_Based_Buffer_Overflow__CWE135_09.c cppfunc 172 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8836 79423/CWE134_Uncontrolled_Format_String__char_console_fprintf_65.c inputfunc 43 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 8837 153290/dynahash.c cppfunc 252 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8838 70478/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52.c cppfunc 409 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8839 153351/oids.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8840 73248/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_33.cpp cppfunc 60 double * &dataRef = data; double * data = dataRef; printDoubleLine(*data); free(data); 0 --------------------------------- 8841 73704/CWE124_Buffer_Underwrite__CWE839_listen_socket_11.c cppfunc 186 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8842 153309/mux.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8843 153590/utf.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8844 153590/utf.c cppfunc 118 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8845 153163/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8846 153778/tile-manager.c cppfunc 71 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8847 153746/color.c cppfunc 340 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8848 153746/color.c cppfunc 342 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8849 153456/portalmem.c cppfunc 109 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8850 153355/subtrans.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8851 73046/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_07.c cppfunc 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 8852 70759/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_34.c cppfunc 74 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_34_unionType myUnion; char * data = myUnion.unionSecond; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8853 72384/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_17.c cppfunc 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8854 70677/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_65.c cppfunc 365 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8855 153041/resowner.c cppfunc 1157 *modulus_function = stonesoup_modulus_function1; *modulus_function = stonesoup_modulus_function2; stonesoup_function_ptr = malloc(sizeof(void *)); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); free(stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { free(stonesoup_function_ptr); 0 --------------------------------- 8856 153720/resowner.c cppfunc 169 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8857 71458/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_03.c cppfunc 77 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 8858 153720/resowner.c cppfunc 160 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8859 153015/cryptlib.c cppfunc 783 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *salep_retransmited) minorage_roger = ((int )(strlen(salep_retransmited))); memcpy(glutinose_mesolgion,salep_retransmited,minorage_roger); free(((char *)salep_retransmited)); 0 --------------------------------- 8860 153108/color.c cppfunc 361 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8861 72197/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_32.c cppfunc 83 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8862 67313/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_10.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8863 110540/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_64.c cppfunc 235 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8864 62966/CWE121_Stack_Based_Buffer_Overflow__CWE135_21.c cppfunc 129 data = (void *)CHAR_STRING; goodG2BSink(data); static void goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 8865 199275/invalid_memory_access.c cppfunc 515 str_rev[i] = '\0'; free(str_rev) ; char buf[][25]={"This is a String", str = invalid_memory_access_015_func_001(buf[j]); static char * invalid_memory_access_015_func_001 (char *str1) i = strlen(str1); str_rev = (char *) malloc(i+1); free(str_rev) ; 0 --------------------------------- 8866 199276/invalid_memory_access.c cppfunc 493 int arr[]={3,8,9,10,4}; int *ptr = malloc(sizeof(int)*5); ptr[i] = arr[i]; free(ptr); 0 --------------------------------- 8867 71474/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_21.c cppfunc 98 data = NULL; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[0] = '\0'; return data; data = goodG2B1Source(data); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 8868 70980/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_05.c cppfunc 77 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8869 72437/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_32.c cppfunc 75 char * *dataPtr2 = &data; char * data = *dataPtr2; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8870 153345/eng_table.c cppfunc 131 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8871 153345/eng_table.c cppfunc 133 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8872 153443/aviobuf.c cppfunc 82 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8873 153443/aviobuf.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8874 70459/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_12.c cppfunc 166 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 8875 70419/CWE122_Heap_Based_Buffer_Overflow__CWE135_22.c cppfunc 180 void CWE122_Heap_Based_Buffer_Overflow__CWE135_22_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8876 153239/color.c cppfunc 367 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8877 153291/color.c cppfunc 335 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8878 153291/color.c cppfunc 337 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 8879 153624/color.c cppfunc 349 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8880 153416/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8881 66353/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_42.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 8882 72431/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_16.c cppfunc 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8883 110505/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_02.c cppfunc 192 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8884 71448/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_68.c cppfunc 133 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8885 72302/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52.c cppfunc 188 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52c_goodG2BSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8886 71475/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22.c cppfunc 95 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_goodG2B2Source(char * data) data[0] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_goodG2B2Source(data); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 8887 62990/CWE121_Stack_Based_Buffer_Overflow__CWE135_73.cpp cppfunc 184 void goodG2BSink(list dataList) void * data = dataList.back(); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8888 152868/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 8889 153805/color.c cppfunc 108 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8890 153805/color.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8891 153214/pgstat.c cppfunc 292 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8892 63596/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_05.c cppfunc 104 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 8893 67337/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_61.c cppfunc 135 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 8894 153479/file_wrappers.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8895 153479/file_wrappers.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8896 153194/tile-manager.c cppfunc 733 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *lipwork_drowsiest; stonesoup_read_taint(&lipwork_drowsiest,"PERISTEROPODAN_MARCHMAN"); diatribist_semipsychologic = ((int )(strlen(lipwork_drowsiest))); vasomotorial_tyrrhus = ((char *)(malloc(diatribist_semipsychologic + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&lipwork_drowsiest,"PERISTEROPODAN_MARCHMAN"); diatribist_semipsychologic = ((int )(strlen(lipwork_drowsiest))); vasomotorial_tyrrhus = ((char *)(malloc(diatribist_semipsychologic + 1))); 0 --------------------------------- 8897 73694/CWE124_Buffer_Underwrite__CWE839_listen_socket_01.c cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8898 153540/eng_table.c cppfunc 376 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *bluntishness_fibiger; stonesoup_read_taint(&bluntishness_fibiger,"PLUTEUS_VALLECULA"); antiphlogistin_erythron[3] = bluntishness_fibiger; crane_snipy[5] = antiphlogistin_erythron; springling_beachie[1] = 5; heartsomeness_tranks = *(crane_snipy + springling_beachie[1]); free(((char *)heartsomeness_tranks[3])); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&bluntishness_fibiger,"PLUTEUS_VALLECULA"); antiphlogistin_erythron[3] = bluntishness_fibiger; crane_snipy[5] = antiphlogistin_erythron; heartsomeness_tranks = *(crane_snipy + springling_beachie[1]); free(((char *)heartsomeness_tranks[3])); 0 --------------------------------- 8899 79463/CWE134_Uncontrolled_Format_String__char_console_printf_51.c inputfunc 94 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_51b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_51b_goodB2GSink(char * data) printf("%s\n", data); 0 --------------------------------- 8900 152906/tile.c cppfunc 71 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8901 153074/utils.c cppfunc 4788 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; spec += 2; prog_id = (strtol(spec,&endptr,0)); 0 --------------------------------- 8902 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c cppfunc 381 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 8903 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c cppfunc 384 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 8904 153818/tile.c cppfunc 434 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int cathedratic_epithymetic = 44; char *demander_bacule; stonesoup_read_taint(&demander_bacule,"8148",cathedratic_epithymetic); uncrude_eelgrass[30] = demander_bacule; anesthetist_spartans = uncrude_eelgrass; uneddying_mentobregmatic(hexanchidae_primar,anesthetist_spartans); uneddying_mentobregmatic(gombeen_unorientally,acopon_lacer); void uneddying_mentobregmatic(int gombeen_unorientally,char **acopon_lacer) free(((char *)acopon_lacer[30])); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&demander_bacule,"8148",cathedratic_epithymetic); uncrude_eelgrass[30] = demander_bacule; anesthetist_spartans = uncrude_eelgrass; uneddying_mentobregmatic(hexanchidae_primar,anesthetist_spartans); 0 --------------------------------- 8905 72830/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_52.c cppfunc 190 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_52c_goodG2BSink(char * data) strcat(data, source); printLine(data); free(data); 0 --------------------------------- 8906 72159/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53.c cppfunc 222 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 8907 66303/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_34.c cppfunc 36 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8908 67593/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_42.cpp cppfunc 35 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8909 70945/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_18.c cppfunc 65 data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 8910 153593/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8911 153197/color.c cppfunc 368 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 8912 72361/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_72.cpp cppfunc 167 vector dataVector; data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8913 153799/conf_mod.c cppfunc 142 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8914 153799/conf_mod.c cppfunc 145 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8915 72191/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_16.c cppfunc 74 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 8916 153624/color.c cppfunc 117 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8917 62607/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_74.cpp cppfunc 97 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8918 66232/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_01.c cppfunc 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 8919 153590/utf.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8920 153378/stream.c cppfunc 128 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8921 71353/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_72.cpp cppfunc 151 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 8922 62571/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_08.c cppfunc 50 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8923 65405/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_14.c cppfunc 71 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 8924 70524/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45.c cppfunc 69 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8925 71487/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53.c cppfunc 245 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53d_badSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 8926 199236/buffer_underrun_dynamic.c cppfunc 629 char *message = (char*) calloc(12, sizeof(char)); message[len]='\n'; free(message); 0 --------------------------------- 8927 70984/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_09.c cppfunc 70 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 8928 152980/conversation.c cppfunc 115 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 8929 110532/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_45.c cppfunc 161 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_45_goodG2BData = data; goodG2BSink(); int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_45_goodG2BData; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8930 63599/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_08.c cppfunc 111 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 8931 70766/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52.c cppfunc 199 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52c_goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8932 153642/tile-swap.c cppfunc 584 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int demidevil_werefox = 596; char *lipschitz_gaums; stonesoup_read_taint(&lipschitz_gaums,"2493",demidevil_werefox); outspokennesses_gestapo = ((int )(strlen(lipschitz_gaums))); bas_adelges = ((char *)(malloc(outspokennesses_gestapo + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&lipschitz_gaums,"2493",demidevil_werefox); outspokennesses_gestapo = ((int )(strlen(lipschitz_gaums))); bas_adelges = ((char *)(malloc(outspokennesses_gestapo + 1))); 0 --------------------------------- 8933 69897/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_42.cpp cppfunc 56 data = new wchar_t[100]; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 8934 153813/config.c cppfunc 82 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8935 70836/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_05.c cppfunc 79 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8936 153294/bufmgr.c cppfunc 126 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8937 62584/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_31.c cppfunc 117 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8938 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c inputfunc 145 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 8939 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c cppfunc 147 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 8940 153736/types.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8941 72878/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52.c cppfunc 172 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52c_badSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8942 153736/types.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8943 66620/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_05.c cppfunc 73 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8944 153673/config.c cppfunc 110 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8945 153019/mutex.c cppfunc 80 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8946 153499/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8947 153499/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8948 153499/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8949 70738/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_03.c cppfunc 89 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 8950 152940/cmdutils.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8951 67505/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_04.c cppfunc 44 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_04_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_04_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 8952 72403/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_63.c cppfunc 120 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_63b_badSink(char * * dataPtr) char * data = *dataPtr; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 8953 148881/diam_dict.c cppfunc 2982 va_list ap; va_start(ap, fmt); if (debugging) vfprintf(stderr, fmt, ap); va_end(ap); 0 --------------------------------- 8954 153077/file_wrappers.c cppfunc 136 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8955 67305/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_02.c cppfunc 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 8956 153699/cmdline.c cppfunc 930 svn_error_t *svn_cmdline__edit_file_externally(const char *path,const char *editor_cmd,apr_hash_t *config,apr_pool_t *pool) const char *file_name; svn_dirent_split(&base_dir,&file_name,path,pool); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char *editor; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); apr_err = apr_filepath_set(old_cwd,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); 0 --------------------------------- 8957 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c cppfunc 192 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 8958 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c cppfunc 195 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 8959 153242/e_camellia.c cppfunc 643 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); successionist_shrubby = ((int )(strlen(phenoquinone_gravamem))); shieldmaker_mariya = ((char *)(malloc(successionist_shrubby + 1))); memset(shieldmaker_mariya,0,successionist_shrubby + 1); memcpy(shieldmaker_mariya,phenoquinone_gravamem,successionist_shrubby); counterthrusts_flabbinesses[5] = shieldmaker_mariya; anemochore_oryssidae[1] = 5; chromogenesis_scorbute = *(counterthrusts_flabbinesses + anemochore_oryssidae[1]); free(((char *)chromogenesis_scorbute)); void stonesoup_handle_taint(char *phenoquinone_gravamem) successionist_shrubby = ((int )(strlen(phenoquinone_gravamem))); memcpy(shieldmaker_mariya,phenoquinone_gravamem,successionist_shrubby); counterthrusts_flabbinesses[5] = shieldmaker_mariya; chromogenesis_scorbute = *(counterthrusts_flabbinesses + anemochore_oryssidae[1]); free(((char *)chromogenesis_scorbute)); 0 --------------------------------- 8960 67602/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_62.cpp cppfunc 212 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 8961 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 8962 70664/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_41.c cppfunc 107 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 8963 153175/utils.c cppfunc 4746 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; spec += 2; prog_id = (strtol(spec,&endptr,0)); 0 --------------------------------- 8964 70411/CWE122_Heap_Based_Buffer_Overflow__CWE135_12.c cppfunc 173 dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 8965 153649/pmsignal.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 8966 66398/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_33.cpp cppfunc 40 wchar_t * &dataRef = data; wchar_t * data = dataRef; dataLen = wcslen(data); 0 --------------------------------- 8967 153298/stream.c cppfunc 129 int hijinks_pabulums = 105; stonesoup_read_taint(&elita_irina,"9455",hijinks_pabulums); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 8968 110372/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_13.c cppfunc 90 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 8969 153649/pmsignal.c cppfunc 108 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8970 71488/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54.c cppfunc 300 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54e_badSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 8971 148923/strutil.c cppfunc 649 oid_str_to_bytes(const char *oid_str, GByteArray *bytes) { p = oid_str; if (!isdigit((guchar)*p) && (*p != '.')) return FALSE; p++; p = oid_str; while (isdigit((guchar)*p)) { p++; while (isdigit((guchar)*p)) { if (*p) p++; while (isdigit((guchar)*p)) { 0 --------------------------------- 8972 70409/CWE122_Heap_Based_Buffer_Overflow__CWE135_10.c cppfunc 111 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8973 152917/cmdutils.c cppfunc 2082 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int reoffer_demobilisation = 596; char *exogens_mandolas; stonesoup_read_taint(&exogens_mandolas,"8725",reoffer_demobilisation); fisherville_ornamentalist . tarakihi_jeno = exogens_mandolas; MISOPATERIST_OVERNORMALIZE(fisherville_ornamentalist); void presupervised_resourcefulness(union burlesquing_suicidalism histophyly_heremeit) free(((char *)histophyly_heremeit . tarakihi_jeno)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&exogens_mandolas,"8725",reoffer_demobilisation); fisherville_ornamentalist . tarakihi_jeno = exogens_mandolas; MISOPATERIST_OVERNORMALIZE(fisherville_ornamentalist); 0 --------------------------------- 8974 152999/tile-swap.c inputfunc 183 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&inputted_sheared,"BIOSTATICAL_ZINGIBER"); if (inputted_sheared != 0) {; interestedness_duchan . decimalized_stanniferous = ((char *)inputted_sheared); discursive_overnicety[5] = interestedness_duchan; achymia_nondecoration = *(discursive_overnicety + alliant_afterlifetime[1]); houhere_galahad = ((char *)achymia_nondecoration . decimalized_stanniferous); stonesoup_buff_size = strlen(houhere_galahad) + 1; stonesoup_size = stonesoup_other_size < stonesoup_buff_size ? stonesoup_other_size : stonesoup_buff_size; for (stonesoup_i = 0; stonesoup_i < stonesoup_size; stonesoup_i++) { houhere_galahad[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = for (stonesoup_i = 0; stonesoup_i < stonesoup_buff_size; stonesoup_i++) { free (stonesoup_other_buff); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buff_size", stonesoup_buff_size, &stonesoup_buff_size, "TRIGGER-STATE"); if (achymia_nondecoration . decimalized_stanniferous != 0) free(((char *)achymia_nondecoration . decimalized_stanniferous)); 0 --------------------------------- 8975 70839/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_08.c cppfunc 106 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 8976 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c cppfunc 61 data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodG2BSource(data); goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 8977 153407/config.c cppfunc 142 int uncompound_sailflying = 596; stonesoup_read_taint(&unworking_pulque,"3552",uncompound_sailflying); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 8978 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c cppfunc 64 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 8979 72465/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_02.c cppfunc 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 0 --------------------------------- 8980 66632/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_17.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 8981 153760/aviobuf.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8982 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c inputfunc 136 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 8983 153599/mem_dbg.c cppfunc 242 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8984 153446/main_statusbar.c cppfunc 133 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 8985 153446/main_statusbar.c cppfunc 136 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8986 69928/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_09.cpp cppfunc 94 data = new wchar_t[100]; data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 8987 79467/CWE134_Uncontrolled_Format_String__char_console_printf_61.c inputfunc 182 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = CWE134_Uncontrolled_Format_String__char_console_printf_61b_goodB2GSource(data); printf("%s\n", data); 0 --------------------------------- 8988 153809/img2.c cppfunc 61 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 8989 153102/cryptlib.c cppfunc 630 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *inductile_kaya; stonesoup_read_taint(&inductile_kaya,"ENTHRONIZING_CONVERTER"); supercordially_punner = inductile_kaya; free(((char *)supercordially_punner)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&inductile_kaya,"ENTHRONIZING_CONVERTER"); supercordially_punner = inductile_kaya; free(((char *)supercordially_punner)); 0 --------------------------------- 8990 153247/conversation.c cppfunc 132 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 8991 153247/conversation.c cppfunc 130 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 8992 153506/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 8993 152940/cmdutils.c cppfunc 848 void parse_loglevel(int argc,char **argv,const OptionDef *options) int idx = locate_option(argc,argv,options,"loglevel"); int locate_option(int argc,char **argv,const OptionDef *options,const char *optname) idx = locate_option(argc,argv,options,"v"); opt_loglevel(((void *)0),"loglevel",argv[idx + 1]); int opt_loglevel(void *optctx,const char *opt,const char *arg) char *tail; if (!strcmp(log_levels[i] . name,arg)) { level = (strtol(arg,&tail,'\n')); 0 --------------------------------- 8994 72753/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_02.c cppfunc 73 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 8995 153753/color.c cppfunc 605 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *iin_magnesia; stonesoup_read_taint(&iin_magnesia,"UNACCEPTANT_MULTIFAROUSLY"); free(((char *)iin_magnesia)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&iin_magnesia,"UNACCEPTANT_MULTIFAROUSLY"); free(((char *)iin_magnesia)); 0 --------------------------------- 8996 62986/CWE121_Stack_Based_Buffer_Overflow__CWE135_66.c cppfunc 178 data = (void *)WIDE_STRING; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_goodB2GSink(dataArray); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); void CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_goodB2GSink(void * dataArray[]) void * data = dataArray[2]; memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 8997 62986/CWE121_Stack_Based_Buffer_Overflow__CWE135_66.c cppfunc 175 data = (void *)WIDE_STRING; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_goodB2GSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_goodB2GSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 8998 148828/markup.cpp cppfunc 692 static bool isElementPresentational(const Node* node) if (node->hasTagName(uTag) || node->hasTagName(sTag) || node->hasTagName(strikeTag) || node->hasTagName(iTag) || node->hasTagName(emTag) || node->hasTagName(bTag) || node->hasTagName(strongTag)) RefPtr style = styleFromMatchedRulesAndInlineDecl(node); String createMarkup(const Range* range, Vector* nodes, EAnnotateForInterchange annotate, bool convertBlocksToInlines) Document* document = range->ownerDocument(); Frame* frame = document->frame(); DeleteButtonController* deleteButton = frame ? frame->editor()->deleteButtonController() : 0; RefPtr updatedRange = avoidIntersectionWithNode(range, deleteButton ? deleteButton->containerElement() : 0); ExceptionCode ec = 0; bool collapsed = updatedRange->collapsed(ec); ASSERT(ec == 0); Node* commonAncestor = updatedRange->commonAncestorContainer(ec); Node* commonAncestorBlock = commonAncestor ? enclosingBlock(commonAncestor) : 0; if (!specialCommonAncestor && isTabSpanTextNode(commonAncestor)) specialCommonAncestor = commonAncestor->parentNode(); if (!specialCommonAncestor && isTabSpanNode(commonAncestor)) Node* body = enclosingNodeWithTag(Position(commonAncestor, 0), bodyTag); Node* fullySelectedRoot = body && areRangesEqual(VisibleSelection::selectionFromContentsOfNode(body).toNormalizedRange().get(), updatedRange.get()) ? body : 0; RefPtr fullySelectedRootStyle = fullySelectedRoot ? styleFromMatchedRulesAndInlineDecl(fullySelectedRoot) : 0; static PassRefPtr styleFromMatchedRulesAndInlineDecl(const Node* node) if (!node->isHTMLElement()) HTMLElement* element = const_cast(static_cast(node)); RefPtr style = styleFromMatchedRulesForElement(element); RefPtr inlineStyleDecl = element->getInlineStyleDecl(); style->merge(inlineStyleDecl.get()); 0 --------------------------------- 8999 79459/CWE134_Uncontrolled_Format_String__char_console_printf_42.c inputfunc 98 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = goodB2GSource(data); printf("%s\n", data); 0 --------------------------------- 9000 148916/strutil.c cppfunc 457 is_byte_sep(guint8 c) if (is_byte_sep(*punct)) { p = punct; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; q = p+1; s = p+3; && isxdigit(*p) && isxdigit(*q) && isxdigit(*r) && isxdigit(*s)) { punct = s + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q + 1; p = q; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { 0 --------------------------------- 9001 72136/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_09.c cppfunc 41 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9002 153635/string.c cppfunc 54 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9003 153635/string.c cppfunc 56 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9004 72151/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_34.c cppfunc 77 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9005 153480/bss_file.c cppfunc 132 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9006 153225/color.c cppfunc 605 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *inspirationally_saluter; stonesoup_read_taint(&inspirationally_saluter,"ASYLUM_DEMOCRATIZING"); free(((char *)inspirationally_saluter)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&inspirationally_saluter,"ASYLUM_DEMOCRATIZING"); free(((char *)inspirationally_saluter)); 0 --------------------------------- 9007 153225/color.c cppfunc 600 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 9008 153448/cryptlib.c cppfunc 163 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9009 153445/color.c cppfunc 375 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9010 153445/color.c cppfunc 373 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9011 66293/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_14.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9012 153108/color.c cppfunc 118 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9013 110350/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_66.c cppfunc 248 data = 20; dataArray[2] = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_66b_goodG2BSink(dataArray); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_66b_goodG2BSink(int dataArray[]) int data = dataArray[2]; intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9014 72984/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68.c cppfunc 132 wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68_badData; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9015 153328/e_camellia.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9016 153328/e_camellia.c cppfunc 111 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(monophonic_sheraton)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9017 110516/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_13.c cppfunc 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9018 148966/strutil.c cppfunc 847 convert_string_to_hex(const char *string, size_t *nbytes) p = &string[0]; c = *p++; c = *p++; if (isdigit(c)) 0 --------------------------------- 9019 153633/bufmgr.c cppfunc 167 lickspittle_eroding coefficacy_bedwell = 0; va_list azymite_petroleum; __builtin_va_start(azymite_petroleum,medicining_pareu); coefficacy_bedwell = (va_arg(azymite_petroleum,lickspittle_eroding )); GREYING_CHAIRWOMAN(coefficacy_bedwell); void northerners_yowie(lickspittle_eroding worthies_halfpence) characterology_nontempered = ((char *)worthies_halfpence); stonesoup_buffer = malloc((strlen(characterology_nontempered) + 1) * sizeof(char )); strcpy(stonesoup_buffer,characterology_nontempered); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 9020 70889/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_10.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9021 153455/color.c cppfunc 340 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9022 153258/column.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9023 63638/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_07.c cppfunc 100 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 9024 70933/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_06.c cppfunc 96 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 9025 72216/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68.c cppfunc 163 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68b_goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68_goodG2BData; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 9026 153711/timestamp.c cppfunc 64 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9027 71420/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_13.c cppfunc 73 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9028 70459/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_12.c cppfunc 402 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9029 152915/bufmgr.c cppfunc 109 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9030 72183/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_08.c cppfunc 113 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 9031 67572/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_05.cpp cppfunc 102 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9032 70506/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_11.c cppfunc 228 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9033 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c cppfunc 31 char * *dataPtr2 = &data; char * data = *dataPtr2; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9034 153807/utils.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9035 153109/color.c cppfunc 363 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9036 153109/color.c cppfunc 361 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9037 153807/utils.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9038 153807/utils.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9039 70931/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_04.c cppfunc 99 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 9040 153238/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9041 153238/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9042 153238/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9043 71447/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67.c cppfunc 156 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9044 152887/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9045 65153/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_02.c cppfunc 93 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 9046 153159/timestamp.c inputfunc 106 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&nonexportable_pertinent,"PRECEDED_CORNEMUSE"); if (nonexportable_pertinent != 0) {; 0 --------------------------------- 9047 152925/eng_lib.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9048 153159/timestamp.c cppfunc 103 stonesoup_read_taint(&nonexportable_pertinent,"PRECEDED_CORNEMUSE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 9049 70946/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_21.c cppfunc 120 data = (char *)malloc((10+1)*sizeof(char)); return data; data = NULL; data = goodG2B2Source(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); static char * goodG2B2Source(char * data) return data; data = goodG2B2Source(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 9050 153476/column.c cppfunc 58 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9051 153675/aviobuf.c cppfunc 71 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9052 153346/img2.c cppfunc 46 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9053 69890/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_21.cpp cppfunc 105 data = new wchar_t[100]; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 9054 152997/stream.c cppfunc 76 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9055 153367/dirent_uri.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9056 73737/CWE124_Buffer_Underwrite__CWE839_listen_socket_74.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9057 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c cppfunc 147 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 9058 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c cppfunc 144 char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = goodB2GSource(data); goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9059 71186/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_21.c cppfunc 93 data = NULL; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; data = goodG2B1Source(data); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 9060 149108/dble_free_local_flow-good.c inputfunc 29 if(fread(&r, sizeof r, 1, f) != 1) fclose(f); if(fclose(f) != 0) return r; vector[i] = (short)(getRand() % 256); if (vector) { free(vector); printf("%d ",vector[i]); if (vector) free(vector); 0 --------------------------------- 9061 66583/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_16.c cppfunc 57 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 9062 153202/bio_err.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9063 153792/gimpdisplay.c cppfunc 133 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9064 153129/color.c cppfunc 90 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(supereminence_rhodonite)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9065 153129/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9066 153455/color.c cppfunc 91 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9067 67306/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_03.c cppfunc 80 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9068 1506/Figure4-12-unix.c inputfunc 22 int main(int argc, char *argv[]) if (argc !=2){ strcpy(first, argv[1]); free(first); 0 --------------------------------- 9069 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c cppfunc 217 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 9070 72358/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_66.c cppfunc 144 data[50-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9071 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c cppfunc 214 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); strcpy(data, "fixedstringtest"); goodG2BVaSinkB(data, data); goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 9072 70673/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_61.c cppfunc 265 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9073 148966/packet-http.c cppfunc 2237 process_header(tvbuff_t *tvb, int offset, int next_offset, const guchar *line, int linelen, int colon_offset, line_end_offset = offset + linelen; header_name = se_strndup(&line[0], header_len); value_offset = colon_offset + 1; value_offset++; value_len = line_end_offset - value_offset; value = ep_strndup(&line[value_offset - offset], value_len); tmp=strtol(value, NULL, 10); 0 --------------------------------- 9074 70497/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_02.c cppfunc 93 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9075 153580/pmsignal.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9076 153433/resowner.c cppfunc 1156 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 9077 153580/pmsignal.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9078 153321/column-utils.c cppfunc 2179 overwheel_orthopraxia = getenv("ALIUS_OVERTHICKNESS"); wittekind_supernaturally = ((int )(strlen(overwheel_orthopraxia))); sclerocornea_amygdalus = ((char *)(malloc(wittekind_supernaturally + 1))); memset(sclerocornea_amygdalus,0,wittekind_supernaturally + 1); memcpy(sclerocornea_amygdalus,overwheel_orthopraxia,wittekind_supernaturally); misforms_procellose(sclerocornea_amygdalus); void misforms_procellose(char *coloristic_gadaria) free(((char *)coloristic_gadaria)); 0 --------------------------------- 9079 1299/recipient-bad.c cppfunc 199 char buf0[MAXNAME + 1]; i = strlen(a->q_user); if (i >= sizeof buf0) buf = xalloc(i + 1); buf = buf0; (void) strcpy(buf, a->q_user); printf("buf used in finduser = %s\n", buf); pw = finduser(buf, &fuzzy); free(buf); 0 --------------------------------- 9080 149076/mem3-good.c cppfunc 51 main(int argc, char **argv) userstr = argv[1]; p = test(userstr); test(char *str) p = strdup(str); printf("result: %s\n", p); return p; p = test(userstr); free(p); 0 --------------------------------- 9081 72790/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_66.c cppfunc 154 data[50-1] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 9082 72163/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_63.c cppfunc 122 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9083 153325/aviobuf.c inputfunc 109 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&jazziness_aroynted,"FAIL_PICHICIEGO"); if (jazziness_aroynted != 0) {; columniferous_taborite = ((int )(strlen(jazziness_aroynted))); bushmaster_cachucho = ((char *)(malloc(columniferous_taborite + 1))); if (bushmaster_cachucho == 0) { memcpy(bushmaster_cachucho,jazziness_aroynted,columniferous_taborite); if (jazziness_aroynted != 0) free(((char *)jazziness_aroynted)); viddhal_stamford[5] = bushmaster_cachucho; debarbarization_vichyssoise = *(viddhal_stamford + conformers_hethen[1]); owens_insidiosity(debarbarization_vichyssoise); 0 --------------------------------- 9084 72449/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_61.c cppfunc 59 data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_61b_goodG2BSource(data); strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 9085 72111/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53.c cppfunc 221 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53d_badSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 9086 153074/utils.c cppfunc 4772 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) switch(( *(spec++))){ if (( *(spec++)) == ':') { int index = (strtol(spec,((void *)0),0)); 0 --------------------------------- 9087 152935/config_file.c cppfunc 116 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9088 152974/conversation.c cppfunc 92 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9089 72971/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_44.c cppfunc 63 static void goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9090 153728/main_filter_toolbar.c cppfunc 103 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 9091 153001/avpacket.c cppfunc 52 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9092 66588/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_31.c cppfunc 29 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9093 73733/CWE124_Buffer_Underwrite__CWE839_listen_socket_67.c cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9094 66242/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_11.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9095 72783/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53.c cppfunc 243 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53d_badSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 9096 72767/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_16.c cppfunc 36 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 9097 73008/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_17.c cppfunc 64 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 9098 153057/file_wrappers.c inputfunc 152 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&adays_thermophilous,"TURMEL_MEROSYSTEMATIC"); if (adays_thermophilous != 0) {; 0 --------------------------------- 9099 153388/dynahash.c cppfunc 243 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9100 153714/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 9101 110678/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_52.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9102 153187/cmdline.c cppfunc 84 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9103 67730/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_21.cpp cppfunc 116 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9104 153802/types.c cppfunc 76 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9105 153802/types.c cppfunc 73 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9106 153036/string.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9107 67307/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_04.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9108 153178/color.c cppfunc 358 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9109 153178/color.c cppfunc 356 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9110 71445/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_65.c cppfunc 144 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9111 110547/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_74.cpp cppfunc 262 data = 20; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int data = dataMap[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9112 153400/dirent_uri.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9113 73365/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_74.cpp cppfunc 159 data = NULL; data = (twoIntsStruct *)malloc(sizeof(*data)); data->intOne = 1; data->intTwo = 2; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) twoIntsStruct * data = dataMap[2]; printStructLine(data); free(data); 0 --------------------------------- 9114 110671/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_34.cpp cppfunc 44 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9115 153400/dirent_uri.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9116 67278/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_33.cpp cppfunc 65 wchar_t * &dataRef = data; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 9117 66242/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_11.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9118 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c cppfunc 569 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54e_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9119 62571/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_08.c cppfunc 150 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9120 70856/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_41.c cppfunc 61 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_41_goodG2BSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9121 72813/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_14.c cppfunc 93 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 9122 72199/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_34.c cppfunc 81 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 9123 73739/CWE124_Buffer_Underwrite__CWE839_listen_socket_82a.cpp cppfunc 180 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9124 153474/e_bf.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9125 153474/e_bf.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9126 67596/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_45.cpp cppfunc 72 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9127 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c cppfunc 31 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9128 153739/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9129 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c cppfunc 267 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 9130 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c cppfunc 264 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9131 153393/pgstat.c cppfunc 271 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9132 67597/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_51.cpp cppfunc 83 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9133 66625/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_10.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9134 153374/color.c cppfunc 351 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9135 70505/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_10.c cppfunc 149 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9136 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c cppfunc 99 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 9137 66337/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_10.c cppfunc 86 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9138 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c cppfunc 96 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 9139 72195/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22.c cppfunc 95 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_goodG2B2Source(wchar_t * data) data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_goodG2B2Source(data); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 9140 153231/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9141 153100/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9142 71184/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_17.c cppfunc 69 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 9143 66235/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_04.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9144 1296/create_iquery.c cppfunc 96 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); 0 --------------------------------- 9145 62989/CWE121_Stack_Based_Buffer_Overflow__CWE135_72.cpp cppfunc 198 vector dataVector; data = (void *)WIDE_STRING; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodB2GSink(dataVector); void goodB2GSink(vector dataVector) void * data = dataVector[2]; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 9146 62574/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_11.c cppfunc 137 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9147 153474/e_bf.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9148 153290/dynahash.c cppfunc 291 int transportee_gavia = 40; stonesoup_read_taint(&cinerarias_tipstock,"2572",transportee_gavia); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 9149 153101/resowner.c cppfunc 155 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9150 153101/resowner.c cppfunc 151 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9151 70643/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_04.c cppfunc 464 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9152 153101/resowner.c cppfunc 158 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9153 152882/subtrans.c cppfunc 88 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9154 153122/gimpdialogfactory.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9155 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c inputfunc 42 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_badSink(char * * dataPtr); CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_badSink(&data); 0 --------------------------------- 9156 72308/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_64.c cppfunc 144 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9157 153805/color.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9158 72330/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_11.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9159 72994/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_03.c cppfunc 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 9160 152913/eng_lib.c cppfunc 474 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); duumviral_unflouted = ((int )(strlen(charmeuse_winter))); coproducing_diseasy = ((char *)(malloc(duumviral_unflouted + 1))); memset(coproducing_diseasy,0,duumviral_unflouted + 1); memcpy(coproducing_diseasy,charmeuse_winter,duumviral_unflouted); deflagrates_nondefalcation = 1; lacteals_nucleoside = &coproducing_diseasy; metricising_stiacciato = ((char **)(((unsigned long )lacteals_nucleoside) * deflagrates_nondefalcation * deflagrates_nondefalcation)) + 5; free(((char *)( *(metricising_stiacciato - 5)))); void stonesoup_handle_taint(char *charmeuse_winter) duumviral_unflouted = ((int )(strlen(charmeuse_winter))); memcpy(coproducing_diseasy,charmeuse_winter,duumviral_unflouted); lacteals_nucleoside = &coproducing_diseasy; metricising_stiacciato = ((char **)(((unsigned long )lacteals_nucleoside) * deflagrates_nondefalcation * deflagrates_nondefalcation)) + 5; free(((char *)( *(metricising_stiacciato - 5)))); 0 --------------------------------- 9161 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c cppfunc 31 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 9162 152970/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9163 153392/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9164 153655/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9165 153655/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9166 69753/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_42.cpp cppfunc 29 data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 9167 153655/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9168 148823/Element.cpp cppfunc 489 String localName = shouldIgnoreAttributeCase(this) ? name.lower() : name; return !elem->hasAttribute(attr); if (!documentIsHTML && namespaces && shouldAddNamespaceElem(el)) if (el->isHTMLElement() && (annotate || convert)) { Element* element = const_cast(el); RefPtr styleFromMatchedRules = styleFromMatchedRulesForElement(const_cast(el)); styleFromMatchedRules->merge(style.get()); style = styleFromMatchedRules; CSSMutableStyleDeclaration::const_iterator end = style->end(); for (CSSMutableStyleDeclaration::const_iterator it = style->begin(); it != end; ++it) { styleFromMatchedRules->merge(style.get()); 0 --------------------------------- 9169 152911/eng_lib.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9170 71367/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_08.c cppfunc 107 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 9171 153509/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9172 71208/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68.c cppfunc 139 wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68_badData; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 9173 153433/resowner.c cppfunc 159 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9174 153433/resowner.c cppfunc 156 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9175 70413/CWE122_Heap_Based_Buffer_Overflow__CWE135_14.c cppfunc 144 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 9176 153112/utils.c cppfunc 4772 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) switch(( *(spec++))){ if (( *(spec++)) == ':') { int index = (strtol(spec,((void *)0),0)); 0 --------------------------------- 9177 153679/avdevice.c cppfunc 74 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9178 110507/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_04.c cppfunc 199 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9179 153467/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9180 153234/img2.c cppfunc 53 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9181 110327/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_16.c cppfunc 150 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9182 69866/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_73.cpp cppfunc 142 void badSink(list dataList) int * data = dataList.back(); memcpy(data, source, 10*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 9183 62566/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_03.c inputfunc 84 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 9184 62566/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_03.c cppfunc 87 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9185 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c cppfunc 94 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 9186 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c cppfunc 91 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9187 110535/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53.c cppfunc 394 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53c_goodG2BSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53d_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53d_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9188 79407/CWE134_Uncontrolled_Format_String__char_console_fprintf_32.c inputfunc 42 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; *dataPtr1 = data; 0 --------------------------------- 9189 72957/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_14.c cppfunc 71 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9190 63436/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_05.c cppfunc 101 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 9191 153536/stream.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9192 153536/stream.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9193 153459/file_wrappers.c cppfunc 1754 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); unforeseen_rhinologic = ((int )(strlen(kernel_wanweird))); bugayev_cerata = ((char *)(malloc(unforeseen_rhinologic + 1))); memset(bugayev_cerata,0,unforeseen_rhinologic + 1); memcpy(bugayev_cerata,kernel_wanweird,unforeseen_rhinologic); malproportioned_paradigmatic[5] = bugayev_cerata; standpoint_herschel[1] = 5; surrection_affiches = *(malproportioned_paradigmatic + standpoint_herschel[1]); free(((char *)surrection_affiches)); void stonesoup_handle_taint(char *kernel_wanweird) unforeseen_rhinologic = ((int )(strlen(kernel_wanweird))); memcpy(bugayev_cerata,kernel_wanweird,unforeseen_rhinologic); malproportioned_paradigmatic[5] = bugayev_cerata; surrection_affiches = *(malproportioned_paradigmatic + standpoint_herschel[1]); free(((char *)surrection_affiches)); 0 --------------------------------- 9194 69921/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_02.cpp cppfunc 94 data = new wchar_t[100]; data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 9195 152918/color.c cppfunc 378 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 9196 72722/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_21.c cppfunc 90 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B1Source(data); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 9197 110510/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_07.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9198 70641/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_02.c cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9199 70775/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67.c cppfunc 158 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67_structType myStruct; data = (char *)malloc((10+1)*sizeof(char)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9200 71365/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_06.c cppfunc 75 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 9201 69762/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_62.cpp cppfunc 145 data = new wchar_t[100]; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 9202 72382/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_15.c cppfunc 103 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 9203 67408/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_09.c cppfunc 80 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9204 153257/mem_dbg.c cppfunc 243 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9205 70867/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_63.c cppfunc 128 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9206 67489/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_06.c cppfunc 101 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 9207 110378/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_21.c cppfunc 111 data = 20; return data; data = -1; data = goodG2B1Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); static int goodG2B1Source(int data) return data; data = goodG2B1Source(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9208 69159/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_08.cpp cppfunc 107 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 9209 72183/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_08.c cppfunc 91 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 9210 72886/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_66.c cppfunc 146 data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9211 71374/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_15.c cppfunc 78 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 9212 72157/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_51.c cppfunc 143 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9213 72785/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61.c cppfunc 147 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61b_goodG2BSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 9214 70431/CWE122_Heap_Based_Buffer_Overflow__CWE135_53.c cppfunc 286 void CWE122_Heap_Based_Buffer_Overflow__CWE135_53c_goodB2GSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_53d_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_53d_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 9215 69738/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_11.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 9216 67585/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_18.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9217 72135/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_08.c cppfunc 87 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9218 72376/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_09.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 9219 70411/CWE122_Heap_Based_Buffer_Overflow__CWE135_12.c cppfunc 162 dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 9220 72345/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_42.c cppfunc 70 data[50-1] = '\0'; return data; data = goodG2BSource(data); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9221 72778/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_43.cpp cppfunc 75 data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 9222 153583/stream.c cppfunc 272 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; int coccidology_nonjuristic = 53; char *kabalevsky_greenbackism;; stonesoup_read_taint(&kabalevsky_greenbackism,"2414",coccidology_nonjuristic); getters_shifter = ((int )(strlen(kabalevsky_greenbackism))); coeternal_montessorian = ((char *)(malloc(getters_shifter + 1))); memset(coeternal_montessorian,0,getters_shifter + 1); memcpy(coeternal_montessorian,kabalevsky_greenbackism,getters_shifter); cochabamba_vandenberg[5] = coeternal_montessorian; tetrasulphid_oxfordist[1] = 5; uneasily_iliohypogastric = *(cochabamba_vandenberg + tetrasulphid_oxfordist[1]); free(((char *)uneasily_iliohypogastric)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&kabalevsky_greenbackism,"2414",coccidology_nonjuristic); getters_shifter = ((int )(strlen(kabalevsky_greenbackism))); memcpy(coeternal_montessorian,kabalevsky_greenbackism,getters_shifter); cochabamba_vandenberg[5] = coeternal_montessorian; uneasily_iliohypogastric = *(cochabamba_vandenberg + tetrasulphid_oxfordist[1]); free(((char *)uneasily_iliohypogastric)); 0 --------------------------------- 9223 110369/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_10.c cppfunc 116 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9224 71426/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_21.c cppfunc 124 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9225 66578/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_11.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9226 66640/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_41.c cppfunc 71 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9227 71423/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_16.c cppfunc 42 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9228 72282/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_11.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9229 148821/Element.cpp cppfunc 489 String localName = shouldIgnoreAttributeCase(this) ? name.lower() : name; return !elem->hasAttribute(attr); if (!documentIsHTML && namespaces && shouldAddNamespaceElem(el)) if (el->isHTMLElement() && (annotate || convert)) { Element* element = const_cast(el); RefPtr styleFromMatchedRules = styleFromMatchedRulesForElement(const_cast(el)); styleFromMatchedRules->merge(style.get()); style = styleFromMatchedRules; CSSMutableStyleDeclaration::const_iterator end = style->end(); for (CSSMutableStyleDeclaration::const_iterator it = style->begin(); it != end; ++it) { styleFromMatchedRules->merge(style.get()); 0 --------------------------------- 9230 66940/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_73.cpp cppfunc 169 list dataList; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 9231 72006/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_33.cpp cppfunc 72 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9232 66294/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_15.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9233 71494/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_66.c cppfunc 139 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 9234 70519/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_34.c cppfunc 170 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9235 153513/utils.c cppfunc 4243 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { *port_ptr = atoi(brk + 2); 0 --------------------------------- 9236 72841/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_72.cpp cppfunc 150 void badSink(vector dataVector) char * data = dataVector[2]; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 9237 70988/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_13.c cppfunc 70 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9238 69734/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_07.cpp cppfunc 95 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 9239 153350/column-utils.c cppfunc 87 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9240 67715/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_04.cpp inputfunc 327 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 9241 153086/mem_dbg.c cppfunc 942 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *laconic_nonspherical) ottumwa_inkhornist = ((int )(strlen(laconic_nonspherical))); memcpy(molinet_uncomplexness,laconic_nonspherical,ottumwa_inkhornist); free(((char *)laconic_nonspherical)); 0 --------------------------------- 9242 70436/CWE122_Heap_Based_Buffer_Overflow__CWE135_64.c cppfunc 150 void CWE122_Heap_Based_Buffer_Overflow__CWE135_64b_badSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 9243 153342/stream.c cppfunc 98 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 9244 199236/buffer_underrun_dynamic.c cppfunc 334 int *buf=(int*) calloc(5,sizeof(int)); int indexes[5] = {3, 4, 0, 5, 6}; *(buf-indexes[index]) = 1; free(buf); 0 --------------------------------- 9245 110664/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_17.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9246 66332/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_05.c cppfunc 73 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9247 153810/pgstat.c inputfunc 3434 if (fread((&format_id),1,sizeof(format_id),fpin) != sizeof(format_id) || format_id != 0x01A5BC9A) { FreeFile(fpin); if (fread((&myGlobalStats),1,sizeof(myGlobalStats),fpin) != sizeof(myGlobalStats)) { FreeFile(fpin); *ts = myGlobalStats . stats_timestamp; FreeFile(fpin); if (pgstat_read_statsfile_timestamp(((bool )0),&file_ts) && file_ts >= min_ts) { static bool pgstat_read_statsfile_timestamp(bool permanent,TimestampTz *ts) 0 --------------------------------- 9248 70653/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_14.c cppfunc 262 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9249 70743/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_08.c cppfunc 103 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9250 70502/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_07.c cppfunc 42 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9251 71210/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_73.cpp cppfunc 157 void badSink(list dataList) wchar_t * data = dataList.back(); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 9252 70999/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_34.c cppfunc 74 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9253 153341/avpacket.c cppfunc 41 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9254 70452/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_05.c cppfunc 425 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9255 62980/CWE121_Stack_Based_Buffer_Overflow__CWE135_54.c cppfunc 325 void CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 9256 62980/CWE121_Stack_Based_Buffer_Overflow__CWE135_54.c cppfunc 328 void CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 9257 67310/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_07.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9258 153000/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9259 153187/cmdline.c cppfunc 921 svn_error_t *svn_cmdline__edit_file_externally(const char *path,const char *editor_cmd,apr_hash_t *config,apr_pool_t *pool) const char *editor; const char *file_name; svn_dirent_split(&base_dir,&file_name,path,pool); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); apr_err = apr_filepath_set(old_cwd,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); 0 --------------------------------- 9260 153000/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9261 153214/pgstat.c cppfunc 4146 union resina_unedging chairmen_ebenezer = {0}; va_list nonirritability_upwafts; __builtin_va_start(nonirritability_upwafts,budgereegah_unpropagable); chairmen_ebenezer = (va_arg(nonirritability_upwafts,union resina_unedging )); debs_adoniad(deathsman_workouts,chairmen_ebenezer); void debs_adoniad(int hartsel_scribblemania,union resina_unedging ambari_trangams) free(((char *)ambari_trangams . terzet_alkalinuria)); 0 --------------------------------- 9262 153300/config_file.c cppfunc 107 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 9263 153830/main_statusbar.c cppfunc 143 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9264 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c cppfunc 206 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 9265 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c cppfunc 203 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9266 67497/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_14.c cppfunc 96 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 9267 153830/main_statusbar.c cppfunc 146 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9268 72307/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_63.c cppfunc 120 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9269 70506/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_11.c cppfunc 181 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9270 152884/mem_dbg.c cppfunc 241 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9271 67317/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_14.c cppfunc 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9272 153609/img2.c cppfunc 72 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9273 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c cppfunc 433 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 9274 153609/img2.c cppfunc 74 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9275 72349/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_51.c cppfunc 139 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_51b_goodG2BSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9276 70966/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_66.c cppfunc 134 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 9277 70467/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22.c cppfunc 473 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9278 152963/pmsignal.c cppfunc 119 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9279 66110/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_33.cpp cppfunc 40 wchar_t * &dataRef = data; wchar_t * data = dataRef; dataLen = wcslen(data); 0 --------------------------------- 9280 62711/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_04.c cppfunc 298 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9281 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c cppfunc 53 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); char * dataCopy = data; char * data = dataCopy; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9282 72083/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_04.c cppfunc 78 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 9283 67331/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_44.c cppfunc 41 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9284 153322/color.c cppfunc 364 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 9285 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c cppfunc 256 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9286 70488/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68.c cppfunc 347 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9287 199236/buffer_underrun_dynamic.c cppfunc 622 char *message = (char*) calloc(12, sizeof(char)); message[len]='\n'; c = message[len]; if(isspace(c)) 0 --------------------------------- 9288 149084/scpy9-good.c cppfunc 52 shortstr(char *p, int n, int targ) return shortstr(p+1, n-1, targ); return p; return shortstr(p+1, n-1, targ); buf = malloc(MAXSIZE); strcpy(buf, str); printf("result: %s\n", buf); free(buf); str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); test(str2); test(char *str) strcpy(buf, str); printf("result: %s\n", buf); free(buf); main(int argc, char **argv) userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); 0 --------------------------------- 9289 70504/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_09.c cppfunc 93 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9290 153382/mux.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9291 153608/hashfn.c cppfunc 47 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9292 153192/tile-manager.c cppfunc 90 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9293 70773/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_65.c cppfunc 130 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_65b_badSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9294 67757/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_82a.cpp cppfunc 180 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9295 153012/color.c cppfunc 331 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9296 70486/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_66.c cppfunc 344 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9297 62981/CWE121_Stack_Based_Buffer_Overflow__CWE135_61.c cppfunc 60 data = CWE121_Stack_Based_Buffer_Overflow__CWE135_61b_goodG2BSource(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 9298 62981/CWE121_Stack_Based_Buffer_Overflow__CWE135_61.c cppfunc 63 data = CWE121_Stack_Based_Buffer_Overflow__CWE135_61b_goodG2BSource(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 9299 153119/bufmgr.c cppfunc 121 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9300 79415/CWE134_Uncontrolled_Format_String__char_console_fprintf_51.c inputfunc 94 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_51b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_51b_goodB2GSink(char * data) fprintf(stdout, "%s\n", data); 0 --------------------------------- 9301 153468/utils.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9302 153468/utils.c cppfunc 79 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9303 152921/color.c cppfunc 359 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 9304 72179/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_04.c cppfunc 84 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 9305 71442/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_62.cpp cppfunc 66 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9306 70981/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_06.c cppfunc 74 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9307 66572/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_05.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9308 153138/cryptlib.c cppfunc 805 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); impossibilities_zizania = 1; rooftops_musty = ((earlap_unvoices *)(((unsigned long )viewing_transigence) * impossibilities_zizania * impossibilities_zizania)) + 5; free(((char *)( *(rooftops_musty - 5)))); void stonesoup_handle_taint(char *moody_humbly) coelian_grossart = moody_humbly; viewing_transigence = &coelian_grossart; rooftops_musty = ((earlap_unvoices *)(((unsigned long )viewing_transigence) * impossibilities_zizania * impossibilities_zizania)) + 5; free(((char *)( *(rooftops_musty - 5)))); 0 --------------------------------- 9309 153751/color.c cppfunc 118 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9310 110476/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_31.c cppfunc 73 data = 20; int dataCopy = data; int data = dataCopy; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9311 70500/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_05.c cppfunc 136 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9312 67432/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9313 153800/avdevice.c cppfunc 98 int tenons_gashliness = 53; stonesoup_read_taint(&puruloid_ploughshoe,"9537",tenons_gashliness); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 9314 70520/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_41.c cppfunc 104 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9315 71422/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_15.c cppfunc 80 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9316 62750/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_73.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9317 148923/tvbuff.c cppfunc 1383 IEEE_DP_MANTISSA_WIDTH; exponent = ((exponent >> IEEE_DP_MANTISSA_WIDTH) - IEEE_DP_BIAS) - return -mantissa * pow(2, exponent); return get_ieee_double(ieee_fp_union.dw); return get_ieee_double(ieee_fp_union.dw); get_ieee_double(const guint64 w) exponent = w & IEEE_DP_EXPONENT_MASK; exponent = ((exponent >> IEEE_DP_MANTISSA_WIDTH) - IEEE_DP_BIAS) - return -mantissa * pow(2, exponent); 0 --------------------------------- 9318 148923/tvbuff.c cppfunc 1385 IEEE_DP_MANTISSA_WIDTH; exponent = ((exponent >> IEEE_DP_MANTISSA_WIDTH) - IEEE_DP_BIAS) - return mantissa * pow(2, exponent); return get_ieee_double(ieee_fp_union.dw); return get_ieee_double(ieee_fp_union.dw); get_ieee_double(const guint64 w) exponent = w & IEEE_DP_EXPONENT_MASK; exponent = ((exponent >> IEEE_DP_MANTISSA_WIDTH) - IEEE_DP_BIAS) - return mantissa * pow(2, exponent); 0 --------------------------------- 9319 66282/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_03.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9320 148821/Element.cpp cppfunc 1257 PassRefPtr Element::getAttributeNode(const String& name) NamedNodeMap* attrs = attributes(true); String localName = shouldIgnoreAttributeCase(this) ? name.lower() : name; return static_pointer_cast(attrs->getNamedItem(localName)); 0 --------------------------------- 9321 79417/CWE134_Uncontrolled_Format_String__char_console_fprintf_53.c inputfunc 94 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_53b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_53b_goodB2GSink(char * data); 0 --------------------------------- 9322 153055/config_file.c cppfunc 112 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9323 199254/double_free.c cppfunc 103 char* ptr= (char*) malloc(sizeof(char)); free(ptr); free(ptr); 0 --------------------------------- 9324 153760/aviobuf.c cppfunc 1060 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *respective_nugae; stonesoup_read_taint(&respective_nugae,"SYNTONIZER_HOARSER"); exteriorness_androgenous = &respective_nugae; cep_cerrogordo = exteriorness_androgenous + 5; free(((char *)( *(cep_cerrogordo - 5)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&respective_nugae,"SYNTONIZER_HOARSER"); exteriorness_androgenous = &respective_nugae; cep_cerrogordo = exteriorness_androgenous + 5; free(((char *)( *(cep_cerrogordo - 5)))); 0 --------------------------------- 9325 79354/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_17.c cppfunc 248 static void goodG2BVaSinkB(char * data, ...) goodG2BVaSinkB(data, data); char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 9326 70739/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_04.c cppfunc 77 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9327 71000/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_41.c cppfunc 59 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_41_goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9328 153282/file_wrappers.c cppfunc 128 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9329 153331/emem.c cppfunc 200 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 9330 70859/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_44.c cppfunc 65 static void goodG2BSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9331 62982/CWE121_Stack_Based_Buffer_Overflow__CWE135_62.cpp cppfunc 81 data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 9332 70497/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_02.c cppfunc 130 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9333 71643/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_74.cpp cppfunc 159 data = (int64_t *)malloc(100*sizeof(int64_t)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int64_t * data = dataMap[2]; memmove(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 9334 73696/CWE124_Buffer_Underwrite__CWE839_listen_socket_03.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9335 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c cppfunc 88 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 9336 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c cppfunc 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9337 153633/bufmgr.c cppfunc 2739 lickspittle_eroding coefficacy_bedwell = 0; va_list azymite_petroleum; __builtin_va_start(azymite_petroleum,medicining_pareu); coefficacy_bedwell = (va_arg(azymite_petroleum,lickspittle_eroding )); GREYING_CHAIRWOMAN(coefficacy_bedwell); void northerners_yowie(lickspittle_eroding worthies_halfpence) free(((char *)worthies_halfpence)); 0 --------------------------------- 9338 153152/eng_table.c cppfunc 114 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9339 72342/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_33.cpp cppfunc 68 char * &dataRef = data; char * data = dataRef; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9340 153029/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9341 153283/color.c cppfunc 331 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9342 153283/color.c cppfunc 333 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9343 153731/img2.c cppfunc 43 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9344 62712/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_05.c cppfunc 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9345 1298/crackaddr-ok.c cppfunc 336 register char *addr; char address[100]; scanf("%99s", address); res_addr = crackaddr(address); addr++; p = addrhead = addr; p++; while ((c = *p++) != ':') p++; p++; while ((c = *p++) != '<') while ((c = *p++) != '\0') if ((c = *p++) == '\0') p--; p++; while (p > addr && isascii((int) *--p) && isspace((int) *p)) 0 --------------------------------- 9346 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c cppfunc 57 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45_badData = data; badSink(); char * data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45_badData; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9347 67755/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_74.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9348 153214/pgstat.c inputfunc 3395 if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); memcpy(dbentry,(&dbbuf),sizeof(PgStat_StatDBEntry )); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); FreeFile(fpin); 0 --------------------------------- 9349 72322/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_03.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9350 67393/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_72.cpp cppfunc 164 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 9351 72397/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_51.c cppfunc 122 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_51b_badSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 9352 67734/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_33.cpp inputfunc 246 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 9353 153059/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9354 66298/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_21.c cppfunc 72 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 9355 152891/color.c cppfunc 334 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9356 152891/color.c cppfunc 332 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9357 153270/dynahash.c inputfunc 294 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&valeted_epitaphize,"NONIMMIGRANT_QUINCUNXES"); if (valeted_epitaphize != 0) {; overtaxation_tantaluses = ((int )(strlen(valeted_epitaphize))); gloom_ungnawed = ((char *)(malloc(overtaxation_tantaluses + 1))); if (gloom_ungnawed == 0) { memcpy(gloom_ungnawed,valeted_epitaphize,overtaxation_tantaluses); if (valeted_epitaphize != 0) free(((char *)valeted_epitaphize)); acondylose_cigarillos = &gloom_ungnawed; SAGGIER_OUTRAKE(acondylose_cigarillos); void relata_watertightness(char **bentonville_semisilica) SAGGIER_OUTRAKE(acondylose_cigarillos); 0 --------------------------------- 9358 72115/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_63.c cppfunc 140 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 9359 62570/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_07.c inputfunc 89 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 9360 65161/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_10.c cppfunc 71 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 9361 153421/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9362 153421/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9363 153421/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9364 71001/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_42.c cppfunc 71 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; data = goodG2BSource(data); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9365 70488/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68.c cppfunc 377 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9366 152935/config_file.c cppfunc 940 void *farmdale_lackawanna = 0; reticent_neonatology(subexternal_canvasman,farmdale_lackawanna); reticent_neonatology(grozet_hypochloremia,twint_haslett); void reticent_neonatology(int grozet_hypochloremia,void *twint_haslett) free(((char *)((char *)twint_haslett))); 0 --------------------------------- 9367 153053/img2.c cppfunc 93 stonesoup_read_taint(&spath_cosmoplastic,"PURIFICATOR_EXPOSITORINESS"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 9368 153053/img2.c inputfunc 96 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&spath_cosmoplastic,"PURIFICATOR_EXPOSITORINESS"); if (spath_cosmoplastic != 0) {; 0 --------------------------------- 9369 110456/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_01.c cppfunc 66 data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9370 153246/emem.c cppfunc 190 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 9371 153471/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 9372 71408/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_01.c cppfunc 38 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9373 153268/mux.c cppfunc 75 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9374 153398/timestamp.c cppfunc 78 stonesoup_printf("string is too short to test\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9375 70832/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_01.c cppfunc 61 data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9376 153000/color.c cppfunc 601 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 9377 153244/color.c cppfunc 362 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9378 153196/main_filter_toolbar.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9379 153244/color.c cppfunc 364 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9380 152921/color.c cppfunc 118 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9381 72116/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_64.c cppfunc 146 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 9382 73080/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_68.c cppfunc 130 char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_68_badData; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 9383 71177/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_10.c cppfunc 92 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 9384 153346/img2.c cppfunc 132 va_list millstream_philogynaecic; __builtin_va_start(millstream_philogynaecic,ass_addams); cardioschisis_overproviding = (va_arg(millstream_philogynaecic,pupas_superaffiuence )); 0 --------------------------------- 9385 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c inputfunc 90 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 9386 67413/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_14.c cppfunc 80 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9387 153515/color.c cppfunc 597 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int upcaught_chemosmotic = 53; char *saltary_brininess; stonesoup_read_taint(&saltary_brininess,"5835",upcaught_chemosmotic); free(((char *)saltary_brininess)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&saltary_brininess,"5835",upcaught_chemosmotic); free(((char *)saltary_brininess)); 0 --------------------------------- 9388 199284/memory_allocation_failure.c cppfunc 155 vptr = (int *)calloc(memory_allocation_failure_005_gbl*memory_allocation_failure_005_gbl, sizeof(int)); vptr = (char *)calloc(10, sizeof(char)); vptr = (float *)calloc(10, sizeof(float)); ret = memory_allocation_failure_005_func_001 (1); free(vptr); 0 --------------------------------- 9389 153047/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9390 66575/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_08.c cppfunc 96 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9391 153741/color.c cppfunc 344 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9392 153741/color.c cppfunc 342 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9393 153736/types.c cppfunc 129 svn_error_t *svn_revnum_parse(svn_revnum_t *rev,const char *str,const char **endptr) char *end; svn_revnum_t result = strtol(str,&end,10); 0 --------------------------------- 9394 72135/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_08.c cppfunc 110 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9395 66234/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_03.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9396 72137/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_10.c cppfunc 41 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9397 153538/tile-manager.c cppfunc 72 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 9398 153621/avdevice.c cppfunc 48 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9399 153245/e_bf.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9400 153245/e_bf.c cppfunc 111 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9401 79354/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_17.c cppfunc 155 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 9402 153003/cmdutils.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9403 71388/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_45.c cppfunc 66 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_45_goodG2BData; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 9404 72770/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_21.c cppfunc 94 static wchar_t * goodG2B1Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = goodG2B1Source(data); data[50-1] = L'\0'; return data; data = goodG2B1Source(data); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 9405 62732/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_41.c cppfunc 101 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9406 153545/main_filter_toolbar.c cppfunc 113 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9407 153093/main_filter_toolbar.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9408 153288/color.c cppfunc 610 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int backoff_blastomas = 596; char *meadowlarks_bannock; stonesoup_read_taint(&meadowlarks_bannock,"9830",backoff_blastomas); free(((char *)meadowlarks_bannock)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&meadowlarks_bannock,"9830",backoff_blastomas); free(((char *)meadowlarks_bannock)); 0 --------------------------------- 9409 153004/tile-manager.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9410 153484/stream.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9411 70513/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_18.c cppfunc 162 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9412 67753/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_72.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9413 153827/color.c cppfunc 352 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 9414 70648/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_09.c cppfunc 262 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9415 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c inputfunc 137 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 9416 72159/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53.c cppfunc 241 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9417 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c cppfunc 150 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 9418 70895/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_16.c cppfunc 69 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9419 67596/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_45.cpp cppfunc 171 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9420 153306/error.c cppfunc 137 whisperable_discutable = ((char *)approximative_stewed . holabird_salinometer); stonesoup_buffer = malloc((strlen(whisperable_discutable) + 1) * sizeof(char )); strcpy(stonesoup_buffer,whisperable_discutable); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 9421 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c cppfunc 31 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 9422 110509/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_06.c cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9423 152922/column.c cppfunc 1295 void pyretic_gunmen(int borocarbide_lituite,char **monomya_graving) pyretic_gunmen(borocarbide_lituite,monomya_graving); free(((char *)monomya_graving[7])); void stonesoup_handle_taint(char *attemperator_goodly) enviroment_peripheroceptor[7] = attemperator_goodly; dogfishes_panspermatist = enviroment_peripheroceptor; pyretic_gunmen(topotaxis_limmu,dogfishes_panspermatist); 0 --------------------------------- 9424 70644/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_05.c cppfunc 268 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9425 110517/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_14.c cppfunc 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9426 65393/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_02.c cppfunc 71 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 9427 72201/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_42.c cppfunc 78 data[0] = L'\0'; return data; data = goodG2BSource(data); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 9428 1299/util-bad.c cppfunc 98 register int sz; sz = 1; p = malloc((unsigned) sz); 0 --------------------------------- 9429 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c inputfunc 126 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 9430 72861/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_14.c cppfunc 71 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9431 110318/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_07.c cppfunc 159 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9432 153106/config.c cppfunc 107 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9433 66619/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_04.c cppfunc 73 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9434 72337/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_18.c cppfunc 62 data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9435 72396/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_45.c cppfunc 64 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_45_goodG2BData; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 9436 71468/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_13.c cppfunc 99 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 9437 67322/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_21.c cppfunc 71 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 9438 72184/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_09.c cppfunc 77 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 9439 70438/CWE122_Heap_Based_Buffer_Overflow__CWE135_66.c cppfunc 155 void CWE122_Heap_Based_Buffer_Overflow__CWE135_66b_badSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 9440 153495/timestamp.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9441 70514/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_21.c cppfunc 192 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9442 153823/string.c cppfunc 66 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9443 110659/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_12.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9444 72975/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53.c cppfunc 221 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53d_badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9445 72890/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_73.cpp cppfunc 169 list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9446 153259/emem.c cppfunc 183 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9447 153259/emem.c cppfunc 186 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9448 72153/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_42.c cppfunc 44 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9449 62571/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_08.c cppfunc 100 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9450 72054/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_33.cpp cppfunc 44 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9451 73737/CWE124_Buffer_Underwrite__CWE839_listen_socket_74.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9452 153367/dirent_uri.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9453 67747/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_63.cpp cppfunc 182 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9454 153299/bio_err.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9455 71346/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_62.cpp cppfunc 42 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9456 153169/e_bf.c cppfunc 119 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9457 153169/e_bf.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9458 72722/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_21.c cppfunc 100 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 9459 66533/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_14.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9460 153011/eng_table.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9461 153394/error.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9462 153394/error.c cppfunc 89 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9463 110334/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_33.cpp cppfunc 152 int &dataRef = data; int data = dataRef; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9464 67418/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_21.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 9465 67727/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_16.cpp cppfunc 196 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9466 153686/color.c cppfunc 329 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9467 153403/error.c cppfunc 104 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9468 153345/eng_table.c cppfunc 222 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 9469 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c cppfunc 297 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 9470 153062/main_statusbar.c cppfunc 1083 void stonesoup_handle_taint(char *gurr_britzkas) nonpecuniary_amphichrome = ((int )(strlen(gurr_britzkas))); lenotre_sentition = ((char *)(malloc(nonpecuniary_amphichrome + 1))); 0 --------------------------------- 9471 110534/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_52.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9472 62979/CWE121_Stack_Based_Buffer_Overflow__CWE135_53.c cppfunc 280 void CWE121_Stack_Based_Buffer_Overflow__CWE135_53c_goodB2GSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 9473 153537/heapam.c cppfunc 581 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; struct cooer_villainously organical_infantive; char *stocktaking_schoolbook; stonesoup_read_taint(&stocktaking_schoolbook,"PARA_STORYMONGER"); organical_infantive . unquietly_sade = ((char *)stocktaking_schoolbook); mesole_dingiest[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *slidage_numerologists)))))))))))))))))))))))))))))))))))))))))))))))))] = organical_infantive; semitechnical_cedrol = mesole_dingiest[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *slidage_numerologists)))))))))))))))))))))))))))))))))))))))))))))))))]; free(((char *)semitechnical_cedrol . unquietly_sade)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&stocktaking_schoolbook,"PARA_STORYMONGER"); organical_infantive . unquietly_sade = ((char *)stocktaking_schoolbook); semitechnical_cedrol = mesole_dingiest[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *slidage_numerologists)))))))))))))))))))))))))))))))))))))))))))))))))]; free(((char *)semitechnical_cedrol . unquietly_sade)); 0 --------------------------------- 9474 62579/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_16.c cppfunc 89 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9475 71008/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54.c cppfunc 291 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54e_badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9476 70863/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53.c cppfunc 238 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53d_badSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9477 66625/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_10.c cppfunc 86 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9478 71446/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_66.c cppfunc 148 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9479 153353/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9480 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c cppfunc 251 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9481 66555/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_63.c cppfunc 50 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9482 153708/bss_file.c cppfunc 365 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *lectionary_metallist; stonesoup_read_taint(&lectionary_metallist,"PHOTOETCHING_INQUILINISM"); carnified_muddlement = lectionary_metallist; free(((char *)carnified_muddlement)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&lectionary_metallist,"PHOTOETCHING_INQUILINISM"); carnified_muddlement = lectionary_metallist; free(((char *)carnified_muddlement)); 0 --------------------------------- 9483 152952/resowner.c cppfunc 169 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9484 153597/color.c cppfunc 120 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9485 153597/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9486 153013/file_wrappers.c cppfunc 124 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9487 153013/file_wrappers.c cppfunc 126 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9488 153280/hashfn.c cppfunc 65 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9489 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c cppfunc 88 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 9490 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c cppfunc 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9491 70923/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_74.cpp cppfunc 175 data = (char *)malloc((10+1)*sizeof(char)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9492 153377/emem.c cppfunc 1177 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int athymy_peacekeeper = 1001; char *favosites_anauxite;; stonesoup_read_taint(&favosites_anauxite,"9920",athymy_peacekeeper); neoholmia_fritze = ((void *)favosites_anauxite); free(((char *)((char *)neoholmia_fritze))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&favosites_anauxite,"9920",athymy_peacekeeper); neoholmia_fritze = ((void *)favosites_anauxite); free(((char *)((char *)neoholmia_fritze))); 0 --------------------------------- 9493 199254/double_free.c cppfunc 76 char* ptr= (char*) malloc(10*sizeof(char)); for(i=0;i<10;i++) *(ptr+i)='a'; free(ptr); 0 --------------------------------- 9494 153272/color.c cppfunc 344 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9495 153559/avpacket.c cppfunc 44 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9496 153264/types.c cppfunc 47 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9497 62572/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_09.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9498 72835/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_63.c cppfunc 121 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_63b_badSink(char * * dataPtr) char * data = *dataPtr; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 9499 153402/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9500 152998/string.c cppfunc 117 int exactitude_underfactor = 40; stonesoup_read_taint(&surnaming_pretenseless,"3199",exactitude_underfactor); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 9501 72972/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_45.c cppfunc 66 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_45_goodG2BData; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9502 70898/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_21.c cppfunc 93 data = (char *)malloc((10+1)*sizeof(char)); return data; data = NULL; data = goodG2B1Source(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); static char * goodG2B1Source(char * data) return data; data = goodG2B1Source(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9503 153144/avpacket.c cppfunc 74 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9504 62988/CWE121_Stack_Based_Buffer_Overflow__CWE135_68.c cppfunc 181 data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_68_goodB2GData = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_68b_goodB2GSink(); void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_68_goodB2GData; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 9505 71416/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_09.c cppfunc 73 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9506 153375/mux.c cppfunc 1400 void wil_insolent(void ***************************************************preprinted_photonephograph) deflagrates_stoneyard(preprinted_photonephograph); void deflagrates_stoneyard(void ***************************************************garble_triticum) free(((char *)((char *)( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *garble_triticum))))))))))))))))))))))))))))))))))))))))))))))))))))); 0 --------------------------------- 9507 70424/CWE122_Heap_Based_Buffer_Overflow__CWE135_41.c cppfunc 90 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; goodB2GSink(data); static void goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 9508 153272/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9509 153159/timestamp.c cppfunc 70 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9510 153394/error.c cppfunc 103 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9511 66618/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_03.c cppfunc 66 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9512 110396/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_64.c cppfunc 165 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_64b_goodG2BSink(&data); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_64b_goodG2BSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9513 153324/aviobuf.c cppfunc 72 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9514 110368/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_09.c cppfunc 90 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9515 72297/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_42.c cppfunc 70 data[50-1] = '\0'; return data; data = goodG2BSource(data); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9516 153162/color.c cppfunc 329 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9517 70498/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_03.c cppfunc 270 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9518 70525/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51.c cppfunc 174 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9519 71009/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_61.c cppfunc 62 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_61b_goodG2BSource(data); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9520 66372/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_81a.cpp cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9521 70658/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_21.c cppfunc 419 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9522 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 9523 71473/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_18.c cppfunc 70 data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 9524 153515/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9525 70665/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_42.c cppfunc 75 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9526 72835/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_63.c cppfunc 140 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 9527 71739/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_74.cpp cppfunc 159 data = (int *)malloc(100*sizeof(int)); dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int * data = dataMap[2]; memcpy(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 9528 70990/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_15.c cppfunc 102 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9529 71370/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_11.c cppfunc 93 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 9530 73083/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_74.cpp cppfunc 165 data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 9531 73317/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_74.cpp cppfunc 144 void badSink(map dataMap) int64_t * data = dataMap[2]; printLongLongLine(*data); free(data); 0 --------------------------------- 9532 79421/CWE134_Uncontrolled_Format_String__char_console_fprintf_63.c inputfunc 94 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_63b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_63b_goodB2GSink(char * * dataPtr) CWE134_Uncontrolled_Format_String__char_console_fprintf_63b_goodB2GSink(&data); char * data = *dataPtr; fprintf(stdout, "%s\n", data); 0 --------------------------------- 9533 153134/main_statusbar.c cppfunc 161 tetradactyly_boxerism = getenv("SANCY_BOBBLED"); fourragere_britannia[ *( *( *( *( *( *( *( *( *( *unshrined_manuf)))))))))] = tetradactyly_boxerism; befreckle_utfangthief = fourragere_britannia[ *( *( *( *( *( *( *( *( *( *unshrined_manuf)))))))))]; norry_hyperspherical = ((char *)befreckle_utfangthief); stonesoup_buffer = malloc((strlen(norry_hyperspherical) + 1) * sizeof(char )); strcpy(stonesoup_buffer,norry_hyperspherical); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 9534 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c cppfunc 386 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 9535 153699/cmdline.c cppfunc 118 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9536 153212/utils.c cppfunc 120 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 9537 153803/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9538 153699/cmdline.c cppfunc 116 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9539 62987/CWE121_Stack_Based_Buffer_Overflow__CWE135_67.c cppfunc 172 void CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 9540 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c cppfunc 389 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 9541 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c cppfunc 91 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9542 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c cppfunc 94 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 9543 62576/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_13.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9544 148828/markup.cpp cppfunc 226 appendEscapedContent(result, ucharRange(node, range), documentIsHTML); static inline pair ucharRange(const Node *node, const Range *range) appendUCharRange(result, ucharRange(node, range)); if (node == range->endContainer(ec)) length = range->endOffset(ec); if (node == range->startContainer(ec)) { size_t start = range->startOffset(ec); String createMarkup(const Range* range, Vector* nodes, EAnnotateForInterchange annotate, bool convertBlocksToInlines) Document* document = range->ownerDocument(); Frame* frame = document->frame(); DeleteButtonController* deleteButton = frame ? frame->editor()->deleteButtonController() : 0; RefPtr updatedRange = avoidIntersectionWithNode(range, deleteButton ? deleteButton->containerElement() : 0); bool collapsed = updatedRange->collapsed(ec); Node* commonAncestor = updatedRange->commonAncestorContainer(ec); Node* pastEnd = updatedRange->pastLastNode(); Node* startNode = updatedRange->firstNode(); VisiblePosition visibleStart(updatedRange->startPosition(), VP_DEFAULT_AFFINITY); VisiblePosition visibleEnd(updatedRange->endPosition(), VP_DEFAULT_AFFINITY); markups.append(getStartMarkup(n, updatedRange.get(), annotate)); preMarkups.append(getStartMarkup(parent, updatedRange.get(), annotate)); Node* fullySelectedRoot = body && areRangesEqual(VisibleSelection::selectionFromContentsOfNode(body).toNormalizedRange().get(), updatedRange.get()) ? body : 0; preMarkups.append(getStartMarkup(ancestor, updatedRange.get(), annotate, convertBlocksToInlines, 0, DoesNotFullySelectNode)); static String getStartMarkup(const Node* node, const Range* range, EAnnotateForInterchange annotate, bool convertBlocksToInlines = false, HashMap* namespaces = 0, RangeFullySelectsNode rangeFullySelectsNode = DoesFullySelectNode) appendStartMarkup(result, node, range, annotate, convertBlocksToInlines, namespaces, rangeFullySelectsNode); static void appendStartMarkup(Vector& result, const Node* node, const Range* range, EAnnotateForInterchange annotate, bool convertBlocksToInlines = false, HashMap* namespaces = 0, RangeFullySelectsNode rangeFullySelectsNode = DoesFullySelectNode) appendUCharRange(result, ucharRange(node, range)); appendEscapedContent(result, ucharRange(node, range), documentIsHTML); String markup = escapeContentText(useRenderedText ? renderedText(node, range) : stringValueForRange(node, range), false); static String stringValueForRange(const Node* node, const Range* range) ExceptionCode ec; if (node == range->endContainer(ec)) str.truncate(range->endOffset(ec)); if (node == range->startContainer(ec)) str.remove(0, range->startOffset(ec)); 0 --------------------------------- 9545 153597/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9546 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 9547 72642/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_62.cpp cppfunc 146 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 9548 66334/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_07.c cppfunc 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9549 66285/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_06.c cppfunc 86 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9550 66526/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_07.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9551 72285/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_14.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9552 72166/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_66.c cppfunc 128 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9553 1302/main.c cppfunc 87 header->h_field = (char *) malloc(sizeof(char) * 100); header->h_value = (char *) malloc(sizeof(char) * 100); e->e_id = (char *) malloc(sizeof(char) * 50); 0 --------------------------------- 9554 153585/color.c cppfunc 91 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9555 153720/resowner.c cppfunc 745 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int gnar_relocations = 91; char *gotos_dahle; stonesoup_read_taint(&gotos_dahle,"7533",gnar_relocations); nosean_metsky = gotos_dahle; multisacculate_bettongia = &nosean_metsky; amsonia_fordham = multisacculate_bettongia + 5; free(((char *)( *(amsonia_fordham - 5)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&gotos_dahle,"7533",gnar_relocations); nosean_metsky = gotos_dahle; multisacculate_bettongia = &nosean_metsky; amsonia_fordham = multisacculate_bettongia + 5; free(((char *)( *(amsonia_fordham - 5)))); 0 --------------------------------- 9556 153185/color.c cppfunc 362 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9557 152888/mem_dbg.c cppfunc 238 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9558 153185/color.c cppfunc 364 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9559 152888/mem_dbg.c cppfunc 234 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9560 153419/avfilter.c cppfunc 205 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *bakers_countersurprise;; stonesoup_read_taint(&bakers_countersurprise,"TRAYLIKE_FOOTINGS"); misadvantage_nontemporal[ *cambogia_leku] = bakers_countersurprise; muzz_inferiors = misadvantage_nontemporal[ *cambogia_leku]; free(((char *)muzz_inferiors)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&bakers_countersurprise,"TRAYLIKE_FOOTINGS"); misadvantage_nontemporal[ *cambogia_leku] = bakers_countersurprise; muzz_inferiors = misadvantage_nontemporal[ *cambogia_leku]; free(((char *)muzz_inferiors)); 0 --------------------------------- 9561 153775/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9562 70947/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22.c cppfunc 72 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B1Source(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 9563 73700/CWE124_Buffer_Underwrite__CWE839_listen_socket_07.c cppfunc 191 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9564 153108/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9565 72698/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_73.cpp cppfunc 167 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncat(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 9566 152976/column-utils.c cppfunc 90 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9567 110475/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22.c cppfunc 102 data = -1; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22_goodG2B2Source(data); data = 20; return data; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22_goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); int CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22_goodG2B2Source(int data) return data; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22_goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9568 153423/error.c cppfunc 87 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9569 110796/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_05.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9570 67513/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12.c cppfunc 38 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 9571 67490/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_07.c cppfunc 81 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 9572 153544/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9573 110658/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_11.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9574 110543/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67.c cppfunc 269 CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67_structType myStruct; data = 20; myStruct.structFirst = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67b_goodG2BSink(myStruct); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67b_goodG2BSink(CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67_structType myStruct) int data = myStruct.structFirst; intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9575 153376/color.c cppfunc 357 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 9576 73624/CWE124_Buffer_Underwrite__CWE839_fgets_43.cpp cppfunc 119 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9577 153323/resowner.c cppfunc 181 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9578 153513/utils.c cppfunc 4954 void stonesoup_handle_taint(char *pva_federalizes) achlorhydria_unpeculiarly . reunionistic_cabinlike = ((char *)pva_federalizes); upclimbed_cellule(achlorhydria_unpeculiarly); void upclimbed_cellule(struct ulicon_crosswicks pochay_mercator) free(((char *)pochay_mercator . reunionistic_cabinlike)); 0 --------------------------------- 9579 110317/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_06.c cppfunc 183 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9580 72733/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_51.c cppfunc 139 data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_51b_goodG2BSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 9581 66603/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_63.c cppfunc 50 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9582 153763/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9583 153554/error.c cppfunc 75 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9584 153468/utils.c cppfunc 4265 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { *port_ptr = atoi(brk + 2); 0 --------------------------------- 9585 152964/color.c cppfunc 359 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 9586 153436/mux.c cppfunc 963 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int culmen_lumbye = 596; char *outkeeper_deprotestantize; stonesoup_read_taint(&outkeeper_deprotestantize,"8962",culmen_lumbye); unmigratory_valerians . oxamate_counsels = outkeeper_deprotestantize; subsyndicate_reimprint(unmigratory_valerians); void subsyndicate_reimprint(const union tribady_parkston clervaux_obolos) free(((char *)((union tribady_parkston )clervaux_obolos) . oxamate_counsels)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&outkeeper_deprotestantize,"8962",culmen_lumbye); unmigratory_valerians . oxamate_counsels = outkeeper_deprotestantize; subsyndicate_reimprint(unmigratory_valerians); 0 --------------------------------- 9587 66629/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_14.c cppfunc 37 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9588 110385/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_42.c cppfunc 91 data = 20; return data; data = goodG2BSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9589 72891/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_74.cpp cppfunc 150 void badSink(map dataMap) char * data = dataMap[2]; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9590 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c inputfunc 108 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 9591 152898/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9592 149114/fmt_string_local_control_flow-good.c inputfunc 29 int main(int argc, char *argv[]) if (argc > 1) { func(argv[1]); 0 --------------------------------- 9593 110364/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_05.c cppfunc 97 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9594 72757/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_06.c cppfunc 97 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 9595 153526/pgstat.c cppfunc 4176 void shubunkin_gimmal(mondrian_salchow albumenise_unsliced) andie_preinstructed(albumenise_unsliced); void andie_preinstructed(mondrian_salchow tradespeople_klosters) free(((char *)((mondrian_salchow )tradespeople_klosters))); 0 --------------------------------- 9596 153733/column.c cppfunc 62 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9597 152917/cmdutils.c cppfunc 821 void parse_loglevel(int argc,char **argv,const OptionDef *options) int idx = locate_option(argc,argv,options,"loglevel"); int locate_option(int argc,char **argv,const OptionDef *options,const char *optname) idx = locate_option(argc,argv,options,"v"); opt_loglevel(((void *)0),"loglevel",argv[idx + 1]); int opt_loglevel(void *optctx,const char *opt,const char *arg) char *tail; if (!strcmp(log_levels[i] . name,arg)) { level = (strtol(arg,&tail,'\n')); 0 --------------------------------- 9598 153592/main_filter_toolbar.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9599 153616/mux.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9600 66297/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_18.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9601 71386/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_43.cpp cppfunc 73 data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 9602 79518/CWE134_Uncontrolled_Format_String__char_console_snprintf_64.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_64b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_64b_goodB2GSink(void * dataVoidPtr) CWE134_Uncontrolled_Format_String__char_console_snprintf_64b_goodB2GSink(&data); char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 9603 73049/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_10.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 9604 67747/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_63.cpp inputfunc 98 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 9605 153741/color.c cppfunc 90 stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9606 153741/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9607 72145/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_18.c cppfunc 66 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9608 66627/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_12.c cppfunc 43 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9609 72711/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_08.c cppfunc 104 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 9610 153027/color.c cppfunc 357 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 9611 70460/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_13.c cppfunc 419 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9612 62749/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_72.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9613 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c cppfunc 353 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63b_goodB2GSink(char * * dataPtr) char * data = *dataPtr; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9614 153217/gimpdisplay.c cppfunc 816 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int posho_undeclarative = 596; char *colluvia_laris;; stonesoup_read_taint(&colluvia_laris,"5936",posho_undeclarative); decurt_verene = ((int )(strlen(colluvia_laris))); memcpy(capitolium_imaginous,colluvia_laris,decurt_verene); free(((char *)colluvia_laris)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&colluvia_laris,"5936",posho_undeclarative); decurt_verene = ((int )(strlen(colluvia_laris))); memcpy(capitolium_imaginous,colluvia_laris,decurt_verene); free(((char *)colluvia_laris)); 0 --------------------------------- 9615 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c cppfunc 356 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 9616 72190/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_15.c cppfunc 112 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 9617 70524/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45.c cppfunc 168 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9618 153506/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9619 70864/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54.c cppfunc 292 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54e_badSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9620 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c inputfunc 145 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_goodB2GData = data; goodB2GSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_goodB2GData; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9621 70497/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_02.c cppfunc 228 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9622 153683/tile.c cppfunc 81 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9623 153325/aviobuf.c cppfunc 84 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9624 153325/aviobuf.c cppfunc 82 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9625 72455/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67.c cppfunc 134 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 9626 67581/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_14.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9627 69201/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_02.cpp cppfunc 96 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 9628 153002/hashfn.c cppfunc 187 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int intertissue_preemptor = 596; char *yucking_gelatinised;; stonesoup_read_taint(&yucking_gelatinised,"5575",intertissue_preemptor); lorrimor_stereoed[5] = yucking_gelatinised; autoantibody_penalizes[1] = 5; talco_matfellon = *(lorrimor_stereoed + autoantibody_penalizes[1]); free(((char *)talco_matfellon)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&yucking_gelatinised,"5575",intertissue_preemptor); lorrimor_stereoed[5] = yucking_gelatinised; talco_matfellon = *(lorrimor_stereoed + autoantibody_penalizes[1]); free(((char *)talco_matfellon)); 0 --------------------------------- 9629 70646/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_07.c cppfunc 309 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9630 153493/mem_dbg.c cppfunc 235 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 9631 70506/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_11.c cppfunc 130 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9632 72328/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_09.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9633 79470/CWE134_Uncontrolled_Format_String__char_console_printf_64.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_64b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_printf_64b_badSink(void * dataVoidPtr); CWE134_Uncontrolled_Format_String__char_console_printf_64b_badSink(&data); 0 --------------------------------- 9634 153267/stream.c cppfunc 88 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9635 153773/color.c cppfunc 329 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9636 66339/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_12.c cppfunc 68 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9637 73055/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_16.c cppfunc 64 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 9638 152921/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9639 153657/pgstat.c cppfunc 290 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9640 153657/pgstat.c cppfunc 294 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9641 153657/pgstat.c cppfunc 297 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9642 153488/aviobuf.c cppfunc 76 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 9643 152879/eng_table.c cppfunc 117 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9644 153614/utils.c cppfunc 83 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9645 152879/eng_table.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9646 153274/avfilter.c cppfunc 72 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 9647 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c inputfunc 137 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 9648 153304/color.c cppfunc 353 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 9649 153356/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9650 153356/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9651 72099/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22.c cppfunc 69 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_goodG2B1Source(data); wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 9652 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c cppfunc 109 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 9653 71496/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68.c cppfunc 163 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68_goodG2BData; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 9654 153530/bio_err.c cppfunc 148 int coloreds_subaerial = 91; stonesoup_read_taint(&diectasis_ecorse,"8416",coloreds_subaerial); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 9655 73715/CWE124_Buffer_Underwrite__CWE839_listen_socket_32.c cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9656 67409/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_10.c cppfunc 60 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9657 70774/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_66.c cppfunc 133 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9658 70964/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_64.c cppfunc 131 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 9659 72740/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_64.c cppfunc 144 data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 9660 149222/use_after_free_scope-good.c cppfunc 33 str[0] = 'S'; if ((str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(str, "Falut!"); doSomething(str); printf("%s\n", str); free(str); void doSomething(char *str) printf("%s\n", str); free(str); 0 --------------------------------- 9661 152892/oids.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9662 153288/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9663 153399/cmdline.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9664 153399/cmdline.c cppfunc 94 size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9665 153257/mem_dbg.c cppfunc 699 static void print_leak_LHASH_DOALL_ARG(void *arg1,void *arg2) const MEM *a = arg1; print_leak_doall_arg(a,b); static void print_leak_doall_arg(const MEM *m,MEM_LEAK *l) lcl = localtime(&m -> time); 0 --------------------------------- 9666 153399/cmdline.c cppfunc 90 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9667 70661/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_32.c cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9668 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c inputfunc 168 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9669 66545/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_42.c cppfunc 53 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 9670 153502/conf_mod.c cppfunc 152 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9671 153502/conf_mod.c cppfunc 155 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9672 153801/tile-manager.c cppfunc 72 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 9673 72770/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_21.c cppfunc 104 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 9674 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_53b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53b_goodB2GSink(char * data); 0 --------------------------------- 9675 70641/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_02.c cppfunc 304 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9676 67586/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_21.cpp cppfunc 195 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9677 152926/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9678 71737/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_72.cpp cppfunc 159 vector dataVector; data = (int *)malloc(100*sizeof(int)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int * data = dataVector[2]; memcpy(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 9679 73035/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_74.cpp cppfunc 148 void badSink(map dataMap) char * data = dataMap[2]; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 9680 152878/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&bipartisanism_surlier,"TERNED_TORTUOUSNESS"); if (bipartisanism_surlier != 0) {; molten_equally = ((char *)bipartisanism_surlier); strncpy(stonesoup_source, molten_equally, sizeof(stonesoup_source)); if (bipartisanism_surlier != 0) free(((char *)bipartisanism_surlier)); 0 --------------------------------- 9681 72146/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_21.c cppfunc 94 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9682 153298/stream.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9683 153662/mem_dbg.c cppfunc 241 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9684 67607/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_67.cpp cppfunc 93 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9685 71471/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_16.c cppfunc 74 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 9686 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c cppfunc 381 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 9687 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c cppfunc 384 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 9688 67494/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_11.c cppfunc 96 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 9689 153152/eng_table.c cppfunc 392 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int cooncan_cesium = 596; char *opined_fissura; stonesoup_read_taint(&opined_fissura,"9782",cooncan_cesium); hyphemia_pyridone[5] = opined_fissura; rhodus_spiel = 5; nirvanas_thiolacetic = &rhodus_spiel; cognizant_earnest = *(hyphemia_pyridone + *nirvanas_thiolacetic); free(((char *)cognizant_earnest)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&opined_fissura,"9782",cooncan_cesium); hyphemia_pyridone[5] = opined_fissura; cognizant_earnest = *(hyphemia_pyridone + *nirvanas_thiolacetic); free(((char *)cognizant_earnest)); 0 --------------------------------- 9690 71497/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_72.cpp cppfunc 156 void badSink(vector dataVector) char * data = dataVector[2]; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 9691 148966/strutil.c cppfunc 519 hex_digit[2] = '\0'; if (! isxdigit(hex_digit[0]) || ! isxdigit(hex_digit[1])) val = (guint8) strtoul((char *)hex_digit, NULL, 16); 0 --------------------------------- 9692 153408/heapam.c cppfunc 128 stonesoup_input_len = strlen(paganically_arided); stonesoup_function_ptr = malloc(sizeof(void *)); tracepoint(stonesoup_trace, trace_point, "TRIGGER-POINT: AFTER"); stonesoup_printf("mod is true\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9693 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c inputfunc 145 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 9694 110381/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_32.c cppfunc 96 int *dataPtr2 = &data; int data = *dataPtr2; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9695 153273/cmdutils.c cppfunc 835 time_t now; time(&now); tm = localtime((&now)); 0 --------------------------------- 9696 153775/color.c cppfunc 375 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 9697 72887/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67.c cppfunc 135 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9698 66532/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_13.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9699 153689/tile-manager.c cppfunc 53 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9700 153617/emem.c cppfunc 207 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9701 66622/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_07.c cppfunc 92 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9702 110548/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_81a.cpp cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9703 66419/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_74.cpp cppfunc 148 void badSink(map dataMap) wchar_t * data = dataMap[2]; dataLen = wcslen(data); 0 --------------------------------- 9704 72879/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53.c cppfunc 221 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53d_badSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9705 153709/ffmpeg.c cppfunc 176 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9706 153506/color.c cppfunc 324 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9707 153506/color.c cppfunc 326 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9708 66260/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_45.c cppfunc 73 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9709 70653/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_14.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9710 152945/portalmem.c cppfunc 118 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9711 152945/portalmem.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9712 153335/emem.c cppfunc 196 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9713 62734/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_43.cpp cppfunc 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9714 152947/pmsignal.c cppfunc 117 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9715 71098/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_43.cpp cppfunc 74 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 9716 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c cppfunc 151 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 9717 70742/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_07.c cppfunc 76 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9718 152911/eng_lib.c cppfunc 100 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9719 152911/eng_lib.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9720 153810/pgstat.c inputfunc 3370 if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); memcpy(dbentry,(&dbbuf),sizeof(PgStat_StatDBEntry )); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); FreeFile(fpin); 0 --------------------------------- 9721 67721/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_10.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9722 153040/bufmgr.c cppfunc 141 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9723 153773/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9724 70437/CWE122_Heap_Based_Buffer_Overflow__CWE135_65.c cppfunc 151 void CWE122_Heap_Based_Buffer_Overflow__CWE135_65b_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 9725 70653/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_14.c cppfunc 304 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9726 153250/color.c cppfunc 356 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 9727 73728/CWE124_Buffer_Underwrite__CWE839_listen_socket_62.cpp cppfunc 235 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9728 70468/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_31.c cppfunc 175 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9729 70512/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_17.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9730 72309/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_65.c cppfunc 140 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_65b_goodG2BSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9731 67431/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9732 153089/string.c cppfunc 71 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9733 153089/string.c cppfunc 74 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9734 73697/CWE124_Buffer_Underwrite__CWE839_listen_socket_04.c cppfunc 86 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9735 110471/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_16.c cppfunc 74 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9736 1303/mime2-bad.c cppfunc 185 c4 = fgetc(e->e_dfp); while ((c1 = fgetc(e->e_dfp)) != EOF) c2 = fgetc(e->e_dfp); c3 = fgetc(e->e_dfp); } while (isascii(c3) && isspace(c3)); 0 --------------------------------- 9737 70929/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_02.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 9738 73706/CWE124_Buffer_Underwrite__CWE839_listen_socket_13.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9739 153029/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9740 62595/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53.c cppfunc 80 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9741 71594/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_73.cpp cppfunc 142 void badSink(list dataList) int64_t * data = dataList.back(); memcpy(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 9742 72377/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_10.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 9743 153214/pgstat.c cppfunc 414 struct addrinfo *addrs = ((void *)0); ret = pg_getaddrinfo_all("localhost",((void *)0),(&hints),&addrs); for (addr = addrs; addr; addr = addr -> ai_next) { if ((pgStatSock = socket(addr -> ai_family,SOCK_DGRAM,0)) == - 1) { if (bind(pgStatSock,(addr -> ai_addr),addr -> ai_addrlen) < 0) { 0 --------------------------------- 9744 110544/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_68.c cppfunc 243 int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_68_badData; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9745 73708/CWE124_Buffer_Underwrite__CWE839_listen_socket_15.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9746 70473/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_42.c cppfunc 180 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9747 110650/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_03.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9748 70970/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_73.cpp cppfunc 175 list dataList; data = (char *)malloc((10+1)*sizeof(char)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 9749 152903/color.c cppfunc 356 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9750 152903/color.c cppfunc 358 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9751 153301/e_camellia.c cppfunc 112 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9752 153620/color.c cppfunc 345 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9753 153163/color.c cppfunc 358 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9754 71197/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_51.c cppfunc 130 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_51b_badSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 9755 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c cppfunc 238 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 9756 153762/oids.c cppfunc 1330 void stonesoup_handle_taint(char *disorganizing_outlook) protevangelion_beat = ((int )(strlen(disorganizing_outlook))); memcpy(julies_realisers,disorganizing_outlook,protevangelion_beat); free(((char *)disorganizing_outlook)); 0 --------------------------------- 9757 70656/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_17.c cppfunc 194 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9758 67718/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_07.cpp cppfunc 312 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9759 65156/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_05.c cppfunc 78 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 9760 72949/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_06.c cppfunc 75 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9761 153032/timestamp.c cppfunc 64 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9762 70661/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_32.c cppfunc 308 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9763 73040/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_01.c cppfunc 56 data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 9764 73729/CWE124_Buffer_Underwrite__CWE839_listen_socket_63.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9765 153403/error.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9766 73701/CWE124_Buffer_Underwrite__CWE839_listen_socket_08.c cppfunc 305 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9767 153033/color.c cppfunc 605 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *sabe_unweariably) free(((char *)sabe_unweariably)); 0 --------------------------------- 9768 79506/CWE134_Uncontrolled_Format_String__char_console_snprintf_41.c inputfunc 123 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GSink(data); static void goodB2GSink(char * data) SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 9769 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 9770 62968/CWE121_Stack_Based_Buffer_Overflow__CWE135_31.c cppfunc 64 data = (void *)CHAR_STRING; void * dataCopy = data; void * data = dataCopy; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 9771 66367/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_67.c cppfunc 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9772 72359/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67.c cppfunc 134 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67_structType myStruct) char * data = myStruct.structFirst; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9773 73177/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_72.cpp cppfunc 148 void badSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(dest, data); printWLine(data); free(data); 0 --------------------------------- 9774 70672/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54.c cppfunc 614 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9775 153127/utils.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9776 110457/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_02.c cppfunc 77 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9777 73707/CWE124_Buffer_Underwrite__CWE839_listen_socket_14.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9778 70502/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_07.c cppfunc 135 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9779 152907/mutex.c cppfunc 42 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9780 66646/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_52.c cppfunc 57 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9781 70978/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_03.c cppfunc 70 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9782 72602/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_73.cpp cppfunc 167 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 9783 153014/error.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9784 153254/conf_mod.c cppfunc 138 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9785 71017/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_72.cpp cppfunc 156 void badSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9786 66581/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_14.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9787 199284/memory_allocation_failure.c cppfunc 622 double *ptr,b; ptr= (double*) malloc(10*sizeof(double)); free(ptr); 0 --------------------------------- 9788 152937/mutex.c cppfunc 40 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9789 69754/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_43.cpp cppfunc 29 data = new wchar_t[100]; badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 9790 153273/cmdutils.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9791 72329/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_10.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9792 67316/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_13.c cppfunc 80 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9793 72860/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_13.c cppfunc 93 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9794 153490/tile-swap.c cppfunc 623 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int coagulose_ale = 40; char *neele_uvularia; stonesoup_read_taint(&neele_uvularia,"9914",coagulose_ale); bromphenol_observator[22] = neele_uvularia; wader_corotomy = bromphenol_observator; free(((char *)wader_corotomy[22])); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&neele_uvularia,"9914",coagulose_ale); bromphenol_observator[22] = neele_uvularia; wader_corotomy = bromphenol_observator; free(((char *)wader_corotomy[22])); 0 --------------------------------- 9795 70536/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68.c cppfunc 86 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9796 79461/CWE134_Uncontrolled_Format_String__char_console_printf_44.c inputfunc 110 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data); 0 --------------------------------- 9797 67515/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_14.c cppfunc 85 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 9798 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c cppfunc 267 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 9799 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c cppfunc 219 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_goodG2BSink(CWE134_Uncontrolled_Format_String__char_console_vfprintf_67_structType myStruct) char * data = myStruct.structFirst; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9800 153683/tile.c cppfunc 386 void signoras_electrophoric(char *leathernecks_cochranea) acraein_evonymuses(leathernecks_cochranea); void acraein_evonymuses(char *ramblers_wineyard) free(((char *)ramblers_wineyard)); 0 --------------------------------- 9801 148916/strutil.c cppfunc 796 convert_string_to_hex(const char *string, size_t *nbytes) p = &string[0]; c = *p++; if (isspace(c)) if (!isxdigit(c)) { 0 --------------------------------- 9802 72690/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_62.cpp cppfunc 146 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 9803 66585/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_18.c cppfunc 55 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9804 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c cppfunc 151 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9805 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c cppfunc 154 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 9806 66541/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_32.c cppfunc 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9807 72326/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_07.c cppfunc 96 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9808 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c cppfunc 152 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 9809 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c cppfunc 155 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 9810 72948/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_05.c cppfunc 78 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9811 152920/oids.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9812 152882/subtrans.c cppfunc 106 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9813 72699/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_74.cpp cppfunc 149 void badSink(map dataMap) wchar_t * data = dataMap[2]; wcsncat(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 9814 72682/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_43.cpp cppfunc 56 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 9815 72313/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_72.cpp cppfunc 167 vector dataVector; data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9816 62723/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_16.c cppfunc 188 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9817 70656/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_17.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9818 153721/color.c cppfunc 369 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9819 71482/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_43.cpp cppfunc 79 data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 9820 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c inputfunc 176 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9821 153795/conversation.c cppfunc 1265 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); trautvetteria_autodrome[1] = 5; horsy_moonery = *(oxytylote_insanitariness + trautvetteria_autodrome[1]); free(((char *)horsy_moonery)); void stonesoup_handle_taint(char *tweeter_kwannon) accommodating_filespec = tweeter_kwannon; oxytylote_insanitariness[5] = accommodating_filespec; horsy_moonery = *(oxytylote_insanitariness + trautvetteria_autodrome[1]); free(((char *)horsy_moonery)); 0 --------------------------------- 9822 153555/utf.c cppfunc 108 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9823 71290/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_43.cpp cppfunc 46 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9824 66547/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_44.c cppfunc 42 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9825 70454/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_07.c cppfunc 335 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9826 67489/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_06.c cppfunc 81 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 9827 72768/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_17.c cppfunc 37 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 9828 153214/pgstat.c inputfunc 3291 if (fread((&format_id),1,sizeof(format_id),fpin) != sizeof(format_id) || format_id != 0x01A5BC9A) { if (fread((&globalStats),1,sizeof(globalStats),fpin) != sizeof(globalStats)) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 9829 153740/color.c cppfunc 364 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9830 153631/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9831 72335/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_16.c cppfunc 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9832 67586/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_21.cpp cppfunc 141 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9833 71389/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_51.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_51b_badSink(char * data) strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 9834 71018/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_73.cpp cppfunc 156 void badSink(list dataList) wchar_t * data = dataList.back(); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9835 153330/color.c cppfunc 348 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 9836 153228/cryptlib.c cppfunc 165 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9837 72154/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_43.cpp cppfunc 75 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9838 153369/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9839 199234/buffer_overrun_dynamic.c cppfunc 27 char *buf=(char*) calloc(5,sizeof(char)); buf[i]=1; free(buf); 0 --------------------------------- 9840 153369/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9841 65437/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_06.c cppfunc 99 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 9842 153273/cmdutils.c cppfunc 1338 const AVCodecDescriptor **codecs; unsigned int nb_codecs = 0; nb_codecs++; if (!(codecs = (av_calloc(nb_codecs,sizeof(( *codecs)))))) { desc = ((void *)0); while(desc = avcodec_descriptor_next(desc)) codecs[i++] = desc; qsort(codecs,nb_codecs,sizeof(( *codecs)),compare_codec_desc); 0 --------------------------------- 9843 70648/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_09.c cppfunc 369 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9844 110542/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_66.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9845 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c cppfunc 149 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9846 66592/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_41.c cppfunc 67 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9847 71429/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_32.c cppfunc 79 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9848 67722/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_11.cpp inputfunc 208 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 9849 72962/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_21.c cppfunc 92 static wchar_t * goodG2B1Source(wchar_t * data) data = NULL; data = goodG2B1Source(data); data[0] = L'\0'; return data; data = goodG2B1Source(data); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9850 110398/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_66.c cppfunc 165 data = 20; dataArray[2] = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_66b_goodG2BSink(dataArray); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_66b_goodG2BSink(int dataArray[]) int data = dataArray[2]; intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9851 153729/color.c cppfunc 111 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9852 153821/heapam.c cppfunc 138 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9853 70934/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_07.c cppfunc 78 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 9854 70754/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_21.c cppfunc 91 data = (char *)malloc((10+1)*sizeof(char)); return data; data = NULL; data = goodG2B1Source(data); strcpy(data, source); printLine(data); free(data); static char * goodG2B1Source(char * data) return data; data = goodG2B1Source(data); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9855 67394/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_73.cpp cppfunc 164 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcscat(dest, data); 0 --------------------------------- 9856 153011/eng_table.c cppfunc 338 int mexico_shellmonger = 596; char *quebracho_archpriesthood; stonesoup_read_taint(&quebracho_archpriesthood,"9440",mexico_shellmonger); euktolite_yamshik = ((int )(strlen(quebracho_archpriesthood))); repousse_casavant = ((char *)(malloc(euktolite_yamshik + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&quebracho_archpriesthood,"9440",mexico_shellmonger); euktolite_yamshik = ((int )(strlen(quebracho_archpriesthood))); repousse_casavant = ((char *)(malloc(euktolite_yamshik + 1))); 0 --------------------------------- 9857 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c inputfunc 151 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 9858 153347/bufmgr.c cppfunc 109 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9859 66580/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_13.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9860 69202/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_03.cpp cppfunc 96 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 9861 153334/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9862 72104/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_41.c cppfunc 59 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_41_goodG2BSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 9863 153752/heapam.c inputfunc 163 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&crackup_armond,"STANNARY_DREXEL"); if (crackup_armond != 0) {; epilated_fconvert . berake_pomme = ((char *)crackup_armond); staminigerous_depthless[ *sheepcrook_babson] = epilated_fconvert; oafish_fermented = staminigerous_depthless[ *sheepcrook_babson]; arsis_antitonic(derision_tinman,oafish_fermented); } unperturbing_monads--; 0 --------------------------------- 9864 70670/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52.c cppfunc 464 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9865 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c cppfunc 112 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 9866 66316/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_64.c cppfunc 50 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9867 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c cppfunc 359 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64b_goodB2GSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9868 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c inputfunc 163 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9869 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c inputfunc 168 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 9870 153333/utils.c cppfunc 118 int anthocephalous_paraconid = 20; stonesoup_read_taint(&stranglement_sliverer,"7335",anthocephalous_paraconid); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 9871 153214/pgstat.c cppfunc 332 stonesoup_read_taint(&yeuking_ardussi,"BABAKOTO_PSYCHODRAMAS"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 9872 71170/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_03.c cppfunc 92 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 9873 153214/pgstat.c inputfunc 335 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&yeuking_ardussi,"BABAKOTO_PSYCHODRAMAS"); if (yeuking_ardussi != 0) {; 0 --------------------------------- 9874 153152/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 9875 70978/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_03.c cppfunc 89 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9876 72809/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_10.c cppfunc 71 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 9877 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c cppfunc 53 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 9878 153007/tile.c cppfunc 83 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9879 72329/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_10.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9880 153781/emem.c cppfunc 171 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9881 71441/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_61.c cppfunc 39 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 9882 153158/resowner.c cppfunc 168 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9883 70504/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_09.c cppfunc 130 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9884 72374/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_07.c cppfunc 75 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 9885 110355/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_74.cpp cppfunc 226 void badSink(map dataMap) int data = dataMap[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9886 66941/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_74.cpp cppfunc 151 void badSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 9887 72867/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22.c cppfunc 69 data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_goodG2B1Source(data); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 9888 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_goodB2GSink(char * * dataPtr) CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_goodB2GSink(&data); char * data = *dataPtr; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9889 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c cppfunc 157 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45_goodG2BData = data; goodG2BSink(); char * data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45_goodG2BData; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 9890 110549/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_82a.cpp cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9891 110315/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_04.c cppfunc 186 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9892 70487/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67.c cppfunc 352 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9893 153043/cmdline.c cppfunc 913 svn_error_t *svn_cmdline__edit_file_externally(const char *path,const char *editor_cmd,apr_hash_t *config,apr_pool_t *pool) svn_dirent_split(&base_dir,&file_name,path,pool); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char *editor; const char *file_name; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); apr_err = apr_filepath_set(old_cwd,pool); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); 0 --------------------------------- 9894 153290/dynahash.c cppfunc 243 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9895 72952/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_09.c cppfunc 71 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9896 153778/tile-manager.c cppfunc 82 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9897 152995/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 9898 71463/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_08.c cppfunc 113 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 9899 153783/string.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9900 152957/heapam.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9901 153232/e_bf.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9902 153232/e_bf.c cppfunc 113 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9903 153165/cmdline.c cppfunc 1082 e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char **tmpfile_left,const char *editor_cmd, const svn_string_t *contents,const char *filename,apr_hash_t *config,svn_boolean_t as_text,const char *encoding,apr_pool_t *pool) const char *editor; const char *tmpfile_native; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); svn_error_t *svn_err__temp = svn_subst_translate_cstring2(contents -> data,&translated,"\n",0,((void *)0),0,pool); translated_contents = svn_string_create_empty(pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8_ex2(&translated_contents -> data,translated,encoding,pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8(&translated_contents -> data,translated,pool); translated_contents = svn_string_dup(contents,pool); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); svn_error_t *svn_err__temp = svn_io_temp_dir(&base_dir,pool); svn_error_t *svn_err__temp = svn_path_cstring_from_utf8(&temp_dir_apr,base_dir,pool); apr_err = apr_filepath_set(temp_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); err = svn_path_cstring_from_utf8(&tmpfile_apr,tmpfile_name,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x10,pool); apr_file_mtime_set(tmpfile_apr,finfo_before . mtime - 2000,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x00000010 | 0x00000100,pool); err = svn_utf_cstring_from_utf8(&tmpfile_native,tmpfile_name,pool); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); 0 --------------------------------- 9904 1297/crackaddr-bad.c cppfunc 163 register char *addr; char address[100]; scanf("%99s", address); res_addr = crackaddr(address); addr++; while (*addr != '\0' && isascii((int)*addr) && isspace((int)*addr)) 0 --------------------------------- 9905 70656/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_17.c cppfunc 259 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 9906 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c cppfunc 192 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 9907 70976/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_01.c cppfunc 59 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9908 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c cppfunc 195 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 9909 72310/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_66.c cppfunc 144 data[50-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9910 153039/bufmgr.c cppfunc 140 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9911 148923/strutil.c cppfunc 427 s = p+3; punct = s + 1; p = punct; q = p+1; else if (*q && isxdigit(*p) && isxdigit(*q)) { if (is_byte_sep(*punct)) { else if (*q && isxdigit(*p) && is_byte_sep(*q)) { is_byte_sep(guint8 c) if (is_byte_sep(*punct)) { p = punct; q = p+1; else if (*q && isxdigit(*p) && isxdigit(*q)) { if (is_byte_sep(*punct)) { p = punct; q = p+1; else if (*q && isxdigit(*p) && isxdigit(*q)) { else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; q = p+1; else if (*q && isxdigit(*p) && isxdigit(*q)) { hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; q = p+1; && isxdigit(*p) && isxdigit(*q) && p = punct; else if (*q && isxdigit(*p) && isxdigit(*q)) { p = q + 1; q = p+1; punct = q + 1; p = punct; if (is_byte_sep(*punct)) { else if (*q && isxdigit(*p) && isxdigit(*q)) { p = q; else if (*q && isxdigit(*p) && isxdigit(*q)) { 0 --------------------------------- 9912 153023/avpacket.c inputfunc 96 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&aquariiums_gypsologist,"GLAZY_ESTRE"); if (aquariiums_gypsologist != 0) {; *progeneration_chatty = aquariiums_gypsologist; 0 --------------------------------- 9913 153023/avpacket.c cppfunc 93 stonesoup_read_taint(&aquariiums_gypsologist,"GLAZY_ESTRE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 9914 66571/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_04.c cppfunc 89 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9915 79514/CWE134_Uncontrolled_Format_String__char_console_snprintf_54.c inputfunc 47 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_54b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54b_badSink(char * data); 0 --------------------------------- 9916 153329/avfilter.c cppfunc 91 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9917 70432/CWE122_Heap_Based_Buffer_Overflow__CWE135_54.c cppfunc 328 void CWE122_Heap_Based_Buffer_Overflow__CWE135_54e_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 9918 73014/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_33.cpp cppfunc 66 char * &dataRef = data; char * data = dataRef; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 9919 62583/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22.c cppfunc 99 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9920 110663/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_16.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9921 110345/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_61.c cppfunc 91 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_61b_goodG2BSource(data); data = 20; return data; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9922 153756/utf.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 9923 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c cppfunc 228 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 9924 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c cppfunc 225 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 9925 67731/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_22.cpp cppfunc 178 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9926 67321/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_18.c cppfunc 54 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9927 62973/CWE121_Stack_Based_Buffer_Overflow__CWE135_42.c cppfunc 92 data = (void *)WIDE_STRING; return data; data = goodB2GSource(data); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 9928 62973/CWE121_Stack_Based_Buffer_Overflow__CWE135_42.c cppfunc 95 data = (void *)WIDE_STRING; return data; data = goodB2GSource(data); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 9929 69888/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_17.cpp cppfunc 34 data = new wchar_t[100]; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 9930 72362/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_73.cpp cppfunc 167 list dataList; data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9931 70834/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_03.c cppfunc 92 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9932 66568/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_01.c cppfunc 29 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9933 70845/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_14.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 9934 72973/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_51.c cppfunc 141 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_51b_goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 9935 110483/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_44.c cppfunc 69 static void goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9936 66648/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54.c cppfunc 57 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9937 152949/conf_mod.c cppfunc 147 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9938 153641/timestamp.c cppfunc 82 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9939 153819/color.c cppfunc 345 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 9940 153819/color.c cppfunc 343 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9941 153351/oids.c cppfunc 118 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 9942 153348/mutex.c cppfunc 91 int kusimanse_alpax = 40; stonesoup_read_taint(&terena_bustards,"6712",kusimanse_alpax); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 9943 148823/Element.cpp cppfunc 1257 PassRefPtr Element::getAttributeNode(const String& name) NamedNodeMap* attrs = attributes(true); String localName = shouldIgnoreAttributeCase(this) ? name.lower() : name; return static_pointer_cast(attrs->getNamedItem(localName)); 0 --------------------------------- 9944 153273/cmdutils.c inputfunc 1685 ret = (fread(( *bufptr),1, *size,f)); if (ret < *size) { av_free(( *bufptr)); if (ferror(f)) { fclose(f); 0 --------------------------------- 9945 110522/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_21.c cppfunc 187 data = 20; return data; data = -1; data = goodG2B1Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); static int goodG2B1Source(int data) return data; data = goodG2B1Source(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9946 153294/bufmgr.c cppfunc 1071 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int sledger_fighter = 596; char *lemonades_phyllostomus; stonesoup_read_taint(&lemonades_phyllostomus,"5622",sledger_fighter); transformance_bandonion = ((void *)lemonades_phyllostomus); plantulae_texon = &transformance_bandonion; free(((char *)((char *)( *plantulae_texon)))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&lemonades_phyllostomus,"5622",sledger_fighter); transformance_bandonion = ((void *)lemonades_phyllostomus); plantulae_texon = &transformance_bandonion; free(((char *)((char *)( *plantulae_texon)))); 0 --------------------------------- 9947 66243/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_12.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 9948 66243/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_12.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 9949 66418/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_73.cpp cppfunc 170 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); dataLen = wcslen(data); 0 --------------------------------- 9950 73017/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_42.c cppfunc 68 data[50-1] = '\0'; return data; data = goodG2BSource(data); strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 9951 79482/CWE134_Uncontrolled_Format_String__char_console_snprintf_01.c inputfunc 103 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 9952 110364/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_05.c cppfunc 123 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9953 62723/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_16.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9954 71642/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_73.cpp cppfunc 159 list dataList; data = (int64_t *)malloc(100*sizeof(int64_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int64_t * data = dataList.back(); memmove(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 9955 153593/color.c cppfunc 613 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *crystaling_postvaricellar; stonesoup_read_taint(&crystaling_postvaricellar,"JOBY_HESYCHASTIC"); free(((char *)crystaling_postvaricellar)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&crystaling_postvaricellar,"JOBY_HESYCHASTIC"); free(((char *)crystaling_postvaricellar)); 0 --------------------------------- 9956 70496/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c cppfunc 121 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9957 153456/portalmem.c cppfunc 131 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 9958 153333/utils.c cppfunc 4269 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { *port_ptr = atoi(brk + 2); 0 --------------------------------- 9959 67746/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_62.cpp inputfunc 375 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 9960 72762/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_11.c cppfunc 73 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 9961 69873/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_02.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 9962 153267/stream.c cppfunc 199 char *seroot_improvidences;; stonesoup_read_taint(&seroot_improvidences,"CASSANDRE_STEVINSON"); duramens_tintinnabulous = ((int )(strlen(seroot_improvidences))); sogat_claw = ((char *)(malloc(duramens_tintinnabulous + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&seroot_improvidences,"CASSANDRE_STEVINSON"); duramens_tintinnabulous = ((int )(strlen(seroot_improvidences))); sogat_claw = ((char *)(malloc(duramens_tintinnabulous + 1))); 0 --------------------------------- 9963 70938/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_11.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 9964 72372/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_05.c cppfunc 76 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 9965 153656/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9966 70531/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9967 152995/bio_err.c cppfunc 138 int interface_proreption = 40; stonesoup_read_taint(&duotriode_unreprovedly,"1742",interface_proreption); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 9968 153108/color.c cppfunc 359 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 9969 71204/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_64.c cppfunc 152 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 9970 153720/resowner.c cppfunc 153 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9971 65395/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_04.c cppfunc 100 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 9972 153720/resowner.c cppfunc 157 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9973 153017/cryptlib.c cppfunc 226 int scrutinate_ndebele = 596; stonesoup_read_taint(&frayne_enalite,"4915",scrutinate_ndebele); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 9974 199234/buffer_overrun_dynamic.c cppfunc 311 int *buf=(int*) calloc(5,sizeof(int)); free(buf); dynamic_buffer_overrun_017_func_001(4); void dynamic_buffer_overrun_017_func_001 (int index) *(buf +index) = 1; free(buf); 0 --------------------------------- 9975 153373/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9976 1300/recipient-ok.c cppfunc 198 char buf0[MAXNAME + 1]; i = strlen(a->q_user); if (i >= sizeof buf0) buf = xalloc(i + 1); buf = buf0; (void) strcpy(buf, a->q_user); pw = finduser(buf, &fuzzy); free(buf); 0 --------------------------------- 9977 153373/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 9978 153373/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 9979 110458/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_03.c cppfunc 77 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9980 153214/pgstat.c inputfunc 3315 if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { switch(fgetc(fpin)){ if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 9981 71722/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_43.cpp cppfunc 65 data = (int *)malloc(100*sizeof(int)); memcpy(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 9982 110810/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_21.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 9983 72172/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_81_goodG2B.cpp cppfunc 34 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9984 110394/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_62.cpp cppfunc 149 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9985 153715/eng_lib.c cppfunc 137 int sieracki_zebec = 1001; stonesoup_read_taint(&methodism_boogers,"5759",sieracki_zebec); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 9986 110512/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_09.c cppfunc 192 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 9987 153762/oids.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9988 66631/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_16.c cppfunc 62 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 9989 67586/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_21.cpp cppfunc 73 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 9990 63593/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_02.c cppfunc 75 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 9991 153616/mux.c cppfunc 439 furcule_malayalam = getenv("COALFIELD_COMIQUE"); eugeny_animadversions = ((int )(strlen(furcule_malayalam))); fringelike_lactation = ((char *)(malloc(eugeny_animadversions + 1))); 0 --------------------------------- 9992 153697/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 9993 152956/bss_file.c cppfunc 142 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 9994 153585/color.c cppfunc 612 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *dimplier_arnotto) free(((char *)dimplier_arnotto)); 0 --------------------------------- 9995 71369/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_10.c cppfunc 71 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 9996 72128/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_01.c cppfunc 62 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 9997 153337/img2.c cppfunc 254 goosebone_nynex = getenv("UPCURVED_JUNCTION"); heteromorphae_vetiveria = ((int )(strlen(goosebone_nynex))); disdainfulness_allness = ((char *)(malloc(heteromorphae_vetiveria + 1))); memset(disdainfulness_allness,0,heteromorphae_vetiveria + 1); memcpy(disdainfulness_allness,goosebone_nynex,heteromorphae_vetiveria); mistetch_monobromized[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *domesticates_dolthead)))))))))))))))))))))))))))))))))))))))))))))))))] = disdainfulness_allness; purchased_whirlies = mistetch_monobromized[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *domesticates_dolthead)))))))))))))))))))))))))))))))))))))))))))))))))]; free(((char *)purchased_whirlies)); 0 --------------------------------- 9998 67723/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_12.cpp inputfunc 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 9999 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c inputfunc 170 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2Sink(data); static void goodB2G2Sink(char * data) SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 10000 199236/buffer_underrun_dynamic.c cppfunc 113 float *buf=(float*) calloc(5,sizeof(float)); buf[i]=1.0; free(buf); 0 --------------------------------- 10001 73710/CWE124_Buffer_Underwrite__CWE839_listen_socket_17.c cppfunc 188 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10002 153355/subtrans.c inputfunc 130 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&blurry_pyrographies,"UNQUALIFIABLE_BILLITON"); if (blurry_pyrographies != 0) {; 0 --------------------------------- 10003 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c cppfunc 210 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 10004 73640/CWE124_Buffer_Underwrite__CWE839_fgets_73.cpp cppfunc 97 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10005 70873/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_72.cpp cppfunc 157 void badSink(vector dataVector) char * data = dataVector[2]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10006 153573/bss_file.c cppfunc 128 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10007 153573/bss_file.c cppfunc 124 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10008 153074/utils.c cppfunc 4808 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; sid = (strtol(spec + 1,&endptr,0)); 0 --------------------------------- 10009 72085/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_06.c cppfunc 97 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 10010 67736/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_41.cpp cppfunc 261 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10011 153555/utf.c cppfunc 1116 void overserenely_rijksdaaler(char *superseaman_theriomorphosis) dietist_lovevine(superseaman_theriomorphosis); void dietist_lovevine(char *palliated_aquamanilia) free(((char *)palliated_aquamanilia)); 0 --------------------------------- 10012 153197/color.c cppfunc 353 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 10013 153197/color.c cppfunc 351 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 10014 67318/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_15.c cppfunc 66 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10015 73703/CWE124_Buffer_Underwrite__CWE839_listen_socket_10.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10016 70412/CWE122_Heap_Based_Buffer_Overflow__CWE135_13.c cppfunc 172 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 10017 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c cppfunc 53 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 10018 72800/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_01.c cppfunc 60 data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 10019 65435/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_04.c cppfunc 79 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 10020 62607/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_74.cpp cppfunc 45 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10021 72825/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_42.c cppfunc 72 data[0] = '\0'; return data; data = goodG2BSource(data); strcat(data, source); printLine(data); free(data); 0 --------------------------------- 10022 69850/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_43.cpp cppfunc 65 data = (int *)malloc(10*sizeof(int)); memcpy(data, source, 10*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 10023 153491/stream.c cppfunc 106 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10024 153314/color.c cppfunc 362 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10025 153084/stream.c cppfunc 127 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10026 153030/avpacket.c cppfunc 71 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10027 153084/stream.c cppfunc 123 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10028 72454/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_66.c cppfunc 144 data[50-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10029 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82a.cpp inputfunc 38 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; baseObject->action(data); virtual void action(char * data) = 0; 0 --------------------------------- 10030 73001/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_10.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 10031 153582/avfilter.c cppfunc 61 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10032 153504/e_bf.c cppfunc 280 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int dutchy_muscle = 91; char *beadings_piranhas;; stonesoup_read_taint(&beadings_piranhas,"7594",dutchy_muscle); mcevoy_begartered = ((void *)beadings_piranhas); featherwood_arbitratorship = 1; propos_unstainableness = &mcevoy_begartered; boeke_wadi = ((void **)(((unsigned long )propos_unstainableness) * featherwood_arbitratorship * featherwood_arbitratorship)) + 5; free(((char *)((char *)( *(boeke_wadi - 5))))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&beadings_piranhas,"7594",dutchy_muscle); mcevoy_begartered = ((void *)beadings_piranhas); propos_unstainableness = &mcevoy_begartered; boeke_wadi = ((void **)(((unsigned long )propos_unstainableness) * featherwood_arbitratorship * featherwood_arbitratorship)) + 5; free(((char *)((char *)( *(boeke_wadi - 5))))); 0 --------------------------------- 10033 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c cppfunc 346 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 10034 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c cppfunc 349 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 10035 153749/color.c cppfunc 324 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 10036 153691/avdevice.c cppfunc 35 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10037 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c cppfunc 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 10038 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c cppfunc 144 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 10039 72982/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_66.c cppfunc 127 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10040 67602/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_62.cpp cppfunc 242 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10041 62991/CWE121_Stack_Based_Buffer_Overflow__CWE135_74.cpp cppfunc 184 void goodG2BSink(map dataMap) void * data = dataMap[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 10042 70645/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_06.c cppfunc 421 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10043 67414/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_15.c cppfunc 88 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10044 153307/color.c cppfunc 344 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 10045 69210/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_11.cpp cppfunc 96 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 10046 1303/mime2-bad.c cppfunc 172 c2 = fgetc(e->e_dfp); c3 = fgetc(e->e_dfp); c4 = fgetc(e->e_dfp); while ((c1 = fgetc(e->e_dfp)) != EOF) if (isascii(c1) && isspace(c1)) 0 --------------------------------- 10047 67403/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_04.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10048 153242/e_camellia.c cppfunc 612 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *phenoquinone_gravamem) successionist_shrubby = ((int )(strlen(phenoquinone_gravamem))); memcpy(shieldmaker_mariya,phenoquinone_gravamem,successionist_shrubby); free(((char *)phenoquinone_gravamem)); 0 --------------------------------- 10049 153242/e_camellia.c cppfunc 618 jmp_buf ihs_prediminish; uniforms_opsigamy = setjmp(ihs_prediminish); longjmp(ihs_prediminish,1); 0 --------------------------------- 10050 72712/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_09.c cppfunc 69 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 10051 153267/stream.c cppfunc 106 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10052 199234/buffer_overrun_dynamic.c cppfunc 154 int **buf = (int**) calloc(5,sizeof(int*)); buf[i]=(int*) calloc(5,sizeof(int)); for(i=0;i<5;i++) for(j=0;j<5;j++) *(*(buf+i)+j)=i; free(buf[i]); free(buf); 0 --------------------------------- 10053 72802/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_03.c cppfunc 71 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 10054 152892/oids.c cppfunc 118 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10055 70668/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_45.c cppfunc 112 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10056 72149/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_32.c cppfunc 46 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 10057 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c cppfunc 34 data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_badSource(data); badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10058 73010/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_21.c cppfunc 115 data = (char *)malloc(100*sizeof(char)); data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 10059 153303/utils.c cppfunc 110 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10060 66528/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_09.c cppfunc 82 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10061 66253/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_32.c cppfunc 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10062 70409/CWE122_Heap_Based_Buffer_Overflow__CWE135_10.c cppfunc 144 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 10063 153760/aviobuf.c cppfunc 83 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10064 153048/pmsignal.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10065 62748/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_68.c cppfunc 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10066 153037/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 10067 152921/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10068 70743/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_08.c cppfunc 84 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10069 79415/CWE134_Uncontrolled_Format_String__char_console_fprintf_51.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_51b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_51b_badSink(char * data); 0 --------------------------------- 10070 67741/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_51.cpp cppfunc 182 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10071 110389/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_51.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10072 153077/file_wrappers.c cppfunc 937 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *episternal_larcenist; stonesoup_read_taint(&episternal_larcenist,"HECATE_AMENABLE"); chawed_anarchs . malinvestment_garfish = episternal_larcenist; free(((char *)chawed_anarchs . malinvestment_garfish)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&episternal_larcenist,"HECATE_AMENABLE"); chawed_anarchs . malinvestment_garfish = episternal_larcenist; free(((char *)chawed_anarchs . malinvestment_garfish)); 0 --------------------------------- 10073 153128/avfilter.c cppfunc 72 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 10074 66270/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_66.c cppfunc 54 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10075 70882/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_03.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10076 67730/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_21.cpp cppfunc 240 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10077 110354/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_73.cpp cppfunc 226 void badSink(list dataList) int data = dataList.back(); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10078 153367/dirent_uri.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10079 70515/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22.c cppfunc 74 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10080 70910/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52.c cppfunc 184 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52c_badSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10081 67745/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_61.cpp inputfunc 377 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 10082 153472/bss_file.c cppfunc 661 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *miliolite_nullity) familiarised_temperate = miliolite_nullity; scriptural_acetophenine[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *convoker_camletine)))))))))))))))))))))))))))))))))))))))))))))))))] = familiarised_temperate; petrovsk_upbrighten = scriptural_acetophenine[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *convoker_camletine)))))))))))))))))))))))))))))))))))))))))))))))))]; free(((char *)petrovsk_upbrighten)); 0 --------------------------------- 10083 72151/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_34.c cppfunc 48 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 10084 66288/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_09.c cppfunc 82 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10085 153296/timestamp.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10086 153480/bss_file.c cppfunc 143 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10087 72206/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52.c cppfunc 190 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52c_badSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 10088 152891/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10089 153123/tile-swap.c cppfunc 148 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10090 153123/tile-swap.c cppfunc 145 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10091 153123/tile-swap.c cppfunc 141 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10092 62592/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_45.c cppfunc 63 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10093 153631/color.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10094 66257/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_42.c cppfunc 53 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 10095 153100/color.c cppfunc 348 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10096 70677/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_65.c cppfunc 331 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10097 79457/CWE134_Uncontrolled_Format_String__char_console_printf_34.c inputfunc 45 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myUnion.unionFirst = data; 0 --------------------------------- 10098 153214/pgstat.c inputfunc 498 if (recv(pgStatSock,(&test_byte),1,0) != 1) { test_byte++; if (test_byte != ((char )199)) { 0 --------------------------------- 10099 199276/invalid_memory_access.c cppfunc 278 invalid_memory_access_009_uni_001 *u = (invalid_memory_access_009_uni_001 * )malloc(5*sizeof( invalid_memory_access_009_uni_001 )); u->s1 = (invalid_memory_access_009_s_001 *) malloc(sizeof(invalid_memory_access_009_s_001)); u->s1->a = (int *) malloc(5*sizeof(int)); free(u->s1->a); free(u->s1); free(u); 0 --------------------------------- 10100 1301/main.c cppfunc 76 int main(int argc, char **argv){ temp = fopen (argv[1], "r"); assert (temp != NULL); 0 --------------------------------- 10101 152882/subtrans.c cppfunc 104 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10102 72856/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_09.c cppfunc 93 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10103 153390/hashfn.c cppfunc 66 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 10104 70430/CWE122_Heap_Based_Buffer_Overflow__CWE135_52.c cppfunc 231 void CWE122_Heap_Based_Buffer_Overflow__CWE135_52b_goodB2GSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_52c_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_52c_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 10105 66293/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_14.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10106 148828/Element.cpp cppfunc 1210 PassRefPtr Element::removeAttributeNode(Attr* attr, ExceptionCode& ec) if (attr->ownerElement() != this) { if (document() != attr->document()) { NamedNodeMap* attrs = attributes(true); return static_pointer_cast(attrs->removeNamedItem(attr->qualifiedName(), ec)); 0 --------------------------------- 10107 153098/main_statusbar.c cppfunc 133 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10108 153098/main_statusbar.c cppfunc 137 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10109 152869/conversation.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10110 79425/CWE134_Uncontrolled_Format_String__char_console_fprintf_67.c inputfunc 104 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_67b_goodB2GSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_fprintf_67b_goodB2GSink(CWE134_Uncontrolled_Format_String__char_console_fprintf_67_structType myStruct) char * data = myStruct.structFirst; fprintf(stdout, "%s\n", data); 0 --------------------------------- 10111 152869/conversation.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10112 72852/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_05.c cppfunc 78 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10113 110677/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_51.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10114 67595/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_44.cpp cppfunc 69 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10115 153607/color.c cppfunc 380 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10116 153379/e_camellia.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10117 70454/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_07.c cppfunc 424 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10118 110470/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_15.c cppfunc 84 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10119 153440/color.c cppfunc 118 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10120 153079/cmdline.c cppfunc 210 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int greenings_mendaciousness = 53; char *reveller_commonest; stonesoup_read_taint(&reveller_commonest,"5788",greenings_mendaciousness); angelographer_cringer[20] = reveller_commonest; untactfulness_caen[5] = angelographer_cringer; trilaurin_autocorrelate = 5; linefeed_enables = &trilaurin_autocorrelate; tertius_sublation = *(untactfulness_caen + *linefeed_enables); free(((char *)tertius_sublation[20])); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&reveller_commonest,"5788",greenings_mendaciousness); angelographer_cringer[20] = reveller_commonest; untactfulness_caen[5] = angelographer_cringer; tertius_sublation = *(untactfulness_caen + *linefeed_enables); free(((char *)tertius_sublation[20])); 0 --------------------------------- 10121 66626/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_11.c cppfunc 66 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10122 71379/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22.c cppfunc 69 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_goodG2B1Source(data); strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 10123 72195/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22.c cppfunc 75 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_goodG2B1Source(data); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 10124 153441/oids.c cppfunc 124 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 10125 66329/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_02.c cppfunc 66 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10126 153082/config.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10127 153455/color.c cppfunc 357 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10128 72981/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_65.c cppfunc 142 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_65b_goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10129 72780/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_45.c cppfunc 68 data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_45_goodG2BData; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 10130 153270/dynahash.c cppfunc 242 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10131 69927/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_08.cpp cppfunc 107 data = new wchar_t[100]; data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 10132 153675/aviobuf.c cppfunc 82 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10133 72027/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_74.cpp cppfunc 171 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 10134 153787/dynahash.c cppfunc 1601 computerizing_infaust beryllonite_hexosamine = 0; va_list pyrolignous_myrrhis; __builtin_va_start(pyrolignous_myrrhis,posi_unimplicated); beryllonite_hexosamine = (va_arg(pyrolignous_myrrhis,computerizing_infaust )); free(((char *)beryllonite_hexosamine)); 0 --------------------------------- 10135 153619/resowner.c cppfunc 142 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10136 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c inputfunc 131 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 10137 152886/main_statusbar.c cppfunc 146 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10138 152886/main_statusbar.c cppfunc 143 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10139 72382/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_15.c cppfunc 76 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10140 70932/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_05.c cppfunc 99 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 10141 71450/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_73.cpp cppfunc 171 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 10142 72451/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_63.c cppfunc 120 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10143 110518/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_15.c cppfunc 205 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10144 153708/bss_file.c cppfunc 115 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10145 70435/CWE122_Heap_Based_Buffer_Overflow__CWE135_63.c cppfunc 179 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_63b_goodB2GSink(&data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_63b_goodB2GSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 10146 153112/utils.c cppfunc 4292 void av_url_split(char *proto,int proto_size,char *authorization,int authorization_size,char *hostname,int hostname_size,int *port_ptr,char *path,int path_size,const char *url) const char *at; const char *col; if (p = (strchr(url,':'))) { p++; p++; p++; ls = (strchr(p,'/')); ls2 = (strchr(p,63)); ls = ls2; ls = (ls > ls2?ls2 : ls); av_strlcpy(path,ls,path_size); ls = &p[strlen(p)]; while((at = (strchr(p,'@'))) && at < ls){ p = at + 1; while((at = (strchr(p,'@'))) && at < ls){ if (( *p) == '[' && (brk = (strchr(p,']'))) && brk < ls) { if ((col = (strchr(p,':'))) && col < ls) { *port_ptr = atoi(col + 1); 0 --------------------------------- 10147 153374/color.c cppfunc 368 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10148 66524/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_05.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10149 72430/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_15.c cppfunc 76 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10150 70777/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_72.cpp cppfunc 173 vector dataVector; data = (char *)malloc((10+1)*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10151 153818/tile.c cppfunc 56 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10152 72836/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_64.c cppfunc 124 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strcat(data, source); printLine(data); free(data); 0 --------------------------------- 10153 72730/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_43.cpp cppfunc 56 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 10154 153250/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_printf("%c\n", stonesoup_main_first_char); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10155 153714/bio_err.c cppfunc 108 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10156 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c inputfunc 90 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodB2G1_vasink(data, data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodB2G1_vasink(char * data, ...); 0 --------------------------------- 10157 153229/string.c cppfunc 1121 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *sardoin_dromond; stonesoup_read_taint(&sardoin_dromond,"MENDERES_SUNNING"); unpossessedness_estancias = ((int )(strlen(sardoin_dromond))); physocele_wakikis = ((char *)(malloc(unpossessedness_estancias + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&sardoin_dromond,"MENDERES_SUNNING"); unpossessedness_estancias = ((int )(strlen(sardoin_dromond))); physocele_wakikis = ((char *)(malloc(unpossessedness_estancias + 1))); 0 --------------------------------- 10158 72765/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_14.c cppfunc 73 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 10159 73044/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_05.c cppfunc 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 10160 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c inputfunc 44 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; funcPtr(data, data); 0 --------------------------------- 10161 70477/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_51.c cppfunc 334 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10162 110316/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_05.c cppfunc 186 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10163 153246/emem.c cppfunc 2033 talliating_magnetogram = snuffingly_mimbars(gibes_spuria); adamantine_betwine(talliating_magnetogram); void adamantine_betwine(void *theaceae_comminate) free(((char *)((char *)theaceae_comminate))); 0 --------------------------------- 10164 153344/utf.c cppfunc 125 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10165 153344/utf.c cppfunc 122 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10166 1295/iquery-bad.c cppfunc 181 int main(int argc, char **argv){ f = fopen (argv[1], "r"); assert(f!=NULL); 0 --------------------------------- 10167 72880/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54.c cppfunc 270 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54e_badSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10168 72801/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_02.c cppfunc 93 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 10169 153164/cmdline.c cppfunc 83 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10170 72370/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_03.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10171 110523/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22.c cppfunc 77 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22_goodG2B1Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10172 71466/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_11.c cppfunc 99 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 10173 72634/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_43.cpp cppfunc 29 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 10174 153164/cmdline.c cppfunc 1541 void yard_idiomaticalness(void **outsiders_bethumped) naphthosalol_millenist(outsiders_bethumped); void naphthosalol_millenist(void **royalties_templum) free(((char *)((char *)( *(royalties_templum - 5))))); 0 --------------------------------- 10175 153162/color.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10176 153162/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10177 153162/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10178 153264/types.c cppfunc 436 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *mamaroneck_agnominal;; stonesoup_read_taint(&mamaroneck_agnominal,"AYS_MOTE"); sthenias_subcompact[5] = mamaroneck_agnominal; pyrrhotist_precleaning = 5; uncensorable_empyrean = &pyrrhotist_precleaning; nobut_insurrectory = *(sthenias_subcompact + *uncensorable_empyrean); GLANDES_STHENIAS(nobut_insurrectory); void sallee_semidecussation(char *contaminates_unfenestral) free(((char *)contaminates_unfenestral)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&mamaroneck_agnominal,"AYS_MOTE"); sthenias_subcompact[5] = mamaroneck_agnominal; nobut_insurrectory = *(sthenias_subcompact + *uncensorable_empyrean); GLANDES_STHENIAS(nobut_insurrectory); 0 --------------------------------- 10179 72205/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_51.c cppfunc 153 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_51b_goodG2BSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 10180 69713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_61.cpp cppfunc 146 data = new wchar_t[100]; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 10181 153526/pgstat.c cppfunc 269 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10182 70851/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22.c cppfunc 72 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B1Source(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10183 70764/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_45.c cppfunc 66 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_45_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_45_goodG2BData; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10184 153502/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 10185 153580/pmsignal.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10186 152957/heapam.c cppfunc 137 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10187 79354/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_17.c cppfunc 251 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 10188 153182/color.c cppfunc 348 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10189 71593/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_72.cpp cppfunc 159 vector dataVector; data = (int64_t *)malloc(100*sizeof(int64_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int64_t * data = dataVector[2]; memcpy(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 0 --------------------------------- 10190 70541/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82a.cpp cppfunc 81 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10191 70410/CWE122_Heap_Based_Buffer_Overflow__CWE135_11.c cppfunc 144 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 10192 79473/CWE134_Uncontrolled_Format_String__char_console_printf_67.c inputfunc 47 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_printf_67b_badSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_printf_67b_badSink(CWE134_Uncontrolled_Format_String__char_console_printf_67_structType myStruct); 0 --------------------------------- 10193 153259/emem.c cppfunc 170 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10194 153259/emem.c cppfunc 179 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10195 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c cppfunc 388 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52c_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10196 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c cppfunc 281 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 10197 70996/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_31.c cppfunc 66 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t * dataCopy = data; wchar_t * data = dataCopy; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10198 69206/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_07.cpp cppfunc 101 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 10199 153236/dynahash.c cppfunc 243 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10200 153104/color.c cppfunc 118 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10201 63444/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_13.c cppfunc 94 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 10202 70451/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_04.c cppfunc 242 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10203 153017/cryptlib.c cppfunc 187 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10204 110547/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_74.cpp cppfunc 239 void badSink(map dataMap) int data = dataMap[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10205 149126/heap_overflow_cplx-good.c cppfunc 47 unsigned int r; f = fopen("/dev/urandom", "rb"); if(fread(&r, sizeof r, 1, f) != 1) return r; unsigned length = getRand() % 50 - 1; char *t = malloc((length + 1) * sizeof(char)); 0 --------------------------------- 10206 70448/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_01.c cppfunc 256 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10207 73072/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54.c cppfunc 268 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54e_badSink(char * data) strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 10208 153699/cmdline.c cppfunc 1108 e = (getenv("SVN_EDITOR")); svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); e = (getenv("VISUAL")); e = (getenv("EDITOR")); e = "/usr/bin/vi"; *editor = e; const char **tmpfile_left,const char *editor_cmd, const svn_string_t *contents,const char *filename,apr_hash_t *config,svn_boolean_t as_text,const char *encoding,apr_pool_t *pool) const char *editor; const char *tmpfile_native; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); svn_error_t *svn_err__temp = svn_subst_translate_cstring2(contents -> data,&translated,"\n",0,((void *)0),0,pool); translated_contents = svn_string_create_empty(pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8_ex2(&translated_contents -> data,translated,encoding,pool); svn_error_t *svn_err__temp = svn_utf_cstring_from_utf8(&translated_contents -> data,translated,pool); translated_contents = svn_string_dup(contents,pool); apr_err = apr_filepath_get(&old_cwd,0x10,pool); apr_err = apr_filepath_set(base_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); svn_error_t *svn_err__temp = svn_io_temp_dir(&base_dir,pool); svn_error_t *svn_err__temp = svn_path_cstring_from_utf8(&temp_dir_apr,base_dir,pool); apr_err = apr_filepath_set(temp_dir_apr,pool); err = svn_io_open_uniquely_named(&tmp_file,&tmpfile_name,"",filename,".tmp",svn_io_file_del_none,pool,pool); err = svn_path_cstring_from_utf8(&tmpfile_apr,tmpfile_name,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x10,pool); apr_file_mtime_set(tmpfile_apr,finfo_before . mtime - 2000,pool); apr_err = apr_stat(&finfo_before,tmpfile_apr,0x00000010 | 0x00000100,pool); err = svn_utf_cstring_from_utf8(&tmpfile_native,tmpfile_name,pool); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); 0 --------------------------------- 10209 70527/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53.c cppfunc 347 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10210 153022/cmdutils.c cppfunc 809 void parse_loglevel(int argc,char **argv,const OptionDef *options) int idx = locate_option(argc,argv,options,"loglevel"); int locate_option(int argc,char **argv,const OptionDef *options,const char *optname) idx = locate_option(argc,argv,options,"v"); opt_loglevel(((void *)0),"loglevel",argv[idx + 1]); int opt_loglevel(void *optctx,const char *opt,const char *arg) char *tail; if (!strcmp(log_levels[i] . name,arg)) { level = (strtol(arg,&tail,'\n')); 0 --------------------------------- 10211 153459/file_wrappers.c cppfunc 99 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10212 153169/e_bf.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10213 70967/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67.c cppfunc 142 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 10214 72854/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_07.c cppfunc 77 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10215 70481/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_61.c cppfunc 151 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10216 66860/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_73.cpp cppfunc 151 void badSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 10217 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c inputfunc 85 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 10218 66539/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22.c cppfunc 194 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22_goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 10219 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c cppfunc 198 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 10220 152989/aviobuf.c cppfunc 78 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 10221 73356/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_62.cpp cppfunc 53 data = NULL; goodG2BSource(data); void goodG2BSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(sizeof(*data)); data->intOne = 1; data->intTwo = 2; void goodG2BSource(twoIntsStruct * &data) goodG2BSource(data); printStructLine(data); free(data); 0 --------------------------------- 10222 72758/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_07.c cppfunc 79 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 10223 63802/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_11.c cppfunc 97 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 10224 72290/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_21.c cppfunc 90 data = (char *)malloc(100*sizeof(char)); data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10225 153187/cmdline.c inputfunc 857 e = (getenv("EDITOR")); if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 10226 153187/cmdline.c inputfunc 854 e = (getenv("VISUAL")); if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 10227 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c inputfunc 152 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G2Sink(data); static void goodB2G2Sink(char * data) fprintf(stdout, "%s\n", data); 0 --------------------------------- 10228 72189/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_14.c cppfunc 77 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 10229 152910/bufmgr.c cppfunc 110 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10230 70965/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_65.c cppfunc 131 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_65b_badSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 10231 67310/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_07.c cppfunc 66 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10232 71866/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_43.cpp cppfunc 83 data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); static void goodG2BSource(twoIntsStruct * &data) data = NULL; goodG2BSource(data); memcpy(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 10233 152948/mutex.c cppfunc 50 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10234 152948/mutex.c cppfunc 54 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10235 152948/mutex.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10236 70946/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_21.c cppfunc 93 data = (char *)malloc((10+1)*sizeof(char)); return data; data = NULL; data = goodG2B1Source(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); static char * goodG2B1Source(char * data) return data; data = goodG2B1Source(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 10237 153142/tile.c cppfunc 57 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10238 153181/mux.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10239 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_54b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54b_goodB2GSink(char * data); 0 --------------------------------- 10240 153212/utils.c cppfunc 4746 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; spec += 2; prog_id = (strtol(spec,&endptr,0)); 0 --------------------------------- 10241 70771/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_63.c cppfunc 144 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10242 79426/CWE134_Uncontrolled_Format_String__char_console_fprintf_68.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_68_goodB2GData = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_68b_goodB2GSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_fprintf_68_goodB2GData; fprintf(stdout, "%s\n", data); 0 --------------------------------- 10243 67309/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_06.c cppfunc 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10244 70452/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_05.c cppfunc 383 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10245 153570/utf.c cppfunc 159 int untuneably_clemclemalats = 91; stonesoup_read_taint(&unsystematised_inversions,"3851",untuneably_clemclemalats); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 10246 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c cppfunc 150 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 10247 153385/portalmem.c cppfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10248 70483/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_63.c cppfunc 366 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10249 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c inputfunc 143 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; *dataPtr1 = data; 0 --------------------------------- 10250 66250/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_21.c cppfunc 100 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 10251 72186/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_11.c cppfunc 99 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 10252 72711/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_08.c cppfunc 83 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 10253 153689/tile-manager.c cppfunc 982 void trivoltine_unrailed(const finky_lycian okthabah_hygroma) overpolitic_hyper(schizomanic_castoffs,okthabah_hygroma); void overpolitic_hyper(int philanthidae_connoissance,finky_lycian conglomerator_reweaves) overpolitic_hyper(philanthidae_connoissance,conglomerator_reweaves); free(((char *)((finky_lycian )conglomerator_reweaves))); 0 --------------------------------- 10254 153770/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10255 70661/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_32.c cppfunc 198 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10256 153507/color.c cppfunc 90 stonesoup_printf("strings are equal\n"); stonesoup_printf("strings are not equal\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10257 153507/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10258 72217/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_72.cpp cppfunc 156 void badSink(vector dataVector) wchar_t * data = dataVector[2]; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 10259 153545/main_filter_toolbar.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10260 153447/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10261 71206/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_66.c cppfunc 152 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 10262 70893/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_14.c cppfunc 72 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10263 70750/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_15.c cppfunc 77 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10264 73695/CWE124_Buffer_Underwrite__CWE839_listen_socket_02.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10265 110818/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_43.cpp cppfunc 77 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10266 153436/mux.c cppfunc 98 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10267 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c inputfunc 91 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 10268 62964/CWE121_Stack_Based_Buffer_Overflow__CWE135_17.c cppfunc 73 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 10269 62964/CWE121_Stack_Based_Buffer_Overflow__CWE135_17.c cppfunc 70 data = NULL; data = (void *)WIDE_STRING; memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 10270 70449/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_02.c cppfunc 377 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10271 72789/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_65.c cppfunc 150 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_65b_goodG2BSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 10272 70677/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_65.c cppfunc 394 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10273 153217/gimpdisplay.c cppfunc 116 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10274 153688/column.c cppfunc 108 stonesoup_read_taint(&hygrophyte_exobasidium,"CYBELE_ATTRITIVE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 10275 69746/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_21.cpp cppfunc 76 data = new wchar_t[100]; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 10276 79421/CWE134_Uncontrolled_Format_String__char_console_fprintf_63.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_63b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_63b_badSink(char * * dataPtr); CWE134_Uncontrolled_Format_String__char_console_fprintf_63b_badSink(&data); 0 --------------------------------- 10277 62722/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_15.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10278 79365/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_44.c cppfunc 177 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 10279 72339/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22.c cppfunc 67 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_goodG2B1Source(data); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10280 66569/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_02.c cppfunc 61 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10281 153668/error.c inputfunc 137 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&trustlessly_gogglers,"ANGIASTHENIA_SPLENATROPHY"); if (trustlessly_gogglers != 0) {; 0 --------------------------------- 10282 67727/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_16.cpp inputfunc 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 10283 153257/mem_dbg.c cppfunc 232 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10284 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c cppfunc 45 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 10285 67423/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_34.c cppfunc 62 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10286 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c cppfunc 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; strcpy(data, "fixedstringtest"); badVaSinkG(data, data); static void badVaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 10287 66285/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_06.c cppfunc 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10288 66129/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_72.cpp cppfunc 170 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; dataLen = wcslen(data); 0 --------------------------------- 10289 72980/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_64.c cppfunc 146 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10290 67485/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_02.c cppfunc 96 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 10291 153787/dynahash.c cppfunc 256 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10292 66289/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_10.c cppfunc 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10293 153787/dynahash.c cppfunc 259 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10294 62743/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_63.c cppfunc 179 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10295 152970/color.c cppfunc 636 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *ecclesiasticus_restibrachium; stonesoup_read_taint(&ecclesiasticus_restibrachium,"DANIELLE_BRUSHBALL"); free(((char *)ecclesiasticus_restibrachium)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&ecclesiasticus_restibrachium,"DANIELLE_BRUSHBALL"); free(((char *)ecclesiasticus_restibrachium)); 0 --------------------------------- 10296 72321/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_02.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10297 67594/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_43.cpp cppfunc 131 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10298 66538/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_21.c cppfunc 72 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 10299 72355/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_63.c cppfunc 120 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_63b_badSink(char * * dataPtr) char * data = *dataPtr; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10300 153022/cmdutils.c cppfunc 114 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10301 153557/conversation.c cppfunc 121 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10302 152998/string.c cppfunc 78 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10303 72953/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_10.c cppfunc 71 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10304 66613/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_82a.cpp cppfunc 49 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10305 153638/oids.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10306 153393/pgstat.c inputfunc 483 if (recv(pgStatSock,(&test_byte),1,0) != 1) { test_byte++; if (test_byte != ((char )199)) { 0 --------------------------------- 10307 149112/fmt_string_local_container-good.c inputfunc 24 int main(int argc, char *argv[]) if (argc > 1) { strncpy(container.fmt, argv[1],MAX_SIZE-1); 0 --------------------------------- 10308 153391/ffmpeg.c cppfunc 387 signal(3,sigterm_handler); signal(2,sigterm_handler); signal(15,sigterm_handler); signal(24,sigterm_handler); 0 --------------------------------- 10309 72296/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_41.c cppfunc 57 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_41_goodG2BSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10310 110807/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_16.cpp cppfunc 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10311 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c cppfunc 150 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 10312 152970/color.c cppfunc 383 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10313 69219/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_22.cpp cppfunc 96 data = NULL; data[0] = L'\0'; return data; data = goodG2B2Source(data); wchar_t * goodG2B2Source(wchar_t * data) return data; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 10314 71423/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_16.c cppfunc 70 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 10315 153179/config_file.c cppfunc 95 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10316 153179/config_file.c cppfunc 99 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10317 72147/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22.c cppfunc 71 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 10318 153419/avfilter.c inputfunc 102 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&bakers_countersurprise,"TRAYLIKE_FOOTINGS"); if (bakers_countersurprise != 0) {; misadvantage_nontemporal[ *cambogia_leku] = bakers_countersurprise; muzz_inferiors = misadvantage_nontemporal[ *cambogia_leku]; bibliomancy_delftware = ((char *)muzz_inferiors); stonesoup_my_buff_size = ((int )(strlen(bibliomancy_delftware))); for (; stonesoup_ss_i < stonesoup_my_buff_size; ++stonesoup_ss_i){ if (muzz_inferiors != 0) free(((char *)muzz_inferiors)); 0 --------------------------------- 10319 153683/tile.c cppfunc 63 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10320 153819/color.c cppfunc 90 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10321 153819/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10322 70837/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_06.c cppfunc 96 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10323 70772/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_64.c cppfunc 150 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10324 73698/CWE124_Buffer_Underwrite__CWE839_listen_socket_05.c cppfunc 86 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10325 72776/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_41.c cppfunc 61 data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_41_goodG2BSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 10326 71437/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_51.c cppfunc 143 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 10327 153167/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10328 153005/ffmpeg.c cppfunc 217 struct hebr_toddite circumambiency_billiards = {0}; va_list archegone_mosel; __builtin_va_start(archegone_mosel,adamski_alcanna); circumambiency_billiards = (va_arg(archegone_mosel,struct hebr_toddite )); feedwater_impersonates = ((char *)circumambiency_billiards . daybeam_cantillation); stonesoup_buffer = malloc((strlen(feedwater_impersonates) + 1) * sizeof(char )); strcpy(stonesoup_buffer,feedwater_impersonates); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 10329 71410/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_03.c cppfunc 96 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 10330 153167/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10331 66303/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_34.c cppfunc 63 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10332 153799/conf_mod.c cppfunc 138 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10333 153373/color.c cppfunc 605 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *dia_cherbourg; stonesoup_read_taint(&dia_cherbourg,"WORDISHLY_GROUSY"); free(((char *)dia_cherbourg)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&dia_cherbourg,"WORDISHLY_GROUSY"); free(((char *)dia_cherbourg)); 0 --------------------------------- 10334 67304/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_01.c cppfunc 50 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10335 70519/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_34.c cppfunc 42 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10336 153566/color.c cppfunc 346 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 10337 148881/packet-http.c cppfunc 2020 process_header(tvbuff_t *tvb, int offset, int next_offset, const guchar *line, int linelen, int colon_offset, line_end_offset = offset + linelen; header_name = se_strndup(&line[0], header_len); value = ep_strndup(&line[value_offset - offset], value_len); value_offset = colon_offset + 1; value_offset++; value_len = line_end_offset - value_offset; value = ep_strndup(&line[value_offset - offset], value_len); tmp=strtol(value, NULL, 10); value, "%s", format_text(line, len)); c = value[i]; if (c == ';' || isspace(c)) { 0 --------------------------------- 10338 153526/pgstat.c inputfunc 3278 if (fread((&format_id),1,sizeof(format_id),fpin) != sizeof(format_id) || format_id != 0x01A5BC9A) { if (fread((&globalStats),1,sizeof(globalStats),fpin) != sizeof(globalStats)) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { tabentry = ((PgStat_StatTabEntry *)(hash_search(tabhash,((void *)(&tabbuf . tableid)),HASH_ENTER,&found))); memcpy(tabentry,(&tabbuf),sizeof(tabbuf)); if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 10339 153799/conf_mod.c cppfunc 795 void outrail_resiliences(char **sepion_paragraphically) uptuck_obscures(sepion_paragraphically); void uptuck_obscures(char **pharyngitic_knowledgably) free(((char *)pharyngitic_knowledgably[59])); 0 --------------------------------- 10340 72945/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_02.c cppfunc 71 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10341 63442/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_11.c cppfunc 94 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 10342 73695/CWE124_Buffer_Underwrite__CWE839_listen_socket_02.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10343 153470/mutex.c cppfunc 64 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10344 153470/mutex.c cppfunc 67 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10345 153470/mutex.c cppfunc 60 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10346 66629/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_14.c cppfunc 86 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10347 72946/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_03.c cppfunc 93 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10348 153337/img2.c cppfunc 58 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10349 153736/types.c cppfunc 98 int unchauvinistic_cornmuse = 596; stonesoup_read_taint(&truckie_undreadful,"2634",unchauvinistic_cornmuse); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 10350 153612/tile-swap.c cppfunc 123 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10351 153818/tile.c cppfunc 123 stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); 0 --------------------------------- 10352 153793/color.c cppfunc 393 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10353 153534/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 10354 152922/column.c cppfunc 54 stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10355 152918/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10356 79521/CWE134_Uncontrolled_Format_String__char_console_snprintf_67.c inputfunc 110 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_67b_goodB2GSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_snprintf_67b_goodB2GSink(CWE134_Uncontrolled_Format_String__char_console_snprintf_67_structType myStruct) char * data = myStruct.structFirst; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 10357 153690/gimpviewable.c inputfunc 82 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&sesser_oversecretion,"9576",unharmonious_toast); stonesoup_fp = stonesoup_switch_func(unazotized_unbeseeming); stonesoup_printf("strings are equal\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strings are equal\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 10358 67312/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_09.c cppfunc 80 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10359 153584/pmsignal.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10360 153450/oids.c cppfunc 1357 debatter_suppertime = getenv("TRANSGRESSED_SULFONAL"); laicity_akutagawa = ((int )(strlen(debatter_suppertime))); waki_fritillaria = ((char *)(malloc(laicity_akutagawa + 1))); memset(waki_fritillaria,0,laicity_akutagawa + 1); memcpy(waki_fritillaria,debatter_suppertime,laicity_akutagawa); explorational_micropterygidae(waki_fritillaria); void explorational_micropterygidae(char *const pregladness_enseating) free(((char *)((char *)pregladness_enseating))); 0 --------------------------------- 10361 153584/pmsignal.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10362 153450/oids.c cppfunc 1352 void stonesoup_printf(char * format, ...) { stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 10363 153584/pmsignal.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10364 153307/color.c cppfunc 90 stonesoup_printf("%s\n",stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10365 71198/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52.c cppfunc 201 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52c_goodG2BSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 10366 72026/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_73.cpp cppfunc 171 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 10367 73716/CWE124_Buffer_Underwrite__CWE839_listen_socket_33.cpp cppfunc 220 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10368 72458/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_73.cpp cppfunc 167 list dataList; data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10369 153253/color.c cppfunc 352 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10370 71499/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_74.cpp cppfunc 156 void badSink(map dataMap) char * data = dataMap[2]; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 10371 72406/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_66.c cppfunc 126 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10372 153009/utils.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10373 153009/utils.c cppfunc 83 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10374 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c cppfunc 115 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 10375 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c cppfunc 112 data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GSink(data); static void goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10376 62714/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_07.c cppfunc 191 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10377 71016/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68.c cppfunc 155 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68b_goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68_goodG2BData; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10378 66251/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22.c cppfunc 194 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22_goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 10379 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c inputfunc 100 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_goodB2GData = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_68b_goodB2GSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_goodB2GData; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10380 70750/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_15.c cppfunc 102 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10381 72855/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_08.c cppfunc 85 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10382 66283/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_04.c cppfunc 68 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10383 153486/bufmgr.c cppfunc 140 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10384 62591/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_44.c cppfunc 146 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10385 71173/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_06.c cppfunc 96 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 10386 67317/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_14.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10387 153426/e_bf.c cppfunc 242 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int skylights_diapophysis = 596; char *radiosonde_farrel;; stonesoup_read_taint(&radiosonde_farrel,"2332",skylights_diapophysis); upswings_pugnaciousness = ((int )(strlen(radiosonde_farrel))); sejm_moderately = ((char *)(malloc(upswings_pugnaciousness + 1))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&radiosonde_farrel,"2332",skylights_diapophysis); upswings_pugnaciousness = ((int )(strlen(radiosonde_farrel))); sejm_moderately = ((char *)(malloc(upswings_pugnaciousness + 1))); 0 --------------------------------- 10388 67305/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_02.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10389 70776/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68.c cppfunc 155 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68b_goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68_goodG2BData; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10390 66346/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_21.c cppfunc 104 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 10391 67405/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_06.c cppfunc 84 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10392 67735/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_34.cpp inputfunc 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 10393 153732/color.c cppfunc 358 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 10394 153732/color.c cppfunc 356 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 10395 79470/CWE134_Uncontrolled_Format_String__char_console_printf_64.c inputfunc 94 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_64b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_printf_64b_goodB2GSink(void * dataVoidPtr) CWE134_Uncontrolled_Format_String__char_console_printf_64b_goodB2GSink(&data); char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); printf("%s\n", data); 0 --------------------------------- 10396 153450/oids.c cppfunc 121 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10397 153744/types.c cppfunc 107 svn_error_t *svn_revnum_parse(svn_revnum_t *rev,const char *str,const char **endptr) char *end; svn_revnum_t result = strtol(str,&end,10); 0 --------------------------------- 10398 153377/emem.c cppfunc 171 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10399 67594/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_43.cpp cppfunc 35 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10400 110510/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_07.c cppfunc 198 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10401 153104/color.c cppfunc 363 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 10402 153104/color.c cppfunc 365 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 10403 110472/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_17.c cppfunc 74 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10404 153576/color.c cppfunc 364 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 10405 153576/color.c cppfunc 362 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 10406 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c inputfunc 109 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 10407 153446/main_statusbar.c cppfunc 147 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10408 153446/main_statusbar.c cppfunc 145 stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10409 66632/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_17.c cppfunc 63 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 10410 71449/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_72.cpp cppfunc 171 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 10411 72426/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_11.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10412 152913/eng_lib.c cppfunc 74 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10413 110347/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_63.c cppfunc 219 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_63b_badSink(int * dataPtr) int data = *dataPtr; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10414 72819/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22.c cppfunc 69 data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_goodG2B1Source(data); strcat(data, source); printLine(data); free(data); 0 --------------------------------- 10415 153544/color.c cppfunc 359 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10416 153774/eng_table.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10417 66621/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_06.c cppfunc 41 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10418 153422/color.c cppfunc 335 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 10419 153422/color.c cppfunc 337 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 10420 70918/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_66.c cppfunc 152 data = (char *)malloc((10+1)*sizeof(char)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10421 70532/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64.c cppfunc 178 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10422 153039/bufmgr.c cppfunc 1086 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *unmythical_tyrannisingly; stonesoup_read_taint(&unmythical_tyrannisingly,"UNLEARNABLENESS_AMERINDIAN"); unsimulating_pharyngoxerosis = ((int )(strlen(unmythical_tyrannisingly))); insectary_rightly = ((char *)(malloc(unsimulating_pharyngoxerosis + 1))); memset(insectary_rightly,0,unsimulating_pharyngoxerosis + 1); memcpy(insectary_rightly,unmythical_tyrannisingly,unsimulating_pharyngoxerosis); photophonic_retool[5] = insectary_rightly; cwo_nappier = 5; driers_neuromyelitis = &cwo_nappier; interstellar_elfins = *(photophonic_retool + *driers_neuromyelitis); free(((char *)interstellar_elfins)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&unmythical_tyrannisingly,"UNLEARNABLENESS_AMERINDIAN"); unsimulating_pharyngoxerosis = ((int )(strlen(unmythical_tyrannisingly))); memcpy(insectary_rightly,unmythical_tyrannisingly,unsimulating_pharyngoxerosis); photophonic_retool[5] = insectary_rightly; interstellar_elfins = *(photophonic_retool + *driers_neuromyelitis); free(((char *)interstellar_elfins)); 0 --------------------------------- 10423 199254/double_free.c cppfunc 155 char* ptr= (char*) malloc(sizeof(char)); free(ptr); free(ptr); 0 --------------------------------- 10424 71200/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54.c cppfunc 292 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54e_badSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 10425 153262/color.c cppfunc 120 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10426 153786/dynahash.c cppfunc 250 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10427 70520/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_41.c cppfunc 159 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10428 70520/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_41.c inputfunc 156 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); goodB2GSink(data); static void goodB2GSink(int data) if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 10429 71106/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_62.cpp cppfunc 67 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 10430 152967/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 10431 72882/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_62.cpp cppfunc 64 data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10432 70935/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_08.c cppfunc 86 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 10433 153271/types.c cppfunc 288 jmp_buf skeery_cornupete; stravaiged_unminished = setjmp(skeery_cornupete); longjmp(skeery_cornupete,1); 0 --------------------------------- 10434 153299/bio_err.c cppfunc 109 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10435 79407/CWE134_Uncontrolled_Format_String__char_console_fprintf_32.c inputfunc 111 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; *dataPtr1 = data; 0 --------------------------------- 10436 63600/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_09.c cppfunc 75 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 10437 199276/invalid_memory_access.c cppfunc 189 float *buf1=(float*)calloc(5,sizeof(float)); float *buf2=(float*)calloc(5,sizeof(float)); buf2[0] = 10.0; free(buf2); 0 --------------------------------- 10438 153636/mux.c cppfunc 76 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10439 153029/color.c cppfunc 118 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(jenna_resicken)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10440 153633/bufmgr.c cppfunc 134 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 10441 153258/column.c cppfunc 84 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10442 153258/column.c cppfunc 82 stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10443 71929/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_72.cpp cppfunc 177 vector dataVector; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) twoIntsStruct * data = dataVector[2]; memmove(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 10444 152986/bio_err.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10445 72976/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54.c cppfunc 270 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54e_badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10446 153253/color.c cppfunc 592 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *hogmollies_connexional) free(((char *)hogmollies_connexional)); 0 --------------------------------- 10447 153405/main_filter_toolbar.c inputfunc 136 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&jaguarondi_pseudolarix,"SCRUNCHING_KLEPHTISM"); if (jaguarondi_pseudolarix != 0) {; photomurals_welf = ((int )(strlen(jaguarondi_pseudolarix))); grillage_communized = ((char *)(malloc(photomurals_welf + 1))); if (grillage_communized == 0) { memcpy(grillage_communized,jaguarondi_pseudolarix,photomurals_welf); if (jaguarondi_pseudolarix != 0) free(((char *)jaguarondi_pseudolarix)); 0 --------------------------------- 10448 62720/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_13.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10449 67416/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_17.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 10450 153163/color.c cppfunc 606 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int isolex_sanfo = 596; char *owlishly_ionospheres; stonesoup_read_taint(&owlishly_ionospheres,"6156",isolex_sanfo); free(((char *)owlishly_ionospheres)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&owlishly_ionospheres,"6156",isolex_sanfo); free(((char *)owlishly_ionospheres)); 0 --------------------------------- 10451 71154/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_62.cpp cppfunc 67 data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 10452 153815/stream.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10453 153104/color.c cppfunc 609 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *sauerkrauts_antisemitism; stonesoup_read_taint(&sauerkrauts_antisemitism,"DENNYSVILLE_PLEASING"); free(((char *)sauerkrauts_antisemitism)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&sauerkrauts_antisemitism,"DENNYSVILLE_PLEASING"); free(((char *)sauerkrauts_antisemitism)); 0 --------------------------------- 10454 67334/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_52.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10455 153209/avdevice.c cppfunc 42 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10456 67570/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_03.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10457 71013/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_65.c cppfunc 130 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_65b_badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10458 73069/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_51.c cppfunc 121 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_51b_badSink(char * data) strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 10459 72771/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22.c cppfunc 197 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 10460 153167/color.c cppfunc 605 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int episodical_creamcups = 105; char *lenthiel_inverters; stonesoup_read_taint(&lenthiel_inverters,"7982",episodical_creamcups); free(((char *)lenthiel_inverters)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&lenthiel_inverters,"7982",episodical_creamcups); free(((char *)lenthiel_inverters)); 0 --------------------------------- 10461 70506/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_11.c cppfunc 270 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10462 67507/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_06.c cppfunc 90 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 10463 72731/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_44.c cppfunc 61 static void goodG2BSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 10464 71176/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_09.c cppfunc 92 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 10465 66122/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_62.cpp cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); void badSource(wchar_t * &data); dataLen = wcslen(data); 0 --------------------------------- 10466 72133/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_06.c cppfunc 45 data[100-1] = L'\0'; printWLine(data); free(data); 0 --------------------------------- 10467 73639/CWE124_Buffer_Underwrite__CWE839_fgets_72.cpp cppfunc 97 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10468 153350/column-utils.c cppfunc 2208 void noncognizantly_monostich(char **overtorturing_tumps) spences_gutium(overtorturing_tumps); void spences_gutium(char **stationery_gryllotalpa) free(((char *)( *(stationery_gryllotalpa - 5)))); 0 --------------------------------- 10469 69214/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_15.cpp cppfunc 109 data = NULL; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 10470 153005/ffmpeg.c cppfunc 394 signal(3,sigterm_handler); signal(2,sigterm_handler); signal(15,sigterm_handler); signal(24,sigterm_handler); 0 --------------------------------- 10471 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c inputfunc 126 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodB2G2Sink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodB2G2Sink(char * data); 0 --------------------------------- 10472 72090/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_11.c cppfunc 93 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 10473 70541/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82_goodB2G.cpp cppfunc 49 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10474 72884/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_64.c cppfunc 146 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10475 71181/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_14.c cppfunc 72 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 10476 199236/buffer_underrun_dynamic.c cppfunc 155 int **buf = (int**) calloc(5,sizeof(int*)); buf[i]=(int*) calloc(5,sizeof(int)); for(i=0;i<5;i++) for(j=0;j<5;j++) *(*(buf+i)+j)=i; free(buf[i]); free(buf); 0 --------------------------------- 10477 66591/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_34.c cppfunc 63 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10478 70869/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_65.c cppfunc 131 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_65b_badSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10479 67733/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_32.cpp inputfunc 259 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 10480 153005/ffmpeg.c cppfunc 1018 fprintf(vstats_file,"PSNR= %6.2f ",psnr(enc -> coded_frame -> error[0] / ((enc -> width * enc -> height) * 255.0 * 255.0))); double error_sum = 0; double scale_sum = 0; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; scale_sum += scale; p = psnr(error / scale); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); error_sum += error; p = psnr(error_sum / scale_sum); 0 --------------------------------- 10481 110485/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_51.c cppfunc 123 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_51b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10482 153594/error.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10483 153468/utils.c cppfunc 4768 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; spec += 2; prog_id = (strtol(spec,&endptr,0)); 0 --------------------------------- 10484 72404/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_64.c cppfunc 123 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10485 66234/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_03.c cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10486 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c cppfunc 66 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 10487 62725/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_18.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10488 70654/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_15.c cppfunc 324 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10489 71355/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_74.cpp cppfunc 151 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 10490 153519/cmdline.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10491 199283/memory_allocation_failure.c cppfunc 605 double *ptr,b; ptr= (double*) malloc(10*sizeof(double)); free(ptr); 0 --------------------------------- 10492 72582/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_33.cpp cppfunc 68 wchar_t * &dataRef = data; wchar_t * data = dataRef; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 0 --------------------------------- 10493 153755/dirent_uri.c cppfunc 73 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10494 153647/aviobuf.c cppfunc 988 bassus_agrestian = getenv("PORPHYRIZED_AREAD"); foreprize_chiromegaly = ((int )(strlen(bassus_agrestian))); alcaldes_scevor = ((char *)(malloc(foreprize_chiromegaly + 1))); 0 --------------------------------- 10495 153042/color.c cppfunc 374 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10496 153762/oids.c cppfunc 114 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 10497 153538/tile-manager.c cppfunc 48 stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(uninvocative_stevensville)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10498 153321/column-utils.c cppfunc 76 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10499 153321/column-utils.c cppfunc 72 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10500 153321/column-utils.c cppfunc 79 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10501 152900/avdevice.c cppfunc 204 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int chloromycetin_updress = 40; char *pokorny_resiliate;; stonesoup_read_taint(&pokorny_resiliate,"3161",chloromycetin_updress); reconsoling_valours = ((int )(strlen(pokorny_resiliate))); memcpy(prefixing_halloween,pokorny_resiliate,reconsoling_valours); free(((char *)pokorny_resiliate)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&pokorny_resiliate,"3161",chloromycetin_updress); reconsoling_valours = ((int )(strlen(pokorny_resiliate))); memcpy(prefixing_halloween,pokorny_resiliate,reconsoling_valours); free(((char *)pokorny_resiliate)); 0 --------------------------------- 10502 71785/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_72.cpp cppfunc 159 vector dataVector; data = (int *)malloc(100*sizeof(int)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int * data = dataVector[2]; memmove(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 0 --------------------------------- 10503 66575/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_08.c cppfunc 45 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10504 110527/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_34.c cppfunc 170 CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_34_unionType myUnion; int data = myUnion.unionSecond; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10505 66636/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_31.c cppfunc 60 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10506 153100/color.c cppfunc 102 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10507 153100/color.c cppfunc 106 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10508 153208/e_camellia.c cppfunc 114 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10509 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c cppfunc 90 CWE134_Uncontrolled_Format_String__char_console_vfprintf_34_unionType myUnion; char * data = myUnion.unionSecond; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10510 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c cppfunc 93 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 10511 67724/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_13.cpp inputfunc 208 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 10512 153062/main_statusbar.c cppfunc 1091 void stonesoup_handle_taint(char *gurr_britzkas) nonpecuniary_amphichrome = ((int )(strlen(gurr_britzkas))); memcpy(lenotre_sentition,gurr_britzkas,nonpecuniary_amphichrome); free(((char *)gurr_britzkas)); 0 --------------------------------- 10513 153447/color.c cppfunc 581 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *asymtotic_interoceanic) free(((char *)asymtotic_interoceanic)); 0 --------------------------------- 10514 70503/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_08.c cppfunc 283 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10515 153395/color.c cppfunc 101 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10516 153299/bio_err.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10517 153057/file_wrappers.c cppfunc 127 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10518 153132/color.c cppfunc 386 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10519 66619/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_04.c cppfunc 44 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10520 71414/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_07.c cppfunc 102 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 10521 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c cppfunc 58 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 10522 67315/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_12.c cppfunc 68 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10523 110465/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_10.c cppfunc 77 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10524 67315/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_12.c cppfunc 62 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10525 153366/conf_mod.c cppfunc 135 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10526 153029/color.c cppfunc 358 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 10527 72176/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_01.c cppfunc 66 data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 10528 152878/color.c cppfunc 609 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *bipartisanism_surlier; stonesoup_read_taint(&bipartisanism_surlier,"TERNED_TORTUOUSNESS"); free(((char *)bipartisanism_surlier)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&bipartisanism_surlier,"TERNED_TORTUOUSNESS"); free(((char *)bipartisanism_surlier)); 0 --------------------------------- 10529 70957/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_51.c cppfunc 147 data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_51b_goodG2BSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 10530 153487/error.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10531 153088/mux.c cppfunc 104 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10532 72974/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52.c cppfunc 190 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52c_goodG2BSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10533 67714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_03.cpp cppfunc 195 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10534 66630/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_15.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10535 71398/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_66.c cppfunc 127 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; strncat(data, source, 100); printLine(data); free(data); 0 --------------------------------- 10536 71460/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_05.c cppfunc 106 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 10537 70405/CWE122_Heap_Based_Buffer_Overflow__CWE135_06.c cppfunc 177 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 10538 153292/config.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10539 71019/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_74.cpp cppfunc 156 void badSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10540 153144/avpacket.c cppfunc 443 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int moriform_cogener = 53; char *laccol_devotedly;; stonesoup_read_taint(&laccol_devotedly,"1979",moriform_cogener); gothish_saints = ((int )(strlen(laccol_devotedly))); memcpy(minidisks_disparpling,laccol_devotedly,gothish_saints); free(((char *)laccol_devotedly)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&laccol_devotedly,"1979",moriform_cogener); gothish_saints = ((int )(strlen(laccol_devotedly))); memcpy(minidisks_disparpling,laccol_devotedly,gothish_saints); free(((char *)laccol_devotedly)); 0 --------------------------------- 10541 71486/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52.c cppfunc 208 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52c_goodG2BSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 10542 153012/color.c cppfunc 117 stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10543 70768/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54.c cppfunc 307 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54e_goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10544 62715/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_08.c inputfunc 213 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 10545 153012/color.c cppfunc 119 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10546 67495/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12.c cppfunc 101 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 10547 153041/resowner.c cppfunc 170 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10548 70536/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68.c cppfunc 42 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10549 73002/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_11.c cppfunc 67 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 10550 153608/hashfn.c cppfunc 95 int eldon_autoeducative = 596; stonesoup_read_taint(&unretted_lowlinesses,"3503",eldon_autoeducative); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 10551 153631/color.c cppfunc 360 arg = split(colors,":",&n); c = split(arg[i],"=",&n); free(arg); char **split(char *str,char *delim,int *nwrds); free(arg); 0 --------------------------------- 10552 71172/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_05.c cppfunc 79 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 0 --------------------------------- 10553 153562/color.c cppfunc 122 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10554 153526/pgstat.c cppfunc 271 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10555 153243/main_filter_toolbar.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10556 63640/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_09.c cppfunc 94 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 10557 153490/tile-swap.c cppfunc 123 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10558 153004/tile-manager.c cppfunc 67 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10559 153005/ffmpeg.c cppfunc 3265 struct hebr_toddite circumambiency_billiards = {0}; va_list archegone_mosel; __builtin_va_start(archegone_mosel,adamski_alcanna); circumambiency_billiards = (va_arg(archegone_mosel,struct hebr_toddite )); free(((char *)circumambiency_billiards . daybeam_cantillation)); 0 --------------------------------- 10560 72373/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_06.c cppfunc 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10561 153774/eng_table.c cppfunc 319 piffero_qualificator = getenv("UNIQUEST_NONPHILOLOGIC"); vereeniging_milanville = ((int )(strlen(piffero_qualificator))); guildford_epicier = ((char *)(malloc(vereeniging_milanville + 1))); 0 --------------------------------- 10562 153106/config.c cppfunc 109 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10563 70677/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_65.c cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10564 153011/eng_table.c cppfunc 123 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10565 153011/eng_table.c cppfunc 120 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10566 71461/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_06.c cppfunc 103 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 10567 67725/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_14.cpp inputfunc 208 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 10568 70420/CWE122_Heap_Based_Buffer_Overflow__CWE135_31.c cppfunc 74 dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; void * dataCopy = data; void * data = dataCopy; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 10569 110523/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22.c cppfunc 102 data = -1; data = 20; return data; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22_goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); int CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22_goodG2B2Source(int data) return data; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22_goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10570 70511/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_16.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10571 152931/tile.c cppfunc 50 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10572 110328/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_17.c cppfunc 150 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10573 148966/strutil.c cppfunc 913 escape_string_len(const char *string) for (p = string; (c = *p) != '\0'; p++) { else if (!isprint((unsigned char)c)) { 0 --------------------------------- 10574 110371/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_12.c cppfunc 96 data = 20; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10575 153112/utils.c cppfunc 88 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 10576 72807/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_08.c cppfunc 107 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 10577 70678/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_66.c cppfunc 370 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10578 66309/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_51.c cppfunc 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10579 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c inputfunc 113 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 10580 70500/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_05.c cppfunc 276 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10581 149042/gen.c cppfunc 107 for (i = 0; i < NUM_RAND_ALLOCS; i++) { char text[80]; sprintf(text, "|OTHER-PRIVATE-CONFIDENTIAL-SECRET-MEMORY-%02d", i); pl = strlen(text) * 32 * (i+1); p = malloc(pl); 0 --------------------------------- 10582 72193/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_18.c cppfunc 70 data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 10583 153601/color.c cppfunc 376 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10584 153638/oids.c cppfunc 122 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10585 153638/oids.c cppfunc 124 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10586 153387/subtrans.c cppfunc 105 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10587 152976/column-utils.c cppfunc 2214 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int galaxias_replevy = 40; char *tashnakist_embolization;; stonesoup_read_taint(&tashnakist_embolization,"1959",galaxias_replevy); gerkin_horrorist(tashnakist_embolization); void gerkin_horrorist(char *const irradiations_personhood) free(((char *)((char *)irradiations_personhood))); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&tashnakist_embolization,"1959",galaxias_replevy); gerkin_horrorist(tashnakist_embolization); 0 --------------------------------- 10588 199275/invalid_memory_access.c cppfunc 103 buf = (char *) malloc (25 * sizeof(char)); strcpy(buf,"This is String"); free(buf); 0 --------------------------------- 10589 153264/types.c cppfunc 74 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10590 71338/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_43.cpp cppfunc 75 data[100-1] = '\0'; printLine(data); free(data); 0 --------------------------------- 10591 72118/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_66.c cppfunc 146 data[0] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 10592 152900/avdevice.c cppfunc 41 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10593 153109/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10594 153109/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10595 153513/utils.c cppfunc 4746 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; spec += 2; prog_id = (strtol(spec,&endptr,0)); 0 --------------------------------- 10596 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_52b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_52b_goodB2GSink(char * data); 0 --------------------------------- 10597 69740/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_13.cpp cppfunc 90 data = new wchar_t[100]; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 10598 153030/avpacket.c cppfunc 68 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10599 153112/utils.c cppfunc 4788 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; spec += 2; prog_id = (strtol(spec,&endptr,0)); 0 --------------------------------- 10600 153144/avpacket.c cppfunc 47 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10601 153417/resowner.c cppfunc 140 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10602 70413/CWE122_Heap_Based_Buffer_Overflow__CWE135_14.c cppfunc 111 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 10603 67429/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_51.c cppfunc 51 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10604 70643/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_04.c cppfunc 310 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10605 1756/write_what_where.c cppfunc 24 char buf1[MAXSIZE], buf2 [MAXSIZE], * p, * q, ch; q = buf2; free (q); 0 --------------------------------- 10606 62566/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_03.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10607 72964/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_31.c cppfunc 67 data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10608 73029/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_65.c cppfunc 138 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_65b_goodG2BSink(char * data) strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 10609 110402/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_73.cpp cppfunc 163 void badSink(list dataList) int data = dataList.back(); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10610 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c cppfunc 153 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 10611 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c cppfunc 150 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); char * dataCopy = data; char * data = dataCopy; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10612 70958/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52.c cppfunc 184 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52c_badSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 0 --------------------------------- 10613 153294/bufmgr.c cppfunc 122 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10614 153294/bufmgr.c cppfunc 129 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10615 153106/config.c cppfunc 82 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10616 70526/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52.c cppfunc 263 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10617 153433/resowner.c cppfunc 701 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *aquatints_tumbrils; stonesoup_read_taint(&aquatints_tumbrils,"WITTE_ANAEROPLASTY"); crass_pyroborate = ((int )(strlen(aquatints_tumbrils))); memcpy(adelomorphous_montparnasse,aquatints_tumbrils,crass_pyroborate); free(((char *)aquatints_tumbrils)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&aquatints_tumbrils,"WITTE_ANAEROPLASTY"); crass_pyroborate = ((int )(strlen(aquatints_tumbrils))); memcpy(adelomorphous_montparnasse,aquatints_tumbrils,crass_pyroborate); free(((char *)aquatints_tumbrils)); 0 --------------------------------- 10618 153695/main_statusbar.c cppfunc 1093 void stonesoup_handle_taint(char *outbelch_ramuscule) frecklish_anyplace = ((int )(strlen(outbelch_ramuscule))); monecious_whosises = ((char *)(malloc(frecklish_anyplace + 1))); 0 --------------------------------- 10619 152989/aviobuf.c cppfunc 1236 jmp_buf thyroepiglottic_sublanceolate; kilogramme_chipling = setjmp(thyroepiglottic_sublanceolate); longjmp(thyroepiglottic_sublanceolate,1); 0 --------------------------------- 10620 67406/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_07.c cppfunc 86 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10621 153124/utf.c cppfunc 123 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10622 153124/utf.c cppfunc 126 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10623 65199/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_08.c cppfunc 109 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 10624 153126/color.c cppfunc 104 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10625 153126/color.c cppfunc 108 dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10626 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c inputfunc 95 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 10627 153740/color.c cppfunc 362 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); free(c); 0 --------------------------------- 10628 70645/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_06.c cppfunc 197 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10629 153699/cmdline.c inputfunc 143 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&darlingtonia_jordans,"OFFLOADED_DUMBFOUNDED"); if (darlingtonia_jordans != 0) {; 0 --------------------------------- 10630 67427/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_44.c cppfunc 41 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10631 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c cppfunc 192 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 10632 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c cppfunc 195 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 10633 153188/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10634 110403/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_74.cpp cppfunc 186 data = 20; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int data = dataMap[2]; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10635 153744/types.c cppfunc 67 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10636 72848/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_01.c cppfunc 60 data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10637 73022/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52.c cppfunc 186 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52c_goodG2BSink(char * data) strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 10638 67341/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_65.c cppfunc 54 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10639 153668/error.c cppfunc 85 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10640 153042/color.c cppfunc 90 stonesoup_printf("String is too short to test\n"); stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("mod is true\n"); stonesoup_printf("mod is false\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10641 153042/color.c cppfunc 92 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10642 70440/CWE122_Heap_Based_Buffer_Overflow__CWE135_68.c cppfunc 190 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_68_goodB2GData = data; CWE122_Heap_Based_Buffer_Overflow__CWE135_68b_goodB2GSink(); void * data = CWE122_Heap_Based_Buffer_Overflow__CWE135_68_goodB2GData; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 10643 153739/color.c cppfunc 352 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10644 110348/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_64.c cppfunc 248 data = 20; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_64b_goodG2BSink(&data); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_64b_goodG2BSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10645 73054/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_15.c cppfunc 74 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 0 --------------------------------- 10646 67725/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_14.cpp cppfunc 194 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10647 67408/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_09.c cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10648 153182/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10649 70746/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_11.c cppfunc 89 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10650 110536/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54.c cppfunc 463 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54d_goodG2BSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54e_goodG2BSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54e_goodG2BSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10651 70886/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_07.c cppfunc 98 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10652 152946/file_wrappers.c cppfunc 117 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10653 152888/mem_dbg.c cppfunc 241 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10654 153649/pmsignal.c inputfunc 144 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&sowing_lurched,"IMPRESSIBLE_ALMAGRA"); if (sowing_lurched != 0) {; *oki_akmudar = sowing_lurched; 0 --------------------------------- 10655 153649/pmsignal.c cppfunc 141 stonesoup_read_taint(&sowing_lurched,"IMPRESSIBLE_ALMAGRA"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 10656 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c cppfunc 394 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54d_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_54e_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54e_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10657 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c cppfunc 397 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 10658 153286/mux.c cppfunc 81 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10659 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c cppfunc 319 void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53d_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10660 70836/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_05.c cppfunc 99 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10661 153181/mux.c inputfunc 139 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&unprettified_doscher,"DETAILIST_ITEM"); if (unprettified_doscher != 0) {; 0 --------------------------------- 10662 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c cppfunc 349 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 0 --------------------------------- 10663 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c cppfunc 346 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_start(args, data); 0 --------------------------------- 10664 153181/mux.c cppfunc 136 stonesoup_read_taint(&unprettified_doscher,"DETAILIST_ITEM"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); 0 --------------------------------- 10665 152866/gimpdisplay.c cppfunc 128 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10666 152866/gimpdisplay.c cppfunc 124 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10667 71470/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_15.c cppfunc 112 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 0 --------------------------------- 10668 66317/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_65.c cppfunc 54 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10669 72960/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_17.c cppfunc 68 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10670 148881/emem.c cppfunc 1490 emem_tree_insert_string(emem_tree_t* se_tree, const gchar* k, void* v, guint32 flags) guint32 len = (guint32) strlen(k); ch = (unsigned char)k[i]; if(isupper(ch)) { 0 --------------------------------- 10671 72743/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67.c cppfunc 134 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 0 --------------------------------- 10672 73028/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_64.c cppfunc 122 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strcat(dest, data); printLine(data); free(data); 0 --------------------------------- 10673 72282/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_11.c cppfunc 69 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10674 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c cppfunc 430 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52c_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10675 153617/emem.c cppfunc 196 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10676 72196/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_31.c cppfunc 73 data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 10677 153617/emem.c cppfunc 193 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10678 110331/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_22.c cppfunc 77 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_22_goodG2B1Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10679 72954/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_11.c cppfunc 71 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10680 148916/strutil.c cppfunc 390 hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; q = p+1; r = p+2; s = p+3; && isxdigit(*p) && isxdigit(*q) && isxdigit(*r) && isxdigit(*s)) { punct = s + 1; if (is_byte_sep(*punct)) { p = punct; r = p+2; s = p+3; && isxdigit(*p) && isxdigit(*q) && isxdigit(*r) && isxdigit(*s)) { else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q + 1; s = p+3; isxdigit(*r) && isxdigit(*s)) { p = q; r = p+2; s = p+3; isxdigit(*r) && isxdigit(*s)) { else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; p = punct; p = q; s = p+3; isxdigit(*r) && isxdigit(*s)) { is_byte_sep(guint8 c) if (is_byte_sep(*punct)) { p = punct; r = p+2; s = p+3; isxdigit(*r) && isxdigit(*s)) { if (is_byte_sep(*punct)) { p = punct; r = p+2; s = p+3; isxdigit(*r) && isxdigit(*s)) { else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; r = p+2; s = p+3; isxdigit(*r) && isxdigit(*s)) { 0 --------------------------------- 10681 66294/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_15.c cppfunc 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10682 62750/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_73.cpp cppfunc 88 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10683 153355/subtrans.c cppfunc 91 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10684 153355/subtrans.c cppfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10685 153471/mux.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10686 153471/mux.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10687 62984/CWE121_Stack_Based_Buffer_Overflow__CWE135_64.c cppfunc 159 void CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_goodG2BSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 10688 153422/color.c cppfunc 603 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *hyperin_amls) free(((char *)hyperin_amls)); 0 --------------------------------- 10689 66859/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_72.cpp cppfunc 169 vector dataVector; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; wcscat(data, source); 0 --------------------------------- 10690 153405/main_filter_toolbar.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10691 70506/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_11.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10692 153405/main_filter_toolbar.c cppfunc 97 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10693 1633/snp9-ok.c cppfunc 64 buf = malloc(MAXSIZE); printf("result: %s\n", buf); free(buf); 0 --------------------------------- 10694 153003/cmdutils.c cppfunc 1855 jmp_buf ripens_treemaker; gemmae_brisky = setjmp(ripens_treemaker); longjmp(ripens_treemaker,1); 0 --------------------------------- 10695 70505/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_10.c cppfunc 93 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10696 69743/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_16.cpp cppfunc 59 data = new wchar_t[100]; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 10697 153292/config.c cppfunc 121 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10698 72379/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_12.c cppfunc 77 data[50-1] = '\0'; data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10699 153142/tile.c cppfunc 105 int enchanting_kilobyte = 105; stonesoup_read_taint(&cydonia_atrichia,"5486",enchanting_kilobyte); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 10700 73699/CWE124_Buffer_Underwrite__CWE839_listen_socket_06.c cppfunc 191 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10701 153208/e_camellia.c cppfunc 96 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10702 70980/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_05.c cppfunc 96 data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 0 --------------------------------- 10703 70536/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68.c cppfunc 186 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10704 70513/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_18.c cppfunc 91 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10705 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c cppfunc 200 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 10706 72795/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_74.cpp cppfunc 154 void badSink(map dataMap) wchar_t * data = dataMap[2]; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 0 --------------------------------- 10707 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c inputfunc 120 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 10708 67487/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_04.c cppfunc 82 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 0 --------------------------------- 10709 72803/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_04.c cppfunc 100 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 10710 72181/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_06.c cppfunc 103 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 10711 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c cppfunc 254 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); return data; data = goodB2GSource(data); goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10712 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c cppfunc 257 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 10713 110331/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_22.c cppfunc 102 data = -1; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_22_goodG2B2Source(data); data = 20; return data; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_22_goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); int CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_22_goodG2B2Source(int data) return data; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_22_goodG2B2Source(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10714 110837/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_82a.cpp cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10715 72891/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_74.cpp cppfunc 169 data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10716 67505/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_04.c cppfunc 91 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 10717 63605/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_14.c cppfunc 75 wchar_t * data; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 10718 66337/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_10.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10719 153490/shm_setup.c inputfunc 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 10720 153649/pmsignal.c cppfunc 425 char *interplait_transformance = 0; acondylous_meconophagist(&interplait_transformance); free(((char *)interplait_transformance)); 0 --------------------------------- 10721 199284/memory_allocation_failure.c cppfunc 393 ret = MAX_VAL; ret=5; return ret; memory_allocation_failure_011_gbl_u1 = (memory_allocation_failure_011_uni_001 * )malloc(memory_allocation_failure_011_func_001(1)*sizeof( memory_allocation_failure_011_uni_001 )); 0 --------------------------------- 10722 153022/cmdutils.c cppfunc 112 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10723 153501/e_camellia.c cppfunc 86 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10724 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c cppfunc 149 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 10725 153344/utf.c cppfunc 1056 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *baileyton_ethambutol;; stonesoup_read_taint(&baileyton_ethambutol,"TRUCKIE_LYSIGENIC"); urobilinemia_past . endosternum_disadvantaging = ((char *)baileyton_ethambutol); tungstosilicate_staid(urobilinemia_past); void tungstosilicate_staid(const struct cohesiveness_gelatinous grimacingly_undesirably) free(((char *)((struct cohesiveness_gelatinous )grimacingly_undesirably) . endosternum_disadvantaging)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&baileyton_ethambutol,"TRUCKIE_LYSIGENIC"); urobilinemia_past . endosternum_disadvantaging = ((char *)baileyton_ethambutol); tungstosilicate_staid(urobilinemia_past); 0 --------------------------------- 10726 153069/tile.c cppfunc 351 void stonesoup_handle_taint(char *smazes_crool) mutinying_fantasie = ((void *)smazes_crool); stationing_gilliver(mutinying_fantasie); void stationing_gilliver(void *const calippic_reveree) free(((char *)((char *)((void *)calippic_reveree)))); 0 --------------------------------- 10727 72088/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_09.c cppfunc 71 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 10728 153592/main_filter_toolbar.c cppfunc 134 int diphthongs_microreader = 596; stonesoup_read_taint(&aguamiel_peabird,"4980",diphthongs_microreader); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 10729 153127/utils.c cppfunc 3226 stonesoup_data = (struct stonesoup_struct *) malloc (sizeof (struct stonesoup_struct)); memset(stonesoup_data->buffer, 0, 128); stonesoup_data->before[stonesoup_i] = 5555; stonesoup_data->after[stonesoup_i] = 5555; free (stonesoup_data); 0 --------------------------------- 10730 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c cppfunc 309 void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63b_badSink(char * * dataPtr) char * data = *dataPtr; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10731 67571/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_04.cpp cppfunc 46 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10732 70407/CWE122_Heap_Based_Buffer_Overflow__CWE135_08.c cppfunc 185 data = NULL; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 10733 153296/timestamp.c cppfunc 178 jmp_buf galimatias_torbay; bottomchrome_conglutination = setjmp(galimatias_torbay); longjmp(galimatias_torbay,1); 0 --------------------------------- 10734 153296/timestamp.c cppfunc 173 va_list austrogaean_ensuite; __builtin_va_start(austrogaean_ensuite,wataps_poterium); pugrees_unveridic = (va_arg(austrogaean_ensuite,struct extacie_paean )); 0 --------------------------------- 10735 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c cppfunc 93 char dataBuffer[100] = ""; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) strcpy(data, "fixedstringtest"); return data; data = goodG2BSource(data); goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10736 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c cppfunc 96 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 10737 152963/pmsignal.c cppfunc 142 int morita_fortescue = 1001; stonesoup_read_taint(&bystander_salsas,"1088",morita_fortescue); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); 0 --------------------------------- 10738 66339/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_12.c cppfunc 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 10739 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c cppfunc 96 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); 0 --------------------------------- 10740 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c cppfunc 99 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 0 --------------------------------- 10741 153393/pgstat.c inputfunc 3357 if (fread((&tabbuf),1,sizeof(PgStat_StatTabEntry ),fpin) != sizeof(PgStat_StatTabEntry )) { switch(fgetc(fpin)){ if (fread((&dbbuf),1,((size_t )(&((PgStat_StatDBEntry *)0) -> tables)),fpin) != ((size_t )(&((PgStat_StatDBEntry *)0) -> tables))) { dbentry = ((PgStat_StatDBEntry *)(hash_search(dbhash,((void *)(&dbbuf . databaseid)),HASH_ENTER,&found))); memcpy(dbentry,(&dbbuf),sizeof(PgStat_StatDBEntry )); if (dbbuf . databaseid != onlydb && dbbuf . databaseid != ((Oid )0)) { if (fread((&funcbuf),1,sizeof(PgStat_StatFuncEntry ),fpin) != sizeof(PgStat_StatFuncEntry )) { funcentry = ((PgStat_StatFuncEntry *)(hash_search(funchash,((void *)(&funcbuf . functionid)),HASH_ENTER,&found))); memcpy(funcentry,(&funcbuf),sizeof(funcbuf)); FreeFile(fpin); 0 --------------------------------- 10742 110532/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_45.c cppfunc 98 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10743 153617/emem.c cppfunc 1191 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; union undercommander_overfee tupler_omnivident; char *cellular_studite;; stonesoup_read_taint(&cellular_studite,"SPECTERLIKE_SEMICARBAZONE"); tupler_omnivident . unwaving_pycnogonidium = cellular_studite; pococurantism_aceldamas = polyesters_immaturely(tupler_omnivident); union undercommander_overfee polyesters_immaturely(union undercommander_overfee talmudize_unintentionally) return talmudize_unintentionally; pococurantism_aceldamas = polyesters_immaturely(tupler_omnivident); free(((char *)pococurantism_aceldamas . unwaving_pycnogonidium)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&cellular_studite,"SPECTERLIKE_SEMICARBAZONE"); tupler_omnivident . unwaving_pycnogonidium = cellular_studite; pococurantism_aceldamas = polyesters_immaturely(tupler_omnivident); 0 --------------------------------- 10744 72445/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_51.c cppfunc 139 data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_51b_goodG2BSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10745 70744/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_09.c cppfunc 70 data = NULL; data = (char *)malloc((10+1)*sizeof(char)); strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10746 152887/color.c cppfunc 596 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *virulented_pecking; stonesoup_read_taint(&virulented_pecking,"GONZALO_TIECLASPS"); free(((char *)virulented_pecking)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&virulented_pecking,"GONZALO_TIECLASPS"); free(((char *)virulented_pecking)); 0 --------------------------------- 10747 152926/color.c cppfunc 93 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10748 110365/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_06.c cppfunc 120 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10749 153437/portalmem.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10750 153395/color.c cppfunc 105 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); 0 --------------------------------- 10751 72854/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_07.c cppfunc 99 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10752 153437/portalmem.c cppfunc 119 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10753 153395/color.c cppfunc 108 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10754 153538/tile-manager.c cppfunc 1020 void fredrich_outhiring(char **ethoxycaffeine_unpublic) coenzymatically_concrescible(ethoxycaffeine_unpublic); void coenzymatically_concrescible(char **keffer_footprints) free(((char *)keffer_footprints[9])); 0 --------------------------------- 10755 153208/e_camellia.c cppfunc 625 jmp_buf unerodent_bacteriophages; wrecker_wrencher = setjmp(unerodent_bacteriophages); longjmp(unerodent_bacteriophages,1); 0 --------------------------------- 10756 70499/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_04.c cppfunc 99 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 10757 72419/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_04.c cppfunc 97 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 0 --------------------------------- 10758 70497/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_02.c cppfunc 270 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10759 66572/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_05.c cppfunc 68 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10760 153498/mem_dbg.c cppfunc 231 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); free(dirpath); 0 --------------------------------- 10761 152931/tile.c cppfunc 52 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10762 72839/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67.c cppfunc 135 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67_structType myStruct) char * data = myStruct.structFirst; strcat(data, source); printLine(data); free(data); 0 --------------------------------- 10763 70666/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_43.cpp cppfunc 300 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10764 71883/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_74.cpp cppfunc 151 void badSink(map dataMap) twoIntsStruct * data = dataMap[2]; memcpy(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 0 --------------------------------- 10765 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c cppfunc 192 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 0 --------------------------------- 10766 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c cppfunc 195 data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 0 --------------------------------- 10767 153624/color.c cppfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); 0 --------------------------------- 10768 153544/color.c cppfunc 603 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *thuggeries_ropily) free(((char *)thuggeries_ropily)); 0 --------------------------------- 10769 153625/utf.c cppfunc 97 va_list argptr; va_start(argptr, format); mg_vprintf_data((struct mg_connection*) stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10770 72336/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_17.c cppfunc 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 0 --------------------------------- 10771 67512/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_11.c cppfunc 38 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_11_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_11_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); 0 --------------------------------- 10772 153769/utils.c cppfunc 4838 char *endptr; prog_id = (strtol(spec,&endptr,0)); if (( *(endptr++)) == ':') { int stream_idx = (strtol(endptr,((void *)0),0)); 0 --------------------------------- 10773 152946/file_wrappers.c cppfunc 110 ss_tc_root = getenv("SS_TC_ROOT"); size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); 0 --------------------------------- 10774 149125/heap_overflow_cplx-bad.c cppfunc 47 unsigned int r; f = fopen("/dev/urandom", "rb"); if(fread(&r, sizeof r, 1, f) != 1) return r; unsigned length = getRand() % 50 - 1; char *t = malloc((length + 1) * sizeof(char)); 0 --------------------------------- 10775 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c cppfunc 154 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 10776 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c cppfunc 151 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_start(args, data); 0 --------------------------------- 10777 153706/cmdline.c cppfunc 102 int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); 0 --------------------------------- 10778 110372/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_13.c cppfunc 116 data = -1; data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 0 --------------------------------- 10779 153364/cmdutils.c cppfunc 789 idx = locate_option(argc,argv,options,"v"); char *tail; if (!strcmp(log_levels[i] . name,arg)) { level = (strtol(arg,&tail,'\n')); int locate_option(int argc,char **argv,const OptionDef *options,const char *optname) opt_loglevel(((void *)0),"loglevel",argv[idx + 1]); int opt_loglevel(void *optctx,const char *opt,const char *arg) level = (strtol(arg,&tail,'\n')); void parse_loglevel(int argc,char **argv,const OptionDef *options) int idx = locate_option(argc,argv,options,"loglevel"); 0 --------------------------------- 10780 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c inputfunc 42 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_53b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53b_badSink(char * data); 0 --------------------------------- 10781 70510/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_15.c cppfunc 207 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 0 --------------------------------- 10782 153748/color.c cppfunc 363 colors = strcpy((xmalloc(strlen(s) + 1)),s); arg = split(colors,":",&n); char **split(char *str,char *delim,int *nwrds); free(colors); 0 --------------------------------- 10783 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c cppfunc 363 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68_goodB2GData = data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68b_goodB2GSink(); char * data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68_goodB2GData; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_start(args, data); 0 --------------------------------- 10784 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c cppfunc 366 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 0 --------------------------------- 10785 153493/mem_dbg.c cppfunc 928 airlifted_protoplasma = telegn_incomplete(futz_rakestele); cocreatorship_provisorily(manometries_logopedics,airlifted_protoplasma); cocreatorship_provisorily(cotyliform_shellshake,palar_oxygenate); void cocreatorship_provisorily(int cotyliform_shellshake,char *palar_oxygenate) free(((char *)palar_oxygenate)); 0 --------------------------------- 10786 73544/CWE123_Write_What_Where_Condition__listen_socket_73.cpp cppfunc 101 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10787 67718/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_07.cpp inputfunc 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; 0 --------------------------------- 10788 79406/CWE134_Uncontrolled_Format_String__char_console_fprintf_31.c inputfunc 97 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; fprintf(stdout, "%s\n", data); 0 --------------------------------- 10789 72842/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_73.cpp cppfunc 150 void badSink(list dataList) char * data = dataList.back(); strcat(data, source); printLine(data); free(data); 0 --------------------------------- 10790 72207/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53.c cppfunc 263 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53d_goodG2BSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 0 --------------------------------- 10791 66307/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_44.c cppfunc 71 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 10792 67715/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_04.cpp cppfunc 89 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10793 153625/utf.c cppfunc 95 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10794 153769/utils.c cppfunc 4832 int avformat_match_stream_specifier(AVFormatContext *s,AVStream *st,const char *spec) char *endptr; spec += 2; prog_id = (strtol(spec,&endptr,0)); 0 --------------------------------- 10795 152925/eng_lib.c cppfunc 116 va_list argptr; va_start(argptr, format); vfprintf(stonesoup_printf_context, format, argptr); va_end(argptr); 0 --------------------------------- 10796 152925/eng_lib.c cppfunc 114 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10797 62716/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_09.c cppfunc 292 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 10798 72086/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_07.c cppfunc 77 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 0 --------------------------------- 10799 153156/e_camellia.c cppfunc 623 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *rattooned_hatchetfishes) excrescencies_autoanalysis[4] = rattooned_hatchetfishes; contemning_sterrett[ *disbrain_cicadas] = excrescencies_autoanalysis; pygidid_bung = contemning_sterrett[ *disbrain_cicadas]; free(((char *)pygidid_bung[4])); 0 --------------------------------- 10800 70767/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53.c cppfunc 253 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53d_goodG2BSink(char * data) strcpy(data, source); printLine(data); free(data); 0 --------------------------------- 10801 152878/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 0 --------------------------------- 10802 153744/types.c cppfunc 422 return c - 32; struct hyposensitivity_pam overactivity_itchily = {0}; valentine_unprying(&overactivity_itchily); durables_breakthrough(overactivity_itchily); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, totty_grillage); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); void durables_breakthrough(const struct hyposensitivity_pam breastwork_galvanometry) totty_grillage = ((char *)((struct hyposensitivity_pam )breastwork_galvanometry) . cleanups_carneades); strcpy(stonesoup_heap_buffer_64, totty_grillage); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); 1 --------------------------------- 10803 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c inputfunc 52 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 10804 70865/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_61.c cppfunc 42 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_61b_badSource(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 10805 70407/CWE122_Heap_Based_Buffer_Overflow__CWE135_08.c cppfunc 59 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10806 71387/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_44.c cppfunc 32 static void badSink(char * data) strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 10807 153466/subtrans.c cppfunc 105 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10808 153588/file_wrappers.c cppfunc 107 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10809 153770/color.c inputfunc 550 bipartisanship_zopilote = getenv("NOS_SCRAIGH"); if (bipartisanship_zopilote != 0) {; maladroitly_rifler = ((char *)bipartisanship_zopilote); strcpy(stonesoup_data->buffer, maladroitly_rifler); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); for (; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); 1 --------------------------------- 10810 148966/packet-http.c cppfunc 1512 chunked_encoding_dissector(tvbuff_t **tvb_ptr, packet_info *pinfo, proto_tree *tree, int offset) gint chunk_offset = 0; tvb = *tvb_ptr; datalen = tvb_reported_length_remaining(tvb, offset); ti = proto_tree_add_text(tree, tvb, offset, datalen, linelen = tvb_find_line_end(tvb, offset, -1, &chunk_offset, TRUE); chunk_string = tvb_get_ephemeral_string(tvb, offset, linelen); chunk_size = strtol((gchar*)chunk_string, NULL, 16); datalen = tvb_reported_length_remaining(tvb, offset); chunk_size = datalen; chunk_tvb = tvb_new_subset(tvb, chunk_offset, chunk_size, datalen); tvb_memcpy(tvb, (guint8 *)(raw_data + raw_len), chunk_offset, chunk_size); chunk_ti = proto_tree_add_text(subtree, tvb, chunk_offset - offset + chunk_size + 2, chunk_ti = proto_tree_add_text(subtree, tvb, chunk_offset - offset + chunk_size + 2, "Data chunk (%u octets)", chunk_size); proto_tree_add_text(chunk_subtree, tvb, offset, chunk_offset - offset, "Chunk size: %u octets", chunk_size); data_tvb = tvb_new_subset(tvb, chunk_offset, chunk_size, chunk_size); proto_tree_add_text(chunk_subtree, tvb, chunk_offset + chunk_size, 2, "Chunk boundary"); offset = chunk_offset + chunk_size + 2; datalen = tvb_reported_length_remaining(tvb, offset); linelen = tvb_find_line_end(tvb, offset, -1, &chunk_offset, TRUE); chunk_string = tvb_get_ephemeral_string(tvb, offset, linelen); chunk_size = strtol((gchar*)chunk_string, NULL, 16); 1 --------------------------------- 10811 70656/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_17.c cppfunc 147 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 10812 110318/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_07.c cppfunc 124 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 10813 110479/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_34.c cppfunc 49 CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_34_unionType myUnion; int data = myUnion.unionSecond; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 10814 67282/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_43.cpp cppfunc 42 data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscat(dest, data); 1 --------------------------------- 10815 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c inputfunc 65 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 10816 62969/CWE121_Stack_Based_Buffer_Overflow__CWE135_32.c cppfunc 44 void * *dataPtr2 = &data; void * data = *dataPtr2; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 10817 62969/CWE121_Stack_Based_Buffer_Overflow__CWE135_32.c cppfunc 47 void * *dataPtr2 = &data; void * data = *dataPtr2; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10818 70991/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_16.c cppfunc 43 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 10819 72999/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_08.c cppfunc 52 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 10820 153382/mux.c cppfunc 103 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10821 70415/CWE122_Heap_Based_Buffer_Overflow__CWE135_16.c cppfunc 47 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; memcpy(dest, data, (dataLen+1)); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10822 70445/CWE122_Heap_Based_Buffer_Overflow__CWE135_82_bad.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__CWE135_82_bad::action(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10823 153559/avpacket.c cppfunc 465 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; return c; char *agenizing_herschelian;; stonesoup_read_taint(&agenizing_herschelian,"BURKES_STORZ"); nonsludging_unridableness = agenizing_herschelian; underporter_sufflaminate = stoutish_missample(nonsludging_unridableness); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); byelovo_echo stoutish_missample(byelovo_echo outbringing_azotic) return outbringing_azotic; underporter_sufflaminate = stoutish_missample(nonsludging_unridableness); algal_intercessive = ((char *)underporter_sufflaminate); stonesoup_taint_len = ((int )(strlen(algal_intercessive))); stonesoup_data->buffer[stonesoup_buff_size] = algal_intercessive[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); int stonesoup_toupper(int c) return c - 32; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&agenizing_herschelian,"BURKES_STORZ"); nonsludging_unridableness = agenizing_herschelian; underporter_sufflaminate = stoutish_missample(nonsludging_unridableness); 1 --------------------------------- 10824 148881/emem.c cppfunc 1308 node->left=new_node; new_node->u.is_subtree = is_subtree; node=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node=node->left; new_node->parent=node; node=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->left=NULL; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->right=NULL; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->key32=key; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->data= func(ud); new_node->data= func(ud); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->u.is_subtree = is_subtree; node->left=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node=new_node; new_node->parent=node; node=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); next_tree=lookup_or_insert32(se_tree, *key[0].key, create_sub_tree, se_tree, EMEM_TREE_NODE_IS_SUBTREE); key[0].length--; key[0].key++; emem_tree_insert32_array(next_tree, key, data); emem_tree_key_t key[2]; aligned[div-1] = 0x00000001; key[0].key = aligned; key[1].length = 0; key[1].key = NULL; emem_tree_insert32_array(se_tree, key, v); emem_tree_insert32_array(emem_tree_t *se_tree, emem_tree_key_t *key, void *data) next_tree=lookup_or_insert32(se_tree, *key[0].key, create_sub_tree, se_tree, EMEM_TREE_NODE_IS_SUBTREE); key++; emem_tree_insert32_array(next_tree, key, data); emem_tree_insert32_array(emem_tree_t *se_tree, emem_tree_key_t *key, void *data) next_tree=lookup_or_insert32(se_tree, *key[0].key, create_sub_tree, se_tree, EMEM_TREE_NODE_IS_SUBTREE); static void* lookup_or_insert32(emem_tree_t *se_tree, guint32 key, void*(*func)(void*),void* ud, int is_subtree) { node->left=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->key32=key; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->data= func(ud); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); emem_tree_insert_string(emem_tree_t* se_tree, const gchar* k, void* v, guint32 flags) guint32 len = (guint32) strlen(k); guint32 div = (len+3)/4+1; aligned = malloc(div * sizeof (guint32)); key[0].length = div; emem_tree_insert32_array(se_tree, key, v); 1 --------------------------------- 10825 199319/uninit_pointer.c cppfunc 410 uninit_pointer_016_gbl_doubleptr=(char**) malloc(10*sizeof(char*)); uninit_pointer_016_gbl_doubleptr[i]=(char*) malloc(10*sizeof(char)); strcpy(uninit_pointer_016_gbl_doubleptr[i],"STRING00"); char *s=(char*) malloc(10*sizeof(char)); uninit_pointer_016_func_002(); free (uninit_pointer_016_gbl_doubleptr[i]); strcpy(s,uninit_pointer_016_gbl_doubleptr[i]); free(s); 1 --------------------------------- 10826 152934/conf_mod.c cppfunc 687 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 10827 199233/buffer_overrun_dynamic.c cppfunc 608 dynamic_buffer_overrun_s_005* ptr_s= malloc(10*sizeof(dynamic_buffer_overrun_s_005)); ptr_s[i].arr[i]='a'; free(ptr_s); 1 --------------------------------- 10828 72809/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_10.c cppfunc 40 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 10829 70413/CWE122_Heap_Based_Buffer_Overflow__CWE135_14.c cppfunc 46 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10830 153746/color.c cppfunc 90 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10831 70403/CWE122_Heap_Based_Buffer_Overflow__CWE135_04.c cppfunc 52 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10832 70460/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_13.c cppfunc 133 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 10833 72374/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_07.c cppfunc 45 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 10834 67335/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 10835 70472/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_41.c cppfunc 69 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 10836 72978/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_62.cpp cppfunc 41 data = NULL; badSource(data); void badSource(wchar_t * &data); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 10837 66263/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 10838 148966/packet-sdp.c cppfunc 1936 static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) (tvb_strncaseeql(tvb, offset, sdp_media_attribute_names[i].name, len) == 0)) sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = colon_offset + 1; offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); proto_tree_add_uint(sdp_media_attribute_tree, hf_sdp_crypto_tag, tvb, offset, tokenlen, offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); if (tvb_strncaseeql(tvb, offset, "AES_CM_128_HMAC_SHA1_80", tokenlen) == 0) { } else if (tvb_strncaseeql(tvb, offset, "AES_CM_128_HMAC_SHA1_32", tokenlen) == 0) { } else if (tvb_strncaseeql(tvb, offset, "F8_128_HMAC_SHA1_80", tokenlen) == 0) { offset = next_offset + 1; param_end_offset = tvb_find_guint8(tvb, offset, -1, ';'); tvb, offset, param_end_offset-offset, "Key parameters"); next_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, param_end_offset-offset, "Key parameters"); if (tvb_strncaseeql(tvb, offset, "inline", next_offset-offset) == 0) { next_offset = tvb_find_guint8(tvb, offset, -1, '|'); data_p = tvb_get_ephemeral_string(tvb, offset, tokenlen); key_salt_tvb = base64_to_tvb(tvb, data_p); proto_tree_add_text(parameter_tree, tvb, offset, tokenlen, "Key and Salt"); next_offset = tvb_find_guint8(tvb, offset, -1, '|'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ':'); proto_tree_add_item(parameter_tree, hf_sdp_crypto_mki, tvb, offset, tokenlen, ENC_ASCII|ENC_NA); offset = next_offset + 1; next_offset = param_end_offset; tokenlen = next_offset - offset; transport_info->mki_len = atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen)); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); next_offset = tvb_find_guint8(tvb, offset, -1, ':'); proto_tree_add_item(parameter_tree, hf_sdp_crypto_mki, tvb, offset, tokenlen, ENC_ASCII|ENC_NA); offset = next_offset + 1; transport_info->mki_len = atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen)); offset = param_end_offset; param_end_offset = tvb_find_guint8(tvb, offset, -1, ';'); tvb, offset, param_end_offset-offset, "Key parameters"); next_offset = param_end_offset; tokenlen = next_offset - offset; transport_info->mki_len = atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen)); proto_tree_add_text(parameter_tree, tvb, next_offset + 1, tokenlen, param_end_offset = tvb_find_guint8(tvb, offset, -1, ';'); tvb, offset, param_end_offset-offset, "Key parameters"); next_offset = param_end_offset; tokenlen = next_offset - offset; transport_info->mki_len = atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen)); offset = param_end_offset; param_end_offset = tvb_find_guint8(tvb, offset, -1, ';'); param_end_offset = tvb_length(tvb); tvb, offset, param_end_offset-offset, "Key parameters"); next_offset = tvb_find_guint8(tvb, offset, -1, ':'); if (tvb_strncaseeql(tvb, offset, "inline", next_offset-offset) == 0) { offset = next_offset +1; next_offset = tvb_find_guint8(tvb, offset, -1, '|'); offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, '|'); next_offset = tvb_find_guint8(tvb, offset, -1, ':'); offset = next_offset + 1; next_offset = param_end_offset; tokenlen = next_offset - offset; transport_info->mki_len = atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen)); 1 --------------------------------- 10839 71459/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_04.c cppfunc 53 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 10840 72966/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_33.cpp cppfunc 43 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 10841 72285/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_14.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 10842 153300/config_file.c cppfunc 83 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10843 72722/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_21.c cppfunc 49 static wchar_t * badSource(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = badSource(data); data[100-1] = L'\0'; return data; data = badSource(data); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 10844 72450/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_62.cpp cppfunc 40 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data); strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 10845 153351/oids.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&sphenomaxillary_stereoscopy,"MOFW_BRAMLEY"); if (sphenomaxillary_stereoscopy != 0) {; pachysandra_depolarising = ((int )(strlen(sphenomaxillary_stereoscopy))); orthograde_unstack = ((char *)(malloc(pachysandra_depolarising + 1))); if (orthograde_unstack == 0) { memcpy(orthograde_unstack,sphenomaxillary_stereoscopy,pachysandra_depolarising); if (sphenomaxillary_stereoscopy != 0) free(((char *)sphenomaxillary_stereoscopy)); convex_nonheritor = &orthograde_unstack; cruciately_composite = &convex_nonheritor; glissandi_heliotype = ((char *)( *( *cruciately_composite))); stonesoup_fp = stonesoup_switch_func(glissandi_heliotype); if ( *( *cruciately_composite) != 0) free(((char *)( *( *cruciately_composite)))); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); return fct_ptr_addr; stonesoup_fp = stonesoup_switch_func(glissandi_heliotype); tracepoint(stonesoup_trace, variable_address, "stonesoup_fp", stonesoup_fp, "TRIGGER-STATE"); stonesoup_cmp_flag = ( *stonesoup_fp)(stonesoup_rand_word,glissandi_heliotype); if (stonesoup_cmp_flag == 0) 1 --------------------------------- 10846 110338/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_43.cpp cppfunc 123 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 10847 71922/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_62.cpp cppfunc 46 void badSource(twoIntsStruct * &data); data = NULL; badSource(data); badSource(data); memmove(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 1 --------------------------------- 10848 153275/column.c cppfunc 54 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10849 71212/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_81_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_81_goodG2B::action(wchar_t * data) const wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 10850 153753/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&iin_magnesia,"UNACCEPTANT_MULTIFAROUSLY"); if (iin_magnesia != 0) {; bluenesses_aleron = ((char *)iin_magnesia); stonesoup_buff_size = ((int )(strlen(bluenesses_aleron))); memcpy(stonesoup_data.buffer, bluenesses_aleron, 64); for (; stonesoup_i < stonesoup_buff_size; ++stonesoup_i){ tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); if (iin_magnesia != 0) free(((char *)iin_magnesia)); 1 --------------------------------- 10851 153656/color.c cppfunc 118 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10852 72372/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_05.c cppfunc 46 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 10853 79401/CWE134_Uncontrolled_Format_String__char_console_fprintf_16.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 10854 73300/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_43.cpp cppfunc 40 static void badSource(int64_t * &data) data = NULL; badSource(data); data = (int64_t *)malloc(sizeof(data)); *data = 2147483643LL; printLongLongLine(*data); free(data); 1 --------------------------------- 10855 70742/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_07.c cppfunc 48 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 10856 153074/utils.c cppfunc 874 return c - 32; return c; understriding_adesmy = getenv("OPTIMISED_ORBICULARLY"); sesuvium_christmasing . creachy_presubsistent = understriding_adesmy; cacatua_citable = ((char *)sesuvium_christmasing . creachy_presubsistent); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, cacatua_citable); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 10857 71369/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_10.c cppfunc 40 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 10858 72412/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_81_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_81_bad::action(char * data) const strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 10859 152948/mutex.c cppfunc 273 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(gerara_supertrain, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 10860 152970/color.c cppfunc 629 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *ecclesiasticus_restibrachium; stonesoup_read_taint(&ecclesiasticus_restibrachium,"DANIELLE_BRUSHBALL"); fisk_vinegar = ((char *)ecclesiasticus_restibrachium); strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); *stonesoup_buffer_ptr = fisk_vinegar; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&ecclesiasticus_restibrachium,"DANIELLE_BRUSHBALL"); fisk_vinegar = ((char *)ecclesiasticus_restibrachium); strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); *stonesoup_buffer_ptr = fisk_vinegar; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); free(stonesoup_buffer_ptr); 1 --------------------------------- 10861 153519/cmdline.c cppfunc 1167 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, snatches_phonying, strlen(snatches_phonying) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 10862 153683/tile.c cppfunc 79 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10863 153355/subtrans.c cppfunc 103 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10864 153137/emem.c cppfunc 195 stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10865 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 10866 153253/color.c cppfunc 90 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10867 72988/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_81_goodG2B.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_81_goodG2B::action(wchar_t * data) const wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 10868 71404/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_81_bad.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_81_bad::action(char * data) const strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 10869 73045/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_06.c cppfunc 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 10870 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 10871 153422/color.c cppfunc 90 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10872 153428/utils.c cppfunc 111 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10873 72712/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_09.c cppfunc 39 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 10874 67607/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_67.cpp cppfunc 47 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 10875 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c cppfunc 49 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10876 199235/buffer_underrun_dynamic.c cppfunc 134 double *buf=(double*) calloc(5,sizeof(double)); buf[i]=1.0; free(buf); 1 --------------------------------- 10877 110317/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_06.c cppfunc 122 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 10878 70660/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_31.c cppfunc 144 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 10879 70762/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_43.cpp cppfunc 47 data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 10880 153128/avfilter.c cppfunc 48 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10881 153049/subtrans.c cppfunc 103 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10882 110333/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_32.c cppfunc 123 int *dataPtr2 = &data; int data = *dataPtr2; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 10883 79459/CWE134_Uncontrolled_Format_String__char_console_printf_42.c inputfunc 35 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = badSource(data); printf(data); 1 --------------------------------- 10884 70839/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_08.c cppfunc 57 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 10885 72748/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_81_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_81_goodG2B::action(wchar_t * data) const wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 10886 72769/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_18.c cppfunc 43 data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 10887 153329/avfilter.c cppfunc 1016 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, worrit_thundershower, strlen(worrit_thundershower) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 10888 199233/buffer_overrun_dynamic.c cppfunc 333 int *buf=(int*) calloc(5,sizeof(int)); int indexes[4] = {3, 4, 5, 6}; *(buf+indexes[index]) = 1; free(buf); 1 --------------------------------- 10889 152868/color.c cppfunc 120 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10890 72785/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61.c cppfunc 42 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61b_badSource(data); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 10891 71477/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_32.c cppfunc 51 char * *dataPtr2 = &data; char * data = *dataPtr2; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 10892 67445/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_82a.cpp cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 10893 199235/buffer_underrun_dynamic.c cppfunc 98 long *buf=(long*) calloc(5,sizeof(long)); buf[i]=1; free(buf); 1 --------------------------------- 10894 152878/color.c cppfunc 604 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 10895 72765/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_14.c cppfunc 44 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 10896 153331/emem.c cppfunc 176 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10897 153229/string.c cppfunc 1171 return c - 32; char *liponis_heredium = 0; unconcatenated_diddies(&liponis_heredium); wonderers_silicean = preexpend_pretranslation(liponis_heredium); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); char *preexpend_pretranslation(char *endangiitis_osirification) return endangiitis_osirification; wonderers_silicean = preexpend_pretranslation(liponis_heredium); rort_unexorbitant = ((char *)wonderers_silicean); stonesoup_taint_len = ((int )(strlen(rort_unexorbitant))); stonesoup_heap_buff_64[stonesoup_buff_size] = rort_unexorbitant[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free(stonesoup_heap_buff_64); 1 --------------------------------- 10898 72326/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_07.c cppfunc 45 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 10899 72801/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_02.c cppfunc 40 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 10900 152873/portalmem.c cppfunc 128 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10901 153486/bufmgr.c cppfunc 2715 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, cunaxa_lyonnesse, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 10902 199253/double_free.c cppfunc 149 double_free_function_008_gbl_ptr= (char*) malloc(sizeof(char)); double_free_function_008(); free (double_free_function_008_gbl_ptr); double_free_function_008(); free(double_free_function_008_gbl_ptr); 1 --------------------------------- 10903 70764/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_45.c cppfunc 39 data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_45_badData; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 10904 71466/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_11.c cppfunc 46 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 10905 67489/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_06.c cppfunc 52 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_06_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_06_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_06_bad(); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 10906 72768/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_17.c cppfunc 45 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 10907 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c cppfunc 41 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 10908 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c cppfunc 44 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10909 199233/buffer_overrun_dynamic.c cppfunc 131 double *buf=(double*) calloc(5,sizeof(double)); buf[i]=1.0; free(buf); 1 --------------------------------- 10910 153193/color.c cppfunc 118 stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10911 153480/bss_file.c cppfunc 543 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, cobstone_zostera, strlen(cobstone_zostera) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 10912 153721/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&impartibilibly_theogeological,"URTICA_UNDERBEAR"); if (impartibilibly_theogeological != 0) {; antiperthite_rodsman = ((char *)impartibilibly_theogeological); stonesoup_fp = stonesoup_switch_func(antiperthite_rodsman); if (impartibilibly_theogeological != 0) free(((char *)impartibilibly_theogeological)); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); return fct_ptr_addr; stonesoup_fp = stonesoup_switch_func(antiperthite_rodsman); tracepoint(stonesoup_trace, variable_address, "stonesoup_fp", stonesoup_fp, "TRIGGER-STATE"); stonesoup_cmp_flag = ( *stonesoup_fp)(stonesoup_rand_word,antiperthite_rodsman); if (stonesoup_cmp_flag == 0) 1 --------------------------------- 10913 110356/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_81_goodG2B.cpp cppfunc 37 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_81_goodG2B::action(int data) const intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 10914 71004/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_45.c cppfunc 39 data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_45_badData = data; badSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_45_badData; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 10915 72845/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_82_goodG2B.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_82_goodG2B::action(char * data) strcat(data, source); printLine(data); free(data); 1 --------------------------------- 10916 148966/strutil.c cppfunc 633 oid_str_to_bytes(const char *oid_str, GByteArray *bytes) { p = oid_str; if (!isdigit((guchar)*p) && (*p != '.')) return FALSE; 1 --------------------------------- 10917 148966/packet-sdp.c cppfunc 1385 bytes_tvb = tvb_new_child_real_data(tvb, buf, i, i); proto_tree_add_text(tree, tvb, offset, tokenlen, "Debug; Analysed string: '%s'", next_offset = tvb_find_guint8(tvb, offset, -1, '='); offset = next_offset; offset++; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_fmtp_mpeg4_profile_level_id, tvb, offset, tokenlen, format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_fmtp_h263_profile, tvb, offset, tokenlen, offset++; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_fmtp_h263_level, tvb, offset, tokenlen, atol((char*)format_specific_parameter)); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); item = proto_tree_add_text(tree, tvb, offset, tokenlen, "Incorrectly coded, must be three bytes"); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_h264_packetization_mode, tvb, offset, tokenlen, comma_offset = tvb_find_guint8(tvb, offset, -1, ','); data_p = tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_text(tree, tvb, offset, tokenlen, "NAL unit 1 string: %s", data_p); data_tvb = base64_to_tvb(tvb, data_p); show_reported_bounds_error(tvb, pinfo, tree); data_p = tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_text(tree, tvb, offset, tokenlen, "NAL unit 2 string: %s", data_p); data_tvb = base64_to_tvb(tvb, data_p); (tvb_strncaseeql(tvb, offset, sdp_media_attribute_names[i].name, len) == 0)) offset = 0; colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = colon_offset + 1; offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); hf_media_format, tvb, offset, media_format = atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen)); payload_type = tvb_get_ephemeral_string(tvb, offset, tokenlen); offset = next_offset + 1; decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, next_offset = tvb_find_guint8(tvb, offset, -1, ';'); offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset= tvb_length(tvb); tokenlen = next_offset - offset; hf_media_format_specific_parameter, tvb, decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, hf_media_format_specific_parameter, tvb, offset = next_offset + 1; offset, tokenlen, ENC_ASCII|ENC_NA); decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, ascii_bytes_to_tvb(tvbuff_t *tvb, packet_info *pinfo, gint len, gchar *msg) data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); atol((char*)format_specific_parameter)); data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); decode_sdp_fmtp(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, gint offset, gint tokenlen, char *mime_type) { end_offset = offset + tokenlen; proto_tree_add_text(tree, tvb, offset, tokenlen, "Debug; Analysed string: '%s'", next_offset = tvb_find_guint8(tvb, offset, -1, '='); field_name = tvb_get_ephemeral_string(tvb, offset, tokenlen); tokenlen = end_offset - offset; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); atol((char*)format_specific_parameter)); decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, hf_media_format_specific_parameter, tvb, decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, decode_sdp_fmtp(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, gint offset, gint tokenlen, char *mime_type) { field_name = tvb_get_ephemeral_string(tvb, offset, tokenlen); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); atol((char*)format_specific_parameter)); static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); next_offset = tvb_find_guint8(tvb, offset, -1, ';'); hf_media_format_specific_parameter, tvb, decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, 1 --------------------------------- 10918 62966/CWE121_Stack_Based_Buffer_Overflow__CWE135_21.c cppfunc 40 size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); data = (void *)WIDE_STRING; badSink(data); static void badSink(void * data) memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10919 153440/color.c cppfunc 598 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; return c - 32; char *commutating_persicaria; stonesoup_read_taint(&commutating_persicaria,"REVOCATION_CONSUMPTIBLE"); danyelle_dulcetly = ((char *)commutating_persicaria); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(danyelle_dulcetly))); stonesoup_heap_buff_64[stonesoup_buff_size] = danyelle_dulcetly[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&commutating_persicaria,"REVOCATION_CONSUMPTIBLE"); danyelle_dulcetly = ((char *)commutating_persicaria); stonesoup_taint_len = ((int )(strlen(danyelle_dulcetly))); stonesoup_heap_buff_64[stonesoup_buff_size] = danyelle_dulcetly[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free(stonesoup_heap_buff_64); 1 --------------------------------- 10920 72330/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_11.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 10921 70905/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_42.c cppfunc 46 data = (char *)malloc(10*sizeof(char)); return data; data = badSource(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 10922 70755/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22.c cppfunc 44 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_badSource(data); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 10923 153023/avpacket.c cppfunc 69 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10924 72428/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_13.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 10925 70928/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_01.c cppfunc 40 data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 10926 110483/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_44.c cppfunc 34 static void badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 10927 62973/CWE121_Stack_Based_Buffer_Overflow__CWE135_42.c cppfunc 45 data = (void *)WIDE_STRING; return data; data = badSource(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10928 62973/CWE121_Stack_Based_Buffer_Overflow__CWE135_42.c cppfunc 42 data = (void *)WIDE_STRING; return data; data = badSource(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 10929 110374/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_15.c cppfunc 61 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 10930 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 10931 72953/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_10.c cppfunc 40 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 10932 72365/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_82_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_82_bad::action(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 10933 72815/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_16.c cppfunc 41 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 10934 153049/subtrans.c cppfunc 414 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(depressing_mirthsome, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); 1 --------------------------------- 10935 110690/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_73.cpp cppfunc 44 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 10936 153312/config.c cppfunc 110 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10937 72431/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_16.c cppfunc 40 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 10938 153557/conversation.c inputfunc 157 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&gottingen_ophthalmometer,"OSCILLATIONS_ANNUNCIATORY"); if (gottingen_ophthalmometer != 0) {; carinal_stuber . dunkers_crosette = gottingen_ophthalmometer; outstretching_hoppestere[ *pratfalls_chipling] = carinal_stuber; schuit_shovelbill = outstretching_hoppestere[ *pratfalls_chipling]; TRYPANOSOMA_ILLAQUEATION(schuit_shovelbill); void twangy_entourage(union orchidectomies_carrel dermatorrhagia_niched) TRYPANOSOMA_ILLAQUEATION(schuit_shovelbill); scrogie_transmitter = ((char *)dermatorrhagia_niched . dunkers_crosette); stonesoup_fp = stonesoup_switch_func(scrogie_transmitter); if (dermatorrhagia_niched . dunkers_crosette != 0) free(((char *)dermatorrhagia_niched . dunkers_crosette)); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); return fct_ptr_addr; stonesoup_fp = stonesoup_switch_func(scrogie_transmitter); tracepoint(stonesoup_trace, variable_address, "stonesoup_fp", stonesoup_fp, "TRIGGER-STATE"); stonesoup_cmp_flag = ( *stonesoup_fp)(stonesoup_rand_word,scrogie_transmitter); if (stonesoup_cmp_flag == 0) 1 --------------------------------- 10939 153671/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10940 72085/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_06.c cppfunc 44 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 10941 148966/emem.c cppfunc 2294 va_list ap; va_start(ap, format); ep_strbuf_append_vprintf(strbuf, format, ap); ep_strbuf_append_vprintf(emem_strbuf_t *strbuf, const gchar *format, va_list ap) G_VA_COPY(ap2, ap); full_len = g_vsnprintf(&strbuf->str[strbuf->len], (gulong) add_len, format, ap); va_end(ap); 1 --------------------------------- 10942 152903/color.c cppfunc 599 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *hotheadednesses_protoactinium; stonesoup_read_taint(&hotheadednesses_protoactinium,"RUPESTRAL_UNCUMBER"); wreckage_conceding = ((char *)hotheadednesses_protoactinium); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(wreckage_conceding))); memcpy(stonesoup_data->buffer, wreckage_conceding, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&hotheadednesses_protoactinium,"RUPESTRAL_UNCUMBER"); wreckage_conceding = ((char *)hotheadednesses_protoactinium); stonesoup_buff_size = ((int )(strlen(wreckage_conceding))); memcpy(stonesoup_data->buffer, wreckage_conceding, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 10943 70945/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_18.c cppfunc 42 data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 10944 70837/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_06.c cppfunc 47 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 10945 67487/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_04.c cppfunc 53 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_04_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_04_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 10946 70417/CWE122_Heap_Based_Buffer_Overflow__CWE135_18.c cppfunc 45 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10947 70526/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 10948 70526/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52.c inputfunc 35 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52b_badSink(int data); 1 --------------------------------- 10949 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c cppfunc 64 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 10950 70465/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_18.c cppfunc 132 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 10951 72855/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_08.c cppfunc 54 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 10952 153625/utf.c cppfunc 1037 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 10953 153792/gimpdisplay.c inputfunc 103 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&irishwomen_simeonite,"9330",wanderoo_hybridising); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 10954 72498/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_62.cpp cppfunc 45 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data); SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 1 --------------------------------- 10955 70743/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_08.c cppfunc 56 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 10956 110691/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_74.cpp cppfunc 44 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 10957 70416/CWE122_Heap_Based_Buffer_Overflow__CWE135_17.c cppfunc 47 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; memcpy(dest, data, (dataLen+1)); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10958 72364/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_81_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_81_bad::action(char * data) const memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 10959 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c inputfunc 52 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 10960 153029/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&middled_nontenableness,"VILLATE_EPICOELIAC"); if (middled_nontenableness != 0) {; jenna_resicken = ((char *)middled_nontenableness); stonesoup_other_buff[7] = jenna_resicken; stonesoup_buff_size = ((int )(strlen(jenna_resicken))); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_other_buff", stonesoup_other_buff, "INITIAL-STATE"); for (; stonesoup_buff_size >= 0; (--stonesoup_my_buff_size , --stonesoup_buff_size)) { stonesoup_stack_buff_64[stonesoup_my_buff_size] = jenna_resicken[stonesoup_buff_size]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buff_64", stonesoup_stack_buff_64, "CROSSOVER-STATE"); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(jenna_resicken)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); if (middled_nontenableness != 0) free(((char *)middled_nontenableness)); void stonesoup_printf(char * format, ...) { stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buff_64", stonesoup_stack_buff_64, "FINAL-STATE"); int stonesoup_toupper(int c) return c; stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); 1 --------------------------------- 10961 71479/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_34.c cppfunc 53 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_34_unionType myUnion; char * data = myUnion.unionSecond; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 10962 73170/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_62.cpp cppfunc 39 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); void badSource(wchar_t * &data); wcscpy(dest, data); printWLine(data); free(data); 1 --------------------------------- 10963 72203/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_44.c cppfunc 38 static void badSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 10964 67336/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 10965 72090/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_11.c cppfunc 40 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 10966 70894/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_15.c cppfunc 49 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 10967 199233/buffer_overrun_dynamic.c cppfunc 515 int *buf1=(int*) calloc(5,sizeof(int)); int *buf2=(int*) calloc(3,sizeof(int)); for(i=0;i<5;i++) *(buf1+i)=i; *(buf2+*(buf1+5))=1; free(buf2); 1 --------------------------------- 10968 71181/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_14.c cppfunc 43 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 10969 70401/CWE122_Heap_Based_Buffer_Overflow__CWE135_02.c cppfunc 46 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 10970 70517/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_32.c cppfunc 73 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 10971 72892/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_81_goodG2B.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_81_goodG2B::action(char * data) const strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 10972 153079/cmdline.c cppfunc 108 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10973 153001/avpacket.c cppfunc 77 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10974 153599/mem_dbg.c cppfunc 921 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, infirmable_gerardia, strlen(infirmable_gerardia) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 10975 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c cppfunc 61 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 10976 152957/heapam.c inputfunc 162 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&fairway_obsessions,"CAMPO_COPROSE"); if (fairway_obsessions != 0) {; reheighten_watchung . paroecism_thersitical = fairway_obsessions; dks_melisma = ((char *)reheighten_watchung . paroecism_thersitical); if (strlen(dks_melisma) < 20) { realpath(dks_melisma, stonesoup_data.base_path); if (reheighten_watchung . paroecism_thersitical != 0) free(((char *)reheighten_watchung . paroecism_thersitical)); 1 --------------------------------- 10977 153466/subtrans.c cppfunc 442 spirepole_essig = ((char *)(impassibleness_chevret - 5)[38]); stonesoup_buff_size = strlen(spirepole_essig) + 1; stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); spirepole_essig[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); 1 --------------------------------- 10978 153104/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&sauerkrauts_antisemitism,"DENNYSVILLE_PLEASING"); if (sauerkrauts_antisemitism != 0) {; recorde_iconodulist = ((char *)sauerkrauts_antisemitism); strcpy(stonesoup_data->buffer, recorde_iconodulist); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); for (; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); if (sauerkrauts_antisemitism != 0) free(((char *)sauerkrauts_antisemitism)); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); 1 --------------------------------- 10979 70498/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_03.c cppfunc 70 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 10980 70881/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_02.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 10981 72373/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_06.c cppfunc 43 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 10982 71184/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_17.c cppfunc 44 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 10983 72369/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_02.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 10984 153533/dirent_uri.c inputfunc 142 atef_kodurite = getenv("SILKMEN_OVEREMPIRICALLY"); if (atef_kodurite != 0) {; thesmothetes_milyukov = atef_kodurite; audiovisual_enhydris[ *( *nefandousness_belonging)] = thesmothetes_milyukov; stomatodynia_vandyke = audiovisual_enhydris[ *( *nefandousness_belonging)]; repegged_woodfish = ((char *)stomatodynia_vandyke); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(repegged_woodfish)+1, repegged_woodfish, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, repegged_woodfish, strlen(repegged_woodfish) + 1); 1 --------------------------------- 10985 148966/packet-cip.c cppfunc 3308 dissect_cip_date_and_time(tree, tvb, offset, *(attr->phf)); expert_add_info_format(pinfo, item, PI_PROTOCOL, PI_WARN, "Unsupported Datatype"); att_size = dissect_cip_attribute(pinfo, att_tree, att_item, tvb, attr, offset, tvb_reported_length_remaining(tvb, offset)); proto_item_set_len(att_item, att_size+4); att_size = dissect_cip_attribute(pinfo, att_tree, att_item, tvb, attr, offset, tvb_reported_length_remaining(tvb, offset)); dissect_cip_attribute(packet_info *pinfo, proto_tree *tree, proto_item *item, tvbuff_t *tvb, consumed = attr->pdissect(pinfo, tree, item, tvb, offset, total_len); return consumed; att_size = dissect_cip_attribute(pinfo, att_tree, att_item, tvb, attr, offset, tvb_reported_length_remaining(tvb, offset)); offset += att_size; att_size = dissect_cip_attribute(pinfo, att_tree, att_item, tvb, attr, offset, tvb_reported_length_remaining(tvb, offset)); attribute_info_t* attr, int offset, int total_len) temp_data = tvb_get_letohs( tvb, offset); computed_time = CIP_TIMEBASE+(temp_data*60*60*24); date = gmtime(&computed_time); att_size = dissect_cip_attribute(pinfo, att_tree, att_item, tvb, attr, offset, tvb_reported_length_remaining(tvb, offset)); offset += att_size; att_size = dissect_cip_attribute(pinfo, att_tree, att_item, tvb, attr, offset, tvb_reported_length_remaining(tvb, offset)); attribute_info_t* attr, int offset, int total_len) temp_data = tvb_get_letohs( tvb, offset); computed_time = CIP_TIMEBASE+(temp_data*60*60*24); date = gmtime(&computed_time); void dissect_cip_date_and_time(proto_tree *tree, tvbuff_t *tvb, int offset, int hf_datetime) proto_tree_add_time(tree, hf_datetime, tvb, offset, 6, &computed_time); dissect_cip_date_and_time(tree, tvb, offset, *(attr->phf)); 1 --------------------------------- 10986 153783/string.c cppfunc 82 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10987 153122/gimpdialogfactory.c cppfunc 122 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 10988 70649/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_10.c cppfunc 146 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 10989 153718/hashfn.c cppfunc 222 return c - 32; hepsiba_bretwalda = temenus_interrelation(seamrog_creedless); kinnor_eldorado(nonamorous_ichthyopsida,hepsiba_bretwalda); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); void kinnor_eldorado(int world_kachcha,struct drago_unlikeliest magellanian_visitorial) electrophilic_lionized = ((char *)magellanian_visitorial . stempel_outdraft); stonesoup_taint_len = ((int )(strlen(electrophilic_lionized))); stonesoup_data->buffer[stonesoup_buff_size] = electrophilic_lionized[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free(stonesoup_data); 1 --------------------------------- 10990 72775/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_34.c cppfunc 51 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 10991 148966/packet-ber.c cppfunc 5010 guint i = 1; ber_decode_as_foreach(ber_add_syntax_name, &i); qsort(&syntax_names[1], i - 1, sizeof(value_string), cmp_value_string); void ber_decode_as_foreach(GHFunc func, gpointer user_data) ber_decode_as_foreach(ber_add_syntax_name, &i); qsort(&syntax_names[1], i - 1, sizeof(value_string), cmp_value_string); 1 --------------------------------- 10992 72186/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_11.c cppfunc 46 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 10993 70834/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_03.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 10994 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 10995 73054/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_15.c cppfunc 44 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 10996 70953/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_42.c cppfunc 46 data = (char *)malloc(10*sizeof(char)); return data; data = badSource(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 10997 72954/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_11.c cppfunc 40 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 10998 70737/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_02.c cppfunc 42 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 10999 153638/oids.c cppfunc 1398 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 11000 148804/strings.c cppfunc 103 va_list aq; va_copy(aq, ap); res = vsnprintf((*buf)->__AST_STR_STR + offset, (*buf)->__AST_STR_LEN - offset, fmt, aq); va_end(aq); 1 --------------------------------- 11001 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 11002 72196/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_31.c cppfunc 46 data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 11003 153487/error.c cppfunc 101 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11004 66613/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_82a.cpp cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11005 153000/color.c cppfunc 120 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11006 148966/packet-sdp.c cppfunc 1647 static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) (tvb_strncaseeql(tvb, offset, sdp_media_attribute_names[i].name, len) == 0)) offset = 0; colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = colon_offset + 1; offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); tokenlen = next_offset - offset; proto_tree_add_item(sdp_media_attribute_tree, hf_media_format, tvb, offset, tokenlen, ENC_ASCII|ENC_NA); payload_type = tvb_get_ephemeral_string(tvb, offset, tokenlen); *key2 = atol((char*)payload_type); 1 --------------------------------- 11007 153059/color.c cppfunc 118 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11008 72758/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_07.c cppfunc 50 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11009 70744/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_09.c cppfunc 42 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11010 72419/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_04.c cppfunc 46 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11011 152885/color.c cppfunc 90 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11012 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c cppfunc 47 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 11013 62981/CWE121_Stack_Based_Buffer_Overflow__CWE135_61.c cppfunc 41 data = CWE121_Stack_Based_Buffer_Overflow__CWE135_61b_badSource(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11014 72105/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_42.c cppfunc 43 data[0] = L'\0'; return data; data = badSource(data); wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11015 153468/utils.c cppfunc 95 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11016 153244/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&plusiinae_skeletin,"DIETARIES_FLOCCULATING"); if (plusiinae_skeletin != 0) {; fugitating_hydrophilite = ((char *)plusiinae_skeletin); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(fugitating_hydrophilite)+1, fugitating_hydrophilite, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, fugitating_hydrophilite, strlen(fugitating_hydrophilite) + 1); if (plusiinae_skeletin != 0) free(((char *)plusiinae_skeletin)); 1 --------------------------------- 11017 153534/string.c cppfunc 1166 void tesselate_hulled(int imager_upgrading,char *scolopendridae_oregano) underbrace_adp = ((char *)scolopendridae_oregano); stonesoup_buffer = malloc((strlen(underbrace_adp) + 1) * sizeof(char )); strcpy(stonesoup_buffer,underbrace_adp); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 11018 153327/e_camellia.c cppfunc 632 return c - 32; return c; unbuilded_bolshevist = ((char *)( *dilleniaceae_santal) . esme_abiology); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, unbuilded_bolshevist); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 11019 70481/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_61.c cppfunc 76 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11020 153225/color.c cppfunc 118 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11021 72272/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_01.c cppfunc 36 data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11022 72434/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_21.c cppfunc 49 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11023 70979/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_04.c cppfunc 49 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11024 72759/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_08.c cppfunc 58 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11025 71000/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_41.c cppfunc 35 data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_41_badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11026 71098/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_43.cpp cppfunc 48 data = (wchar_t *)malloc(10*sizeof(wchar_t)); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 1 --------------------------------- 11027 72342/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_33.cpp cppfunc 42 char * &dataRef = data; char * data = dataRef; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11028 71456/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_01.c cppfunc 43 data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11029 153286/mux.c cppfunc 106 stonesoup_printf("Error: Failed to allocate memory\n"); s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11030 71213/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_82_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_82_bad::action(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11031 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c inputfunc 47 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 11032 72965/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_32.c cppfunc 45 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11033 70643/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_04.c cppfunc 152 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11034 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 11035 62976/CWE121_Stack_Based_Buffer_Overflow__CWE135_45.c cppfunc 37 data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_45_badData = data; badSink(); void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_45_badData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 11036 67431/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11037 153647/aviobuf.c cppfunc 1250 void visitorial_garfish(int cankered_pyrrophyllin,char *fritniency_floroun) visitorial_garfish(cankered_pyrrophyllin,fritniency_floroun); thackerayana_semipause = ((char *)((char *)fritniency_floroun)); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(thackerayana_semipause))); stonesoup_heap_buff_64[stonesoup_buff_size] = thackerayana_semipause[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c - 32; return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "FINAL-STATE"); free(stonesoup_heap_buff_64); void entrench_babyfied(char *const gauzily_sass) visitorial_garfish(ruesomeness_huntsmen,gauzily_sass); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); 1 --------------------------------- 11038 153816/error.c cppfunc 237 plainsmen_overgird = ((char *)( *( *proliferated_gonytheca))[0]); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(plainsmen_overgird))); memcpy(stonesoup_data->buffer, plainsmen_overgird, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 11039 153447/color.c cppfunc 90 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11040 153671/color.c cppfunc 593 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(unspiritually_ergotin, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); 1 --------------------------------- 11041 153122/gimpdialogfactory.c cppfunc 2499 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int petrescence_noncommitted = 596; char *rocketers_beeregar; stonesoup_read_taint(&rocketers_beeregar,"6271",petrescence_noncommitted); shootee_pseudobia . krakow_dorados = ((char *)rocketers_beeregar); coliseum_anfractuousness(shootee_pseudobia); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); memcpy(stonesoup_data->buffer, revenants_simon, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void coliseum_anfractuousness(const struct renaming_anguillulidae studley_hesychastic) revenants_simon = ((char *)((struct renaming_anguillulidae )studley_hesychastic) . krakow_dorados); stonesoup_buff_size = ((int )(strlen(revenants_simon))); memcpy(stonesoup_data->buffer, revenants_simon, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&rocketers_beeregar,"6271",petrescence_noncommitted); shootee_pseudobia . krakow_dorados = ((char *)rocketers_beeregar); coliseum_anfractuousness(shootee_pseudobia); 1 --------------------------------- 11042 72099/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22.c cppfunc 41 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_badSource(data); wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11043 70895/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_16.c cppfunc 44 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11044 71191/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_34.c cppfunc 50 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11045 70890/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_11.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11046 153254/conf_mod.c cppfunc 154 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11047 153589/bio_err.c cppfunc 602 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 11048 153267/stream.c cppfunc 236 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, globetrotter_prechallenge, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 11049 73061/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_32.c cppfunc 43 char * *dataPtr2 = &data; char * data = *dataPtr2; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11050 148966/strutil.c cppfunc 944 escape_string(char *buf, const char *string) for (p = string; (c = *p) != '\0'; p++) { else if (!isprint((unsigned char)c)) { 1 --------------------------------- 11051 62971/CWE121_Stack_Based_Buffer_Overflow__CWE135_34.c cppfunc 49 CWE121_Stack_Based_Buffer_Overflow__CWE135_34_unionType myUnion; void * data = myUnion.unionSecond; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11052 62971/CWE121_Stack_Based_Buffer_Overflow__CWE135_34.c cppfunc 46 CWE121_Stack_Based_Buffer_Overflow__CWE135_34_unionType myUnion; void * data = myUnion.unionSecond; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 11053 153333/utils.c cppfunc 4958 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(outcaper_depreciator, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 11054 70940/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_13.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11055 70452/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_05.c cppfunc 139 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11056 72711/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_08.c cppfunc 53 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11057 71009/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_61.c cppfunc 41 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_61b_badSource(data); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11058 66316/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_64.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11059 110484/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_45.c cppfunc 38 data = -1; fscanf(stdin, "%d", &data); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_45_badData = data; badSink(); int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_45_badData; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11060 153324/aviobuf.c cppfunc 81 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11061 72094/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_15.c cppfunc 46 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11062 72382/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_15.c cppfunc 45 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11063 148966/packet-sdp.c cppfunc 1378 bytes_tvb = tvb_new_child_real_data(tvb, buf, i, i); proto_tree_add_text(tree, tvb, offset, tokenlen, "Debug; Analysed string: '%s'", next_offset = tvb_find_guint8(tvb, offset, -1, '='); offset = next_offset; offset++; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_fmtp_mpeg4_profile_level_id, tvb, offset, tokenlen, format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); offset++; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_fmtp_h263_profile, tvb, offset, tokenlen, atol((char*)format_specific_parameter)); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_fmtp_h263_level, tvb, offset, tokenlen, format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); item = proto_tree_add_text(tree, tvb, offset, tokenlen, "Incorrectly coded, must be three bytes"); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_h264_packetization_mode, tvb, offset, tokenlen, comma_offset = tvb_find_guint8(tvb, offset, -1, ','); data_p = tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_text(tree, tvb, offset, tokenlen, "NAL unit 1 string: %s", data_p); data_tvb = base64_to_tvb(tvb, data_p); show_reported_bounds_error(tvb, pinfo, tree); data_p = tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_text(tree, tvb, offset, tokenlen, "NAL unit 2 string: %s", data_p); data_tvb = base64_to_tvb(tvb, data_p); (tvb_strncaseeql(tvb, offset, sdp_media_attribute_names[i].name, len) == 0)) offset = 0; colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = colon_offset + 1; offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); hf_media_format, tvb, offset, media_format = atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen)); payload_type = tvb_get_ephemeral_string(tvb, offset, tokenlen); offset = next_offset + 1; decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, next_offset = tvb_find_guint8(tvb, offset, -1, ';'); offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset= tvb_length(tvb); tokenlen = next_offset - offset; hf_media_format_specific_parameter, tvb, decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, hf_media_format_specific_parameter, tvb, offset = next_offset + 1; offset, tokenlen, ENC_ASCII|ENC_NA); decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, decode_sdp_fmtp(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, gint offset, gint tokenlen, char *mime_type) { end_offset = offset + tokenlen; proto_tree_add_text(tree, tvb, offset, tokenlen, "Debug; Analysed string: '%s'", next_offset = tvb_find_guint8(tvb, offset, -1, '='); field_name = tvb_get_ephemeral_string(tvb, offset, tokenlen); tokenlen = end_offset - offset; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); atol((char*)format_specific_parameter)); decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, hf_media_format_specific_parameter, tvb, decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, ascii_bytes_to_tvb(tvbuff_t *tvb, packet_info *pinfo, gint len, gchar *msg) data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); atol((char*)format_specific_parameter)); data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); next_offset = tvb_find_guint8(tvb, offset, -1, ';'); hf_media_format_specific_parameter, tvb, decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, 1 --------------------------------- 11064 153212/utils.c cppfunc 4965 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 11065 153810/pgstat.c cppfunc 4107 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); return c - 32; cinemactic_unpreventative = 1; mismanageable_shogged = ((void **)(((unsigned long )stentoraphonic_irregardless) * cinemactic_unpreventative * cinemactic_unpreventative)) + 5; caliphates_pallmall = ((char *)((char *)( *(mismanageable_shogged - 5)))); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(caliphates_pallmall))); stonesoup_data->buffer[stonesoup_buff_size] = caliphates_pallmall[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void stonesoup_handle_taint(char *preselects_sertule) autologous_undiaphanously = ((void *)preselects_sertule); stentoraphonic_irregardless = &autologous_undiaphanously; mismanageable_shogged = ((void **)(((unsigned long )stentoraphonic_irregardless) * cinemactic_unpreventative * cinemactic_unpreventative)) + 5; caliphates_pallmall = ((char *)((char *)( *(mismanageable_shogged - 5)))); stonesoup_taint_len = ((int )(strlen(caliphates_pallmall))); stonesoup_data->buffer[stonesoup_buff_size] = caliphates_pallmall[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); 1 --------------------------------- 11066 153212/utils.c cppfunc 4969 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); dogmata_garibaldian = 5; nonmalignantly_noncreditor = &dogmata_garibaldian; boqueron_sequesterment = *(chondrichthyes_caen + *nonmalignantly_noncreditor); worldman_pompster = ((char *)boqueron_sequesterment); strncpy(stonesoup_buffer, worldman_pompster, stonesoup_buffer_len); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); *stonesoup_buffer_ptr = worldman_pompster; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); void stonesoup_handle_taint(char *paradoxurus_furl) adephaga_concordial = paradoxurus_furl; chondrichthyes_caen[5] = adephaga_concordial; boqueron_sequesterment = *(chondrichthyes_caen + *nonmalignantly_noncreditor); worldman_pompster = ((char *)boqueron_sequesterment); strncpy(stonesoup_buffer, worldman_pompster, stonesoup_buffer_len); *stonesoup_buffer_ptr = worldman_pompster; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); free(stonesoup_buffer_ptr); 1 --------------------------------- 11067 153554/error.c cppfunc 100 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11068 72282/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_11.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11069 153775/color.c cppfunc 120 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11070 72293/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_32.c cppfunc 44 char * *dataPtr2 = &data; char * data = *dataPtr2; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11071 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81_goodG2B.cpp cppfunc 33 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11072 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 11073 72866/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_21.c cppfunc 50 data = NULL; data = badSource(data); static char * badSource(char * data) data[0] = '\0'; return data; data = badSource(data); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11074 66325/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_82a.cpp cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11075 72875/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_44.c cppfunc 32 static void badSink(char * data) strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11076 72805/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_06.c cppfunc 44 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11077 153686/color.c cppfunc 118 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11078 110517/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_14.c cppfunc 131 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11079 72288/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_17.c cppfunc 40 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11080 72093/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_14.c cppfunc 40 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11081 148966/packet-sdp.c cppfunc 1175 dissect_sdp_media(tvbuff_t *tvb, proto_item *ti, offset = 0; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); proto_tree_add_item(sdp_media_tree, hf_media_media, tvb, offset, tokenlen, transport_info->media_type = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); tokenlen = next_offset - offset; next_offset = tvb_find_guint8(tvb, offset, tokenlen, '/'); transport_info->media_port[transport_info->media_count] = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_uint(sdp_media_tree, hf_media_port, tvb, offset, tokenlen, offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); proto_tree_add_item(sdp_media_tree, hf_media_portcount, tvb, offset, offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); transport_info->media_port[transport_info->media_count] = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_uint(sdp_media_tree, hf_media_port, tvb, offset, tokenlen, offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); transport_info->media_proto[transport_info->media_count] = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_item(sdp_media_tree, hf_media_proto, tvb, offset, tokenlen, offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); tokenlen = tvb_length_remaining(tvb, offset); tokenlen = next_offset - offset; media_format = tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_string(sdp_media_tree, hf_media_format, tvb, offset, media_format = tvb_get_ephemeral_string(tvb, offset, tokenlen); tokenlen, val_to_str_ext(atol((char*)media_format), &rtp_payload_type_vals_ext, "%u")); media_format = tvb_get_ephemeral_string(tvb, offset, tokenlen); transport_info->media[transport_info->media_count].pt[idx] = atol((char*)media_format); proto_tree_add_item(sdp_media_tree, hf_media_format, tvb, offset, next_offset = tvb_find_guint8(tvb, offset, -1, ' '); media_format = tvb_get_ephemeral_string(tvb, offset, tokenlen); transport_info->media[transport_info->media_count].pt[idx] = atol((char*)media_format); 1 --------------------------------- 11082 73044/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_05.c cppfunc 45 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11083 148966/packet-sdp.c cppfunc 1173 dissect_sdp_media(tvbuff_t *tvb, proto_item *ti, offset = 0; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); proto_tree_add_item(sdp_media_tree, hf_media_media, tvb, offset, tokenlen, transport_info->media_type = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); tokenlen = next_offset - offset; next_offset = tvb_find_guint8(tvb, offset, tokenlen, '/'); transport_info->media_port[transport_info->media_count] = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_uint(sdp_media_tree, hf_media_port, tvb, offset, tokenlen, offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); proto_tree_add_item(sdp_media_tree, hf_media_portcount, tvb, offset, offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); transport_info->media_port[transport_info->media_count] = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_uint(sdp_media_tree, hf_media_port, tvb, offset, tokenlen, offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); transport_info->media_proto[transport_info->media_count] = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_item(sdp_media_tree, hf_media_proto, tvb, offset, tokenlen, offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); tokenlen = tvb_length_remaining(tvb, offset); tokenlen = next_offset - offset; media_format = tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_string(sdp_media_tree, hf_media_format, tvb, offset, media_format = tvb_get_ephemeral_string(tvb, offset, tokenlen); tokenlen, val_to_str_ext(atol((char*)media_format), &rtp_payload_type_vals_ext, "%u")); media_format = tvb_get_ephemeral_string(tvb, offset, tokenlen); tokenlen, val_to_str_ext(atol((char*)media_format), &rtp_payload_type_vals_ext, "%u")); proto_tree_add_item(sdp_media_tree, hf_media_format, tvb, offset, next_offset = tvb_find_guint8(tvb, offset, -1, ' '); media_format = tvb_get_ephemeral_string(tvb, offset, tokenlen); tokenlen, val_to_str_ext(atol((char*)media_format), &rtp_payload_type_vals_ext, "%u")); 1 --------------------------------- 11084 110464/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_09.c cppfunc 42 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11085 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c cppfunc 44 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11086 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c cppfunc 41 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 11087 153493/mem_dbg.c cppfunc 211 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11088 153238/color.c cppfunc 118 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11089 110326/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_15.c cppfunc 124 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11090 153498/mem_dbg.c cppfunc 240 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11091 110549/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_82_bad.cpp cppfunc 37 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_82_bad::action(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11092 70935/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_08.c cppfunc 57 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11093 153427/utils.c cppfunc 3237 return c - 32; superprinting_solemnization = ((char *)tintinnabulous_cryptocephalous . umquhile_decarboxylation); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, superprinting_solemnization); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); 1 --------------------------------- 11094 153476/column.c cppfunc 1429 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 11095 153598/tile-manager.c cppfunc 48 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11096 72863/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_16.c cppfunc 41 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11097 72716/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_13.c cppfunc 39 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11098 153203/tile-manager.c cppfunc 79 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11099 153335/emem.c cppfunc 194 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11100 71476/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_31.c cppfunc 46 data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11101 153689/tile-manager.c cppfunc 78 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11102 70907/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_44.c cppfunc 36 static void badSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11103 66270/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_66.c cppfunc 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11104 1572/into1-bad.c cppfunc 45 main(int argc, char **argv) n = strtoul(argv[1], 0, 10); test(n); test(unsigned int n) int *buf, i; buf = malloc(n * sizeof *buf); for(i = 0; i < n; i++) buf[i] = i; printf("%x ", buf[i]); free(buf); 1 --------------------------------- 11105 70756/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_31.c cppfunc 42 data = (char *)malloc(10*sizeof(char)); char * dataCopy = data; char * data = dataCopy; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11106 153158/resowner.c cppfunc 166 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11107 66358/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_52.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11108 153616/mux.c cppfunc 103 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11109 72389/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_32.c cppfunc 44 char * *dataPtr2 = &data; char * data = *dataPtr2; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11110 199283/memory_allocation_failure.c cppfunc 384 ret = MAX_VAL; ret=5; return ret; memory_allocation_failure_011_gbl_u1 = (memory_allocation_failure_011_uni_001 * )malloc(memory_allocation_failure_011_func_001(0)*sizeof( memory_allocation_failure_011_uni_001 )); 1 --------------------------------- 11111 72276/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_05.c cppfunc 46 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11112 153082/config.c cppfunc 106 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11113 152895/color.c cppfunc 571 return c - 32; pinnulae_toldo = getenv("JUNCTION_COITUS"); hysteromorphous_poter = ((char *)pinnulae_toldo); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(hysteromorphous_poter))); stonesoup_heap_buff_64[stonesoup_buff_size] = hysteromorphous_poter[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); 1 --------------------------------- 11114 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c cppfunc 40 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11115 148881/ascend-scanner.c cppfunc 1379 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; ascendlval.d = strtol(ascendtext, NULL, 10); 1 --------------------------------- 11116 73040/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_01.c cppfunc 35 data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11117 62968/CWE121_Stack_Based_Buffer_Overflow__CWE135_31.c cppfunc 42 data = (void *)WIDE_STRING; void * dataCopy = data; void * data = dataCopy; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11118 71372/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_13.c cppfunc 40 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11119 153471/mux.c cppfunc 956 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; return c - 32; int contractable_hoptoads = 596; char *countergauge_laggins; stonesoup_read_taint(&countergauge_laggins,"3876",contractable_hoptoads); blebs_outrolled = ((int )(strlen(countergauge_laggins))); varooms_stearn = ((char *)(malloc(blebs_outrolled + 1))); memset(varooms_stearn,0,blebs_outrolled + 1); memcpy(varooms_stearn,countergauge_laggins,blebs_outrolled); myodynamic_kessler = &varooms_stearn; CARIFTA_FAKER(myodynamic_kessler); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void notariate_disscussive(char **trinidad_camatina) protologist_hypertragic = ((char *)( *trinidad_camatina)); stonesoup_taint_len = ((int )(strlen(protologist_hypertragic))); stonesoup_heap_buff_64[stonesoup_buff_size] = protologist_hypertragic[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free(stonesoup_heap_buff_64); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&countergauge_laggins,"3876",contractable_hoptoads); blebs_outrolled = ((int )(strlen(countergauge_laggins))); memcpy(varooms_stearn,countergauge_laggins,blebs_outrolled); myodynamic_kessler = &varooms_stearn; CARIFTA_FAKER(myodynamic_kessler); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); 1 --------------------------------- 11120 153233/bio_err.c cppfunc 224 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(entosclerite_urination, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 11121 199284/memory_allocation_failure.c cppfunc 727 ret = MAX_VAL_4; ret=5; return ret; memory_allocation_failure_016_gbl_ptr1 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); memory_allocation_failure_016_gbl_ptr2 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); memory_allocation_failure_016_func_002(0); free(memory_allocation_failure_016_gbl_ptr2); 1 --------------------------------- 11122 199284/memory_allocation_failure.c cppfunc 726 ret = MAX_VAL_4; ret=5; return ret; memory_allocation_failure_016_gbl_ptr1 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); memory_allocation_failure_016_gbl_ptr2 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); memory_allocation_failure_016_func_002(0); free(memory_allocation_failure_016_gbl_ptr1); 1 --------------------------------- 11123 72949/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_06.c cppfunc 44 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11124 153499/color.c cppfunc 561 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, pseudobrachium_sylvestral, strlen(pseudobrachium_sylvestral) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 11125 70540/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81_goodG2B.cpp cppfunc 50 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11126 72387/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22.c cppfunc 40 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_badSource(data); strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11127 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c inputfunc 55 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badSink(data); static void badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 11128 110395/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_63.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 11129 71482/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_43.cpp cppfunc 51 data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11130 79403/CWE134_Uncontrolled_Format_String__char_console_fprintf_18.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 11131 110316/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_05.c cppfunc 125 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11132 71189/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_32.c cppfunc 48 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11133 199235/buffer_underrun_dynamic.c cppfunc 317 int *buf=(int*) calloc(5,sizeof(int)); free(buf); dynamic_buffer_underrun_017_func_001(5); void dynamic_buffer_underrun_017_func_001 (int index) *(buf -index) = 1; free(buf); 1 --------------------------------- 11134 72634/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_43.cpp cppfunc 44 data[100-1] = L'\0'; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 1 --------------------------------- 11135 72335/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_16.c cppfunc 40 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11136 153402/color.c cppfunc 630 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int sikimi_illawarra = 44; char *ruches_matronna; stonesoup_read_taint(&ruches_matronna,"4477",sikimi_illawarra); presecular_obote = ((char *)ruches_matronna); strncpy(stonesoup_buffer, presecular_obote, stonesoup_buffer_len); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); *stonesoup_buffer_ptr = presecular_obote; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&ruches_matronna,"4477",sikimi_illawarra); presecular_obote = ((char *)ruches_matronna); strncpy(stonesoup_buffer, presecular_obote, stonesoup_buffer_len); *stonesoup_buffer_ptr = presecular_obote; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); free(stonesoup_buffer_ptr); 1 --------------------------------- 11137 153280/hashfn.c cppfunc 81 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11138 70887/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_08.c cppfunc 57 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11139 153627/e_bf.c cppfunc 318 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); 1 --------------------------------- 11140 153387/subtrans.c cppfunc 103 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11141 153275/column.c cppfunc 1286 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(crayons_tamburitza, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 11142 71366/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_07.c cppfunc 46 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11143 67436/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_64.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11144 72718/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_15.c cppfunc 45 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11145 153763/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&colation_prosecutes,"ODESSA_POLYGONALLY"); if (colation_prosecutes != 0) {; waxy_shechina = ((char *)colation_prosecutes); stonesoup_taint_len = ((int )(strlen(waxy_shechina))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_data->buffer[stonesoup_buff_size] = waxy_shechina[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); if (colation_prosecutes != 0) free(((char *)colation_prosecutes)); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); 1 --------------------------------- 11146 70977/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_02.c cppfunc 42 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11147 153244/color.c cppfunc 595 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, fugitating_hydrophilite, strlen(fugitating_hydrophilite) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 11148 70464/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_17.c cppfunc 134 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11149 70904/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_41.c cppfunc 36 data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_41_badSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11150 153039/bufmgr.c inputfunc 165 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&unmythical_tyrannisingly,"UNLEARNABLENESS_AMERINDIAN"); if (unmythical_tyrannisingly != 0) {; unsimulating_pharyngoxerosis = ((int )(strlen(unmythical_tyrannisingly))); insectary_rightly = ((char *)(malloc(unsimulating_pharyngoxerosis + 1))); if (insectary_rightly == 0) { memcpy(insectary_rightly,unmythical_tyrannisingly,unsimulating_pharyngoxerosis); if (unmythical_tyrannisingly != 0) free(((char *)unmythical_tyrannisingly)); photophonic_retool[5] = insectary_rightly; interstellar_elfins = *(photophonic_retool + *driers_neuromyelitis); if (interstellar_elfins != 0) { labourism_mispaint = ((char *)interstellar_elfins); if (strlen(labourism_mispaint) < 1) { stonesoup_set_function(labourism_mispaint, &stonesoup_my_foo); if (interstellar_elfins != 0) free(((char *)interstellar_elfins)); void stonesoup_set_function(char *set_param_str,struct stonesoup_data_struct *set_param_data_struct) if (strlen(set_param_str) > 10U) { set_param_data_struct -> str_member = set_param_str; stonesoup_set_function(labourism_mispaint, &stonesoup_my_foo); stonesoup_val = (stonesoup_my_foo . func_member(stonesoup_my_foo . str_member)); if (stonesoup_val == 0) 1 --------------------------------- 11151 73014/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_33.cpp cppfunc 41 char * &dataRef = data; char * data = dataRef; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11152 72796/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_81_goodG2B.cpp cppfunc 37 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_81_goodG2B::action(wchar_t * data) const SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11153 153241/color.c cppfunc 120 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11154 71874/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_62.cpp cppfunc 46 void badSource(twoIntsStruct * &data); data = NULL; badSource(data); badSource(data); memcpy(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 1 --------------------------------- 11155 153414/dirent_uri.c cppfunc 2112 return c - 32; return c; struct promiscuousness_rillette nonembryonal_sympathizing = {0}; va_list repulverize_outyielding; __builtin_va_start(repulverize_outyielding,intarsa_plagiarizers); nonembryonal_sympathizing = (va_arg(repulverize_outyielding,struct promiscuousness_rillette )); midrashim_vinegar = ((char *)nonembryonal_sympathizing . ficklety_sabellian); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, midrashim_vinegar); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 11156 73052/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_13.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11157 73066/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_43.cpp cppfunc 43 data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11158 110475/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22.c cppfunc 44 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22_badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11159 70405/CWE122_Heap_Based_Buffer_Overflow__CWE135_06.c cppfunc 51 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11160 70850/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_21.c cppfunc 53 data = (char *)malloc(10*sizeof(char)); return data; data = NULL; data = badSource(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); static char * badSource(char * data) return data; data = badSource(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11161 73017/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_42.c cppfunc 41 data[100-1] = '\0'; return data; data = badSource(data); strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11162 153017/cryptlib.c cppfunc 203 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11163 152970/color.c cppfunc 625 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); 1 --------------------------------- 11164 71458/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_03.c cppfunc 46 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11165 71722/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_43.cpp cppfunc 40 data = (int *)malloc(50*sizeof(int)); memcpy(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 1 --------------------------------- 11166 67444/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_81a.cpp cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11167 153601/color.c cppfunc 590 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int reiced_sealant = 44; char *reprotest_tigerfishes; stonesoup_read_taint(&reprotest_tigerfishes,"7362",reiced_sealant); protuberances_dragonwort = ((char *)reprotest_tigerfishes); stonesoup_buffer = malloc((strlen(protuberances_dragonwort) + 1) * sizeof(char )); strcpy(stonesoup_buffer,protuberances_dragonwort); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&reprotest_tigerfishes,"7362",reiced_sealant); protuberances_dragonwort = ((char *)reprotest_tigerfishes); stonesoup_buffer = malloc((strlen(protuberances_dragonwort) + 1) * sizeof(char )); strcpy(stonesoup_buffer,protuberances_dragonwort); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 11168 148881/ascend-scanner.c cppfunc 1527 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; ascendlval.d = strtol(ascendtext, NULL, 10); 1 --------------------------------- 11169 67496/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_13.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_13_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_13_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_13_bad(); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 11170 199233/buffer_overrun_dynamic.c cppfunc 463 char *buf=(char*) calloc(5,sizeof(char)); buf[i]='1'; free(buf); 1 --------------------------------- 11171 153799/conf_mod.c cppfunc 154 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11172 149083/scpy9-bad.c inputfunc 56 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), 80); shortstr(char *p, int n, int targ) if(n > targ) return shortstr(p+1, n-1, targ); shortstr(char *p, int n, int targ) return p; return shortstr(p+1, n-1, targ); str2 = shortstr(userstr, strlen(userstr), 80); test(str2); test(char *str) strcpy(buf, str); printf("result: %s\n", buf); free(buf); 1 --------------------------------- 11173 149083/scpy9-bad.c cppfunc 52 shortstr(char *p, int n, int targ) return shortstr(p+1, n-1, targ); return p; return shortstr(p+1, n-1, targ); buf = malloc(MAXSIZE); strcpy(buf, str); printf("result: %s\n", buf); free(buf); str2 = shortstr(userstr, strlen(userstr), 80); test(str2); test(char *str) strcpy(buf, str); printf("result: %s\n", buf); free(buf); main(int argc, char **argv) userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), 80); 1 --------------------------------- 11174 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c inputfunc 51 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 11175 72824/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_41.c cppfunc 32 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_41_badSink(char * data) strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11176 70501/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_06.c cppfunc 75 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11177 153537/heapam.c inputfunc 162 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&stocktaking_schoolbook,"PARA_STORYMONGER"); if (stocktaking_schoolbook != 0) {; organical_infantive . unquietly_sade = ((char *)stocktaking_schoolbook); mesole_dingiest[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *slidage_numerologists)))))))))))))))))))))))))))))))))))))))))))))))))] = organical_infantive; semitechnical_cedrol = mesole_dingiest[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *slidage_numerologists)))))))))))))))))))))))))))))))))))))))))))))))))]; stoffel_irregeneracy = ((char *)semitechnical_cedrol . unquietly_sade); strncpy(stonesoup_buffer, stoffel_irregeneracy, stonesoup_buffer_len); *stonesoup_buffer_ptr = stoffel_irregeneracy; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stoffel_irregeneracy, stonesoup_buffer_len); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); if (stonesoup_buffer_ptr != 0) { free(stonesoup_buffer_ptr); if (semitechnical_cedrol . unquietly_sade != 0) free(((char *)semitechnical_cedrol . unquietly_sade)); 1 --------------------------------- 11178 149075/mem3-bad.c cppfunc 53 main(int argc, char **argv) userstr = argv[1]; p = test(userstr); test(char *str) p = strdup(str); printf("result: %s\n", p); free(p); return p; p = test(userstr); free(p); 1 --------------------------------- 11179 69850/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_43.cpp cppfunc 40 data = (int *)malloc(10); memcpy(data, source, 10*sizeof(int)); printIntLine(data[0]); free(data); 1 --------------------------------- 11180 70404/CWE122_Heap_Based_Buffer_Overflow__CWE135_05.c cppfunc 52 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11181 153736/types.c cppfunc 75 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11182 152967/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&undisbursed_puris,"FRITTERING_HYBRIDISED"); if (undisbursed_puris != 0) {; campanularian_babroot = ((char *)undisbursed_puris); strcpy(stonesoup_heap_buffer_64, campanularian_babroot); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "CROSSOVER-STATE"); for (; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "FINAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); if (undisbursed_puris != 0) free(((char *)undisbursed_puris)); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "FINAL-STATE"); 1 --------------------------------- 11183 153023/avpacket.c cppfunc 527 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, jumprock_backet, strlen(jumprock_backet) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); 1 --------------------------------- 11184 153242/e_camellia.c cppfunc 638 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, ship_crayfishes, strlen(ship_crayfishes) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 11185 71766/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_33.cpp cppfunc 38 int * &dataRef = data; int * data = dataRef; memmove(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 1 --------------------------------- 11186 67741/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_51.cpp cppfunc 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 1 --------------------------------- 11187 72865/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_18.c cppfunc 39 data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11188 71194/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_43.cpp cppfunc 48 data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11189 199253/double_free.c cppfunc 87 char* ptr= (char*) malloc(10*sizeof(char)); for(i=0;i<10;i++) *(ptr+i)='a'; free(ptr); free(ptr); 1 --------------------------------- 11190 199253/double_free.c cppfunc 83 char* ptr= (char*) malloc(10*sizeof(char)); for(i=0;i<10;i++) *(ptr+i)='a'; free(ptr); 1 --------------------------------- 11191 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81_bad.cpp cppfunc 33 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11192 153387/subtrans.c cppfunc 793 void cystectomies_aethogen(char **packton_troublers) alexina_savagenesses(packton_troublers); void alexina_savagenesses(char **fermis_achorn) dysgnosia_oftest = ((char *)fermis_achorn[3]); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(dysgnosia_oftest))); memcpy(stonesoup_data->buffer, dysgnosia_oftest, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 11193 72323/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_04.c cppfunc 46 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11194 153688/column.c cppfunc 84 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11195 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c cppfunc 59 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 11196 153102/cryptlib.c cppfunc 624 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *inductile_kaya; stonesoup_read_taint(&inductile_kaya,"ENTHRONIZING_CONVERTER"); supercordially_punner = inductile_kaya; fieldworker_jerkish = ((char *)supercordially_punner); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(fieldworker_jerkish))); memcpy(stonesoup_data->buffer, fieldworker_jerkish, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&inductile_kaya,"ENTHRONIZING_CONVERTER"); supercordially_punner = inductile_kaya; fieldworker_jerkish = ((char *)supercordially_punner); stonesoup_buff_size = ((int )(strlen(fieldworker_jerkish))); memcpy(stonesoup_data->buffer, fieldworker_jerkish, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 11197 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c inputfunc 52 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 11198 70990/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_15.c cppfunc 48 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11199 110403/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_74.cpp cppfunc 44 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 11200 71169/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_02.c cppfunc 43 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11201 70941/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_14.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11202 153390/hashfn.c cppfunc 42 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11203 70884/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_05.c cppfunc 50 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11204 72316/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_81_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_81_goodG2B::action(char * data) const memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11205 148881/ascend-scanner.c cppfunc 1483 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; ascendlval.d = strtol(ascendtext, NULL, 10); 1 --------------------------------- 11206 71379/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22.c cppfunc 41 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_badSource(data); strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11207 152887/color.c cppfunc 118 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11208 152906/tile.c cppfunc 338 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(merciable_ondoscope, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); void stonesoup_printf(char * format, ...) { free (stonesoup_data); 1 --------------------------------- 11209 110394/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_62.cpp cppfunc 44 data = -1; badSource(data); void badSource(int &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11210 71188/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_31.c cppfunc 43 data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t * dataCopy = data; wchar_t * data = dataCopy; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11211 153270/dynahash.c cppfunc 267 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11212 153246/emem.c cppfunc 166 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11213 153617/emem.c cppfunc 1182 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; union undercommander_overfee tupler_omnivident; char *cellular_studite;; stonesoup_read_taint(&cellular_studite,"SPECTERLIKE_SEMICARBAZONE"); tupler_omnivident . unwaving_pycnogonidium = cellular_studite; pococurantism_aceldamas = polyesters_immaturely(tupler_omnivident); stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); union undercommander_overfee polyesters_immaturely(union undercommander_overfee talmudize_unintentionally) return talmudize_unintentionally; pococurantism_aceldamas = polyesters_immaturely(tupler_omnivident); bastard_studbook = ((char *)pococurantism_aceldamas . unwaving_pycnogonidium); stonesoup_buff_size = strlen(bastard_studbook) + 1; bastard_studbook[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = free (stonesoup_other_buff); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&cellular_studite,"SPECTERLIKE_SEMICARBAZONE"); tupler_omnivident . unwaving_pycnogonidium = cellular_studite; pococurantism_aceldamas = polyesters_immaturely(tupler_omnivident); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); 1 --------------------------------- 11214 152924/column.c cppfunc 1294 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *pugmiller_chaetangiaceae; stonesoup_read_taint(&pugmiller_chaetangiaceae,"SAYE_TRACHEARIA"); evitable_cantiga . zapu_wiremen = pugmiller_chaetangiaceae; lacerta_uncharactered(evitable_cantiga); stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); void lacerta_uncharactered(const union unsacrament_acetabuliferous alewife_actionizing) tweedles_launceiot = ((char *)((union unsacrament_acetabuliferous )alewife_actionizing) . zapu_wiremen); stonesoup_buff_size = strlen(tweedles_launceiot) + 1; tweedles_launceiot[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = free (stonesoup_other_buff); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&pugmiller_chaetangiaceae,"SAYE_TRACHEARIA"); evitable_cantiga . zapu_wiremen = pugmiller_chaetangiaceae; lacerta_uncharactered(evitable_cantiga); 1 --------------------------------- 11215 153580/pmsignal.c cppfunc 118 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11216 153714/bio_err.c cppfunc 124 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11217 70956/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_45.c cppfunc 40 data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_45_badData; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11218 72812/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_13.c cppfunc 40 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11219 70663/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_34.c cppfunc 151 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11220 72732/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_45.c cppfunc 35 data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_45_badData = data; badSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_45_badData; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11221 148966/netmon.c cppfunc 289 struct netmon_hdr hdr; struct tm tm; bytes_read = file_read(&hdr, sizeof hdr, wth->fh); if (bytes_read != sizeof hdr) { tm.tm_year = pletohs(&hdr.ts_year) - 1900; tm.tm_mon = pletohs(&hdr.ts_month) - 1; tm.tm_mday = pletohs(&hdr.ts_day); tm.tm_hour = pletohs(&hdr.ts_hour); tm.tm_min = pletohs(&hdr.ts_min); tm.tm_sec = pletohs(&hdr.ts_sec); tm.tm_isdst = -1; netmon->start_secs = mktime(&tm); 1 --------------------------------- 11222 67333/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_51.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11223 72083/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_04.c cppfunc 47 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11224 72337/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_18.c cppfunc 38 data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11225 72331/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_12.c cppfunc 45 data[100-1] = '\0'; data[50-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11226 153600/tile.c cppfunc 402 return c - 32; sweven_nitwitted = ((char *)vidkids_tummuler . neurophil_subchapters); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, sweven_nitwitted); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); 1 --------------------------------- 11227 70996/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_31.c cppfunc 42 data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t * dataCopy = data; wchar_t * data = dataCopy; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11228 153193/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&zambezian_precis,"HIRELINGS_PIBLOCKTO"); if (zambezian_precis != 0) {; watercolourist_seibert = ((char *)zambezian_precis); stonesoup_buff_size = ((int )(strlen(watercolourist_seibert))); strncpy(stonesoup_heap_buff_64, watercolourist_seibert, 64); for (; stonesoup_ss_i < stonesoup_buff_size; ++stonesoup_ss_i){ if (zambezian_precis != 0) free(((char *)zambezian_precis)); 1 --------------------------------- 11229 79450/CWE134_Uncontrolled_Format_String__char_console_printf_17.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 11230 72808/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_09.c cppfunc 40 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11231 153247/conversation.c cppfunc 1278 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 11232 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 11233 73060/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_31.c cppfunc 38 data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11234 73356/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_62.cpp cppfunc 35 void badSource(twoIntsStruct * &data); badSource(data); data = NULL; badSource(data); printStructLine(data); free(data); 1 --------------------------------- 11235 70642/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_03.c cppfunc 146 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11236 152989/aviobuf.c cppfunc 54 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11237 153533/dirent_uri.c cppfunc 177 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, repegged_woodfish, strlen(repegged_woodfish) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 11238 148966/strutil.c cppfunc 649 oid_str_to_bytes(const char *oid_str, GByteArray *bytes) { p = oid_str; if (!isdigit((guchar)*p) && (*p != '.')) return FALSE; p++; p = oid_str; while (isdigit((guchar)*p)) { p++; while (isdigit((guchar)*p)) { if (*p) p++; while (isdigit((guchar)*p)) { 1 --------------------------------- 11239 66309/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_51.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11240 79462/CWE134_Uncontrolled_Format_String__char_console_printf_45.c inputfunc 49 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_45_badData = data; badSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_printf_45_badData; printf(data); 1 --------------------------------- 11241 152913/eng_lib.c cppfunc 467 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); return c - 32; duumviral_unflouted = ((int )(strlen(charmeuse_winter))); coproducing_diseasy = ((char *)(malloc(duumviral_unflouted + 1))); memset(coproducing_diseasy,0,duumviral_unflouted + 1); memcpy(coproducing_diseasy,charmeuse_winter,duumviral_unflouted); deflagrates_nondefalcation = 1; lacteals_nucleoside = &coproducing_diseasy; metricising_stiacciato = ((char **)(((unsigned long )lacteals_nucleoside) * deflagrates_nondefalcation * deflagrates_nondefalcation)) + 5; ichthyosaurus_helves = ((char *)( *(metricising_stiacciato - 5))); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(ichthyosaurus_helves))); stonesoup_heap_buff_64[stonesoup_buff_size] = ichthyosaurus_helves[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void stonesoup_handle_taint(char *charmeuse_winter) duumviral_unflouted = ((int )(strlen(charmeuse_winter))); memcpy(coproducing_diseasy,charmeuse_winter,duumviral_unflouted); lacteals_nucleoside = &coproducing_diseasy; metricising_stiacciato = ((char **)(((unsigned long )lacteals_nucleoside) * deflagrates_nondefalcation * deflagrates_nondefalcation)) + 5; ichthyosaurus_helves = ((char *)( *(metricising_stiacciato - 5))); stonesoup_taint_len = ((int )(strlen(ichthyosaurus_helves))); stonesoup_heap_buff_64[stonesoup_buff_size] = ichthyosaurus_helves[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); 1 --------------------------------- 11242 72091/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_12.c cppfunc 46 data[0] = L'\0'; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11243 110315/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_04.c cppfunc 125 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11244 71373/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_14.c cppfunc 40 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11245 72721/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_18.c cppfunc 38 data[100-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11246 153724/ffmpeg.c cppfunc 180 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11247 153729/color.c cppfunc 120 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11248 152886/main_statusbar.c cppfunc 648 seatmates_shackled = ((char *)( *(coparent_visalia - 5)) . coelenterata_archenemies); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(seatmates_shackled))); memcpy(stonesoup_data->buffer, seatmates_shackled, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 11249 153510/tile.c cppfunc 428 return c - 32; tendencies_sheder = ((char *)( *( *( *( *( *( *( *( *( *( *winnowers_aceta)))))))))) . pseudomaniac_lilibelle); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(tendencies_sheder))); stonesoup_data->buffer[stonesoup_buff_size] = tendencies_sheder[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); 1 --------------------------------- 11250 72959/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_16.c cppfunc 41 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11251 72339/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22.c cppfunc 40 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_badSource(data); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11252 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c inputfunc 45 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 11253 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c cppfunc 38 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11254 72345/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_42.c cppfunc 42 data[100-1] = '\0'; return data; data = badSource(data); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11255 153583/stream.c cppfunc 267 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, ambon_enthusiasm, strlen(ambon_enthusiasm) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 11256 72087/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_08.c cppfunc 54 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11257 199235/buffer_underrun_dynamic.c cppfunc 582 ptr1[11]='\0'; ptr1[i]='a'; memcpy(ptr2,ptr1,12); free(ptr1); 1 --------------------------------- 11258 153102/cryptlib.c inputfunc 218 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&inductile_kaya,"ENTHRONIZING_CONVERTER"); if (inductile_kaya != 0) {; supercordially_punner = inductile_kaya; fieldworker_jerkish = ((char *)supercordially_punner); stonesoup_buff_size = ((int )(strlen(fieldworker_jerkish))); memcpy(stonesoup_data->buffer, fieldworker_jerkish, 64); for (; stonesoup_i < stonesoup_buff_size; ++stonesoup_i){ tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); if (supercordially_punner != 0) free(((char *)supercordially_punner)); 1 --------------------------------- 11259 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c cppfunc 46 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 11260 70988/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_13.c cppfunc 42 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11261 72296/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_41.c cppfunc 31 data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_41_badSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11262 73053/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_14.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11263 153167/color.c cppfunc 120 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11264 1628/scpy7-bad.c cppfunc 43 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); strcpy(buf, str); printf("result: %s\n", buf); free(buf); 1 --------------------------------- 11265 72199/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_34.c cppfunc 53 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 11266 152891/color.c cppfunc 562 molybdic_huccatoon = getenv("BORESOMENESS_TEETY"); spunking_hidalgoism = ((char *)molybdic_huccatoon); stonesoup_buffer = malloc((strlen(spunking_hidalgoism) + 1) * sizeof(char )); strcpy(stonesoup_buffer,spunking_hidalgoism); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 11267 72820/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_31.c cppfunc 40 data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11268 72749/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_82_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_82_goodG2B::action(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11269 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c inputfunc 53 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 11270 70763/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_44.c cppfunc 35 static void badSink(char * data) strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11271 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c inputfunc 36 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = badSource(data); badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 11272 70541/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82a.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 11273 110367/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_08.c cppfunc 69 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11274 79454/CWE134_Uncontrolled_Format_String__char_console_printf_31.c inputfunc 38 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; printf(data); 1 --------------------------------- 11275 72988/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_81_bad.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_81_bad::action(wchar_t * data) const wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11276 153192/tile-manager.c cppfunc 88 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11277 148881/emem.c cppfunc 1230 node->left=new_node; new_node->u.is_subtree=EMEM_TREE_NODE_IS_DATA; node=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node=node->left; new_node->parent=node; node=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->left=NULL; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->right=NULL; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->key32=key; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->data=data; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->u.is_subtree=EMEM_TREE_NODE_IS_DATA; node->right=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node=new_node; new_node->parent=node; node=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); next_tree=lookup_or_insert32(se_tree, *key[0].key, create_sub_tree, se_tree, EMEM_TREE_NODE_IS_SUBTREE); key[0].length--; key[0].key++; emem_tree_insert32_array(next_tree, key, data); emem_tree_key_t key[2]; aligned[div-1] = 0x00000001; key[0].key = aligned; key[1].length = 0; key[1].key = NULL; emem_tree_insert32_array(se_tree, key, v); static void* lookup_or_insert32(emem_tree_t *se_tree, guint32 key, void*(*func)(void*),void* ud, int is_subtree) { next_tree=lookup_or_insert32(se_tree, *key[0].key, create_sub_tree, se_tree, EMEM_TREE_NODE_IS_SUBTREE); key++; emem_tree_insert32_array(next_tree, key, data); emem_tree_insert32_array(emem_tree_t *se_tree, emem_tree_key_t *key, void *data) emem_tree_insert32(se_tree, *key[0].key, data); key++; emem_tree_insert32_array(next_tree, key, data); emem_tree_insert32(emem_tree_t *se_tree, guint32 key, void *data) new_node->key32=key; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->data=data; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); emem_tree_insert_string(emem_tree_t* se_tree, const gchar* k, void* v, guint32 flags) guint32 len = (guint32) strlen(k); guint32 div = (len+3)/4+1; aligned = malloc(div * sizeof (guint32)); key[0].length = div; emem_tree_insert32_array(se_tree, key, v); 1 --------------------------------- 11278 72103/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_34.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11279 153244/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11280 72951/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_08.c cppfunc 54 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11281 71470/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_15.c cppfunc 52 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11282 73012/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_31.c cppfunc 38 data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11283 71192/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_41.c cppfunc 36 data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_41_badSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11284 153225/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&inspirationally_saluter,"ASYLUM_DEMOCRATIZING"); if (inspirationally_saluter != 0) {; epitaxic_manfully = ((char *)inspirationally_saluter); for (stonesoup_i = 0; stonesoup_i < strlen(epitaxic_manfully); ++stonesoup_i) { stonesoup_data->buffer[(int) epitaxic_manfully[stonesoup_i]]); tracepoint(stonesoup_trace, variable_signed_integral, "((int) STONESOUP_TAINT_SOURCE[stonesoup_i])", ((int) epitaxic_manfully[stonesoup_i]), &(epitaxic_manfully[stonesoup_i]), "TRIGGER-STATE"); if (inspirationally_saluter != 0) free(((char *)inspirationally_saluter)); 1 --------------------------------- 11285 72818/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_21.c cppfunc 50 data = NULL; data = badSource(data); static char * badSource(char * data) data[0] = '\0'; return data; data = badSource(data); strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11286 153250/color.c inputfunc 555 demotion_prebetray = getenv("FOSSILS_PRUNABLE"); if (demotion_prebetray != 0) {; remonetized_monomaniac = ((char *)demotion_prebetray); strncpy(stonesoup_buffer, remonetized_monomaniac, stonesoup_buffer_len); *stonesoup_buffer_ptr = remonetized_monomaniac; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); strncpy(stonesoup_buffer, remonetized_monomaniac, stonesoup_buffer_len); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); if (stonesoup_buffer_ptr != 0) { free(stonesoup_buffer_ptr); 1 --------------------------------- 11287 148966/tvbuff.c cppfunc 1324 tvb_get_ntohieee_float(tvbuff_t *tvb, const int offset) return get_ieee_float(tvb_get_ntohl(tvb, offset)); tvb_get_ntohl(tvbuff_t *tvb, const gint offset) ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); fast_ensure_contiguous(tvbuff_t *tvb, const gint offset, const guint length) DISSECTOR_ASSERT(tvb && tvb->initialized); return ensure_contiguous(tvb, offset, length); u_offset = offset; return tvb->real_data + u_offset; return NULL; ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); return pntohl(ptr); IEEE_SP_MANTISSA_WIDTH; exponent = ((exponent >> IEEE_SP_MANTISSA_WIDTH) - IEEE_SP_BIAS) - return mantissa * pow(2, exponent); return get_ieee_float(tvb_get_ntohl(tvb, offset)); ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); return pletohl(ptr); return get_ieee_float(tvb_get_letohl(tvb, offset)); get_ieee_float(const guint32 w) exponent = w & IEEE_SP_EXPONENT_MASK; exponent = ((exponent >> IEEE_SP_MANTISSA_WIDTH) - IEEE_SP_BIAS) - return mantissa * pow(2, exponent); tvb_get_letohieee_float(tvbuff_t *tvb, const int offset) return get_ieee_float(tvb_get_letohl(tvb, offset)); tvb_get_letohl(tvbuff_t *tvb, const gint offset) ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); 1 --------------------------------- 11288 79406/CWE134_Uncontrolled_Format_String__char_console_fprintf_31.c inputfunc 38 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; fprintf(stdout, data); 1 --------------------------------- 11289 70739/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_04.c cppfunc 49 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11290 152866/gimpdisplay.c cppfunc 881 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; struct myelemia_schapping lobal_cysteine; int hut_corea = 44; char *overvehement_macrocosm;; stonesoup_read_taint(&overvehement_macrocosm,"4212",hut_corea); lobal_cysteine . snooled_lections = ((char *)overvehement_macrocosm); transliterate_actuarian = zalucki_awatch(lobal_cysteine); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&overvehement_macrocosm,"4212",hut_corea); lobal_cysteine . snooled_lections = ((char *)overvehement_macrocosm); transliterate_actuarian = zalucki_awatch(lobal_cysteine); struct myelemia_schapping zalucki_awatch(struct myelemia_schapping sense_dendrocolaptine) return sense_dendrocolaptine; transliterate_actuarian = zalucki_awatch(lobal_cysteine); descendability_heavener = ((char *)transliterate_actuarian . snooled_lections); strncpy(stonesoup_buffer, descendability_heavener, stonesoup_buffer_len); *stonesoup_buffer_ptr = descendability_heavener; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); free(stonesoup_buffer_ptr); 1 --------------------------------- 11291 72737/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61.c cppfunc 37 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61b_badSource(data); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11292 73067/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_44.c cppfunc 30 static void badSink(char * data) strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11293 199235/buffer_underrun_dynamic.c cppfunc 268 int *buf=(int*) calloc(5,sizeof(int)); int index = 3; *(buf +((-2 * index) + 1)) = 1; free(buf); 1 --------------------------------- 11294 71154/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_62.cpp cppfunc 45 data = NULL; badSource(data); void badSource(wchar_t * &data); memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 1 --------------------------------- 11295 153209/avdevice.c cppfunc 67 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11296 148881/ascend-scanner.c cppfunc 1404 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; *yy_cp = (yy_hold_char); (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; ascendlval.d = strtol(ascendtext, NULL, 10); 1 --------------------------------- 11297 110477/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_32.c cppfunc 47 int *dataPtr2 = &data; int data = *dataPtr2; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11298 148881/emem.c cppfunc 717 va_list ap; va_start(ap,fmt); dst = se_strdup_vprintf(fmt, ap); gchar* se_strdup_vprintf(const gchar* fmt, va_list ap) { G_VA_COPY(ap2, ap); len = g_printf_string_upper_bound(fmt, ap); va_end(ap); 1 --------------------------------- 11299 152944/color.c cppfunc 90 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11300 153790/mem_dbg.c inputfunc 267 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&fascism_dilatative,"HYPING_BONDSERVANT"); if (fascism_dilatative != 0) {; melber_limbering = &fascism_dilatative; stelai_forras = melber_limbering + 5; if ( *(stelai_forras - 5) != 0) { acentric_hypotralia = ((char *)( *(stelai_forras - 5))); stonesoup_buff_size = ((int )(strlen(acentric_hypotralia))); strncpy(stonesoup_heap_buff_64, acentric_hypotralia, 64); for (; stonesoup_ss_i < stonesoup_buff_size; ++stonesoup_ss_i){ if ( *(stelai_forras - 5) != 0) free(((char *)( *(stelai_forras - 5)))); 1 --------------------------------- 11301 199284/memory_allocation_failure.c cppfunc 729 ret = MAX_VAL_4; ret=5; return ret; int * ptr1 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); int * ptr2 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); free(ptr2); 1 --------------------------------- 11302 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c cppfunc 39 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11303 152985/dynahash.c cppfunc 238 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11304 199284/memory_allocation_failure.c cppfunc 728 ret = MAX_VAL_4; ret=5; return ret; int * ptr1 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); *(ptr1+1) = 10; free(ptr1); 1 --------------------------------- 11305 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c inputfunc 53 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 11306 153093/main_filter_toolbar.c cppfunc 110 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11307 72370/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_03.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11308 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82_goodG2B.cpp cppfunc 33 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11309 72176/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_01.c cppfunc 43 data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 11310 70652/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_13.c cppfunc 146 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11311 71460/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_05.c cppfunc 53 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11312 72804/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_05.c cppfunc 47 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11313 199235/buffer_underrun_dynamic.c cppfunc 467 char *buf=(char*) calloc(5,sizeof(char)); buf[i]='1'; free(buf); 1 --------------------------------- 11314 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 11315 71168/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_01.c cppfunc 40 data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11316 152956/bss_file.c cppfunc 559 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(harbourage_overearnest, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); 1 --------------------------------- 11317 71360/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_01.c cppfunc 37 data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11318 153259/emem.c cppfunc 195 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11319 153524/color.c cppfunc 592 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, somnambulated_berrying, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 11320 70848/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_17.c cppfunc 44 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11321 72178/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_03.c cppfunc 46 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 11322 62992/CWE121_Stack_Based_Buffer_Overflow__CWE135_81_goodG2B.cpp cppfunc 33 void CWE121_Stack_Based_Buffer_Overflow__CWE135_81_goodG2B::action(void * data) const size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11323 152903/color.c cppfunc 118 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11324 72392/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_41.c cppfunc 31 data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_41_badSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11325 148881/emem.c cppfunc 1836 va_list ap; va_start(ap, format); ep_strbuf_append_vprintf(strbuf, format, ap); ep_strbuf_append_vprintf(emem_strbuf_t *strbuf, const gchar *format, va_list ap) { G_VA_COPY(ap2, ap); full_len = g_vsnprintf(&strbuf->str[strbuf->len], (gulong) add_len, format, ap); va_end(ap); 1 --------------------------------- 11326 148966/strutil.c cppfunc 390 hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; q = p+1; r = p+2; s = p+3; && isxdigit(*p) && isxdigit(*q) && isxdigit(*r) && isxdigit(*s)) { punct = s + 1; if (is_byte_sep(*punct)) { p = punct; r = p+2; s = p+3; && isxdigit(*p) && isxdigit(*q) && isxdigit(*r) && isxdigit(*s)) { else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q + 1; s = p+3; isxdigit(*r) && isxdigit(*s)) { p = q; r = p+2; s = p+3; isxdigit(*r) && isxdigit(*s)) { else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; p = punct; p = q; s = p+3; isxdigit(*r) && isxdigit(*s)) { is_byte_sep(guint8 c) if (is_byte_sep(*punct)) { p = punct; r = p+2; s = p+3; isxdigit(*r) && isxdigit(*s)) { if (is_byte_sep(*punct)) { p = punct; r = p+2; s = p+3; isxdigit(*r) && isxdigit(*s)) { else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; r = p+2; s = p+3; isxdigit(*r) && isxdigit(*s)) { 1 --------------------------------- 11327 71484/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_45.c cppfunc 42 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_45_badData; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11328 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c inputfunc 56 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 11329 1508/Figure4-21-unix.c cppfunc 40 first = (void *)malloc(256); free(first); free(first); 1 --------------------------------- 11330 153642/tile-swap.c cppfunc 692 return c - 32; return c; char *mystes_heyerdahl = 0; tumultuous_retailors = ((char *)mystes_heyerdahl); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, tumultuous_retailors); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 11331 70540/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81a.cpp inputfunc 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); baseObject.action(data); virtual void action(int data) const = 0; 1 --------------------------------- 11332 70540/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81a.cpp cppfunc 39 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 11333 110828/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_64.cpp cppfunc 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 1 --------------------------------- 11334 79382/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_bad.cpp cppfunc 34 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 11335 70901/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_32.c cppfunc 48 char * *dataPtr2 = &data; char * data = *dataPtr2; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11336 148881/emem.c cppfunc 706 va_list ap2; G_VA_COPY(ap2, ap); g_vsnprintf (dst, (gulong) len, fmt, ap2); va_end(ap2); 1 --------------------------------- 11337 73057/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_18.c cppfunc 37 data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11338 70973/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_82_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_82_bad::action(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11339 110529/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_42.c cppfunc 134 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; data = badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11340 71365/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_06.c cppfunc 44 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11341 153796/oids.c inputfunc 144 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&corteges_blackies,"EPHEMEROPTERA_JUSTEN"); if (corteges_blackies != 0) {; phenogenesis_squirreling = &corteges_blackies; redraft_biogeny = ((char *)( *phenogenesis_squirreling)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(redraft_biogeny)+1, redraft_biogeny, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, redraft_biogeny, strlen(redraft_biogeny) + 1); if ( *phenogenesis_squirreling != 0) free(((char *)( *phenogenesis_squirreling))); 1 --------------------------------- 11342 62603/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67.c cppfunc 44 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 11343 110337/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_42.c cppfunc 121 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; data = badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11344 73015/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_34.c cppfunc 45 CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_34_unionType myUnion; char * data = myUnion.unionSecond; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11345 72770/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_21.c cppfunc 54 static wchar_t * badSource(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = badSource(data); data[100-1] = L'\0'; return data; data = badSource(data); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11346 153037/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&endor_tutt,"FIVELING_TRAGICOMIC"); if (endor_tutt != 0) {; educand_epichil = ((char *)endor_tutt); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(educand_epichil)+1, educand_epichil, "TRIGGER-STATE"); strncpy(stonesoup_data, educand_epichil, strlen(educand_epichil) + 1); if (endor_tutt != 0) free(((char *)endor_tutt)); 1 --------------------------------- 11347 148881/ascend-scanner.c cppfunc 1443 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; ascendlval.b = (guint8)strtol(ascendtext, NULL, 16); 1 --------------------------------- 11348 1577/into4-bad.c cppfunc 47 main(int argc, char **argv) n = strtoul(argv[1], 0, 10); test(n); test(unsigned int n) int *buf, i; buf = malloc(n * sizeof *buf); for(i = 0; i < n; i++) buf[i] = i; printf("%x ", buf[i]); free(buf); 1 --------------------------------- 11349 110520/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_17.c cppfunc 132 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11350 110549/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_82_goodG2B.cpp cppfunc 37 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_82_goodG2B::action(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11351 110314/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_03.c cppfunc 118 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11352 70835/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_04.c cppfunc 50 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11353 110524/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_31.c cppfunc 131 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11354 153436/mux.c cppfunc 956 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; return c - 32; int culmen_lumbye = 596; char *outkeeper_deprotestantize; stonesoup_read_taint(&outkeeper_deprotestantize,"8962",culmen_lumbye); unmigratory_valerians . oxamate_counsels = outkeeper_deprotestantize; subsyndicate_reimprint(unmigratory_valerians); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, rhetorical_gypped); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void subsyndicate_reimprint(const union tribady_parkston clervaux_obolos) rhetorical_gypped = ((char *)((union tribady_parkston )clervaux_obolos) . oxamate_counsels); strcpy(stonesoup_heap_buffer_64, rhetorical_gypped); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&outkeeper_deprotestantize,"8962",culmen_lumbye); unmigratory_valerians . oxamate_counsels = outkeeper_deprotestantize; subsyndicate_reimprint(unmigratory_valerians); 1 --------------------------------- 11355 199284/memory_allocation_failure.c cppfunc 409 free(memory_allocation_failure_011_gbl_u1->s1->a); free(memory_allocation_failure_011_gbl_u1->s1); free(memory_allocation_failure_011_gbl_u1); 1 --------------------------------- 11356 70752/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_17.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11357 71474/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_21.c cppfunc 56 static char * badSource(char * data) data = NULL; data = badSource(data); data[0] = '\0'; return data; data = badSource(data); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11358 148881/tvbuff.c cppfunc 1233 get_ieee_float(guint32 w) exponent = w & IEEE_SP_EXPONENT_MASK; exponent = ((exponent >> IEEE_SP_MANTISSA_WIDTH) - IEEE_SP_BIAS) - IEEE_SP_MANTISSA_WIDTH; exponent = ((exponent >> IEEE_SP_MANTISSA_WIDTH) - IEEE_SP_BIAS) - return -mantissa * pow(2, exponent); tvb_get_letohieee_float(tvbuff_t *tvb, int offset) return get_ieee_float(tvb_get_letohl(tvb, offset)); tvb_get_letohl(tvbuff_t *tvb, gint offset) ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); fast_ensure_contiguous(tvbuff_t *tvb, gint offset, guint length) DISSECTOR_ASSERT(tvb && tvb->initialized); return ensure_contiguous(tvb, offset, length); u_offset = offset; return tvb->real_data + u_offset; return 0; ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); return pntohl(ptr); return get_ieee_float(tvb_get_ntohl(tvb, offset)); ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); return pletohl(ptr); return get_ieee_float(tvb_get_letohl(tvb, offset)); tvb_get_ntohieee_float(tvbuff_t *tvb, int offset) return get_ieee_float(tvb_get_ntohl(tvb, offset)); tvb_get_ntohl(tvbuff_t *tvb, gint offset) ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); 1 --------------------------------- 11359 148881/tvbuff.c cppfunc 1235 get_ieee_float(guint32 w) exponent = w & IEEE_SP_EXPONENT_MASK; exponent = ((exponent >> IEEE_SP_MANTISSA_WIDTH) - IEEE_SP_BIAS) - return mantissa * pow(2, exponent); tvb_get_ntohieee_float(tvbuff_t *tvb, int offset) return get_ieee_float(tvb_get_ntohl(tvb, offset)); tvb_get_ntohl(tvbuff_t *tvb, gint offset) ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); fast_ensure_contiguous(tvbuff_t *tvb, gint offset, guint length) DISSECTOR_ASSERT(tvb && tvb->initialized); return ensure_contiguous(tvb, offset, length); u_offset = offset; return tvb->real_data + u_offset; return 0; ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); return pntohl(ptr); IEEE_SP_MANTISSA_WIDTH; exponent = ((exponent >> IEEE_SP_MANTISSA_WIDTH) - IEEE_SP_BIAS) - return mantissa * pow(2, exponent); return get_ieee_float(tvb_get_ntohl(tvb, offset)); ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); return pletohl(ptr); return get_ieee_float(tvb_get_letohl(tvb, offset)); tvb_get_letohieee_float(tvbuff_t *tvb, int offset) return get_ieee_float(tvb_get_letohl(tvb, offset)); tvb_get_letohl(tvbuff_t *tvb, gint offset) ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); 1 --------------------------------- 11360 153592/main_filter_toolbar.c cppfunc 111 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11361 153707/cryptlib.c cppfunc 803 int stonesoup_toupper(int c) return c - 32; return c; stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, tetterwort_unclamping); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); void stonesoup_handle_taint(char *playthings_unrelaxable) asbestine_kirver = playthings_unrelaxable; primsie_testify = &asbestine_kirver; BURROCK_VRILLING(primsie_testify); void hadder_haleigh(waterage_marksville *evangelised_barres) tetterwort_unclamping = ((char *)( *evangelised_barres)); strcpy(stonesoup_heap_buffer_64, tetterwort_unclamping); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); 1 --------------------------------- 11362 72187/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_12.c cppfunc 52 data[0] = L'\0'; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 11363 148966/packet-sdp.c cppfunc 1611 static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) (tvb_strncaseeql(tvb, offset, sdp_media_attribute_names[i].name, len) == 0)) offset = 0; colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = colon_offset + 1; offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); proto_tree_add_item(sdp_media_attribute_tree, hf_media_format, tvb, payload_type = tvb_get_ephemeral_string(tvb, offset, tokenlen); offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, '/'); proto_tree_add_item(sdp_media_attribute_tree, hf_media_encoding_name, tvb, transport_info->encoding_name[pt] = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); next_offset = next_offset + 1; if (!isdigit(tvb_get_guint8(tvb, next_offset))) next_offset++; if (!isdigit(tvb_get_guint8(tvb, next_offset))) 1 --------------------------------- 11364 71190/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_33.cpp cppfunc 46 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11365 66844/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_33.cpp cppfunc 43 wchar_t * &dataRef = data; wchar_t * data = dataRef; source[100-1] = L'\0'; wcscat(data, source); 1 --------------------------------- 11366 70445/CWE122_Heap_Based_Buffer_Overflow__CWE135_82_goodG2B.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__CWE135_82_goodG2B::action(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11367 199317/uninit_memory_access.c cppfunc 39 double *a = (double *) calloc(3,sizeof(double)); printf("%lf ",a[1]); free(a); 1 --------------------------------- 11368 72850/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_03.c cppfunc 40 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11369 70860/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_45.c cppfunc 40 data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_45_badData; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11370 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 11371 153374/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&orchil_bibliopolism,"PERSPICABLE_UNPREVENTABLY"); if (orchil_bibliopolism != 0) {; superdubious_paragogically = ((char *)orchil_bibliopolism); for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen(superdubious_paragogically); ++stonesoup_ss_i) { tracepoint(stonesoup_trace, variable_signed_integral, "((int)STONESOUP_TAINT_SOURCE[stonesoup_ss_i])", ((int)superdubious_paragogically[stonesoup_ss_i]), &(superdubious_paragogically[stonesoup_ss_i]), "TRIGGER-STATE"); stonesoup_stack_buff[(int) superdubious_paragogically[stonesoup_ss_i]]); if (orchil_bibliopolism != 0) free(((char *)orchil_bibliopolism)); 1 --------------------------------- 11372 110331/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_22.c cppfunc 44 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_22_badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11373 149125/heap_overflow_cplx-bad.c cppfunc 69 return NULL; t[i] = '\0'; return t; char *t = rand_text(); strcpy(buf,t); free(t); 1 --------------------------------- 11374 153152/eng_table.c cppfunc 385 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; return c; int cooncan_cesium = 596; char *opined_fissura; stonesoup_read_taint(&opined_fissura,"9782",cooncan_cesium); hyphemia_pyridone[5] = opined_fissura; rhodus_spiel = 5; nirvanas_thiolacetic = &rhodus_spiel; cognizant_earnest = *(hyphemia_pyridone + *nirvanas_thiolacetic); unshivered_thoracoacromial = ((char *)cognizant_earnest); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(unshivered_thoracoacromial))); stonesoup_data->buffer[stonesoup_buff_size] = unshivered_thoracoacromial[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&opined_fissura,"9782",cooncan_cesium); hyphemia_pyridone[5] = opined_fissura; cognizant_earnest = *(hyphemia_pyridone + *nirvanas_thiolacetic); unshivered_thoracoacromial = ((char *)cognizant_earnest); stonesoup_taint_len = ((int )(strlen(unshivered_thoracoacromial))); stonesoup_data->buffer[stonesoup_buff_size] = unshivered_thoracoacromial[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) return c - 32; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); 1 --------------------------------- 11375 153662/mem_dbg.c cppfunc 250 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11376 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c cppfunc 50 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11377 153185/color.c cppfunc 120 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11378 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c cppfunc 47 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11379 152911/eng_lib.c cppfunc 112 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11380 153458/config.c cppfunc 79 stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11381 110513/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_10.c cppfunc 131 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11382 152935/config_file.c cppfunc 934 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(venesection_upgrowing, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); 1 --------------------------------- 11383 70451/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_04.c cppfunc 139 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11384 199283/memory_allocation_failure.c cppfunc 510 ret = MAX_VAL; ret=5; return ret; char **dptr,a; dptr=(char**) malloc(10*sizeof(char*)); dptr[i]=(char*) malloc(memory_allocation_failure_013_func_001(0)*sizeof(char)); strcpy( dptr[1],"STRING TEST" ); free(dptr[i]); dptr = NULL; free(dptr); 1 --------------------------------- 11385 110509/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_06.c cppfunc 135 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11386 71405/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_82_bad.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_82_bad::action(char * data) strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11387 153756/utf.c cppfunc 124 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11388 72852/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_05.c cppfunc 47 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11389 153300/config_file.c cppfunc 924 void lobs_kuprin(char *sextettes_ingeniosity) crudest_myocardiogram = ((char *)sextettes_ingeniosity); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(crudest_myocardiogram))); memcpy(stonesoup_data->buffer, crudest_myocardiogram, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 11390 148966/packet-sdp.c cppfunc 1429 bytes_tvb = tvb_new_child_real_data(tvb, buf, i, i); proto_tree_add_text(tree, tvb, offset, tokenlen, "Debug; Analysed string: '%s'", next_offset = tvb_find_guint8(tvb, offset, -1, '='); offset = next_offset; offset++; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_fmtp_mpeg4_profile_level_id, tvb, offset, tokenlen, format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); offset++; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_fmtp_h263_profile, tvb, offset, tokenlen, offset++; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_fmtp_h263_level, tvb, offset, tokenlen, format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); item = proto_tree_add_text(tree, tvb, offset, tokenlen, "Incorrectly coded, must be three bytes"); offset++; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_h264_packetization_mode, tvb, offset, tokenlen, atol((char*)format_specific_parameter)); comma_offset = tvb_find_guint8(tvb, offset, -1, ','); data_p = tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_text(tree, tvb, offset, tokenlen, "NAL unit 1 string: %s", data_p); data_tvb = base64_to_tvb(tvb, data_p); show_reported_bounds_error(tvb, pinfo, tree); data_p = tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_text(tree, tvb, offset, tokenlen, "NAL unit 2 string: %s", data_p); data_tvb = base64_to_tvb(tvb, data_p); (tvb_strncaseeql(tvb, offset, sdp_media_attribute_names[i].name, len) == 0)) offset = 0; colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = colon_offset + 1; offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); hf_media_format, tvb, offset, media_format = atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen)); payload_type = tvb_get_ephemeral_string(tvb, offset, tokenlen); offset = next_offset + 1; decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, next_offset = tvb_find_guint8(tvb, offset, -1, ';'); offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset= tvb_length(tvb); tokenlen = next_offset - offset; hf_media_format_specific_parameter, tvb, decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, hf_media_format_specific_parameter, tvb, offset = next_offset + 1; offset, tokenlen, ENC_ASCII|ENC_NA); decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, decode_sdp_fmtp(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, gint offset, gint tokenlen, char *mime_type) { end_offset = offset + tokenlen; proto_tree_add_text(tree, tvb, offset, tokenlen, "Debug; Analysed string: '%s'", next_offset = tvb_find_guint8(tvb, offset, -1, '='); field_name = tvb_get_ephemeral_string(tvb, offset, tokenlen); tokenlen = end_offset - offset; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); atol((char*)format_specific_parameter)); decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, hf_media_format_specific_parameter, tvb, decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, ascii_bytes_to_tvb(tvbuff_t *tvb, packet_info *pinfo, gint len, gchar *msg) data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); atol((char*)format_specific_parameter)); static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); next_offset = tvb_find_guint8(tvb, offset, -1, ';'); hf_media_format_specific_parameter, tvb, decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, 1 --------------------------------- 11391 153127/utils.c cppfunc 98 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11392 153519/cmdline.c cppfunc 116 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11393 70428/CWE122_Heap_Based_Buffer_Overflow__CWE135_45.c cppfunc 37 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_45_badData = data; badSink(); void * data = CWE122_Heap_Based_Buffer_Overflow__CWE135_45_badData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11394 153382/mux.c cppfunc 930 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(overrashness_stomatodynia, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); 1 --------------------------------- 11395 71175/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_08.c cppfunc 57 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11396 71195/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_44.c cppfunc 36 static void badSink(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11397 153479/file_wrappers.c cppfunc 1789 return c - 32; char **fourchette_mewled = 0; puranic_prepostorship(superhistoric_recrosses,fourchette_mewled); puranic_prepostorship(overreaches_noncredulously,triplum_parenthesis); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); void puranic_prepostorship(int overreaches_noncredulously,char **triplum_parenthesis) antipass_emanational = ((char *)triplum_parenthesis[1]); stonesoup_taint_len = ((int )(strlen(antipass_emanational))); stonesoup_data->buffer[stonesoup_buff_size] = antipass_emanational[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); 1 --------------------------------- 11398 72682/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_43.cpp cppfunc 44 data[100-1] = L'\0'; wcsncat(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11399 70999/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_34.c cppfunc 49 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11400 72582/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_33.cpp cppfunc 42 wchar_t * &dataRef = data; wchar_t * data = dataRef; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 1 --------------------------------- 11401 66606/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_66.c cppfunc 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11402 70741/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_06.c cppfunc 46 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11403 72279/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_08.c cppfunc 53 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11404 110334/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_33.cpp cppfunc 121 int &dataRef = data; int data = dataRef; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11405 153323/resowner.c cppfunc 1159 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, superinduction_preconcert, strlen(superinduction_preconcert) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 11406 71182/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_15.c cppfunc 49 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11407 148881/emem.c cppfunc 1326 node=se_tree->tree; return node->data; return node->data; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node->left=new_node; new_node->left=NULL; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->right=NULL; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->key32=key; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->data= func(ud); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->u.is_subtree = is_subtree; node->left=new_node; node=new_node; new_node->parent=node; node=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node=node->left; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node->right=new_node; new_node->parent=node; new_node->u.is_subtree = is_subtree; node=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node=node->right; new_node->parent=node; node=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); return node->data; next_tree=lookup_or_insert32(se_tree, *key[0].key, create_sub_tree, se_tree, EMEM_TREE_NODE_IS_SUBTREE); key[0].length--; key[0].key++; emem_tree_insert32_array(next_tree, key, data); emem_tree_key_t key[2]; aligned[div-1] = 0x00000001; key[0].key = aligned; key[1].length = 0; key[1].key = NULL; emem_tree_insert32_array(se_tree, key, v); emem_tree_insert32_array(emem_tree_t *se_tree, emem_tree_key_t *key, void *data) next_tree=lookup_or_insert32(se_tree, *key[0].key, create_sub_tree, se_tree, EMEM_TREE_NODE_IS_SUBTREE); key++; emem_tree_insert32_array(next_tree, key, data); emem_tree_insert32_array(emem_tree_t *se_tree, emem_tree_key_t *key, void *data) next_tree=lookup_or_insert32(se_tree, *key[0].key, create_sub_tree, se_tree, EMEM_TREE_NODE_IS_SUBTREE); static void* lookup_or_insert32(emem_tree_t *se_tree, guint32 key, void*(*func)(void*),void* ud, int is_subtree) { new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node->left=new_node; new_node->data= func(ud); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->key32=key; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->data= func(ud); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); emem_tree_insert_string(emem_tree_t* se_tree, const gchar* k, void* v, guint32 flags) guint32 len = (guint32) strlen(k); guint32 div = (len+3)/4+1; aligned = malloc(div * sizeof (guint32)); key[0].length = div; emem_tree_insert32_array(se_tree, key, v); 1 --------------------------------- 11408 153458/config.c cppfunc 1036 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, paralogician_bemedalled, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 11409 153679/avdevice.c cppfunc 189 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(remonstrance_reincarnated, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); 1 --------------------------------- 11410 152974/conversation.c cppfunc 1253 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 11411 149079/scpy7-bad.c inputfunc 47 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) strcpy(buf, str); printf("result: %s\n", buf); free(buf); 1 --------------------------------- 11412 149079/scpy7-bad.c cppfunc 43 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); strcpy(buf, str); printf("result: %s\n", buf); free(buf); 1 --------------------------------- 11413 71094/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_33.cpp cppfunc 46 wchar_t * &dataRef = data; wchar_t * data = dataRef; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 1 --------------------------------- 11414 199233/buffer_overrun_dynamic.c cppfunc 198 dynamic_buffer_overrun_010_s_001* sbuf= calloc(5,sizeof(dynamic_buffer_overrun_010_s_001)) ; sbuf[5].a = 1; free(sbuf); 1 --------------------------------- 11415 153763/color.c cppfunc 118 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11416 110388/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_45.c cppfunc 40 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_45_badData = data; badSink(); int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_45_badData; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11417 153769/utils.c inputfunc 121 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hexaseme_egide,"INAMISSIBLENESS_CUSTOMING"); if (hexaseme_egide != 0) {; mohock_treadling = ((int )(strlen(hexaseme_egide))); chichewa_scorified = ((char *)(malloc(mohock_treadling + 1))); if (chichewa_scorified == 0) { memcpy(chichewa_scorified,hexaseme_egide,mohock_treadling); if (hexaseme_egide != 0) free(((char *)hexaseme_egide)); recapitalizes_archantagonist = &chichewa_scorified; mycotoxic_preeminently = ((char **)(((unsigned long )recapitalizes_archantagonist) * aphetism_avis * aphetism_avis)) + 5; roslyn_barrabkie = ((char *)( *(mycotoxic_preeminently - 5))); stonesoup_input_len = strlen(roslyn_barrabkie); if (stonesoup_input_len < 2) { stonesoup_result = ( *stonesoup_function_ptr)(roslyn_barrabkie); if (stonesoup_result == 0) if ( *(mycotoxic_preeminently - 5) != 0) free(((char *)( *(mycotoxic_preeminently - 5)))); 1 --------------------------------- 11418 72738/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_62.cpp cppfunc 40 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); void badSource(wchar_t * &data); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11419 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c cppfunc 47 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 11420 153566/color.c cppfunc 90 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11421 199283/memory_allocation_failure.c cppfunc 709 ret = MAX_VAL_4; ret=5; return ret; memory_allocation_failure_016_gbl_ptr1 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); memory_allocation_failure_016_gbl_ptr2 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); memory_allocation_failure_016_func_002(0); free(memory_allocation_failure_016_gbl_ptr1); 1 --------------------------------- 11422 153273/cmdutils.c cppfunc 111 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11423 153240/color.c cppfunc 118 stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11424 72726/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_33.cpp cppfunc 42 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11425 153626/bss_file.c cppfunc 149 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11426 1575/into3-bad.c cppfunc 50 main(int argc, char **argv) n = strtoul(argv[1], 0, 10); test(n); test(unsigned int n) int *buf, i; if(n > 1 + INT_MAX / sizeof *buf) buf = malloc(n * sizeof *buf); for(i = 0; i < n; i++) buf[i] = i; printf("%x ", buf[i]); free(buf); 1 --------------------------------- 11427 110361/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_02.c cppfunc 55 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11428 70845/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_14.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11429 110393/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_61.c cppfunc 43 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_61b_badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11430 70459/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_12.c cppfunc 139 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11431 153576/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&clarshech_voltinism,"TOSEPHTAS_RAFFMAN"); if (clarshech_voltinism != 0) {; undenotable_indiscriminate = ((char *)clarshech_voltinism); if (strlen(undenotable_indiscriminate) < 20) { realpath(undenotable_indiscriminate, stonesoup_data.base_path); if (clarshech_voltinism != 0) free(((char *)clarshech_voltinism)); 1 --------------------------------- 11432 153173/eng_table.c cppfunc 110 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11433 72762/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_11.c cppfunc 44 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11434 70406/CWE122_Heap_Based_Buffer_Overflow__CWE135_07.c cppfunc 51 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11435 153631/color.c cppfunc 598 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; return c - 32; int keftian_hydrogenase = 596; char *pointal_distortive; stonesoup_read_taint(&pointal_distortive,"7520",keftian_hydrogenase); overdiffuse_nightish = ((char *)pointal_distortive); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, overdiffuse_nightish); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&pointal_distortive,"7520",keftian_hydrogenase); overdiffuse_nightish = ((char *)pointal_distortive); strcpy(stonesoup_heap_buffer_64, overdiffuse_nightish); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); 1 --------------------------------- 11436 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 11437 148881/ascend-scanner.c cppfunc 1518 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; ascendlval.d = strtol(ascendtext, NULL, 10); 1 --------------------------------- 11438 72424/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_09.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11439 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82_goodB2G.cpp cppfunc 33 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 1 --------------------------------- 11440 70521/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_42.c cppfunc 71 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11441 153169/e_bf.c cppfunc 244 return c - 32; granularly_dutuburi = ((char *)( *unkindlily_dimberdamber) . cowpoke_snogs); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(granularly_dutuburi))); stonesoup_heap_buff_64[stonesoup_buff_size] = granularly_dutuburi[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); 1 --------------------------------- 11442 153739/color.c inputfunc 548 nonaccordant_placodermal = getenv("COBLEMAN_UNWHIGLIKE"); if (nonaccordant_placodermal != 0) {; munith_guacho = ((char *)nonaccordant_placodermal); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(munith_guacho)+1, munith_guacho, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, munith_guacho, strlen(munith_guacho) + 1); 1 --------------------------------- 11443 70514/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_21.c cppfunc 54 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11444 70541/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82_bad.cpp cppfunc 50 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11445 70930/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_03.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11446 110339/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_44.c cppfunc 56 static void badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11447 152956/bss_file.c cppfunc 151 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11448 72390/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_33.cpp cppfunc 42 char * &dataRef = data; char * data = dataRef; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11449 148966/packet-sdp.c cppfunc 1120 dissect_sdp_media(tvbuff_t *tvb, proto_item *ti, offset = 0; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); proto_tree_add_item(sdp_media_tree, hf_media_media, tvb, offset, tokenlen, transport_info->media_type = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ' '); tokenlen = next_offset - offset; next_offset = tvb_find_guint8(tvb, offset, tokenlen, '/'); tokenlen = next_offset - offset; transport_info->media_port[transport_info->media_count] = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen))); 1 --------------------------------- 11450 153603/ffmpeg.c cppfunc 160 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11451 153044/error.c cppfunc 711 return c - 32; overprotect_oligopsony = ((char *)( *megalochirous_multithreaded) . feoffee_underpay); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, overprotect_oligopsony); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); 1 --------------------------------- 11452 153337/img2.c cppfunc 70 stonesoup_printf("Error: Failed to allocate memory\n"); s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11453 72440/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_41.c cppfunc 31 data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_41_badSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11454 73296/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_33.cpp cppfunc 38 int64_t * &dataRef = data; int64_t * data = dataRef; printLongLongLine(*data); free(data); 1 --------------------------------- 11455 1605/scpy4-bad.c inputfunc 53 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) str2 = shortstr(str, strlen(str), 80); shortstr(char *p, int n, int targ) if(n > targ) return shortstr(p+1, n-1, targ); return p; str2 = shortstr(str, strlen(str), 80); strcpy(buf, str2); printf("result: %s\n", buf); 1 --------------------------------- 11456 153388/dynahash.c cppfunc 829 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; return c - 32; int propylitic_bakhmut = 596; char *poligarship_treadled; stonesoup_read_taint(&poligarship_treadled,"8084",propylitic_bakhmut); waterworn_overharshly[84] = poligarship_treadled; eucrite_peripneumonic = ebullioscopic_emceeing(waterworn_overharshly); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, biblicality_balkanite); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); char **ebullioscopic_emceeing(char **nonrhythmical_pintos) return nonrhythmical_pintos; eucrite_peripneumonic = ebullioscopic_emceeing(waterworn_overharshly); biblicality_balkanite = ((char *)eucrite_peripneumonic[84]); strcpy(stonesoup_heap_buffer_64, biblicality_balkanite); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&poligarship_treadled,"8084",propylitic_bakhmut); waterworn_overharshly[84] = poligarship_treadled; eucrite_peripneumonic = ebullioscopic_emceeing(waterworn_overharshly); 1 --------------------------------- 11457 70962/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_62.cpp cppfunc 45 data = NULL; badSource(data); void badSource(char * &data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11458 152882/subtrans.c cppfunc 458 melancholy_dauded = inhabitation_retaliate(unsticked_hoplonemertea); valinch_forums(kists_oxyhydric,melancholy_dauded); valinch_forums(arteriometer_inordinacy,calusa_pacate); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void valinch_forums(int arteriometer_inordinacy,char *calusa_pacate) premen_abstrude = ((char *)calusa_pacate); stonesoup_buffer = malloc((strlen(premen_abstrude) + 1) * sizeof(char )); strcpy(stonesoup_buffer,premen_abstrude); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 11459 73158/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_33.cpp cppfunc 41 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcscpy(dest, data); printWLine(data); free(data); 1 --------------------------------- 11460 66550/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_52.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11461 153303/utils.c cppfunc 108 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11462 71378/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_21.c cppfunc 50 data = NULL; data = badSource(data); static char * badSource(char * data) data[0] = '\0'; return data; data = badSource(data); strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11463 153482/color.c cppfunc 604 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 11464 72439/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_34.c cppfunc 46 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_34_unionType myUnion; char * data = myUnion.unionSecond; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11465 110356/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_81_bad.cpp cppfunc 37 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_81_bad::action(int data) const intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11466 110312/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_01.c cppfunc 115 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11467 70736/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_01.c cppfunc 39 data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11468 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 11469 153472/bss_file.c cppfunc 654 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); return c - 32; stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void stonesoup_handle_taint(char *miliolite_nullity) familiarised_temperate = miliolite_nullity; scriptural_acetophenine[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *convoker_camletine)))))))))))))))))))))))))))))))))))))))))))))))))] = familiarised_temperate; petrovsk_upbrighten = scriptural_acetophenine[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *convoker_camletine)))))))))))))))))))))))))))))))))))))))))))))))))]; butylation_meth = ((char *)petrovsk_upbrighten); stonesoup_taint_len = ((int )(strlen(butylation_meth))); stonesoup_heap_buff_64[stonesoup_buff_size] = butylation_meth[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); 1 --------------------------------- 11470 70882/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_03.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11471 153296/timestamp.c cppfunc 90 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11472 62595/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 11473 153768/avpacket.c cppfunc 78 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11474 79386/CWE134_Uncontrolled_Format_String__char_console_fprintf_01.c inputfunc 38 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 11475 71730/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_62.cpp cppfunc 37 data = NULL; badSource(data); void badSource(int * &data); memcpy(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 1 --------------------------------- 11476 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c cppfunc 54 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 11477 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c cppfunc 57 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11478 72690/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_62.cpp cppfunc 40 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); void badSource(wchar_t * &data); wcsncat(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11479 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c inputfunc 45 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 11480 73005/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_14.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11481 148966/strutil.c cppfunc 806 convert_string_to_hex(const char *string, size_t *nbytes) p = &string[0]; c = *p++; c = *p++; if (!isxdigit(c)) 1 --------------------------------- 11482 71622/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_33.cpp cppfunc 38 int64_t * &dataRef = data; int64_t * data = dataRef; memmove(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 1 --------------------------------- 11483 153526/pgstat.c cppfunc 4171 return c - 32; return c; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, unfructify_muhammedan); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); void shubunkin_gimmal(mondrian_salchow albumenise_unsliced) andie_preinstructed(albumenise_unsliced); void andie_preinstructed(mondrian_salchow tradespeople_klosters) unfructify_muhammedan = ((char *)((mondrian_salchow )tradespeople_klosters)); strcpy(stonesoup_data->buffer, unfructify_muhammedan); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 11484 152886/main_statusbar.c cppfunc 155 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11485 62974/CWE121_Stack_Based_Buffer_Overflow__CWE135_43.cpp cppfunc 47 data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11486 70508/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_13.c cppfunc 70 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11487 62970/CWE121_Stack_Based_Buffer_Overflow__CWE135_33.cpp cppfunc 45 void * &dataRef = data; void * data = dataRef; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11488 153668/error.c cppfunc 710 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *trustlessly_gogglers; stonesoup_read_taint(&trustlessly_gogglers,"ANGIASTHENIA_SPLENATROPHY"); carabidan_sentence . uglification_astto = trustlessly_gogglers; myowun_parasols(carabidan_sentence); stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&trustlessly_gogglers,"ANGIASTHENIA_SPLENATROPHY"); carabidan_sentence . uglification_astto = trustlessly_gogglers; myowun_parasols(carabidan_sentence); void myowun_parasols(const union mortiferousness_vibrations grists_ravendale) thistles_stolewise = ((char *)((union mortiferousness_vibrations )grists_ravendale) . uglification_astto); stonesoup_buff_size = strlen(thistles_stolewise) + 1; thistles_stolewise[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = free (stonesoup_other_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); 1 --------------------------------- 11489 72460/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_81_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_81_goodG2B::action(char * data) const strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11490 110538/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_62.cpp cppfunc 44 data = -1; badSource(data); void badSource(int &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11491 71171/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_04.c cppfunc 50 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11492 110523/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22.c cppfunc 44 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22_badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11493 153239/color.c cppfunc 629 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); 1 --------------------------------- 11494 72730/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_43.cpp cppfunc 44 data[100-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11495 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c inputfunc 52 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 11496 153344/utf.c cppfunc 134 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11497 153246/emem.c cppfunc 2027 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(xograph_gangplank, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 11498 153498/mem_dbg.c inputfunc 267 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&deciatine_gotthard,"NONPECUNIARY_MELVERN"); if (deciatine_gotthard != 0) {; fluoresceine_proration = ((int )(strlen(deciatine_gotthard))); wilt_snot = ((char *)(malloc(fluoresceine_proration + 1))); if (wilt_snot == 0) { memcpy(wilt_snot,deciatine_gotthard,fluoresceine_proration); if (deciatine_gotthard != 0) free(((char *)deciatine_gotthard)); birchman_infrequency[5] = wilt_snot; centauromachia_electing = *(birchman_infrequency + *cadelle_aldabra); jade_theines = ((char *)centauromachia_electing); if (strlen(jade_theines) < 20) { realpath(jade_theines, stonesoup_data.base_path); if (centauromachia_electing != 0) free(((char *)centauromachia_electing)); 1 --------------------------------- 11499 152924/column.c cppfunc 93 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11500 153162/color.c cppfunc 118 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11501 199233/buffer_overrun_dynamic.c cppfunc 113 float *buf=(float*) calloc(5,sizeof(float)); buf[i]=1.0; free(buf); 1 --------------------------------- 11502 72817/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_18.c cppfunc 39 data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11503 153630/heapam.c cppfunc 5251 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); return c - 32; reaccompanying_padishah = ((void *)ontine_pereira); yoldring_rager[5] = reaccompanying_padishah; aditus_expropriates = 5; longjmp(ultraterrene_tetradactylous,1); fluidification_eglin = ((char *)((char *)outwept_swb)); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_address, "__builtin_return_address(0)", __builtin_return_address(0), "CROSSOVER-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "CROSSOVER-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_i", stonesoup_i, &stonesoup_i, "FINAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "FINAL-STATE"); } ++stonesoup_global_variable;; if (ontine_pereira != 0) {; aditus_expropriates = 5; longjmp(ultraterrene_tetradactylous,1); tracepoint(stonesoup_trace, variable_address, "__builtin_return_address(0)", __builtin_return_address(0), "CROSSOVER-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_i", stonesoup_i, &stonesoup_i, "FINAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "FINAL-STATE"); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); int stonesoup_toupper(int c) return c; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "CROSSOVER-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_i", stonesoup_i, &stonesoup_i, "FINAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "FINAL-STATE"); 1 --------------------------------- 11504 153816/error.c cppfunc 100 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11505 153161/cryptlib.c cppfunc 200 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11506 71361/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_02.c cppfunc 40 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11507 152948/mutex.c cppfunc 66 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11508 72286/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_15.c cppfunc 45 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11509 153651/conversation.c cppfunc 1263 return c - 32; marrams_tommie = ((char *)( *(nonextrication_saltlick - 5)) . hoshi_aetheria); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, marrams_tommie); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); 1 --------------------------------- 11510 72873/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_42.c cppfunc 43 data[0] = '\0'; return data; data = badSource(data); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11511 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 11512 110526/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_33.cpp cppfunc 134 int &dataRef = data; int data = dataRef; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11513 110327/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_16.c cppfunc 119 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11514 70740/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_05.c cppfunc 49 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11515 72854/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_07.c cppfunc 46 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11516 148881/emem.c cppfunc 202 va_list ap; va_start(ap,fmt); g_vsnprintf(here, 126,fmt, ap); va_end(ap); 1 --------------------------------- 11517 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 11518 153267/stream.c cppfunc 104 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11519 153107/color.c cppfunc 120 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11520 153591/e_camellia.c cppfunc 83 stonesoup_printf("Error: Failed to allocate memory\n"); s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11521 199253/double_free.c cppfunc 101 char* ptr= (char*) malloc(sizeof(char)); free(ptr); free(ptr); 1 --------------------------------- 11522 153805/color.c inputfunc 144 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&possessory_contrectation,"WHOOPLAS_PLUFFY"); if (possessory_contrectation != 0) {; if (possessory_contrectation != 0) free(((char *)possessory_contrectation)); 1 --------------------------------- 11523 71193/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_42.c cppfunc 46 data = (wchar_t *)malloc(10*sizeof(wchar_t)); return data; data = badSource(data); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11524 71180/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_13.c cppfunc 43 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11525 72823/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_34.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_34_unionType myUnion; char * data = myUnion.unionSecond; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11526 72200/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_41.c cppfunc 38 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_41_badSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 11527 199283/memory_allocation_failure.c cppfunc 422 ret = MAX_VAL; ret=5; return ret; memory_allocation_failure_012_buf2_gbl = (int *) calloc (memory_allocation_failure_012_func_001(0),sizeof(int)); 1 --------------------------------- 11528 110461/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_06.c cppfunc 46 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11529 153546/dirent_uri.c cppfunc 109 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11530 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 11531 152986/bio_err.c cppfunc 207 return c - 32; whitherwards_feedway = ((char *)glucolipine_milkshop . hydropneumatic_integration); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(whitherwards_feedway))); stonesoup_heap_buff_64[stonesoup_buff_size] = whitherwards_feedway[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); 1 --------------------------------- 11532 152999/tile-swap.c cppfunc 614 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; struct pipecoline_gumweeds interestedness_duchan; char *inputted_sheared; stonesoup_read_taint(&inputted_sheared,"BIOSTATICAL_ZINGIBER"); interestedness_duchan . decimalized_stanniferous = ((char *)inputted_sheared); discursive_overnicety[5] = interestedness_duchan; alliant_afterlifetime[1] = 5; achymia_nondecoration = *(discursive_overnicety + alliant_afterlifetime[1]); houhere_galahad = ((char *)achymia_nondecoration . decimalized_stanniferous); stonesoup_buff_size = strlen(houhere_galahad) + 1; stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); houhere_galahad[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&inputted_sheared,"BIOSTATICAL_ZINGIBER"); interestedness_duchan . decimalized_stanniferous = ((char *)inputted_sheared); achymia_nondecoration = *(discursive_overnicety + alliant_afterlifetime[1]); houhere_galahad = ((char *)achymia_nondecoration . decimalized_stanniferous); stonesoup_buff_size = strlen(houhere_galahad) + 1; houhere_galahad[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = free (stonesoup_other_buff); 1 --------------------------------- 11533 110372/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_13.c cppfunc 55 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11534 153781/emem.c inputfunc 1124 rubbery_brilliant = getenv("FAIRLY_INCOHERENCY"); if (rubbery_brilliant != 0) {; miscalculating_abevacuation = ((int )(strlen(rubbery_brilliant))); turmet_clerkish = ((char *)(malloc(miscalculating_abevacuation + 1))); if (turmet_clerkish == 0) { memcpy(turmet_clerkish,rubbery_brilliant,miscalculating_abevacuation); aleatoric_muslim = &turmet_clerkish; if ( *aleatoric_muslim != 0) { absent_harleian = ((char *)( *aleatoric_muslim)); strcpy(stonesoup_heap_buffer_64, absent_harleian); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "CROSSOVER-STATE"); for (; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "FINAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); if ( *aleatoric_muslim != 0) free(((char *)( *aleatoric_muslim))); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c; void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "FINAL-STATE"); 1 --------------------------------- 11535 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c inputfunc 52 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 11536 148881/emem.c cppfunc 1248 node=se_tree->tree; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node->left=new_node; new_node->left=NULL; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->right=NULL; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->key32=key; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->data=data; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->u.is_subtree=EMEM_TREE_NODE_IS_DATA; node->left=new_node; node=new_node; new_node->parent=node; node=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node=node->left; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node->right=new_node; new_node->parent=node; new_node->u.is_subtree=EMEM_TREE_NODE_IS_DATA; node=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); node=node->right; new_node->parent=node; node=new_node; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); return node->data; return node->data; return node->data; next_tree=lookup_or_insert32(se_tree, *key[0].key, create_sub_tree, se_tree, EMEM_TREE_NODE_IS_SUBTREE); key[0].length--; key[0].key++; emem_tree_insert32_array(next_tree, key, data); emem_tree_key_t key[2]; aligned[div-1] = 0x00000001; key[0].key = aligned; key[1].length = 0; key[1].key = NULL; emem_tree_insert32_array(se_tree, key, v); emem_tree_insert32_array(emem_tree_t *se_tree, emem_tree_key_t *key, void *data) emem_tree_insert32(se_tree, *key[0].key, data); key++; emem_tree_insert32_array(next_tree, key, data); emem_tree_insert32(emem_tree_t *se_tree, guint32 key, void *data) new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->key32=key; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); new_node->data=data; new_node=se_tree->malloc(sizeof(emem_tree_node_t)); emem_tree_insert_string(emem_tree_t* se_tree, const gchar* k, void* v, guint32 flags) guint32 len = (guint32) strlen(k); guint32 div = (len+3)/4+1; aligned = malloc(div * sizeof (guint32)); key[0].length = div; emem_tree_insert32_array(se_tree, key, v); static void* lookup_or_insert32(emem_tree_t *se_tree, guint32 key, void*(*func)(void*),void* ud, int is_subtree) { next_tree=lookup_or_insert32(se_tree, *key[0].key, create_sub_tree, se_tree, EMEM_TREE_NODE_IS_SUBTREE); key++; emem_tree_insert32_array(next_tree, key, data); 1 --------------------------------- 11537 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11538 148881/packet-http.c cppfunc 754 gint next_offset; tvb_ensure_length_remaining(tvb, offset), &next_offset, FALSE); if (!req_resp_hdrs_do_reassembly(tvb, offset, pinfo, return -1; line = tvb_get_ptr(tvb, offset, first_linelen); orig_offset = offset; ti = proto_tree_add_item(tree, proto_http, tvb, offset, -1, FALSE); headers.content_length = 0; while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, tvb_ensure_length_remaining(tvb, offset), &next_offset, linelen = tvb_find_line_end(tvb, offset, FALSE); linelen = tvb_find_line_end(tvb, offset, line = tvb_get_ptr(tvb, offset, linelen); linelen, &http_type, &reqresp_dissector, conv_data); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) tvb_ensure_bytes_exist(tvb, offset, linelen + 1); while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, line = tvb_get_ptr(tvb, offset, linelen); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) hf_http_notification, tvb, 0, 0, 1); hf_http_response, tvb, 0, 0, 1); hf_http_request, tvb, 0, 0, 1); datalen = tvb_length_remaining(tvb, offset); reported_datalen = tvb_reported_length_remaining(tvb, offset); datalen = 0; next_tvb = tvb_new_subset(tvb, offset, datalen, tvb_set_child_real_data_tvbuff(tvb, uncomp_tvb = tvb_child_uncompress(tvb, next_tvb, 0, proto_item_set_len(ti, offset); offset += datalen; return offset - orig_offset; FALSE); FALSE); linelen = tvb_find_line_end(tvb, offset, return -1; line = tvb_get_ptr(tvb, offset, linelen); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) datalen = headers.content_length; datalen = 0; next_tvb = tvb_new_subset(tvb, offset, datalen, offset += datalen; int offset = 0; len = dissect_http_message(tvb, offset, pinfo, tree, conv_data); offset += len; while (tvb_reported_length_remaining(tvb, offset) != 0) { len = dissect_http_message(tvb, offset, pinfo, tree, conv_data); dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, first_linelen = tvb_find_line_end(tvb, offset, line = tvb_get_ptr(tvb, offset, first_linelen); while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, line = tvb_get_ptr(tvb, offset, linelen); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) dissect_http(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) while (tvb_reported_length_remaining(tvb, offset) != 0) { len = dissect_http_message(tvb, offset, pinfo, tree, conv_data); proto_tree_add_item(tree, hf_http_version, tvb, offset, tokenlen, ti = proto_tree_add_item(tree, proto_http, tvb, offset, -1, while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, line = tvb_get_ptr(tvb, offset, linelen); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) static int is_http_request_or_reply(const gchar *data, int linelen, line = tvb_get_ptr(tvb, offset, linelen); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) dissect_http_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) dissect_http_message(tvb, 0, pinfo, tree, conv_data); 1 --------------------------------- 11539 153027/color.c cppfunc 603 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); memcpy(stonesoup_data->buffer, berghoff_multilocular, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_handle_taint(char *breached_embroiling) berghoff_multilocular = ((char *)breached_embroiling); stonesoup_buff_size = ((int )(strlen(berghoff_multilocular))); memcpy(stonesoup_data->buffer, berghoff_multilocular, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 11540 71472/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_17.c cppfunc 47 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11541 153774/eng_table.c cppfunc 130 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11542 153786/dynahash.c cppfunc 266 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11543 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11544 66564/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_81a.cpp cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11545 71385/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_42.c cppfunc 43 data[0] = '\0'; return data; data = badSource(data); strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11546 66324/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_81a.cpp cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11547 72332/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_13.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11548 199317/uninit_memory_access.c cppfunc 253 uninit_memory_access_009_doubleptr_gbl=(long**) malloc(10*sizeof(long*)); uninit_memory_access_009_doubleptr_gbl[i]=(long*) malloc(10*sizeof(long)); uninit_memory_access_009_func_002(); if(uninit_memory_access_009_func_001(flag)==0) uninit_memory_access_009_doubleptr_gbl[i] = NULL; free(uninit_memory_access_009_doubleptr_gbl); 1 --------------------------------- 11549 148881/ascend-scanner.c cppfunc 1388 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); *yy_cp = (yy_hold_char); int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( ascendwrap( ) ) YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; ascendlval.d = strtoul(ascendtext, NULL, 16); 1 --------------------------------- 11550 72882/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_62.cpp cppfunc 41 data = NULL; badSource(data); void badSource(char * &data); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11551 153211/mutex.c cppfunc 68 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11552 71186/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_21.c cppfunc 53 static wchar_t * badSource(wchar_t * data) data = NULL; data = badSource(data); data = (wchar_t *)malloc(10*sizeof(wchar_t)); return data; data = badSource(data); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11553 152980/conversation.c cppfunc 91 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11554 153594/error.c cppfunc 110 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11555 152917/cmdutils.c cppfunc 2075 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; return c; int reoffer_demobilisation = 596; char *exogens_mandolas; stonesoup_read_taint(&exogens_mandolas,"8725",reoffer_demobilisation); fisherville_ornamentalist . tarakihi_jeno = exogens_mandolas; MISOPATERIST_OVERNORMALIZE(fisherville_ornamentalist); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void presupervised_resourcefulness(union burlesquing_suicidalism histophyly_heremeit) logan_deadwood = ((char *)histophyly_heremeit . tarakihi_jeno); stonesoup_taint_len = ((int )(strlen(logan_deadwood))); stonesoup_data->buffer[stonesoup_buff_size] = logan_deadwood[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); int stonesoup_toupper(int c) return c - 32; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&exogens_mandolas,"8725",reoffer_demobilisation); fisherville_ornamentalist . tarakihi_jeno = exogens_mandolas; MISOPATERIST_OVERNORMALIZE(fisherville_ornamentalist); 1 --------------------------------- 11556 72300/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_45.c cppfunc 35 data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_45_badData; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11557 153375/mux.c cppfunc 102 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11558 73025/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_61.c cppfunc 36 data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_61b_badSource(data); strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11559 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c inputfunc 58 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 11560 153154/color.c cppfunc 120 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11561 70664/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_41.c cppfunc 69 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11562 66267/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_63.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11563 110465/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_10.c cppfunc 42 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11564 153363/column-utils.c cppfunc 2236 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 11565 73004/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_13.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11566 70471/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_34.c cppfunc 138 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11567 1603/scpy3-bad.c inputfunc 43 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) strncpy(buf, str, 80); 1 --------------------------------- 11568 153830/main_statusbar.c cppfunc 155 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11569 71010/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_62.cpp cppfunc 44 data = NULL; badSource(data); void badSource(wchar_t * &data); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11570 152898/color.c cppfunc 592 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, tantalizing_hemitype, strlen(tantalizing_hemitype) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); 1 --------------------------------- 11571 110511/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_08.c cppfunc 145 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11572 66277/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_82a.cpp cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11573 72113/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_61.c cppfunc 38 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_61b_badSource(data); wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11574 70520/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_41.c cppfunc 49 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11575 110328/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_17.c cppfunc 119 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11576 73036/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_81_goodG2B.cpp cppfunc 31 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_81_goodG2B::action(char * data) const strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11577 71381/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_32.c cppfunc 45 char * *dataPtr2 = &data; char * data = *dataPtr2; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11578 72796/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_81_bad.cpp cppfunc 37 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_81_bad::action(wchar_t * data) const SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11579 153407/config.c cppfunc 119 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11580 70753/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_18.c cppfunc 41 data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11581 70427/CWE122_Heap_Based_Buffer_Overflow__CWE135_44.c cppfunc 32 static void badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11582 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 11583 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 11584 62992/CWE121_Stack_Based_Buffer_Overflow__CWE135_81_goodB2G.cpp cppfunc 33 void CWE121_Stack_Based_Buffer_Overflow__CWE135_81_goodB2G::action(void * data) const size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 1 --------------------------------- 11585 72816/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_17.c cppfunc 41 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11586 71368/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_09.c cppfunc 40 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11587 70978/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_03.c cppfunc 42 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11588 153294/bufmgr.c cppfunc 138 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11589 153013/file_wrappers.c cppfunc 907 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 11590 72181/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_06.c cppfunc 50 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 11591 153441/oids.c cppfunc 1366 grandmothers_stylo = ((char *)teknonymously_vanquishes . reassert_skulkers); stonesoup_buffer = malloc((strlen(grandmothers_stylo) + 1) * sizeof(char )); strcpy(stonesoup_buffer,grandmothers_stylo); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 11592 153124/utf.c cppfunc 135 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11593 70750/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_15.c cppfunc 48 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11594 70516/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_31.c cppfunc 68 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11595 153085/oids.c cppfunc 120 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11596 110458/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_03.c cppfunc 42 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11597 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c cppfunc 41 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 11598 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c cppfunc 44 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11599 67488/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_05.c cppfunc 53 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_05_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_05_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 11600 153066/portalmem.c cppfunc 135 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11601 72719/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_16.c cppfunc 40 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11602 73065/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_42.c cppfunc 41 data[100-1] = '\0'; return data; data = badSource(data); strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11603 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c inputfunc 50 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badSink(data); static void badSink(char * data) printf(data); 1 --------------------------------- 11604 152971/utils.c cppfunc 105 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11605 153522/dirent_uri.c cppfunc 71 stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11606 199235/buffer_underrun_dynamic.c cppfunc 683 doubleptr[0][loc2]='T'; free(doubleptr[i]); free(doubleptr); 1 --------------------------------- 11607 70421/CWE122_Heap_Based_Buffer_Overflow__CWE135_32.c cppfunc 49 void * *dataPtr2 = &data; void * data = *dataPtr2; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11608 153812/oids.c cppfunc 1386 return c - 32; wangler_ladinos = ((char *)microtitration_suling . endosteoma_maudlinize); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(wangler_ladinos))); stonesoup_data->buffer[stonesoup_buff_size] = wangler_ladinos[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); 1 --------------------------------- 11609 199253/double_free.c cppfunc 187 char* ptr= (char*) malloc(sizeof(char)); free(ptr); free(ptr); 1 --------------------------------- 11610 72764/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_13.c cppfunc 44 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11611 72379/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_12.c cppfunc 45 data[100-1] = '\0'; data[50-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11612 153292/config.c cppfunc 119 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11613 72125/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_82_goodG2B.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_82_goodG2B::action(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11614 73037/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_82_goodG2B.cpp cppfunc 31 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_82_goodG2B::action(char * data) strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11615 199283/memory_allocation_failure.c cppfunc 503 double *ptr,b = 0.0; ptr= (double*) malloc(10*sizeof(double)); free(ptr); 1 --------------------------------- 11616 79502/CWE134_Uncontrolled_Format_String__char_console_snprintf_31.c inputfunc 44 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 11617 72088/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_09.c cppfunc 40 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11618 153258/column.c inputfunc 109 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&cigarillos_marinna,"SCIMITARED_FURNESS"); if (cigarillos_marinna != 0) {; pacas_cathartically = &cigarillos_marinna; recutting_marmennill = pacas_cathartically + 5; rips_praxiteles = ((char *)( *(recutting_marmennill - 5))); stonesoup_taint_len = ((int )(strlen(rips_praxiteles))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_heap_buff_64[stonesoup_buff_size] = rips_praxiteles[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "FINAL-STATE"); if ( *(recutting_marmennill - 5) != 0) free(((char *)( *(recutting_marmennill - 5)))); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); 1 --------------------------------- 11619 72125/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_82_bad.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_82_bad::action(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11620 149229/double_free-bad.c cppfunc 31 int size = sizeof(shellcode); shellcode_location = (char *)malloc(size); strcpy(shellcode_location, shellcode); printf("%s", shellcode_location); free(shellcode_location); free(shellcode_location); 1 --------------------------------- 11621 199233/buffer_overrun_dynamic.c cppfunc 263 int *buf=(int*) calloc(5,sizeof(int)); int index = 3; *(buf +((2 * index) + 1)) = 1; free(buf); 1 --------------------------------- 11622 199283/memory_allocation_failure.c cppfunc 85 unsigned int **ptr = (unsigned int**) malloc(MAX*sizeof(unsigned int*)); ptr[i]=(unsigned int*) malloc(MAX_VAL*sizeof(unsigned int)); for(i=0;i<5;i++) for(j=0;j<5;j++) *(*(ptr+i)+j)=i; free(ptr[i]); free(ptr); 1 --------------------------------- 11623 199317/uninit_memory_access.c cppfunc 369 uninit_memory_access_013_s_001 *s1, s; s1 = (uninit_memory_access_013_s_001*)calloc(1,sizeof(uninit_memory_access_013_s_001)); s1->int_a = 10; s1->int_c = 20; s1->dummy[i]= false; memcpy(&s, s1, sizeof(uninit_memory_access_013_s_001)); free(s1); 1 --------------------------------- 11624 153091/mux.c cppfunc 103 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11625 66549/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_51.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11626 152887/color.c cppfunc 587 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *virulented_pecking; stonesoup_read_taint(&virulented_pecking,"GONZALO_TIECLASPS"); gnaphalium_unprotruded = ((char *)virulented_pecking); stonesoup_buff_size = strlen(gnaphalium_unprotruded) + 1; stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); gnaphalium_unprotruded[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&virulented_pecking,"GONZALO_TIECLASPS"); gnaphalium_unprotruded = ((char *)virulented_pecking); stonesoup_buff_size = strlen(gnaphalium_unprotruded) + 1; gnaphalium_unprotruded[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = free (stonesoup_other_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); 1 --------------------------------- 11627 153322/color.c cppfunc 90 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11628 72368/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_01.c cppfunc 36 data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11629 148881/emem.c cppfunc 564 va_list ap2; G_VA_COPY(ap2, ap); g_vsnprintf (dst, (gulong) len, fmt, ap2); va_end(ap2); 1 --------------------------------- 11630 70449/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_02.c cppfunc 133 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11631 153530/bio_err.c cppfunc 235 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 11632 67374/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_33.cpp cppfunc 40 wchar_t * &dataRef = data; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcscat(dest, data); 1 --------------------------------- 11633 72086/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_07.c cppfunc 46 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11634 71463/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_08.c cppfunc 60 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11635 148966/tvbuff.c cppfunc 1322 tvb_get_letohieee_float(tvbuff_t *tvb, const int offset) return get_ieee_float(tvb_get_letohl(tvb, offset)); tvb_get_letohl(tvbuff_t *tvb, const gint offset) ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); fast_ensure_contiguous(tvbuff_t *tvb, const gint offset, const guint length) DISSECTOR_ASSERT(tvb && tvb->initialized); return ensure_contiguous(tvb, offset, length); u_offset = offset; return tvb->real_data + u_offset; return NULL; ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); return pntohl(ptr); IEEE_SP_MANTISSA_WIDTH; exponent = ((exponent >> IEEE_SP_MANTISSA_WIDTH) - IEEE_SP_BIAS) - return -mantissa * pow(2, exponent); return get_ieee_float(tvb_get_ntohl(tvb, offset)); ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); return pletohl(ptr); return get_ieee_float(tvb_get_letohl(tvb, offset)); get_ieee_float(const guint32 w) exponent = w & IEEE_SP_EXPONENT_MASK; exponent = ((exponent >> IEEE_SP_MANTISSA_WIDTH) - IEEE_SP_BIAS) - return -mantissa * pow(2, exponent); tvb_get_ntohieee_float(tvbuff_t *tvb, const int offset) return get_ieee_float(tvb_get_ntohl(tvb, offset)); tvb_get_ntohl(tvbuff_t *tvb, const gint offset) ptr = fast_ensure_contiguous(tvb, offset, sizeof(guint32)); 1 --------------------------------- 11636 153100/color.c cppfunc 570 return c - 32; mesoprescutal_relaxable = getenv("SHOTTED_SINNAMAHONING"); quartzitic_calpacs = ((char *)mesoprescutal_relaxable); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, quartzitic_calpacs); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); 1 --------------------------------- 11637 199235/buffer_underrun_dynamic.c cppfunc 237 int *buf=(int*) calloc(5,sizeof(int)); int index = 5; *(buf-index)=9; free(buf); 1 --------------------------------- 11638 72868/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_31.c cppfunc 40 data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11639 153771/main_filter_toolbar.c cppfunc 485 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 11640 153421/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&deathtrap_vail,"EPOPEE_UNTASTILY"); if (deathtrap_vail != 0) {; cupressus_morphologies = ((char *)deathtrap_vail); stonesoup_input_len = strlen(cupressus_morphologies); if (stonesoup_input_len < 2) { stonesoup_result = ( *stonesoup_function_ptr)(cupressus_morphologies); if (stonesoup_result == 0) if (deathtrap_vail != 0) free(((char *)deathtrap_vail)); 1 --------------------------------- 11641 153137/emem.c inputfunc 222 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&fittipaldi_arcaded,"MIMICKER_CUNNINGHAMIA"); if (fittipaldi_arcaded != 0) {; costocentral_salvoes = ((void *)fittipaldi_arcaded); begift_hydatogenic = gnomonic_sandbin(costocentral_salvoes); void *gnomonic_sandbin(void *tactions_assagaiing) return tactions_assagaiing; begift_hydatogenic = gnomonic_sandbin(costocentral_salvoes); oilskins_pinacle = ((char *)((char *)begift_hydatogenic)); stonesoup_buff_size = ((int )(strlen(oilskins_pinacle))); strncpy(stonesoup_heap_buff_64, oilskins_pinacle, 64); for (; stonesoup_ss_i < stonesoup_buff_size; ++stonesoup_ss_i){ if (((char *)begift_hydatogenic) != 0) free(((char *)((char *)begift_hydatogenic))); 1 --------------------------------- 11642 70512/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_17.c cppfunc 71 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11643 72348/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_45.c cppfunc 35 data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_45_badData; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11644 71483/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_44.c cppfunc 38 static void badSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11645 72853/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_06.c cppfunc 44 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11646 152917/cmdutils.c cppfunc 122 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11647 110470/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_15.c cppfunc 48 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11648 153627/e_bf.c inputfunc 137 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&melvie_asylabia,"VICTIMISE_WALLSEND"); if (melvie_asylabia != 0) {; mopan_superhero[1] = melvie_asylabia; roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))] = mopan_superhero; aedoeology_enteroplasty = roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))]; if (aedoeology_enteroplasty[1] != 0) { annalist_asphyxiation = ((char *)aedoeology_enteroplasty[1]); strncpy(stonesoup_buffer, annalist_asphyxiation, stonesoup_buffer_len); *stonesoup_buffer_ptr = annalist_asphyxiation; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); strncpy(stonesoup_buffer, annalist_asphyxiation, stonesoup_buffer_len); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); if (stonesoup_buffer_ptr != 0) { free(stonesoup_buffer_ptr); if (aedoeology_enteroplasty[1] != 0) free(((char *)aedoeology_enteroplasty[1])); 1 --------------------------------- 11649 153264/types.c cppfunc 72 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11650 153397/resowner.c cppfunc 169 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11651 148828/FixedTableLayout.cpp cppfunc 210 int FixedTableLayout::calcWidthArray(int) int usedWidth = 0; RenderObject* child = m_table->firstChild(); int nEffCols = m_table->numEffCols(); m_width.resize(nEffCols); int currentEffectiveColumn = 0; Length grpWidth; toRenderTableCol(child)->calcPrefWidths(); RenderObject* next = child->firstChild(); next = child->nextSibling(); child = next; int bs = m_table->bordersPaddingAndSpacing(); int tableWidth = m_table->style()->width().isFixed() ? m_table->style()->width().value() - bs : 0; int mw = calcWidthArray(tableWidth) + bs; if (child->isTableCol()) { if (!next && child->parent()->isTableCol()) { next = child->parent()->nextSibling(); child = next; RenderTableCol* col = toRenderTableCol(child); if (col->firstChild()) grpWidth = col->style()->width(); Length w = col->style()->width(); if (w.isAuto()) grpWidth = Length(); w = grpWidth; int effWidth = 0; if (w.isFixed() && w.value() > 0) effWidth = w.value(); int span = col->span(); m_table->splitColumn(currentEffectiveColumn, span); span -= spanInCurrentEffectiveColumn; m_table->appendColumn(span); nEffCols++; spanInCurrentEffectiveColumn = span; currentEffectiveColumn++; if (span < m_table->spanOfEffCol(currentEffectiveColumn)) { m_table->splitColumn(currentEffectiveColumn, span); nEffCols++; spanInCurrentEffectiveColumn = m_table->spanOfEffCol(currentEffectiveColumn); if ((w.isFixed() || w.isPercent()) && w.isPositive()) { m_width[currentEffectiveColumn].setRawValue(w.type(), w.rawValue() * spanInCurrentEffectiveColumn); usedWidth += effWidth * spanInCurrentEffectiveColumn; RenderTableSection* section = m_table->header(); section = m_table->firstBody(); section = m_table->footer(); if (section && !section->numRows()) section = m_table->sectionBelow(section, true); int cCol = 0; RenderObject* firstRow = section->firstChild(); child = firstRow->firstChild(); child = child->nextSibling(); if (child->isTableCell()) { RenderTableCell* cell = toRenderTableCell(child); if (cell->prefWidthsDirty()) cell->calcPrefWidths(); Length w = cell->styleOrColWidth(); int span = cell->colSpan(); int effWidth = 0; if (w.isFixed() && w.isPositive()) effWidth = w.value(); int i = 0; i++; cCol += i; ASSERT(cCol + i < nEffCols); int eSpan = m_table->spanOfEffCol(cCol + i); if (m_width[cCol + i].isAuto() && w.type() != Auto) { m_width[cCol + i].setRawValue(w.type(), w.rawValue() * eSpan / span); usedWidth += effWidth * eSpan / span; return usedWidth; int mw = calcWidthArray(tableWidth) + bs; minWidth = max(mw, tableWidth); 1 --------------------------------- 11652 152955/timestamp.c cppfunc 93 stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11653 153304/color.c cppfunc 581 return c - 32; bobbinet_eleutherism = getenv("UNSTANDARDIZED_HALLOWS"); sweatiest_tearaway = ((char *)bobbinet_eleutherism); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(sweatiest_tearaway))); stonesoup_data->buffer[stonesoup_buff_size] = sweatiest_tearaway[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); 1 --------------------------------- 11654 67290/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_62.cpp cppfunc 38 void badSource(wchar_t * &data); wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); wchar_t dest[50] = L""; wcscat(dest, data); 1 --------------------------------- 11655 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11656 72821/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_32.c cppfunc 45 char * *dataPtr2 = &data; char * data = *dataPtr2; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11657 153271/types.c cppfunc 75 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11658 67597/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_51.cpp cppfunc 41 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 11659 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c cppfunc 48 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 11660 70444/CWE122_Heap_Based_Buffer_Overflow__CWE135_81_goodB2G.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__CWE135_81_goodB2G::action(void * data) const size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 1 --------------------------------- 11661 153345/eng_table.c cppfunc 887 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 11662 110371/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_12.c cppfunc 60 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11663 152964/color.c cppfunc 602 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); return c - 32; stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void stonesoup_handle_taint(char *causa_piaroa) faggoting_ctenidial = ((char *)causa_piaroa); stonesoup_taint_len = ((int )(strlen(faggoting_ctenidial))); stonesoup_heap_buff_64[stonesoup_buff_size] = faggoting_ctenidial[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); 1 --------------------------------- 11664 199319/uninit_pointer.c cppfunc 409 uninit_pointer_016_gbl_doubleptr=(char**) malloc(10*sizeof(char*)); uninit_pointer_016_gbl_doubleptr[i]=(char*) malloc(10*sizeof(char)); strcpy(uninit_pointer_016_gbl_doubleptr[i],"STRING00"); uninit_pointer_016_func_002(); strcpy(s,uninit_pointer_016_gbl_doubleptr[i]); free (uninit_pointer_016_gbl_doubleptr[i]); free(uninit_pointer_016_gbl_doubleptr); 1 --------------------------------- 11665 72776/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_41.c cppfunc 36 data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_41_badSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11666 153349/img2.c cppfunc 71 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11667 70754/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_21.c cppfunc 52 data = (char *)malloc(10*sizeof(char)); return data; data = NULL; data = badSource(data); strcpy(data, source); printLine(data); free(data); static char * badSource(char * data) return data; data = badSource(data); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11668 72343/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_34.c cppfunc 46 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_34_unionType myUnion; char * data = myUnion.unionSecond; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11669 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 11670 153702/config.c cppfunc 238 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, crotalaria_instantiations, strlen(crotalaria_instantiations) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 11671 110368/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_09.c cppfunc 55 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11672 70943/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_16.c cppfunc 44 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11673 72997/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_06.c cppfunc 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11674 72989/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_82_goodG2B.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_82_goodG2B::action(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11675 72432/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_17.c cppfunc 40 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11676 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11677 70982/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_07.c cppfunc 48 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11678 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c inputfunc 58 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 11679 72100/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_31.c cppfunc 40 data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11680 67492/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_09.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_09_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_09_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_09_bad(); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 11681 153796/oids.c cppfunc 117 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11682 153423/error.c cppfunc 103 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11683 70946/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_21.c cppfunc 53 data = (char *)malloc(10*sizeof(char)); return data; data = NULL; data = badSource(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); static char * badSource(char * data) return data; data = badSource(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11684 199289/null_pointer.c cppfunc 239 null_pointer_015_gbl_ptr=NULL; char *str = "This is a string"; null_pointer_015_func_001(strlen(str)); strcpy(null_pointer_015_gbl_ptr,str); free(null_pointer_015_gbl_ptr); void null_pointer_015_func_001 (int len) null_pointer_015_gbl_ptr= malloc(sizeof(char) * (len+1)); null_pointer_015_func_001(strlen(str)); strcpy(null_pointer_015_gbl_ptr,str); free(null_pointer_015_gbl_ptr); 1 --------------------------------- 11685 199289/null_pointer.c cppfunc 231 char *str = "This is a string"; null_pointer_015_func_001(strlen(str)); void null_pointer_015_func_001 (int len) null_pointer_015_gbl_ptr= malloc(sizeof(char) * (len+1)); 1 --------------------------------- 11686 70936/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_09.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11687 153353/color.c cppfunc 120 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11688 153037/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11689 199235/buffer_underrun_dynamic.c cppfunc 606 dynamic_buffer_underrun_s_032* ptr_s= calloc(10,sizeof(dynamic_buffer_underrun_s_032)); ptr_s[i].arr[i]='a'; free(ptr_s); 1 --------------------------------- 11690 110506/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_03.c cppfunc 131 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11691 148966/emem.c cppfunc 1057 va_list ap; va_start(ap, fmt); dst = ep_strdup_vprintf(fmt, ap); ep_strdup_vprintf(const gchar *fmt, va_list ap) return emem_strdup_vprintf(fmt, ap, ep_alloc); emem_strdup_vprintf(const gchar *fmt, va_list ap, void *allocator(size_t)) G_VA_COPY(ap2, ap); len = g_printf_string_upper_bound(fmt, ap); va_end(ap); 1 --------------------------------- 11692 153555/utf.c cppfunc 124 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11693 153106/config.c cppfunc 1078 void spraining_stulty(void **derisible_underbear) plumbicon_promisee = ((char *)((char *)( *(derisible_underbear - 5)))); strncpy(stonesoup_buffer, plumbicon_promisee, stonesoup_buffer_len); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); *stonesoup_buffer_ptr = plumbicon_promisee; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); 1 --------------------------------- 11694 70521/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_42.c inputfunc 29 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; data = badSource(data); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 11695 70466/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_21.c cppfunc 74 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11696 66318/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_66.c cppfunc 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11697 152883/avpacket.c cppfunc 438 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(aberdeen_luncheon, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); void stonesoup_printf(char * format, ...) { free (stonesoup_data); 1 --------------------------------- 11698 199233/buffer_overrun_dynamic.c cppfunc 28 char *buf=(char*) calloc(5,sizeof(char)); buf[i]=1; free(buf); 1 --------------------------------- 11699 110385/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_42.c cppfunc 58 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; data = -1; data = badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); static int badSource(int data) if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) return data; data = badSource(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11700 70854/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_33.cpp cppfunc 46 char * &dataRef = data; char * data = dataRef; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11701 70760/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_41.c cppfunc 35 data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_41_badSink(char * data) strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11702 153215/pgstat.c cppfunc 307 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11703 153521/mutex.c cppfunc 47 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11704 70650/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_11.c cppfunc 146 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11705 70900/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_31.c cppfunc 43 data = (char *)malloc(10*sizeof(char)); char * dataCopy = data; char * data = dataCopy; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11706 152897/conf_mod.c cppfunc 123 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11707 110518/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_15.c cppfunc 137 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11708 153002/hashfn.c cppfunc 72 stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11709 153269/color.c cppfunc 577 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 11710 153356/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&zorilla_agnathic,"ENTOZOOLOGICAL_UNRESTRICTIVE"); if (zorilla_agnathic != 0) {; sarcosepta_lacet = ((char *)zorilla_agnathic); if (strlen(sarcosepta_lacet) < 20) {; realpath(sarcosepta_lacet, stonesoup_data->base_path); if (zorilla_agnathic != 0) free(((char *)zorilla_agnathic)); 1 --------------------------------- 11711 73162/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_43.cpp cppfunc 43 data[100-1] = L'\0'; wcscpy(dest, data); printWLine(data); free(data); 1 --------------------------------- 11712 153374/color.c cppfunc 118 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11713 72420/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_05.c cppfunc 46 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11714 153748/color.c cppfunc 90 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11715 199275/invalid_memory_access.c cppfunc 293 int ptr[5] = {4,6,9,10,0}; int *ptr1,i; invalid_memory_access_func_010(5,&ptr1); for(i=0;i<5;i++) *(ptr1+i) = ptr[i]; free(ptr1); void invalid_memory_access_func_010 (int len ,int **Ptr) int * p = malloc(sizeof(int) * len); *Ptr = p; invalid_memory_access_func_010(5,&ptr1); free(ptr1); 1 --------------------------------- 11716 153825/stream.c cppfunc 571 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; return c - 32; int preformed_puerperant = 596; char *ageism_pallion;; stonesoup_read_taint(&ageism_pallion,"2000",preformed_puerperant); tanagrine_courtesied = ((void *)ageism_pallion); muckiness_walkersville[5] = tanagrine_courtesied; theorism_subfusc = 5; reprinted_unannoyingly = &theorism_subfusc; uninfallible_overassertion = *(muckiness_walkersville + *reprinted_unannoyingly); PANDEMIC_PAPULAE(uninfallible_overassertion); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void upspurt_hematothorax(void *knightship_reformed) strawworm_springling = ((char *)((char *)knightship_reformed)); stonesoup_taint_len = ((int )(strlen(strawworm_springling))); stonesoup_heap_buff_64[stonesoup_buff_size] = strawworm_springling[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&ageism_pallion,"2000",preformed_puerperant); tanagrine_courtesied = ((void *)ageism_pallion); muckiness_walkersville[5] = tanagrine_courtesied; uninfallible_overassertion = *(muckiness_walkersville + *reprinted_unannoyingly); PANDEMIC_PAPULAE(uninfallible_overassertion); 1 --------------------------------- 11717 199253/double_free.c cppfunc 22 char* ptr= (char*) malloc(sizeof(char)); free(ptr); free(ptr); 1 --------------------------------- 11718 153182/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11719 70858/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_43.cpp cppfunc 48 data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11720 71020/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_81_goodG2B.cpp cppfunc 31 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_81_goodG2B::action(wchar_t * data) const wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11721 72280/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_09.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11722 70468/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_31.c cppfunc 131 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11723 62593/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_51.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 11724 153792/gimpdisplay.c cppfunc 853 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; return c; int wanderoo_hybridising = 596; char *irishwomen_simeonite;; stonesoup_read_taint(&irishwomen_simeonite,"9330",wanderoo_hybridising); hih_mucocellulosic = irishwomen_simeonite; biscoe_surgeons = &hih_mucocellulosic; unrequitement_babakoto = biscoe_surgeons + 5; pungyi_tercentenary = ((char *)( *(unrequitement_babakoto - 5))); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(pungyi_tercentenary))); stonesoup_data->buffer[stonesoup_buff_size] = pungyi_tercentenary[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); int stonesoup_toupper(int c) return c - 32; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&irishwomen_simeonite,"9330",wanderoo_hybridising); hih_mucocellulosic = irishwomen_simeonite; biscoe_surgeons = &hih_mucocellulosic; unrequitement_babakoto = biscoe_surgeons + 5; pungyi_tercentenary = ((char *)( *(unrequitement_babakoto - 5))); stonesoup_taint_len = ((int )(strlen(pungyi_tercentenary))); stonesoup_data->buffer[stonesoup_buff_size] = pungyi_tercentenary[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free(stonesoup_data); 1 --------------------------------- 11725 153409/config_file.c cppfunc 83 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11726 153177/portalmem.c cppfunc 125 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11727 153743/stream.c cppfunc 136 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11728 67349/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_82a.cpp cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11729 67486/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_03.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_03_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_03_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_03_bad(); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 11730 199235/buffer_underrun_dynamic.c cppfunc 80 int *buf=(int*) calloc(5,sizeof(int)); *(buf-5) = 1; free(buf); 1 --------------------------------- 11731 72421/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_06.c cppfunc 43 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11732 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c cppfunc 41 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 11733 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c cppfunc 44 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11734 70950/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_33.cpp cppfunc 46 char * &dataRef = data; char * data = dataRef; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11735 71003/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_44.c cppfunc 35 static void badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11736 153184/cryptlib.c cppfunc 811 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *schoolyard_unfluid; stonesoup_read_taint(&schoolyard_unfluid,"SAMBOS_TUCKERMANITY"); hygrophyte_wormroot = &schoolyard_unfluid; sarraute_consonance(unconversant_nonspecie,hygrophyte_wormroot); sarraute_consonance(spoutiness_heptachord,oxybenzyl_mislikers); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void sarraute_consonance(int spoutiness_heptachord,char **oxybenzyl_mislikers) belched_ektenes = ((char *)( *oxybenzyl_mislikers)); stonesoup_buffer = malloc((strlen(belched_ektenes) + 1) * sizeof(char )); strcpy(stonesoup_buffer,belched_ektenes); free(stonesoup_buffer); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&schoolyard_unfluid,"SAMBOS_TUCKERMANITY"); hygrophyte_wormroot = &schoolyard_unfluid; sarraute_consonance(unconversant_nonspecie,hygrophyte_wormroot); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 11737 70852/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_31.c cppfunc 43 data = (char *)malloc(10*sizeof(char)); char * dataCopy = data; char * data = dataCopy; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11738 110382/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_33.cpp cppfunc 58 int &dataRef = data; int data = dataRef; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11739 72344/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_41.c cppfunc 31 data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_41_badSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11740 70981/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_06.c cppfunc 46 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11741 72393/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_42.c cppfunc 42 data[100-1] = '\0'; return data; data = badSource(data); strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11742 153583/stream.c cppfunc 128 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11743 110375/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_16.c cppfunc 56 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11744 70898/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_21.c cppfunc 53 data = (char *)malloc(10*sizeof(char)); return data; data = NULL; data = badSource(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); static char * badSource(char * data) return data; data = badSource(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11745 71383/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_34.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_34_unionType myUnion; char * data = myUnion.unionSecond; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11746 70411/CWE122_Heap_Based_Buffer_Overflow__CWE135_12.c cppfunc 56 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11747 73041/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_02.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11748 72678/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_33.cpp cppfunc 42 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcsncat(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11749 72994/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_03.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11750 79382/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_goodB2G.cpp cppfunc 34 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 1 --------------------------------- 11751 71866/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_43.cpp cppfunc 49 static void badSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); data = NULL; badSource(data); memcpy(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 1 --------------------------------- 11752 153406/subtrans.c cppfunc 442 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, queendom_cequi, strlen(queendom_cequi) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); 1 --------------------------------- 11753 153384/color.c cppfunc 120 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11754 153602/img2.c cppfunc 70 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11755 153122/gimpdialogfactory.c inputfunc 94 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&rocketers_beeregar,"6271",petrescence_noncommitted); coliseum_anfractuousness(shootee_pseudobia); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 11756 153576/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11757 70759/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_34.c cppfunc 49 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_34_unionType myUnion; char * data = myUnion.unionSecond; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11758 73046/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_07.c cppfunc 44 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11759 70525/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 11760 70496/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c cppfunc 65 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11761 70645/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_06.c cppfunc 151 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11762 70423/CWE122_Heap_Based_Buffer_Overflow__CWE135_34.c cppfunc 51 CWE122_Heap_Based_Buffer_Overflow__CWE135_34_unionType myUnion; void * data = myUnion.unionSecond; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11763 72828/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_45.c cppfunc 36 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_45_badData; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11764 72183/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_08.c cppfunc 60 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 11765 72437/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_32.c cppfunc 44 char * *dataPtr2 = &data; char * data = *dataPtr2; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11766 72845/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_82_bad.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_82_bad::action(char * data) strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11767 110489/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_61.c cppfunc 41 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_61b_badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11768 153616/mux.c cppfunc 478 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, pluteus_hallan, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 11769 72108/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_45.c cppfunc 36 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_45_badData = data; badSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_45_badData; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11770 199235/buffer_underrun_dynamic.c cppfunc 520 int *buf1=(int*) calloc(5,sizeof(int)); int *buf2=(int*) calloc(3,sizeof(int)); for(i=0;i<5;i++) *(buf1+i)=i; *(buf2-*(buf1+4))=1; free(buf2); 1 --------------------------------- 11771 199253/double_free.c cppfunc 131 char* ptr= (char*) malloc(sizeof(char)); free(ptr); free(ptr); 1 --------------------------------- 11772 153479/file_wrappers.c cppfunc 126 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11773 153818/tile.c cppfunc 423 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 11774 153818/tile.c cppfunc 427 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int cathedratic_epithymetic = 44; char *demander_bacule; stonesoup_read_taint(&demander_bacule,"8148",cathedratic_epithymetic); uncrude_eelgrass[30] = demander_bacule; anesthetist_spartans = uncrude_eelgrass; uneddying_mentobregmatic(hexanchidae_primar,anesthetist_spartans); uneddying_mentobregmatic(gombeen_unorientally,acopon_lacer); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); void uneddying_mentobregmatic(int gombeen_unorientally,char **acopon_lacer) rescramble_breadmaking = ((char *)acopon_lacer[30]); strncpy(stonesoup_buffer, rescramble_breadmaking, stonesoup_buffer_len); *stonesoup_buffer_ptr = rescramble_breadmaking; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); free(stonesoup_buffer_ptr); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&demander_bacule,"8148",cathedratic_epithymetic); uncrude_eelgrass[30] = demander_bacule; anesthetist_spartans = uncrude_eelgrass; uneddying_mentobregmatic(hexanchidae_primar,anesthetist_spartans); 1 --------------------------------- 11775 72786/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_62.cpp cppfunc 45 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); void badSource(wchar_t * &data); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11776 70885/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_06.c cppfunc 47 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11777 153593/color.c cppfunc 118 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11778 72950/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_07.c cppfunc 46 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11779 153778/tile-manager.c cppfunc 965 void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void butterflies_drysne(char *acrosporous_overstriven) scorification_herodiones = ((char *)acrosporous_overstriven); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(scorification_herodiones))); memcpy(stonesoup_data->buffer, scorification_herodiones, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 11780 70524/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45.c cppfunc 54 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11781 153540/eng_table.c inputfunc 155 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&bluntishness_fibiger,"PLUTEUS_VALLECULA"); if (bluntishness_fibiger != 0) {; antiphlogistin_erythron[3] = bluntishness_fibiger; crane_snipy[5] = antiphlogistin_erythron; heartsomeness_tranks = *(crane_snipy + springling_beachie[1]); virulented_bantry = ((char *)heartsomeness_tranks[3]); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(virulented_bantry)+1, virulented_bantry, "TRIGGER-STATE"); strncpy(stonesoup_buffer,virulented_bantry,strlen(virulented_bantry) + 1); if (heartsomeness_tranks[3] != 0) free(((char *)heartsomeness_tranks[3])); 1 --------------------------------- 11782 73344/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_33.cpp cppfunc 39 twoIntsStruct * &dataRef = data; twoIntsStruct * data = dataRef; printStructLine(data); free(data); 1 --------------------------------- 11783 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 11784 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c cppfunc 44 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11785 72728/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_41.c cppfunc 31 data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_41_badSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11786 153304/color.c cppfunc 118 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11787 199235/buffer_underrun_dynamic.c cppfunc 727 char** doubleptr=(char**) malloc(10* sizeof(char*)); doubleptr[i-10]=(char*) malloc(10*sizeof(char)); doubleptr[0][0]='T'; free(doubleptr[i]); free(doubleptr); 1 --------------------------------- 11788 153599/mem_dbg.c cppfunc 251 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11789 72465/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_02.c cppfunc 44 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 1 --------------------------------- 11790 153553/conf_mod.c cppfunc 665 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); imbeciles_ethylin[1] = 5; mistral_unpasted = *(mewled_bardwell + imbeciles_ethylin[1]); hexafluoride_dispraised = ((char *)((char *)mistral_unpasted)); stonesoup_buffer = malloc((strlen(hexafluoride_dispraised) + 1) * sizeof(char )); strcpy(stonesoup_buffer,hexafluoride_dispraised); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); void stonesoup_handle_taint(char *robustity_seraphtide) unlogistical_rowdydowdy = ((void *)robustity_seraphtide); mewled_bardwell[5] = unlogistical_rowdydowdy; mistral_unpasted = *(mewled_bardwell + imbeciles_ethylin[1]); hexafluoride_dispraised = ((char *)((char *)mistral_unpasted)); stonesoup_buffer = malloc((strlen(hexafluoride_dispraised) + 1) * sizeof(char )); strcpy(stonesoup_buffer,hexafluoride_dispraised); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 11791 148916/strutil.c cppfunc 190 format_text(const guchar *string, size_t len) c = *string++; if (isprint(c)) { 1 --------------------------------- 11792 153155/hashfn.c cppfunc 73 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11793 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11794 153014/error.c cppfunc 100 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11795 72872/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_41.c cppfunc 32 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_41_badSink(char * data) strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11796 72753/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_02.c cppfunc 44 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11797 72998/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_07.c cppfunc 44 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11798 110468/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_13.c cppfunc 42 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11799 72724/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_31.c cppfunc 39 data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11800 70889/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_10.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11801 153592/main_filter_toolbar.c cppfunc 482 char *teleologist_hazzanim = 0; aggrieve_ahmeek(&teleologist_hazzanim); joly_adaiha(teleologist_hazzanim); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); memcpy(stonesoup_data->buffer, recharter_bosporian, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void joly_adaiha(char *const herbless_climatography) fanestil_unboraxed[1] = herbless_climatography; recharter_bosporian = ((char *)((char *)fanestil_unboraxed[1])); stonesoup_buff_size = ((int )(strlen(recharter_bosporian))); memcpy(stonesoup_data->buffer, recharter_bosporian, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 11802 72766/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_15.c cppfunc 50 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11803 153718/hashfn.c cppfunc 80 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11804 153406/subtrans.c cppfunc 75 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11805 71464/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_09.c cppfunc 46 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11806 70857/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_42.c cppfunc 46 data = (char *)malloc(10*sizeof(char)); return data; data = badSource(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11807 72188/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_13.c cppfunc 46 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 11808 79498/CWE134_Uncontrolled_Format_String__char_console_snprintf_17.c inputfunc 47 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 11809 66654/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_66.c cppfunc 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11810 70840/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_09.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11811 70932/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_05.c cppfunc 50 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11812 110530/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_43.cpp cppfunc 136 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11813 72185/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_10.c cppfunc 46 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 11814 66310/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_52.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11815 79510/CWE134_Uncontrolled_Format_String__char_console_snprintf_45.c inputfunc 59 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_45_badData = data; badSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_snprintf_45_badData; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 11816 72438/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_33.cpp cppfunc 42 char * &dataRef = data; char * data = dataRef; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11817 73062/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_33.cpp cppfunc 41 char * &dataRef = data; char * data = dataRef; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11818 70998/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_33.cpp cppfunc 45 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11819 199283/memory_allocation_failure.c cppfunc 641 memory_allocation_failure_015_s_001 s = {MAX_V,20}; return s.a; memory_allocation_failure_015_gbl_ptr = (int *) malloc (memory_allocation_failure_015_func_001()*sizeof(int)); 1 --------------------------------- 11820 153741/color.c cppfunc 601 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); return c - 32; stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, copartners_beteela); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); void stonesoup_handle_taint(char *misnomers_archdukedom) copartners_beteela = ((char *)misnomers_archdukedom); strcpy(stonesoup_heap_buffer_64, copartners_beteela); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); 1 --------------------------------- 11821 153363/column-utils.c cppfunc 2240 void pochade_euskara(int shtetlach_kinfolks,void *hectares_terrifying) dividualism_unsittingly = ((char *)((char *)hectares_terrifying)); strncpy(stonesoup_buffer, dividualism_unsittingly, stonesoup_buffer_len); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); *stonesoup_buffer_ptr = dividualism_unsittingly; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); 1 --------------------------------- 11822 153242/e_camellia.c cppfunc 83 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11823 72967/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_34.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11824 73042/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_03.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 11825 71362/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_03.c cppfunc 40 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11826 73006/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_15.c cppfunc 44 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11827 70847/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_16.c cppfunc 44 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11828 72962/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_21.c cppfunc 50 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data[0] = L'\0'; return data; data = badSource(data); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11829 153143/utf.c cppfunc 1012 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(rexx_captiousness, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); 1 --------------------------------- 11830 66268/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_64.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11831 72328/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_09.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11832 153474/e_bf.c cppfunc 112 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11833 70855/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_34.c cppfunc 50 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_34_unionType myUnion; char * data = myUnion.unionSecond; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11834 72306/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_62.cpp cppfunc 40 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11835 148881/tshark.c cppfunc 990 fprintf(output, " -d %s ...\n", decode_as_arg_template); cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, decode_as_arg_template); gboolean start_capture = FALSE; if (profile_exists (optarg)) { set_profile_name (optarg); cmdarg_err("Configuration Profile \"%s\" does not exist", optarg); capture_opts_init(&global_capture_opts, &cfile); else if (strcmp(argv[2], "fields3") == 0) else if (strcmp(argv[2], "protocols") == 0) else if (strcmp(argv[2], "values") == 0) else if (strcmp(argv[2], "decodes") == 0) cmdarg_err("Invalid \"%s\" option for -G flag", argv[2]); while ((opt = getopt(argc, argv, optstring)) != -1) { status = capture_opts_add_opt(&global_capture_opts, opt, optarg, &start_capture); exit(status); print_usage(TRUE); cmdarg_err("Invalid -o flag \"%s\"", optarg); else if (strcmp(optarg, "dd") == 0) status = capture_opts_add_opt(&global_capture_opts, opt, optarg, &start_capture); exit(status); optarg); failure_message(fmt, ap); cmdarg_err("Invalid -o flag \"%s\"", optarg); if (!add_decode_as(optarg)) g_assert(cl_param); g_assert(decoded_param); cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, decode_as_arg_template); cmdarg_err(const char *fmt, ...) while ((opt = getopt(argc, argv, optstring)) != -1) { status = capture_opts_add_opt(&global_capture_opts, opt, optarg, &start_capture); exit(status); if(!output_fields_set_option(output_fields, optarg)) { output_fields_add(output_fields, optarg); out_file_type = wtap_short_string_to_file_type(optarg); cmdarg_err("Invalid -o flag \"%s\"", optarg); cf_name = g_strdup(optarg); if (strcmp(optarg, "r") == 0) badopt = string_to_name_resolve(optarg, &g_resolv_flags); if (strcmp(optarg, "text") == 0) { if(!output_fields_set_option(output_fields, optarg)) { output_fields_add(output_fields, optarg); out_file_type = wtap_short_string_to_file_type(optarg); cf_name = g_strdup(optarg); if (!process_stat_cmd_arg(optarg)) { read_keytab_file(optarg); cmdarg_err("-o flag \"%s\" specifies unknown preference", optarg); add_decode_as(const gchar *cl_param) g_assert(cl_param); g_assert(handle); decoded_param = g_strdup(cl_param); extern char *optarg; status = capture_opts_add_opt(&global_capture_opts, opt, optarg, &start_capture); exit(status); main(int argc, char *argv[]) static const char optstring[] = OPTSTRING_INIT OPTSTRING_WIN32; init_progfile_dir_error = init_progfile_dir(argv[0], main); while ((opt = getopt(argc, argv, optstring)) != -1) { ex_opt_add(optarg); if (argc >= 2 && strcmp(argv[1], "-G") == 0) { if (strcmp(argv[2], "fields") == 0) else if (strcmp(argv[2], "fields2") == 0) else if (strcmp(argv[2], "defaultprefs") == 0) else if (strcmp(argv[2], "currentprefs") == 0) { while ((opt = getopt(argc, argv, optstring)) != -1) { status = capture_opts_add_opt(&global_capture_opts, opt, optarg, &start_capture); exit(status); if (!add_decode_as(optarg)) cmdarg_err("\"%s\" is not a valid field output option=value pair.", optarg); cmdarg_err("\"%s\" isn't a valid capture file type", optarg); else if (strcmp(optarg, "a") == 0) else if (strcmp(optarg, "ad") == 0) else if (strcmp(optarg, "d") == 0) else if (strcmp(optarg, "e") == 0) } else if (strcmp(optarg, "ps") == 0) { } else if (strcmp(optarg, "pdml") == 0) { } else if (strcmp(optarg, "psml") == 0) { } else if(strcmp(optarg, "fields") == 0) { status = capture_opts_add_opt(&global_capture_opts, opt, optarg, &start_capture); exit(status); cmdarg_err_cont(const char *fmt, ...) cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, decode_as_arg_template); 1 --------------------------------- 11836 73037/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_82_bad.cpp cppfunc 31 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_82_bad::action(char * data) strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11837 153356/color.c cppfunc 599 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(sarcosepta_lacet, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 11838 152967/color.c cppfunc 597 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; return c - 32; char *undisbursed_puris; stonesoup_read_taint(&undisbursed_puris,"FRITTERING_HYBRIDISED"); campanularian_babroot = ((char *)undisbursed_puris); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, campanularian_babroot); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&undisbursed_puris,"FRITTERING_HYBRIDISED"); campanularian_babroot = ((char *)undisbursed_puris); strcpy(stonesoup_heap_buffer_64, campanularian_babroot); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); 1 --------------------------------- 11839 153101/resowner.c cppfunc 167 stonesoup_printf("Error: Failed to allocate memory\n"); s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11840 153655/color.c cppfunc 118 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11841 110321/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_10.c cppfunc 118 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11842 73008/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_17.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 11843 71201/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_61.c cppfunc 42 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_61b_badSource(data); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11844 72277/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_06.c cppfunc 43 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11845 153517/color.c cppfunc 120 stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11846 72429/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_14.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11847 110522/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_21.c cppfunc 141 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; data = -1; data = badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); static int badSource(int data) return data; data = badSource(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11848 148966/packet-http.c cppfunc 1811 dissect_http(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) conv_data = get_http_conversation_data(pinfo); get_http_conversation_data(packet_info *pinfo) conversation = find_or_create_conversation(pinfo); conv_data = conversation_get_proto_data(conversation, proto_http); conv_data = se_alloc0(sizeof(http_conv_t)); conv_data); return conv_data; conv_data = get_http_conversation_data(pinfo); http_payload_subdissector(tvb, tree, pinfo, conv_data); packet_info *pinfo, http_conv_t *conv_data) strings = g_strsplit(conv_data->request_uri, ":", 2); tvb, 0, 0, strings[0]); tvb, 0, 0, strtol(strings[1], NULL, 10) ); 1 --------------------------------- 11849 1486/Figure2-2-windows.cpp inputfunc 21 int main(int argc, char *argv[]) strcpy(name, argv[1]); strcat(name, " = "); strcat(name, argv[2]); 1 --------------------------------- 11850 66311/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11851 79414/CWE134_Uncontrolled_Format_String__char_console_fprintf_45.c inputfunc 49 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_45_badData = data; badSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_fprintf_45_badData; fprintf(stdout, data); 1 --------------------------------- 11852 72778/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_43.cpp cppfunc 49 data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11853 70444/CWE122_Heap_Based_Buffer_Overflow__CWE135_81_goodG2B.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__CWE135_81_goodG2B::action(void * data) const size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11854 71480/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_41.c cppfunc 38 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_41_badSink(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11855 70503/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_08.c cppfunc 83 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11856 72416/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_01.c cppfunc 36 data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11857 72752/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_01.c cppfunc 41 data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11858 72731/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_44.c cppfunc 31 static void badSink(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11859 72221/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_82_bad.cpp cppfunc 39 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_82_bad::action(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 11860 70502/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_07.c cppfunc 75 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11861 70506/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_11.c cppfunc 70 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11862 71394/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_62.cpp cppfunc 41 data = NULL; badSource(data); void badSource(char * &data); strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11863 70770/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_62.cpp cppfunc 44 data = NULL; badSource(data); void badSource(char * &data); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11864 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 11865 153766/tile-swap.c cppfunc 771 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 11866 71376/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_17.c cppfunc 41 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 11867 72748/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_81_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_81_bad::action(wchar_t * data) const wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11868 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 11869 110330/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_21.c cppfunc 128 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; data = -1; data = badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); static int badSource(int data) return data; data = badSource(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11870 70666/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_43.cpp cppfunc 149 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11871 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11872 72289/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_18.c cppfunc 38 data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11873 72594/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_62.cpp cppfunc 40 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); void badSource(wchar_t * &data); memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 1 --------------------------------- 11874 199233/buffer_overrun_dynamic.c cppfunc 514 int *buf1=(int*) calloc(5,sizeof(int)); int *buf2=(int*) calloc(3,sizeof(int)); for(i=0;i<5;i++) *(buf1+i)=i; *(buf2+*(buf1+5))=1; free(buf1); 1 --------------------------------- 11875 199233/buffer_overrun_dynamic.c cppfunc 233 int *buf=(int*) calloc(5,sizeof(int)); int index = 5; *(buf+index)=9; free(buf); 1 --------------------------------- 11876 67429/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_51.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11877 79411/CWE134_Uncontrolled_Format_String__char_console_fprintf_42.c inputfunc 35 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = badSource(data); fprintf(stdout, data); 1 --------------------------------- 11878 110683/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_63.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 11879 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c cppfunc 50 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11880 72283/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_12.c cppfunc 45 data[100-1] = '\0'; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11881 110476/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_31.c cppfunc 42 data = -1; fscanf(stdin, "%d", &data); int dataCopy = data; int data = dataCopy; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11882 153819/color.c cppfunc 593 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_handle_taint(char *champion_adamello) royalising_resaw = ((char *)champion_adamello); stonesoup_buffer = malloc((strlen(royalising_resaw) + 1) * sizeof(char )); strcpy(stonesoup_buffer,royalising_resaw); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 11883 72380/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_13.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11884 110398/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_66.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 11885 70892/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_13.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11886 153703/tile-swap.c cppfunc 993 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, overheaps_arisaid, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 11887 199275/invalid_memory_access.c cppfunc 269 invalid_memory_access_009_uni_001 *u = (invalid_memory_access_009_uni_001 * )malloc(5*sizeof( invalid_memory_access_009_uni_001 )); u->s1 = (invalid_memory_access_009_s_001 *) malloc(sizeof(invalid_memory_access_009_s_001)); u->s1->a = (int *) malloc(5*sizeof(int)); free(u->s1->a); free(u->s1); free(u); 1 --------------------------------- 11888 199275/invalid_memory_access.c cppfunc 268 u->s1->a = (int *) malloc(5*sizeof(int)); free(u->s1->a); free(u->s1); 1 --------------------------------- 11889 70903/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_34.c cppfunc 50 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_34_unionType myUnion; char * data = myUnion.unionSecond; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11890 199235/buffer_underrun_dynamic.c cppfunc 202 dynamic_buffer_underrun_010_s_001* sbuf= (dynamic_buffer_underrun_010_s_001*) calloc(5,sizeof(dynamic_buffer_underrun_010_s_001)) ; sbuf[-1].a = 1; free(sbuf); 1 --------------------------------- 11891 110381/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_32.c cppfunc 60 int *dataPtr2 = &data; int data = *dataPtr2; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11892 110402/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_73.cpp cppfunc 44 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 11893 153449/heapam.c cppfunc 5255 return c - 32; tracepoint(stonesoup_trace, weakness_start, "CWE785", "C", "Use of Path Manipulation Function without Maximum-sized Buffer"); stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); if (stonesoup_data != NULL) { for (; stonesoup_oc_i < stonesoup_opt_var; ++stonesoup_oc_i) { tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "TRIGGER-POINT"); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); } tracepoint(stonesoup_trace, trace_point, "TRIGGER-POINT: AFTER"); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, trace_point, "TRIGGER-POINT: AFTER"); int stonesoup_toupper(int c) return c; for (; stonesoup_oc_i < stonesoup_opt_var; ++stonesoup_oc_i) { tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "TRIGGER-POINT"); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); 1 --------------------------------- 11894 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c cppfunc 60 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 11895 152903/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hotheadednesses_protoactinium,"RUPESTRAL_UNCUMBER"); if (hotheadednesses_protoactinium != 0) {; wreckage_conceding = ((char *)hotheadednesses_protoactinium); stonesoup_buff_size = ((int )(strlen(wreckage_conceding))); memcpy(stonesoup_data->buffer, wreckage_conceding, 64); for (; stonesoup_i < stonesoup_buff_size; ++stonesoup_i){ tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); if (hotheadednesses_protoactinium != 0) free(((char *)hotheadednesses_protoactinium)); 1 --------------------------------- 11896 71001/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_42.c cppfunc 45 data = (wchar_t *)malloc(10*sizeof(wchar_t)); return data; data = badSource(data); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11897 153573/bss_file.c cppfunc 140 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11898 70980/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_05.c cppfunc 49 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11899 72402/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_62.cpp cppfunc 40 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data); strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11900 70758/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_33.cpp cppfunc 45 char * &dataRef = data; char * data = dataRef; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 11901 153293/timestamp.c cppfunc 79 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11902 153790/mem_dbg.c cppfunc 240 stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11903 153156/e_camellia.c cppfunc 81 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11904 152943/types.c cppfunc 429 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 11905 67501/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_18.c cppfunc 47 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_18_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_18_bad(); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 11906 153495/timestamp.c cppfunc 171 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(sagaponack_tasker, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); 1 --------------------------------- 11907 153288/color.c cppfunc 605 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; return c; int backoff_blastomas = 596; char *meadowlarks_bannock; stonesoup_read_taint(&meadowlarks_bannock,"9830",backoff_blastomas); hoofy_telephotography = ((char *)meadowlarks_bannock); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, hoofy_telephotography); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) return c - 32; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&meadowlarks_bannock,"9830",backoff_blastomas); hoofy_telephotography = ((char *)meadowlarks_bannock); strcpy(stonesoup_data->buffer, hoofy_telephotography); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 11908 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 11909 67386/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_62.cpp cppfunc 38 void badSource(wchar_t * &data); wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); wchar_t dest[50] = L""; wcscat(dest, data); 1 --------------------------------- 11910 199235/buffer_underrun_dynamic.c cppfunc 447 *(buf-5) = 1; int *buf=(int*) calloc(5,sizeof(int)); dynamic_buffer_underrun_024_func_001(buf); free(buf); void dynamic_buffer_underrun_024_func_001 (int *buf) free(buf); 1 --------------------------------- 11911 153501/e_camellia.c cppfunc 111 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11912 110378/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_21.c cppfunc 65 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; data = -1; data = badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); static int badSource(int data) return data; data = badSource(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11913 153812/oids.c cppfunc 128 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11914 70511/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_16.c cppfunc 71 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11915 153758/stream.c cppfunc 126 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11916 67499/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_16.c cppfunc 47 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_16_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_16_bad(); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 11917 153419/avfilter.c cppfunc 75 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11918 72418/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_03.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11919 70655/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_16.c cppfunc 147 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11920 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c cppfunc 39 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 11921 72714/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_11.c cppfunc 39 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11922 153697/color.c cppfunc 90 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11923 62968/CWE121_Stack_Based_Buffer_Overflow__CWE135_31.c cppfunc 39 data = (void *)WIDE_STRING; void * dataCopy = data; void * data = dataCopy; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 11924 66652/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_64.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11925 153522/dirent_uri.c cppfunc 2083 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, newfeld_baptistown, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 11926 62965/CWE121_Stack_Based_Buffer_Overflow__CWE135_18.c cppfunc 40 data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 11927 62965/CWE121_Stack_Based_Buffer_Overflow__CWE135_18.c cppfunc 43 data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11928 72297/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_42.c cppfunc 42 data[100-1] = '\0'; return data; data = badSource(data); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11929 153810/pgstat.c cppfunc 268 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11930 70851/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22.c cppfunc 45 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_badSource(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11931 148881/packet-http.c cppfunc 1393 chunked_encoding_dissector(tvbuff_t **tvb_ptr, packet_info *pinfo, proto_tree *tree, int offset) gint chunk_offset = 0; tvb = *tvb_ptr; datalen = tvb_reported_length_remaining(tvb, offset); ti = proto_tree_add_text(tree, tvb, offset, datalen, linelen = tvb_find_line_end(tvb, offset, -1, &chunk_offset, TRUE); chunk_string = tvb_get_ephemeral_string(tvb, offset, linelen); chunk_size = strtol((gchar*)chunk_string, NULL, 16); datalen = tvb_reported_length_remaining(tvb, offset); chunk_size = datalen; chunk_tvb = tvb_new_subset(tvb, chunk_offset, chunk_size, datalen); tvb_memcpy(tvb, (guint8 *)(raw_data + raw_len), chunk_offset, chunk_size); chunk_ti = proto_tree_add_text(subtree, tvb, chunk_offset - offset + chunk_size + 2, chunk_ti = proto_tree_add_text(subtree, tvb, chunk_offset - offset + chunk_size + 2, "Data chunk (%u octets)", chunk_size); proto_tree_add_text(chunk_subtree, tvb, offset, chunk_offset - offset, "Chunk size: %u octets", chunk_size); data_tvb = tvb_new_subset(tvb, chunk_offset, chunk_size, proto_tree_add_text(chunk_subtree, tvb, chunk_offset + chunk_size, 2, "Chunk boundary"); offset = chunk_offset + chunk_size + 2; datalen = tvb_reported_length_remaining(tvb, offset); linelen = tvb_find_line_end(tvb, offset, -1, &chunk_offset, TRUE); chunk_string = tvb_get_ephemeral_string(tvb, offset, linelen); chunk_size = strtol((gchar*)chunk_string, NULL, 16); 1 --------------------------------- 11932 153333/utils.c cppfunc 95 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11933 153291/color.c cppfunc 90 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11934 70433/CWE122_Heap_Based_Buffer_Overflow__CWE135_61.c cppfunc 38 data = CWE122_Heap_Based_Buffer_Overflow__CWE135_61b_badSource(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11935 70947/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22.c cppfunc 45 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_badSource(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11936 72713/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_10.c cppfunc 39 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 11937 72844/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_81_bad.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_81_bad::action(char * data) const strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11938 153185/color.c cppfunc 596 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, irrespirable_orthotropism, strlen(irrespirable_orthotropism) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 11939 72774/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_33.cpp cppfunc 47 wchar_t * &dataRef = data; wchar_t * data = dataRef; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 11940 153706/cmdline.c cppfunc 1185 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, forrard_skeltonic, strlen(forrard_skeltonic) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); 1 --------------------------------- 11941 70402/CWE122_Heap_Based_Buffer_Overflow__CWE135_03.c cppfunc 46 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11942 72316/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_81_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_81_bad::action(char * data) const memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11943 153335/emem.c cppfunc 1139 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, sluig_favorers, strlen(sluig_favorers) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); 1 --------------------------------- 11944 153513/utils.c cppfunc 4948 void stonesoup_printf(char * format, ...) { stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); memcpy(stonesoup_data->buffer, oestrin_considerately, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_handle_taint(char *pva_federalizes) achlorhydria_unpeculiarly . reunionistic_cabinlike = ((char *)pva_federalizes); upclimbed_cellule(achlorhydria_unpeculiarly); void upclimbed_cellule(struct ulicon_crosswicks pochay_mercator) oestrin_considerately = ((char *)pochay_mercator . reunionistic_cabinlike); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(oestrin_considerately))); memcpy(stonesoup_data->buffer, oestrin_considerately, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 11945 72968/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_41.c cppfunc 32 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_41_badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11946 199233/buffer_overrun_dynamic.c cppfunc 77 int *buf=(int*) calloc(5,sizeof(int)); *(buf+5) = 1; free(buf); 1 --------------------------------- 11947 153517/color.c cppfunc 589 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, kherson_fraternal, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 11948 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c inputfunc 52 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 11949 152897/conf_mod.c cppfunc 671 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void stonesoup_handle_taint(char *nurry_capacitations) pereira_uncancelable = ((void *)nurry_capacitations); expanse_sarrazin = &pereira_uncancelable; grappas_kernels = ((char *)((char *)( *expanse_sarrazin))); stonesoup_buff_size = strlen(grappas_kernels) + 1; grappas_kernels[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = free (stonesoup_other_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); 1 --------------------------------- 11950 73348/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_43.cpp cppfunc 41 badSource(data); static void badSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(sizeof(data)); data->intOne = 1; data->intTwo = 2; static void badSource(twoIntsStruct * &data) data = NULL; badSource(data); printStructLine(data); free(data); 1 --------------------------------- 11951 199317/uninit_memory_access.c cppfunc 339 uninit_memory_access_012_s_001 *s1, s; s1 = (uninit_memory_access_012_s_001*)calloc(1,sizeof(uninit_memory_access_012_s_001)); s1->int_a = 10; memcpy(&s, s1, sizeof(uninit_memory_access_012_s_001)); free(s1); 1 --------------------------------- 11952 153697/color.c cppfunc 612 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void stonesoup_handle_taint(char *imbrowns_sifflement) piazadora_molluscans = ((char *)imbrowns_sifflement); stonesoup_taint_len = ((int )(strlen(piazadora_molluscans))); stonesoup_data->buffer[stonesoup_buff_size] = piazadora_molluscans[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); 1 --------------------------------- 11953 199233/buffer_overrun_dynamic.c cppfunc 444 *(buf+5) = 1; int *buf=(int*) calloc(5,sizeof(int)); dynamic_buffer_overrun_024_func_001(buf); free(buf); void dynamic_buffer_overrun_024_func_001 (int *buf) free(buf); 1 --------------------------------- 11954 148966/packet-sdp.c cppfunc 1618 static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) (tvb_strncaseeql(tvb, offset, sdp_media_attribute_names[i].name, len) == 0)) offset = 0; colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = colon_offset + 1; offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); proto_tree_add_item(sdp_media_attribute_tree, hf_media_format, tvb, payload_type = tvb_get_ephemeral_string(tvb, offset, tokenlen); offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, '/'); proto_tree_add_item(sdp_media_attribute_tree, hf_media_encoding_name, tvb, transport_info->encoding_name[pt] = (char*)tvb_get_ephemeral_string(tvb, offset, tokenlen); next_offset = next_offset + 1; offset = next_offset; if (!isdigit(tvb_get_guint8(tvb, next_offset))) next_offset++; tokenlen = next_offset - offset; proto_tree_add_item(sdp_media_attribute_tree, hf_media_sample_rate, tvb, offset, tokenlen, ENC_ASCII|ENC_NA); transport_info->sample_rate[pt] = atoi(tvb_get_ephemeral_string(tvb, offset, tokenlen)); 1 --------------------------------- 11955 153395/color.c inputfunc 144 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&tranced_brassish,"HLD_UNSCHOLARLINESS"); if (tranced_brassish != 0) {; exr_dimebox = ((char *)tranced_brassish); if (strlen(exr_dimebox) < 1) { stonesoup_set_function(exr_dimebox, &stonesoup_my_foo); if (tranced_brassish != 0) free(((char *)tranced_brassish)); void stonesoup_set_function(char *set_param_str,struct stonesoup_data_struct *set_param_data_struct) if (strlen(set_param_str) > 10U) { set_param_data_struct -> str_member = set_param_str; stonesoup_set_function(exr_dimebox, &stonesoup_my_foo); stonesoup_val = (stonesoup_my_foo . func_member(stonesoup_my_foo . str_member)); if (stonesoup_val == 0) 1 --------------------------------- 11956 72107/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_44.c cppfunc 32 static void badSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11957 199317/uninit_memory_access.c cppfunc 55 char *str1 = (char *) calloc(25,sizeof(char)); char *str2 ; strcpy(str1, str2); printf("%s %s\n",str1,str2); free(str1); 1 --------------------------------- 11958 153513/utils.c cppfunc 74 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11959 153356/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11960 153571/conf_mod.c cppfunc 124 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11961 71202/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_62.cpp cppfunc 45 data = NULL; badSource(data); void badSource(wchar_t * &data); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11962 72275/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_04.c cppfunc 46 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11963 148881/packet-ldss.c cppfunc 584 dissect_ldss (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) return dissect_ldss_transfer(tvb, pinfo, tree); dissect_ldss_transfer (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) guint offset = 0; tvb, 0, tvb_reported_length(tvb), FALSE); while (offset < tvb_reported_length(tvb)) { gint next_offset; linelen = tvb_find_line_end(tvb, offset, FALSE); linelen = tvb_find_line_end(tvb, offset, line = tvb_memdup(tvb, offset, linelen+1); ti = proto_tree_add_text(ldss_tree, tvb, offset, linelen, while (offset < tvb_reported_length(tvb)) { linelen = tvb_find_line_end(tvb, offset, line = tvb_memdup(tvb, offset, linelen+1); tvb_format_text(tvb, offset, next_offset-offset)); if (strncmp(line,"md5:",4)==0) { else if (strncmp(line, "sha1:", 5)==0) { else if (strncmp(line, "sha256:", 7)==0) { else if (strncmp(line, "unknown:", 8)==0) { else if (strncmp(line, "Size: ", 6)==0) { tvb, offset+6, linelen-6, transfer_info->req->size); while (offset < tvb_reported_length(tvb)) { linelen = tvb_find_line_end(tvb, offset, line = tvb_memdup(tvb, offset, linelen+1); if (strncmp(line,"md5:",4)==0) { else if (strncmp(line, "sha1:", 5)==0) { else if (strncmp(line, "sha256:", 7)==0) { else if (strncmp(line, "unknown:", 8)==0) { else if (strncmp(line, "Size: ", 6)==0) { else if (strncmp(line, "Start: ", 7)==0) { tvb, offset+7, linelen-7, transfer_info->req->offset); while (offset < tvb_reported_length(tvb)) { linelen = tvb_find_line_end(tvb, offset, line = tvb_memdup(tvb, offset, linelen+1); if (strncmp(line,"md5:",4)==0) { else if (strncmp(line, "sha1:", 5)==0) { else if (strncmp(line, "sha256:", 7)==0) { else if (strncmp(line, "unknown:", 8)==0) { else if (strncmp(line, "Size: ", 6)==0) { else if (strncmp(line, "Start: ", 7)==0) { else if (strncmp(line, "Compression: ", 13)==0) { transfer_info->req->compression = (gint8)strtol(line+13, NULL, 10); tvb, offset+13, linelen-13, transfer_info->req->compression); while (offset < tvb_reported_length(tvb)) { linelen = tvb_find_line_end(tvb, offset, line = tvb_memdup(tvb, offset, linelen+1); if (strncmp(line,"md5:",4)==0) { else if (strncmp(line, "sha1:", 5)==0) { else if (strncmp(line, "sha256:", 7)==0) { else if (strncmp(line, "unknown:", 8)==0) { else if (strncmp(line, "Size: ", 6)==0) { else if (strncmp(line, "Start: ", 7)==0) { else if (strncmp(line, "Compression: ", 13)==0) { transfer_info->req->compression = (gint8)strtol(line+13, NULL, 10); ti = proto_tree_add_text(line_tree, tvb, offset, linelen, while (offset < tvb_reported_length(tvb)) { linelen = tvb_find_line_end(tvb, offset, line = tvb_memdup(tvb, offset, linelen+1); if (strncmp(line,"md5:",4)==0) { else if (strncmp(line, "sha1:", 5)==0) { else if (strncmp(line, "sha256:", 7)==0) { else if (strncmp(line, "unknown:", 8)==0) { else if (strncmp(line, "Size: ", 6)==0) { else if (strncmp(line, "Start: ", 7)==0) { else if (strncmp(line, "Compression: ", 13)==0) { transfer_info->req->compression = (gint8)strtol(line+13, NULL, 10); tvb_get_ptr(tvb, offset+digest_type_len, linelen-digest_type_len), while (offset < tvb_reported_length(tvb)) { linelen = tvb_find_line_end(tvb, offset, line = tvb_memdup(tvb, offset, linelen+1); if (strncmp(line,"md5:",4)==0) { else if (strncmp(line, "sha1:", 5)==0) { else if (strncmp(line, "sha256:", 7)==0) { else if (strncmp(line, "unknown:", 8)==0) { else if (strncmp(line, "Size: ", 6)==0) { else if (strncmp(line, "Start: ", 7)==0) { else if (strncmp(line, "Compression: ", 13)==0) { transfer_info->req->compression = (gint8)strtol(line+13, NULL, 10); tvb, offset, digest_type_len, transfer_info->file->digest_type); tvb, offset+digest_type_len, linelen-digest_type_len, tvb_ensure_length_remaining(tvb, offset), &next_offset, digest_bytes, FALSE); FALSE); offset = next_offset; linelen = tvb_find_line_end(tvb, offset, line = tvb_memdup(tvb, offset, linelen+1); if (strncmp(line,"md5:",4)==0) { else if (strncmp(line, "sha1:", 5)==0) { else if (strncmp(line, "sha256:", 7)==0) { else if (strncmp(line, "unknown:", 8)==0) { else if (strncmp(line, "Size: ", 6)==0) { else if (strncmp(line, "Start: ", 7)==0) { else if (strncmp(line, "Compression: ", 13)==0) { transfer_info->req->compression = (gint8)strtol(line+13, NULL, 10); 1 --------------------------------- 11964 149201/HeapOverFlow-bad.c cppfunc 31 int main(int argc, char **argv) buf = (char *)malloc(BUFSIZE); strcpy(buf, argv[1]); printf("buf = %s\n", buf); free(buf); 1 --------------------------------- 11965 148966/strutil.c cppfunc 507 uri_str_to_bytes(const char *uri_str, GByteArray *bytes) { p = (const guchar *)uri_str; if (! isascii(*p) || ! isprint(*p)) p++; p++; p++; if (! isascii(*p) || ! isprint(*p)) 1 --------------------------------- 11966 71471/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_16.c cppfunc 47 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 11967 152947/pmsignal.c cppfunc 126 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11968 66647/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11969 72461/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_82_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_82_bad::action(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 11970 153589/bio_err.c cppfunc 606 professing_lucent = ((char *)( *(statesmanese_outburnt - 5)) . oxidises_peachblossom); strncpy(stonesoup_buffer, professing_lucent, stonesoup_buffer_len); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); *stonesoup_buffer_ptr = professing_lucent; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); 1 --------------------------------- 11971 72807/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_08.c cppfunc 54 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 11972 153773/color.c cppfunc 118 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11973 153040/bufmgr.c cppfunc 150 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11974 62976/CWE121_Stack_Based_Buffer_Overflow__CWE135_45.c cppfunc 40 data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_45_badData = data; badSink(); void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_45_badData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11975 153748/color.c cppfunc 603 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(hynes_silos, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 11976 70409/CWE122_Heap_Based_Buffer_Overflow__CWE135_10.c cppfunc 46 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11977 153397/resowner.c cppfunc 1135 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int footing_disgracers = 131; char *ricercars_feelinglessly; stonesoup_read_taint(&ricercars_feelinglessly,"9197",footing_disgracers); ungird_uncensuring = ((void *)ricercars_feelinglessly); cerebralization_nogales = 1; scatoma_cudgels = &ungird_uncensuring; isiac_baneberry = ((void **)(((unsigned long )scatoma_cudgels) * cerebralization_nogales * cerebralization_nogales)) + 5; blepharoclonus_wiley(sherrymoor_nuangola,isiac_baneberry); blepharoclonus_wiley(wrixle_relisted,zanjona_unrefuting); stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void blepharoclonus_wiley(int wrixle_relisted,void **zanjona_unrefuting) bassetts_popularist = ((char *)((char *)( *(zanjona_unrefuting - 5)))); stonesoup_buff_size = strlen(bassetts_popularist) + 1; bassetts_popularist[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = free (stonesoup_other_buff); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&ricercars_feelinglessly,"9197",footing_disgracers); ungird_uncensuring = ((void *)ricercars_feelinglessly); scatoma_cudgels = &ungird_uncensuring; isiac_baneberry = ((void **)(((unsigned long )scatoma_cudgels) * cerebralization_nogales * cerebralization_nogales)) + 5; blepharoclonus_wiley(sherrymoor_nuangola,isiac_baneberry); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); 1 --------------------------------- 11978 72334/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_15.c cppfunc 45 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 11979 110471/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_16.c cppfunc 43 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11980 153187/cmdline.c cppfunc 1197 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); 1 --------------------------------- 11981 71578/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_43.cpp cppfunc 40 data = (int64_t *)malloc(50*sizeof(int64_t)); memcpy(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 1 --------------------------------- 11982 70648/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_09.c cppfunc 146 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 11983 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c inputfunc 56 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 11984 153803/color.c cppfunc 120 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11985 62982/CWE121_Stack_Based_Buffer_Overflow__CWE135_62.cpp cppfunc 41 data = NULL; badSource(data); void badSource(void * &data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 11986 148881/ascend-scanner.c cppfunc 1367 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; char *atcopy = g_strdup(ascendtext); unput(after); unput(colon); ascendlval.d = strtol(ascendtext, NULL, 10); 1 --------------------------------- 11987 72101/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_32.c cppfunc 45 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 11988 70972/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_81_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_81_bad::action(char * data) const strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 11989 66366/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_66.c cppfunc 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 11990 110514/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_11.c cppfunc 131 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 11991 153795/conversation.c cppfunc 92 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 11992 1620/snp3-bad.c inputfunc 45 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) snprintf(buf, 1024, "<%35s>", str); printf("result: %s\n", buf); 1 --------------------------------- 11993 110540/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_64.c cppfunc 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 1 --------------------------------- 11994 153003/cmdutils.c inputfunc 137 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&herdsman_bloodmobiles,"SWACKING_STUBBINESS"); if (herdsman_bloodmobiles != 0) {; undermelodies_anno[5] = herdsman_bloodmobiles; endurance_promemorial = *(undermelodies_anno + *boondogglers_morea); decade_byssaceous = ((char *)endurance_promemorial); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(decade_byssaceous)+1, decade_byssaceous, "TRIGGER-STATE"); strncpy(stonesoup_buffer,decade_byssaceous,strlen(decade_byssaceous) + 1); if (endurance_promemorial != 0) free(((char *)endurance_promemorial)); 1 --------------------------------- 11995 153154/color.c inputfunc 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&rhodochrosite_emballonurid,"6508",unlitigiously_lentic); stonesoup_printf("%s\n",stonesoup_buffer_stack); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer_stack); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 11996 72948/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_05.c cppfunc 47 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 11997 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c inputfunc 50 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 11998 71183/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_16.c cppfunc 44 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 11999 153795/conversation.c cppfunc 1258 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); return c - 32; trautvetteria_autodrome[1] = 5; horsy_moonery = *(oxytylote_insanitariness + trautvetteria_autodrome[1]); aloeswood_pbx = ((char *)horsy_moonery); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(aloeswood_pbx))); stonesoup_data->buffer[stonesoup_buff_size] = aloeswood_pbx[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void stonesoup_handle_taint(char *tweeter_kwannon) accommodating_filespec = tweeter_kwannon; oxytylote_insanitariness[5] = accommodating_filespec; horsy_moonery = *(oxytylote_insanitariness + trautvetteria_autodrome[1]); aloeswood_pbx = ((char *)horsy_moonery); stonesoup_taint_len = ((int )(strlen(aloeswood_pbx))); stonesoup_data->buffer[stonesoup_buff_size] = aloeswood_pbx[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); 1 --------------------------------- 12000 72992/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_01.c cppfunc 35 data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12001 67438/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_66.c cppfunc 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12002 65230/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_81_goodG2B.cpp cppfunc 31 void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_81_goodG2B::action(wchar_t * data) const source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 12003 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c cppfunc 51 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12004 153163/color.c cppfunc 120 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12005 153604/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&atlanta_albitic,"LOMETA_ATHEISTIC"); if (atlanta_albitic != 0) {; lored_taen = ((char *)atlanta_albitic); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(lored_taen)+1, lored_taen, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, lored_taen, strlen(lored_taen) + 1); if (atlanta_albitic != 0) free(((char *)atlanta_albitic)); 1 --------------------------------- 12006 72749/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_82_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_82_bad::action(wchar_t * data) wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 12007 70842/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_11.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12008 73036/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_81_bad.cpp cppfunc 31 void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_81_bad::action(char * data) const strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12009 110396/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_64.c cppfunc 37 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 12010 153790/mem_dbg.c cppfunc 475 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, acentric_hypotralia, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 12011 153680/color.c cppfunc 90 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12012 153569/column-utils.c cppfunc 2174 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, unlibidinously_osmolal, strlen(unlibidinously_osmolal) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 12013 153324/aviobuf.c cppfunc 1241 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, stowp_catchments, strlen(stowp_catchments) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 12014 153329/avfilter.c cppfunc 89 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12015 72956/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_13.c cppfunc 40 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12016 70746/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_11.c cppfunc 42 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12017 71462/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_07.c cppfunc 52 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12018 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 12019 67498/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_15.c cppfunc 48 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_15_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_15_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 12020 70973/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_82_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_82_goodG2B::action(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12021 153739/color.c cppfunc 568 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, munith_guacho, strlen(munith_guacho) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 12022 72384/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_17.c cppfunc 40 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12023 70938/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_11.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12024 70738/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_03.c cppfunc 42 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12025 72876/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_45.c cppfunc 36 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_45_badData; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12026 148881/tvbuff.c cppfunc 1296 IEEE_DP_MANTISSA_WIDTH; exponent = ((exponent >> IEEE_DP_MANTISSA_WIDTH) - IEEE_DP_BIAS) - return mantissa * pow(2, exponent); return get_ieee_double(ieee_fp_union.dw); return get_ieee_double(ieee_fp_union.dw); get_ieee_double(guint64 w) exponent = w & IEEE_DP_EXPONENT_MASK; exponent = ((exponent >> IEEE_DP_MANTISSA_WIDTH) - IEEE_DP_BIAS) - return mantissa * pow(2, exponent); 1 --------------------------------- 12027 148881/tvbuff.c cppfunc 1294 IEEE_DP_MANTISSA_WIDTH; exponent = ((exponent >> IEEE_DP_MANTISSA_WIDTH) - IEEE_DP_BIAS) - return -mantissa * pow(2, exponent); return get_ieee_double(ieee_fp_union.dw); return get_ieee_double(ieee_fp_union.dw); get_ieee_double(guint64 w) exponent = w & IEEE_DP_EXPONENT_MASK; exponent = ((exponent >> IEEE_DP_MANTISSA_WIDTH) - IEEE_DP_BIAS) - return -mantissa * pow(2, exponent); 1 --------------------------------- 12028 199235/buffer_underrun_dynamic.c cppfunc 519 int *buf1=(int*) calloc(5,sizeof(int)); int *buf2=(int*) calloc(3,sizeof(int)); for(i=0;i<5;i++) *(buf1+i)=i; *(buf2-*(buf1+4))=1; free(buf1); 1 --------------------------------- 12029 72371/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_04.c cppfunc 46 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12030 148881/emem.c cppfunc 575 va_list ap; va_start(ap,fmt); dst = ep_strdup_vprintf(fmt, ap); gchar* ep_strdup_vprintf(const gchar* fmt, va_list ap) { G_VA_COPY(ap2, ap); len = g_printf_string_upper_bound(fmt, ap); va_end(ap); 1 --------------------------------- 12031 71382/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_33.cpp cppfunc 43 char * &dataRef = data; char * data = dataRef; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12032 72378/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_11.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12033 69846/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_33.cpp cppfunc 38 int * &dataRef = data; int * data = dataRef; memcpy(data, source, 10*sizeof(int)); printIntLine(data[0]); free(data); 1 --------------------------------- 12034 153593/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&crystaling_postvaricellar,"JOBY_HESYCHASTIC"); if (crystaling_postvaricellar != 0) {; squimmidge_thyreoideal = ((char *)crystaling_postvaricellar); stonesoup_taint_len = ((int )(strlen(squimmidge_thyreoideal))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_data.buffer[stonesoup_buff_size] = squimmidge_thyreoideal[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "FINAL-STATE"); if (crystaling_postvaricellar != 0) free(((char *)crystaling_postvaricellar)); int stonesoup_toupper(int c) return c; stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); 1 --------------------------------- 12035 79499/CWE134_Uncontrolled_Format_String__char_console_snprintf_18.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 12036 72814/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_15.c cppfunc 46 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12037 72340/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_31.c cppfunc 39 data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12038 70836/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_05.c cppfunc 50 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12039 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 12040 70462/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_15.c cppfunc 140 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12041 199283/memory_allocation_failure.c cppfunc 152 vptr = (int *)calloc(memory_allocation_failure_005_gbl*memory_allocation_failure_005_gbl, sizeof(int)); vptr = (char *)calloc(10, sizeof(char)); vptr = (float *)calloc(10, sizeof(float)); ret = memory_allocation_failure_005_func_001 (rand()); free(vptr); 1 --------------------------------- 12042 73016/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_41.c cppfunc 30 data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_41_badSink(char * data) strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12043 153673/config.c cppfunc 1147 return c - 32; stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); void finaglers_mia(char **shakingly_pepper) rewed_kula(shakingly_pepper); void rewed_kula(char **simity_haftara) triturated_elaidic = ((char *)( *(simity_haftara - 5))); stonesoup_taint_len = ((int )(strlen(triturated_elaidic))); stonesoup_heap_buff_64[stonesoup_buff_size] = triturated_elaidic[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free(stonesoup_heap_buff_64); 1 --------------------------------- 12044 110322/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_11.c cppfunc 118 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12045 153298/stream.c cppfunc 106 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12046 73019/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_44.c cppfunc 30 static void badSink(char * data) strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12047 199235/buffer_underrun_dynamic.c cppfunc 159 int **buf = (int**) calloc(5,sizeof(int*)); buf[i]=(int*) calloc(5,sizeof(int)); for(i=-1;i<5;i++) for(j=0;j<5;j++) *(*(buf+i)+j)=i; free(buf[i]); free(buf); 1 --------------------------------- 12048 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c inputfunc 52 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 12049 110387/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_44.c cppfunc 36 static void badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12050 153353/color.c cppfunc 600 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(overages_assur, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 12051 153438/conf_mod.c cppfunc 124 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12052 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12053 110346/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_62.cpp cppfunc 44 data = -1; badSource(data); void badSource(int &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12054 153629/avpacket.c cppfunc 39 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12055 71914/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_43.cpp cppfunc 49 static void badSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); data = NULL; badSource(data); memmove(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 1 --------------------------------- 12056 153613/color.c cppfunc 572 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(hartungen_skirtless, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 12057 153236/dynahash.c cppfunc 1565 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 12058 72098/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_21.c cppfunc 50 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data[0] = L'\0'; return data; data = badSource(data); wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12059 153137/emem.c cppfunc 1174 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, oilskins_pinacle, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 12060 148881/ascend-scanner.c cppfunc 1492 if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; ascendlval.d = strtol(ascendtext, NULL, 10); 1 --------------------------------- 12061 71384/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_41.c cppfunc 32 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_41_badSink(char * data) strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12062 153518/e_bf.c cppfunc 111 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12063 110525/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_32.c cppfunc 136 int *dataPtr2 = &data; int data = *dataPtr2; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12064 153254/conf_mod.c cppfunc 701 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, dunams_biddance, strlen(dunams_biddance) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 12065 72430/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_15.c cppfunc 45 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12066 72329/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_10.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12067 66556/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_64.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12068 72092/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_13.c cppfunc 40 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12069 110401/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_72.cpp cppfunc 44 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 12070 70647/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_08.c cppfunc 159 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12071 67493/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_10.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_10_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_10_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_10_bad(); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 12072 153024/utils.c cppfunc 3196 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); pyrolytic_desmodactyli[1] = 5; mlechchha_unobdurate = *(huang_whiteclay + pyrolytic_desmodactyli[1]); muleteers_sideshows = ((char *)mlechchha_unobdurate); stonesoup_buffer = malloc((strlen(muleteers_sideshows) + 1) * sizeof(char )); strcpy(stonesoup_buffer,muleteers_sideshows); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); void stonesoup_handle_taint(char *brett_legitimisation) huang_whiteclay[5] = brett_legitimisation; mlechchha_unobdurate = *(huang_whiteclay + pyrolytic_desmodactyli[1]); muleteers_sideshows = ((char *)mlechchha_unobdurate); stonesoup_buffer = malloc((strlen(muleteers_sideshows) + 1) * sizeof(char )); strcpy(stonesoup_buffer,muleteers_sideshows); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 12073 72124/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_81_goodG2B.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_81_goodG2B::action(wchar_t * data) const wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12074 153048/pmsignal.c cppfunc 325 return c - 32; splats_cleome = ((char *)( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *spaulding_housebote)))))))))))))))))))))))))))))))))))))))))))))))))) . figitidae_isseis); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(splats_cleome))); stonesoup_heap_buff_64[stonesoup_buff_size] = splats_cleome[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); 1 --------------------------------- 12075 72177/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_02.c cppfunc 46 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12076 71500/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_81_goodG2B.cpp cppfunc 39 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_81_goodG2B::action(char * data) const SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12077 67278/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_33.cpp cppfunc 40 wchar_t * &dataRef = data; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcscat(dest, data); 1 --------------------------------- 12078 70748/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_13.c cppfunc 42 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12079 70679/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67.c cppfunc 87 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 1 --------------------------------- 12080 153544/color.c cppfunc 597 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(writhed_organized, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); 1 --------------------------------- 12081 153533/dirent_uri.c cppfunc 100 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12082 153138/cryptlib.c cppfunc 799 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(spongins_teetaller, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); 1 --------------------------------- 12083 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c inputfunc 53 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 12084 153424/dynahash.c cppfunc 248 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12085 71574/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_33.cpp cppfunc 38 int64_t * &dataRef = data; int64_t * data = dataRef; memcpy(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 1 --------------------------------- 12086 73007/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_16.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12087 70424/CWE122_Heap_Based_Buffer_Overflow__CWE135_41.c cppfunc 32 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; badSink(data); static void badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12088 72365/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_82_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_82_goodG2B::action(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12089 153467/color.c cppfunc 120 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12090 70841/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_10.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12091 72346/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_43.cpp cppfunc 44 data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12092 73009/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_18.c cppfunc 37 data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12093 153393/pgstat.c inputfunc 323 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&alleviater_dehorn,"SURVEYAL_BEINKED"); if (alleviater_dehorn != 0) {; hilloas_belligerences[82] = alleviater_dehorn; offshoots_skidproof = hilloas_belligerences; personality_shellackers = ((char **)(((unsigned long )offshoots_skidproof) * genoise_shmaltzier * genoise_shmaltzier)) + 5; revitalizing_undelayed = ((char *)(personality_shellackers - 5)[82]); if ((personality_shellackers - 5)[82] != 0) free(((char *)(personality_shellackers - 5)[82])); 1 --------------------------------- 12094 71405/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_82_goodG2B.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_82_goodG2B::action(char * data) strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12095 110505/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_02.c cppfunc 131 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12096 71178/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_11.c cppfunc 43 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 12097 199253/double_free.c cppfunc 168 char* ptr= (char*) malloc(sizeof(char)); free(ptr); free(ptr); 1 --------------------------------- 12098 72827/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_44.c cppfunc 32 static void badSink(char * data) strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12099 62594/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_52.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 12100 72490/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_43.cpp cppfunc 49 data[100-1] = '\0'; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 1 --------------------------------- 12101 153702/config.c cppfunc 107 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12102 72810/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_11.c cppfunc 40 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12103 72945/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_02.c cppfunc 40 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12104 199283/memory_allocation_failure.c cppfunc 400 free(memory_allocation_failure_011_gbl_u1->s1->a); free(memory_allocation_failure_011_gbl_u1->s1); free(memory_allocation_failure_011_gbl_u1); 1 --------------------------------- 12105 70425/CWE122_Heap_Based_Buffer_Overflow__CWE135_42.c cppfunc 47 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; return data; data = badSource(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12106 70525/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51.c inputfunc 35 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51b_badSink(int data); 1 --------------------------------- 12107 153009/utils.c cppfunc 95 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12108 153138/cryptlib.c cppfunc 162 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12109 110537/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_61.c cppfunc 63 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_61b_badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12110 153450/oids.c cppfunc 119 stonesoup_printf("Error: Failed to allocate memory\n"); s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12111 70883/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_04.c cppfunc 50 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12112 199235/buffer_underrun_dynamic.c cppfunc 752 dynamic_buffer_underrun_s_038* new_s = malloc(10*sizeof(dynamic_buffer_underrun_s_038)); new_s[loc].arr[i]='a'; new_s[0].arri[i]=2; free(new_s); 1 --------------------------------- 12113 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12114 70444/CWE122_Heap_Based_Buffer_Overflow__CWE135_81_bad.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__CWE135_81_bad::action(void * data) const size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12115 67599/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_53.cpp cppfunc 41 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 12116 199253/double_free.c cppfunc 64 char* ptr= (char*) malloc(10*sizeof(char)); for(i=0;i<10;i++) *(ptr+i)='a'; free(ptr); free(ptr); 1 --------------------------------- 12117 110472/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_17.c cppfunc 43 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12118 67432/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12119 153800/avdevice.c cppfunc 75 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12120 153619/resowner.c cppfunc 1146 apium_philipsburg = getenv("MERMIS_DILATOMETRY"); lustiness_counterfix[20] = apium_philipsburg; butadiene_necrophagous[5] = lustiness_counterfix; scorbutic_stabbingness = 5; dorsoventrad_reedplot = &scorbutic_stabbingness; wakamba_avaria = *(butadiene_necrophagous + *dorsoventrad_reedplot); CONOIDAL_BACKPOINTER(wakamba_avaria); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); void scorbutic_muteness(char **indirectly_yearth) effortlessly_vashon = ((char *)indirectly_yearth[20]); strncpy(stonesoup_buffer, effortlessly_vashon, stonesoup_buffer_len); *stonesoup_buffer_ptr = effortlessly_vashon; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); free(stonesoup_buffer_ptr); 1 --------------------------------- 12121 153619/resowner.c cppfunc 1142 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12122 153446/main_statusbar.c cppfunc 637 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12123 72436/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_31.c cppfunc 39 data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12124 73055/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_16.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12125 153134/main_statusbar.c cppfunc 646 tetradactyly_boxerism = getenv("SANCY_BOBBLED"); fourragere_britannia[ *( *( *( *( *( *( *( *( *( *unshrined_manuf)))))))))] = tetradactyly_boxerism; befreckle_utfangthief = fourragere_britannia[ *( *( *( *( *( *( *( *( *( *unshrined_manuf)))))))))]; norry_hyperspherical = ((char *)befreckle_utfangthief); stonesoup_buffer = malloc((strlen(norry_hyperspherical) + 1) * sizeof(char )); strcpy(stonesoup_buffer,norry_hyperspherical); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 12126 70497/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_02.c cppfunc 70 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12127 148881/ascend-scanner.c cppfunc 1417 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; *yy_cp = (yy_hold_char); (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; char *atcopy = g_strdup(ascendtext); if (strlen(atcopy) > 2) atcopy[2] = '\0'; ascendlval.d = strtol(atcopy, NULL, 10) * 10000; 1 --------------------------------- 12128 153506/color.c cppfunc 560 behaviorist_roughers = getenv("CABOOSE_WHANGEE"); macarthur_moraler = ((char *)behaviorist_roughers); stonesoup_buff_size = strlen(macarthur_moraler) + 1; stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); macarthur_moraler[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); 1 --------------------------------- 12129 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c inputfunc 59 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 12130 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 12131 153417/resowner.c cppfunc 1154 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12132 153740/color.c cppfunc 120 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12133 70832/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_01.c cppfunc 40 data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12134 199283/memory_allocation_failure.c cppfunc 612 char **dptr,a = 0; dptr=(char**) malloc(10*sizeof(char*)); dptr[i]=(char*) malloc(10*sizeof(char)); strcpy( dptr[1],"STRING TEST" ); free(dptr[i]); free(dptr); 1 --------------------------------- 12135 62948/CWE121_Stack_Based_Buffer_Overflow__CWE135_01.c cppfunc 39 data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12136 62948/CWE121_Stack_Based_Buffer_Overflow__CWE135_01.c cppfunc 36 data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 12137 153621/avdevice.c cppfunc 64 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12138 72423/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_08.c cppfunc 53 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12139 72386/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_21.c cppfunc 49 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12140 72278/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_07.c cppfunc 45 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12141 152908/utils.c cppfunc 2590 bbl_cupromanganese = getenv("CLITORIDECTOMY_SAUNTER"); refreshers_wiliest = evemerus_predestining(bbl_cupromanganese); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); char *evemerus_predestining(char *disjects_hypogeugea) return disjects_hypogeugea; refreshers_wiliest = evemerus_predestining(bbl_cupromanganese); outdreaming_lilburn = ((char *)refreshers_wiliest); strncpy(stonesoup_buffer, outdreaming_lilburn, stonesoup_buffer_len); *stonesoup_buffer_ptr = outdreaming_lilburn; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); free(stonesoup_buffer_ptr); 1 --------------------------------- 12142 72292/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_31.c cppfunc 39 data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12143 153823/string.c cppfunc 82 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12144 153442/bss_file.c cppfunc 572 return c - 32; return c; seminarcosis_almadie(surceased_epitaphic,eradication_pearlstone); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, panthous_zimarra); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); void stonesoup_handle_taint(char *aesopic_tastelessness) calcaire_nro = ((void *)aesopic_tastelessness); loquent_forbid = &calcaire_nro; nonpressing_nucla = &loquent_forbid; seminarcosis_almadie(pasadis_dorididae,nonpressing_nucla); void seminarcosis_almadie(int surceased_epitaphic,void ***eradication_pearlstone) panthous_zimarra = ((char *)((char *)( *( *eradication_pearlstone)))); strcpy(stonesoup_data->buffer, panthous_zimarra); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 12145 72970/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_43.cpp cppfunc 45 data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12146 148804/strings.c cppfunc 106 va_list aq; va_copy(aq, ap); res = vsnprintf((*buf)->__AST_STR_STR + offset, (*buf)->__AST_STR_LEN - offset, fmt, aq); va_end(aq); 1 --------------------------------- 12147 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c inputfunc 50 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 12148 153011/eng_table.c cppfunc 132 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12149 79353/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_16.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 12150 70420/CWE122_Heap_Based_Buffer_Overflow__CWE135_31.c cppfunc 44 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; void * dataCopy = data; void * data = dataCopy; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12151 148881/emem.c cppfunc 1822 va_list ap; va_start(ap, format); ep_strbuf_append_vprintf(strbuf, format, ap); ep_strbuf_append_vprintf(emem_strbuf_t *strbuf, const gchar *format, va_list ap) { G_VA_COPY(ap2, ap); full_len = g_vsnprintf(&strbuf->str[strbuf->len], (gulong) add_len, format, ap); va_end(ap); 1 --------------------------------- 12152 1600/scpy1-bad.c inputfunc 42 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) strcpy(buf, str); printf("result: %s\n", buf); 1 --------------------------------- 12153 66555/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_63.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12154 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 12155 66651/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_63.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12156 153559/avpacket.c cppfunc 69 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12157 70469/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_32.c cppfunc 136 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12158 199317/uninit_memory_access.c cppfunc 419 uninit_memory_access_014_u_001 *u; u = (uninit_memory_access_014_u_001 *)calloc(1,sizeof(uninit_memory_access_014_u_001)); u->a = 40; return u; u = (uninit_memory_access_014_u_001 *)calloc(2,sizeof(uninit_memory_access_014_u_001)); u->a = 20; return u; u = (uninit_memory_access_014_u_001 *)calloc(3,sizeof(uninit_memory_access_014_u_001)); u->a = 30; return u; return (uninit_memory_access_014_u_001 *)(-1); p = uninit_memory_access_014_func_001 (); free(p); 1 --------------------------------- 12159 110507/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_04.c cppfunc 138 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12160 153807/utils.c cppfunc 2574 return c - 32; return c; struct annunciation_halftimes cert_gimbal; cluniac_demibath = getenv("SUBSPECIALIST_NONLOYALTY"); cert_gimbal . fruz_constipated = ((char *)cluniac_demibath); ungregariously_emerited[5] = cert_gimbal; pedule_phytopathogen[1] = 5; pedregal_tripetaloid = *(ungregariously_emerited + pedule_phytopathogen[1]); newt_ftnerr = ((char *)pedregal_tripetaloid . fruz_constipated); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, newt_ftnerr); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 12161 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c inputfunc 60 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badSink(data); static void badSink(char * data) SNPRINTF(dest, 100-1, data); 1 --------------------------------- 12162 72754/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_03.c cppfunc 44 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12163 110457/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_02.c cppfunc 42 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12164 153245/e_bf.c cppfunc 303 char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); void trilloes_arranger(char **arterialization_jebel) temesv_threefolded = ((char *)( *(arterialization_jebel - 5))); stonesoup_buffer = malloc((strlen(temesv_threefolded) + 1) * sizeof(char )); strcpy(stonesoup_buffer,temesv_threefolded); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); 1 --------------------------------- 12165 72191/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_16.c cppfunc 47 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12166 70914/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_62.cpp cppfunc 45 data = NULL; badSource(data); void badSource(char * &data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12167 152910/bufmgr.c cppfunc 2718 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(rattails_unrecriminative, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); 1 --------------------------------- 12168 72325/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_06.c cppfunc 43 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12169 152888/mem_dbg.c cppfunc 250 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12170 70986/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_11.c cppfunc 42 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12171 62972/CWE121_Stack_Based_Buffer_Overflow__CWE135_41.c cppfunc 35 size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); data = (void *)WIDE_STRING; badSink(data); static void badSink(void * data) memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12172 72194/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_21.c cppfunc 56 static wchar_t * badSource(wchar_t * data) data = NULL; data = badSource(data); data[0] = L'\0'; return data; data = badSource(data); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12173 152910/bufmgr.c cppfunc 108 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12174 153623/ffmpeg.c cppfunc 151 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12175 72336/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_17.c cppfunc 40 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12176 73050/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_11.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12177 72433/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_18.c cppfunc 38 data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12178 199233/buffer_overrun_dynamic.c cppfunc 42 short *buf=(short*) calloc(5,sizeof(short)); *(buf+5)=1; free(buf); 1 --------------------------------- 12179 72221/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_82_goodG2B.cpp cppfunc 39 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_82_goodG2B::action(wchar_t * data) SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12180 153536/stream.c cppfunc 1812 void paeon_gigantesque(int dramatical_hydrogenator,void *quadrophonics_grots) archidome_topotypic = ((char *)((char *)quadrophonics_grots)); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, archidome_topotypic); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "FINAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { return c - 32; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); free(stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); 1 --------------------------------- 12181 73074/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_62.cpp cppfunc 39 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data); strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12182 153597/color.c cppfunc 599 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; return c - 32; int oxozone_busking = 596; char *drainage_asymptotical; stonesoup_read_taint(&drainage_asymptotical,"5389",oxozone_busking); nationhood_prochain = ((char *)drainage_asymptotical); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(nationhood_prochain))); stonesoup_heap_buff_64[stonesoup_buff_size] = nationhood_prochain[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&drainage_asymptotical,"5389",oxozone_busking); nationhood_prochain = ((char *)drainage_asymptotical); stonesoup_taint_len = ((int )(strlen(nationhood_prochain))); stonesoup_heap_buff_64[stonesoup_buff_size] = nationhood_prochain[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); 1 --------------------------------- 12183 110363/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_04.c cppfunc 62 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12184 71377/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_18.c cppfunc 39 data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12185 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 12186 110512/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_09.c cppfunc 131 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12187 148966/packet-sdp.c cppfunc 1604 static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); tokenlen = next_offset - offset; proto_tree_add_item(sdp_media_attribute_tree, hf_media_format, tvb, offset, tokenlen, ENC_ASCII|ENC_NA); payload_type = tvb_get_ephemeral_string(tvb, offset, tokenlen); *key = atol((char*)payload_type); 1 --------------------------------- 12188 72417/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_02.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12189 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12190 153772/subtrans.c inputfunc 129 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&gwynfa_cryptozonia,"CASUISTICAL_RESTIACEOUS"); if (gwynfa_cryptozonia != 0) {; nutgrasses_disloyalist = ((void *)gwynfa_cryptozonia); drawbridges_walsh[5] = nutgrasses_disloyalist; hawkbills_bluelegs = *(drawbridges_walsh + *aeolodicon_soundheaded); dekaliters_dorados = ((char *)((char *)hawkbills_bluelegs)); strcpy(stonesoup_heap_buffer_64, dekaliters_dorados); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "CROSSOVER-STATE"); for (; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "FINAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); if (((char *)hawkbills_bluelegs) != 0) free(((char *)((char *)hawkbills_bluelegs))); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "FINAL-STATE"); 1 --------------------------------- 12191 72388/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_31.c cppfunc 39 data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12192 70504/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_09.c cppfunc 70 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12193 153488/aviobuf.c cppfunc 52 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12194 153255/pmsignal.c cppfunc 129 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12195 153830/main_statusbar.c cppfunc 652 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; struct underseated_headhunting phascolarctos_proemial; char *pectinous_bloodthirsting;; stonesoup_read_taint(&pectinous_bloodthirsting,"IDEATIONAL_OCULISTS"); phascolarctos_proemial . latinian_pattersonville = ((char *)pectinous_bloodthirsting); desuete_blowfishes[5] = phascolarctos_proemial; typika_fixtures[1] = 5; endeavorer_actuarian = *(desuete_blowfishes + typika_fixtures[1]); houppelande_driftlet = ((char *)endeavorer_actuarian . latinian_pattersonville); stonesoup_buff_size = strlen(houppelande_driftlet) + 1; stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); houppelande_driftlet[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&pectinous_bloodthirsting,"IDEATIONAL_OCULISTS"); phascolarctos_proemial . latinian_pattersonville = ((char *)pectinous_bloodthirsting); endeavorer_actuarian = *(desuete_blowfishes + typika_fixtures[1]); houppelande_driftlet = ((char *)endeavorer_actuarian . latinian_pattersonville); stonesoup_buff_size = strlen(houppelande_driftlet) + 1; houppelande_driftlet[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = free (stonesoup_other_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); 1 --------------------------------- 12196 153524/color.c cppfunc 90 stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12197 73058/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_21.c cppfunc 48 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12198 70672/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 1 --------------------------------- 12199 72460/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_81_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_81_bad::action(char * data) const strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12200 153153/subtrans.c cppfunc 335 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12201 72995/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_04.c cppfunc 45 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12202 153292/config.c cppfunc 1076 infixation_faussebraie = ((char *)( *plainnesses_chelmsford) . rejourn_bacilliform); stonesoup_buff_size = strlen(infixation_faussebraie) + 1; stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); infixation_faussebraie[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); 1 --------------------------------- 12203 67494/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_11.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_11_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_11_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_11_bad(); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 12204 67743/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_53.cpp cppfunc 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 1 --------------------------------- 12205 153772/subtrans.c cppfunc 327 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; return c - 32; char *gwynfa_cryptozonia; stonesoup_read_taint(&gwynfa_cryptozonia,"CASUISTICAL_RESTIACEOUS"); nutgrasses_disloyalist = ((void *)gwynfa_cryptozonia); drawbridges_walsh[5] = nutgrasses_disloyalist; scourfishes_daiquiri = 5; aeolodicon_soundheaded = &scourfishes_daiquiri; hawkbills_bluelegs = *(drawbridges_walsh + *aeolodicon_soundheaded); dekaliters_dorados = ((char *)((char *)hawkbills_bluelegs)); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, dekaliters_dorados); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&gwynfa_cryptozonia,"CASUISTICAL_RESTIACEOUS"); nutgrasses_disloyalist = ((void *)gwynfa_cryptozonia); drawbridges_walsh[5] = nutgrasses_disloyalist; hawkbills_bluelegs = *(drawbridges_walsh + *aeolodicon_soundheaded); dekaliters_dorados = ((char *)((char *)hawkbills_bluelegs)); strcpy(stonesoup_heap_buffer_64, dekaliters_dorados); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); 1 --------------------------------- 12206 72756/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_05.c cppfunc 51 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12207 70519/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_34.c cppfunc 75 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12208 70955/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_44.c cppfunc 36 static void badSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12209 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12210 153703/tile-swap.c cppfunc 118 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12211 153058/avfilter.c cppfunc 77 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12212 153699/cmdline.c cppfunc 1192 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *darlingtonia_jordans; stonesoup_read_taint(&darlingtonia_jordans,"OFFLOADED_DUMBFOUNDED"); vouchees_enterotoxemia . toponymical_belime = ((char *)darlingtonia_jordans); thissen_preinflict(vouchees_enterotoxemia); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); void thissen_preinflict(const struct tricentenary_diaspidinae muckibus_tobruk) hearten_photomagnetism = ((char *)((struct tricentenary_diaspidinae )muckibus_tobruk) . toponymical_belime); stonesoup_buffer = malloc((strlen(hearten_photomagnetism) + 1) * sizeof(char )); strcpy(stonesoup_buffer,hearten_photomagnetism); free(stonesoup_buffer); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&darlingtonia_jordans,"OFFLOADED_DUMBFOUNDED"); vouchees_enterotoxemia . toponymical_belime = ((char *)darlingtonia_jordans); thissen_preinflict(vouchees_enterotoxemia); 1 --------------------------------- 12213 199284/memory_allocation_failure.c cppfunc 208 memory_allocation_failure_006_gbl_doubleptr=(int**) malloc(10*sizeof(int*)); memory_allocation_failure_006_gbl_doubleptr[i][0] =10; memory_allocation_failure_006_func_002(); if(memory_allocation_failure_006_func_001(flag)==0) memory_allocation_failure_006_gbl_doubleptr[i] = NULL; free(memory_allocation_failure_006_gbl_doubleptr); 1 --------------------------------- 12214 153321/column-utils.c cppfunc 88 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12215 110689/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_72.cpp cppfunc 44 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 12216 71481/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_42.c cppfunc 49 data[0] = '\0'; return data; data = badSource(data); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12217 153499/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12218 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81_goodB2G.cpp cppfunc 33 va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 1 --------------------------------- 12219 152879/eng_table.c cppfunc 129 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12220 153005/ffmpeg.c cppfunc 3259 struct hebr_toddite circumambiency_billiards = {0}; va_list archegone_mosel; __builtin_va_start(archegone_mosel,adamski_alcanna); circumambiency_billiards = (va_arg(archegone_mosel,struct hebr_toddite )); feedwater_impersonates = ((char *)circumambiency_billiards . daybeam_cantillation); stonesoup_buffer = malloc((strlen(feedwater_impersonates) + 1) * sizeof(char )); strcpy(stonesoup_buffer,feedwater_impersonates); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 12221 153152/eng_table.c cppfunc 130 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12222 153809/img2.c cppfunc 191 return c - 32; void *sandan_attainableness = 0; spongins_electrotypic = ((char *)((char *)sandan_attainableness)); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(spongins_electrotypic))); stonesoup_heap_buff_64[stonesoup_buff_size] = spongins_electrotypic[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); 1 --------------------------------- 12223 66646/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_52.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12224 153467/color.c cppfunc 589 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, palmists_ratability, strlen(palmists_ratability) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); 1 --------------------------------- 12225 72317/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_82_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_82_bad::action(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12226 79507/CWE134_Uncontrolled_Format_String__char_console_snprintf_42.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; return data; data = badSource(data); SNPRINTF(dest, 100-1, data); 1 --------------------------------- 12227 153247/conversation.c cppfunc 1282 heterometaboly_moneymaker = getenv("NONRANDOMNESS_MIMBARS"); thiofurfuran_entered . amphiboliferous_chadless = ((char *)heterometaboly_moneymaker); whinnying_prolusionize(thiofurfuran_entered); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); void whinnying_prolusionize(const struct unctuous_protthalli mesoplast_vulturelike) trisulfoxide_nonexpanded = ((char *)((struct unctuous_protthalli )mesoplast_vulturelike) . amphiboliferous_chadless); strncpy(stonesoup_buffer, trisulfoxide_nonexpanded, stonesoup_buffer_len); *stonesoup_buffer_ptr = trisulfoxide_nonexpanded; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); free(stonesoup_buffer_ptr); 1 --------------------------------- 12228 153250/color.c cppfunc 602 demotion_prebetray = getenv("FOSSILS_PRUNABLE"); remonetized_monomaniac = ((char *)demotion_prebetray); strncpy(stonesoup_buffer, remonetized_monomaniac, stonesoup_buffer_len); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); *stonesoup_buffer_ptr = remonetized_monomaniac; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); 1 --------------------------------- 12229 70473/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_42.c cppfunc 134 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12230 70457/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_10.c cppfunc 133 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12231 110481/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_42.c cppfunc 45 fscanf(stdin, "%d", &data); return data; data = -1; data = badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); static int badSource(int data) return data; data = badSource(data); intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12232 152966/main_filter_toolbar.c cppfunc 468 return c - 32; return c; stonesoup_data->before = stonesoup_toupper; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void dominionism_gossipmonger(int barotseland_hih,destructors_maru *yaounde_aedility) fofarraw_tritural = ((char *)( *(yaounde_aedility - 5))); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, fofarraw_tritural); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 12233 153036/string.c cppfunc 93 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12234 71142/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_33.cpp cppfunc 46 wchar_t * &dataRef = data; wchar_t * data = dataRef; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 1 --------------------------------- 12235 153802/types.c cppfunc 85 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12236 153800/avdevice.c cppfunc 248 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, obtunder_verrugas, strlen(obtunder_verrugas) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); 1 --------------------------------- 12237 153604/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12238 72104/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_41.c cppfunc 32 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_41_badSink(wchar_t * data) wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12239 72723/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22.c cppfunc 40 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_badSource(data); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 12240 70757/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_32.c cppfunc 47 char * *dataPtr2 = &data; char * data = *dataPtr2; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12241 72961/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_18.c cppfunc 39 data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12242 199283/memory_allocation_failure.c cppfunc 711 ret = MAX_VAL_4; ret=5; return ret; int * ptr1 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); *(ptr1+1) = 10; free(ptr1); 1 --------------------------------- 12243 199283/memory_allocation_failure.c cppfunc 710 ret = MAX_VAL_4; ret=5; return ret; memory_allocation_failure_016_gbl_ptr1 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); memory_allocation_failure_016_gbl_ptr2 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); memory_allocation_failure_016_func_002(0); free(memory_allocation_failure_016_gbl_ptr2); 1 --------------------------------- 12244 199283/memory_allocation_failure.c cppfunc 712 ret = MAX_VAL_4; ret=5; return ret; int * ptr1 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); int * ptr2 = (int *) malloc (memory_allocation_failure_016_func_001(0)*sizeof(int)); free(ptr2); 1 --------------------------------- 12245 72867/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22.c cppfunc 41 data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_badSource(data); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12246 153739/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12247 71770/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_43.cpp cppfunc 40 data = (int *)malloc(50*sizeof(int)); memmove(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 1 --------------------------------- 12248 110377/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_18.c cppfunc 54 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12249 153175/utils.c cppfunc 74 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12250 72993/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_02.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12251 70906/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_43.cpp cppfunc 48 data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12252 79493/CWE134_Uncontrolled_Format_String__char_console_snprintf_12.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); SNPRINTF(dest, 100-1, "%s", data); 1 --------------------------------- 12253 199235/buffer_underrun_dynamic.c cppfunc 621 char *message = (char*) calloc(12, sizeof(char)); message[len]='\n'; c = message[len]; if(isspace(c)) 1 --------------------------------- 12254 70410/CWE122_Heap_Based_Buffer_Overflow__CWE135_11.c cppfunc 46 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12255 199235/buffer_underrun_dynamic.c cppfunc 628 char *message = (char*) calloc(12, sizeof(char)); message[len]='\n'; free(message); 1 --------------------------------- 12256 75597/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_82_goodG2B.cpp cppfunc 31 void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_82_goodG2B::action(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 12257 67600/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_54.cpp cppfunc 41 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 12258 149077/scpy2-bad.c inputfunc 49 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) > MAXSIZE) strcpy(buf, str); printf("result: %s\n", buf); 1 --------------------------------- 12259 110528/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_41.c cppfunc 56 intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_41_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_41_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12260 153635/string.c cppfunc 1169 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); bioplasmic_devisable[1] = 5; toleware_pseudo = *(orlops_musha + bioplasmic_devisable[1]); consideringly_zing = ((char *)toleware_pseudo[3]); strncpy(stonesoup_buffer, consideringly_zing, stonesoup_buffer_len); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); *stonesoup_buffer_ptr = consideringly_zing; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); void stonesoup_handle_taint(char *continuousness_attaches) tetralogue_compositae[3] = continuousness_attaches; orlops_musha[5] = tetralogue_compositae; toleware_pseudo = *(orlops_musha + bioplasmic_devisable[1]); consideringly_zing = ((char *)toleware_pseudo[3]); strncpy(stonesoup_buffer, consideringly_zing, stonesoup_buffer_len); *stonesoup_buffer_ptr = consideringly_zing; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); free(stonesoup_buffer_ptr); 1 --------------------------------- 12261 153635/string.c cppfunc 1165 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); 1 --------------------------------- 12262 73248/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_33.cpp cppfunc 38 double * &dataRef = data; double * data = dataRef; printDoubleLine(*data); free(data); 1 --------------------------------- 12263 72324/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_05.c cppfunc 46 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12264 110362/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_03.c cppfunc 55 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12265 72435/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22.c cppfunc 40 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_badSource(data); strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12266 72760/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_09.c cppfunc 44 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12267 72870/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_33.cpp cppfunc 43 char * &dataRef = data; char * data = dataRef; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12268 73010/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_21.c cppfunc 48 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12269 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c cppfunc 49 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12270 71146/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_43.cpp cppfunc 48 data = (wchar_t *)malloc(10*sizeof(wchar_t)); memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 1 --------------------------------- 12271 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c cppfunc 46 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 12272 72220/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_81_goodG2B.cpp cppfunc 39 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_81_goodG2B::action(wchar_t * data) const SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12273 153309/mux.c cppfunc 516 braxies_contralateral = ((char *)( *(impartment_carnalizing - 5)) . trunkful_fibrocystoma); strncpy(stonesoup_buffer, braxies_contralateral, stonesoup_buffer_len); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); *stonesoup_buffer_ptr = braxies_contralateral; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); 1 --------------------------------- 12274 153309/mux.c cppfunc 512 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12275 72864/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_17.c cppfunc 41 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12276 148881/ascend-scanner.c cppfunc 1563 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; ascendlval.d = strtoul(ascendtext, NULL, 16); 1 --------------------------------- 12277 199283/memory_allocation_failure.c cppfunc 60 long long int i=0; long long int *ptr=(long long*) malloc(MAX_VAL *sizeof(long long)); *(ptr+i) = i; free(ptr); 1 --------------------------------- 12278 72849/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_02.c cppfunc 40 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12279 72190/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_15.c cppfunc 52 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12280 70913/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_61.c cppfunc 42 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_61b_badSource(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12281 71196/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_45.c cppfunc 40 data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_45_badData = data; badSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_45_badData; wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 12282 110370/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_11.c cppfunc 55 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12283 199235/buffer_underrun_dynamic.c cppfunc 116 float *buf=(float*) calloc(5,sizeof(float)); buf[i]=1.0; free(buf); 1 --------------------------------- 12284 153033/color.c cppfunc 90 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12285 152955/timestamp.c cppfunc 218 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, archai_turbith, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 12286 199283/memory_allocation_failure.c cppfunc 107 ret = MAX_VAL; ret=1; return ret; unsigned int *ptr = (unsigned int*) malloc(memory_allocation_failure_004_func_001(0)*sizeof(unsigned int)); *(ptr+1) = 10; free(ptr); 1 --------------------------------- 12287 72806/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_07.c cppfunc 46 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12288 153077/file_wrappers.c inputfunc 161 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&episternal_larcenist,"HECATE_AMENABLE"); if (episternal_larcenist != 0) {; chawed_anarchs . malinvestment_garfish = episternal_larcenist; iffiest_chubbiest = ((char *)chawed_anarchs . malinvestment_garfish); if (strlen(iffiest_chubbiest) < 20) { realpath(iffiest_chubbiest,stonesoup_base_path); if (chawed_anarchs . malinvestment_garfish != 0) free(((char *)chawed_anarchs . malinvestment_garfish)); 1 --------------------------------- 12289 152866/gimpdisplay.c cppfunc 877 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12290 66552/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12291 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12292 110508/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_05.c cppfunc 138 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12293 199253/double_free.c cppfunc 43 char* ptr= (char*) malloc(10*sizeof(char)); ptr[i]='a'; free(ptr); free(ptr); 1 --------------------------------- 12294 79365/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_44.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 12295 70983/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_08.c cppfunc 56 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12296 70833/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_02.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12297 70948/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_31.c cppfunc 43 data = (char *)malloc(10*sizeof(char)); char * dataCopy = data; char * data = dataCopy; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12298 110504/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_01.c cppfunc 128 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12299 148828/Geolocation.cpp cppfunc 179 void Geolocation::Watchers::remove(GeoNotifier* notifier) NotifierToIdMap::iterator iter = m_notifierToIdMap.find(notifier); m_idToNotifierMap.remove(iter->second); m_notifierToIdMap.remove(iter); 1 --------------------------------- 12300 153241/color.c cppfunc 594 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(foliolate_lefty, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); 1 --------------------------------- 12301 71469/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_14.c cppfunc 46 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12302 72464/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_01.c cppfunc 41 data[100-1] = '\0'; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 1 --------------------------------- 12303 70461/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_14.c cppfunc 133 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12304 72381/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_14.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12305 70414/CWE122_Heap_Based_Buffer_Overflow__CWE135_15.c cppfunc 53 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12306 110469/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_14.c cppfunc 42 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12307 72780/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_45.c cppfunc 40 data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_45_badData = data; badSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_45_badData; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12308 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c cppfunc 62 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 12309 153366/conf_mod.c cppfunc 693 kechi_ragabash = ((char *)( *heyerdahl_scintillescent) . interleaver_protovum); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(kechi_ragabash))); memcpy(stonesoup_data->buffer, kechi_ragabash, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 12310 72375/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_08.c cppfunc 53 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12311 70463/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_16.c cppfunc 134 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12312 72081/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_02.c cppfunc 40 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12313 153654/utils.c cppfunc 69 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12314 148966/packet-sdp.c cppfunc 1823 static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) (tvb_strncaseeql(tvb, offset, sdp_media_attribute_names[i].name, len) == 0)) offset = 0; colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = colon_offset + 1; offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); tokenlen = next_offset - offset; atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen))); 1 --------------------------------- 12315 153258/column.c cppfunc 1135 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; return c - 32; char *cigarillos_marinna; stonesoup_read_taint(&cigarillos_marinna,"SCIMITARED_FURNESS"); pacas_cathartically = &cigarillos_marinna; recutting_marmennill = pacas_cathartically + 5; rips_praxiteles = ((char *)( *(recutting_marmennill - 5))); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(rips_praxiteles))); stonesoup_heap_buff_64[stonesoup_buff_size] = rips_praxiteles[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&cigarillos_marinna,"SCIMITARED_FURNESS"); pacas_cathartically = &cigarillos_marinna; recutting_marmennill = pacas_cathartically + 5; rips_praxiteles = ((char *)( *(recutting_marmennill - 5))); stonesoup_taint_len = ((int )(strlen(rips_praxiteles))); stonesoup_heap_buff_64[stonesoup_buff_size] = rips_praxiteles[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free(stonesoup_heap_buff_64); 1 --------------------------------- 12316 72971/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_44.c cppfunc 32 static void badSink(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12317 153239/color.c cppfunc 633 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); void stonesoup_handle_taint(char *cardiorenal_gobbin) arenose_hydras = ((char *)cardiorenal_gobbin); strncpy(stonesoup_buffer, arenose_hydras, stonesoup_buffer_len); *stonesoup_buffer_ptr = arenose_hydras; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); free(stonesoup_buffer_ptr); 1 --------------------------------- 12318 70412/CWE122_Heap_Based_Buffer_Overflow__CWE135_13.c cppfunc 46 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12319 153786/dynahash.c cppfunc 1543 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, ocelliferous_tansies, strlen(ocelliferous_tansies) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); 1 --------------------------------- 12320 67751/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_67.cpp cppfunc 90 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 1 --------------------------------- 12321 110319/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_08.c cppfunc 132 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12322 153203/tile-manager.c cppfunc 760 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, missummation_trouping, strlen(missummation_trouping) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); 1 --------------------------------- 12323 153391/ffmpeg.c cppfunc 179 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12324 153068/aviobuf.c cppfunc 62 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12325 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c inputfunc 52 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 12326 70450/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_03.c cppfunc 133 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12327 152907/mutex.c cppfunc 191 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); 1 --------------------------------- 12328 153104/color.c inputfunc 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&sauerkrauts_antisemitism,"DENNYSVILLE_PLEASING"); if (sauerkrauts_antisemitism != 0) {; recorde_iconodulist = ((char *)sauerkrauts_antisemitism); strcpy(stonesoup_data->buffer, recorde_iconodulist); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); for (; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); if (sauerkrauts_antisemitism != 0) free(((char *)sauerkrauts_antisemitism)); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); 1 --------------------------------- 12329 72422/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_07.c cppfunc 45 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12330 70856/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_41.c cppfunc 36 data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_41_badSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12331 153228/cryptlib.c cppfunc 603 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 12332 153489/color.c cppfunc 608 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); return c - 32; return c; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, grouseless_marte); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); void stonesoup_handle_taint(char *sulfured_lockerbie) grouseless_marte = ((char *)sulfured_lockerbie); strcpy(stonesoup_data->buffer, grouseless_marte); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 12333 70985/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_10.c cppfunc 42 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12334 153763/color.c cppfunc 608 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; return c; char *colation_prosecutes; stonesoup_read_taint(&colation_prosecutes,"ODESSA_POLYGONALLY"); waxy_shechina = ((char *)colation_prosecutes); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(waxy_shechina))); stonesoup_data->buffer[stonesoup_buff_size] = waxy_shechina[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); int stonesoup_toupper(int c) return c - 32; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&colation_prosecutes,"ODESSA_POLYGONALLY"); waxy_shechina = ((char *)colation_prosecutes); stonesoup_taint_len = ((int )(strlen(waxy_shechina))); stonesoup_data->buffer[stonesoup_buff_size] = waxy_shechina[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free(stonesoup_data); 1 --------------------------------- 12335 153537/heapam.c cppfunc 570 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12336 153537/heapam.c cppfunc 574 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; struct cooer_villainously organical_infantive; char *stocktaking_schoolbook; stonesoup_read_taint(&stocktaking_schoolbook,"PARA_STORYMONGER"); organical_infantive . unquietly_sade = ((char *)stocktaking_schoolbook); mesole_dingiest[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *slidage_numerologists)))))))))))))))))))))))))))))))))))))))))))))))))] = organical_infantive; semitechnical_cedrol = mesole_dingiest[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *slidage_numerologists)))))))))))))))))))))))))))))))))))))))))))))))))]; stoffel_irregeneracy = ((char *)semitechnical_cedrol . unquietly_sade); strncpy(stonesoup_buffer, stoffel_irregeneracy, stonesoup_buffer_len); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); *stonesoup_buffer_ptr = stoffel_irregeneracy; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&stocktaking_schoolbook,"PARA_STORYMONGER"); organical_infantive . unquietly_sade = ((char *)stocktaking_schoolbook); semitechnical_cedrol = mesole_dingiest[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *slidage_numerologists)))))))))))))))))))))))))))))))))))))))))))))))))]; stoffel_irregeneracy = ((char *)semitechnical_cedrol . unquietly_sade); strncpy(stonesoup_buffer, stoffel_irregeneracy, stonesoup_buffer_len); *stonesoup_buffer_ptr = stoffel_irregeneracy; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); free(stonesoup_buffer_ptr); 1 --------------------------------- 12337 72327/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_08.c cppfunc 53 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12338 72857/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_10.c cppfunc 40 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12339 148923/strutil.c cppfunc 190 format_text(const guchar *string, size_t len) c = *string++; if (isprint(c)) { 1 --------------------------------- 12340 199289/null_pointer.c cppfunc 293 null_pointer_016_gbl_doubleptr=NULL; if(null_pointer_016_func_001(flag)==ZERO) null_pointer_016_gbl_doubleptr[i] = NULL; free(null_pointer_016_gbl_doubleptr); 1 --------------------------------- 12341 153385/portalmem.c cppfunc 128 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12342 72642/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_62.cpp cppfunc 40 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); void badSource(wchar_t * &data); memmove(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 1 --------------------------------- 12343 66648/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12344 153019/mutex.c cppfunc 231 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 12345 153231/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&froughy_heger,"HERTZIAN_FEUDALIZED"); if (froughy_heger != 0) {; morphinomaniac_basilics = ((char *)froughy_heger); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(morphinomaniac_basilics)+1, morphinomaniac_basilics, "TRIGGER-STATE"); strncpy(stonesoup_buffer,morphinomaniac_basilics,strlen(morphinomaniac_basilics) + 1); if (froughy_heger != 0) free(((char *)froughy_heger)); 1 --------------------------------- 12346 199284/memory_allocation_failure.c cppfunc 87 unsigned int **ptr = (unsigned int**) malloc(MAX*sizeof(unsigned int*)); ptr[i]=(unsigned int*) malloc(MAX_VAL*sizeof(unsigned int)); for(i=0;i<5;i++) for(j=0;j<5;j++) *(*(ptr+i)+j)=i; free(ptr[i]); free(ptr); 1 --------------------------------- 12347 153668/error.c cppfunc 110 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12348 153267/stream.c inputfunc 131 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&seroot_improvidences,"CASSANDRE_STEVINSON"); if (seroot_improvidences != 0) {; duramens_tintinnabulous = ((int )(strlen(seroot_improvidences))); sogat_claw = ((char *)(malloc(duramens_tintinnabulous + 1))); if (sogat_claw == 0) { memcpy(sogat_claw,seroot_improvidences,duramens_tintinnabulous); if (seroot_improvidences != 0) free(((char *)seroot_improvidences)); sandro_knublet = &sogat_claw; unstaid_venatorial = sandro_knublet + 5; globetrotter_prechallenge = ((char *)( *(unstaid_venatorial - 5))); stonesoup_buff_size = ((int )(strlen(globetrotter_prechallenge))); strncpy(stonesoup_heap_buff_64, globetrotter_prechallenge, 64); for (; stonesoup_ss_i < stonesoup_buff_size; ++stonesoup_ss_i){ if ( *(unstaid_venatorial - 5) != 0) free(((char *)( *(unstaid_venatorial - 5)))); 1 --------------------------------- 12349 70761/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_42.c cppfunc 45 data = (char *)malloc(10*sizeof(char)); return data; data = badSource(data); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12350 71212/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_81_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_81_bad::action(wchar_t * data) const wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 12351 148966/strutil.c cppfunc 190 format_text(const guchar *string, size_t len) c = *string++; if (isprint(c)) { 1 --------------------------------- 12352 199253/double_free.c cppfunc 115 char* ptr= (char*) malloc(sizeof(char)); free(ptr); free(ptr); 1 --------------------------------- 12353 70751/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_16.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12354 1616/snp1-bad.c inputfunc 42 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); 1 --------------------------------- 12355 72727/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_34.c cppfunc 46 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 12356 73260/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_62.cpp cppfunc 35 data = NULL; badSource(data); void badSource(double * &data); printDoubleLine(*data); free(data); 1 --------------------------------- 12357 153531/emem.c cppfunc 196 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12358 66600/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12359 79354/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_17.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 12360 72822/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_33.cpp cppfunc 43 char * &dataRef = data; char * data = dataRef; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12361 153714/bio_err.c cppfunc 210 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, fractiousness_darter, strlen(fractiousness_darter) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 12362 152999/tile-swap.c cppfunc 156 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12363 72772/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_31.c cppfunc 44 data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12364 62981/CWE121_Stack_Based_Buffer_Overflow__CWE135_61.c cppfunc 38 data = CWE121_Stack_Based_Buffer_Overflow__CWE135_61b_badSource(data); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 12365 72333/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_14.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12366 71002/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_43.cpp cppfunc 47 data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12367 70669/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_51.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 1 --------------------------------- 12368 72819/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22.c cppfunc 41 data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_badSource(data); strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12369 153615/portalmem.c cppfunc 1364 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void disklike_untrim(char *mentorism_herpolhode) bowly_soaking(mentorism_herpolhode); void bowly_soaking(char *amenable_pommelion) schizophasia_ferromagnetic = ((char *)((char *)amenable_pommelion)); stonesoup_taint_len = ((int )(strlen(schizophasia_ferromagnetic))); stonesoup_data->buffer[stonesoup_buff_size] = schizophasia_ferromagnetic[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free(stonesoup_data); 1 --------------------------------- 12370 71106/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_62.cpp cppfunc 45 data = NULL; badSource(data); void badSource(wchar_t * &data); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); printWLine(data); free(data); 1 --------------------------------- 12371 153460/utils.c cppfunc 3191 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, yashiro_molluscivorous, strlen(yashiro_molluscivorous) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 12372 72461/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_82_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_82_goodG2B::action(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12373 148966/packet-sdp.c cppfunc 1761 static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) (tvb_strncaseeql(tvb, offset, sdp_media_attribute_names[i].name, len) == 0)) const char *msrp_res = "msrp: offset = 0; colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = colon_offset + 1; offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); if (strncmp((char*)attribute_value, msrp_res, strlen(msrp_res)) == 0) { address_offset = offset + (int)strlen(msrp_res); port_offset = tvb_find_guint8(tvb, address_offset, -1, ':'); port_end_offset = tvb_find_guint8(tvb, port_offset, -1, '/'); (char*)tvb_get_ephemeral_string(tvb, address_offset, port_offset-address_offset), msrp_port_number = atoi((char*)tvb_get_ephemeral_string(tvb, port_offset + 1, port_end_offset - port_offset - 1)); 1 --------------------------------- 12374 67334/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_52.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12375 67340/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_64.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12376 70667/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_44.c cppfunc 69 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12377 153346/img2.c cppfunc 71 stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12378 153615/portalmem.c cppfunc 126 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12379 72802/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_03.c cppfunc 40 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12380 70529/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_61.c cppfunc 56 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12381 79383/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_bad.cpp cppfunc 34 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 12382 148966/strutil.c cppfunc 469 is_byte_sep(guint8 c) q = p+1; && isxdigit(*p) && isxdigit(*q) && if (is_byte_sep(*punct)) { p = punct; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q + 1; else if (!*q && isxdigit(*p)) { p = q; else if (!*q && isxdigit(*p)) { hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; s = p+3; isxdigit(*r) && isxdigit(*s)) { punct = s + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { else if (!*q && isxdigit(*p)) { p = q; else if (!*q && isxdigit(*p)) { 1 --------------------------------- 12383 70665/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_42.c cppfunc 147 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12384 62972/CWE121_Stack_Based_Buffer_Overflow__CWE135_41.c cppfunc 32 data = (void *)WIDE_STRING; badSink(data); static void badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 12385 71388/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_45.c cppfunc 36 data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_45_badData; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12386 152932/string.c cppfunc 1142 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12387 72284/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_13.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12388 62963/CWE121_Stack_Based_Buffer_Overflow__CWE135_16.c cppfunc 45 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12389 62963/CWE121_Stack_Based_Buffer_Overflow__CWE135_16.c cppfunc 42 data = NULL; data = (void *)WIDE_STRING; memcpy(dest, data, (dataLen+1)); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 12390 71174/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_07.c cppfunc 49 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 12391 199319/uninit_pointer.c cppfunc 281 int **ptr = (int**) malloc(5*sizeof(int*)); ptr[i]=(int*) malloc(5*sizeof(int)); ptr[i] = NULL; free(ptr); 1 --------------------------------- 12392 71172/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_05.c cppfunc 50 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 12393 153543/bio_err.c cppfunc 115 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12394 153391/ffmpeg.c cppfunc 3248 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(noninhibitory_asiatic, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 12395 153706/cmdline.c cppfunc 78 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12396 79458/CWE134_Uncontrolled_Format_String__char_console_printf_41.c inputfunc 44 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badSink(data); static void badSink(char * data) printf(data); 1 --------------------------------- 12397 72958/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_15.c cppfunc 46 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12398 66558/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_66.c cppfunc 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12399 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c inputfunc 52 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 12400 66612/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_81a.cpp cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12401 148966/packet-sdp.c cppfunc 1598 static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); tokenlen = next_offset - offset; proto_tree_add_item(sdp_media_attribute_tree, hf_media_format, tvb, offset, tokenlen, ENC_ASCII|ENC_NA); payload_type = tvb_get_ephemeral_string(tvb, offset, tokenlen); pt = atoi((char*)payload_type); 1 --------------------------------- 12402 72294/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_33.cpp cppfunc 42 char * &dataRef = data; char * data = dataRef; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12403 71187/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22.c cppfunc 45 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_badSource(data); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 12404 70995/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22.c cppfunc 44 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_badSource(data); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12405 70993/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_18.c cppfunc 41 data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12406 72964/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_31.c cppfunc 40 data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12407 110686/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_66.cpp cppfunc 41 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 12408 73020/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_45.c cppfunc 34 data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_45_badData; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12409 153126/color.c cppfunc 120 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12410 110532/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_45.c cppfunc 60 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_45_badData = data; badSink(); int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_45_badData; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12411 73000/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_09.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12412 153464/mem_dbg.c cppfunc 493 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12413 148881/diam_dict.c inputfunc 3247 int main(int argc, char** argv) { switch (argc) { dname = argv[i++]; fname = argv[i]; fprintf(stderr,"%s: usage [dictionary_dir] dictionary_filename\n",argv[0]); d = ddict_scan(dname,fname,1); ddict_t* ddict_scan(const char* system_directory, const char* filename, int dbg) { sys_dir = system_directory; DiamDictin = ddict_open(sys_dir,filename); DiamDictlex(); static FILE* ddict_open(const char*, const char*); D(("unable to open %s\n", filename)); D(("\n---------------\n%s\n------- %d -------\n",strbuf,len_strbuf)); DiamDictlex(); static void ddict_debug(const char* fmt, ...); 1 --------------------------------- 12414 72486/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_33.cpp cppfunc 47 char * &dataRef = data; char * data = dataRef; SNPRINTF(dest, strlen(data), "%s", data); printLine(data); free(data); 1 --------------------------------- 12415 148881/tshark.c cppfunc 3157 cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, decode_as_arg_template); cmdarg_err("No layer type specified"); cmdarg_err("Unknown layer type -- %s", table_name); cmdarg_err("Valid layer types are:"); cmdarg_err("WARNING: -d requires \"==\" instead of \"=\". Option will be treated as \"%s==%s\"", table_name, remaining_param + 1); cmdarg_err("Parameter \"%s\" doesn't follow the template \"%s\"", cl_param, decode_as_arg_template); cmdarg_err("Invalid selector number \"%s\"", selector_str); cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name); cmdarg_err("No protocol name specified"); cmdarg_err("WARNING: Protocol \"%s\" matched %u dissectors, first one will be used", dissector_str, user_protocol_name.nb_match); cmdarg_err("Unknown protocol -- \"%s\"", dissector_str); cmdarg_err("Protocol \"%s\" isn't valid for layer type \"%s\"", cmdarg_err("Valid protocols for layer type \"%s\" are:", table_name); cmdarg_err("Configuration Profile \"%s\" does not exist", optarg); cmdarg_err("Invalid \"%s\" option for -G flag", argv[2]); cmdarg_err("Can't open global preferences file \"%s\": %s.", cmdarg_err("I/O error reading global preferences file \"%s\": %s.", cmdarg_err("Can't open your preferences file \"%s\": %s.", pf_path, cmdarg_err("I/O error reading your preferences file \"%s\": %s.", cmdarg_err("Could not open global disabled protocols file\n\"%s\": %s.", cmdarg_err("I/O error reading global disabled protocols file\n\"%s\": %s.", "Could not open your disabled protocols file\n\"%s\": %s.", dp_path, "I/O error reading your disabled protocols file\n\"%s\": %s.", dp_path, cmdarg_err("\"%s\" is not a valid field output option=value pair.", optarg); cmdarg_err("\"%s\" isn't a valid capture file type", optarg); cmdarg_err("-N specifies unknown resolving option '%c';", cmdarg_err("Invalid -o flag \"%s\"", optarg); cmdarg_err("-o flag \"%s\" specifies unknown preference", optarg); cmdarg_err("Invalid time stamp type \"%s\"", cmdarg_err("Invalid -T parameter."); cmdarg_err("invalid -z argument."); cmdarg_err("Output fields were specified with \"-e\", " cmdarg_err("\"-Tfields\" was specified, but no fields were " cmdarg_err("Read filters were specified both with \"-R\" " cmdarg_err("Capture filters were specified both with \"-f\"" cmdarg_err("You can't write both raw packet data and dissected packets" cmdarg_err("This version of TShark was not built with support for capturing packets."); cmdarg_err("Only read filters, not capture filters, " cmdarg_err("Raw packet hex data can only be printed as text or PostScript"); cmdarg_err("You can't specify -L and a capture file to be read."); cmdarg_err("Ring buffer requested, but a capture isn't being done."); cmdarg_err("Multiple capture files requested, but " cmdarg_err("Switching capture files after a time interval was specified, but " cmdarg_err("A ring buffer of capture files was specified, but " cmdarg_err("A maximum number of capture files was specified, but " cmdarg_err("A maximum capture time was specified, but " cmdarg_err("Live captures can only be saved in libpcap format."); cmdarg_err("Multiple capture files requested, but " cmdarg_err("Multiple capture files requested, but " cmdarg_err("Multiple capture files requested, but " cmdarg_err("Maximum capture file size specified, but " cmdarg_err("Multiple capture files requested, but " cmdarg_err("%s", dfilter_error_msg); cmdarg_err("WinPcap couldn't be found."); "Invalid capture filter: \"%s\"!\n" "Invalid capture filter: \"%s\"!\n" cmdarg_err("Capture files can't be written in that format."); cmdarg_err("The capture file being read can't be written in " cmdarg_err("The %s couldn't be created for some " cmdarg_err("A full header couldn't be written to the %s.", cmdarg_err("The %s could not be created: %s.", save_file_string, cmdarg_err("\"%s\" has a packet with a network type that TShark doesn't support.\n(%s)", cmdarg_err("An attempt to read from \"%s\" failed for some unknown reason.", cmdarg_err("\"%s\" appears to have been cut short in the middle of a packet.", cmdarg_err("\"%s\" appears to be damaged or corrupt.\n(%s)", cmdarg_err("An error occurred while reading \"%s\": %s.", cmdarg_err("Not all the packets could be written to the %s because there is " cmdarg_err("Not all the packets could be written to the %s because you are " cmdarg_err("The %s couldn't be closed for some unknown reason.", cmdarg_err("Not all the packets could be written to the %s.", cmdarg_err("The %s could not be closed: %s.", save_file_string, cmdarg_err("An error occurred while writing to the %s: %s.", cmdarg_err("Not all the packets could be printed because there is " cmdarg_err("Not all the packets could be printed because you are " cmdarg_err("An error occurred while printing packets: %s.", cmdarg_err("An error occurred while reading from the file \"%s\": %s.", cmdarg_err("An error occurred while writing to the file \"%s\": %s.", cmdarg_err(const char *fmt, ...) va_start(ap, fmt); 1 --------------------------------- 12416 71374/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_15.c cppfunc 46 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12417 110345/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_61.c cppfunc 63 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_61b_badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12418 72834/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_62.cpp cppfunc 41 data = NULL; badSource(data); void badSource(char * &data); strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12419 152947/pmsignal.c cppfunc 394 supersets_freeloads = getenv("PLUMPNESSES_PARTAKES"); paradisally_mundugumors . unrhymed_ichorous = supersets_freeloads; mushes_olonetsish(paradisally_mundugumors); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); memcpy(stonesoup_data->buffer, enville_caratch, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void mushes_olonetsish(const union pliability_gestures retramp_anhydride) enville_caratch = ((char *)((union pliability_gestures )retramp_anhydride) . unrhymed_ichorous); stonesoup_buff_size = ((int )(strlen(enville_caratch))); memcpy(stonesoup_data->buffer, enville_caratch, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 12420 72960/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_17.c cppfunc 41 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12421 110463/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_08.c cppfunc 56 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12422 153003/cmdutils.c cppfunc 110 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12423 72442/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_43.cpp cppfunc 44 data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12424 70897/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_18.c cppfunc 42 data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12425 70505/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_10.c cppfunc 70 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12426 153460/utils.c cppfunc 69 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12427 153569/column-utils.c cppfunc 58 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12428 153612/tile-swap.c cppfunc 148 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12429 67497/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_14.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_14_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_14_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_14_bad(); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 12430 72757/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_06.c cppfunc 48 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12431 148966/emem.c cppfunc 262 va_list ap; va_start(ap,fmt); g_vsnprintf(here, sizeof(here), fmt, ap); va_end(ap); 1 --------------------------------- 12432 70902/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_33.cpp cppfunc 46 char * &dataRef = data; char * data = dataRef; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12433 71213/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_82_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_82_goodG2B::action(wchar_t * data) wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 12434 66599/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12435 153399/cmdline.c cppfunc 106 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12436 67342/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_66.c cppfunc 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12437 110510/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_07.c cppfunc 137 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12438 153437/portalmem.c cppfunc 135 stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12439 153608/hashfn.c cppfunc 72 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12440 110373/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_14.c cppfunc 55 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12441 153250/color.c cppfunc 598 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12442 199275/invalid_memory_access.c cppfunc 209 char **ptr = (char**) malloc(5*sizeof(char*)); ptr[i]=(char*) malloc(15*sizeof(char)); ptr[i] = NULL; free(ptr); 1 --------------------------------- 12443 72210/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_62.cpp cppfunc 47 data = NULL; badSource(data); void badSource(wchar_t * &data); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12444 79382/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_goodG2B.cpp cppfunc 34 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 12445 72803/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_04.c cppfunc 47 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12446 72427/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_12.c cppfunc 45 data[100-1] = '\0'; data[50-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12447 72797/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_82_bad.cpp cppfunc 37 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_82_bad::action(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12448 153376/color.c cppfunc 90 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12449 72322/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_03.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12450 66363/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_63.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12451 110456/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_01.c cppfunc 39 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12452 153027/color.c cppfunc 90 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12453 70929/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_02.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12454 66357/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_51.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12455 153059/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&herman_nontemporal,"ABUSEFULNESS_ISOCLINE"); if (herman_nontemporal != 0) {; bcere_asclepiade = ((char *)herman_nontemporal); if (strlen(bcere_asclepiade) < 20) { realpath(bcere_asclepiade,stonesoup_base_path); if (herman_nontemporal != 0) free(((char *)herman_nontemporal)); 1 --------------------------------- 12456 153657/pgstat.c cppfunc 306 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12457 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c cppfunc 61 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 12458 73068/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_45.c cppfunc 34 data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_45_badData; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12459 149049/mem-bad.c cppfunc 21 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) p = strdup(str); printf("result: %s\n", p); free(p); free(p); 1 --------------------------------- 12460 72377/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_10.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12461 70500/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_05.c cppfunc 76 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12462 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c inputfunc 45 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 12463 70888/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_09.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12464 70866/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_62.cpp cppfunc 45 data = NULL; badSource(data); void badSource(char * &data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12465 153770/color.c cppfunc 577 return c - 32; return c; bipartisanship_zopilote = getenv("NOS_SCRAIGH"); maladroitly_rifler = ((char *)bipartisanship_zopilote); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, maladroitly_rifler); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 12466 71457/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_02.c cppfunc 46 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12467 153732/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&homogenetic_misforms,"ABBE_STAMFORD"); if (homogenetic_misforms != 0) {; nondemocracy_footworn = ((char *)homogenetic_misforms); tracepoint(stonesoup_trace, variable_buffer, "STONESOUP_TAINT_SOURCE", nondemocracy_footworn, "INITIAL-STATE"); for (stonesoup_i = 0; stonesoup_i < strlen(nondemocracy_footworn); ++stonesoup_i) { stonesoup_data.buffer[(int) nondemocracy_footworn[stonesoup_i]]); tracepoint(stonesoup_trace, variable_signed_integral, "((int) STONESOUP_TAINT_SOURCE[stonesoup_i])", ((int) nondemocracy_footworn[stonesoup_i]), &(nondemocracy_footworn[stonesoup_i]), "TRIGGER-STATE"); if (homogenetic_misforms != 0) free(((char *)homogenetic_misforms)); 1 --------------------------------- 12468 153409/config_file.c cppfunc 1244 void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); void megalochirous_lepero(tropicalih_homeborn senior_talas) hollong_rapture(senior_talas); void hollong_rapture(tropicalih_homeborn talwood_sunspots) disintegrated_restrains = ((char *)talwood_sunspots); stonesoup_buff_size = strlen(disintegrated_restrains) + 1; stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); disintegrated_restrains[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); 1 --------------------------------- 12469 70961/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_61.c cppfunc 42 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_61b_badSource(data); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12470 110335/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_34.c cppfunc 125 CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_34_unionType myUnion; int data = myUnion.unionSecond; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12471 70541/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82_goodG2B.cpp cppfunc 50 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12472 153430/string.c cppfunc 84 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12473 148881/packet-ipmi.c cppfunc 792 ipmi_add_timestamp(proto_tree *tree, gint hf, tvbuff_t *tvb, guint offset) guint32 ts = tvb_get_letohl(tvb, offset); char buf[64]; time_t t = ts; strftime(buf, sizeof(buf), "%F %T", gmtime(&t)); 1 --------------------------------- 12474 71489/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_61.c cppfunc 44 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_61b_badSource(data); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12475 153608/hashfn.c cppfunc 229 void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void diffusional_rememberers(int leftism_prothalline,char *purington_plagiarization) orangeness_prosabbatical = ((char *)purington_plagiarization); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(orangeness_prosabbatical))); memcpy(stonesoup_data->buffer, orangeness_prosabbatical, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 12476 110340/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_45.c cppfunc 60 int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_45_badData; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_45_badData = data; badSink(); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12477 70644/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_05.c cppfunc 152 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12478 72320/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_01.c cppfunc 36 data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12479 199233/buffer_overrun_dynamic.c cppfunc 155 int **buf = (int**) calloc(5,sizeof(int*)); buf[i]=(int*) calloc(5,sizeof(int)); for(i=0;i<5;i++) for(j=0;j<=5;j++) *(*(buf+i)+j)=i; free(buf[i]); free(buf); 1 --------------------------------- 12480 153345/eng_table.c cppfunc 891 collector_leadsmen = ((char *)( *( *( *( *( *( *( *( *( *( *superfine_degusts))))))))))[1]); strncpy(stonesoup_buffer, collector_leadsmen, stonesoup_buffer_len); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); *stonesoup_buffer_ptr = collector_leadsmen; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); 1 --------------------------------- 12481 70535/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67.c inputfunc 41 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67_structType myStruct); 1 --------------------------------- 12482 70535/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67.c cppfunc 44 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 12483 153108/color.c cppfunc 589 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *banshees_fastigiately; stonesoup_read_taint(&banshees_fastigiately,"DSEE_NGANHWEI"); sophy_enweave = ((char *)banshees_fastigiately); stonesoup_buffer = malloc((strlen(sophy_enweave) + 1) * sizeof(char )); strcpy(stonesoup_buffer,sophy_enweave); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&banshees_fastigiately,"DSEE_NGANHWEI"); sophy_enweave = ((char *)banshees_fastigiately); stonesoup_buffer = malloc((strlen(sophy_enweave) + 1) * sizeof(char )); strcpy(stonesoup_buffer,sophy_enweave); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 12484 72298/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_43.cpp cppfunc 44 data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12485 70944/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_17.c cppfunc 44 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12486 71634/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_62.cpp cppfunc 37 data = NULL; badSource(data); void badSource(int64_t * &data); memmove(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 1 --------------------------------- 12487 66604/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_64.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12488 152944/color.c cppfunc 599 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, peridinium_preresemblance, strlen(peridinium_preresemblance) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 12489 72972/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_45.c cppfunc 36 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_45_badData = data; badSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_45_badData; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12490 72383/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_16.c cppfunc 40 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12491 71465/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_10.c cppfunc 46 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12492 153437/portalmem.c cppfunc 545 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, atropine_nonalarmist, strlen(atropine_nonalarmist) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 12493 72969/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_42.c cppfunc 43 data[0] = L'\0'; return data; data = badSource(data); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12494 70458/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_11.c cppfunc 133 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12495 71021/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_82_bad.cpp cppfunc 31 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_82_bad::action(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12496 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c cppfunc 40 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12497 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c cppfunc 40 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12498 72295/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_34.c cppfunc 46 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_34_unionType myUnion; char * data = myUnion.unionSecond; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12499 72095/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_16.c cppfunc 41 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12500 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c cppfunc 39 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12501 70976/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_01.c cppfunc 39 data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12502 152951/mux.c cppfunc 106 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12503 153105/portalmem.c cppfunc 127 stonesoup_printf("Error: Failed to allocate memory\n"); s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12504 153509/color.c cppfunc 601 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12505 110329/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_18.c cppfunc 117 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12506 73011/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22.c cppfunc 39 data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_badSource(data); strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12507 72767/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_16.c cppfunc 45 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12508 153323/resowner.c cppfunc 179 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12509 153142/tile.c cppfunc 82 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12510 152946/file_wrappers.c cppfunc 126 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12511 153822/config_file.c cppfunc 121 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12512 72274/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_03.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12513 66598/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_52.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12514 67485/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_02.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_02_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_02_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_02_bad(); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 12515 110364/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_05.c cppfunc 62 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12516 72202/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_43.cpp cppfunc 51 data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12517 73013/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_32.c cppfunc 43 char * *dataPtr2 = &data; char * data = *dataPtr2; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12518 153091/mux.c cppfunc 944 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, airspeeds_toxcatl, strlen(airspeeds_toxcatl) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 12519 72862/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_15.c cppfunc 46 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12520 70400/CWE122_Heap_Based_Buffer_Overflow__CWE135_01.c cppfunc 41 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12521 66262/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_52.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12522 71386/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_43.cpp cppfunc 45 data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12523 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12524 73049/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_10.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12525 72893/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_82_bad.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_82_bad::action(char * data) strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12526 73252/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_43.cpp cppfunc 40 static void badSource(double * &data) data = NULL; badSource(data); data = (double *)malloc(sizeof(data)); *data = 1.7E300; printDoubleLine(*data); free(data); 1 --------------------------------- 12527 72773/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_32.c cppfunc 49 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12528 70499/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_04.c cppfunc 76 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12529 70880/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_01.c cppfunc 40 data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12530 72179/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_04.c cppfunc 53 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12531 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 12532 72963/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22.c cppfunc 41 data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_badSource(data); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12533 153801/tile-manager.c cppfunc 48 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12534 70453/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_06.c cppfunc 138 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12535 71173/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_06.c cppfunc 47 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 12536 152926/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12537 66261/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_51.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12538 72220/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_81_bad.cpp cppfunc 39 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_81_bad::action(wchar_t * data) const SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12539 72299/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_44.c cppfunc 31 static void badSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12540 110360/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_01.c cppfunc 52 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12541 153053/img2.c cppfunc 69 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12542 79397/CWE134_Uncontrolled_Format_String__char_console_fprintf_12.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); fprintf(stdout, "%s\n", data); 1 --------------------------------- 12543 79497/CWE134_Uncontrolled_Format_String__char_console_snprintf_16.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 12544 72858/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_11.c cppfunc 40 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12545 70418/CWE122_Heap_Based_Buffer_Overflow__CWE135_21.c cppfunc 37 dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; badSink(data); static void badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12546 72412/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_81_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_81_goodG2B::action(char * data) const strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12547 153545/main_filter_toolbar.c cppfunc 474 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(nonrevocation_reapproved, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); 1 --------------------------------- 12548 70674/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_62.cpp cppfunc 57 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12549 148881/packet-ldss.c cppfunc 384 dissect_ldss (tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) return dissect_ldss_broadcast(tvb, pinfo, tree); dissect_ldss_broadcast(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) messageID = tvb_get_ntohs (tvb, 0); digest_type = tvb_get_guint8 (tvb, 2); compression = tvb_get_guint8 (tvb, 3); cookie = tvb_get_ntohl (tvb, 4); digest = tvb_memdup (tvb, 8, DIGEST_LEN); size = tvb_get_ntoh64 (tvb, 40); offset = tvb_get_ntoh64 (tvb, 48); targetTime = tvb_get_ntohl (tvb, 56); port = tvb_get_ntohs (tvb, 64); rate = tvb_get_ntohs (tvb, 66); ? (long)floor(exp(rate * G_LN2 / 2048)) 1 --------------------------------- 12550 199233/buffer_overrun_dynamic.c cppfunc 312 int *buf=(int*) calloc(5,sizeof(int)); free(buf); dynamic_buffer_overrun_017_func_001(5); void dynamic_buffer_overrun_017_func_001 (int index) *(buf +index) = 1; free(buf); 1 --------------------------------- 12551 70972/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_81_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_81_goodG2B::action(char * data) const strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12552 153086/mem_dbg.c cppfunc 212 stonesoup_printf("Error: Failed to allocate memory\n"); s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12553 153233/bio_err.c cppfunc 92 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12554 67598/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_52.cpp cppfunc 41 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 12555 153521/mutex.c cppfunc 205 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, preguarantee_tartarize, strlen(preguarantee_tartarize) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 12556 72777/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_42.c cppfunc 47 data[100-1] = L'\0'; return data; data = badSource(data); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12557 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c cppfunc 44 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12558 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c cppfunc 41 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 12559 72755/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_04.c cppfunc 51 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12560 148966/emem.c inputfunc 305 ep_packet_mem.debug_use_canary = ep_packet_mem.debug_use_chunks && (getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == NULL); emem_init_chunk(&ep_packet_mem); emem_init_chunk(emem_header_t *mem) if (mem->debug_use_canary) emem_canary_init(mem->canary); if (mem->debug_use_chunks) emem_init_chunk(&ep_packet_mem); emem_canary_init(guint8 *canary) 1 --------------------------------- 12561 72106/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_43.cpp cppfunc 45 data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12562 70541/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82a.cpp inputfunc 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); baseObject->action(data); virtual void action(int data) = 0; 1 --------------------------------- 12563 153402/color.c cppfunc 626 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12564 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12565 153627/e_bf.c cppfunc 322 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *melvie_asylabia;; stonesoup_read_taint(&melvie_asylabia,"VICTIMISE_WALLSEND"); mopan_superhero[1] = melvie_asylabia; roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))] = mopan_superhero; aedoeology_enteroplasty = roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))]; annalist_asphyxiation = ((char *)aedoeology_enteroplasty[1]); strncpy(stonesoup_buffer, annalist_asphyxiation, stonesoup_buffer_len); stonesoup_buffer_ptr = malloc(65528); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "CROSSOVER-STATE"); *stonesoup_buffer_ptr = annalist_asphyxiation; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); free(stonesoup_buffer_ptr); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&melvie_asylabia,"VICTIMISE_WALLSEND"); mopan_superhero[1] = melvie_asylabia; roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))] = mopan_superhero; aedoeology_enteroplasty = roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))]; annalist_asphyxiation = ((char *)aedoeology_enteroplasty[1]); strncpy(stonesoup_buffer, annalist_asphyxiation, stonesoup_buffer_len); *stonesoup_buffer_ptr = annalist_asphyxiation; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); free(stonesoup_buffer_ptr); 1 --------------------------------- 12566 110516/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_13.c cppfunc 131 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12567 66360/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12568 72869/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_32.c cppfunc 45 char * *dataPtr2 = &data; char * data = *dataPtr2; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12569 153334/color.c cppfunc 118 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12570 70934/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_07.c cppfunc 49 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12571 73048/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_09.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12572 110386/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_43.cpp cppfunc 60 static void badSource(int &data) data = -1; badSource(data); char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12573 70769/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_61.c cppfunc 41 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_61b_badSource(data); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12574 152883/avpacket.c cppfunc 69 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12575 1634/snp10-bad.c cppfunc 43 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) <= MAXSIZE) test(userstr); test(char *str) buf = malloc(MAXSIZE); snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); free(buf); 1 --------------------------------- 12576 67490/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_07.c cppfunc 52 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_07_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_07_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_07_bad(); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 12577 70661/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_32.c cppfunc 149 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12578 79410/CWE134_Uncontrolled_Format_String__char_console_fprintf_41.c inputfunc 44 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badSink(data); static void badSink(char * data) fprintf(stdout, data); 1 --------------------------------- 12579 1630/snp8-bad.c cppfunc 43 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); free(buf); 1 --------------------------------- 12580 79434/CWE134_Uncontrolled_Format_String__char_console_printf_01.c inputfunc 38 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 12581 71478/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_33.cpp cppfunc 49 char * &dataRef = data; char * data = dataRef; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12582 153158/resowner.c cppfunc 723 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(loggets_cobleman, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 12583 110323/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_12.c cppfunc 123 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); data = 20; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12584 153456/portalmem.c cppfunc 107 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12585 153069/tile.c cppfunc 49 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12586 70994/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_21.c cppfunc 52 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = (wchar_t *)malloc(10*sizeof(wchar_t)); return data; data = badSource(data); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12587 70849/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_18.c cppfunc 42 data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12588 199233/buffer_overrun_dynamic.c cppfunc 95 long *buf=(long*) calloc(5,sizeof(long)); buf[i]=1; free(buf); 1 --------------------------------- 12589 153523/avdevice.c cppfunc 209 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; return c; union desc_pretrying tachypnoeic_prorata; int reposition_elephantoid = 596; char *russomania_unorderable;; stonesoup_read_taint(&russomania_unorderable,"9420",reposition_elephantoid); tachypnoeic_prorata . antaranga_vanquishable = russomania_unorderable; bediapers_collochemistry[5] = tachypnoeic_prorata; misteacher_faso = 5; heterochromic_jacobitely = &misteacher_faso; unbarricadoed_bretelle = *(bediapers_collochemistry + *heterochromic_jacobitely); inferiors_absorptiometer(squareflipper_bondless,unbarricadoed_bretelle); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, milkshop_domdaniel); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); void inferiors_absorptiometer(int grossification_emergently,union desc_pretrying phosphoresce_polyphonies) milkshop_domdaniel = ((char *)phosphoresce_polyphonies . antaranga_vanquishable); strcpy(stonesoup_data->buffer, milkshop_domdaniel); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&russomania_unorderable,"9420",reposition_elephantoid); tachypnoeic_prorata . antaranga_vanquishable = russomania_unorderable; unbarricadoed_bretelle = *(bediapers_collochemistry + *heterochromic_jacobitely); inferiors_absorptiometer(squareflipper_bondless,unbarricadoed_bretelle); int stonesoup_toupper(int c) return c - 32; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); 1 --------------------------------- 12590 71490/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_62.cpp cppfunc 47 data = NULL; badSource(data); void badSource(char * &data); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12591 62596/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 12592 72317/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_82_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_82_goodG2B::action(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12593 70886/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_07.c cppfunc 49 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12594 72800/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_01.c cppfunc 37 data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12595 110459/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_04.c cppfunc 49 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12596 72385/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_18.c cppfunc 38 data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12597 153378/stream.c cppfunc 126 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12598 70524/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45.c inputfunc 66 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45_badData = data; badSink(); int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45_badData; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 12599 110325/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_14.c cppfunc 118 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12600 152971/utils.c cppfunc 917 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(pennyleaf_murillo, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); 1 --------------------------------- 12601 70954/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_43.cpp cppfunc 48 data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12602 199275/invalid_memory_access.c cppfunc 586 invalid_memory_access_016_doubleptr_gbl=(char**) malloc(10*sizeof(char*)); invalid_memory_access_016_doubleptr_gbl[i]=(char*) malloc(10*sizeof(char)); strcpy(invalid_memory_access_016_doubleptr_gbl[i],"STRING00"); invalid_memory_access_016_func_002(); free (invalid_memory_access_016_doubleptr_gbl[i]); free(invalid_memory_access_016_doubleptr_gbl); 1 --------------------------------- 12603 70513/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_18.c cppfunc 69 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12604 70657/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_18.c cppfunc 145 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12605 72825/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_42.c cppfunc 43 data[0] = '\0'; return data; data = badSource(data); strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12606 153554/error.c cppfunc 239 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(beetlers_signalled, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 12607 73001/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_10.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12608 153080/main_statusbar.c cppfunc 148 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12609 153486/bufmgr.c cppfunc 138 stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12610 153077/file_wrappers.c cppfunc 134 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12611 153728/main_filter_toolbar.c cppfunc 79 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12612 72281/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_10.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12613 70646/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_07.c cppfunc 151 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12614 199289/null_pointer.c cppfunc 343 null_pointer_017dst = NULL; null_pointer_017dst = (char**) malloc(5*sizeof(char*)); null_pointer_017dst[i]=(char*) malloc(15*sizeof(char)); null_pointer_017_func_001(0); strcpy (null_pointer_017dst[i],"STRING"); null_pointer_017dst[i] = NULL; null_pointer_017dst = NULL; free(null_pointer_017dst); 1 --------------------------------- 12615 66924/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_33.cpp cppfunc 43 wchar_t * &dataRef = data; wchar_t * data = dataRef; source[100-1] = L'\0'; wcscat(data, source); 1 --------------------------------- 12616 71910/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_33.cpp cppfunc 47 twoIntsStruct * &dataRef = data; twoIntsStruct * data = dataRef; memmove(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 1 --------------------------------- 12617 72441/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_42.c cppfunc 42 data[100-1] = '\0'; return data; data = badSource(data); strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12618 70408/CWE122_Heap_Based_Buffer_Overflow__CWE135_09.c cppfunc 46 data = NULL; dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12619 148966/strutil.c cppfunc 299 format_text_wsp(const guchar *string, size_t len) c = *string++; if (isprint(c)) { } else if (isspace(c)) { 1 --------------------------------- 12620 110519/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_16.c cppfunc 132 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12621 79383/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_goodB2G.cpp cppfunc 34 va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); va_end(args); 1 --------------------------------- 12622 110462/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_07.c cppfunc 48 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12623 153448/cryptlib.c cppfunc 161 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12624 70448/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_01.c cppfunc 128 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12625 72977/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_61.c cppfunc 38 data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_61b_badSource(data); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12626 70931/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_04.c cppfunc 50 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12627 148966/strutil.c cppfunc 427 s = p+3; punct = s + 1; p = punct; q = p+1; else if (*q && isxdigit(*p) && isxdigit(*q)) { if (is_byte_sep(*punct)) { else if (*q && isxdigit(*p) && is_byte_sep(*q)) { is_byte_sep(guint8 c) if (is_byte_sep(*punct)) { p = punct; q = p+1; else if (*q && isxdigit(*p) && isxdigit(*q)) { if (is_byte_sep(*punct)) { p = punct; q = p+1; else if (*q && isxdigit(*p) && isxdigit(*q)) { else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; q = p+1; else if (*q && isxdigit(*p) && isxdigit(*q)) { hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; q = p+1; && isxdigit(*p) && isxdigit(*q) && p = punct; else if (*q && isxdigit(*p) && isxdigit(*q)) { p = q + 1; q = p+1; punct = q + 1; p = punct; if (is_byte_sep(*punct)) { else if (*q && isxdigit(*p) && isxdigit(*q)) { p = q; else if (*q && isxdigit(*p) && isxdigit(*q)) { 1 --------------------------------- 12628 110684/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_64.cpp cppfunc 40 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 12629 72305/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_61.c cppfunc 37 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_61b_badSource(data); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12630 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 12631 153037/color.c cppfunc 588 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, educand_epichil, strlen(educand_epichil) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); 1 --------------------------------- 12632 1626/snp6-bad.c inputfunc 42 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; if(strlen(userstr) <= MAXSIZE) test(userstr); test(char *str) snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); 1 --------------------------------- 12633 72996/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_05.c cppfunc 45 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12634 152978/column-utils.c cppfunc 2205 char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); void alniresinol_poeticising(char *discretely_pivotmen) czaric_nudenesses = ((char *)discretely_pivotmen); stonesoup_buffer = malloc((strlen(czaric_nudenesses) + 1) * sizeof(char )); strcpy(stonesoup_buffer,czaric_nudenesses); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); 1 --------------------------------- 12635 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12636 153440/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&commutating_persicaria,"REVOCATION_CONSUMPTIBLE"); if (commutating_persicaria != 0) {; danyelle_dulcetly = ((char *)commutating_persicaria); stonesoup_taint_len = ((int )(strlen(danyelle_dulcetly))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_heap_buff_64[stonesoup_buff_size] = danyelle_dulcetly[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "FINAL-STATE"); if (commutating_persicaria != 0) free(((char *)commutating_persicaria)); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); 1 --------------------------------- 12637 148881/ascend-scanner.c cppfunc 1474 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; ascendlval.d = strtol(ascendtext, NULL, 10); 1 --------------------------------- 12638 72444/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_45.c cppfunc 35 data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_45_badData; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12639 72102/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_33.cpp cppfunc 43 wchar_t * &dataRef = data; wchar_t * data = dataRef; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12640 199235/buffer_underrun_dynamic.c cppfunc 30 char *buf=(char*) calloc(5,sizeof(char)); buf[i]=1; free(buf); 1 --------------------------------- 12641 152997/stream.c cppfunc 74 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12642 110379/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22.c cppfunc 44 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22_badSource(data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12643 72097/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_18.c cppfunc 39 data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12644 66312/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12645 72860/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_13.c cppfunc 40 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12646 110369/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_10.c cppfunc 55 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12647 152935/config_file.c cppfunc 114 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12648 2082/strcat-bad2.c inputfunc 29 int main(int argc, char **argv){ if(argc > 2){ userstr = argv[1]; userstr2 = argv[2]; test(userstr,userstr2); void test(char *str, char *str2){ if(strlen(str) < MAXSIZE) strcpy(buf, str); printf(" strcpy: %s%s%s\n", pre, buf, post); if(strlen(buf) + strlen(str2) <= MAXSIZE) strcat(buf, str2); printf("results: %s%s%s\n", pre, buf, post); 1 --------------------------------- 12649 70509/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_14.c cppfunc 70 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12650 153170/column-utils.c cppfunc 58 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12651 73002/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_11.c cppfunc 38 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12652 148966/packet-http.c cppfunc 792 gint next_offset; tvb_ensure_length_remaining(tvb, offset), &next_offset, FALSE); if (!req_resp_hdrs_do_reassembly(tvb, offset, pinfo, return -1; line = tvb_get_ptr(tvb, offset, first_linelen); orig_offset = offset; ti = proto_tree_add_item(tree, proto_http, tvb, offset, -1, headers.content_length = 0; while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, tvb_ensure_length_remaining(tvb, offset), &next_offset, linelen = tvb_find_line_end(tvb, offset, FALSE); linelen = tvb_find_line_end(tvb, offset, return -1; line = tvb_get_ptr(tvb, offset, linelen); linelen, &http_type, &reqresp_dissector, conv_data); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) tvb_ensure_bytes_exist(tvb, offset, linelen + 1); while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, line = tvb_get_ptr(tvb, offset, linelen); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) hf_http_request_full_uri, tvb, 0, hf_http_notification, tvb, 0, 0, 1); hf_http_response, tvb, 0, 0, 1); hf_http_request, tvb, 0, 0, 1); datalen = tvb_length_remaining(tvb, offset); datalen = (int)headers.content_length; reported_datalen = tvb_reported_length_remaining(tvb, offset); datalen = 0; datalen = 0; next_tvb = tvb_new_subset(tvb, offset, datalen, tvb_set_child_real_data_tvbuff(tvb, uncomp_tvb = tvb_child_uncompress(tvb, next_tvb, 0, proto_item_set_len(ti, offset); offset += datalen; return offset - orig_offset; int offset = 0; len = dissect_http_message(tvb, offset, pinfo, tree, conv_data); offset += len; while (tvb_reported_length_remaining(tvb, offset) != 0) { len = dissect_http_message(tvb, offset, pinfo, tree, conv_data); dissect_http_message(tvbuff_t *tvb, int offset, packet_info *pinfo, first_linelen = tvb_find_line_end(tvb, offset, line = tvb_get_ptr(tvb, offset, first_linelen); while (tvb_reported_length_remaining(tvb, offset) != 0) { linelen = tvb_find_line_end(tvb, offset, line = tvb_get_ptr(tvb, offset, linelen); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) dissect_http(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) while (tvb_reported_length_remaining(tvb, offset) != 0) { len = dissect_http_message(tvb, offset, pinfo, tree, conv_data); static int is_http_request_or_reply(const gchar *data, int linelen, line = tvb_get_ptr(tvb, offset, linelen); linep = line; c = *linep++; if (!isascii(c)) if (iscntrl(c)) dissect_http_udp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) dissect_http_message(tvb, 0, pinfo, tree, conv_data); 1 --------------------------------- 12653 153291/color.c cppfunc 591 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); void stonesoup_handle_taint(char *nonvulvar_morganatical) tempters_telekineses = ((char *)nonvulvar_morganatical); stonesoup_buff_size = strlen(tempters_telekineses) + 1; tempters_telekineses[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = free (stonesoup_other_buff); 1 --------------------------------- 12654 72401/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_61.c cppfunc 37 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_61b_badSource(data); strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12655 110384/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_41.c cppfunc 36 intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_41_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_41_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12656 72341/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_32.c cppfunc 44 char * *dataPtr2 = &data; char * data = *dataPtr2; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12657 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12658 153480/bss_file.c inputfunc 307 japanization_triformous = getenv("COINFINITE_MONOSOME"); if (japanization_triformous != 0) {; relandscaping_incogitance = japanization_triformous; redisputed_gyratory = &relandscaping_incogitance; yagourundi_nonpendency = redisputed_gyratory + 5; ackton_humphreys(podophyllum_melosa,yagourundi_nonpendency); void ackton_humphreys(int currencies_pickiest,propitiating_phociform *fellahin_gove) ackton_humphreys(currencies_pickiest,fellahin_gove); cobstone_zostera = ((char *)( *(fellahin_gove - 5))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(cobstone_zostera)+1, cobstone_zostera, "TRIGGER-STATE"); strncpy(stonesoup_data, cobstone_zostera, strlen(cobstone_zostera) + 1); 1 --------------------------------- 12659 72290/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_21.c cppfunc 49 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12660 72947/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_04.c cppfunc 47 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12661 110313/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_02.c cppfunc 118 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12662 72189/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_14.c cppfunc 46 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12663 71170/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_03.c cppfunc 43 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 12664 72779/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_44.c cppfunc 36 static void badSink(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12665 153143/utf.c cppfunc 95 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12666 72394/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_43.cpp cppfunc 44 data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12667 70992/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_17.c cppfunc 43 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12668 153607/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&enation_lithonephritis,"EUBANK_RESEARCHER"); if (enation_lithonephritis != 0) {; referees_offensive = ((char *)enation_lithonephritis); strcpy(stonesoup_data.buffer, referees_offensive); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data.buffer); for (stonesoup_i = 0; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "FINAL-STATE"); if (enation_lithonephritis != 0) free(((char *)enation_lithonephritis)); int stonesoup_toupper(int c) return c; stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); 1 --------------------------------- 12669 70527/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53.c inputfunc 35 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53b_badSink(int data); 1 --------------------------------- 12670 70527/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53.c cppfunc 38 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 1 --------------------------------- 12671 67348/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_81a.cpp cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12672 71367/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_08.c cppfunc 54 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12673 72204/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_45.c cppfunc 42 data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_45_badData = data; badSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_45_badData; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12674 153679/avdevice.c cppfunc 72 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12675 70893/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_14.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12676 79482/CWE134_Uncontrolled_Format_String__char_console_snprintf_01.c inputfunc 44 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 12677 67744/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_54.cpp cppfunc 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 1 --------------------------------- 12678 72826/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_43.cpp cppfunc 45 data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12679 72989/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_82_bad.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_82_bad::action(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12680 62964/CWE121_Stack_Based_Buffer_Overflow__CWE135_17.c cppfunc 42 data = NULL; data = (void *)WIDE_STRING; memcpy(dest, data, (dataLen+1)); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 12681 62964/CWE121_Stack_Based_Buffer_Overflow__CWE135_17.c cppfunc 45 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12682 67500/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_17.c cppfunc 48 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_17_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_17_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 12683 72848/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_01.c cppfunc 37 data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12684 72321/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_02.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12685 153257/mem_dbg.c cppfunc 241 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12686 72338/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_21.c cppfunc 49 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12687 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 12688 71626/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_43.cpp cppfunc 40 data = (int64_t *)malloc(50*sizeof(int64_t)); memmove(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 1 --------------------------------- 12689 153649/pmsignal.c cppfunc 117 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12690 153102/cryptlib.c cppfunc 191 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12691 153001/avpacket.c cppfunc 467 airbrushed_aneurysms = ((char *)( *(philocathartic_pteridospermae - 5)) . collaterally_syzran); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(airbrushed_aneurysms))); memcpy(stonesoup_data->buffer, airbrushed_aneurysms, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 12692 66359/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12693 72291/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22.c cppfunc 40 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_badSource(data); memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12694 110548/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_81_goodG2B.cpp cppfunc 37 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_81_goodG2B::action(int data) const intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12695 72944/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_01.c cppfunc 37 data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12696 153088/mux.c cppfunc 102 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12697 67484/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_01.c cppfunc 45 charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_01_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_01_bad(); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 12698 70989/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_14.c cppfunc 42 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12699 67435/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_63.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12700 72209/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_61.c cppfunc 44 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_61b_badSource(data); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12701 71778/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_62.cpp cppfunc 37 data = NULL; badSource(data); void badSource(int * &data); memmove(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 1 --------------------------------- 12702 72871/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_34.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_34_unionType myUnion; char * data = myUnion.unionSecond; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12703 152908/utils.c cppfunc 2586 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12704 153214/pgstat.c cppfunc 4141 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); 1 --------------------------------- 12705 153259/emem.c cppfunc 2024 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); void telergic_rethreaded(int unbrutelike_linwood,void **colluder_dextroduction) inexhaustibly_maylike = ((char *)((char *)( *colluder_dextroduction))); stonesoup_taint_len = ((int )(strlen(inexhaustibly_maylike))); stonesoup_data->buffer[stonesoup_buff_size] = inexhaustibly_maylike[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free(stonesoup_data); 1 --------------------------------- 12706 110365/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_06.c cppfunc 59 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12707 71375/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_16.c cppfunc 41 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12708 67378/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_43.cpp cppfunc 42 data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscat(dest, data); 1 --------------------------------- 12709 153781/emem.c cppfunc 1164 return c - 32; rubbery_brilliant = getenv("FAIRLY_INCOHERENCY"); miscalculating_abevacuation = ((int )(strlen(rubbery_brilliant))); turmet_clerkish = ((char *)(malloc(miscalculating_abevacuation + 1))); memset(turmet_clerkish,0,miscalculating_abevacuation + 1); memcpy(turmet_clerkish,rubbery_brilliant,miscalculating_abevacuation); aleatoric_muslim = &turmet_clerkish; absent_harleian = ((char *)( *aleatoric_muslim)); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, absent_harleian); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); 1 --------------------------------- 12710 72201/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_42.c cppfunc 49 data[0] = L'\0'; return data; data = badSource(data); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12711 71185/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_18.c cppfunc 42 data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 12712 72426/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_11.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12713 66315/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_63.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12714 153688/column.c cppfunc 1303 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(underseal_tectona, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); 1 --------------------------------- 12715 153262/color.c cppfunc 118 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12716 153282/file_wrappers.c cppfunc 126 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12717 153633/bufmgr.c cppfunc 2733 lickspittle_eroding coefficacy_bedwell = 0; va_list azymite_petroleum; __builtin_va_start(azymite_petroleum,medicining_pareu); coefficacy_bedwell = (va_arg(azymite_petroleum,lickspittle_eroding )); GREYING_CHAIRWOMAN(coefficacy_bedwell); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void northerners_yowie(lickspittle_eroding worthies_halfpence) characterology_nontempered = ((char *)worthies_halfpence); stonesoup_buffer = malloc((strlen(characterology_nontempered) + 1) * sizeof(char )); strcpy(stonesoup_buffer,characterology_nontempered); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 12718 72856/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_09.c cppfunc 40 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12719 153731/img2.c cppfunc 41 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12720 148881/tshark.c inputfunc 718 main(int argc, char *argv[]) init_progfile_dir_error = init_progfile_dir(argv[0], main); if (init_progfile_dir_error != NULL) { init_progfile_dir_error); fprintf(stderr, "tshark: Can't get pathname of tshark program: %s.\n", while ((opt = getopt(argc, argv, optstring)) != -1) { switch (opt) { if (argc >= 2 && strcmp(argv[1], "-G") == 0) { if (argc == 2) if (strcmp(argv[2], "fields") == 0) else if (strcmp(argv[2], "fields2") == 0) else if (strcmp(argv[2], "fields3") == 0) else if (strcmp(argv[2], "protocols") == 0) else if (strcmp(argv[2], "values") == 0) else if (strcmp(argv[2], "decodes") == 0) else if (strcmp(argv[2], "defaultprefs") == 0) else if (strcmp(argv[2], "currentprefs") == 0) { cmdarg_err("Invalid \"%s\" option for -G flag", argv[2]); while ((opt = getopt(argc, argv, optstring)) != -1) { switch (opt) { status = capture_opts_add_opt(&global_capture_opts, opt, optarg, &start_capture); if(status != 0) { exit(status); if (optind < argc) { rfilter = get_args_as_string(argc, argv, optind); global_capture_opts.cfilter = get_args_as_string(argc, argv, optind); cfile.cinfo.col_buf[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_INFO_LEN); for (i = 0; i < cfile.cinfo.num_cols; i++) { if (cfile.cinfo.col_fmt[i] == COL_CUSTOM) { get_column_format_matches(cfile.cinfo.fmt_matx[i], cfile.cinfo.col_fmt[i]); if (cfile.cinfo.col_fmt[i] == COL_INFO) cfile.cinfo.col_buf[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN); cfile.cinfo.col_expr.col_expr[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN); cfile.cinfo.col_expr.col_expr_val[i] = (gchar *) g_malloc(sizeof(gchar) * COL_MAX_LEN); for (i = 0; i < cfile.cinfo.num_cols; i++) { if (!cfile.cinfo.fmt_matx[i][j]) if (cfile.cinfo.col_first[j] == -1) capture_opts_trim_snaplen(&global_capture_opts, MIN_PACKET_SIZE); capture_opts_trim_ring_num_files(&global_capture_opts); if (rfilter != NULL) { if (!dfilter_compile(rfilter, &rfcode)) { if (pcap_compile(pc, &fcode, rfilter, 0, 0) != -1) { print_current_user(); err = load_cap_file(&cfile, global_capture_opts.save_file, out_file_type, global_capture_opts.has_autostop_packets ? global_capture_opts.autostop_packets : 0, global_capture_opts.has_autostop_filesize ? global_capture_opts.autostop_filesize : 0); if (!capture_opts_trim_iface(&global_capture_opts, status = capture_opts_list_link_layer_types(&global_capture_opts, FALSE); exit(status); capture(); if (!write_finale()) { cmdarg_err(const char *fmt, ...) static int load_cap_file(capture_file *, char *, int, int, gint64); global_capture_opts.has_autostop_packets ? global_capture_opts.autostop_packets : 0, global_capture_opts.has_autostop_filesize ? global_capture_opts.autostop_filesize : 0); 1 --------------------------------- 12721 153512/color.c cppfunc 118 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12722 73018/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_43.cpp cppfunc 43 data[100-1] = '\0'; strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12723 153394/error.c cppfunc 715 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, synezisis_dimercury, strlen(synezisis_dimercury) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); 1 --------------------------------- 12724 70846/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_15.c cppfunc 49 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12725 70951/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_34.c cppfunc 50 CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_34_unionType myUnion; char * data = myUnion.unionSecond; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12726 148881/tshark.c cppfunc 1593 print_usage(gboolean print_ver) capture_opts_init(&global_capture_opts, &cfile); if (strcmp(argv[2], "fields") == 0) else if (strcmp(argv[2], "fields2") == 0) else if (strcmp(argv[2], "protocols") == 0) else if (strcmp(argv[2], "decodes") == 0) cmdarg_err("Invalid \"%s\" option for -G flag", argv[2]); while ((opt = getopt(argc, argv, optstring)) != -1) { status = capture_opts_add_opt(&global_capture_opts, opt, optarg, &start_capture); status = capture_opts_list_interfaces(FALSE); print_usage(TRUE); global_capture_opts.has_cfilter = TRUE; global_capture_opts.cfilter = get_args_as_string(argc, argv, optind); if (strcmp(global_capture_opts.save_file, "-") == 0 && print_packet_info) { capture_opts_trim_snaplen(&global_capture_opts, MIN_PACKET_SIZE); capture_opts_trim_ring_num_files(&global_capture_opts); if (!capture_opts_trim_iface(&global_capture_opts, status = capture_opts_list_link_layer_types(&global_capture_opts, FALSE); exit(status); main(int argc, char *argv[]) init_progfile_dir_error = init_progfile_dir(argv[0], main); optind_initial = optind; while ((opt = getopt(argc, argv, optstring)) != -1) { optind = optind_initial; if (argc >= 2 && strcmp(argv[1], "-G") == 0) { else if (strcmp(argv[2], "fields3") == 0) else if (strcmp(argv[2], "values") == 0) else if (strcmp(argv[2], "defaultprefs") == 0) else if (strcmp(argv[2], "currentprefs") == 0) { while ((opt = getopt(argc, argv, optstring)) != -1) { print_usage(TRUE); global_capture_opts.cfilter = get_args_as_string(argc, argv, optind); print_usage(FALSE); if (strcmp(global_capture_opts.save_file, "-") == 0) { status = capture_opts_list_link_layer_types(&global_capture_opts, FALSE); exit(status); cmdarg_err(const char *fmt, ...) while ((opt = getopt(argc, argv, optstring)) != -1) { global_capture_opts.cfilter = get_args_as_string(argc, argv, optind); status = capture_opts_list_link_layer_types(&global_capture_opts, FALSE); exit(status); 1 --------------------------------- 12727 71176/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_09.c cppfunc 43 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 12728 153823/string.c cppfunc 1117 void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); void amortises_scillonian(void *const assagaiing_noncontumacious) HEMOLYZED_MYTHOHISTORIC(assagaiing_noncontumacious); void suppos_aphotic(void *telephony_pranced) denounced_replaying = ((char *)((char *)((void *)telephony_pranced))); stonesoup_buff_size = strlen(denounced_replaying) + 1; stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); denounced_replaying[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); 1 --------------------------------- 12729 153675/aviobuf.c cppfunc 1026 return c - 32; nazism_tuchunism = getenv("LACERTA_TWEYFOLD"); kartvel_leer = 1; virgilia_serpentarii = &nazism_tuchunism; summarise_metropolises = ((char **)(((unsigned long )virgilia_serpentarii) * kartvel_leer * kartvel_leer)) + 5; preexpend_gte = ((char *)( *(summarise_metropolises - 5))); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(preexpend_gte))); stonesoup_data->buffer[stonesoup_buff_size] = preexpend_gte[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); 1 --------------------------------- 12730 72771/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22.c cppfunc 45 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_badSource(data); SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12731 153268/mux.c cppfunc 73 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12732 70476/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_45.c cppfunc 74 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12733 153196/main_filter_toolbar.c cppfunc 111 stonesoup_printf("%s\n",stonesoup_base_path); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12734 110324/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_13.c cppfunc 118 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12735 72425/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_10.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12736 153708/bss_file.c inputfunc 167 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&lectionary_metallist,"PHOTOETCHING_INQUILINISM"); if (lectionary_metallist != 0) {; carnified_muddlement = lectionary_metallist; genetyllis_procure = ((char *)carnified_muddlement); stonesoup_fp = stonesoup_switch_func(genetyllis_procure); if (carnified_muddlement != 0) free(((char *)carnified_muddlement)); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); return fct_ptr_addr; stonesoup_fp = stonesoup_switch_func(genetyllis_procure); tracepoint(stonesoup_trace, variable_address, "stonesoup_fp", stonesoup_fp, "TRIGGER-STATE"); stonesoup_cmp_flag = ( *stonesoup_fp)(stonesoup_rand_word,genetyllis_procure); if (stonesoup_cmp_flag == 0) 1 --------------------------------- 12737 153545/main_filter_toolbar.c cppfunc 111 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12738 70838/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_07.c cppfunc 49 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12739 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12740 152922/column.c cppfunc 1290 return c - 32; return c; pyretic_gunmen(borocarbide_lituite,monomya_graving); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, exchanger_autophytography); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); void stonesoup_handle_taint(char *attemperator_goodly) enviroment_peripheroceptor[7] = attemperator_goodly; dogfishes_panspermatist = enviroment_peripheroceptor; pyretic_gunmen(topotaxis_limmu,dogfishes_panspermatist); void pyretic_gunmen(int borocarbide_lituite,char **monomya_graving) exchanger_autophytography = ((char *)monomya_graving[7]); strcpy(stonesoup_data->buffer, exchanger_autophytography); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 12741 153732/color.c cppfunc 118 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12742 70859/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_44.c cppfunc 36 static void badSink(char * data) memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12743 72586/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_43.cpp cppfunc 44 data[100-1] = L'\0'; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 1 --------------------------------- 12744 71404/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_81_goodG2B.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_81_goodG2B::action(char * data) const strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12745 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 12746 153403/error.c cppfunc 102 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12747 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c inputfunc 50 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badSink(data); static void badSink(char * data) fprintf(stdout, data); 1 --------------------------------- 12748 153066/portalmem.c cppfunc 516 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(affidavits_shortschat, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); 1 --------------------------------- 12749 72443/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_44.c cppfunc 31 static void badSink(char * data) strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12750 72192/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_17.c cppfunc 47 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12751 148966/strutil.c cppfunc 389 s = p+3; && isxdigit(*p) && isxdigit(*q) && isxdigit(*r) && isxdigit(*s)) { punct = s + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; p = punct; p = q; q = p+1; && isxdigit(*p) && isxdigit(*q) && if (is_byte_sep(*punct)) { else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; && isxdigit(*p) && isxdigit(*q) && hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; q = p+1; && isxdigit(*p) && isxdigit(*q) && p = q + 1; q = p+1; && isxdigit(*p) && isxdigit(*q) && is_byte_sep(guint8 c) if (is_byte_sep(*punct)) { p = punct; q = p+1; && isxdigit(*p) && isxdigit(*q) && if (is_byte_sep(*punct)) { p = punct; q = p+1; && isxdigit(*p) && isxdigit(*q) && else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; q = p+1; && isxdigit(*p) && isxdigit(*q) && 1 --------------------------------- 12752 153182/color.c cppfunc 566 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(idiocrasy_victrices, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); 1 --------------------------------- 12753 152952/resowner.c cppfunc 167 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12754 72797/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_82_goodG2B.cpp cppfunc 37 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_82_goodG2B::action(wchar_t * data) SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12755 110383/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_34.c cppfunc 62 CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_34_unionType myUnion; int data = myUnion.unionSecond; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12756 72182/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_07.c cppfunc 52 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12757 153144/avpacket.c cppfunc 72 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12758 153272/color.c cppfunc 90 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12759 153159/timestamp.c cppfunc 79 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12760 153394/error.c cppfunc 101 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12761 72082/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_03.c cppfunc 40 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12762 153515/color.c cppfunc 120 stonesoup_printf("%s\n", stonesoup_data.buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12763 148966/packet-sdp.c cppfunc 1356 bytes_tvb = tvb_new_child_real_data(tvb, buf, i, i); proto_tree_add_text(tree, tvb, offset, tokenlen, "Debug; Analysed string: '%s'", next_offset = tvb_find_guint8(tvb, offset, -1, '='); offset = next_offset; offset++; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_fmtp_mpeg4_profile_level_id, tvb, offset, tokenlen, atol((char*)format_specific_parameter)); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_fmtp_h263_profile, tvb, offset, tokenlen, format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_fmtp_h263_level, tvb, offset, tokenlen, format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); proto_tree_add_text(tree, tvb, offset, tokenlen, "Could not convert '%s' to 3 bytes", format_specific_parameter); item = proto_tree_add_text(tree, tvb, offset, tokenlen, "Incorrectly coded, must be three bytes"); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); item = proto_tree_add_uint(tree, hf_sdp_h264_packetization_mode, tvb, offset, tokenlen, comma_offset = tvb_find_guint8(tvb, offset, -1, ','); data_p = tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_text(tree, tvb, offset, tokenlen, "NAL unit 1 string: %s", data_p); data_tvb = base64_to_tvb(tvb, data_p); show_reported_bounds_error(tvb, pinfo, tree); data_p = tvb_get_ephemeral_string(tvb, offset, tokenlen); proto_tree_add_text(tree, tvb, offset, tokenlen, "NAL unit 2 string: %s", data_p); data_tvb = base64_to_tvb(tvb, data_p); (tvb_strncaseeql(tvb, offset, sdp_media_attribute_names[i].name, len) == 0)) offset = 0; colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = colon_offset + 1; offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); hf_media_format, tvb, offset, media_format = atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen)); payload_type = tvb_get_ephemeral_string(tvb, offset, tokenlen); offset = next_offset + 1; next_offset = tvb_find_guint8(tvb, offset, -1, ';'); offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset= tvb_length(tvb); tokenlen = next_offset - offset; hf_media_format_specific_parameter, tvb, decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, hf_media_format_specific_parameter, tvb, offset = next_offset + 1; offset, tokenlen, ENC_ASCII|ENC_NA); decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, decode_sdp_fmtp(proto_tree *tree, tvbuff_t *tvb, packet_info *pinfo, gint offset, gint tokenlen, char *mime_type) { end_offset = offset + tokenlen; proto_tree_add_text(tree, tvb, offset, tokenlen, "Debug; Analysed string: '%s'", next_offset = tvb_find_guint8(tvb, offset, -1, '='); field_name = tvb_get_ephemeral_string(tvb, offset, tokenlen); tokenlen = end_offset - offset; format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); atol((char*)format_specific_parameter)); decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, hf_media_format_specific_parameter, tvb, decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); next_offset = tvb_find_guint8(tvb, offset, -1, ';'); hf_media_format_specific_parameter, tvb, decode_sdp_fmtp(fmtp_tree, tvb, pinfo, offset, tokenlen, ascii_bytes_to_tvb(tvbuff_t *tvb, packet_info *pinfo, gint len, gchar *msg) data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); format_specific_parameter = tvb_get_ephemeral_string(tvb, offset, tokenlen); data_tvb = ascii_bytes_to_tvb(tvb, pinfo, tokenlen, format_specific_parameter); 1 --------------------------------- 12764 70997/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_32.c cppfunc 47 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12765 70949/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_32.c cppfunc 48 char * *dataPtr2 = &data; char * data = *dataPtr2; strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12766 72717/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_14.c cppfunc 39 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 12767 152892/oids.c cppfunc 1368 return c - 32; return c; coproprietors_physiologize = ((char *)(unerring_emboldening - 5)[24]); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, coproprietors_physiologize); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 12768 153720/resowner.c cppfunc 740 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 12769 110521/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_18.c cppfunc 130 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12770 71461/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_06.c cppfunc 50 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12771 66645/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_51.c cppfunc 38 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12772 153403/error.c cppfunc 729 return c - 32; objectionably_seamy = ((char *)(overconcerning_carcharias - 5)[55]); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(objectionably_seamy))); stonesoup_data->buffer[stonesoup_buff_size] = objectionably_seamy[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); 1 --------------------------------- 12773 153193/color.c cppfunc 588 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, watercolourist_seibert, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 12774 153544/color.c cppfunc 90 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12775 72946/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_03.c cppfunc 40 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12776 153753/color.c cppfunc 118 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12777 110531/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_44.c cppfunc 56 static void badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12778 70853/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_32.c cppfunc 48 char * *dataPtr2 = &data; char * data = *dataPtr2; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12779 153181/mux.c cppfunc 969 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 12780 72197/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_32.c cppfunc 51 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12781 72449/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_61.c cppfunc 37 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_61b_badSource(data); strncpy(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12782 153649/pmsignal.c cppfunc 419 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(drexel_boanthropy, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); void stonesoup_printf(char * format, ...) { free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); 1 --------------------------------- 12783 152898/color.c cppfunc 90 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12784 153314/color.c cppfunc 608 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 12785 199283/memory_allocation_failure.c cppfunc 205 memory_allocation_failure_006_gbl_doubleptr=(int**) malloc(10*sizeof(int*)); memory_allocation_failure_006_gbl_doubleptr[i][0] =10; memory_allocation_failure_006_func_002(); if(memory_allocation_failure_006_func_001(flag)==0) memory_allocation_failure_006_gbl_doubleptr[i] = NULL; free(memory_allocation_failure_006_gbl_doubleptr); 1 --------------------------------- 12786 72881/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_61.c cppfunc 38 data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_61b_badSource(data); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12787 110480/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_41.c cppfunc 34 intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); data = -1; fscanf(stdin, "%d", &data); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_41_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_41_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12788 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c inputfunc 52 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 12789 72364/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_81_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_81_goodG2B::action(char * data) const memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12790 152906/tile.c cppfunc 80 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12791 153002/hashfn.c cppfunc 181 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, lamentedly_geulincx, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 12792 153331/emem.c cppfunc 2025 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, faham_bacilliparous, strlen(faham_bacilliparous) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 12793 79451/CWE134_Uncontrolled_Format_String__char_console_printf_18.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 12794 153495/timestamp.c cppfunc 81 stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12795 72114/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_62.cpp cppfunc 41 data = NULL; badSource(data); void badSource(wchar_t * &data); wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12796 149125/heap_overflow_cplx-bad.c cppfunc 72 return NULL; t[i] = '\0'; return t; buf = malloc(25*sizeof(char)); char *t = rand_text(); strcpy(buf,t); printf("%s\n", buf); free(buf); 1 --------------------------------- 12797 110336/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_41.c cppfunc 56 intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_41_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_41_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12798 66565/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_82a.cpp cppfunc 31 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12799 72198/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_33.cpp cppfunc 49 wchar_t * &dataRef = data; wchar_t * data = dataRef; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12800 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c inputfunc 52 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 12801 72273/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_02.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12802 153240/color.c cppfunc 561 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, shipwrecks_scrawly, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 12803 153617/emem.c cppfunc 205 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12804 153011/eng_table.c cppfunc 503 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, scylla_rachitomy, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 12805 73056/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_17.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12806 70668/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_45.c cppfunc 74 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12807 148881/diam_dict.c cppfunc 1565 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; D(("%s\n",DiamDicttext);); *yy_cp = (yy_hold_char); int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( DiamDictwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; *attr_uint = strtoul(DiamDicttext,NULL,10); static void ddict_debug(const char* fmt, ...); *attr_uint = strtoul(DiamDicttext,NULL,10); 1 --------------------------------- 12808 73047/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_08.c cppfunc 52 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12809 153293/timestamp.c cppfunc 204 void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void sulphobenzoate_syrtis(char **mercature_disjected) dishtowels_phytophylogeny = ((char *)mercature_disjected[36]); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(dishtowels_phytophylogeny))); memcpy(stonesoup_data->buffer, dishtowels_phytophylogeny, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 12810 62975/CWE121_Stack_Based_Buffer_Overflow__CWE135_44.c cppfunc 32 static void badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 12811 62975/CWE121_Stack_Based_Buffer_Overflow__CWE135_44.c cppfunc 35 static void badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12812 66597/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_51.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12813 199284/memory_allocation_failure.c cppfunc 224 char buf[][25]={"This is a String", memory_allocation_failure_007_str_gbl = memory_allocation_failure_007_func_001(buf[j]); static char * memory_allocation_failure_007_func_001 (char *str1) static_var = strlen(str1); memory_allocation_failure_007_str_gbl = (char *) malloc(static_var+1); 1 --------------------------------- 12814 153279/dynahash.c cppfunc 1557 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); return c - 32; stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void stonesoup_handle_taint(char *autoecic_feigned) undershrievery_thursby = autoecic_feigned; aleurites_congenite = &undershrievery_thursby; plagiocephaly_bitripinnatifid = aleurites_congenite + 5; chaos_onflemed = ((char *)( *(plagiocephaly_bitripinnatifid - 5))); stonesoup_taint_len = ((int )(strlen(chaos_onflemed))); stonesoup_heap_buff_64[stonesoup_buff_size] = chaos_onflemed[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free(stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); 1 --------------------------------- 12815 67339/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_63.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12816 70454/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_07.c cppfunc 138 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12817 70749/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_14.c cppfunc 42 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12818 153677/color.c cppfunc 118 stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12819 72874/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_43.cpp cppfunc 45 data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12820 70937/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_10.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12821 72396/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_45.c cppfunc 35 data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_45_badData; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12822 153306/error.c cppfunc 709 whisperable_discutable = ((char *)approximative_stewed . holabird_salinometer); stonesoup_buffer = malloc((strlen(whisperable_discutable) + 1) * sizeof(char )); strcpy(stonesoup_buffer,whisperable_discutable); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 12823 73059/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22.c cppfunc 39 data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_badSource(data); strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12824 153728/main_filter_toolbar.c cppfunc 436 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, schmuck_impeded, strlen(schmuck_impeded) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 12825 70658/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_21.c cppfunc 74 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12826 72761/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_10.c cppfunc 44 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); printWLine(data); free(data); 1 --------------------------------- 12827 72391/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_34.c cppfunc 46 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_34_unionType myUnion; char * data = myUnion.unionSecond; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12828 153510/tile.c cppfunc 88 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12829 71364/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_05.c cppfunc 47 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12830 72089/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_10.c cppfunc 40 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12831 71393/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_61.c cppfunc 38 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_61b_badSource(data); strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12832 199235/buffer_underrun_dynamic.c cppfunc 338 int *buf=(int*) calloc(5,sizeof(int)); int indexes[4] = {3, 4, 5, 6}; *(buf-indexes[index]) = 1; free(buf); 1 --------------------------------- 12833 153827/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12834 73073/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_61.c cppfunc 36 data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_61b_badSource(data); strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12835 153821/heapam.c cppfunc 136 for (stonesoup_i = 0; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_i", stonesoup_i, &stonesoup_i, "FINAL-STATE"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12836 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82_bad.cpp cppfunc 33 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12837 69858/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_62.cpp cppfunc 37 data = NULL; badSource(data); void badSource(int * &data); memcpy(data, source, 10*sizeof(int)); printIntLine(data[0]); free(data); 1 --------------------------------- 12838 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c cppfunc 41 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 12839 72851/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_04.c cppfunc 47 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12840 75596/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_81_goodG2B.cpp cppfunc 31 void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_81_goodG2B::action(wchar_t * data) const source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 12841 153749/color.c cppfunc 118 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12842 153349/img2.c cppfunc 159 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); stonesoup_data->buff_pointer = stonesoup_data->buffer; strncpy(stonesoup_data->buffer, cognomina_cyanitic, strlen(cognomina_cyanitic) + 1); stonesoup_ptr_deref = strlen( stonesoup_data->buff_pointer); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 12843 71020/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_81_bad.cpp cppfunc 31 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_81_bad::action(wchar_t * data) const wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12844 72952/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_09.c cppfunc 40 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12845 153641/timestamp.c cppfunc 80 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12846 72287/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_16.c cppfunc 40 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12847 70523/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_44.c cppfunc 49 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12848 149069/into2-bad.c cppfunc 49 main(int argc, char **argv) l = strtoul(argv[1], 0, 10); test((unsigned int)l); test(unsigned int n) int *buf, i; buf = malloc(n * sizeof *buf); for(i = 0; i < n; i++) printf("%x ", buf[i] = i); free(buf); 1 --------------------------------- 12849 70745/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_10.c cppfunc 42 data = NULL; data = (char *)malloc(10*sizeof(char)); strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12850 72354/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_62.cpp cppfunc 40 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12851 153762/oids.c cppfunc 90 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12852 153671/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&sophora_rearousal,"HYETOLOGIST_PLY"); if (sophora_rearousal != 0) {; unspiritually_ergotin = ((char *)sophora_rearousal); if (strlen(unspiritually_ergotin) < 20) {; realpath(unspiritually_ergotin, stonesoup_buff); if (sophora_rearousal != 0) free(((char *)sophora_rearousal)); 1 --------------------------------- 12853 72195/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22.c cppfunc 47 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_badSource(data); SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12854 153213/dynahash.c cppfunc 1538 exodermal_gratulated = getenv("DEVINNA_FOXTON"); beveled_soya = exodermal_gratulated; toxin_semicentenaries = &beveled_soya; NONHERETICAL_TUBINARIAL(toxin_semicentenaries); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void intervened_galvanoscopic(metter_propylhexedrine *bradoon_barbet) tyndallize_ironmongery = ((char *)( *bradoon_barbet)); stonesoup_buffer = malloc((strlen(tyndallize_ironmongery) + 1) * sizeof(char )); strcpy(stonesoup_buffer,tyndallize_ironmongery); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); 1 --------------------------------- 12855 70899/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22.c cppfunc 45 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_badSource(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12856 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c inputfunc 63 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); badVaSinkG(data, data); static void badVaSinkG(char * data, ...) va_start(args, data); 1 --------------------------------- 12857 153765/mutex.c cppfunc 48 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12858 148881/ascend-scanner.c cppfunc 1509 if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; ascendlval.d = strtol(ascendtext, NULL, 10); 1 --------------------------------- 12859 71501/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_82_bad.cpp cppfunc 39 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_82_bad::action(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12860 70984/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_09.c cppfunc 42 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12861 72180/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_05.c cppfunc 53 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12862 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c cppfunc 56 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 12863 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c cppfunc 128 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 12864 70942/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_15.c cppfunc 49 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12865 70670/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 1 --------------------------------- 12866 67742/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_52.cpp cppfunc 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 1 --------------------------------- 12867 153491/stream.c cppfunc 104 stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12868 70896/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_17.c cppfunc 44 data = NULL; data = (char *)malloc(10*sizeof(char)); memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12869 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c inputfunc 60 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_badData = data; badSink(); char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_badData; badVaSink(data, data); static void badVaSink(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 12870 153691/avdevice.c cppfunc 33 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12871 72347/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_44.c cppfunc 31 static void badSink(char * data) memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12872 71363/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_04.c cppfunc 47 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 12873 66551/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12874 71718/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_33.cpp cppfunc 38 int * &dataRef = data; int * data = dataRef; memcpy(data, source, 100*sizeof(int)); printIntLine(data[0]); free(data); 1 --------------------------------- 12875 67495/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12.c cppfunc 47 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good1(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12_bad(); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 12876 70455/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_08.c cppfunc 146 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12877 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c cppfunc 37 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 12878 199253/double_free.c cppfunc 61 char* ptr= (char*) malloc(10*sizeof(char)); for(i=0;i<10;i++) *(ptr+i)='a'; free(ptr); 1 --------------------------------- 12879 153540/eng_table.c cppfunc 128 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12880 72080/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_01.c cppfunc 37 data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12881 70540/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81_bad.cpp cppfunc 50 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12882 72353/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_61.c cppfunc 37 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_61b_badSource(data); memmove(dest, data, strlen(data)*sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12883 153480/bss_file.c cppfunc 141 stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12884 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c inputfunc 51 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 12885 71475/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22.c cppfunc 47 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_badSource(data); SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12886 153231/color.c cppfunc 118 stonesoup_printf("%s\n",stonesoup_buffer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12887 71862/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_33.cpp cppfunc 47 twoIntsStruct * &dataRef = data; twoIntsStruct * data = dataRef; memcpy(data, source, 100*sizeof(twoIntsStruct)); printStructLine(&data[0]); free(data); 1 --------------------------------- 12888 66603/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_63.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12889 153108/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&banshees_fastigiately,"DSEE_NGANHWEI"); if (banshees_fastigiately != 0) {; sophy_enweave = ((char *)banshees_fastigiately); stonesoup_buffer = malloc((strlen(sophy_enweave) + 1) * sizeof(char )); if (stonesoup_buffer == 0) { strcpy(stonesoup_buffer,sophy_enweave); if (stonesoup_buffer[0] >= 97) { if (stonesoup_buffer != 0) { free(stonesoup_buffer); if (banshees_fastigiately != 0) free(((char *)banshees_fastigiately)); 1 --------------------------------- 12890 152946/file_wrappers.c cppfunc 1740 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(preversed_singlenesses, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); void stonesoup_printf(char * format, ...) { free (stonesoup_data); 1 --------------------------------- 12891 70445/CWE122_Heap_Based_Buffer_Overflow__CWE135_82_goodB2G.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__CWE135_82_goodB2G::action(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); free(dest); 1 --------------------------------- 12892 153062/main_statusbar.c cppfunc 118 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12893 153257/mem_dbg.c cppfunc 898 canterburianism_ble = measurelessly_larbolins(euplotid_dittoing); pantagogue_selaginella(canterburianism_ble); stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void pantagogue_selaginella(viridities_tolusafranine inversions_precompilation) paean_chablis = ((char *)inversions_precompilation); stonesoup_buff_size = strlen(paean_chablis) + 1; paean_chablis[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = free (stonesoup_other_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); 1 --------------------------------- 12894 153675/aviobuf.c cppfunc 80 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12895 153573/bss_file.c cppfunc 355 return c - 32; landladydom_drosky = getenv("REPRESSOR_POMMELS"); crambes_seidule = ((void *)landladydom_drosky); biasing_conveying[5] = crambes_seidule; basaree_propylidene[1] = 5; apex_diametrical = *(biasing_conveying + basaree_propylidene[1]); eupathy_forsythia = ((char *)((char *)apex_diametrical)); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(eupathy_forsythia))); stonesoup_data->buffer[stonesoup_buff_size] = eupathy_forsythia[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); 1 --------------------------------- 12896 199235/buffer_underrun_dynamic.c cppfunc 45 short *buf=(short*) calloc(5,sizeof(short)); *(buf-5)=1; free(buf); 1 --------------------------------- 12897 79449/CWE134_Uncontrolled_Format_String__char_console_printf_16.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 12898 66276/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_81a.cpp cppfunc 31 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12899 71177/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_10.c cppfunc 43 data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wcsncpy(data, source, wcslen(source) + 1); printWLine(data); free(data); 1 --------------------------------- 12900 110460/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_05.c cppfunc 49 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12901 72725/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_32.c cppfunc 44 wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 12902 70640/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_01.c cppfunc 141 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12903 148966/strutil.c cppfunc 457 is_byte_sep(guint8 c) if (is_byte_sep(*punct)) { p = punct; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { hex_str_to_bytes(const char *hex_str, GByteArray *bytes, gboolean force_separators) { p = (const guchar *)hex_str; q = p+1; s = p+3; && isxdigit(*p) && isxdigit(*q) && isxdigit(*r) && isxdigit(*s)) { punct = s + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && isxdigit(*q)) { punct = q + 1; if (is_byte_sep(*punct)) { p = punct; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { p = q + 1; p = q; else if (*q && isxdigit(*p) && is_byte_sep(*q)) { 1 --------------------------------- 12904 153264/types.c cppfunc 430 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc (sizeof(struct stonesoup_struct)); memset(stonesoup_data->base_path, 0, 20); stonesoup_data->buff_pointer = stonesoup_data->base_path; realpath(colyumist_idiotised, stonesoup_data->base_path); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); free (stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_data->base_path[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->base_path); void stonesoup_printf(char * format, ...) { free (stonesoup_data); 1 --------------------------------- 12905 71468/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_13.c cppfunc 46 data = NULL; data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 12906 152957/heapam.c cppfunc 135 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12907 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c inputfunc 53 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 12908 72813/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_14.c cppfunc 40 data = NULL; data[0] = '\0'; strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12909 153459/file_wrappers.c cppfunc 97 stonesoup_printf("Error: Failed to allocate memory\n"); s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12910 148804/strings.c cppfunc 97 va_list aq; va_end(aq); va_end(aq); va_copy(aq, ap); res = vsnprintf((*buf)->__AST_STR_STR + offset, (*buf)->__AST_STR_LEN - offset, fmt, aq); va_end(aq); 1 --------------------------------- 12911 110548/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_81_bad.cpp cppfunc 37 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_81_bad::action(int data) const intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12912 72395/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_44.c cppfunc 31 static void badSink(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12913 62992/CWE121_Stack_Based_Buffer_Overflow__CWE135_81_bad.cpp cppfunc 33 void CWE121_Stack_Based_Buffer_Overflow__CWE135_81_bad::action(void * data) const size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12914 62966/CWE121_Stack_Based_Buffer_Overflow__CWE135_21.c cppfunc 37 data = (void *)WIDE_STRING; badSink(data); static void badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 12915 153449/heapam.c cppfunc 98 stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); } void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12916 110320/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_09.c cppfunc 118 data = -1; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12917 153423/error.c cppfunc 729 return c - 32; stonesoup_buff = (char *) malloc (sizeof(char) * 20); memset(stonesoup_buff, 0, 20); realpath(jfif_pinners, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_buff); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_buff[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buff); 1 --------------------------------- 12918 153559/avpacket.c inputfunc 96 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&agenizing_herschelian,"BURKES_STORZ"); if (agenizing_herschelian != 0) {; nonsludging_unridableness = agenizing_herschelian; underporter_sufflaminate = stoutish_missample(nonsludging_unridableness); byelovo_echo stoutish_missample(byelovo_echo outbringing_azotic) return outbringing_azotic; underporter_sufflaminate = stoutish_missample(nonsludging_unridableness); algal_intercessive = ((char *)underporter_sufflaminate); stonesoup_taint_len = ((int )(strlen(algal_intercessive))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_data->buffer[stonesoup_buff_size] = algal_intercessive[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); if (underporter_sufflaminate != 0) free(((char *)underporter_sufflaminate)); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); 1 --------------------------------- 12919 153433/resowner.c cppfunc 168 stonesoup_printf("Error: Failed to allocate memory\n"); s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12920 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c cppfunc 41 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); 1 --------------------------------- 12921 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c cppfunc 44 data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); free(dest); 1 --------------------------------- 12922 65231/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_82_goodG2B.cpp cppfunc 31 void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_82_goodG2B::action(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 12923 66264/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54.c cppfunc 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12924 72720/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_17.c cppfunc 40 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[100-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 12925 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 12926 70654/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_15.c cppfunc 153 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12927 72957/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_14.c cppfunc 40 data = NULL; data[0] = L'\0'; wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 12928 110366/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_07.c cppfunc 61 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12929 73043/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_04.c cppfunc 45 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12930 148966/packet-sdp.c cppfunc 1685 static void dissect_sdp_media_attribute(tvbuff_t *tvb, packet_info *pinfo, proto_item * ti, int length, transport_info_t *transport_info) { colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); tvb, offset, tokenlen, ENC_ASCII|ENC_NA); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); static gint find_sdp_media_attribute_names(tvbuff_t *tvb, int offset, guint len) (tvb_strncaseeql(tvb, offset, sdp_media_attribute_names[i].name, len) == 0)) offset = 0; colon_offset = tvb_find_guint8(tvb, offset, -1, ':'); sdp_media_attrbute_code = find_sdp_media_attribute_names(tvb, offset, tokenlen); offset = colon_offset + 1; offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); attribute_value = tvb_get_ephemeral_string(tvb, offset, tvb_length_remaining(tvb, offset)); offset = tvb_skip_wsp(tvb, offset, tvb_length_remaining(tvb, offset)); next_offset = tvb_find_guint8(tvb, offset, -1, ' '); tokenlen = next_offset - offset; hf_media_format, tvb, offset, tokenlen, ENC_ASCII|ENC_NA); media_format = atoi((char*)tvb_get_ephemeral_string(tvb, offset, tokenlen)); 1 --------------------------------- 12931 70933/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_06.c cppfunc 47 data = NULL; data = (char *)malloc(10*sizeof(char)); strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 12932 199235/buffer_underrun_dynamic.c cppfunc 562 char ** doubleptr=(char**) malloc(10*sizeof(char*)); doubleptr[i]=calloc(10,sizeof(char)); doubleptr[i][j]='a'; free(doubleptr[i]); free(doubleptr); 1 --------------------------------- 12933 153030/avpacket.c cppfunc 465 return c - 32; etiam_whitey = ((char *)( *(subcurate_divulsing - 5)) . vikky_alada); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, etiam_whitey); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); 1 --------------------------------- 12934 153702/config.c inputfunc 134 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&mouthes_epigonation,"TARSOCLASIS_DEPOSING"); if (mouthes_epigonation != 0) {; mazolysis_cacoethes = ((int )(strlen(mouthes_epigonation))); rontgenized_turtledom = ((char *)(malloc(mazolysis_cacoethes + 1))); if (rontgenized_turtledom == 0) { memcpy(rontgenized_turtledom,mouthes_epigonation,mazolysis_cacoethes); if (mouthes_epigonation != 0) free(((char *)mouthes_epigonation)); titillating_mosaicked = &rontgenized_turtledom; sepiidae_edom = &titillating_mosaicked; sewellel_psychiatrists = &sepiidae_edom; gabbled_unpersonally = &sewellel_psychiatrists; capsomere_atlantis = &gabbled_unpersonally; depew_jello = &capsomere_atlantis; paramount_mandaeism = &depew_jello; overwinter_mycotoxic = ¶mount_mandaeism; mariastein_hinayana = &overwinter_mycotoxic; toluate_preciosities = &mariastein_hinayana; crotalaria_instantiations = ((char *)( *( *( *( *( *( *( *( *( *( *toluate_preciosities))))))))))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(crotalaria_instantiations)+1, crotalaria_instantiations, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, crotalaria_instantiations, strlen(crotalaria_instantiations) + 1); if ( *( *( *( *( *( *( *( *( *( *toluate_preciosities))))))))) != 0) free(((char *)( *( *( *( *( *( *( *( *( *( *toluate_preciosities)))))))))))); 1 --------------------------------- 12935 70456/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_09.c cppfunc 133 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12936 70908/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_45.c cppfunc 40 data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_45_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_45_badData; memmove(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12937 70510/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_15.c cppfunc 77 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12938 72844/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_81_goodG2B.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_81_goodG2B::action(char * data) const strcat(data, source); printLine(data); free(data); 1 --------------------------------- 12939 72193/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_18.c cppfunc 45 data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12940 153797/resowner.c cppfunc 176 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12941 72413/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_82_bad.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_82_bad::action(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12942 153792/gimpdisplay.c cppfunc 131 stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12943 66364/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_64.c cppfunc 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12944 110473/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_18.c cppfunc 41 data = -1; fscanf(stdin, "%d", &data); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12945 79402/CWE134_Uncontrolled_Format_String__char_console_fprintf_17.c inputfunc 41 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); if (100-dataLen > 1) if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 12946 72096/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_17.c cppfunc 41 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12947 73063/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_34.c cppfunc 45 CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_34_unionType myUnion; char * data = myUnion.unionSecond; strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 12948 70653/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_14.c cppfunc 146 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12949 152945/portalmem.c cppfunc 1032 return c - 32; return c; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, vesicants_cassegrain); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); void briney_landmeier(int pompom_jophiel,char **synarthrosis_actg) vesicants_cassegrain = ((char *)( *(synarthrosis_actg - 5))); strcpy(stonesoup_data->buffer, vesicants_cassegrain); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 12950 72124/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_81_bad.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_81_bad::action(wchar_t * data) const wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12951 153197/color.c cppfunc 118 stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12952 67491/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_08.c cppfunc 60 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_08_bad(); if(staticReturnsTrue()) charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); good2(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_08_good(); CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_08_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); structCharVoid->charFirst[(sizeof(structCharVoid->charFirst)/sizeof(char))-1] = '\0'; free(structCharVoid); 1 --------------------------------- 12953 153163/color.c cppfunc 600 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int isolex_sanfo = 596; char *owlishly_ionospheres; stonesoup_read_taint(&owlishly_ionospheres,"6156",isolex_sanfo); alphabetizers_lbl = ((char *)owlishly_ionospheres); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(alphabetizers_lbl))); memcpy(stonesoup_data->buffer, alphabetizers_lbl, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&owlishly_ionospheres,"6156",isolex_sanfo); alphabetizers_lbl = ((char *)owlishly_ionospheres); stonesoup_buff_size = ((int )(strlen(alphabetizers_lbl))); memcpy(stonesoup_data->buffer, alphabetizers_lbl, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 12954 153104/color.c cppfunc 604 stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; return c; char *sauerkrauts_antisemitism; stonesoup_read_taint(&sauerkrauts_antisemitism,"DENNYSVILLE_PLEASING"); recorde_iconodulist = ((char *)sauerkrauts_antisemitism); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, recorde_iconodulist); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&sauerkrauts_antisemitism,"DENNYSVILLE_PLEASING"); recorde_iconodulist = ((char *)sauerkrauts_antisemitism); strcpy(stonesoup_data->buffer, recorde_iconodulist); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) return c - 32; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); 1 --------------------------------- 12955 148881/ascend-scanner.c cppfunc 1427 (yy_last_accepting_cpos) = yy_cp; yy_cp = (yy_last_accepting_cpos); YY_DO_BEFORE_ACTION; int yy_amount_of_matched_text = (int) (yy_cp - (yytext_ptr)) - 1; *yy_cp = (yy_hold_char); (yy_c_buf_p) = (yytext_ptr) + yy_amount_of_matched_text; yy_next_state = yy_try_NUL_trans( yy_current_state ); if ( ascendwrap( ) ) (yy_c_buf_p) = (yytext_ptr) + YY_MORE_ADJ; yy_cp = (yy_c_buf_p); YY_DO_BEFORE_ACTION; *yy_cp = (yy_hold_char); yy_bp = yy_cp; YY_DO_BEFORE_ACTION; ascendlval.d = strtol(ascendtext, NULL, 10); 1 --------------------------------- 12956 1630/snp8-bad.c inputfunc 47 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); free(buf); 1 --------------------------------- 12957 153164/cmdline.c cppfunc 108 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12958 199233/buffer_overrun_dynamic.c cppfunc 562 char ** doubleptr=(char**) malloc(10*sizeof(char*)); doubleptr[i]=(char*) malloc(10*sizeof(char)); doubleptr[i][j]='a'; free(doubleptr[i]); free(doubleptr); 1 --------------------------------- 12959 153350/column-utils.c cppfunc 2201 void stonesoup_printf(char * format, ...) { return c - 32; stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, guthrun_coconino); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); free(stonesoup_heap_buffer_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void noncognizantly_monostich(char **overtorturing_tumps) spences_gutium(overtorturing_tumps); void spences_gutium(char **stationery_gryllotalpa) guthrun_coconino = ((char *)( *(stationery_gryllotalpa - 5))); strcpy(stonesoup_heap_buffer_64, guthrun_coconino); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); 1 --------------------------------- 12960 153729/color.c cppfunc 609 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; return c; int villagers_ehrwaldite = 596; char *trullisatios_cornier; stonesoup_read_taint(&trullisatios_cornier,"7240",villagers_ehrwaldite); hospodars_yankton = ((char *)trullisatios_cornier); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); stonesoup_taint_len = ((int )(strlen(hospodars_yankton))); stonesoup_data->buffer[stonesoup_buff_size] = hospodars_yankton[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); int stonesoup_toupper(int c) return c - 32; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); free(stonesoup_data); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&trullisatios_cornier,"7240",villagers_ehrwaldite); hospodars_yankton = ((char *)trullisatios_cornier); stonesoup_taint_len = ((int )(strlen(hospodars_yankton))); stonesoup_data->buffer[stonesoup_buff_size] = hospodars_yankton[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free(stonesoup_data); 1 --------------------------------- 12961 72084/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_05.c cppfunc 47 data = NULL; data[0] = L'\0'; wcsncat(data, source, 100); printWLine(data); free(data); 1 --------------------------------- 12962 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 12963 153686/color.c cppfunc 572 retaining_lampooner = getenv("APPARELED_GENOESE"); echinology_latifoliate = ((char *)retaining_lampooner); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before[63] = '\0'; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->before", stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->after", stonesoup_data->after, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(echinology_latifoliate))); memcpy(stonesoup_data->buffer, echinology_latifoliate, 64); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); 1 --------------------------------- 12964 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c inputfunc 46 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 12965 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c cppfunc 69 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 12966 70844/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_13.c cppfunc 43 data = NULL; data = (char *)malloc(10*sizeof(char)); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); printLine(data); free(data); 1 --------------------------------- 12967 153346/img2.c cppfunc 166 stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, enhancive_captor, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "TAINTED"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free( stonesoup_heap_buff_64); 1 --------------------------------- 12968 153755/dirent_uri.c cppfunc 71 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12969 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c inputfunc 57 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 12970 70673/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_61.c cppfunc 76 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12971 71586/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_62.cpp cppfunc 37 data = NULL; badSource(data); void badSource(int64_t * &data); memcpy(data, source, 100*sizeof(int64_t)); printLongLongLine(data[0]); free(data); 1 --------------------------------- 12972 153208/e_camellia.c cppfunc 112 stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12973 153057/file_wrappers.c cppfunc 125 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12974 72861/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_14.c cppfunc 40 data = NULL; data[0] = '\0'; strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12975 153366/conf_mod.c cppfunc 133 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12976 153384/color.c cppfunc 588 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int ferriage_iappp = 131; char *resupervise_aminoketone; stonesoup_read_taint(&resupervise_aminoketone,"8394",ferriage_iappp); execrators_turin = ((char *)resupervise_aminoketone); stonesoup_buff_size = strlen(execrators_turin) + 1; stonesoup_other_size = 64; stonesoup_other_buff = (char*) malloc (stonesoup_other_size * sizeof (char)); execrators_turin[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&resupervise_aminoketone,"8394",ferriage_iappp); execrators_turin = ((char *)resupervise_aminoketone); stonesoup_buff_size = strlen(execrators_turin) + 1; execrators_turin[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = free (stonesoup_other_buff); void stonesoup_printf(char * format, ...) { free (stonesoup_other_buff); 1 --------------------------------- 12977 72184/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_09.c cppfunc 46 data = NULL; data[0] = L'\0'; SNPRINTF(data, 100, L"%s", source); printWLine(data); free(data); 1 --------------------------------- 12978 70475/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_44.c cppfunc 69 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 12979 153007/tile.c cppfunc 81 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12980 73026/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_62.cpp cppfunc 39 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data); strcat(dest, data); printLine(data); free(data); 1 --------------------------------- 12981 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c inputfunc 45 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 12982 153562/color.c cppfunc 120 s void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 12983 73308/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_62.cpp cppfunc 35 data = NULL; badSource(data); void badSource(int64_t * &data); printLongLongLine(*data); free(data); 1 --------------------------------- 12984 153590/utf.c cppfunc 1042 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; return c - 32; int hybridity_unpublishably = 596; char *sisterhood_baghla;; stonesoup_read_taint(&sisterhood_baghla,"8709",hybridity_unpublishably); euclidian_gunstocker = sisterhood_baghla; HOPI_CLIMBINGFISH(euclidian_gunstocker); stonesoup_heap_buff_64[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); void heteroauxin_snowproof(amassers_hypolite huckstery_canapes) trichinopoly_iconically = ((char *)huckstery_canapes); stonesoup_taint_len = ((int )(strlen(trichinopoly_iconically))); stonesoup_heap_buff_64[stonesoup_buff_size] = trichinopoly_iconically[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); free(stonesoup_heap_buff_64); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&sisterhood_baghla,"8709",hybridity_unpublishably); euclidian_gunstocker = sisterhood_baghla; HOPI_CLIMBINGFISH(euclidian_gunstocker); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); int stonesoup_toupper(int c) return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); free(stonesoup_heap_buff_64); 1 --------------------------------- 12985 72729/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_42.c cppfunc 42 data[100-1] = L'\0'; return data; data = badSource(data); wcsncpy(dest, data, wcslen(data)); printWLine(data); free(data); 1 --------------------------------- 12986 153106/config.c cppfunc 1074 return c - 32; stonesoup_buffer[stonesoup_buffer_len - 1] = '\0'; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12987 110527/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_34.c cppfunc 138 CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_34_unionType myUnion; int data = myUnion.unionSecond; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 12988 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 12989 72893/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_82_goodG2B.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_82_goodG2B::action(char * data) strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12990 67430/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_52.c cppfunc 32 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 1 --------------------------------- 12991 153330/color.c cppfunc 573 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); 1 --------------------------------- 12992 152970/color.c inputfunc 145 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&ecclesiasticus_restibrachium,"DANIELLE_BRUSHBALL"); if (ecclesiasticus_restibrachium != 0) {; fisk_vinegar = ((char *)ecclesiasticus_restibrachium); strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); *stonesoup_buffer_ptr = fisk_vinegar; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); if (stonesoup_buffer_ptr != 0) { free(stonesoup_buffer_ptr); if (ecclesiasticus_restibrachium != 0) free(((char *)ecclesiasticus_restibrachium)); 1 --------------------------------- 12993 79506/CWE134_Uncontrolled_Format_String__char_console_snprintf_41.c inputfunc 54 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badSink(data); static void badSink(char * data) SNPRINTF(dest, 100-1, data); 1 --------------------------------- 12994 72413/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_82_goodG2B.cpp cppfunc 32 void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_82_goodG2B::action(char * data) strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 12995 1756/write_what_where.c cppfunc 25 char buf1[MAXSIZE], buf2 [MAXSIZE], * p, * q, ch; p = buf1; while ( ( ch = getc( stdin ) ) != EOF && ch != '\n' ) * p++ = ch; * p++ = 0; free (p); 1 --------------------------------- 12996 62566/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_03.c inputfunc 34 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 12997 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c inputfunc 57 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_start(args, data); vfprintf(stdout, data, args); 1 --------------------------------- 12998 72892/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_81_bad.cpp cppfunc 33 void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_81_bad::action(char * data) const strcpy(data, source); printLine(data); free(data); 1 --------------------------------- 12999 153089/string.c cppfunc 596 return c - 32; return c; risibleness_carla = getenv("SYNARTESIS_ANCIENNETE"); surculi_cullionly = ((int )(strlen(risibleness_carla))); tupian_retrogressing = ((char *)(malloc(surculi_cullionly + 1))); memset(tupian_retrogressing,0,surculi_cullionly + 1); memcpy(tupian_retrogressing,risibleness_carla,surculi_cullionly); unprime_figuratively = 1; epiglottides_thirtyfold = &tupian_retrogressing; theriomorphosis_liberating = ((char **)(((unsigned long )epiglottides_thirtyfold) * unprime_figuratively * unprime_figuratively)) + 5; lithodidae_internalized = ((char *)( *(theriomorphosis_liberating - 5))); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; memset(stonesoup_data->buffer,0,64); stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, lithodidae_internalized); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); 1 --------------------------------- 13000 199284/memory_allocation_failure.c cppfunc 629 char **dptr,a = 0; dptr=(char**) malloc(10*sizeof(char*)); dptr[i]=(char*) malloc(10*sizeof(char)); strcpy( dptr[1],"STRING TEST" ); free(dptr[i]); free(dptr); 1 --------------------------------- 13001 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c inputfunc 40 if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; data[dataLen] = '\0'; printf(data); 1 --------------------------------- 13002 110332/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_31.c cppfunc 118 inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 13003 153778/tile-manager.c cppfunc 80 stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 13004 71370/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_11.c cppfunc 40 data = NULL; data[0] = '\0'; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 13005 73064/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_41.c cppfunc 30 data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_41_badSink(char * data) strcpy(dest, data); printLine(data); free(data); 1 --------------------------------- 13006 70641/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_02.c cppfunc 146 int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; buffer[data] = 1; printIntLine(buffer[i]); free(buffer); 1 --------------------------------- 13007 70671/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53.c cppfunc 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 1 --------------------------------- 13008 72630/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_33.cpp cppfunc 42 wchar_t * &dataRef = data; wchar_t * data = dataRef; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); printWLine(data); free(data); 1 --------------------------------- 13009 110376/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_17.c cppfunc 56 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); intPointer[i] = 0; printIntLine(intPointer[0]); free(intPointer); 1 --------------------------------- 13010 72376/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_09.c cppfunc 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; strncat(dest, data, strlen(data)); printLine(data); free(data); 1 --------------------------------- 13011 70952/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_41.c cppfunc 36 data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_41_badSink(char * data) strncpy(data, source, strlen(source) + 1); printLine(data); free(data); 1 --------------------------------- 13012 72833/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_61.c cppfunc 38 data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_61b_badSource(data); strcat(data, source); printLine(data); free(data); 1 --------------------------------- 13013 153613/color.c cppfunc 118 stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 13014 148881/emem.c cppfunc 1813 va_list ap2; G_VA_COPY(ap2, ap); full_len = g_vsnprintf(&strbuf->str[strbuf->len], (gulong) add_len, format, ap2); va_end(ap2); 1 --------------------------------- 13015 153341/avpacket.c cppfunc 39 stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 13016 152925/eng_lib.c cppfunc 355 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; union mucocellulosic_seated tires_yaakov; int zeugobranchia_overbar = 44; char *axiolite_scumboard;; stonesoup_read_taint(&axiolite_scumboard,"2674",zeugobranchia_overbar); tires_yaakov . classicalities_perioesophageal = axiolite_scumboard; majestical_overmuches[ *( *( *( *( *( *( *( *( *( *cheirotherium_carbin)))))))))] = tires_yaakov; tweedles_quomodos = majestical_overmuches[ *( *( *( *( *( *( *( *( *( *cheirotherium_carbin)))))))))]; pruss_bibliopolic = ((char *)tweedles_quomodos . classicalities_perioesophageal); stonesoup_buffer = malloc((strlen(pruss_bibliopolic) + 1) * sizeof(char )); strcpy(stonesoup_buffer,pruss_bibliopolic); stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); free(stonesoup_buffer); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&axiolite_scumboard,"2674",zeugobranchia_overbar); tires_yaakov . classicalities_perioesophageal = axiolite_scumboard; tweedles_quomodos = majestical_overmuches[ *( *( *( *( *( *( *( *( *( *cheirotherium_carbin)))))))))]; pruss_bibliopolic = ((char *)tweedles_quomodos . classicalities_perioesophageal); stonesoup_buffer = malloc((strlen(pruss_bibliopolic) + 1) * sizeof(char )); strcpy(stonesoup_buffer,pruss_bibliopolic); free(stonesoup_buffer); 1 --------------------------------- 13017 153022/cmdutils.c cppfunc 2160 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 13018 153373/color.c cppfunc 600 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); 1 --------------------------------- 13019 153109/color.c cppfunc 605 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_data); 1 --------------------------------- 13020 79383/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_goodG2B.cpp cppfunc 34 va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); va_end(args); 1 --------------------------------- 13021 153711/timestamp.c cppfunc 203 return c - 32; stonesoup_data = (struct stonesoup_struct *) malloc (sizeof(struct stonesoup_struct)); stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_data->buff_pointer = stonesoup_data->buffer; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen( stonesoup_data->buff_pointer); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); free(stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) { return c; stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_data->buffer); 1 --------------------------------- 13022 153506/color.c cppfunc 118 stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 13023 153731/img2.c cppfunc 167 return c - 32; stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, redskins_jarnut, strlen(redskins_jarnut) + 1); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); void stonesoup_printf(char * format, ...) { free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); for (; stonesoup_oc_i < strlen(stonesoup_data); ++stonesoup_oc_i) { stonesoup_printf("%s\n", stonesoup_data); 1 --------------------------------- 13024 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c cppfunc 34 va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 13025 153274/avfilter.c cppfunc 48 stonesoup_printf("Error: Failed to allocate memory\n"); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); void stonesoup_printf(char * format, ...) { va_start(argptr, format); 1 --------------------------------- 13026 71473/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_18.c cppfunc 45 data[0] = '\0'; SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 13027 71500/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_81_bad.cpp cppfunc 39 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_81_bad::action(char * data) const SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 13028 153696/config.c inputfunc 135 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&soldat_unamusingly,"THAPSIA_PULVINIC"); if (soldat_unamusingly != 0) {; waster_jumbler = soldat_unamusingly; sentence_interdentally[5] = waster_jumbler; volante_betimes = *(sentence_interdentally + *chromos_wonderwell); swahili_hecctkaerre = ((char *)volante_betimes); strcpy(stonesoup_data.buffer, swahili_hecctkaerre); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data.buffer); for (stonesoup_i = 0; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "FINAL-STATE"); if (volante_betimes != 0) free(((char *)volante_betimes)); int stonesoup_toupper(int c) return c; stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); 1 --------------------------------- 13029 153736/types.c cppfunc 441 return c - 32; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); stonesoup_data->before = stonesoup_toupper; stonesoup_data->buffer[63] = '\0'; stonesoup_data->after = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->before", stonesoup_data->before, &stonesoup_data->before, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_data->after", stonesoup_data->after, &stonesoup_data->after, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); void rotundify_cabbagehead(int ferruling_dimorphisms,lorate_carson sheitlen_nicked) glycolate_invile = ((char *)sheitlen_nicked); stonesoup_taint_len = ((int )(strlen(glycolate_invile))); stonesoup_data->buffer[stonesoup_buff_size] = glycolate_invile[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free(stonesoup_data); 1 --------------------------------- 13030 153504/e_bf.c cppfunc 275 return c - 32; stonesoup_buffer[64 - 1] = '\0'; tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); stonesoup_opt_var = strlen(stonesoup_buffer); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); int stonesoup_toupper(int c) return c; stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_buffer[stonesoup_oc_i] = stonesoup_printf("%s\n", stonesoup_buffer); void stonesoup_printf(char * format, ...) { free(stonesoup_buffer); 1 --------------------------------- 13031 71021/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_82_goodG2B.cpp cppfunc 31 void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_82_goodG2B::action(wchar_t * data) wcscpy(data, source); printWLine(data); free(data); 1 --------------------------------- 13032 71501/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_82_goodG2B.cpp cppfunc 39 void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_82_goodG2B::action(char * data) SNPRINTF(data, 100, "%s", source); printLine(data); free(data); 1 --------------------------------- 13033 71380/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_31.c cppfunc 40 data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; strncat(data, source, 100); printLine(data); free(data); 1 --------------------------------- 13034 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; p = strings = av_mallocz(strings_size + 1); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 1 --------------------------------- 13035 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; p = strings = av_mallocz((size_t)strings_size + 1); if (!p) return AVERROR(ENOMEM); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if (!nsv->nsvs_file_offset) return AVERROR(ENOMEM); if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); if (!nsv->nsvs_timestamps) return AVERROR(ENOMEM); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 0 --------------------------------- 13036 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size >= 0) pb = p; meth = *pb++; if (meth & 0x80) lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; switch (meth) case 1: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width) return; memcpy(&dp[ofs], pb, len); pb += len; if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) memcpy(dp, pb, frame_width); pb += frame_width; case 3: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); else memcpy(&dp[ofs], pb, len); pb += len; ofs += len; else if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 1 --------------------------------- 13037 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size > 0) pb = p; pb_size = s->buf + s->size - pb; if (pb_size < 1) return; meth = *pb++; pb_size--; if (meth & 0x80) lz_unpack(pb, pb_size, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; pb_size = s->unpack_buffer_size; switch (meth) case 1: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width || pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= len; if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) if (pb_size < frame_width) return; memcpy(dp, pb, frame_width); pb += frame_width; pb_size -= frame_width; case 3: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; pb_size--; if (len & 0x80) len = (len & 0x7F) + 1; if (pb_size < 1) return; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, pb_size, frame_width - ofs); else if (pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= 1 + len; ofs += len; else if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 0 --------------------------------- 13038 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); samples = s->frame.data[0]; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4; break; case 1: smp = 2; break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 1 --------------------------------- 13039 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); samples = s->frame.data[0]; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4*(count+1); break; case 1: smp = 2*(count+1); break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 0 --------------------------------- 13040 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 1 --------------------------------- 13041 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size, buf_offset = 0; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size = buf_offset += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 0 --------------------------------- 13042 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (ogg_page_bos(&page)) NS_ASSERTION(!readAllBOS, "We shouldn't encounter another BOS page"); codecState = nsOggCodecState::Create(&page); #ifdef DEBUG PRBool r = #endif mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); else readAllBOS = PR_TRUE; mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 1 --------------------------------- 13043 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (!ogg_page_bos(&page)) readAllBOS = PR_TRUE; else if (!mCodecStates.Get(serial, nsnull)) codecState = nsOggCodecState::Create(&page); DebugOnly r = mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 0 --------------------------------- 13044 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + 512; char *dstPtr = (char *) PR_Malloc(bufferLength); for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) char *temp = (char *) PR_Realloc(*outString, *bufferLength + tempLen); if (temp) *bufferLength += tempLen; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 1 --------------------------------- 13045 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + RESERVE_FALLBACK_BYTES; char *dstPtr = (char *) PR_Malloc(bufferLength + 1); if (!dstPtr) return NS_ERROR_OUT_OF_MEMORY; for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; NS_ASSERTION(dstLength >= 0, "out of bounds write"); rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) int32_t addLength = tempLen + RESERVE_FALLBACK_BYTES; char *temp = (char *) PR_Realloc(*outString, *bufferLength + addLength + 1); if (temp) *bufferLength += addLength; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 0 --------------------------------- 13046 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 WCHAR installDir[MAX_PATH] = {L'\0'}; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 1 --------------------------------- 13047 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 WCHAR installDir[MAX_PATH + 1] = {L'\0'}; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 0 --------------------------------- 13048 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) WCHAR rootPath[MAX_PATH + 1]; if (wcslen(file) > MAX_PATH) { return FALSE; wcscpy(rootPath, file); 1 --------------------------------- 13049 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) WCHAR rootPath[MAX_PATH + 1] = { L'\0' }; if (wcslen(file) > MAX_PATH) { return FALSE; wcsncpy(rootPath, file, MAX_PATH); 0 --------------------------------- 13050 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) WCHAR logName[64]; wcscpy(path, basePath); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 1 --------------------------------- 13051 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) WCHAR logName[64] = { L'\0' }; wcsncpy(path, basePath, sizeof(logName) / sizeof(logName[0]) - 1); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 0 --------------------------------- 13052 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 1 --------------------------------- 13053 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 0 --------------------------------- 13054 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 1 --------------------------------- 13055 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 NetdCommand* netdCommand = new NetdCommand(); void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); if (SDK_VERSION >= 16) PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 0 --------------------------------- 13056 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) written = snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13057 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = PR_snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13058 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); const char* action = aDoAdd ? "add" : "remove"; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13059 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); const char* action = aDoAdd ? "add" : "remove"; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13060 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 1 --------------------------------- 13061 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 0 --------------------------------- 13062 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) stream_sys_t *p_sys = s->p_sys; if( !p_read ) return 0; if( Fill( s ) ) return -1; int i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 1 --------------------------------- 13063 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) stream_sys_t *p_sys = s->p_sys; if( Fill( s ) ) return -1; unsigned i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); if( p_read ) memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 0 --------------------------------- 13064 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size ); if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 1 --------------------------------- 13065 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,sizeof( *p_chk->strf.vids.p_bih ) ) ); if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 0 --------------------------------- 13066 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_stream->i_headers ); 1 --------------------------------- 13067 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_oggpacket->bytes ); 0 --------------------------------- 13068 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); sprintf( psz_remote, "\\\\%s\\%s", psz_server, psz_share ); 1 --------------------------------- 13069 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); snprintf( psz_remote, sizeof( psz_remote ), "\\\\%s\\%s", psz_server, psz_share ); 0 --------------------------------- 13070 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; hbtype = *p++; n2s(p, payload); pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; int r; buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding, s, s->msg_callback_arg); 1 --------------------------------- 13071 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; if (1 + 2 + 16 > s->s3->rrec.length) return 0; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; unsigned int write_length = payload + padding; int r; if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) return 0; buffer = OPENSSL_malloc(write_length); bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, write_length, s, s->msg_callback_arg); 0 --------------------------------- 13072 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 729 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "interface setcfg %s %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 0 --------------------------------- 13073 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 926 void NetworkUtils::setDnsForwarders(CommandChain* aChain,CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "tether dns set %d %s %s", GET_FIELD(mNetId), GET_CHAR(mDns1), GET_CHAR(mDns2)); 0 --------------------------------- 13074 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13075 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13076 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13077 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1239 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 20) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "interface route add %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13078 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) { PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); 0 --------------------------------- 13079 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 879 void NetworkUtils::startTethering(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (!GET_FIELD(mUsbStartIp).IsEmpty() && !GET_FIELD(mUsbEndIp).IsEmpty()) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "tether start %s %s %s %s", GET_CHAR(mWifiStartIp), GET_CHAR(mWifiEndIp), GET_CHAR(mUsbStartIp), GET_CHAR(mUsbEndIp)); 0 --------------------------------- 13080 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = aDoAdd ? "add" : "remove"; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13081 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = aOptions.mDnses.Length(); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; PR_snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 0 --------------------------------- 13082 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = getNetworkAddr(ip, prefix); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 13083 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13084 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1264 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 20) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "interface route remove %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13085 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp String_Termination_Error 1607 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* reason = strtok(nullptr, "\0"); sendBroadcastMessage(code, reason); if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); if (!strcmp(reason, linkdownReason)) { 0 --------------------------------- 13086 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1040 void NetworkUtils::setInterfaceDns(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION <= 20) { written = PR_snprintf(command, sizeof command, "resolver setifdns %s %s", GET_CHAR(mIfname), GET_CHAR(mDomain)); 0 --------------------------------- 13087 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1257 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13088 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 723 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "interface setcfg %s %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 0 --------------------------------- 13089 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13090 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION < 16) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13091 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13092 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1232 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13093 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = atoi(result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 0 --------------------------------- 13094 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13095 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13096 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 371 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; if (!strcmp(iface, "p2p0")) { PR_snprintf(command, COMMAND_SIZE, "%s", cmd); 0 --------------------------------- 13097 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 374 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; if (!strcmp(iface, "p2p0")) { PR_snprintf(command, COMMAND_SIZE, "IFNAME=%s %s", iface, cmd); 0 --------------------------------- 13098 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = aLength;} if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { CheckedInt32 size = mTextSize; size += aLength; if (!size.isValid()) { return NS_ERROR_OUT_OF_MEMORY; } mTextSize = size.value(); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 0 --------------------------------- 13099 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 0 --------------------------------- 13100 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end());} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = part.frames[k]; ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 0 --------------------------------- 13101 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 0 --------------------------------- 13102 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = frame.buf; char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 0 --------------------------------- 13103 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Format_String_Attack 523 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { 0 --------------------------------- 13104 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); 0 --------------------------------- 13105 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr + kLengthFieldLength <= packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); if (nalu_ptr + kLengthFieldLength + length <= packet_buffer + packet.sizeBytes) { required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} nalu_ptr += kLengthFieldLength + length; } else { LOG(LS_ERROR) << "Failed to insert packet due to corrupt H264 STAP-A"; return 0; } } if (required_length > packet.sizeBytes + kBufferSafetyMargin) { LOG(LS_ERROR) << "Failed to insert packet due to too many NALs in a STAP-A"; return 0;} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += (*it).sizeBytes; if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 0 --------------------------------- 13106 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate)channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate) in_fmt->m_vc_size = vc_size; in_fmt->m_sdh_line_rate = rate; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 0 --------------------------------- 13107 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = get_token_len(line, line+5, &token); if (tokenlen != 0) { tokenlen = get_token_len(token, line+linelen, &next_token); if (tokenlen >= 3) { memcpy(response_chars, token, 3); 0 --------------------------------- 13108 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( pin + 2 >= pin_end ) { *err = WTAP_ERR_UNC_TRUNCATED; return ( -1 ); } bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ) if ( pout + 1 > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); *(pout++) = *(pin++); *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = code_low + 3; memset( pout, *pin++, length ); 0 --------------------------------- 13109 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ){ if ( pout + 1 > pout_end ) {*err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); } *(pout++) = *(pin++); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset + length > pout ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = code_type; if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 0 --------------------------------- 13110 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 729 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16) { snprintf(command, MAX_COMMAND_SIZE - 1, "interface setcfg %s %s %s [%s]", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 1 --------------------------------- 13111 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 926 void NetworkUtils::setDnsForwarders(CommandChain* aChain,CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { snprintf(command, MAX_COMMAND_SIZE - 1, "tether dns set %d %s %s", GET_FIELD(mNetId), GET_CHAR(mDns1), GET_CHAR(mDns2)); 1 --------------------------------- 13112 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13113 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13114 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13115 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1239 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 20) { snprintf(command, MAX_COMMAND_SIZE - 1, "interface route add %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13116 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) { snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); 1 --------------------------------- 13117 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 879 void NetworkUtils::startTethering(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (!GET_FIELD(mUsbStartIp).IsEmpty() && !GET_FIELD(mUsbEndIp).IsEmpty()) { snprintf(command, MAX_COMMAND_SIZE - 1, "tether start %s %s %s %s", GET_CHAR(mWifiStartIp), GET_CHAR(mWifiEndIp), GET_CHAR(mUsbStartIp), GET_CHAR(mUsbEndIp)); 1 --------------------------------- 13118 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = aDoAdd ? "add" : "remove"; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13119 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = aOptions.mDnses.Length(); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 1 --------------------------------- 13120 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = getNetworkAddr(ip, prefix); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 1 --------------------------------- 13121 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13122 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1264 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 20) { snprintf(command, MAX_COMMAND_SIZE - 1, "interface route remove %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13123 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp String_Termination_Error 1607 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* reason = strtok(nullptr, "\0"); sendBroadcastMessage(code, reason); if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); if (!strcmp(reason, linkdownReason)) { 1 --------------------------------- 13124 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1040 void NetworkUtils::setInterfaceDns(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION <= 20) { written = snprintf(command, sizeof command, "resolver setifdns %s %s", GET_CHAR(mIfname), GET_CHAR(mDomain)); 1 --------------------------------- 13125 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1257 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13126 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 723 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16) { snprintf(command, MAX_COMMAND_SIZE - 1, "interface setcfg %s %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 1 --------------------------------- 13127 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13128 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION < 16) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13129 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13130 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1232 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13131 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = atoi(result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 1 --------------------------------- 13132 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13133 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13134 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 371 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; if (!strcmp(iface, "p2p0")) { snprintf(command, COMMAND_SIZE, "%s", cmd); 1 --------------------------------- 13135 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 374 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; if (strcmp(iface, "p2p0")) { snprintf(command, COMMAND_SIZE, "IFNAME=%s %s", iface, cmd); 1 --------------------------------- 13136 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = aLength;} if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 1 --------------------------------- 13137 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s",&part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 1 --------------------------------- 13138 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end()); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = part.frames[k]; ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 1 --------------------------------- 13139 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 1 --------------------------------- 13140 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = frame.buf; char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 1 --------------------------------- 13141 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Format_String_Attack 523 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { 1 --------------------------------- 13142 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); 1 --------------------------------- 13143 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr < packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += (*it).sizeBytes; if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift; memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 1 --------------------------------- 13144 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 speed) in_fmt->m_vc_size = vc_size; in_fmt->m_sdh_line_rate = speed; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 1 --------------------------------- 13145 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = get_token_len(line, line+5, &next_token); if (tokenlen != 0) { tokenlen = get_token_len(next_token, line+linelen, &next_token); if (tokenlen >= 3) { memcpy(response_chars, next_token, 3); 1 --------------------------------- 13146 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( 0 == bit_mask ) { bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ){ *(pout++) = *(pin++);} *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = code_low + 3; memset( pout, *pin++, length ); 1 --------------------------------- 13147 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ) *(pout++) = *(pin++); } offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset < outbuf ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = code_type; if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 1 --------------------------------- 13148 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 729 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16) { component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "interface setcfg %s %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 0 --------------------------------- 13149 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 926 void NetworkUtils::setDnsForwarders(CommandChain* aChain,CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "tether dns set %d %s %s", GET_FIELD(mNetId), GET_CHAR(mDns1), GET_CHAR(mDns2)); 0 --------------------------------- 13150 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(dnses[i]); component_data = sizeof(command); int ret = PR_snprintf(command + written, component_data - written, " %s", autoDns.get()); 0 --------------------------------- 13151 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13152 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13153 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1239 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 20) { component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "interface route add %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13154 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) { NetdCommand* netdCommand = new NetdCommand(); component_data = MAX_COMMAND_SIZE - 1; PR_snprintf((char*)netdCommand->mData, component_data, "0 %s", aCommand); 0 --------------------------------- 13155 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 879 void NetworkUtils::startTethering(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (!GET_FIELD(mUsbStartIp).IsEmpty() && !GET_FIELD(mUsbEndIp).IsEmpty()) { component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "tether start %s %s %s %s", GET_CHAR(mWifiStartIp), GET_CHAR(mWifiEndIp), GET_CHAR(mUsbStartIp), GET_CHAR(mUsbEndIp)); 0 --------------------------------- 13156 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = aDoAdd ? "add" : "remove"; component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13157 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = aOptions.mDnses.Length(); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; component_data = sizeof(dns_prop_key); PR_snprintf(dns_prop_key, component_data, "net.dns%d", i+1); 0 --------------------------------- 13158 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = getNetworkAddr(ip, prefix); component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 13159 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13160 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1264 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 20) { component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "interface route remove %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13161 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp String_Termination_Error 1607 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* reason = strtok(nullptr, "\0"); sendBroadcastMessage(code, reason); if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(linkdownReason, component_data, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); if (!strcmp(reason, linkdownReason)) { 0 --------------------------------- 13162 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1040 void NetworkUtils::setInterfaceDns(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION <= 20) { component_data = sizeof(command); written = PR_snprintf(command, component_data, "resolver setifdns %s %s", GET_CHAR(mIfname), GET_CHAR(mDomain)); 0 --------------------------------- 13163 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1257 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "network route remove %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13164 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 723 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16) { component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "interface setcfg %s %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 0 --------------------------------- 13165 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13166 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION < 16) { component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13167 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13168 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1232 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "network route add %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13169 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = atoi(result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(linkdownReason, component_data, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 0 --------------------------------- 13170 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13171 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { component_data = MAX_COMMAND_SIZE - 1; PR_snprintf(command, component_data, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13172 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 371 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; if (!strcmp(iface, "p2p0")) { component_data = COMMAND_SIZE; PR_snprintf(command, component_data, "%s", cmd); 0 --------------------------------- 13173 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 374 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; if (!strcmp(iface, "p2p0")) { component_data = COMMAND_SIZE; PR_snprintf(command, component_data, "IFNAME=%s %s", iface, cmd); 0 --------------------------------- 13174 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = aLength;} if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { CheckedInt32 size = mTextSize; size += aLength; if (!size.isValid()) { return NS_ERROR_OUT_OF_MEMORY; } mTextSize = size.value(); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} component_data = sizeof(char16_t); memcpy(&mText[mTextLength],aText + offset, component_data * amount); 0 --------------------------------- 13175 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; component_data = sizeof(search); snprintf(search, component_data, "%s/", part.path); 0 --------------------------------- 13176 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end());} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = part.frames[k]; ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); component_data = sizeof(wchar_t); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / component_data); 0 --------------------------------- 13177 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { component_data = frame.width * frame.height; memcpy(vaddr, frame.buf, component_data * frame.bytepp); 0 --------------------------------- 13178 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = frame.buf; char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { component_data = src_stride; memcpy(dst, src, component_data); 0 --------------------------------- 13179 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); component_data = name.c_str(); strcpy(frame.path, component_data); 0 --------------------------------- 13180 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr + kLengthFieldLength <= packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); if (nalu_ptr + kLengthFieldLength + length <= packet_buffer + packet.sizeBytes) { required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} nalu_ptr += kLengthFieldLength + length; } else { LOG(LS_ERROR) << "Failed to insert packet due to corrupt H264 STAP-A"; return 0; } } if (required_length > packet.sizeBytes + kBufferSafetyMargin) { LOG(LS_ERROR) << "Failed to insert packet due to too many NALs in a STAP-A"; return 0;} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += (*it).sizeBytes; if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} component_data = shift_length; memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, component_data); 0 --------------------------------- 13181 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate)channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate) in_fmt->m_vc_size = vc_size; in_fmt->m_sdh_line_rate = rate; component_data = 0xff; memset(&(in_fmt->m_vc_index_array[0]), component_data, DECHAN_MAX_AUG_INDEX); 0 --------------------------------- 13182 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = get_token_len(line, line+5, &token); if (tokenlen != 0) { tokenlen = get_token_len(token, line+linelen, &next_token); if (tokenlen >= 3) { component_data = 3; memcpy(response_chars, token, component_data); 0 --------------------------------- 13183 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( pin + 2 >= pin_end ) { *err = WTAP_ERR_UNC_TRUNCATED; return ( -1 ); } bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ) if ( pout + 1 > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); *(pout++) = *(pin++); *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); component_data = code_low + 3; length = component_data; memset( pout, *pin++, component_data ); 0 --------------------------------- 13184 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ){ if ( pout + 1 > pout_end ) {*err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); } *(pout++) = *(pin++); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset + length > pout ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = code_type; if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} component_data = pout - offset; memcpy( pout, component_data, length ); 0 --------------------------------- 13185 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 729 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16) { component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "interface setcfg %s %s %s [%s]", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 1 --------------------------------- 13186 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 926 void NetworkUtils::setDnsForwarders(CommandChain* aChain,CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; component_data = MAX_COMMAND_SIZE - 1; if (SDK_VERSION >= 20) { snprintf(command, component_data, "tether dns set %d %s %s", GET_FIELD(mNetId), GET_CHAR(mDns1), GET_CHAR(mDns2)); 1 --------------------------------- 13187 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(dnses[i]); component_data = command + written; int ret = snprintf(component_data, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13188 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13189 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13190 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1239 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 20) { component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "interface route add %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13191 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) { NetdCommand* netdCommand = new NetdCommand(); component_data = MAX_COMMAND_SIZE - 1; snprintf((char*)netdCommand->mData, component_data, "0 %s", aCommand); 1 --------------------------------- 13192 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 879 void NetworkUtils::startTethering(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (!GET_FIELD(mUsbStartIp).IsEmpty() && !GET_FIELD(mUsbEndIp).IsEmpty()) { component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "tether start %s %s %s %s", GET_CHAR(mWifiStartIp), GET_CHAR(mWifiEndIp), GET_CHAR(mUsbStartIp), GET_CHAR(mUsbEndIp)); 1 --------------------------------- 13193 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = aDoAdd ? "add" : "remove"; component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13194 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = aOptions.mDnses.Length(); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; component_data = sizeof(dns_prop_key); snprintf(dns_prop_key, component_data, "net.dns%d", i+1); 1 --------------------------------- 13195 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = getNetworkAddr(ip, prefix); component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 1 --------------------------------- 13196 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13197 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1264 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 20) { component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "interface route remove %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13198 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp String_Termination_Error 1607 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* reason = strtok(nullptr, "\0"); sendBroadcastMessage(code, reason); if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; component_data = MAX_COMMAND_SIZE - 1; snprintf(linkdownReason, component_data, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); if (!strcmp(reason, linkdownReason)) { 1 --------------------------------- 13199 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1040 void NetworkUtils::setInterfaceDns(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION <= 20) { component_data = sizeof(command); written = snprintf(command, component_data, "resolver setifdns %s %s", GET_CHAR(mIfname), GET_CHAR(mDomain)); 1 --------------------------------- 13200 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1257 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "network route remove %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13201 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 723 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16) { component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "interface setcfg %s %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 1 --------------------------------- 13202 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13203 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION < 16) { component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13204 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13205 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1232 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "network route add %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13206 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = atoi(result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; component_data = MAX_COMMAND_SIZE - 1; snprintf(linkdownReason, component_data, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 1 --------------------------------- 13207 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13208 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { component_data = MAX_COMMAND_SIZE - 1; snprintf(command, component_data, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13209 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 371 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; if (!strcmp(iface, "p2p0")) { component_data = COMMAND_SIZE; snprintf(command, component_data, "%s", cmd); 1 --------------------------------- 13210 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 374 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; if (strcmp(iface, "p2p0")) { component_data = COMMAND_SIZE; snprintf(command, component_data, "IFNAME=%s %s", iface, cmd); 1 --------------------------------- 13211 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = aLength;} if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} component_data = sizeof(char16_t); memcpy(&mText[mTextLength],aText + offset, component_data * amount); 1 --------------------------------- 13212 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s",&part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; component_data = sizeof(search); snprintf(search, component_data, "%s/", part.path); 1 --------------------------------- 13213 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end()); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = part.frames[k]; ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); component_data = sizeof(wchar_t); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / component_data); 1 --------------------------------- 13214 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { component_data = frame.width * frame.height * frame.bytepp); memcpy(vaddr, frame.buf, component_data); 1 --------------------------------- 13215 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part);} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = frame.buf; char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { component_data = src_stride; memcpy(dst, src, component_data); 1 --------------------------------- 13216 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); component_data = name.c_str(); strcpy(frame.path, component_data); 1 --------------------------------- 13217 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr < packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += (*it).sizeBytes; if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift; component_data = shift_length; memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 1 --------------------------------- 13218 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 speed) in_fmt->m_vc_size = vc_size; in_fmt->m_sdh_line_rate = speed; component_data = DECHAN_MAX_AUG_INDEX; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 1 --------------------------------- 13219 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = get_token_len(line, line+5, &next_token); if (tokenlen != 0) { tokenlen = get_token_len(next_token, line+linelen, &next_token); if (tokenlen >= 3) { component_data = 3; memcpy(response_chars, next_token, component_data); 1 --------------------------------- 13220 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( 0 == bit_mask ) { bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ){ *(pout++) = *(pin++);} *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); component_data = code_low + 3; length = component_data; memset( pout, *pin++, component_data ); 1 --------------------------------- 13221 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ) *(pout++) = *(pin++); } offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset < outbuf ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = code_type; if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} component_data = pout - offset; memcpy( pout, component, length ); 1 --------------------------------- 13222 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length; for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns = func(&dnses, i); nsTArray func(nsTArray *&dnses, uint32_t i) return (*dnses)[i]; NS_ConvertUTF16toUTF8 autoDns = func(&dnses, i); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13223 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = func(&autoGateway); int func(NS_ConvertUTF16toUTF8 *autoGateway) return getIpType(autoGateway->get()); int type = func(&autoGateway); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13224 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = func(&aDoAdd); const char* func(bool *aDoAdd) return (*aDoAdd) ? "add" : "remove"; const char* action = func(&aDoAdd); snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13225 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = func(aOptions); uint32_t func(NetworkParams &aOptions) return aOptions.mDnses.Length(); uint32_t length = func(aOptions); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 1 --------------------------------- 13226 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = func(&ip, prefix); char* func(uint32_t *ip, uint32_t prefix) return getNetworkAddr(*ip, prefix); char* networkAddr = func(&ip, prefix); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 1 --------------------------------- 13227 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = func(&autoGateway); int func(NS_ConvertUTF16toUTF8 *autoGateway) return getIpType(autoGateway->get()); int type = func(&autoGateway); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13228 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = func(&result); uint32_t func(char**result) return atoi(*result); uint32_t code = func(&result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 1 --------------------------------- 13229 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = func(&autoGateway); int func(NS_ConvertUTF16toUTF8 *autoGateway) return getIpType(autoGateway->get()); int type = func(&autoGateway); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13230 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = func(&aLength); int32_t func(int32_t *aLength) return *aLength; amount = func(&aLength); if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 1 --------------------------------- 13231 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s",&part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = func(parts, &i); AnimationPart func(vector& parts, uint32_t *i) return parts[*i]; AnimationPart &part = func(parts, &i); entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 1 --------------------------------- 13232 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end()); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = func(part, &k); AnimationFrame func(AnimationPart& part, uint32_t *k) return part.frames[*k]; AnimationFrame &frame = func(part, &k); ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 1 --------------------------------- 13233 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = func(part, &k); AnimationFrame func(AnimationPart& part, uint32_t *k) return part.frames[*k]; AnimationFrame &frame = func(part, &k); if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 1 --------------------------------- 13234 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part);} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = func(&frame); char* func(AnimationFrame *&frame) return frame->buf; char *src = func(&frame); char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 1 --------------------------------- 13235 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = func(&part); AnimationFrame func(AnimationPart *&part) return part->frames.back(); AnimationFrame &frame = func(&part); strcpy(frame.path, name.c_str()); 1 --------------------------------- 13236 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr < packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += func(it); int func(PacketIterator &it) return (*it).sizeBytes; shift_length += func(it); if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 1 --------------------------------- 13237 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 speed) in_fmt->m_vc_size = func(&vc_size); guint8 func(guint8 *vc_size) return *vc_size; in_fmt->m_vc_size = func(&vc_size); in_fmt->m_sdh_line_rate = speed; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 1 --------------------------------- 13238 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = func(&line, next_token); int func(const guchar** line, const guchar*&next_token) return get_token_len(*line, *line+5, &next_token); tokenlen = func(&line, next_token); if (tokenlen != 0) { tokenlen = get_token_len(next_token, line+linelen, &next_token); if (tokenlen >= 3) { memcpy(response_chars, next_token, 3); 1 --------------------------------- 13239 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( 0 == bit_mask ) { bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ){ *(pout++) = *(pin++);} *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = func(&code_low); unsigned func(unsigned int *code_low) return *code_low + 3; length = func(&code_low); memset( pout, *pin++, length ); 1 --------------------------------- 13240 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ) *(pout++) = *(pin++); } offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset < outbuf ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = func(&code_type); int func(int *code_type) return *code_type; length = func(&code_type); if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 1 --------------------------------- 13241 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns = func(&dnses, i); nsTArray func(nsTArray *&dnses, uint32_t i) return (*dnses)[i]; NS_ConvertUTF16toUTF8 autoDns = func(&dnses, i); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13242 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = func(&autoGateway); int func(NS_ConvertUTF16toUTF8 *autoGateway) return getIpType(autoGateway->get()); int type = func(*autoGateway); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13243 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = func(&aDoAdd); const char* func(bool *aDoAdd) return (*aDoAdd) ? "add" : "remove"; const char* action = func(&aDoAdd); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13244 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = func(aOptions); uint32_t func(NetworkParams &aOptions) return aOptions.mDnses.Length(); uint32_t length = func(aOptions); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; PR_snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 0 --------------------------------- 13245 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = func(&ip, prefix); char* func(uint32_t *ip, uint32_t prefix) return getNetworkAddr(*ip, prefix); char* networkAddr = func(&ip, prefix); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 13246 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = func(&autoGateway); int func(NS_ConvertUTF16toUTF8 *autoGateway) return getIpType(autoGateway->get()); int type = func(&autoGateway); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13247 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = func(&result); uint32_t func(char**result) return atoi(*result); uint32_t code = func(&result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 0 --------------------------------- 13248 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = func(&autoGateway); int func(NS_ConvertUTF16toUTF8 *autoGateway) return getIpType(autoGateway->get()); int type = func(&autoGateway); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13249 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = func(&aLength); int32_t func(int32_t *aLength) return *aLength; amount = func(&aLength); if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { CheckedInt32 size = mTextSize; size += aLength; if (!size.isValid()) { return NS_ERROR_OUT_OF_MEMORY; } mTextSize = size.value(); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 0 --------------------------------- 13250 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = func(parts, &i); AnimationPart func(vector& parts, uint32_t *i) return parts[*i]; AnimationPart &part = func(parts, &i); entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 0 --------------------------------- 13251 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end());} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = func(part, &k); AnimationFrame func(AnimationPart& part, uint32_t *k) return part.frames[*k]; AnimationFrame &frame = func(part, &k); ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 0 --------------------------------- 13252 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = func(part, &k); AnimationFrame func(AnimationPart& part, uint32_t *k) return part.frames[*k]; AnimationFrame &frame = func(part, &k); if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 0 --------------------------------- 13253 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = func(&frame); char* func(AnimationFrame *&frame) return frame->buf; char *src = func(&frame); char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 0 --------------------------------- 13254 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = func(&part); AnimationFrame func(AnimationPart *&part) return part->frames.back(); AnimationFrame &frame = func(&part); strcpy(frame.path, name.c_str()); 0 --------------------------------- 13255 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr + kLengthFieldLength <= packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); if (nalu_ptr + kLengthFieldLength + length <= packet_buffer + packet.sizeBytes) { required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} nalu_ptr += kLengthFieldLength + length; } else { LOG(LS_ERROR) << "Failed to insert packet due to corrupt H264 STAP-A"; return 0; } } if (required_length > packet.sizeBytes + kBufferSafetyMargin) { LOG(LS_ERROR) << "Failed to insert packet due to too many NALs in a STAP-A"; return 0;} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += func(it); int func(PacketIterator &it) return (*it).sizeBytes; shift_length += func(it); if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 0 --------------------------------- 13256 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate)channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate) in_fmt->m_vc_size = func(&vc_size); guint8 func(guint8 *vc_size) return *vc_size; in_fmt->m_vc_size = func(&vc_size); in_fmt->m_sdh_line_rate = rate; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 0 --------------------------------- 13257 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = func(&line, &token); int func(const guchar** line, const guchar* token) return get_token_len(*line, *line+5, &token); tokenlen = func(&line, &token); if (tokenlen != 0) { tokenlen = get_token_len(token, line+linelen, &next_token); if (tokenlen >= 3) { memcpy(response_chars, token, 3); 0 --------------------------------- 13258 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( pin + 2 >= pin_end ) { *err = WTAP_ERR_UNC_TRUNCATED; return ( -1 ); } bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ) if ( pout + 1 > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); *(pout++) = *(pin++); *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = func(&code_low); unsigned func(unsigned int *code_low) return *code_low + 3; length = func(&code_low); memset( pout, *pin++, length ); 0 --------------------------------- 13259 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ){ if ( pout + 1 > pout_end ) {*err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); } *(pout++) = *(pin++); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset + length > pout ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = func(&code_type); int func(int *code_type) return *code_type; length = func(&code_type); if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 0 --------------------------------- 13260 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); nsTArray dataArray[5]; dataArray[2] = dnses; uint32_t length = goodSource(dataArray); uint32_t goodSource(nsTArray dataArray[]) nsTArray& dnses = dataArray[2]; return dnses.Length(); uint32_t length = goodSource(dataArray); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13261 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); NS_ConvertUTF16toUTF8 dataArray[5]; dataArray[2] = autoGateway; int type = goodSource(dataArray); int goodSource(NS_ConvertUTF16toUTF8 dataArray[]) NS_ConvertUTF16toUTF8 autoGateway = dataArray[2]; return getIpType(autoGateway.get()); int type = goodSource(dataArray); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13262 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); NS_ConvertUTF16toUTF8 dataArray[5]; dataArray[2] = autoGateway; int type = goodSource(dataArray); int goodSource(NS_ConvertUTF16toUTF8 dataArray[]) autoGateway = dataArray[2]; return getIpType(autoGateway.get()); int type = goodSource(dataArray); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13263 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); ool dataArray[5]; dataArray[2] = aDoAdd; const char* action = goodSource(dataArray); const char* goodSource(bool dataArray[]) bool aDoAdd = dataArray[2]; rturn aDoAdd ? "add" : "remove"; const char* action = goodSource(dataArray); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13264 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = aOptions.mDnses.Length(); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NetworkParams dataArray[5]; dataArray[2] = aOptions; NS_ConvertUTF16toUTF8 autoDns = goodSource(dataArray) NS_ConvertUTF16toUTF8 goodSource(NetworkParams dataArray[]) aOptions = dataArray[2]; return aOptions.mDnses[i]; NS_ConvertUTF16toUTF8 autoDns = goodSource(dataArray) char dns_prop_key[PROPERTY_VALUE_MAX]; PR_snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 0 --------------------------------- 13265 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); uint32_t dataArray[5]; dataArray[0] = prefix; dataArray[1] = ip; char* networkAddr = goodSource(dataArray); char* goodSource(uint32_t dataArray[]) uint32_t prefix = dataArray[0]; uint32_t ip = dataArray[1]; return getNetworkAddr(ip, prefix); char* networkAddr = goodSource(dataArray); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 13266 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); NS_ConvertUTF16toUTF8 dataArray[5]; dataArray[2] = autoGateway; int type = goodSource(dataArray); int goodSource(NS_ConvertUTF16toUTF8 dataArray[]) NS_ConvertUTF16toUTF8 autoGateway = dataArray[2]; return getIpType(autoGateway.get()); int type = goodSource(dataArray); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13267 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); NS_ConvertUTF16toUTF8 dataArray[5]; dataArray[2] = autoGateway; int type = goodSource(dataArray); int goodSource(NS_ConvertUTF16toUTF8 dataArray[]) NS_ConvertUTF16toUTF8 autoGateway = dataArray[2]; return getIpType(autoGateway.get()); int type = goodSource(dataArray); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13268 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = aLength;} if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { CheckedInt32 size = mTextSize; int32_t dataArray[5]; dataArray[2] = aLength; size += goodSource(dataArray); int32_t goodSource(int32_t dataArray[]) int32_t aLength = dataArray[2]; return aLength; size += goodSource(dataArray); if (!size.isValid()) { return NS_ERROR_OUT_OF_MEMORY; } mTextSize = size.value(); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 0 --------------------------------- 13269 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { vector dataArray[5]; dataArray[2] = parts; AnimationPart &part = goodSource(dataArray, i); AnimationPart goodSource(vector dataArray[], uint32_t i) vector &parts = dataArray[2]; return parts[i]; AnimationPart &part = goodSource(dataArray, i); entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 0 --------------------------------- 13270 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end());} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame dataArray[5]; dataArray[2] = part; AnimationFrame &frame = goodSource(dataArray, k); AnimationFrame goodSource(AnimationFrame dataArray[], uint32_t k) AnimationFrame &part = dataArray[2]; return part.frames[k]; AnimationFrame &frame = goodSource(dataArray, k); ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 0 --------------------------------- 13271 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationPart dataArray[5]; dataArray[2] = part; AnimationFrame &frame = goodSource(dataArray, k); AnimationFrame goodSource(AnimationFrame dataArray, uint32_t k) AnimationFrame &part = dataArray[2]; return part.frames[k]; AnimationFrame &frame = goodSource(dataArray, k); if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 0 --------------------------------- 13272 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *dataArray[5]; dataArray[2] = frame.buf; char *src = goodSource(dataArray); char* goodSource(char *dataArray) char *tmp = dataArray[2]; return tmp; char *src = goodSource(dataArray); char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 0 --------------------------------- 13273 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { for (uint32_t i = 0; i < parts.size(); i++) { vector dataArray[5]; dataArray[2] = parts; AnimationPart &part = goodSource(dataArray); AnimationPart goodSource(vector dataArray[]) vector &parts = dataArray[i]; return parts[i]; AnimationPart &part = goodSource(dataArray); part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); 0 --------------------------------- 13274 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr + kLengthFieldLength <= packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); if (nalu_ptr + kLengthFieldLength + length <= packet_buffer + packet.sizeBytes) { required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} nalu_ptr += kLengthFieldLength + length; } else { LOG(LS_ERROR) << "Failed to insert packet due to corrupt H264 STAP-A"; return 0; } } if (required_length > packet.sizeBytes + kBufferSafetyMargin) { LOG(LS_ERROR) << "Failed to insert packet due to too many NALs in a STAP-A"; return 0;} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { PacketIterator dataArray[5]; dataArray[2] = it; shift_length += goodSource(dataArray); int goodSource(PacketIterator dataArray[]) PacketIterator it = dataArray[2]; return (*it).sizeBytes; shift_length += goodSource(dataArray); if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 0 --------------------------------- 13275 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate)channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate) guint8 dataArray[5]; dataArray[2] = vc_size; in_fmt->m_vc_size = goodSource(dataArray); guint8 goodSource(guint8 dataArray) guint8 vc_size = dataArray[2]; return vc_size; in_fmt->m_vc_size = goodSource(dataArray); in_fmt->m_sdh_line_rate = rate; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 0 --------------------------------- 13276 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( pin + 2 >= pin_end ) { *err = WTAP_ERR_UNC_TRUNCATED; return ( -1 ); } bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ) if ( pout + 1 > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); *(pout++) = *(pin++); *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); unsigned int dataArray[5]; dataArray[2] = code_low; length = goodSource(dataArray); unsigned int goodSource(dataArray) unsigned int code_low = dataArray[2]; return code_low + 3; length = goodSource(dataArray); memset( pout, *pin++, length ); 0 --------------------------------- 13277 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ){ if ( pout + 1 > pout_end ) {*err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); } *(pout++) = *(pin++); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset + length > pout ){ *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} int dataArray[5]; dataArray[2] = code_type; length = goodSource(dataArray); int goodSource(int dataArray[5]) int code_type = dataArray[2]; return code_type; length = goodSource(dataArray); if ( pout + length > pout_end ){ *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 0 --------------------------------- 13278 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); nsTArray dataArray[5]; dataArray[2] = dnses; uint32_t length = badSource(dataArray); uint32_t badSource(nsTArray dataArray[]) nsTArray& dnses = dataArray[2]; return dnses.Length(); uint32_t length = badSource(dataArray); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13279 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); NS_ConvertUTF16toUTF8 dataArray[5]; dataArray[2] = autoGateway; int type = badSource(dataArray); int badSource(NS_ConvertUTF16toUTF8 dataArray[]) NS_ConvertUTF16toUTF8 autoGateway = dataArray[2]; return getIpType(autoGateway.get()); int type = badSource(dataArray); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13280 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); NS_ConvertUTF16toUTF8 dataArray[5]; dataArray[2] = autoGateway; int type = badSource(dataArray); int badSource(NS_ConvertUTF16toUTF8 dataArray[]) autoGateway = dataArray[2]; return getIpType(autoGateway.get()); int type = badSource(dataArray); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13281 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); bool dataArray[5]; dataArray[2] = aDoAdd; const char* action = badSource(dataArray); const char* badSource(bool dataArray[]) bool aDoAdd = dataArray[2]; rturn aDoAdd ? "add" : "remove"; const char* action = badSource(dataArray); snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13282 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = aOptions.mDnses.Length(); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NetworkParams dataArray[5]; dataArray[2] = aOptions; NS_ConvertUTF16toUTF8 autoDns = badSource(dataArray) NS_ConvertUTF16toUTF8 badSource(NetworkParams dataArray[]) aOptions = dataArray[2]; return aOptions.mDnses[i]; NS_ConvertUTF16toUTF8 autoDns = badSource(dataArray) char dns_prop_key[PROPERTY_VALUE_MAX]; snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 1 --------------------------------- 13283 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); uint32_t dataArray[5]; dataArray[0] = prefix; dataArray[1] = ip; char* networkAddr = badSource(dataArray); char* badSource(uint32_t dataArray[]) uint32_t prefix = dataArray[0]; uint32_t ip = dataArray[1]; return getNetworkAddr(ip, prefix); char* networkAddr = badSource(dataArray); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 1 --------------------------------- 13284 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); NS_ConvertUTF16toUTF8 dataArray[5]; dataArray[2] = autoGateway; int type = badSource(dataArray); int badSource(NS_ConvertUTF16toUTF8 dataArray[]) NS_ConvertUTF16toUTF8 autoGateway = dataArray[2]; return getIpType(autoGateway.get()); int type = badSource(dataArray); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13285 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); NS_ConvertUTF16toUTF8 dataArray[5]; dataArray[2] = autoGateway; int type = badSource(dataArray); int badSource(NS_ConvertUTF16toUTF8 dataArray[]) NS_ConvertUTF16toUTF8 autoGateway = dataArray[2]; return getIpType(autoGateway.get()); int type = badSource(dataArray); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13286 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = aLength;} if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { int32_t dataArray[5]; dataArray[2] = aLength; mTextSize += badSource(dataArray); int32_t badSource(int32_t dataArray[]) int32_t aLength = dataArray[2]; return aLength; mTextSize += badSource(dataArray); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 1 --------------------------------- 13287 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s",&part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { vector dataArray[5]; dataArray[2] = parts; AnimationPart &part = badSource(dataArray, i); AnimationPart badSource(vector dataArray[], uint32_t i) vector &parts = dataArray[2]; return parts[i]; AnimationPart &part = badSource(dataArray, i); entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 1 --------------------------------- 13288 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end()); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame dataArray[5]; dataArray[2] = part; AnimationFrame &frame = badSource(dataArray, k); AnimationFrame badSource(AnimationFrame dataArray[], uint32_t k) AnimationFrame &part = dataArray[2]; return part.frames[k]; AnimationFrame &frame = badSource(dataArray, k); ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 1 --------------------------------- 13289 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationPart dataArray[5]; dataArray[2] = part; AnimationFrame &frame = badSource(dataArray, k); AnimationFrame badSource(AnimationFrame dataArray, uint32_t k) AnimationFrame &part = dataArray[2]; return part.frames[k]; AnimationFrame &frame = badSource(dataArray, k); if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 1 --------------------------------- 13290 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *dataArray[5]; dataArray[2] = frame.buf; char *src = badSource(dataArray); char* badSource(char *dataArray) char *tmp = dataArray[2]; return tmp; char *src = badSource(dataArray); char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 1 --------------------------------- 13291 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { for (uint32_t i = 0; i < parts.size(); i++) { vector dataArray[5]; dataArray[2] = parts; AnimationPart &part = badSource(dataArray); AnimationPart badSource(vector dataArray[]) vector &parts = dataArray[i]; return parts[i]; AnimationPart &part = badSource(dataArray); part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); 1 --------------------------------- 13292 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr < packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { PacketIterator dataArray[5]; dataArray[2] = it; shift_length += badSource(dataArray); int badSource(PacketIterator dataArray[]) PacketIterator it = dataArray[2]; return (*it).sizeBytes; shift_length += badSource(dataArray); if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 1 --------------------------------- 13293 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 speed) guint8 dataArray[5]; dataArray[2] = vc_size; in_fmt->m_vc_size = badSource(dataArray); guint8 badSource(guint8 dataArray) guint8 vc_size = dataArray[2]; return vc_size; in_fmt->m_vc_size = badSource(dataArray); in_fmt->m_sdh_line_rate = speed; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 1 --------------------------------- 13294 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( 0 == bit_mask ) { bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ){ *(pout++) = *(pin++);} *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); unsigned int dataArray[5]; dataArray[2] = code_low; length = badSource(dataArray); unsigned int badSource(dataArray) unsigned int code_low = dataArray[2]; return code_low + 3; length = badSource(dataArray); memset( pout, *pin++, length ); 1 --------------------------------- 13295 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ) *(pout++) = *(pin++); } offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset < outbuf ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} int dataArray[5]; dataArray[2] = code_type; length = badSource(dataArray); int badSource(int dataArray[5]) int code_type = dataArray[2]; return code_type; length = badSource(dataArray); if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 1 --------------------------------- 13296 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 nsTArray (*funcPtr)(nsTArray &, uint32_t) = goodSource; void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns = funcPtr(dnses, i); nsTArray goodSource(nsTArray &dnses, uint32_t i) return dnses[i]; NS_ConvertUTF16toUTF8 autoDns = funcPtr(dnses, i); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13297 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 nsTArray& (*funcPtr)() = goodSource; static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; nsTArray& gateways = funcPtr(); nsTArray& goodSource() return GET_FIELD(mGateways); nsTArray& gateways = funcPtr(); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13298 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 int (*funcPtr)(NS_ConvertUTF16toUTF8 ) = goodSource; static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = funcPtr(autoGateway); int goodSource(NS_ConvertUTF16toUTF8 autoGateway) return getIpType(autoGateway.get()); int type = funcPtr(autoGateway); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13299 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 NetdCommand* (*funcPtr)() = goodSource; void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = funcPtr(); NetdCommand* goodSource() return NetdCommand(); NetdCommand* netdCommand = funcPtr(); if (SDK_VERSION >= 16) { PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); 0 --------------------------------- 13300 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 const char* (*funcPtr)(bool) = goodSource; void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = funcPtr(aDoAdd); const char* goodSource(bool aDoAdd) return aDoAdd ? "add" : "remove"; const char* action = funcPtr(aDoAdd); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13301 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 uint32_t (*funcPtr)(NetworkParams) = goodSource; CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = funcPtr(aOptions); uint32_t goodSource(NetworkParams aOptions) return aOptions.mDnses.Length(); uint32_t length = funcPtr(aOptions); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; PR_snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 0 --------------------------------- 13302 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 char* (*funcPtr)(uint32_t , uint32_t ) = goodSource; void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = funcPtr(ip, prefix); char* goodSource(uint32_t ip, uint32_t prefix) return getNetworkAddr(ip, prefix); char* networkAddr = funcPtr(ip, prefix); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 13303 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 nsCString (*funcPtr)() = goodSource; void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = funcPtr(); nsCString goodSource() return GET_CHAR(mSsid); nsCString ssid = funcPtr(); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13304 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp String_Termination_Error 1607 char* (*funcPtr)() = goodSource; void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* reason = funcPtr(); char* goodSource() return strtok(nullptr, "\0"); char* reason = funcPtr(); sendBroadcastMessage(code, reason); if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); if (!strcmp(reason, linkdownReason)) { 0 --------------------------------- 13305 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 int (*funcPtr)(NS_ConvertUTF16toUTF8 ) = goodSource; void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = funcPtr(autoGateway); int goodSource(NS_ConvertUTF16toUTF8 autoGateway) return getIpType(autoGateway.get()); int type = funcPtr(autoGateway); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13306 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 nsCString (*funcPtr)() = goodSource; void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = funcPtr(); nsCString goodSource() return GET_CHAR(mSsid)); nsCString ssid = funcPtr(); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION < 16) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13307 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 nsCString (*funcPtr)() = goodSource; void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = funcPtr(); nsCString goodSource() return GET_CHAR(mSsid); nsCString ssid = funcPtr(); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13308 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 uint32_t (*funcPtr)(char*) = goodSource; void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = funcPtr(result); uint32_t goodSource(char*result) return atoi(result); uint32_t code = funcPtr(result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 0 --------------------------------- 13309 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 int (*funcPtr)(NS_ConvertUTF16toUTF8 ) = goodSource; void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = funcPtr(autoGateway); int goodSource(NS_ConvertUTF16toUTF8 autoGateway) return getIpType(autoGateway.get()); int type = funcPtr(autoGateway); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13310 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 nsCString (*funcPtr)() = goodSource; void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = funcPtr(); nsCString goodSource() return GET_CHAR(mSsid); nsCString ssid = funcPtr(); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13311 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 int32_t (*funcPtr)(int32_t ) = goodSource; nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = funcPtr(aLength); int32_t goodSource(int32_t aLength) return aLength; amount = funcPtr(aLength); if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { CheckedInt32 size = mTextSize; size += aLength; if (!size.isValid()) { return NS_ERROR_OUT_OF_MEMORY; } mTextSize = size.value(); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 0 --------------------------------- 13312 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 AnimationPart (*funcPtr)(vector& , uint32_t ) = goodSource; static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = funcPtr(parts, i); AnimationPart goodSource(vector& parts, uint32_t i) return parts[i]; AnimationPart &part = funcPtr(parts, i); entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 0 --------------------------------- 13313 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 AnimationFrame (*funcPtr)(AnimationPart&, uint32_t) = goodSource; static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end());} for (uint32_t i = 0; i < parts.size(); i++) { AnimationFrame &frame = funcPtr(part, k); AnimationFrame goodSource(AnimationPart& part, uint32_t k) return part.frames[k]; AnimationFrame &frame = funcPtr(part, k); uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = part.frames[k]; ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 0 --------------------------------- 13314 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 AnimationFrame (*funcPtr)(AnimationPart& , uint32_t) = goodSource; static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = funcPtr(part, k); AnimationFrame goodSource(AnimationPart& part, uint32_t k) return part.frames[k]; AnimationFrame &frame = funcPtr(part, k); if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 0 --------------------------------- 13315 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 char* (*funcPtr)(AnimationFrame &) = goodSource; static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = funcPtr(frame); char* goodSource(AnimationFrame &frame) return frame.buf; char *src = funcPtr(frame); char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 0 --------------------------------- 13316 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 AnimationFrame (*funcPtr)(AnimationPart &) = goodSource; static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = funcPtr(part); AnimationFrame goodSource(AnimationPart &part) return part.frames.back(); AnimationFrame &frame = funcPtr(part); strcpy(frame.path, name.c_str()); 0 --------------------------------- 13317 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 int (*funcPtr)(PacketIterator ) = goodSource; size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr + kLengthFieldLength <= packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); if (nalu_ptr + kLengthFieldLength + length <= packet_buffer + packet.sizeBytes) { required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} nalu_ptr += kLengthFieldLength + length; } else { LOG(LS_ERROR) << "Failed to insert packet due to corrupt H264 STAP-A"; return 0; } } if (required_length > packet.sizeBytes + kBufferSafetyMargin) { LOG(LS_ERROR) << "Failed to insert packet due to too many NALs in a STAP-A"; return 0;} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += funcPtr(it); int goodSource(PacketIterator it) return (*it).sizeBytes; shift_length += funcPtr(it); if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 0 --------------------------------- 13318 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 guint8 (*func)(guint8 ) = goodSource; static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate)channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate) in_fmt->m_vc_size = funcPtr(vc_size); guint8 goodSource(guint8 vc_size) return vc_size; in_fmt->m_vc_size = funcPtr(vc_size); in_fmt->m_sdh_line_rate = rate; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 0 --------------------------------- 13319 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 int (*funcPtr)(const guchar* , const guchar* ) = goodSource; static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = funcPtr(line, line + 5, &token); int goodSource(const guchar* line, const guchar* token) return get_token_len(line, line+5, &token); tokenlen = funcPtr(line, line + 5, &token); if (tokenlen != 0) { tokenlen = get_token_len(token, line+linelen, &next_token); if (tokenlen >= 3) { memcpy(response_chars, token, 3); 0 --------------------------------- 13320 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 unsigned (*funcPtr)(unsigned int ) = goodSource; static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( pin + 2 >= pin_end ) { *err = WTAP_ERR_UNC_TRUNCATED; return ( -1 ); } bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ) if ( pout + 1 > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); *(pout++) = *(pin++); *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = funcPtr(code_low); unsigned goodSource(unsigned int code_low) return code_low + 3; length = funcPtr(code_low); memset( pout, *pin++, length ); 0 --------------------------------- 13321 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 int (*funcPtr)(int ) = goodSource; static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ){ if ( pout + 1 > pout_end ) {*err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); } *(pout++) = *(pin++); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset + length > pout ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = funcPtr(code_type); int goodSource(int code_type) return code_type; length = funcPtr(code_type); if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 0 --------------------------------- 13322 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 nsTArray (*funcPtr)(nsTArray &, uint32_t) = badSource; void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns = funcPtr(dnses, i); nsTArray badSource(nsTArray &dnses, uint32_t i) return dnses[i]; NS_ConvertUTF16toUTF8 autoDns = funcPtr(dnses, i); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13323 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 nsTArray& (*funcPtr)() = badSource; static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; nsTArray& gateways = funcPtr(); nsTArray& badSource() return GET_FIELD(mGateways); nsTArray& gateways = funcPtr(); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13324 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 int (*funcPtr)(NS_ConvertUTF16toUTF8 ) = badSource; static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = funcPtr(autoGateway); int badSource(NS_ConvertUTF16toUTF8 autoGateway) return getIpType(autoGateway.get()); int type = funcPtr(autoGateway); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13325 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 NetdCommand* (*funcPtr)() = badSource; void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = funcPtr(); NetdCommand* badSource() return NetdCommand(); NetdCommand* netdCommand = funcPtr(); if (SDK_VERSION >= 16) { snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); 1 --------------------------------- 13326 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 const char* (*funcPtr)(bool) = badSource; void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = funcPtr(aDoAdd); const char* badSource(bool aDoAdd) return aDoAdd ? "add" : "remove"; const char* action = funcPtr(aDoAdd); snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13327 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 uint32_t (*funcPtr)(NetworkParams) = badSource; CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = funcPtr(aOptions); uint32_t badSource(NetworkParams aOptions) return aOptions.mDnses.Length(); uint32_t length = funcPtr(aOptions); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 1 --------------------------------- 13328 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 char* (*funcPtr)(uint32_t , uint32_t ) = badSource; void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = funcPtr(ip, prefix); char* badSource(uint32_t ip, uint32_t prefix) return getNetworkAddr(ip, prefix); char* networkAddr = funcPtr(ip, prefix); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 1 --------------------------------- 13329 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 nsCString (*funcPtr)() = badSource; void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = funcPtr(); nsCString badSource() return GET_CHAR(mSsid); nsCString ssid = funcPtr(); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13330 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp String_Termination_Error 1607 char* (*funcPtr)() = badSource; void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* reason = funcPtr(); char* badSource() return strtok(nullptr, "\0"); char* reason = funcPtr(); sendBroadcastMessage(code, reason); if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); if (!strcmp(reason, linkdownReason)) { 1 --------------------------------- 13331 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 int (*funcPtr)(NS_ConvertUTF16toUTF8 ) = badSource; void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = funcPtr(autoGateway); int badSource(NS_ConvertUTF16toUTF8 autoGateway) return getIpType(autoGateway.get()); int type = funcPtr(autoGateway); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13332 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 nsCString (*funcPtr)() = badSource; void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = funcPtr(); nsCString badSource() return GET_CHAR(mSsid)); nsCString ssid = funcPtr(); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION < 16) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13333 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 nsCString (*funcPtr)() = badSource; void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = funcPtr(); nsCString badSource() return GET_CHAR(mSsid); nsCString ssid = funcPtr(); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13334 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 uint32_t (*funcPtr)(char*) = badSource; void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = funcPtr(result); uint32_t badSource(char*result) return atoi(result); uint32_t code = funcPtr(result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 1 --------------------------------- 13335 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 int (*funcPtr)(NS_ConvertUTF16toUTF8 ) = badSource; void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = funcPtr(autoGateway); int badSource(NS_ConvertUTF16toUTF8 autoGateway) return getIpType(autoGateway.get()); int type = funcPtr(autoGateway); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13336 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 nsCString (*funcPtr)() = badSource; void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = funcPtr(); nsCString badSource() return GET_CHAR(mSsid); nsCString ssid = funcPtr(); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13337 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 int32_t (*funcPtr)(int32_t ) = badSource; nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = funcPtr(aLength); int32_t badSource(int32_t aLength) return aLength; amount = funcPtr(aLength); if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 1 --------------------------------- 13338 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 AnimationPart (*funcPtr)(vector& , uint32_t ) = badSource; static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s",&part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = funcPtr(parts, i); AnimationPart badSource(vector& parts, uint32_t i) return parts[i]; AnimationPart &part = funcPtr(parts, i); entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 1 --------------------------------- 13339 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 AnimationFrame (*funcPtr)(AnimationPart&, uint32_t) = badSource; static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end()); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = funcPtr(part, k); AnimationFrame badSource(AnimationPart& part, uint32_t k) return part.frames[k]; AnimationFrame &frame = funcPtr(part, k); ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 1 --------------------------------- 13340 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 AnimationFrame (*funcPtr)(AnimationPart& , uint32_t) = badSource; static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = funcPtr(part, k); AnimationFrame badSource(AnimationPart& part, uint32_t k) return part.frames[k]; AnimationFrame &frame = funcPtr(part, k); if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 1 --------------------------------- 13341 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 char* (*funcPtr)(AnimationFrame &) = badSource; static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = funcPtr(frame); char* badSource(AnimationFrame &frame) return frame.buf; char *src = funcPtr(frame); char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 1 --------------------------------- 13342 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 AnimationFrame (*funcPtr)(AnimationPart &) = badSource; static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = funcPtr(part); AnimationFrame badSource(AnimationPart &part) return part.frames.back(); AnimationFrame &frame = funcPtr(part); strcpy(frame.path, name.c_str()); 1 --------------------------------- 13343 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 int (*funcPtr)(PacketIterator ) = badSource; size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr < packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += funcPtr(it); int badSource(PacketIterator it) return (*it).sizeBytes; shift_length += funcPtr(it); if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift; memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 1 --------------------------------- 13344 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 guint8 (*func)(guint8 ) = badSource; static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 speed) in_fmt->m_vc_size = funcPtr(vc_size); guint8 badSource(guint8 vc_size) return vc_size; in_fmt->m_vc_size = funcPtr(vc_size); in_fmt->m_sdh_line_rate = speed; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 1 --------------------------------- 13345 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 int (*funcPtr)(const guchar* , const guchar* ) = badSource; static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = funcPtr(line, next_token); int badSource(const guchar* line, const guchar*& next_token) return get_token_len(line, line+5, &next_token); tokenlen = funcPtr(line, next_token); if (tokenlen != 0) { tokenlen = get_token_len(next_token, line+linelen, &next_token); if (tokenlen >= 3) { memcpy(response_chars, next_token, 3); 1 --------------------------------- 13346 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 unsigned (*funcPtr)(unsigned int ) = badSource; static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( 0 == bit_mask ) { bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ){ *(pout++) = *(pin++);} *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = funcPtr(code_low); unsigned badSource(unsigned int code_low) return code_low + 3; length = funcPtr(code_low); memset( pout, *pin++, length ); 1 --------------------------------- 13347 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 int (*funcPtr)(int ) = badSource; static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ) *(pout++) = *(pin++); } offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset < outbuf ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = funcPtr(code_type); int badSource(int code_type) return code_type; length = funcPtr(code_type); if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 1 --------------------------------- 13348 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns = func(dnses, i); nsTArray func(nsTArray &dnses, uint32_t i) return dnses[i]; NS_ConvertUTF16toUTF8 autoDns = func(dnses, i); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13349 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; nsTArray& gateways = func(); nsTArray& func() return GET_FIELD(mGateways); nsTArray& gateways = func(); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13350 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = func(autoGateway); int func(NS_ConvertUTF16toUTF8 autoGateway) return getIpType(autoGateway.get()); int type = func(autoGateway); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13351 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) { NetdCommand* netdCommand = func(); NetdCommand* func() return NetdCommand(); NetdCommand* netdCommand = func(); PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); 0 --------------------------------- 13352 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = func(aDoAdd); bool func(bool aDoAdd) const char* aDoAdd ? "add" : "remove"; const char* action = func(aDoAdd); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13353 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = func(aOptions); uint32_t func(NetworkParams aOptions) return aOptions.mDnses.Length(); uint32_t length = func(aOptions); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; PR_snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 0 --------------------------------- 13354 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = func(ip, prefix); char* func(uint32_t ip, uint32_t prefix) return getNetworkAddr(ip, prefix); char* networkAddr = func(ip, prefix); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 13355 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = func(); nsCString func() return GET_CHAR(mSsid); nsCString ssid = func(); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13356 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp String_Termination_Error 1607 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* reason = func(); char* func() return strtok(nullptr, "\0"); char* reason = func(); sendBroadcastMessage(code, reason); if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); if (!strcmp(reason, linkdownReason)) { 0 --------------------------------- 13357 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = func(autoGateway); int func(NS_ConvertUTF16toUTF8 autoGateway) return getIpType(autoGateway.get()); int type = func(autoGateway); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13358 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = func(); nsCString func() return GET_CHAR(mSsid)); nsCString ssid = func(); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION < 16) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13359 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = func(); nsCString func() return GET_CHAR(mSsid); nsCString ssid = func(); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13360 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = func(result); uint32_t func(char*result) return atoi(result); uint32_t code = func(result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 0 --------------------------------- 13361 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = func(autoGateway); int func(NS_ConvertUTF16toUTF8 autoGateway) return getIpType(autoGateway.get()); int type = func(autoGateway); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13362 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = func(); nsCString func() return GET_CHAR(mSsid); nsCString ssid = func(); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13363 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = func(aLength); int32_t func(int32_t aLength) return aLength; amount = func(aLength); if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { CheckedInt32 size = mTextSize; size += aLength; if (!size.isValid()) { return NS_ERROR_OUT_OF_MEMORY; } mTextSize = size.value(); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 0 --------------------------------- 13364 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = func(parts, i); AnimationPart func(vector& parts, uint32_t i) return parts[i]; AnimationPart &part = func(parts, i); entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 0 --------------------------------- 13365 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end());} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = func(part, k); AnimationFrame func(AnimationPart& part, uint32_t k) return part.frames[k]; AnimationFrame &frame = func(part, k); ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 0 --------------------------------- 13366 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = func(part, k); AnimationFrame func(AnimationPart& part, uint32_t k) return part.frames[k]; AnimationFrame &frame = func(part, k); if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 0 --------------------------------- 13367 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = func(frame); char* func(AnimationFrame &frame) return frame.buf; char *src = func(frame); char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 0 --------------------------------- 13368 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = func(part); AnimationFrame func(AnimationPart &part) return part.frames.back(); AnimationFrame &frame = func(part); strcpy(frame.path, name.c_str()); 0 --------------------------------- 13369 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr + kLengthFieldLength <= packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); if (nalu_ptr + kLengthFieldLength + length <= packet_buffer + packet.sizeBytes) { required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} nalu_ptr += kLengthFieldLength + length; } else { LOG(LS_ERROR) << "Failed to insert packet due to corrupt H264 STAP-A"; return 0; } } if (required_length > packet.sizeBytes + kBufferSafetyMargin) { LOG(LS_ERROR) << "Failed to insert packet due to too many NALs in a STAP-A"; return 0;} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += func(it); int func(PacketIterator it) return (*it).sizeBytes; shift_length += func(it); if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 0 --------------------------------- 13370 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate)channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate) in_fmt->m_vc_size = func(vc_size); guint8 func(guint8 vc_size) return vc_size; in_fmt->m_vc_size = func(vc_size); in_fmt->m_sdh_line_rate = rate; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 0 --------------------------------- 13371 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = func(line, token); int func(const guchar* line, const guchar*& token) return get_token_len(line, line+5, &token); tokenlen = func(line, token); if (tokenlen != 0) { tokenlen = get_token_len(token, line+linelen, &next_token); if (tokenlen >= 3) { memcpy(response_chars, token, 3); 0 --------------------------------- 13372 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( pin + 2 >= pin_end ) { *err = WTAP_ERR_UNC_TRUNCATED; return ( -1 ); } bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ) if ( pout + 1 > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); *(pout++) = *(pin++); *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = func(code_low); unsigned func(unsigned int code_low) return code_low + 3; length = func(code_low); memset( pout, *pin++, length ); 0 --------------------------------- 13373 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ){ if ( pout + 1 > pout_end ) {*err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); } *(pout++) = *(pin++); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset + length > pout ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = func(code_type); int func(int code_type) return code_type; length = func(code_type); if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 0 --------------------------------- 13374 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length; for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns = func(dnses, i); nsTArray func(nsTArray &dnses, uint32_t i) return dnses[i]; NS_ConvertUTF16toUTF8 autoDns = func(dnses, i); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13375 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; nsTArray& gateways = func(); nsTArray& func() return GET_FIELD(mGateways); nsTArray& gateways = func(); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13376 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = func(autoGateway); int func(NS_ConvertUTF16toUTF8 autoGateway) return getIpType(autoGateway.get()); int type = func(autoGateway); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13377 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = func(); NetdCommand* func() return NetdCommand(); NetdCommand* netdCommand = func(); if (SDK_VERSION >= 16) { snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); 1 --------------------------------- 13378 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = func(bool aDoAdd); const char* func(bool aDoAdd) return aDoAdd ? "add" : "remove"; const char* action = func(bool aDoAdd); snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13379 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = func(aOptions); uint32_t func(NetworkParams aOptions) return aOptions.mDnses.Length(); uint32_t length = func(aOptions); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 1 --------------------------------- 13380 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = func(ip, prefix); char* func(uint32_t ip, uint32_t prefix) return getNetworkAddr(ip, prefix); char* networkAddr = func(ip, prefix); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 1 --------------------------------- 13381 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = func(); nsCString func() return GET_CHAR(mSsid); nsCString ssid = func(); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13382 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp String_Termination_Error 1607 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* reason = func(); char* func() return strtok(nullptr, "\0"); char* reason = func(); sendBroadcastMessage(code, reason); if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); if (!strcmp(reason, linkdownReason)) { 1 --------------------------------- 13383 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = func(autoGateway); int func(NS_ConvertUTF16toUTF8 autoGateway) return getIpType(autoGateway.get()); int type = func(autoGateway); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13384 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = func(); nsCString func() return GET_CHAR(mSsid)); nsCString ssid = func(); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION < 16) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13385 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = func(); nsCString func() return GET_CHAR(mSsid); nsCString ssid = func(); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13386 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = func(result); uint32_t func(char*result) return atoi(result); uint32_t code = func(result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 1 --------------------------------- 13387 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = func(autoGateway); int func(NS_ConvertUTF16toUTF8 autoGateway) return getIpType(autoGateway.get()); int type = func(autoGateway); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13388 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid = func(); nsCString func() return GET_CHAR(mSsid); nsCString ssid = func(); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13389 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = func(aLength); int32_t func(int32_t aLength) return aLength; amount = func(aLength); if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 1 --------------------------------- 13390 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s",&part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = func(parts, i); AnimationPart func(vector& parts, uint32_t i) return parts[i]; AnimationPart &part = func(parts, i); entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 1 --------------------------------- 13391 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end()); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = func(part, k); AnimationFrame func(AnimationPart& part, uint32_t k) return part.frames[k]; AnimationFrame &frame = func(part, k); ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 1 --------------------------------- 13392 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = func(part, k); AnimationFrame func(AnimationPart& part, uint32_t k) return part.frames[k]; AnimationFrame &frame = func(part, k); if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 1 --------------------------------- 13393 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part);} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = func(frame); char* func(AnimationFrame &frame) return frame.buf; char *src = func(frame); char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 1 --------------------------------- 13394 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = func(part); AnimationFrame func(AnimationPart &part) return part.frames.back(); AnimationFrame &frame = func(part); strcpy(frame.path, name.c_str()); 1 --------------------------------- 13395 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr < packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += func(it); int func(PacketIterator it) return (*it).sizeBytes; shift_length += func(it); if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 1 --------------------------------- 13396 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 speed) in_fmt->m_vc_size = func(vc_size); guint8 func(guint8 vc_size) return vc_size; in_fmt->m_vc_size = func(vc_size); in_fmt->m_sdh_line_rate = speed; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 1 --------------------------------- 13397 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = func(line, next_token); int func(const guchar* line, const guchar* &next_token) return get_token_len(line, next_token); tokenlen = func(line, line + 5, &next_token); if (tokenlen != 0) { tokenlen = get_token_len(next_token, line+linelen, &next_token); if (tokenlen >= 3) { memcpy(response_chars, next_token, 3); 1 --------------------------------- 13398 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( 0 == bit_mask ) { bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ){ *(pout++) = *(pin++);} *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = func(code_low); unsigned func(unsigned int code_low) return code_low + 3; length = func(code_low); memset( pout, *pin++, length ); 1 --------------------------------- 13399 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ) *(pout++) = *(pin++); } offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset < outbuf ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = func(code_type); int func(int code_type) return code_type; length = func(code_type); if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 1 --------------------------------- 13400 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 729 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; if (SDK_VERSION >= 16) { char* command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "interface setcfg %s %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 0 --------------------------------- 13401 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 926 void NetworkUtils::setDnsForwarders(CommandChain* aChain,CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; if (SDK_VERSION >= 20) { char *command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "tether dns set %d %s %s", GET_FIELD(mNetId), GET_CHAR(mDns1), GET_CHAR(mDns2)); 0 --------------------------------- 13402 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; int written; if (SDK_VERSION >= 20) { written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(dnses[i]); char* command = dataType; int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13403 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; char* dataType = command; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13404 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; char* dataType = command; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13405 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1239 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; char* dataType = command; if (SDK_VERSION < 20) { char* command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "interface route add %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13406 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); netdCommand* dataType = netdCommand; if (SDK_VERSION >= 16) { netdCommand* netdCommand = dataType; PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); 0 --------------------------------- 13407 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 879 void NetworkUtils::startTethering(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char* dataType = command; if (!GET_FIELD(mUsbStartIp).IsEmpty() && !GET_FIELD(mUsbEndIp).IsEmpty()) { char* command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "tether start %s %s %s %s", GET_CHAR(mWifiStartIp), GET_CHAR(mWifiEndIp), GET_CHAR(mUsbStartIp), GET_CHAR(mUsbEndIp)); 0 --------------------------------- 13408 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = aDoAdd ? "add" : "remove"; action = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13409 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = aOptions.mDnses.Length(); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; char* dataType = dns_prop_key; dns_prop_key = dataType; PR_snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 0 --------------------------------- 13410 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = getNetworkAddr(ip, prefix); command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 13411 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char* dataType = command; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { char *command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13412 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1264 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; char* dataType = command; if (SDK_VERSION < 20) { char* command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "interface route remove %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13413 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp String_Termination_Error 1607 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* reason = strtok(nullptr, "\0"); char* dataType = reason; sendBroadcastMessage(code, reason); if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); char* reason = dataType; if (!strcmp(reason, linkdownReason)) { 0 --------------------------------- 13414 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1040 void NetworkUtils::setInterfaceDns(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char* dataType = command; int written; if (SDK_VERSION <= 20) { char* command = dataType; written = PR_snprintf(command, sizeof command, "resolver setifdns %s %s", GET_CHAR(mIfname), GET_CHAR(mDomain)); 0 --------------------------------- 13415 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1257 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; char *dataType = command; if (SDK_VERSION >= 20) { char* command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13416 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 723 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; if (SDK_VERSION >= 16) { char *command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "interface setcfg %s %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 0 --------------------------------- 13417 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); char*command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13418 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION < 16) { char* command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13419 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char* dataType = command; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { char* command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13420 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1232 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; char* dataType = command; if (SDK_VERSION >= 20) { char*command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13421 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = atoi(result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; char* dataType = linkdownReason; linkdownReason = dataType; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 0 --------------------------------- 13422 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char* dataType = command; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); command = dataType; int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13423 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char* dataType = command; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { char* command = dataType; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13424 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 371 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; char *dataType = command; if (!strcmp(iface, "p2p0")) { char* command = dataType; PR_snprintf(command, COMMAND_SIZE, "%s", cmd); 0 --------------------------------- 13425 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 374 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; char* dataType = command; if (!strcmp(iface, "p2p0")) { char* command = dataType; PR_snprintf(command, COMMAND_SIZE, "IFNAME=%s %s", iface, cmd); 0 --------------------------------- 13426 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; int32_t *dataType = &offset; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = aLength;} if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { CheckedInt32 size = mTextSize; size += aLength; if (!size.isValid()) { return NS_ERROR_OUT_OF_MEMORY; } mTextSize = size.value(); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} uint32_t offset = *dataType; memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 0 --------------------------------- 13427 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; char* dataType = search; search = dataType; snprintf(search, sizeof(search), "%s/", part.path); 0 --------------------------------- 13428 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end());} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = part.frames[k]; ANativeWindowBuffer *buf = display->DequeueBuffer(); ANativeWindowBuffer *dataType = buf; buf = dataType; wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 0 --------------------------------- 13429 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; AnimationFrame *dataType = &frame; if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } AnimationFrame frame = *dataType; if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 0 --------------------------------- 13430 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = frame.buf; char* dataType = src; src = dataType; char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 0 --------------------------------- 13431 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Format_String_Attack 523 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; AnimationPart *dataType = ∂ part = *dataType; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { 0 --------------------------------- 13432 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationPart *dataType = ∂ part.frames.push_back(); AnimationFrame &frame = part.frames.back(); part = *dataType; strcpy(frame.path, name.c_str()); 0 --------------------------------- 13433 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr + kLengthFieldLength <= packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); if (nalu_ptr + kLengthFieldLength + length <= packet_buffer + packet.sizeBytes) { required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} nalu_ptr += kLengthFieldLength + length; } else { LOG(LS_ERROR) << "Failed to insert packet due to corrupt H264 STAP-A"; return 0; } } if (required_length > packet.sizeBytes + kBufferSafetyMargin) { LOG(LS_ERROR) << "Failed to insert packet due to too many NALs in a STAP-A"; return 0;} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); uint8_t* dataType = first_packet_ptr; first_packet_ptr = dataType; int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += (*it).sizeBytes; if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 0 --------------------------------- 13434 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate)channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate) guint8* dataType = *vc_size; vc_size = dataType; in_fmt->m_vc_size = vc_size; in_fmt->m_sdh_line_rate = rate; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 0 --------------------------------- 13435 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; gchar* dataType = reponse_chars; reponse_chars = dataType; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = get_token_len(line, line+5, &token); if (tokenlen != 0) { tokenlen = get_token_len(token, line+linelen, &next_token); if (tokenlen >= 3) { memcpy(response_chars, token, 3); 0 --------------------------------- 13436 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( pin + 2 >= pin_end ) { *err = WTAP_ERR_UNC_TRUNCATED; return ( -1 ); } bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ) if ( pout + 1 > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); *(pout++) = *(pin++); *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = code_low + 3; int *dataType = &length; length = *dataType; memset( pout, *pin++, length ); 0 --------------------------------- 13437 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ){ if ( pout + 1 > pout_end ) {*err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); } *(pout++) = *(pin++); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; int *dataType = &offset; if ( pout - offset + length > pout ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = code_type; if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} length = *dataType; memcpy( pout, pout - offset, length ); 0 --------------------------------- 13438 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 729 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; if (SDK_VERSION >= 16) { char *command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "interface setcfg %s %s %s [%s]", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 1 --------------------------------- 13439 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 926 void NetworkUtils::setDnsForwarders(CommandChain* aChain,CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; if (SDK_VERSION >= 20) { char *command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "tether dns set %d %s %s", GET_FIELD(mNetId), GET_CHAR(mDns1), GET_CHAR(mDns2)); 1 --------------------------------- 13440 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; int written; if (SDK_VERSION >= 20) { written = snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(dnses[i]); command = dataType; int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13441 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; char* dataType = command; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13442 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; char* dataType = command; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13443 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1239 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; char* dataType = command; if (SDK_VERSION < 20) { char* command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "interface route add %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13444 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); netdCommand* dataType = netdCommand; if (SDK_VERSION >= 16) { netdCommand* netdCommand = dataType; snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); 1 --------------------------------- 13445 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 879 void NetworkUtils::startTethering(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char* dataType = command; if (!GET_FIELD(mUsbStartIp).IsEmpty() && !GET_FIELD(mUsbEndIp).IsEmpty()) { char* command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "tether start %s %s %s %s", GET_CHAR(mWifiStartIp), GET_CHAR(mWifiEndIp), GET_CHAR(mUsbStartIp), GET_CHAR(mUsbEndIp)); 1 --------------------------------- 13446 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = aDoAdd ? "add" : "remove"; const char* dataType = action; action = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13447 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = aOptions.mDnses.Length(); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; char* dataType = dns_prop_key; dns_prop_key = dataType; snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 1 --------------------------------- 13448 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = getNetworkAddr(ip, prefix); command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 1 --------------------------------- 13449 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char* dataType = command; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { char *command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13450 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1264 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; char* dataType = command; if (SDK_VERSION < 20) { char* command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "interface route remove %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13451 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp String_Termination_Error 1607 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* reason = strtok(nullptr, "\0"); char* dataType = reason; sendBroadcastMessage(code, reason); if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); char* reason = dataType; if (!strcmp(reason, linkdownReason)) { 1 --------------------------------- 13452 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1040 void NetworkUtils::setInterfaceDns(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char* dataType = command; int written; if (SDK_VERSION <= 20) { char* command = dataType; written = snprintf(command, sizeof command, "resolver setifdns %s %s", GET_CHAR(mIfname), GET_CHAR(mDomain)); 1 --------------------------------- 13453 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1257 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; char *dataType = command; if (SDK_VERSION >= 20) { char* command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13454 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 723 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; if (SDK_VERSION >= 16) { char *command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "interface setcfg %s %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 1 --------------------------------- 13455 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); char*command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13456 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char *dataType = command; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION < 16) { char* command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13457 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char* dataType = command; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { char* command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13458 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1232 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; char* dataType = command; if (SDK_VERSION >= 20) { char*command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13459 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = atoi(result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; char* dataType = linkdownReason; linkdownReason = dataType; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 1 --------------------------------- 13460 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char* dataType = command; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); command = dataType; int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13461 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; char* dataType = command; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { char* command = dataType; snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13462 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 371 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; char *dataType = command; if (!strcmp(iface, "p2p0")) { char* command = dataType; snprintf(command, COMMAND_SIZE, "%s", cmd); 1 --------------------------------- 13463 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 374 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; char* dataType = command; if (strcmp(iface, "p2p0")) { char* command = dataType; snprintf(command, COMMAND_SIZE, "IFNAME=%s %s", iface, cmd); 1 --------------------------------- 13464 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; int32_t *dataType = &offset; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = aLength;} if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} uint32_t offset = *dataType; memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 1 --------------------------------- 13465 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s",&part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; char* dataType = search; search = dataType; snprintf(search, sizeof(search), "%s/", part.path); 1 --------------------------------- 13466 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end()); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = part.frames[k]; ANativeWindowBuffer *buf = display->DequeueBuffer(); ANativeWindowBuffer *dataType = buf; buf = dataType; wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 1 --------------------------------- 13467 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; AnimationFrame *dataType = &frame; if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } AnimationFrame frame = *dataType; if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 1 --------------------------------- 13468 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = frame.buf; char* dataType = src; src = dataType; char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 1 --------------------------------- 13469 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Format_String_Attack 523 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; AnimationPart *dataType = ∂ part = *dataType; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { 1 --------------------------------- 13470 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationPart *dataType = ∂ part.frames.push_back(); AnimationFrame &frame = part.frames.back(); part = *dataType; strcpy(frame.path, name.c_str()); 1 --------------------------------- 13471 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr < packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); uint8_t* dataType = first_packet_ptr; first_packet_ptr = dataType; int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += (*it).sizeBytes; if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift; memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 1 --------------------------------- 13472 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 speed) guint8* dataType = *vc_size; vc_size = dataType; in_fmt->m_vc_size = vc_size; in_fmt->m_sdh_line_rate = speed; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 1 --------------------------------- 13473 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; gchar* dataType = reponse_chars; reponse_chars = dataType; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = get_token_len(line, line+5, &next_token); if (tokenlen != 0) { tokenlen = get_token_len(next_token, line+linelen, &next_token); if (tokenlen >= 3) { memcpy(response_chars, next_token, 3); 1 --------------------------------- 13474 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( 0 == bit_mask ) { bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ){ *(pout++) = *(pin++);} *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = code_low + 3; int *dataType = &length; length = *dataType; memset( pout, *pin++, length ); 1 --------------------------------- 13475 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ) *(pout++) = *(pin++); } offset = code_low + ((unsigned int)(*pin++) << 4) + 3; int *dataType = &offset; if ( pout - offset < outbuf ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = code_type; if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} length = *dataType; memcpy( pout, pout - offset, length ); 1 --------------------------------- 13476 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { structType myStruct; myStruct.structFirst = dnses; NS_ConvertUTF16toUTF8 autoDns = func(myStruct, i); nsTArray func(structType myStruct, uint32_t i) nsTArray& dnses = myStruct.structFirst; return dnses[i]; NS_ConvertUTF16toUTF8 autoDns = func(myStruct, i); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13477 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); structType myStruct; myStruct.structFirst = autoGateway; int type = func(myStruct); int func(structType myStruct) NS_ConvertUTF16toUTF8 autoGateway = myStruct.structFirst; return getIpType(autoGateway.get()); int type = func(myStruct); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13478 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); structType myStruct; myStruct.structFirst = aDoAdd; const char* action = func(myStruct); const char* func(structType myStruct) bool aDoAdd = myStruct.structFirst; return aDoAdd ? "add" : "remove"; const char* action = func(myStruct); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13479 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) structType myStruct; myStruct.structFirst = aOptions; uint32_t length = func(myStruct); uint32_t func(structType myStruct) NetworkParams aOptions = myStruct.structFirst; return aOptions.mDnses.Length(); uint32_t length = func(myStruct); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; PR_snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 0 --------------------------------- 13480 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); structType myStruct; myStruct.structFirst = ip; char* networkAddr = func(myStruct, prefix); char* func(structType myStruct, uint32_t prefix) uint32_t ip = myStruct.structFirst; return getNetworkAddr(ip, prefix); char* networkAddr = func(myStruct, prefix); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 13481 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); structType myStruct; myStruct.structFirst = autoGateway; int type = func(myStruct); int func(structType myStruct) NS_ConvertUTF16toUTF8 autoGateway = myStruct.structFirst; return getIpType(autoGateway.get()); int type = func(myStruct); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13482 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); structType myStruct; myStruct.structFirst = result; uint32_t code = func(myStruct); uint32_t func(structType myStruct) char *result = myStruct.structFirst; return atoi(result); uint32_t code = func(myStruct); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 0 --------------------------------- 13483 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); structType myStruct; myStruct.structFirst = autoGateway; int type = func(myStruct); int func(structType myStruct) NS_ConvertUTF16toUTF8 autoGateway = myStruct.structFirst; return getIpType(autoGateway.get()); int type = func(myStruct); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13484 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { structType myStruct; myStruct.structFirst = aLength; amount = func(myStruct); int32_t func(structType myStruct) int32_t aLength = myStruct.structFirst; return aLength; amount = func(myStruct); if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { CheckedInt32 size = mTextSize; size += aLength; if (!size.isValid()) { return NS_ERROR_OUT_OF_MEMORY; } mTextSize = size.value(); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 0 --------------------------------- 13485 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { structType myStruct; myStruct.structFirst = parts; AnimationPart &part = func(myStruct, i); AnimationPart func(structType &myStruct, uint32_t i) parts = myStruct.structFirst; return parts[i]; AnimationPart &part = func(myStruct, i); entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 0 --------------------------------- 13486 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end());} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { structType myStruct; myStruct.structFirst = k; AnimationFrame &frame = func(part, myStruct); AnimationFrame func(AnimationPart& part, structType myStruct) uint32_t k = myStruct.structFirst; return part.frames[k]; AnimationFrame &frame = func(part, myStruct); ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 0 --------------------------------- 13487 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; structType myStruct; myStruct.structFirst = k; AnimationFrame &frame = func(part, myStruct); AnimationFrame func(AnimationPart& part, structType myStruct) uint32_t k = myStruct.structFirst; return part.frames[k]; AnimationFrame &frame = func(part, myStruct); if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 0 --------------------------------- 13488 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; structType myStruct; myStruct.structFirst = frame; char *src = func(myStruct); char* func(structType &myStruct) AnimationFrame &frame = myStruct.structFirst; return frame.buf; char *src = func(myStruct); char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 0 --------------------------------- 13489 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); structType myStruct; myStruct.structFirst = part; AnimationFrame &frame = func(myStruct); AnimationFrame func(structType &myStruct) AnimationPart &part = myStruct.structFirst; return part.frames.back(); AnimationFrame &frame = func(myStruct); strcpy(frame.path, name.c_str()); 0 --------------------------------- 13490 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr + kLengthFieldLength <= packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); if (nalu_ptr + kLengthFieldLength + length <= packet_buffer + packet.sizeBytes) { required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} nalu_ptr += kLengthFieldLength + length; } else { LOG(LS_ERROR) << "Failed to insert packet due to corrupt H264 STAP-A"; return 0; } } if (required_length > packet.sizeBytes + kBufferSafetyMargin) { LOG(LS_ERROR) << "Failed to insert packet due to too many NALs in a STAP-A"; return 0;} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { structType myStruct; myStruct.structFirst = it; shift_length += func(myStruct); int func(structType &myStruct) PacketIterator it = myStruct.structFirst; return (*it).sizeBytes; shift_length += func(myStruct); if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 0 --------------------------------- 13491 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate)channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate) structType myStruct; myStruct.structType = vc_size; in_fmt->m_vc_size = func(myStruct); guint8 func(structType myStruct) guint8 vc_size = myStruct.structFirst; return vc_size; in_fmt->m_vc_size = func(myStruct); in_fmt->m_sdh_line_rate = rate; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 0 --------------------------------- 13492 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( pin + 2 >= pin_end ) { *err = WTAP_ERR_UNC_TRUNCATED; return ( -1 ); } bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ) if ( pout + 1 > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); *(pout++) = *(pin++); *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); structType myStruct; myStruct.structFirst = code_low; length = func(myStruct); unsigned func(structType myStruct) unsigned int code_low = myStruct.structFirst; return code_low + 3; length = func(myStruct); memset( pout, *pin++, length ); 0 --------------------------------- 13493 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ){ if ( pout + 1 > pout_end ) {*err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); } *(pout++) = *(pin++); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset + length > pout ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} structType myStruct; myStruct.structFirst = code_type; length = func(myStruct); int func(structType myStruct) int code_type = myStruct.structFirst; return code_type; length = func(myStruct); if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 0 --------------------------------- 13494 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length; for (uint32_t i = 0; i < length; i++) { structType myStruct; myStruct.structFirst = dnses; NS_ConvertUTF16toUTF8 autoDns = func(myStruct, i); nsTArray func(structType myStruct, uint32_t i) nsTArray& dnses = myStruct.structFirst; return dnses[i]; NS_ConvertUTF16toUTF8 autoDns = func(myStruct, i); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13495 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); structType myStruct; myStruct.structFirst = autoGateway; int type = func(myStruct); int func(structType myStruct) NS_ConvertUTF16toUTF8 autoGateway = myStruct.structFirst; return getIpType(autoGateway.get()); int type = func(myStruct); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13496 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); structType myStruct; myStruct.structFirst = aDoAdd; const char* action = func(myStruct); const char* func(structType myStruct) bool aDoAdd = myStruct.structFirst; return aDoAdd ? "add" : "remove"; const char* action = func(myStruct); snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13497 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) structType myStruct; myStruct.structFirst = aOptions; uint32_t length = func(myStruct); uint32_t func(structType myStruct) NetworkParams aOptions = myStruct.structFirst; return aOptions.mDnses.Length(); uint32_t length = func(myStruct); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 1 --------------------------------- 13498 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); structType myStruct; myStruct.structFirst = ip; char* networkAddr = func(myStruct, prefix); char* func(structType myStruct, uint32_t prefix) uint32_t ip = myStruct.structFirst; return getNetworkAddr(ip, prefix); char* networkAddr = func(myStruct, prefix); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 1 --------------------------------- 13499 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); structType myStruct; myStruct.structFirst = autoGateway; int type = func(myStruct); int func(structType myStruct) NS_ConvertUTF16toUTF8 autoGateway = myStruct.structFirst; return getIpType(autoGateway.get()); int type = func(myStruct); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13500 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); structType myStruct; myStruct.structFirst = result; uint32_t code = func(myStruct); uint32_t func(structType myStruct) char *result = myStruct.structFirst; return atoi(result); uint32_t code = func(myStruct); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 1 --------------------------------- 13501 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); structType myStruct; myStruct.structFirst = autoGateway; int type = func(myStruct); int func(structType myStruct) NS_ConvertUTF16toUTF8 autoGateway = myStruct.structFirst; return getIpType(autoGateway.get()); int type = func(myStruct); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13502 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { structType myStruct; myStruct.structFirst = aLength; amount = func(myStruct); int32_t func(structType myStruct) int32_t aLength = myStruct.structFirst; return aLength; amount = func(myStruct); if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 1 --------------------------------- 13503 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s",&part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { structType myStruct; myStruct.structFirst = parts; AnimationPart &part = func(myStruct, i); AnimationPart func(structType &myStruct, uint32_t i) parts = myStruct.structFirst; return parts[i]; AnimationPart &part = func(myStruct, i); entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 1 --------------------------------- 13504 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end()); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { structType myStruct; myStruct.structFirst = k; AnimationFrame &frame = func(part, myStruct); AnimationFrame func(AnimationPart& part, structType myStruct) uint32_t k = myStruct.structFirst; return part.frames[k]; AnimationFrame &frame = func(part, myStruct); ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 1 --------------------------------- 13505 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; structType myStruct; myStruct.structFirst = k; AnimationFrame &frame = func(part, myStruct); AnimationFrame func(AnimationPart& part, structType myStruct) uint32_t k = myStruct.structFirst; return part.frames[k]; AnimationFrame &frame = func(part, myStruct); if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 1 --------------------------------- 13506 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part);} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; structType myStruct; myStruct.structFirst = frame; char *src = func(myStruct); char* func(structType &myStruct) AnimationFrame &frame = myStruct.structFirst; return frame.buf; char *src = func(myStruct); char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 1 --------------------------------- 13507 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); structType myStruct; myStruct.structFirst = part; AnimationFrame &frame = func(myStruct); AnimationFrame func(structType &myStruct) AnimationPart &part = myStruct.structFirst; return part.frames.back(); AnimationFrame &frame = func(myStruct); strcpy(frame.path, name.c_str()); 1 --------------------------------- 13508 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr < packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { structType myStruct; myStruct.structFirst = it; shift_length += func(myStruct); int func(structType &myStruct) PacketIterator it = myStruct.structFirst; return (*it).sizeBytes; shift_length += func(myStruct); if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 1 --------------------------------- 13509 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 speed) structType myStruct; myStruct.structType = vc_size; in_fmt->m_vc_size = func(myStruct); guint8 func(structType myStruct) guint8 vc_size = myStruct.structFirst; return vc_size; in_fmt->m_vc_size = func(myStruct); in_fmt->m_sdh_line_rate = speed; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 1 --------------------------------- 13510 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( 0 == bit_mask ) { bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ){ *(pout++) = *(pin++);} *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); structType myStruct; myStruct.structFirst = code_low; length = func(myStruct); unsigned func(structType myStruct) unsigned int code_low = myStruct.structFirst; return code_low + 3; length = func(myStruct); memset( pout, *pin++, length ); 1 --------------------------------- 13511 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ) *(pout++) = *(pin++); } offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset < outbuf ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} structType myStruct; myStruct.structFirst = code_type; length = func(myStruct); int func(structType myStruct) int code_type = myStruct.structFirst; return code_type; length = func(myStruct); if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 1 --------------------------------- 13512 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { unionType myUnion; myUnion.unionFirst = dnses; NS_ConvertUTF16toUTF8 autoDns = func(myUnion, i); nsTArray func(unionType myUnion, uint32_t i) nsTArray& dnses = myUnion.unionSecond; return dnses[i]; NS_ConvertUTF16toUTF8 autoDns = func(myUnion, i); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13513 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); unionType myUnion; myUnion.unionFirst = autoGateway; int type = func(myUnion); int func(unionType myUnion) NS_ConvertUTF16toUTF8 autoGateway = myUnion.unionSecond; return getIpType(autoGateway.get()); int type = func(myUnion); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13514 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); unionType myUnion; myUnion.unionFirst = aDoAdd; const char* action = func(myUnion); const char* func(unionType myUnion) bool aDoAdd = myUnion.unionSecond; return aDoAdd ? "add" : "remove"; const char* action = func(myUnion); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13515 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) unionType myUnion; myUnion.unionFirst = aOptions; uint32_t length = func(myUnion); uint32_t func(unionType myUnion) NetworkParams aOptions = myUnion.unionSecond; return aOptions.mDnses.Length(); uint32_t length = func(myUnion); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; PR_snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 0 --------------------------------- 13516 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); unionType myUnion; myUnion.unionFirst = ip; char* networkAddr = func(myUnion, prefix); char* func(unionType myUnion, uint32_t prefix) uint32_t ip = myUnion.unionSecond; return getNetworkAddr(ip, prefix); char* networkAddr = func(myUnion, prefix); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 13517 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); unionType myUnion; myUnion.unionFirst = autoGateway; int type = func(myUnion); int func(unionType myUnion) NS_ConvertUTF16toUTF8 autoGateway = myUnion.unionSecond; return getIpType(autoGateway.get()); int type = func(myUnion); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13518 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); unionType myUnion; myUnion.unionFirst = result; uint32_t code = func(myUnion); uint32_t func(unionType myUnion) char *result = myUnion.unionSecond; return atoi(result); uint32_t code = func(myUnion); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 0 --------------------------------- 13519 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); unionType myUnion; myUnion.unionFirst = autoGateway; int type = func(myUnion); int func(unionType myUnion) NS_ConvertUTF16toUTF8 autoGateway = myUnion.unionSecond; return getIpType(autoGateway.get()); int type = func(myUnion); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13520 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { unionType myUnion; myUnion.unionFirst = aLength; amount = func(myUnion); int32_t func(unionType myUnion) int32_t aLength = myUnion.unionSecond; return aLength; amount = func(myUnion); if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { CheckedInt32 size = mTextSize; size += aLength; if (!size.isValid()) { return NS_ERROR_OUT_OF_MEMORY; } mTextSize = size.value(); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 0 --------------------------------- 13521 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { unionType myUnion; myUnion.unionFirst = parts; AnimationPart &part = func(myUnion, i); AnimationPart func(unionType &myUnion, uint32_t i) parts = myUnion.unionSecond; return parts[i]; AnimationPart &part = func(myUnion, i); entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 0 --------------------------------- 13522 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end());} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { unionType myUnion; myUnion.unionFirst = k; AnimationFrame &frame = func(part, myUnion); AnimationFrame func(AnimationPart& part, unionType myUnion) uint32_t k = myUnion.unionSecond; return part.frames[k]; AnimationFrame &frame = func(part, myUnion); ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 0 --------------------------------- 13523 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; unionType myUnion; myUnion.unionFirst = k; AnimationFrame &frame = func(part, myUnion); AnimationFrame func(AnimationPart& part, unionType myUnion) uint32_t k = myUnion.unionSecond; return part.frames[k]; AnimationFrame &frame = func(part, myUnion); if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 0 --------------------------------- 13524 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; unionType myUnion; myUnion.unionFirst = frame; char *src = func(myUnion); char* func(unionType &myUnion) AnimationFrame &frame = myUnion.unionSecond; return frame.buf; char *src = func(myUnion); char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 0 --------------------------------- 13525 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); unionType myUnion; myUnion.unionFirst = part; AnimationFrame &frame = func(myUnion); AnimationFrame func(unionType &myUnion) AnimationPart &part = myUnion.unionSecond; return part.frames.back(); AnimationFrame &frame = func(myUnion); strcpy(frame.path, name.c_str()); 0 --------------------------------- 13526 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr + kLengthFieldLength <= packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); if (nalu_ptr + kLengthFieldLength + length <= packet_buffer + packet.sizeBytes) { required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} nalu_ptr += kLengthFieldLength + length; } else { LOG(LS_ERROR) << "Failed to insert packet due to corrupt H264 STAP-A"; return 0; } } if (required_length > packet.sizeBytes + kBufferSafetyMargin) { LOG(LS_ERROR) << "Failed to insert packet due to too many NALs in a STAP-A"; return 0;} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { unionType myUnion; myUnion.unionFirst = it; shift_length += func(myUnion); int func(unionType &myUnion) PacketIterator it = myUnion.unionSecond; return (*it).sizeBytes; shift_length += func(myUnion); if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 0 --------------------------------- 13527 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate)channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate) unionType myUnion; myUnion.unionType = vc_size; in_fmt->m_vc_size = func(myUnion); guint8 func(unionType myUnion) guint8 vc_size = myUnion.unionSecond; return vc_size; in_fmt->m_vc_size = func(myUnion); in_fmt->m_sdh_line_rate = rate; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 0 --------------------------------- 13528 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( pin + 2 >= pin_end ) { *err = WTAP_ERR_UNC_TRUNCATED; return ( -1 ); } bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ) if ( pout + 1 > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); *(pout++) = *(pin++); *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); unionType myUnion; myUnion.unionFirst = code_low; length = func(myUnion); unsigned func(unionType myUnion) unsigned int code_low = myUnion.unionSecond; return code_low + 3; length = func(myUnion); memset( pout, *pin++, length ); 0 --------------------------------- 13529 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ){ if ( pout + 1 > pout_end ) {*err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); } *(pout++) = *(pin++); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset + length > pout ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} unionType myUnion; myUnion.unionFirst = code_type; length = func(myUnion); int func(unionType myUnion) int code_type = myUnion.unionSecond; return code_type; length = func(myUnion); if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 0 --------------------------------- 13530 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length; for (uint32_t i = 0; i < length; i++) { unionType myUnion; myUnion.unionFirst = dnses; NS_ConvertUTF16toUTF8 autoDns = func(myUnion, i); nsTArray func(unionType myUnion, uint32_t i) nsTArray& dnses = myUnion.unionSecond; return dnses[i]; NS_ConvertUTF16toUTF8 autoDns = func(myUnion, i); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13531 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); unionType myUnion; myUnion.unionFirst = autoGateway; int type = func(myUnion); int func(unionType myUnion) NS_ConvertUTF16toUTF8 autoGateway = myUnion.unionSecond; return getIpType(autoGateway.get()); int type = func(myUnion); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13532 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); unionType myUnion; myUnion.unionFirst = aDoAdd; const char* action = func(myUnion); const char* func(unionType myUnion) bool aDoAdd = myUnion.unionSecond; return aDoAdd ? "add" : "remove"; const char* action = func(myUnion); snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13533 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) unionType myUnion; myUnion.unionFirst = aOptions; uint32_t length = func(myUnion); uint32_t func(unionType myUnion) NetworkParams aOptions = myUnion.unionSecond; return aOptions.mDnses.Length(); uint32_t length = func(myUnion); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 1 --------------------------------- 13534 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); unionType myUnion; myUnion.unionFirst = ip; char* networkAddr = func(myUnion, prefix); char* func(unionType myUnion, uint32_t prefix) uint32_t ip = myUnion.unionSecond; return getNetworkAddr(ip, prefix); char* networkAddr = func(myUnion, prefix); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 1 --------------------------------- 13535 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); unionType myUnion; myUnion.unionFirst = autoGateway; int type = func(myUnion); int func(unionType myUnion) NS_ConvertUTF16toUTF8 autoGateway = myUnion.unionSecond; return getIpType(autoGateway.get()); int type = func(myUnion); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13536 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); unionType myUnion; myUnion.unionFirst = result; uint32_t code = func(myUnion); uint32_t func(unionType myUnion) char *result = myUnion.unionSecond; return atoi(result); uint32_t code = func(myUnion); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 1 --------------------------------- 13537 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); unionType myUnion; myUnion.unionFirst = autoGateway; int type = func(myUnion); int func(unionType myUnion) NS_ConvertUTF16toUTF8 autoGateway = myUnion.unionSecond; return getIpType(autoGateway.get()); int type = func(myUnion); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13538 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { unionType myUnion; myUnion.unionFirst = aLength; amount = func(myUnion); int32_t func(unionType myUnion) int32_t aLength = myUnion.unionSecond; return aLength; amount = func(myUnion); if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 1 --------------------------------- 13539 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s",&part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { unionType myUnion; myUnion.unionFirst = parts; AnimationPart &part = func(myUnion, i); AnimationPart func(unionType &myUnion, uint32_t i) parts = myUnion.unionSecond; return parts[i]; AnimationPart &part = func(myUnion, i); entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 1 --------------------------------- 13540 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end()); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { unionType myUnion; myUnion.unionFirst = k; AnimationFrame &frame = func(part, myUnion); AnimationFrame func(AnimationPart& part, unionType myUnion) uint32_t k = myUnion.unionSecond; return part.frames[k]; AnimationFrame &frame = func(part, myUnion); ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 1 --------------------------------- 13541 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; unionType myUnion; myUnion.unionFirst = k; AnimationFrame &frame = func(part, myUnion); AnimationFrame func(AnimationPart& part, unionType myUnion) uint32_t k = myUnion.unionSecond; return part.frames[k]; AnimationFrame &frame = func(part, myUnion); if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 1 --------------------------------- 13542 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part);} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; unionType myUnion; myUnion.unionFirst = frame; char *src = func(myUnion); char* func(unionType &myUnion) AnimationFrame &frame = myUnion.unionSecond; return frame.buf; char *src = func(myUnion); char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 1 --------------------------------- 13543 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); unionType myUnion; myUnion.unionFirst = part; AnimationFrame &frame = func(myUnion); AnimationFrame func(unionType &myUnion) AnimationPart &part = myUnion.unionSecond; return part.frames.back(); AnimationFrame &frame = func(myUnion); strcpy(frame.path, name.c_str()); 1 --------------------------------- 13544 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr < packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { unionType myUnion; myUnion.unionFirst = it; shift_length += func(myUnion); int func(unionType &myUnion) PacketIterator it = myUnion.unionSecond; return (*it).sizeBytes; shift_length += func(myUnion); if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 1 --------------------------------- 13545 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 speed) unionType myUnion; myUnion.unionType = vc_size; in_fmt->m_vc_size = func(myUnion); guint8 func(unionType myUnion) guint8 vc_size = myUnion.unionSecond; return vc_size; in_fmt->m_vc_size = func(myUnion); in_fmt->m_sdh_line_rate = speed; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 1 --------------------------------- 13546 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( 0 == bit_mask ) { bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ){ *(pout++) = *(pin++);} *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); unionType myUnion; myUnion.unionFirst = code_low; length = func(myUnion); unsigned func(unionType myUnion) unsigned int code_low = myUnion.unionSecond; return code_low + 3; length = func(myUnion); memset( pout, *pin++, length ); 1 --------------------------------- 13547 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ) *(pout++) = *(pin++); } offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset < outbuf ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} unionType myUnion; myUnion.unionFirst = code_type; length = func(myUnion); int func(unionType myUnion) int code_type = myUnion.unionSecond; return code_type; length = func(myUnion); if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 1 --------------------------------- 13548 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) int written; char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); uint32_t length = dnses.Length(); nsTArray& dnses = GET_FIELD(mDnses); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13549 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); char command[MAX_COMMAND_SIZE]; int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13550 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} nsTArray& gateways = GET_FIELD(mGateways); char command[MAX_COMMAND_SIZE]; NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13551 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NetdCommand* netdCommand = new NetdCommand(); NU_DBG("Preparing to send \'%s\' command...", aCommand); if (SDK_VERSION >= 16) { PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); 0 --------------------------------- 13552 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; char command[MAX_COMMAND_SIZE]; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = aDoAdd ? "add" : "remove"; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13553 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = aOptions.mDnses.Length(); if (length > 0) { for (uint32_t i = 0; i < length; i++) { char dns_prop_key[PROPERTY_VALUE_MAX]; NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); PR_snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 0 --------------------------------- 13554 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) uint32_t ip = inet_addr(GET_CHAR(mIp)); uint32_t prefix = atoi(GET_CHAR(mPrefix)); char* networkAddr = getNetworkAddr(ip, prefix); char command[MAX_COMMAND_SIZE]; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 13555 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString key(GET_CHAR(mKey)); nsCString ssid(GET_CHAR(mSsid)); escapeQuote(key); escapeQuote(ssid); if (SDK_VERSION >= 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13556 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) nsTArray& gateways = GET_FIELD(mGateways); char command[MAX_COMMAND_SIZE]; NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13557 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 16) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13558 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString key(GET_CHAR(mKey)); nsCString ssid(GET_CHAR(mSsid)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13559 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) nsTArray& gateways = GET_FIELD(mGateways); char command[MAX_COMMAND_SIZE]; NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13560 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) nsCString key(GET_CHAR(mKey)); nsCString ssid(GET_CHAR(mSsid)); char command[MAX_COMMAND_SIZE]; escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13561 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) const char *line = descCopy.c_str(); int32_t width, height, fps; const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { entry = nullptr; AnimationPart &part = parts[i]; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 0 --------------------------------- 13562 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { AnimationPart part; end = strstr(line, "\n"); if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end());} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = part.frames[k]; ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 0 --------------------------------- 13563 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 0 --------------------------------- 13564 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int starty = (buf->height - frame.height) / 2; int startx = (buf->width - frame.width) / 2; int dst_stride = buf->stride * frame.bytepp; int src_stride = frame.width * frame.bytepp; char *src = frame.buf; char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 0 --------------------------------- 13565 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Format_String_Attack 523 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); AnimationPart part; end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { 0 --------------------------------- 13566 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); AnimationPart part; const char *line = descCopy.c_str(); end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); 0 --------------------------------- 13567 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr + kLengthFieldLength <= packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); if (nalu_ptr + kLengthFieldLength + length <= packet_buffer + packet.sizeBytes) { required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} nalu_ptr += kLengthFieldLength + length; } else { LOG(LS_ERROR) << "Failed to insert packet due to corrupt H264 STAP-A"; return 0; } } if (required_length > packet.sizeBytes + kBufferSafetyMargin) { LOG(LS_ERROR) << "Failed to insert packet due to too many NALs in a STAP-A"; return 0;} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; int shift_length = 0; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); for (; it != packets_.end(); ++it) { shift_length += (*it).sizeBytes; if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 0 --------------------------------- 13568 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate)channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate) in_fmt->m_sdh_line_rate = rate; in_fmt->m_vc_size = vc_size; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 0 --------------------------------- 13569 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; unsigned char * pin = inbuf; if ( pin + 2 >= pin_end ) { *err = WTAP_ERR_UNC_TRUNCATED; return ( -1 ); } bit_value = pletoh16(pin); bit_mask = 0x8000; pin += 2; if ( !(bit_mask & bit_value) ) if ( pout + 1 > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); *(pout++) = *(pin++); *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = code_low + 3; memset( pout, *pin++, length ); 0 --------------------------------- 13570 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) int written; char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { written = snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); uint32_t length = dnses.Length(); nsTArray& dnses = GET_FIELD(mDnses); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13571 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); char command[MAX_COMMAND_SIZE]; int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13572 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} nsTArray& gateways = GET_FIELD(mGateways); char command[MAX_COMMAND_SIZE]; NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13573 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NetdCommand* netdCommand = new NetdCommand(); NU_DBG("Preparing to send \'%s\' command...", aCommand); if (SDK_VERSION >= 16) { snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); 1 --------------------------------- 13574 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) nsCString gatewayOrEmpty; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); char command[MAX_COMMAND_SIZE]; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = aDoAdd ? "add" : "remove"; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13575 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = aOptions.mDnses.Length(); if (length > 0) { for (uint32_t i = 0; i < length; i++) { char dns_prop_key[PROPERTY_VALUE_MAX]; NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 1 --------------------------------- 13576 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) uint32_t ip = inet_addr(GET_CHAR(mIp)); uint32_t prefix = atoi(GET_CHAR(mPrefix)); char* networkAddr = getNetworkAddr(ip, prefix); char command[MAX_COMMAND_SIZE]; snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 1 --------------------------------- 13577 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString key(GET_CHAR(mKey)); nsCString ssid(GET_CHAR(mSsid)); escapeQuote(key); escapeQuote(ssid); if (SDK_VERSION >= 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13578 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) nsTArray& gateways = GET_FIELD(mGateways); char command[MAX_COMMAND_SIZE]; NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13579 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) nsCString key(GET_CHAR(mKey)); nsCString ssid(GET_CHAR(mSsid)); char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 16) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13580 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) nsCString key(GET_CHAR(mKey)); nsCString ssid(GET_CHAR(mSsid)); char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16 && SDK_VERSION < 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13581 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) nsTArray& gateways = GET_FIELD(mGateways); char command[MAX_COMMAND_SIZE]; NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13582 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) nsCString key(GET_CHAR(mKey)); nsCString ssid(GET_CHAR(mSsid)); char command[MAX_COMMAND_SIZE]; escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 13583 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) const char *line = descCopy.c_str(); int32_t width, height, fps; const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s",&part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { char search[256]; entry = nullptr; AnimationPart &part = parts[i]; snprintf(search, sizeof(search), "%s/", part.path); 1 --------------------------------- 13584 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { AnimationPart part; end = strstr(line, "\n"); if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end()); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = part.frames[k]; ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 1 --------------------------------- 13585 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 1 --------------------------------- 13586 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int starty = (buf->height - frame.height) / 2; int startx = (buf->width - frame.width) / 2; int dst_stride = buf->stride * frame.bytepp; int src_stride = frame.width * frame.bytepp; char *src = frame.buf; char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 1 --------------------------------- 13587 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Format_String_Attack 523 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); AnimationPart part; end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { 1 --------------------------------- 13588 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); AnimationPart part; const char *line = descCopy.c_str(); end = strstr(line, "\n"); sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); 1 --------------------------------- 13589 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr < packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; int shift_length = 0; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); for (; it != packets_.end(); ++it) { shift_length += (*it).sizeBytes; if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift; memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 1 --------------------------------- 13590 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 speed) in_fmt->m_sdh_line_rate = speed; in_fmt->m_vc_size = vc_size; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 1 --------------------------------- 13591 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; unsigned char * pin = inbuf; if ( 0 == bit_mask ) { bit_value = pletoh16(pin); bit_mask = 0x8000; pin += 2; if ( !(bit_mask & bit_value) ){ *(pout++) = *(pin++);} *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); length = code_low + 3; *(pout++) = *(pin++); memset( pout, *pin++, length ); 1 --------------------------------- 13592 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); pl = p; buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); 1 --------------------------------- 13593 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { *buffer = OPENSSL_malloc(*maxlen); if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 13594 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { *buffer = OPENSSL_malloc(*maxlen); if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 13595 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) if (length < strsize) memcpy(string, *buffer, length); 1 --------------------------------- 13596 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) int input_code_size) int set_code_size; set_code_size = input_code_size; clear_code = 1 << set_code_size; for (i = 0; i < clear_code; i ++){ table[0][i] = 0; table[1][i] = i; 1 --------------------------------- 13597 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; dmalen = s->ti_size; memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 13598 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr,uint64_t val, unsigned int size) SysBusESPState *sysbus = opaque; uint32_t saddr; saddr = addr >> sysbus->it_shift; esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; dmalen = s->ti_size; memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 13599 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; int write_count; uint64_t write_count; write_count = xattr_len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 1 --------------------------------- 13600 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = vmsvga_fifo_read(s); if (cursor.width > 256 || cursor.height > 256 || cursor.bpp > 32 || SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 1 --------------------------------- 13601 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 13602 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 13603 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; int read_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; read_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 13604 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, int write_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 13605 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; int write_count; int64_t xattr_len; size_t offset = 7; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 13606 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; buffer = OPENSSL_malloc(write_length); bp = buffer; *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); 0 --------------------------------- 13607 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { *buffer = OPENSSL_malloc(*maxlen); if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 13608 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { *buffer = OPENSSL_malloc(*maxlen); if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 13609 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) if (length < 0) memcpy(string, *buffer, length); 0 --------------------------------- 13610 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) int input_code_size) int set_code_size; set_code_size = input_code_size; clear_code = 1 << set_code_size; for (i = 0; i < clear_code; i ++) table[1][i] = i; 0 --------------------------------- 13611 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf, sizeof(buf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; if (dmalen > buflen) { return 0; dmalen = s->ti_size; memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 13612 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr, esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; if (dmalen > buflen) { return 0; dmalen = s->ti_size; memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 13613 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; uint64_t write_count; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 0 --------------------------------- 13614 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = vmsvga_fifo_read(s); if (cursor.width > || cursor.height > || cursor.bpp > || SVGA_BITMAP_SIZE(x, y) > sizeof(cursor.mask) / sizeof(cursor.mask[0]) || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof(cursor.image) / sizeof(cursor.image[0])) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 0 --------------------------------- 13615 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 13616 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 13617 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; uint64_t read_count; if (fidp->fs.xattr.len < off) { read_count = 0; } else { read_count = fidp->fs.xattr.len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 13618 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, uint64_t write_count; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; } err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 13619 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; uint64_t write_count; size_t offset = 7; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 13620 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; p = func(p); static char * func(const char * p) p = strings = av_mallocz(strings_size + 1); return p; p = func(p); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 1 --------------------------------- 13621 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; p = func(p); static char * func(const char * p) p = strings = av_mallocz((size_t)strings_size + 1); return p; p = func(p); if (!p) return AVERROR(ENOMEM); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if (!nsv->nsvs_file_offset) return AVERROR(ENOMEM); if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); if (!nsv->nsvs_timestamps) return AVERROR(ENOMEM); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 0 --------------------------------- 13622 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; p = func(&p); static char * func(char * * ptr) char * p = *ptr; p = strings = av_mallocz(strings_size + 1); return p; p = func(&p); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 1 --------------------------------- 13623 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; p = func(&p); static char * func(char * * ptr) char * p = *ptr; p = strings = av_mallocz((size_t)strings_size + 1); return p; p = func(&p); if (!p) return AVERROR(ENOMEM); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if (!nsv->nsvs_file_offset) return AVERROR(ENOMEM); if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); if (!nsv->nsvs_timestamps) return AVERROR(ENOMEM); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 0 --------------------------------- 13624 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; void (*funcPtr) (char *) = badSource; funcPtr(p) void badSource(char * p) p = strings = av_mallocz(strings_size + 1); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 1 --------------------------------- 13625 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; void (*funcPtr) (char *) = badSource; funcPtr(p) void badSource(char * p) p = strings = av_mallocz((size_t)strings_size + 1); if (!p) return AVERROR(ENOMEM); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if (!nsv->nsvs_file_offset) return AVERROR(ENOMEM); if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); if (!nsv->nsvs_timestamps) return AVERROR(ENOMEM); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 0 --------------------------------- 13626 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; p = strings = av_mallocz(strings_size + 1); char * dataCopy = p; char * p = dataCopy; endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 1 --------------------------------- 13627 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; p = strings = av_mallocz((size_t)strings_size + 1); char * dataCopy = p; char * p = dataCopy; if (!p) return AVERROR(ENOMEM); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if (!nsv->nsvs_file_offset) return AVERROR(ENOMEM); if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); if (!nsv->nsvs_timestamps) return AVERROR(ENOMEM); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 0 --------------------------------- 13628 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; len = strings_size + 1; p = strings = av_mallocz(len); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 1 --------------------------------- 13629 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; len = strings_size + 1; p = strings = av_mallocz((size_t)len); if (!p) return AVERROR(ENOMEM); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if (!nsv->nsvs_file_offset) return AVERROR(ENOMEM); if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); if (!nsv->nsvs_timestamps) return AVERROR(ENOMEM); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 0 --------------------------------- 13630 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 file_size = (uint32_t)avio_rl32(pb); size = avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; p = strings = av_mallocz(strings_size + 1); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 1 --------------------------------- 13631 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 file_size = (uint32_t)avio_rl32(pb); size = avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; p = strings = av_mallocz((size_t)strings_size + 1); if (!p) return AVERROR(ENOMEM); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if (!nsv->nsvs_file_offset) return AVERROR(ENOMEM); if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); if (!nsv->nsvs_timestamps) return AVERROR(ENOMEM); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 0 --------------------------------- 13632 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; char * dataArray[5]; dataArray[2] = p; p = badSource(dataArray); void badSource(dataArray) char * p = dataArray[2]; p = strings = av_mallocz(strings_size + 1); return p endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 1 --------------------------------- 13633 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; char * dataArray[5]; dataArray[2] = p; p = badSource(dataArray); void badSource(dataArray) char * p = dataArray[2]; p = strings = av_mallocz((size_t)strings_size + 1); return p if (!p) return AVERROR(ENOMEM); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if (!nsv->nsvs_file_offset) return AVERROR(ENOMEM); if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); if (!nsv->nsvs_timestamps) return AVERROR(ENOMEM); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 0 --------------------------------- 13634 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; unionType myUnion; p = strings = av_mallocz(strings_size + 1); myUnion.unionFirst = p; char * p = myUnion.unionSecond; endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 1 --------------------------------- 13635 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; unionType myUnion; p = strings = av_mallocz((size_t)strings_size + 1); myUnion.unionFirst = p; char * p = myUnion.unionSecond; if (!p) return AVERROR(ENOMEM); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if (!nsv->nsvs_file_offset) return AVERROR(ENOMEM); if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); if (!nsv->nsvs_timestamps) return AVERROR(ENOMEM); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 0 --------------------------------- 13636 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; structType myStruct; myStruct.structFirst = p; p = badSource(myStruct); void badSource(structType myStruct) char * p =myStruct.structFirst; p = strings = av_mallocz(strings_size + 1); return p endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 1 --------------------------------- 13637 CVE-2011-3940/Ffmpeg_0.7.11_CVE_2011_3940_libavformat_nsvdec.c String_Termination_Error 326 size = avio_rl32(pb); file_size = (uint32_t)avio_rl32(pb); nsv->duration = duration = avio_rl32(pb); strings_size = avio_rl32(pb); char *strings; char *p, *endp; structType myStruct; myStruct.structFirst = p; p = badSource(myStruct); void badSource(structType myStruct) char * p =myStruct.structFirst; p = strings = av_mallocz((size_t)strings_size + 1); return p if (!p) return AVERROR(ENOMEM); endp = strings + strings_size; avio_read(pb, strings, strings_size); while (p < endp) p = strchr(p, '='); p = strchr(p, quote); *p++ = '\0'; av_dict_set(&s->metadata, token, value, 0); av_dlog(s, "NSV %d INDEX ENTRIES:\n", table_entries); for(i=0;insvs_file_offset[i] = avio_rl32(pb) + size; if (!nsv->nsvs_file_offset) return AVERROR(ENOMEM); if(table_entries > table_entries_used && avio_rl32(pb) == MKTAG('T','O','C','2')) nsv->nsvs_timestamps = av_malloc((unsigned)table_entries_used*sizeof(uint32_t)); if (!nsv->nsvs_timestamps) return AVERROR(ENOMEM); for(i=0;insvs_timestamps[i] = avio_rl32(pb); 0 --------------------------------- 13638 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size >= 0) pb = p; meth = *pb++; if (meth & 0x80) lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = func(sep); static char * func(const char * pb) pb = s->unpack_buffer; return pb; pb = func(pb); switch (meth) case 1: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width) return; memcpy(&dp[ofs], pb, len); pb += len; if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) memcpy(dp, pb, frame_width); pb += frame_width; case 3: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); else memcpy(&dp[ofs], pb, len); pb += len; ofs += len; else if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 1 --------------------------------- 13639 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size > 0) pb = p; pb_size = s->buf + s->size - pb; if (pb_size < 1) return; meth = *pb++; pb_size--; if (meth & 0x80) lz_unpack(pb, pb_size, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = func(sep); static char * func(const char * pb) pb = s->unpack_buffer; return pb; pb = func(pb); pb_size = s->unpack_buffer_size; switch (meth) case 1: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width || pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= len; if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) if (pb_size < frame_width) return; memcpy(dp, pb, frame_width); pb += frame_width; pb_size -= frame_width; case 3: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; pb_size--; if (len & 0x80) len = (len & 0x7F) + 1; if (pb_size < 1) return; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, pb_size, frame_width - ofs); else if (pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= 1 + len; ofs += len; else if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 0 --------------------------------- 13640 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size >= 0) pb = p; meth = *pb++; if (meth & 0x80) lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = func(&pb); static char * func(char * * ptr) char * pb = *ptr; pb = s->unpack_buffer; return pb; pb = func(&pb); switch (meth) case 1: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width) return; memcpy(&dp[ofs], pb, len); pb += len; if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) memcpy(dp, pb, frame_width); pb += frame_width; case 3: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); else memcpy(&dp[ofs], pb, len); pb += len; ofs += len; else if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 1 --------------------------------- 13641 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size > 0) pb = p; pb_size = s->buf + s->size - pb; if (pb_size < 1) return; meth = *pb++; pb_size--; if (meth & 0x80) lz_unpack(pb, pb_size, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = func(&pb); static char * func(char * * ptr) char * pb = *ptr; pb = s->unpack_buffer; return pb; pb = func(&pb); pb_size = s->unpack_buffer_size; switch (meth) case 1: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width || pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= len; if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) if (pb_size < frame_width) return; memcpy(dp, pb, frame_width); pb += frame_width; pb_size -= frame_width; case 3: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; pb_size--; if (len & 0x80) len = (len & 0x7F) + 1; if (pb_size < 1) return; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, pb_size, frame_width - ofs); else if (pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= 1 + len; ofs += len; else if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 0 --------------------------------- 13642 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size >= 0) pb = p; meth = *pb++; if (meth & 0x80) lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; void (*funcPtr) (char *) = badSource; funcPtr(pb) void badSource(char * pb) pb = s->unpack_buffer; switch (meth) case 1: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width) return; memcpy(&dp[ofs], pb, len); pb += len; if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) memcpy(dp, pb, frame_width); pb += frame_width; case 3: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); else memcpy(&dp[ofs], pb, len); pb += len; ofs += len; else if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 1 --------------------------------- 13643 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size > 0) pb = p; pb_size = s->buf + s->size - pb; if (pb_size < 1) return; meth = *pb++; pb_size--; if (meth & 0x80) lz_unpack(pb, pb_size, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; void (*funcPtr) (char *) = badSource; funcPtr(pb) void badSource(char * pb) pb = s->unpack_buffer; pb_size = s->unpack_buffer_size; switch (meth) case 1: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width || pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= len; if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) if (pb_size < frame_width) return; memcpy(dp, pb, frame_width); pb += frame_width; pb_size -= frame_width; case 3: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; pb_size--; if (len & 0x80) len = (len & 0x7F) + 1; if (pb_size < 1) return; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, pb_size, frame_width - ofs); else if (pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= 1 + len; ofs += len; else if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 0 --------------------------------- 13644 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size >= 0) pb = p; meth = *pb++; if (meth & 0x80) lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; char * dataCopy = pb; char * pb = dataCopy; switch (meth) case 1: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width) return; memcpy(&dp[ofs], pb, len); pb += len; if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) memcpy(dp, pb, frame_width); pb += frame_width; case 3: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); else memcpy(&dp[ofs], pb, len); pb += len; ofs += len; else if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 1 --------------------------------- 13645 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size > 0) pb = p; pb_size = s->buf + s->size - pb; if (pb_size < 1) return; meth = *pb++; pb_size--; if (meth & 0x80) lz_unpack(pb, pb_size, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; char * dataCopy = pb; char * pb = dataCopy; pb_size = s->unpack_buffer_size; switch (meth) case 1: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width || pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= len; if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) if (pb_size < frame_width) return; memcpy(dp, pb, frame_width); pb += frame_width; pb_size -= frame_width; case 3: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; pb_size--; if (len & 0x80) len = (len & 0x7F) + 1; if (pb_size < 1) return; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, pb_size, frame_width - ofs); else if (pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= 1 + len; ofs += len; else if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 0 --------------------------------- 13646 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size >= 0) pb = p; meth = *pb++; if (meth & 0x80) lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; switch (meth) case 1: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; component_len = ofs + len; if (component_len> frame_width) return; memcpy(&dp[ofs], pb, len); pb += len; if (component_len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) memcpy(dp, pb, frame_width); pb += frame_width; case 3: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); else memcpy(&dp[ofs], pb, len); pb += len; ofs += len; else if (component_len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 1 --------------------------------- 13647 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size > 0) pb = p; pb_size = s->buf + s->size - pb; if (pb_size < 1) return; meth = *pb++; pb_size--; if (meth & 0x80) lz_unpack(pb, pb_size, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; pb_size = s->unpack_buffer_size; switch (meth) case 1: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; component_len = ofs + len; if (component_len > frame_width || pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= len; if (component_len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) if (pb_size < frame_width) return; memcpy(dp, pb, frame_width); pb += frame_width; pb_size -= frame_width; case 3: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; pb_size--; if (len & 0x80) len = (len & 0x7F) + 1; if (pb_size < 1) return; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, pb_size, frame_width - ofs); else if (pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= 1 + len; ofs += len; else if (component_len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 0 --------------------------------- 13648 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size >= 0) pb = p; meth = *pb++; if (meth & 0x80) lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; switch (meth) case 2: for (i = 0; i < frame_height; i++) memcpy(dp, pb, frame_width); pb += frame_width; case 1: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width) return; memcpy(&dp[ofs], pb, len); pb += len; if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 3: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); else memcpy(&dp[ofs], pb, len); pb += len; ofs += len; else if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 1 --------------------------------- 13649 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size > 0) pb = p; pb_size = s->buf + s->size - pb; if (pb_size < 1) return; meth = *pb++; pb_size--; if (meth & 0x80) lz_unpack(pb, pb_size, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; pb_size = s->unpack_buffer_size; switch (meth) case 2: for (i = 0; i < frame_height; i++) if (pb_size < frame_width) return; memcpy(dp, pb, frame_width); pb += frame_width; pb_size -= frame_width; case 1: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width || pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= len; if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 3: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; pb_size--; if (len & 0x80) len = (len & 0x7F) + 1; if (pb_size < 1) return; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, pb_size, frame_width - ofs); else if (pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= 1 + len; ofs += len; else if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 0 --------------------------------- 13650 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size >= 0) pb = p; meth = *pb++; if (meth & 0x80) lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; char * dataArray[5]; dataArray[2] = pb; pb = badSource(dataArray); void badSource(char * dataArray[]) char * pb = dataArray[2]; pb = s->unpack_buffer; return pb switch (meth) case 1: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width) return; memcpy(&dp[ofs], pb, len); pb += len; if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) memcpy(dp, pb, frame_width); pb += frame_width; case 3: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); else memcpy(&dp[ofs], pb, len); pb += len; ofs += len; else if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 1 --------------------------------- 13651 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size > 0) pb = p; pb_size = s->buf + s->size - pb; if (pb_size < 1) return; meth = *pb++; pb_size--; if (meth & 0x80) lz_unpack(pb, pb_size, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; char * dataArray[5]; dataArray[2] = pb; pb = badSource(dataArray); void badSource(char * dataArray[]) char * pb = dataArray[2]; pb = s->unpack_buffer; return pb pb_size = s->unpack_buffer_size; switch (meth) case 1: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width || pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= len; if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) if (pb_size < frame_width) return; memcpy(dp, pb, frame_width); pb += frame_width; pb_size -= frame_width; case 3: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; pb_size--; if (len & 0x80) len = (len & 0x7F) + 1; if (pb_size < 1) return; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, pb_size, frame_width - ofs); else if (pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= 1 + len; ofs += len; else if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 0 --------------------------------- 13652 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size >= 0) pb = p; meth = *pb++; if (meth & 0x80) lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; unionType myUnion; myUnion.unionFirst = pb; char * pb = myUnion.unionSecond; switch (meth) case 1: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width) return; memcpy(&dp[ofs], pb, len); pb += len; if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) memcpy(dp, pb, frame_width); pb += frame_width; case 3: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); else memcpy(&dp[ofs], pb, len); pb += len; ofs += len; else if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 1 --------------------------------- 13653 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size > 0) pb = p; pb_size = s->buf + s->size - pb; if (pb_size < 1) return; meth = *pb++; pb_size--; if (meth & 0x80) lz_unpack(pb, pb_size, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; pb = s->unpack_buffer; unionType myUnion; myUnion.unionFirst = pb; char * pb = myUnion.unionSecond; pb_size = s->unpack_buffer_size; switch (meth) case 1: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width || pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= len; if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) if (pb_size < frame_width) return; memcpy(dp, pb, frame_width); pb += frame_width; pb_size -= frame_width; case 3: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; pb_size--; if (len & 0x80) len = (len & 0x7F) + 1; if (pb_size < 1) return; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, pb_size, frame_width - ofs); else if (pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= 1 + len; ofs += len; else if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 0 --------------------------------- 13654 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size >= 0) pb = p; meth = *pb++; if (meth & 0x80) lz_unpack(pb, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; structType myStruct; myStruct.structFirst = pb; pb = badSource(myStruct); void badSource(structType myStruct) char * pb = myStruct.structFirst; pb = s->unpack_buffer; return pb switch (meth) case 1: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width) return; memcpy(&dp[ofs], pb, len); pb += len; if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) memcpy(dp, pb, frame_width); pb += frame_width; case 3: for (i = 0; i < frame_height; i++) do len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); else memcpy(&dp[ofs], pb, len); pb += len; ofs += len; else if (ofs + len + 1 > frame_width) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 1 --------------------------------- 13655 CVE-2011-4364/Ffmpeg_0.5.4_CVE_2011_4364_libavcodec_vmdav.c Buffer_Overflow_boundedcpy 167 const unsigned char *p = s->buf + 16; const unsigned char *pb; if (frame_x || frame_y || (frame_width != s->avctx->width) || (frame_height != s->avctx->height)) memcpy(s->frame.data[0], s->prev_frame.data[0],s->avctx->height * s->frame.linesize[0]); if (s->size > 0) pb = p; pb_size = s->buf + s->size - pb; if (pb_size < 1) return; meth = *pb++; pb_size--; if (meth & 0x80) lz_unpack(pb, pb_size, s->unpack_buffer, s->unpack_buffer_size); meth &= 0x7F; structType myStruct; myStruct.structFirst = pb; pb = badSource(myStruct); void badSource(structType myStruct) char * pb = myStruct.structFirst; pb = s->unpack_buffer; return pb pb_size = s->unpack_buffer_size; switch (meth) case 1: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; if (len & 0x80) len = (len & 0x7F) + 1; if (ofs + len > frame_width || pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= len; if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); case 2: for (i = 0; i < frame_height; i++) if (pb_size < frame_width) return; memcpy(dp, pb, frame_width); pb += frame_width; pb_size -= frame_width; case 3: for (i = 0; i < frame_height; i++) do if (pb_size < 1) return; len = *pb++; pb_size--; if (len & 0x80) len = (len & 0x7F) + 1; if (pb_size < 1) return; if (*pb++ == 0xFF) len = rle_unpack(pb, &dp[ofs], len, pb_size, frame_width - ofs); else if (pb_size < len) return; memcpy(&dp[ofs], pb, len); pb += len; pb_size -= 1 + len; ofs += len; else if (ofs + len + 1 > frame_width || !s->prev_frame.data[0]) return; memcpy(&dp[ofs], &pp[ofs], len + 1); 0 --------------------------------- 13656 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); samples = func(samples); static char * func(const char * samples) samples = s->frame.data[0]; return samples; samples = func(samples); samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4; break; case 1: smp = 2; break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 1 --------------------------------- 13657 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); samples = func(samples); static char * func(const char * samples) samples = s->frame.data[0]; return samples; samples = func(samples); samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4*(count+1); break; case 1: smp = 2*(count+1); break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 0 --------------------------------- 13658 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); samples = func(&samples); static char * func(char * * ptr) char * samples = *ptr; samples = s->frame.data[0]; return samples; samples = func(&samples); samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4; break; case 1: smp = 2; break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 1 --------------------------------- 13659 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); samples = func(&samples); static char * func(char * * ptr) char * samples = *ptr; samples = s->frame.data[0]; return samples; samples = func(&samples); samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4*(count+1); break; case 1: smp = 2*(count+1); break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 0 --------------------------------- 13660 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); void (*funcPtr) (char *) = badSource; funcPtr(samples) void badSource(char * samples) samples = s->frame.data[0]; samples = func(&samples); samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4; break; case 1: smp = 2; break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 1 --------------------------------- 13661 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); void (*funcPtr) (char *) = badSource; funcPtr(samples) void badSource(char * samples) samples = s->frame.data[0]; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4*(count+1); break; case 1: smp = 2*(count+1); break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 0 --------------------------------- 13662 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); void (*funcPtr) (char *) = badSource; funcPtr(samples) void badSource(char * samples) samples = s->frame.data[0]; char * dataCopy = samples; char * samples = dataCopy; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4; break; case 1: smp = 2; break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 1 --------------------------------- 13663 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); samples = s->frame.data[0]; char * dataCopy = samples; char * samples = dataCopy; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4*(count+1); break; case 1: smp = 2*(count+1); break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 0 --------------------------------- 13664 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); samples = s->frame.data[0]; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; switch (code) case 0: smp = 4; break; case 1: smp = 2; break; case 2: smp = (*buf & 0x3F & 0x20) ? 1 : *buf & 0x3F + 1; break; default: smp = *buf & 0x3F + 1; break; default: memset(samples, sample, smp); 1 --------------------------------- 13665 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); samples = s->frame.data[0]; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; switch (code) case 0: smp = 4*(*buf & 0x3F+1); break; case 1: smp = 2*(*buf & 0x3F+1); break; case 2: smp = (*buf & 0x3F & 0x20) ? 1 : *buf & 0x3F + 1; break; default: smp = *buf & 0x3F + 1; break; default: memset(samples, sample, smp); 0 --------------------------------- 13666 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; samples = s->frame.data[0]; samples_end = samples + out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4; break; case 1: smp = 2; break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 1 --------------------------------- 13667 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; samples = s->frame.data[0]; samples_end = samples + out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4*(count+1); break; case 1: smp = 2*(count+1); break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 0 --------------------------------- 13668 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); char * dataArray[5]; dataArray[2] = samples; samples = badSource(dataArray); void badSource(char * dataArray[]) char * samples = dataArray[2]; samples = s->frame.data[0]; return samples; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4; break; case 1: smp = 2; break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 1 --------------------------------- 13669 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); char * dataArray[5]; dataArray[2] = samples; samples = badSource(dataArray); void badSource(char * dataArray[]) char * samples = dataArray[2]; samples = s->frame.data[0]; return samples; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4*(count+1); break; case 1: smp = 2*(count+1); break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 0 --------------------------------- 13670 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); unionType myUnion; myUnion.unionFirst = samples; char * samples = myUnion.unionSecond; samples = s->frame.data[0]; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4; break; case 1: smp = 2; break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 1 --------------------------------- 13671 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); unionType myUnion; myUnion.unionFirst = samples; char * samples = myUnion.unionSecond; samples = s->frame.data[0]; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4*(count+1); break; case 1: smp = 2*(count+1); break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 0 --------------------------------- 13672 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); structType myStruct; myStruct.structFirst = samples; samples = badSource(myStruct); void badSource(structType myStruct) char * samples = myStruct.structFirst; samples = s->frame.data[0]; return samples; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4; break; case 1: smp = 2; break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 1 --------------------------------- 13673 CVE-2012-0848/Ffmpeg_0.9_CVE_2012_0848_libavcodec_ws-snd1.c Buffer_Overflow_boundedcpy 173 const uint8_t *buf = avpkt->data; int sample = 128; out_size = AV_RL16(&buf[0]); in_size = AV_RL16(&buf[2]); buf += 4; s->frame.nb_samples = out_size; if ((ret = avctx->get_buffer(avctx, &s->frame)) < 0) av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n"); structType myStruct; myStruct.structFirst = samples; samples = badSource(myStruct); void badSource(structType myStruct) char * samples = myStruct.structFirst; samples = s->frame.data[0]; return samples; samples_end = samples + out_size; while (samples < samples_end && buf - avpkt->data < buf_size) code = *buf >> 6; count = *buf & 0x3F; switch (code) case 0: smp = 4*(count+1); break; case 1: smp = 2*(count+1); break; case 2: smp = (count & 0x20) ? 1 : count + 1; break; default: smp = count + 1; break; default: memset(samples, sample, smp); 0 --------------------------------- 13674 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size; buftmp = func(buftmp); static void * func(const void * buftmp) buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); return buftmp; buftmp = func(buftmp); if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 1 --------------------------------- 13675 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size, buf_offset = 0; buftmp = func(buftmp); static void * func(const void * buftmp) buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); return buftmp; buftmp = func(buftmp); if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size = buf_offset += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 0 --------------------------------- 13676 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size; buftmp = func(&buftmp); static void * func(void * * ptr) void * buftmp = * ptr; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); return buftmp; buftmp = func(&buftmp); if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 1 --------------------------------- 13677 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size, buf_offset = 0; buftmp = func(&buftmp); static void * func(void * * ptr) void * buftmp = * ptr; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); return buftmp; buftmp = func(&buftmp); if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size = buf_offset += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 0 --------------------------------- 13678 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size; void (*funcPtr) = badSource; funcPtr(buftmp) void badSource(void * buftmp) buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 1 --------------------------------- 13679 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size, buf_offset = 0; void (*funcPtr) = badSource; funcPtr(buftmp) void badSource(void * buftmp) buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size = buf_offset += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 0 --------------------------------- 13680 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); void * dataCopy = buftmp; voi * buftmp = dataCopy; if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 1 --------------------------------- 13681 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size, buf_offset = 0; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); void * dataCopy = buftmp; voi * buftmp = dataCopy; if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size = buf_offset += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 0 --------------------------------- 13682 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size += ret; pd.buf = &buf[offset]; s = pd.buf + pd.buf_size; memset(s, 0, AVPROBE_PADDING_SIZE); 1 --------------------------------- 13683 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size, buf_offset = 0; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size = buf_offset += ret; pd.buf = &buf[offset]; s = pd.buf + pd.buf_size; memset(s, 0, AVPROBE_PADDING_SIZE); 0 --------------------------------- 13684 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); buf=buftmp; if(!buftmp) av_free(buf); return AVERROR(ENOMEM); if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 1 --------------------------------- 13685 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size, buf_offset = 0; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); buf=buftmp; if(!buftmp) av_free(buf); return AVERROR(ENOMEM); if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size = buf_offset += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 0 --------------------------------- 13686 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size; void * dataArray[5]; dataArray[2] = buftmp; buftmp = badSource(dataArray) void badSource(void * dataArray[]) void * buftmp = dataArray[2]; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); return buftmp; if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 1 --------------------------------- 13687 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size, buf_offset = 0; void * dataArray[5]; dataArray[2] = buftmp; buftmp = badSource(dataArray) void badSource(void * dataArray[]) void * buftmp = dataArray[2]; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); return buftmp; if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size = buf_offset += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 0 --------------------------------- 13688 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size; unionType myUnion; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); myUnion.unionFirst = buftmp; void * buftmp = myUnion.unionSecond; if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 1 --------------------------------- 13689 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size, buf_offset = 0; unionType myUnion; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); myUnion.unionFirst = buftmp; void * buftmp = myUnion.unionSecond; if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size = buf_offset += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 0 --------------------------------- 13690 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size; structType myStruct; myStruct.structFirst = buftmp; buftmp = badSource(myStruct); void badSource(structType myStruct) void * buftmp = myStruct.structFirst; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); return buftmp; if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 1 --------------------------------- 13691 CVE-2012-6618/Ffmpeg_1.0_CVE_2012_6618_libavformat_utils.c String_Termination_Error 174 unsigned char *buf = NULL; int ret = 0, probe_size, buf_offset = 0; structType myStruct; myStruct.structFirst = buftmp; buftmp = badSource(myStruct); void badSource(structType myStruct) void * buftmp = myStruct.structFirst; buftmp = av_realloc(buf, probe_size + AVPROBE_PADDING_SIZE); return buftmp; if(!buftmp) av_free(buf); return AVERROR(ENOMEM); buf=buftmp; if ((ret = avio_read(pb, buf + buf_offset, probe_size - buf_offset)) < 0) if (ret != AVERROR_EOF) av_free(buf); return ret; score = 0; ret = 0; pd.buf_size = buf_offset += ret; pd.buf = &buf[offset]; memset(pd.buf + pd.buf_size, 0, AVPROBE_PADDING_SIZE); 0 --------------------------------- 13692 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (ogg_page_bos(&page)) NS_ASSERTION(!readAllBOS, "We shouldn't encounter another BOS page"); codecState = func(codecState); static nsOggCodecState * func(const nsOggCodecState * codecState) codecState = nsOggCodecState::Create(&page); return codecState; codecState = func(codecState); #ifdef DEBUG PRBool r = #endif mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); else readAllBOS = PR_TRUE; mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 1 --------------------------------- 13693 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (!ogg_page_bos(&page)) readAllBOS = PR_TRUE; else if (!mCodecStates.Get(serial, nsnull)) codecState = func(codecState); static nsOggCodecState * func(const nsOggCodecState * codecState) codecState = nsOggCodecState::Create(&page); return codecState; codecState = func(codecState); DebugOnly r = mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 0 --------------------------------- 13694 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (ogg_page_bos(&page)) NS_ASSERTION(!readAllBOS, "We shouldn't encounter another BOS page"); codecState = func(&codecState); static nsOggCodecState * func(nsOggCodecState * * ptr) nsOggCodecState * codecState = *ptr; codecState = nsOggCodecState::Create(&page); return codecState; codecState = func(&codecState); #ifdef DEBUG PRBool r = #endif mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); else readAllBOS = PR_TRUE; mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 1 --------------------------------- 13695 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (!ogg_page_bos(&page)) readAllBOS = PR_TRUE; else if (!mCodecStates.Get(serial, nsnull)) codecState = func(&codecState); static nsOggCodecState * func(nsOggCodecState * * ptr) nsOggCodecState * codecState = *ptr; codecState = nsOggCodecState::Create(&page); return codecState; codecState = func(&codecState); DebugOnly r = mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 0 --------------------------------- 13696 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (ogg_page_bos(&page)) NS_ASSERTION(!readAllBOS, "We shouldn't encounter another BOS page"); void (*funcPtr) (nsOggCodecState *) = badSource; funcPtr(codecState) void badSource(nsOggCodecState * codecState) codecState = nsOggCodecState::Create(&page); #ifdef DEBUG PRBool r = #endif mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); else readAllBOS = PR_TRUE; mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 1 --------------------------------- 13697 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (!ogg_page_bos(&page)) readAllBOS = PR_TRUE; else if (!mCodecStates.Get(serial, nsnull)) void (*funcPtr) (nsOggCodecState *) = badSource; funcPtr(codecState) void badSource(nsOggCodecState * codecState) codecState = nsOggCodecState::Create(&page); DebugOnly r = mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 0 --------------------------------- 13698 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (ogg_page_bos(&page)) NS_ASSERTION(!readAllBOS, "We shouldn't encounter another BOS page"); codecState = nsOggCodecState::Create(&page); nsOggCodecState * dataCopy = codecState; nsOggCodecState * codecState = dataCopy; #ifdef DEBUG PRBool r = #endif mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); else readAllBOS = PR_TRUE; mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 1 --------------------------------- 13699 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (!ogg_page_bos(&page)) readAllBOS = PR_TRUE; else if (!mCodecStates.Get(serial, nsnull)) codecState = nsOggCodecState::Create(&page); nsOggCodecState * dataCopy = codecState; nsOggCodecState * codecState = dataCopy; DebugOnly r = mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 0 --------------------------------- 13700 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (ogg_page_bos(&page)) NS_ASSERTION(!readAllBOS, "We shouldn't encounter another BOS page"); codecState = nsOggCodecState::Create(&page); #ifdef DEBUG PRBool r = #endif mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); instead = codecState && codecState->GetType(); if (instead == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (instead == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (instead == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); else readAllBOS = PR_TRUE; mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 1 --------------------------------- 13701 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (!ogg_page_bos(&page)) readAllBOS = PR_TRUE; else if (!mCodecStates.Get(serial, nsnull)) codecState = nsOggCodecState::Create(&page); DebugOnly r = mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); instead = codecState && codecState->GetType(); if (instead == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (instead == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (instead == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 0 --------------------------------- 13702 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (ogg_page_bos(&page)) NS_ASSERTION(!readAllBOS, "We shouldn't encounter another BOS page"); codecState = nsOggCodecState::Create(&page); #ifdef DEBUG PRBool r = #endif mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); else readAllBOS = PR_TRUE; mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 1 --------------------------------- 13703 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (!ogg_page_bos(&page)) readAllBOS = PR_TRUE; else if (!mCodecStates.Get(serial, nsnull)) codecState = nsOggCodecState::Create(&page); DebugOnly r = mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 0 --------------------------------- 13704 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (ogg_page_bos(&page)) NS_ASSERTION(!readAllBOS, "We shouldn't encounter another BOS page"); nsOggCodecState * dataArray[5]; dataArray[2] = codecState; codecState = badSource(dataArray); void badSource(nsOggCodecState * dataArray[]) nsOggCodecState * codecState = dataArray[2]; codecState = nsOggCodecState::Create(&page); return codecState; #ifdef DEBUG PRBool r = #endif mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); else readAllBOS = PR_TRUE; mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 1 --------------------------------- 13705 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (!ogg_page_bos(&page)) readAllBOS = PR_TRUE; else if (!mCodecStates.Get(serial, nsnull)) nsOggCodecState * dataArray[5]; dataArray[2] = codecState; codecState = badSource(dataArray); void badSource(nsOggCodecState * dataArray[]) nsOggCodecState * codecState = dataArray[2]; codecState = nsOggCodecState::Create(&page); return codecState; DebugOnly r = mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 0 --------------------------------- 13706 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (ogg_page_bos(&page)) NS_ASSERTION(!readAllBOS, "We shouldn't encounter another BOS page"); unionType myUnion; codecState = nsOggCodecState::Create(&page); myUnion.unionFirst = codecState; nsOggCodecState * codecState = myUnion.unionSecond; #ifdef DEBUG PRBool r = #endif mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); else readAllBOS = PR_TRUE; mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 1 --------------------------------- 13707 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (!ogg_page_bos(&page)) readAllBOS = PR_TRUE; else if (!mCodecStates.Get(serial, nsnull)) unionType myUnion; codecState = nsOggCodecState::Create(&page); myUnion.unionFirst = codecState; nsOggCodecState * codecState = myUnion.unionSecond; DebugOnly r = mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 0 --------------------------------- 13708 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (ogg_page_bos(&page)) NS_ASSERTION(!readAllBOS, "We shouldn't encounter another BOS page"); structType myStruct; myStruct.structFirst = codecState; codecState = badSource(myStruct); void badSource(structType myStruct) nsOggCodecState * codecState = myStruct.structFirst; codecState = nsOggCodecState::Create(&page); return codecState; #ifdef DEBUG PRBool r = #endif mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); else readAllBOS = PR_TRUE; mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 1 --------------------------------- 13709 CVE-2011-3005/Firefox_6.0_CVE_2011_3005_content_media_ogg_nsOggReader.cpp Buffer_Overflow_boundedcpy 289 int serial = ogg_page_serialno(&page); nsOggCodecState* codecState = 0; if (!ogg_page_bos(&page)) readAllBOS = PR_TRUE; else if (!mCodecStates.Get(serial, nsnull)) structType myStruct; myStruct.structFirst = codecState; codecState = badSource(myStruct); void badSource(structType myStruct) nsOggCodecState * codecState = myStruct.structFirst; codecState = nsOggCodecState::Create(&page); return codecState; DebugOnly r = mCodecStates.Put(serial, codecState); NS_ASSERTION(r, "Failed to insert into mCodecStates"); bitstreams.AppendElement(codecState); mKnownStreams.AppendElement(serial); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_VORBIS && !mVorbisState) mVorbisState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_THEORA && !mTheoraState) mTheoraState = static_cast(codecState); if (codecState && codecState->GetType() == nsOggCodecState::TYPE_SKELETON && !mSkeletonState) mSkeletonState = static_cast(codecState); mCodecStates.Get(serial, &codecState); NS_ENSURE_TRUE(codecState, NS_ERROR_FAILURE); if (NS_FAILED(codecState->PageIn(&page))) return NS_ERROR_FAILURE; memcpy(&mTheoraInfo, &mTheoraState->mInfo, sizeof(mTheoraInfo)); 0 --------------------------------- 13710 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + 512; char *dstPtr = (char *) PR_Malloc(bufferLength); for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) temp = func(temp); static char * func(const char * temp) char *temp = (char *) PR_Realloc(*outString, *bufferLength + tempLen); return temp; temp = func(temp); if (temp) *bufferLength += tempLen; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 1 --------------------------------- 13711 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + RESERVE_FALLBACK_BYTES; char *dstPtr = (char *) PR_Malloc(bufferLength + 1); if (!dstPtr) return NS_ERROR_OUT_OF_MEMORY; for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; NS_ASSERTION(dstLength >= 0, "out of bounds write"); rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) int32_t addLength = tempLen + RESERVE_FALLBACK_BYTES; temp = func(temp); static char * func(const char * temp) char *temp = (char *) PR_Realloc(*outString, *bufferLength + addLength + 1); return temp; temp = func(temp); if (temp) *bufferLength += addLength; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 0 --------------------------------- 13712 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + 512; char *dstPtr = (char *) PR_Malloc(bufferLength); for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) temp = func(&temp); static char * func(char * * ptr) char * temp = *ptr; char *temp = (char *) PR_Realloc(*outString, *bufferLength + tempLen); return temp; temp = func(&temp); if (temp) *bufferLength += tempLen; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 1 --------------------------------- 13713 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + RESERVE_FALLBACK_BYTES; char *dstPtr = (char *) PR_Malloc(bufferLength + 1); if (!dstPtr) return NS_ERROR_OUT_OF_MEMORY; for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; NS_ASSERTION(dstLength >= 0, "out of bounds write"); rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) int32_t addLength = tempLen + RESERVE_FALLBACK_BYTES; temp = func(&temp); static char * func(char * * ptr) char * temp = *ptr; char *temp = (char *) PR_Realloc(*outString, *bufferLength + addLength + 1); return temp; temp = func(&temp); if (temp) *bufferLength += addLength; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 0 --------------------------------- 13714 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + 512; char *dstPtr = (char *) PR_Malloc(bufferLength); for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) void (funcPtr) (char *) = badSource; funcPtr(temp); void badSource(char * temp) char *temp = (char *) PR_Realloc(*outString, *bufferLength + tempLen); if (temp) *bufferLength += tempLen; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 1 --------------------------------- 13715 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + RESERVE_FALLBACK_BYTES; char *dstPtr = (char *) PR_Malloc(bufferLength + 1); if (!dstPtr) return NS_ERROR_OUT_OF_MEMORY; for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; NS_ASSERTION(dstLength >= 0, "out of bounds write"); rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) int32_t addLength = tempLen + RESERVE_FALLBACK_BYTES; void (funcPtr) (char *) = badSource; funcPtr(temp); void badSource(char * temp) char *temp = (char *) PR_Realloc(*outString, *bufferLength + addLength + 1); if (temp) *bufferLength += addLength; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 0 --------------------------------- 13716 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + 512; char *dstPtr = (char *) PR_Malloc(bufferLength); for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) char *temp = (char *) PR_Realloc(*outString, *bufferLength + tempLen); char * dataCopy = temp; char * temp = dataCopy; if (temp) *bufferLength += tempLen; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 1 --------------------------------- 13717 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + RESERVE_FALLBACK_BYTES; char *dstPtr = (char *) PR_Malloc(bufferLength + 1); if (!dstPtr) return NS_ERROR_OUT_OF_MEMORY; for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; NS_ASSERTION(dstLength >= 0, "out of bounds write"); rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) int32_t addLength = tempLen + RESERVE_FALLBACK_BYTES; char *temp = (char *) PR_Realloc(*outString, *bufferLength + addLength + 1); char * dataCopy = temp; char * temp = dataCopy; if (temp) *bufferLength += addLength; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 0 --------------------------------- 13718 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + 512; char *dstPtr = (char *) PR_Malloc(bufferLength); for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) char *temp = (char *) PR_Realloc(*outString, *bufferLength + tempLen); if (temp) *bufferLength += tempLen; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; instead = *outString + *currentPos; memcpy(instead, fallbackStr, tempLen); 1 --------------------------------- 13719 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + RESERVE_FALLBACK_BYTES; char *dstPtr = (char *) PR_Malloc(bufferLength + 1); if (!dstPtr) return NS_ERROR_OUT_OF_MEMORY; for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; NS_ASSERTION(dstLength >= 0, "out of bounds write"); rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) int32_t addLength = tempLen + RESERVE_FALLBACK_BYTES; char *temp = (char *) PR_Realloc(*outString, *bufferLength + addLength + 1); if (temp) *bufferLength += addLength; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; instead = *outString + *currentPos; memcpy(instead, fallbackStr, tempLen); 0 --------------------------------- 13720 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + 512; char *dstPtr = (char *) PR_Malloc(bufferLength); for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) char *temp = (char *) PR_Realloc(*outString, *bufferLength + tempLen); if (temp) *outString = temp; *bufferLength += tempLen; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 1 --------------------------------- 13721 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + RESERVE_FALLBACK_BYTES; char *dstPtr = (char *) PR_Malloc(bufferLength + 1); if (!dstPtr) return NS_ERROR_OUT_OF_MEMORY; for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; NS_ASSERTION(dstLength >= 0, "out of bounds write"); rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) int32_t addLength = tempLen + RESERVE_FALLBACK_BYTES; char *temp = (char *) PR_Realloc(*outString, *bufferLength + addLength + 1); if (temp) *outString = temp; *bufferLength += addLength; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 0 --------------------------------- 13722 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + 512; char *dstPtr = (char *) PR_Malloc(bufferLength); for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) char * dataArray[5]; dataArray[2] = temp; temp = badSource(dataArray); void badSource(char * dataArray[]) char * temp = dataArray[2]; char *temp = (char *) PR_Realloc(*outString, *bufferLength + tempLen); return temp; if (temp) *bufferLength += tempLen; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 1 --------------------------------- 13723 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + RESERVE_FALLBACK_BYTES; char *dstPtr = (char *) PR_Malloc(bufferLength + 1); if (!dstPtr) return NS_ERROR_OUT_OF_MEMORY; for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; NS_ASSERTION(dstLength >= 0, "out of bounds write"); rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) int32_t addLength = tempLen + RESERVE_FALLBACK_BYTES; char * dataArray[5]; dataArray[2] = temp; temp = badSource(dataArray); void badSource(char * dataArray[]) char * temp = dataArray[2]; char *temp = (char *) PR_Realloc(*outString, *bufferLength + addLength + 1); return temp; if (temp) *bufferLength += addLength; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 0 --------------------------------- 13724 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + 512; char *dstPtr = (char *) PR_Malloc(bufferLength); for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) unionType myUnion; myUnion.unionFirst = temp; char * temp = myUnion.unionSecond; char *temp = (char *) PR_Realloc(*outString, *bufferLength + tempLen); if (temp) *bufferLength += tempLen; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 1 --------------------------------- 13725 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + RESERVE_FALLBACK_BYTES; char *dstPtr = (char *) PR_Malloc(bufferLength + 1); if (!dstPtr) return NS_ERROR_OUT_OF_MEMORY; for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; NS_ASSERTION(dstLength >= 0, "out of bounds write"); rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) int32_t addLength = tempLen + RESERVE_FALLBACK_BYTES; unionType myUnion; myUnion.unionFirst = temp; char * temp = myUnion.unionSecond; char *temp = (char *) PR_Realloc(*outString, *bufferLength + addLength + 1); if (temp) *bufferLength += addLength; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 0 --------------------------------- 13726 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + 512; char *dstPtr = (char *) PR_Malloc(bufferLength); for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) structType myStruct; myStruct.structFirst = temp; temp = badSource(myStruct); void badSource(structType myStruct) char * temp = myStruct.structFirst; char *temp = (char *) PR_Realloc(*outString, *bufferLength + tempLen); return temp; if (temp) *bufferLength += tempLen; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 1 --------------------------------- 13727 CVE-2013-0782/Firefox_18.0_CVE_2013_0782_intl_unicharutil_src_nsSaveAsCharset.cpp Buffer_Overflow_boundedcpy 158 int32_t dstLength; int32_t pos1, pos2; nsresult saveResult = NS_OK; rv = mEncoder->GetMaxLength(inString, inStringLength, &dstLength); if (NS_FAILED(rv)) return rv; bufferLength = dstLength + RESERVE_FALLBACK_BYTES; char *dstPtr = (char *) PR_Malloc(bufferLength + 1); if (!dstPtr) return NS_ERROR_OUT_OF_MEMORY; for (pos1 = 0, pos2 = 0; pos1 < inStringLength;) dstLength = bufferLength - pos2; NS_ASSERTION(dstLength >= 0, "out of bounds write"); rv = mEncoder->Convert(&inString[pos1], &srcLength, &dstPtr[pos2], &dstLength); pos1 += srcLength ? srcLength : 1; pos2 += dstLength; dstPtr[pos2] = '\0'; rv = mEncoder->Finish(&dstPtr[pos2], &dstLength); if (NS_SUCCEEDED(rv)) pos2 += dstLength; dstPtr[pos2] = '\0'; rv = HandleFallBack(unMappedChar, &dstPtr, &bufferLength, &pos2, dstLength); nsSaveAsCharset::HandleFallBack(uint32_t character, char **outString, int32_t *bufferLength, int32_t *currentPos, int32_t estimatedLength) char fallbackStr[256]; nsresult rv = DoConversionFallBack(character, fallbackStr, 256); if (NS_SUCCEEDED(rv)) int32_t tempLen = (int32_t) PL_strlen(fallbackStr); if ((tempLen + estimatedLength) >= (*bufferLength - *currentPos)) int32_t addLength = tempLen + RESERVE_FALLBACK_BYTES; structType myStruct; myStruct.structFirst = temp; temp = badSource(myStruct); void badSource(structType myStruct) char * temp = myStruct.structFirst; char *temp = (char *) PR_Realloc(*outString, *bufferLength + addLength + 1); return temp; if (temp) *bufferLength += addLength; *outString = temp; else *outString = nullptr; *bufferLength =0; return NS_ERROR_OUT_OF_MEMORY; memcpy((*outString + *currentPos), fallbackStr, tempLen); 0 --------------------------------- 13728 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 installDir = func(installDir); static WCHAR * func(const WCHAR * installDir) WCHAR installDir[MAX_PATH] = {L'\0'}; return installDir; installDir = func(installDir); if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 1 --------------------------------- 13729 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 installDir = func(installDir); static WCHAR * func(const WCHAR * installDir) WCHAR installDir[MAX_PATH + 1] = {L'\0'}; return installDir; installDir = func(installDir); if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 0 --------------------------------- 13730 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 installDir = func(&installDir); static WCHAR * func(WCHAR * * ptr) WCHAR * installDir = * ptr WCHAR installDir[MAX_PATH] = {L'\0'}; return installDir; installDir = func(&installDir); if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 1 --------------------------------- 13731 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 installDir = func(&installDir); static WCHAR * func(WCHAR * * ptr) WCHAR * installDir = * ptr WCHAR installDir[MAX_PATH + 1] = {L'\0'}; return installDir; installDir = func(&installDir); if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 0 --------------------------------- 13732 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 void (*funcPtr) (WCHAR *) = badSource; funcPtr(installDir); void badSource(WCHAR * installDir) WCHAR installDir[MAX_PATH] = {L'\0'}; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 1 --------------------------------- 13733 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 WCHAR installDir[MAX_PATH + 1] = {L'\0'}; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 0 --------------------------------- 13734 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 void (*funcPtr) (WCHAR *) = badSource; funcPtr(installDir); void badSource(WCHAR * installDir) WCHAR installDir[MAX_PATH] = {L'\0'}; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 1 --------------------------------- 13735 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 WCHAR installDir[MAX_PATH + 1] = {L'\0'}; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 0 --------------------------------- 13736 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 WCHAR * dataArray[5]; dataArray[2] = installDir; installDir = badSource(dataArray); void badSource(WCHAR * dataArray[]) WCHAR * installDir = dataArray[2]; WCHAR installDir[MAX_PATH] = {L'\0'}; return installDir; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 1 --------------------------------- 13737 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 WCHAR * dataArray[5]; dataArray[2] = installDir; installDir = badSource(dataArray); void badSource(WCHAR * dataArray[]) WCHAR * installDir = dataArray[2]; WCHAR installDir[MAX_PATH + 1] = {L'\0'}; return installDir; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 0 --------------------------------- 13738 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 WCHAR installDir[MAX_PATH] = {L'\0'}; unionType myUnion; myUnion.unionFirst = installDir; WCHAR * installDir = myUnion.unionSecond; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 1 --------------------------------- 13739 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 WCHAR installDir[MAX_PATH + 1] = {L'\0'}; unionType myUnion; myUnion.unionFirst = installDir; WCHAR * installDir = myUnion.unionSecond; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 0 --------------------------------- 13740 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 structType myStruct; myStruct.structFirst = installDir; installDir = badSource(myStruct); void badSource(structType myStruct) WCHAR * installDir = myStruct.structFirst; WCHAR installDir[MAX_PATH] = {L'\0'}; return installDir; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 1 --------------------------------- 13741 CVE-2013-0799/Firefox_19.0_CVE_2013_0799_toolkit_components_maintenanceservice_workmonitor.cpp Buffer_Overflow_cpycat 110 structType myStruct; myStruct.structFirst = installDir; installDir = badSource(myStruct); void badSource(structType myStruct) WCHAR * installDir = myStruct.structFirst; WCHAR installDir[MAX_PATH + 1] = {L'\0'}; return installDir; if (!GetInstallationDir(argc, argv, installDir)) { GetInstallationDir(int argcTmp, LPWSTR *argvTmp, WCHAR aResultDir[MAX_PATH]) wcscpy(aResultDir, argvTmp[2]); 0 --------------------------------- 13742 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) rootPath = func(rootPath); static WCHAR * func(const WCHAR * rootPath) WCHAR rootPath[MAX_PATH + 1]; return rootPath; rootPath = func(rootPath); if (wcslen(file) > MAX_PATH) { return FALSE; wcscpy(rootPath, file); 1 --------------------------------- 13743 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) rootPath = func(rootPath); static WCHAR * func(const WCHAR * rootPath) WCHAR rootPath[MAX_PATH + 1] = { L'\0' }; return rootPath; rootPath = func(rootPath); if (wcslen(file) > MAX_PATH) { return FALSE; wcsncpy(rootPath, file, MAX_PATH); 0 --------------------------------- 13744 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) rootPath = func(&rootPath); static WCHAR * func(WCHAR * * ptr) WCHAR * rootPath = *ptr; WCHAR rootPath[MAX_PATH + 1]; return rootPath; rootPath = func(&rootPath); if (wcslen(file) > MAX_PATH) { return FALSE; wcscpy(rootPath, file); 1 --------------------------------- 13745 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) rootPath = func(&rootPath); static WCHAR * func(WCHAR * * ptr) WCHAR * rootPath = *ptr; WCHAR rootPath[MAX_PATH + 1] = { L'\0' }; return rootPath; rootPath = func(&rootPath); if (wcslen(file) > MAX_PATH) { return FALSE; wcsncpy(rootPath, file, MAX_PATH); 0 --------------------------------- 13746 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) void (*funcPtr) (WCHAR *) = badSource; funcPtr(rootPath); void badSource(WCHAR * rootPath) WCHAR rootPath[MAX_PATH + 1]; if (wcslen(file) > MAX_PATH) { return FALSE; wcscpy(rootPath, file); 1 --------------------------------- 13747 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) void (*funcPtr) (WCHAR *) = badSource; funcPtr(rootPath); void badSource(WCHAR * rootPath) WCHAR rootPath[MAX_PATH + 1] = { L'\0' }; if (wcslen(file) > MAX_PATH) { return FALSE; wcsncpy(rootPath, file, MAX_PATH); 0 --------------------------------- 13748 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) WCHAR rootPath[MAX_PATH + 1]; WCHAR * dataCopy = rootPath; WCHAR * rootPath = dataCopy; if (wcslen(file) > MAX_PATH) { return FALSE; wcscpy(rootPath, file); 1 --------------------------------- 13749 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) WCHAR rootPath[MAX_PATH + 1] = { L'\0' }; WCHAR * dataCopy = rootPath; WCHAR * rootPath = dataCopy; if (wcslen(file) > MAX_PATH) { return FALSE; wcsncpy(rootPath, file, MAX_PATH); 0 --------------------------------- 13750 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) WCHAR * dataArray[5]; dataArray[2] = rootPath; rootPath = badSource(dataArray); void badSource(WCHAR * dataArray[]) WCHAR * rootPath = dataArray[2]; WCHAR rootPath[MAX_PATH + 1]; return rootPath; if (wcslen(file) > MAX_PATH) { return FALSE; wcscpy(rootPath, file); 1 --------------------------------- 13751 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) WCHAR * dataArray[5]; dataArray[2] = rootPath; rootPath = badSource(dataArray); void badSource(WCHAR * dataArray[]) WCHAR * rootPath = dataArray[2]; WCHAR rootPath[MAX_PATH + 1] = { L'\0' }; return rootPath; if (wcslen(file) > MAX_PATH) { return FALSE; wcsncpy(rootPath, file, MAX_PATH); 0 --------------------------------- 13752 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) WCHAR rootPath[MAX_PATH + 1]; unionType myUnion; myUnion.unionFirst = rootPath; WCHAR * rootPath = myUnion.unionSecond; if (wcslen(file) > MAX_PATH) { return FALSE; wcscpy(rootPath, file); 1 --------------------------------- 13753 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) WCHAR rootPath[MAX_PATH + 1] = { L'\0' }; unionType myUnion; myUnion.unionFirst = rootPath; WCHAR * rootPath = myUnion.unionSecond; if (wcslen(file) > MAX_PATH) { return FALSE; wcsncpy(rootPath, file, MAX_PATH); 0 --------------------------------- 13754 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) structType myStruct; myStruct.structFirst = rootPath; rootPath = badSource(myStruct); void badSource(structType myStruct) WCHAR * rootPath = myStruct,structFirst; WCHAR rootPath[MAX_PATH + 1]; return rootPath; if (wcslen(file) > MAX_PATH) { return FALSE; wcscpy(rootPath, file); 1 --------------------------------- 13755 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_mozapps_update_common_updatehelper.cpp Buffer_Overflow_cpycat 646 IsLocalFile(LPCWSTR file, BOOL &isLocal) structType myStruct; myStruct.structFirst = rootPath; rootPath = badSource(myStruct); void badSource(structType myStruct) WCHAR * rootPath = myStruct,structFirst; WCHAR rootPath[MAX_PATH + 1] = { L'\0' }; return rootPath; if (wcslen(file) > MAX_PATH) { return FALSE; wcsncpy(rootPath, file, MAX_PATH); 0 --------------------------------- 13756 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) logName = func(logName); static WCHAR * func(const WCHAR * logName) WCHAR logName[64]; return logName; logName = func(logName); wcscpy(path, basePath); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 1 --------------------------------- 13757 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) logName = func(logName); static WCHAR * func(const WCHAR * logName) WCHAR logName[64] = { L'\0' }; return logName; logName = func(logName); wcsncpy(path, basePath, sizeof(logName) / sizeof(logName[0]) - 1); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 0 --------------------------------- 13758 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) logName = func(&logName); static WCHAR * func(WCHAR * * ptr) WCHAR * logName = *ptr; WCHAR logName[64]; return logName; logName = func(&logName); wcscpy(path, basePath); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 1 --------------------------------- 13759 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) logName = func(&logName); static WCHAR * func(WCHAR * * ptr) WCHAR * logName = *ptr; WCHAR logName[64] = { L'\0' }; return logName; logName = func(&logName); wcsncpy(path, basePath, sizeof(logName) / sizeof(logName[0]) - 1); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 0 --------------------------------- 13760 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) void (*funcPtr) (WCHAR *) = badSource; funcPtr(logName); void badSource(WCHAR * logName) WCHAR logName[64]; wcscpy(path, basePath); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 1 --------------------------------- 13761 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) void (*funcPtr) (WCHAR *) = badSource; funcPtr(logName); void badSource(WCHAR * logName) WCHAR logName[64] = { L'\0' }; wcsncpy(path, basePath, sizeof(logName) / sizeof(logName[0]) - 1); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 0 --------------------------------- 13762 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) WCHAR logName[64]; wchar * dataCopy = logName; wchar * logName = dataCopy; wcscpy(path, basePath); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 1 --------------------------------- 13763 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) WCHAR logName[64] = { L'\0' }; wchar * dataCopy = logName; wchar * logName = dataCopy; wcsncpy(path, basePath, sizeof(logName) / sizeof(logName[0]) - 1); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 0 --------------------------------- 13764 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) WCHAR logName[64]; wcscpy(path, basePath); len = sizeof(logName) / sizeof(logName[0]); if (logNumber <= 0) swprintf(logName, len,L"maintenanceservice.log"); else swprintf(logName, len,L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 1 --------------------------------- 13765 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) WCHAR logName[64] = { L'\0' }; len = sizeof(logName) / sizeof(logName[0]); wcsncpy(path, basePath, len - 1); if (logNumber <= 0) swprintf(logName, len,L"maintenanceservice.log"); else swprintf(logName, len,L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 0 --------------------------------- 13766 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) WCHAR * dataArray[5]; dataArray[2] = logName; logName = badSource(dataArray[2]); WCHAR logName[64]; return logName; wcscpy(path, basePath); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 1 --------------------------------- 13767 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) WCHAR * dataArray[5]; dataArray[2] = logName; logName = badSource(dataArray[2]); WCHAR logName[64] = { L'\0' }; return logName; wcsncpy(path, basePath, sizeof(logName) / sizeof(logName[0]) - 1); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 0 --------------------------------- 13768 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) WCHAR logName[64]; unionType myUnion; myUnion.unionFirst = logName; WCHAR * logName = myUnion.unionSecond; wcscpy(path, basePath); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 1 --------------------------------- 13769 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) WCHAR logName[64] = { L'\0' }; unionType myUnion; myUnion.unionFirst = logName; WCHAR * logName = myUnion.unionSecond; wcsncpy(path, basePath, sizeof(logName) / sizeof(logName[0]) - 1); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 0 --------------------------------- 13770 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) structType myStruct; myStruct.structFirst = logName; logName = badSource(myStruct); void badSource(structType myStruct) WCHAR * logName = myStruct.structFirst; WCHAR logName[64]; return logName; wcscpy(path, basePath); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 1 --------------------------------- 13771 CVE-2013-1706/Firefox_22.0b6_CVE_2013_1706_toolkit_components_maintenanceservice_maintenanceservice.cpp Buffer_Overflow_cpycat 156 GetBackupLogPath(LPWSTR path, LPCWSTR basePath, int logNumber) structType myStruct; myStruct.structFirst = logName; logName = badSource(myStruct); void badSource(structType myStruct) WCHAR * logName = myStruct.structFirst; WCHAR logName[64] = { L'\0' }; return logName; wcsncpy(path, basePath, sizeof(logName) / sizeof(logName[0]) - 1); if (logNumber <= 0) swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice.log"); else swprintf(logName, sizeof(logName) / sizeof(logName[0]),L"maintenanceservice-%d.log", logNumber); return PathAppendSafe(path, logName); 0 --------------------------------- 13772 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); fc = func(fc); static nsFloatCache * func(const nsFloatCache * fc) while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); return fc; fc = func(fc); nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 1 --------------------------------- 13773 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); fc = func(fc); static nsFloatCache * func(const nsFloatCache * fc) while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); return fc; fc = func(fc); nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 0 --------------------------------- 13774 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); fc = func(&fc); static nsFloatCache * func(nsFloatCache * * ptr) nsFloatCache * fc = *ptr; while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); return fc; fc = func(&fc); nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 1 --------------------------------- 13775 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); fc = func(&fc); static nsFloatCache * func(nsFloatCache * * ptr) nsFloatCache * fc = *ptr; while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); return fc; fc = func(&fc); nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 0 --------------------------------- 13776 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); void (*funcPtr) (nsFloatCache *) = badSource; funcPtr(fc); void badSource(nsFloatCache * fc) while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 1 --------------------------------- 13777 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); void (*funcPtr) (nsFloatCache *) = badSource; funcPtr(fc); void badSource(nsFloatCache * fc) while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 0 --------------------------------- 13778 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); nsFloatCache * dataCopy = fc; nsFloatCache * fc = dataCopy; nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 1 --------------------------------- 13779 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); nsFloatCache * dataCopy = fc; nsFloatCache * fc = dataCopy; nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 0 --------------------------------- 13780 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { instead = f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT; if (instead) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 1 --------------------------------- 13781 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { instead = f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT; if (instead) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 0 --------------------------------- 13782 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 1 --------------------------------- 13783 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 0 --------------------------------- 13784 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); nsFloatCache * dataArray[5]; dataArray[2] = fc; fc = badSource(dataArray); void badSource(nsFloatCache * dataArray[]) nsFloatCache * fc = dataArray[2]; while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); return nsFloatCache; nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 1 --------------------------------- 13785 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); nsFloatCache * dataArray[5]; dataArray[2] = fc; fc = badSource(dataArray); void badSource(nsFloatCache * dataArray[]) nsFloatCache * fc = dataArray[2]; while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); return nsFloatCache; nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 0 --------------------------------- 13786 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); unionType myUnion; myUnion.unionFirst = fc; nsFloatCache * fc = myUnion.unionSecond; nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 1 --------------------------------- 13787 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); unionType myUnion; myUnion.unionFirst = fc; nsFloatCache * fc = myUnion.unionSecond; nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 0 --------------------------------- 13788 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); structType myStruct; myStruct.structFirst = fc; fc = badSource(myStruct); void badSource(structType myStruct) nsFloatCache * fc = myStruct.structFirst; while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); return fc nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 1 --------------------------------- 13789 CVE-2013-1732/Firefox_20.0.1_CVE_2013_1732_layout_generic_nsBlockFrame.cpp Format_String_Attack 1222 nsHTMLReflowMetrics& aMetrics, const nsHTMLReflowState& aReflowState, DISPLAY_REFLOW(aPresContext, this, aReflowState, aMetrics, aStatus); aReflowState.availableWidth, aReflowState.availableHeight, aReflowState.ComputedWidth(), aReflowState.ComputedHeight()); const nsHTMLReflowState *reflowState = &aReflowState; aReflowState.ComputedHeight() != NS_AUTOHEIGHT && ApplyOverflowClipping(this, aReflowState.mStyleDisplay)) { if (GetEffectiveComputedHeight(aReflowState) + heightExtras.TopBottom() <= mutableReflowState = new nsHTMLReflowState(aReflowState); mutableReflowState->availableHeight = NS_UNCONSTRAINEDSIZE; reflowState = mutableReflowState; nsAutoFloatManager autoFloatManager(const_cast(*reflowState)); bool needFloatManager = nsBlockFrame::BlockNeedsFloatManager(this); autoFloatManager.CreateFloatManager(aPresContext); if (IsFrameTreeTooDeep(*reflowState, aMetrics, aStatus)) { bool topMarginRoot, bottomMarginRoot; IsMarginRoot(&topMarginRoot, &bottomMarginRoot); nsBlockReflowState state(*reflowState, aPresContext, this, aMetrics, topMarginRoot, bottomMarginRoot, needFloatManager); if (RenumberLists(aPresContext)) { ReflowOverflowContainerChildren(aPresContext, *reflowState, ocBounds, 0, DrainPushedFloats(state); PrepareResizeReflow(state); NS_MergeReflowStatusInto(&state.mReflowStatus, ocStatus); NS_MergeReflowStatusInto(&state.mReflowStatus, fcStatus); NS_FRAME_IS_COMPLETE(state.mReflowStatus) && NS_FRAME_SET_INCOMPLETE(state.mReflowStatus); if (!NS_FRAME_IS_FULLY_COMPLETE(state.mReflowStatus)) { state.mReflowStatus |= NS_FRAME_REFLOW_NEXTINFLOW; if (HasOutsideBullet() && !mLines.empty() && (mLines.front()->IsBlock() || (0 == mLines.front()->mBounds.height && mLines.front() != mLines.back() && mLines.begin().next()->IsBlock()))) { nsHTMLReflowMetrics metrics; nsLayoutUtils::LinePosition position; bool havePosition = nsLayoutUtils::GetFirstLinePosition(this, &position); nscoord lineTop = havePosition ? position.mTop : reflowState->mComputedBorderPadding.top; nsIFrame* bullet = GetOutsideBullet(); ReflowBullet(bullet, state, metrics, lineTop); NS_ASSERTION(!BulletIsEmpty() || metrics.height == 0,"empty bullet took up space"); if (havePosition && !BulletIsEmpty()) { nsRect bbox = bullet->GetRect(); bbox.y = position.mBaseline - metrics.ascent; bullet->SetRect(bbox); CheckFloats(state); nsBlockFrame::CheckFloats(nsBlockReflowState& aState) nsAutoTArray lineFloats; for (line_iterator line = begin_lines(), line_end = end_lines(); line != line_end; ++line) { if (line->HasFloats()) { nsFloatCache* fc = line->GetFirstFloat(); structType myStruct; myStruct.structFirst = fc; fc = badSource(myStruct); void badSource(structType myStruct) nsFloatCache * fc = myStruct.structFirst; while (fc) { lineFloats.AppendElement(fc->mFloat); fc = fc->Next(); return fc nsAutoTArray storedFloats; for (nsIFrame* f = mFloats.FirstChild(); f; f = f->GetNextSibling()) { if (f->GetStateBits() & NS_FRAME_IS_PUSHED_FLOAT) continue; storedFloats.AppendElement(f); if ((!equal || lineFloats.Length() != storedFloats.Length()) && !anyLineDirty) { for (i = 0; i < lineFloats.Length(); ++i) { printf("Line float: %p\n", lineFloats.ElementAt(i)); for (i = 0; i < storedFloats.Length(); ++i) { printf("Stored float: %p\n", storedFloats.ElementAt(i)); nscoord bottomEdgeOfChildren; ComputeFinalSize(*reflowState, state, aMetrics, &bottomEdgeOfChildren); nsRect areaBounds = nsRect(0, 0, aMetrics.width, aMetrics.height); ComputeOverflowAreas(areaBounds, reflowState->mStyleDisplay,bottomEdgeOfChildren, aMetrics.mOverflowAreas); aMetrics.mOverflowAreas.UnionWith(ocBounds); aMetrics.mOverflowAreas.UnionWith(fcBounds); 0 --------------------------------- 13790 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) aCommand = func(aCommand); static char * func(const char * aCommand) NU_DBG("Preparing to send \'%s\' command...", aCommand); return aCommand; aCommand = func(aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 1 --------------------------------- 13791 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) aCommand = func(aCommand); static char * func(const char * aCommand) NU_DBG("Preparing to send \'%s\' command...", aCommand); return aCommand; aCommand = func(aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 0 --------------------------------- 13792 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) aCommand = func(&aCommand); static char * func(char * * ptr) char * aCommand = *ptr; NU_DBG("Preparing to send \'%s\' command...", aCommand); return aCommand; aCommand = func(&aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 1 --------------------------------- 13793 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) aCommand = func(&aCommand); static char * func(char * * ptr) char * aCommand = *ptr; NU_DBG("Preparing to send \'%s\' command...", aCommand); return aCommand; aCommand = func(&aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 0 --------------------------------- 13794 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) void (*funcPtr) (char *) = badSource; funcPtr(aCommand); void badSource(char * aCommand) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 1 --------------------------------- 13795 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) void (*funcPtr) (char *) = badSource; funcPtr(aCommand); void badSource(char * aCommand) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 0 --------------------------------- 13796 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); char * dataCopy = aCommand; char * aCommand = dataCopy; NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 1 --------------------------------- 13797 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); char * dataCopy = aCommand; char * aCommand = dataCopy; NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 0 --------------------------------- 13798 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); size = MAX_COMMAND_SIZE - 1; if (SDK_VERSION >= 16) snprintf((char*)netdCommand->mData, size, "0 %s", aCommand); else snprintf((char*)netdCommand->mData, size, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 1 --------------------------------- 13799 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); size = MAX_COMMAND_SIZE - 1; if (SDK_VERSION >= 16) PR_snprintf((char*)netdCommand->mData, size, "0 %s", aCommand); else PR_snprintf((char*)netdCommand->mData, size, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 0 --------------------------------- 13800 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NetdCommand* netdCommand = new NetdCommand(); NU_DBG("Preparing to send \'%s\' command...", aCommand); if (SDK_VERSION >= 16) snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 1 --------------------------------- 13801 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NetdCommand* netdCommand = new NetdCommand(); NU_DBG("Preparing to send \'%s\' command...", aCommand); if (SDK_VERSION >= 16) PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 0 --------------------------------- 13802 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) char * dataArray[5]; dataArray[2] =aCommand; aCommand = badSource(dataArray); void badSource(char *dataArray[]) char * aCommand = dataArray[2]; NU_DBG("Preparing to send \'%s\' command...", aCommand); return aCommand; NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 1 --------------------------------- 13803 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) char * dataArray[5]; dataArray[2] =aCommand; aCommand = badSource(dataArray); void badSource(char *dataArray[]) char * aCommand = dataArray[2]; NU_DBG("Preparing to send \'%s\' command...", aCommand); return aCommand; NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 0 --------------------------------- 13804 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); unionType myUnion; myUnion.unionFirst = aCommand; char * aCommand = myUnion.unionSecond; NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 1 --------------------------------- 13805 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); unionType myUnion; myUnion.unionFirst = aCommand; char * aCommand = myUnion.unionSecond; NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 0 --------------------------------- 13806 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) structType myStruct; myStruct.structFirst = aCommand; aCommand = badSource(myStruct); void badSource(structType myStruct) char * aCommand = myStruct.structFirst; NU_DBG("Preparing to send \'%s\' command...", aCommand); return aCommand; NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 1 --------------------------------- 13807 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 499 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) structType myStruct; myStruct.structFirst = aCommand; aCommand = badSource(myStruct); void badSource(structType myStruct) char * aCommand = myStruct.structFirst; NU_DBG("Preparing to send \'%s\' command...", aCommand); return aCommand; NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); else PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "%s", aCommand); netdCommand->mSize = strlen((char*)netdCommand->mData) + 1; gCommandQueue.AppendElement(QueueData(netdCommand, aChain, aCallback)); nextNetdCommand(); 0 --------------------------------- 13808 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; command = func(command); static char * func(const char * command) if (SDK_VERSION >= 20) written = snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); return command; command = func(command); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13809 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; command = func(command); static char * func(const char * command) if (SDK_VERSION >= 20) written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = PR_snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); return command; command = func(command); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13810 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; command = func(&command); static char * func(char * * ptr) char * command = *ptr; if (SDK_VERSION >= 20) written = snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); return command; command = func(&command); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13811 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; command = func(&command); static char * func(char * * ptr) char * command = *ptr; if (SDK_VERSION >= 20) written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = PR_snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); return command; command = func(&command); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13812 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; void (*funcPtr) (char *) = badSource; funcPtr(command); void badSource(char * command) if (SDK_VERSION >= 20) written = snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13813 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; void (*funcPtr) (char *) = badSource; funcPtr(command); void badSource(char * command) if (SDK_VERSION >= 20) written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = PR_snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13814 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) written = snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); char * dataCopy = command; char * command = dataCopy; nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13815 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = PR_snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); char * dataCopy = command; char * command = dataCopy; nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13816 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) written = snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); size = sizeof(command) - written; int ret = snprintf(command + written, size, " %s", autoDns.get()); 1 --------------------------------- 13817 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = PR_snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); size = sizeof(command) - written; int ret = PR_snprintf(command + written, size, " %s", autoDns.get()); 0 --------------------------------- 13818 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; char * dataArray[5]; dataArray[2] = command; command = badSource(dataArray); void badSource(chae * dataArray[]) char * command = dataArray[2]; if (SDK_VERSION >= 20) written = snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); return command; nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13819 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; char * dataArray[5]; dataArray[2] = command; command = badSource(dataArray); void badSource(chae * dataArray[]) char * command = dataArray[2]; if (SDK_VERSION >= 20) written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = PR_snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); return command; nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13820 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) written = snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); unionType myUnion; myUnion.unionFirst = command; char * command = myUnion.unionSecond; nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13821 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = PR_snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); unionType myUnion; myUnion.unionFirst = command; char * command = myUnion.unionSecond; nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13822 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; structType myStruct; myStruct.structFirst = command; command = badSource(myStruct); void badSource(structType myStruct) char * command = myStruct.structFirst; if (SDK_VERSION >= 20) written = snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); return command; nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13823 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1040 char command[MAX_COMMAND_SIZE]; structType myStruct; myStruct.structFirst = command; command = badSource(myStruct); void badSource(structType myStruct) char * command = myStruct.structFirst; if (SDK_VERSION >= 20) written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s",GET_FIELD(mNetId), GET_CHAR(mDomain)); else written = PR_snprintf(command, sizeof command, "resolver setifdns %s %s",GET_CHAR(mIfname), GET_CHAR(mDomain)); return command; nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13824 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; legacyOrEmpty = func(legacyOrEmpty); static char * func(const char * legacyOrEmpty) if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); return legacyOrEmpty; legacyOrEmpty = func(legacyOrEmpty); const char* action = aDoAdd ? "add" : "remove"; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13825 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; legacyOrEmpty = func(legacyOrEmpty); static char * func(const char * legacyOrEmpty) if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); return legacyOrEmpty; legacyOrEmpty = func(legacyOrEmpty); const char* action = aDoAdd ? "add" : "remove"; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13826 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; legacyOrEmpty = func(&legacyOrEmpty); static char * func(char * *ptr) char * legacyOrEmpty = *ptr; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); return legacyOrEmpty; legacyOrEmpty = func(&legacyOrEmpty); const char* action = aDoAdd ? "add" : "remove"; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13827 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; legacyOrEmpty = func(&legacyOrEmpty); static char * func(char * *ptr) char * legacyOrEmpty = *ptr; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); return legacyOrEmpty; legacyOrEmpty = func(&legacyOrEmpty); const char* action = aDoAdd ? "add" : "remove"; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13828 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; void (*funcPtr) (char *) = badSource; funcPtr(legacyOrEmpty) void badSource(char * legacyOrEmpty) if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); const char* action = aDoAdd ? "add" : "remove"; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13829 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; void (*funcPtr) (char *) = badSource; funcPtr(legacyOrEmpty) void badSource(char * legacyOrEmpty) if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); const char* action = aDoAdd ? "add" : "remove"; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13830 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); char * dataCopy = legacyOrEmpty; char * legacyOrEmpty = dataCopy; const char* action = aDoAdd ? "add" : "remove"; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13831 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); char * dataCopy = legacyOrEmpty; char * legacyOrEmpty = dataCopy; const char* action = aDoAdd ? "add" : "remove"; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13832 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); const char* action = aDoAdd ? "add" : "remove"; size = MAX_COMMAND_SIZE - 1; snprintf(command, size, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13833 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); const char* action = aDoAdd ? "add" : "remove"; size = MAX_COMMAND_SIZE - 1; PR_snprintf(command, size, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13834 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString gatewayOrEmpty; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); const char* action = aDoAdd ? "add" : "remove"; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13835 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString gatewayOrEmpty; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); const char* action = aDoAdd ? "add" : "remove"; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13836 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; char * dataArray[5]; dataArray[2] = legacyOrEmpty; legacyOrEmpty = badSource(dataArray); void badSource(char * dataArray[]) char * legacyOrEmpty = dataArray[2]; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); return legacyOrEmpty; const char* action = aDoAdd ? "add" : "remove"; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13837 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; char * dataArray[5]; dataArray[2] = legacyOrEmpty; legacyOrEmpty = badSource(dataArray); void badSource(char * dataArray[]) char * legacyOrEmpty = dataArray[2]; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); return legacyOrEmpty; const char* action = aDoAdd ? "add" : "remove"; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13838 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); unionType myUnion; myUnion.unionFirst = legacyOrEmpty; char * legacyOrEmpty = myUnion.unionSecond; const char* action = aDoAdd ? "add" : "remove"; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13839 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); unionType myUnion; myUnion.unionFirst = legacyOrEmpty; char * legacyOrEmpty = myUnion.unionSecond; const char* action = aDoAdd ? "add" : "remove"; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13840 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; structType myStruct; myStruct.structFirst = legacyOrEmpty; legacyOrEmpty = badSource(myStruct); void badSource(structType myStruct) char * legacyOrEmpty = myStruct.structFirst; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); return legacyOrEmpty; const char* action = aDoAdd ? "add" : "remove"; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13841 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1165 void NetworkUtils::removeRouteFromInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) modifyRouteOnInterface(aChain, aCallback, aResult, false); void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult,bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; structType myStruct; myStruct.structFirst = legacyOrEmpty; legacyOrEmpty = badSource(myStruct); void badSource(structType myStruct) char * legacyOrEmpty = myStruct.structFirst; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); legacyOrEmpty = ""; else gatewayOrEmpty = nsCString(" ") + NS_ConvertUTF16toUTF8(GET_FIELD(mGateway)); return legacyOrEmpty; const char* action = aDoAdd ? "add" : "remove"; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13842 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); command = func(command); static char * func(const char * command) snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); return command; command = func(command); struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 1 --------------------------------- 13843 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); command = func(command); static char * func(const char * command) PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); return command; command = func(command); struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 0 --------------------------------- 13844 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); command = func(&command); static char * func(char * * ptr) char * command = *ptr; snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); return command; command = func(&command); struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 1 --------------------------------- 13845 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); command = func(&command); static char * func(char * * ptr) char * command = *ptr; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); return command; command = func(&command); struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 0 --------------------------------- 13846 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); void (*funcPtr) (char *) = badSource; funcPtr(command); void badSource(char * command) snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 1 --------------------------------- 13847 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); void (*funcPtr) (char *) = badSource; funcPtr(command); void badSource(char * command) PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 0 --------------------------------- 13848 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); char * dataCopy = command; char * command = dataCopy; struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 1 --------------------------------- 13849 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); char * dataCopy = command; char * command = dataCopy; struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 0 --------------------------------- 13850 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); size = MAX_COMMAND_SIZE - 1; snprintf(command, size , "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 1 --------------------------------- 13851 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); size = MAX_COMMAND_SIZE - 1; PR_snprintf(command, size, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 0 --------------------------------- 13852 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); char command[MAX_COMMAND_SIZE]; int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 1 --------------------------------- 13853 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); char command[MAX_COMMAND_SIZE]; int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 0 --------------------------------- 13854 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); char * dataArray[5]; dataArray[2] =command; command = badSource(dataArray); void badSource(dataArray); void badSource(char * dataArray[]) char * command = dataArray[2]; snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); return command; struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 1 --------------------------------- 13855 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); char * dataArray[5]; dataArray[2] =command; command = badSource(dataArray); void badSource(dataArray); void badSource(char * dataArray[]) char * command = dataArray[2]; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); return command; struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 0 --------------------------------- 13856 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); unionType myUnion; myUnion.unionFirst = command; char * command = myUnion.unionSecond; struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 1 --------------------------------- 13857 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); unionType myUnion; myUnion.unionFirst = command; char * command = myUnion.unionSecond; struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 0 --------------------------------- 13858 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); structType myStruct; myStruct.structFirst = command; command = badSource(myStruct); void badSource(structType myStruct) char * command = myStruct.structFirst; snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); return command; struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 1 --------------------------------- 13859 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain,CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); structType myStruct; myStruct.structFirst = command; command = badSource(myStruct); void badSource(structType myStruct) char * command = myStruct.structFirst; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); return command; struct MyCallback static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); NU_DBG("removeDefaultRoute's reason: %s", reason.get()); if (aError && !reason.EqualsASCII("removeRoute() failed (No such process)")) { return aOriginalCallback(aChain, aError, aResult); GET_FIELD(mLoopIndex)++; return removeDefaultRoute(aChain, aOriginalCallback, aResult); 0 --------------------------------- 13860 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) stream_sys_t *p_sys = s->p_sys; if( !p_read ) return 0; if( Fill( s ) ) return -1; i_len = func(i_len); static int * func(const int * i_len) int i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); return i_len i_len = func(i_len); memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 1 --------------------------------- 13861 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) stream_sys_t *p_sys = s->p_sys; if( Fill( s ) ) return -1; i_len = func(i_len); static unsigned * func(const unsigned * i_len) unsigned i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); return i_len i_len = func(i_len); if( p_read ) memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 0 --------------------------------- 13862 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) stream_sys_t *p_sys = s->p_sys; if( !p_read ) return 0; if( Fill( s ) ) return -1; i_len = func(&i_len); static int * func(int * * i_lenPtr) int * i_len = *i_lenPtr int i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); return i_len i_len = func(&i_len); memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 1 --------------------------------- 13863 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) stream_sys_t *p_sys = s->p_sys; if( Fill( s ) ) return -1; i_len = func(&i_len); static unsigned * func(unsigned * * i_lenPtr) unsigned * i_len = *i_lenPtr unsigned i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); return i_len i_len = func(&i_len); if( p_read ) memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 0 --------------------------------- 13864 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 void (*funcPtr) (int *) = badSource; static int Read( stream_t *s, void *p_read, unsigned int i_read ) stream_sys_t *p_sys = s->p_sys; if( !p_read ) return 0; if( Fill( s ) ) return -1; funcPtr(i_len) void badSource(int * i_len) int i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 1 --------------------------------- 13865 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 void (*funcPtr) (unsigned *) = badSource; static int Read( stream_t *s, void *p_read, unsigned int i_read ) stream_sys_t *p_sys = s->p_sys; if( Fill( s ) ) return -1; funcPtr(i_len) void badSource(unsigned * i_len) unsigned i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); if( p_read ) memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 0 --------------------------------- 13866 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) stream_sys_t *p_sys = s->p_sys; if( !p_read ) return 0; if( Fill( s ) ) return -1; int i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); int * datacopy = i_len; int * i_len = datacopy memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 1 --------------------------------- 13867 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) stream_sys_t *p_sys = s->p_sys; if( Fill( s ) ) return -1; unsigned i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); unsigned * datacopy = i_len; unsigned * i_len = datacopy if( p_read ) memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 0 --------------------------------- 13868 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) stream_sys_t *p_sys = s->p_sys; if( !p_read ) return 0; if( Fill( s ) ) return -1; int i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); c_len = i_len + memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, c_len-5 ); 1 --------------------------------- 13869 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) stream_sys_t *p_sys = s->p_sys; if( Fill( s ) ) return -1; unsigned i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); c_len = i_len + if( p_read ) memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, c_len ); 0 --------------------------------- 13870 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) if( !p_read ) return 0; if( Fill( s ) ) return -1; stream_sys_t *p_sys = s->p_sys; int i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 1 --------------------------------- 13871 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) if( Fill( s ) ) return -1; stream_sys_t *p_sys = s->p_sys; unsigned i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); if( p_read ) memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 0 --------------------------------- 13872 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) int * dataArray[5] dataArray[2] = i_len; stream_sys_t *p_sys = s->p_sys; if( !p_read ) return 0; if( Fill( s ) ) return -1; i_len = badSouce(dataArray) void badSouce(int *dataArray[]) int * i_len = dataArray[2] int i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); return i_len memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 1 --------------------------------- 13873 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) unsigned * dataArray[5] dataArray[2] = i_len; stream_sys_t *p_sys = s->p_sys; if( Fill( s ) ) return -1; i_len = badSouce(dataArray) void badSouce(int *dataArray[]) unsigned * i_len = dataArray[2] unsigned i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); return i_len if( p_read ) memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 0 --------------------------------- 13874 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) unionType myUnion; stream_sys_t *p_sys = s->p_sys; if( !p_read ) return 0; if( Fill( s ) ) return -1; int i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); myUnion.unionFirst = i_len; int i_len = myUnion.unionSecond; memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 1 --------------------------------- 13875 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) unionType myUnion; stream_sys_t *p_sys = s->p_sys; if( Fill( s ) ) return -1; unsigned i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); myUnion.unionFirst = i_len; unsigned i_len = myUnion.unionSecond; if( p_read ) memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 0 --------------------------------- 13876 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) structType myStruct; myStruct.structFirst = i_len; stream_sys_t *p_sys = s->p_sys; if( !p_read ) return 0; if( Fill( s ) ) return -1; i_len = badSouce(myStruct) int i_len = myStruct.structFirst int i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); return i_len memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 1 --------------------------------- 13877 CVE-2010-1444/vlc_media_player_1.1.0_CVE-2010-1444_zipstream.c Buffer_Overflow_boundedcpy 252 static int Read( stream_t *s, void *p_read, unsigned int i_read ) structType myStruct; myStruct.structFirst = i_len; stream_sys_t *p_sys = s->p_sys; if( Fill( s ) ) return -1; i_len = badSouce(myStruct) unsigned i_len = myStruct.structFirst unsigned i_len = __MIN( i_read, p_sys->i_len - p_sys->i_pos ); return i_len if( p_read ) memcpy( p_read, p_sys->psz_xspf + p_sys->i_pos, i_len ); 0 --------------------------------- 13878 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_chk->strf.vids.p_bih = func(p_chk->strf.vids.p_bih); static void * func(const void * p_chk->strf.vids.p_bih) p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size ); return p_chk->strf.vids.p_bih; p_chk->strf.vids.p_bih = func(p_chk->strf.vids.p_bih); if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 1 --------------------------------- 13879 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_chk->strf.vids.p_bih = func(p_chk->strf.vids.p_bih); static void * func(const void * p_chk->strf.vids.p_bih) p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,sizeof( *p_chk->strf.vids.p_bih ) ) ); return p_chk->strf.vids.p_bih; p_chk->strf.vids.p_bih = func(p_chk->strf.vids.p_bih); if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 0 --------------------------------- 13880 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_chk->strf.vids.p_bih = func(&p_chk->strf.vids.p_bih); static void * func(void * * ptr) void * p_chk->strf.vids.p_bih =*ptr p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size ); return p_chk->strf.vids.p_bih; p_chk->strf.vids.p_bih = func(&p_chk->strf.vids.p_bih) if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 1 --------------------------------- 13881 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_chk->strf.vids.p_bih = func(&p_chk->strf.vids.p_bih); static void * func(void * * ptr) void * p_chk->strf.vids.p_bih =*ptr p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,sizeof( *p_chk->strf.vids.p_bih ) ) ); return p_chk->strf.vids.p_bih; p_chk->strf.vids.p_bih = func(&p_chk->strf.vids.p_bih) if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 0 --------------------------------- 13882 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 void (*funcPtr) = badSource; p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); funcPtr(p_chk->strf.vids.p_bih) void badSource(void * p_chk->strf.vids.p_bih) p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size ); if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 1 --------------------------------- 13883 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 void (*funcPtr) = badSource; p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); funcPtr(p_chk->strf.vids.p_bih) void badSource(void * p_chk->strf.vids.p_bih) p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,sizeof( *p_chk->strf.vids.p_bih ) ) ); if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 0 --------------------------------- 13884 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size ); void * datacopy = p_chk->strf.vids.p_bih; viod *p_chk->strf.vids.p_bih = datacopy; if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 1 --------------------------------- 13885 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,sizeof( *p_chk->strf.vids.p_bih ) ) ); void * datacopy = p_chk->strf.vids.p_bih; viod *p_chk->strf.vids.p_bih = datacopy; if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 0 --------------------------------- 13886 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size ); if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 ) instead = &p_chk->strf.vids.p_bih[1] memcpy( instaed, p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 1 --------------------------------- 13887 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,sizeof( *p_chk->strf.vids.p_bih ) ) ); if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) ) instead = &p_chk->strf.vids.p_bih[1] memcpy( instead, p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 0 --------------------------------- 13888 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size ); p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 1 --------------------------------- 13889 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,sizeof( *p_chk->strf.vids.p_bih ) ) ); p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 0 --------------------------------- 13890 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); void * dataarry[5]; dataarry[2] = p_chk->strf.vids.p_bih; p_chk->strf.vids.p_bih = badsource(dataarray) void badsource(void * dataarray[2]) void * p_chk->strf.vids.p_bih = dataarray[2]; p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size ); return p_chk->strf.vids.p_bih; if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 1 --------------------------------- 13891 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); void * dataarry[5]; dataarry[2] = p_chk->strf.vids.p_bih; p_chk->strf.vids.p_bih = badsource(dataarray) void badsource(void * dataarray[2]) void * p_chk->strf.vids.p_bih = dataarray[2]; p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,sizeof( *p_chk->strf.vids.p_bih ) ) ); return p_chk->strf.vids.p_bih; if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 0 --------------------------------- 13892 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); unionType myUnion; myUnion.unionFirst = p_chk->strf.vids.p_bih; void * p_chk->strf.vids.p_bih = myUnion.unionSecond; p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size ); if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 1 --------------------------------- 13893 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); unionType myUnion; myUnion.unionFirst = p_chk->strf.vids.p_bih; void * p_chk->strf.vids.p_bih = myUnion.unionSecond; p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,sizeof( *p_chk->strf.vids.p_bih ) ) ); if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 0 --------------------------------- 13894 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); structType myStruct; myStruct.structFirst = p_chk->strf.vids.p_bih; p_chk->strf.vids.p_bih = badSource(myStruct) void badSource(myStruct); void * p_chk->strf.vids.p_bih = myUnion.unionSecond; p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size ); return p_chk->strf.vids.p_bih if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 1 --------------------------------- 13895 CVE-2011-2588/vlc_media_player_0.9.9_CVE-2011-2588_libavi.c Buffer_Overflow_boundedcpy 385 p_chk->strf.auds.p_wf = malloc( __MAX( p_chk->common.i_chunk_size, sizeof( WAVEFORMATEX ) ) ); if( p_chk->strf.auds.p_wf->wFormatTag != WAVE_FORMAT_PCM && p_chk->common.i_chunk_size > sizeof( WAVEFORMATEX ) ) if( p_chk->strf.auds.p_wf->cbSize > p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ) ) p_chk->strf.auds.p_wf->cbSize = p_chk->common.i_chunk_size - sizeof( WAVEFORMATEX ); structType myStruct; myStruct.structFirst = p_chk->strf.vids.p_bih; p_chk->strf.vids.p_bih = badSource(myStruct) void badSource(myStruct); void * p_chk->strf.vids.p_bih = myUnion.unionSecond; p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,sizeof( *p_chk->strf.vids.p_bih ) ) ); return p_chk->strf.vids.p_bih if( p_chk->strf.vids.p_bih->biSize > p_chk->common.i_chunk_size ) p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size; if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) ) memcpy( &p_chk->strf.vids.p_bih[1], p_buff + 8 + sizeof(BITMAPINFOHEADER), p_chk->common.i_chunk_size -sizeof(BITMAPINFOHEADER) ); 0 --------------------------------- 13896 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; p_stream->i_headers = func(p_stream->i_headers) static int func(const int p_stream->i_headers) p_stream->i_headers += p_oggpacket->bytes; return p_stream->i_headers; p_stream->i_headers = func(p_stream->i_headers); p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_stream->i_headers ); 1 --------------------------------- 13897 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; p_stream->i_headers = func(p_stream->i_headers) static int func(const int p_stream->i_headers) p_stream->i_headers += p_oggpacket->bytes; return p_stream->i_headers; p_stream->i_headers = func(p_stream->i_headers); p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_oggpacket->bytes ); 0 --------------------------------- 13898 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; p_stream->i_headers = func(&p_stream->i_headers); static int func(int * ptr) int p_stream->i_headers = *ptr; p_stream->i_headers += p_oggpacket->bytes; return p_stream->i_headers; p_stream->i_headers = func(&p_stream->i_headers); p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_stream->i_headers ); 1 --------------------------------- 13899 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; p_stream->i_headers = func(&p_stream->i_headers); static int func(int * ptr) int p_stream->i_headers = *ptr; p_stream->i_headers += p_oggpacket->bytes; return p_stream->i_headers; p_stream->i_headers = func(&p_stream->i_headers); p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_oggpacket->bytes ); 0 --------------------------------- 13900 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; void (funcptr) (int) = badSource; funcPtr(p_stream->i_headers) void badSource(int p_stream->i_headers) p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_stream->i_headers ); 1 --------------------------------- 13901 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; void (funcptr) (int) = badSource; funcPtr(p_stream->i_headers) void badSource(int p_stream->i_headers) p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_oggpacket->bytes ); 0 --------------------------------- 13902 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; p_stream->i_headers += p_oggpacket->bytes; int datacopy = p_stream->i_headers; int p_stream->i_headers = datacopy; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_stream->i_headers ); 1 --------------------------------- 13903 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; p_stream->i_headers += p_oggpacket->bytes; int datacopy = p_stream->i_headers; int p_stream->i_headers = datacopy; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_oggpacket->bytes ); 0 --------------------------------- 13904 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; p_stream->i_headers += p_oggpacket->bytes; n = p_stream->i_headers +5 p_stream->p_headers = realloc( p_stream->p_headers, n-5 ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers +n-5 - p_oggpacket->bytes, p_oggpacket->packet, n-5 ); 1 --------------------------------- 13905 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; p_stream->i_headers += p_oggpacket->bytes; n = p_stream->i_headers +5 p_stream->p_headers = realloc( p_stream->p_headers, n-5 ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + n-5 - p_oggpacket->bytes, p_oggpacket->packet, p_oggpacket->bytes ); 0 --------------------------------- 13906 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_stream->i_headers ); 1 --------------------------------- 13907 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_oggpacket->bytes ); 0 --------------------------------- 13908 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; int dataarray[5] dataarray[2] = p_stream->i_headers; p_stream->i_headers = badSource(dataarray); void badsource(int dataarray[]) int p_stream->i_headers = dataarray[2] p_stream->i_headers += p_oggpacket->bytes; return p_stream->i_headers; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_stream->i_headers ); 1 --------------------------------- 13909 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; int dataarray[5] dataarray[2] = p_stream->i_headers; p_stream->i_headers = badSource(dataarray); void badsource(int dataarray[]) int p_stream->i_headers = dataarray[2] p_stream->i_headers += p_oggpacket->bytes; return p_stream->i_headers; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_oggpacket->bytes ); 0 --------------------------------- 13910 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; unionType myUnion; myUnion.unionFirst = p_stream->i_headers; int p_stream->i_headers = myUnion.unionSecond; p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_stream->i_headers ); 1 --------------------------------- 13911 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; unionType myUnion; myUnion.unionFirst = p_stream->i_headers; int p_stream->i_headers = myUnion.unionSecond; p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_oggpacket->bytes ); 0 --------------------------------- 13912 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; structType myStruct; myStruct.structFirst = p_stream->i_headers; p_stream->i_headers = badSource(myStruct); void badSource(structType myStruct) int p_stream->i_headers = myStruct.structFirst; p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_stream->i_headers ); 1 --------------------------------- 13913 CVE-2012-3377/vlc_media_player_2.0.0_CVE-2012-3377_ogg.c Buffer_Overflow_boundedcpy 601 void *p_org = p_stream->p_headers; structType myStruct; myStruct.structFirst = p_stream->i_headers; p_stream->i_headers = badSource(myStruct); void badSource(structType myStruct) int p_stream->i_headers = myStruct.structFirst; p_stream->i_headers += p_oggpacket->bytes; p_stream->p_headers = realloc( p_stream->p_headers, p_stream->i_headers ); if( p_stream->p_headers ) memcpy( (unsigned char *)p_stream->p_headers + p_stream->i_headers - p_oggpacket->bytes, p_oggpacket->packet, p_oggpacket->bytes ); 0 --------------------------------- 13914 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; psz_server = func(psz_server); static char * func(const char * psz_server) strlcpy( psz_server, psz_path, sizeof( psz_server ) ); return psz_server; psz_server = func(psz_server); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); sprintf( psz_remote, "\\\\%s\\%s", psz_server, psz_share ); 1 --------------------------------- 13915 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; psz_server = func(psz_server); static char * func(const char * psz_server) strlcpy( psz_server, psz_path, sizeof( psz_server ) ); return psz_server; psz_server = func(psz_server); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); snprintf( psz_remote, sizeof( psz_remote ), "\\\\%s\\%s", psz_server, psz_share ); 0 --------------------------------- 13916 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; psz_server = func(&psz_server); static char * func(const char * * ptr) cahr * psz_server = *ptr; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); return psz_server; psz_server = func(&psz_server); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); sprintf( psz_remote, "\\\\%s\\%s", psz_server, psz_share ); 1 --------------------------------- 13917 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; psz_server = func(&psz_server); static char * func(const char * * ptr) cahr * psz_server = *ptr; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); return psz_server; psz_server = func(&psz_server); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); snprintf( psz_remote, sizeof( psz_remote ), "\\\\%s\\%s", psz_server, psz_share ); 0 --------------------------------- 13918 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; void (*funcptr) (char *) = badsource; funcptr(psz_server) void badsource(char * psz_server) strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); sprintf( psz_remote, "\\\\%s\\%s", psz_server, psz_share ); 1 --------------------------------- 13919 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; void (*funcptr) (char *) = badsource; funcptr(psz_server) void badsource(char * psz_server) strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); snprintf( psz_remote, sizeof( psz_remote ), "\\\\%s\\%s", psz_server, psz_share ); 0 --------------------------------- 13920 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); char * datacopy = psz_server; char * psz_server = datacopy; psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); sprintf( psz_remote, "\\\\%s\\%s", psz_server, psz_share ); 1 --------------------------------- 13921 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); char * datacopy = psz_server; char * psz_server = datacopy; psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); snprintf( psz_remote, sizeof( psz_remote ), "\\\\%s\\%s", psz_server, psz_share ); 0 --------------------------------- 13922 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); n = sizeof( psz_share ) +5; if( psz_parser2 ) strlcpy( psz_share, psz_parser, n-5 ); sprintf( psz_remote, "\\\\%s\\%s", psz_server, psz_share ); 1 --------------------------------- 13923 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); n = sizeof( psz_share ) +5; if( psz_parser2 ) strlcpy( psz_share, psz_parser, n-5 ); snprintf( psz_remote, sizeof( psz_remote ), "\\\\%s\\%s", psz_server, psz_share ); 0 --------------------------------- 13924 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; psz_share[0] = 0; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); sprintf( psz_remote, "\\\\%s\\%s", psz_server, psz_share ); 1 --------------------------------- 13925 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; psz_share[0] = 0; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); snprintf( psz_remote, sizeof( psz_remote ), "\\\\%s\\%s", psz_server, psz_share ); 0 --------------------------------- 13926 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; char * dataArray[5]; dataArray[2] = psz_server; psz_server = badsource(dataArray); void badsource(char * dataArray[]) char * psz_server = dataArray[2]; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); sprintf( psz_remote, "\\\\%s\\%s", psz_server, psz_share ); 1 --------------------------------- 13927 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; char * dataArray[5]; dataArray[2] = psz_server; psz_server = badsource(dataArray); void badsource(char * dataArray[]) char * psz_server = dataArray[2]; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); snprintf( psz_remote, sizeof( psz_remote ), "\\\\%s\\%s", psz_server, psz_share ); 0 --------------------------------- 13928 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; unionType myUnion; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); myUnion.unionFirst = psz_server; cahr * psz_server = myUnion.unionSecond; psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); sprintf( psz_remote, "\\\\%s\\%s", psz_server, psz_share ); 1 --------------------------------- 13929 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; unionType myUnion; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); myUnion.unionFirst = psz_server; cahr * psz_server = myUnion.unionSecond; psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); snprintf( psz_remote, sizeof( psz_remote ), "\\\\%s\\%s", psz_server, psz_share ); 0 --------------------------------- 13930 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; structType myStruct; myStruct.structFirst = psz_server; psz_server = badsource(myStruct) void badsource(structType myStruct) char * psz_server = myStruct.structFirst; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); sprintf( psz_remote, "\\\\%s\\%s", psz_server, psz_share ); 1 --------------------------------- 13931 CVE-2009-2484/vlc_media_player_0.9.9_CVE-2009-2484_smb.c Format_String_Attack 446 char psz_remote[MAX_PATH], psz_server[MAX_PATH], psz_share[MAX_PATH]; structType myStruct; myStruct.structFirst = psz_server; psz_server = badsource(myStruct) void badsource(structType myStruct) char * psz_server = myStruct.structFirst; strlcpy( psz_server, psz_path, sizeof( psz_server ) ); psz_share[0] = 0; psz_parser = strchr( psz_path, '/' ); if( psz_parser ) char *psz_parser2 = strchr( ++psz_parser, '/' ); if( psz_parser2 ) strlcpy( psz_share, psz_parser, sizeof( psz_share ) ); snprintf( psz_remote, sizeof( psz_remote ), "\\\\%s\\%s", psz_server, psz_share ); 0 --------------------------------- 13932 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; hbtype = *p++; n2s(p, payload); pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; int r; buffer = func(buffer); static char * func(const char * buffer) buffer = OPENSSL_malloc(1 + 2 + payload + padding); return buffer; buffer = func(buffer); bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding, s, s->msg_callback_arg); 1 --------------------------------- 13933 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; if (1 + 2 + 16 > s->s3->rrec.length) return 0; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; unsigned int write_length = payload + padding; int r; if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) return 0; buffer = func(buffer); static char * func(const char * buffer) buffer = OPENSSL_malloc(write_length); return buffer; buffer = func(buffer); bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, write_length, s, s->msg_callback_arg); 0 --------------------------------- 13934 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; hbtype = *p++; n2s(p, payload); pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; int r; buffer = func(&buffer); static char * func(char * * ptr) cahr * buffer = *ptr buffer = OPENSSL_malloc(1 + 2 + payload + padding); return buffer; buffer = func(*buffer); bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding, s, s->msg_callback_arg); 1 --------------------------------- 13935 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; if (1 + 2 + 16 > s->s3->rrec.length) return 0; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; unsigned int write_length = payload + padding; int r; if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) return 0; buffer = func(&buffer); static char * func(char * * ptr) buffer = OPENSSL_malloc(write_length); return buffer; buffer = func(&buffer); bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, write_length, s, s->msg_callback_arg); 0 --------------------------------- 13936 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; hbtype = *p++; n2s(p, payload); pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; int r; void (*funcPtr) (char *) = badsource; funcPtr(buffer) void badsource(char * buffer) buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding, s, s->msg_callback_arg); 1 --------------------------------- 13937 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; if (1 + 2 + 16 > s->s3->rrec.length) return 0; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; unsigned int write_length = payload + padding; int r; if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) return 0; void (*funcPtr) (char *) = badsource; funcPtr(buffer) void badsource(char * buffer) buffer = OPENSSL_malloc(write_length); bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, write_length, s, s->msg_callback_arg); 0 --------------------------------- 13938 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; hbtype = *p++; n2s(p, payload); pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; int r; buffer = OPENSSL_malloc(1 + 2 + payload + padding); char * datacopy = buffer; cahr * buffer = datacopy; bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding, s, s->msg_callback_arg); 1 --------------------------------- 13939 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; if (1 + 2 + 16 > s->s3->rrec.length) return 0; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; unsigned int write_length = payload + padding; int r; if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) return 0; buffer = OPENSSL_malloc(write_length); char * datacopy = buffer; cahr * buffer = datacopy; bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, write_length, s, s->msg_callback_arg); 0 --------------------------------- 13940 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; hbtype = *p++; n2s(p, payload); pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; int r; len = 3 + payload + padding; buffer = OPENSSL_malloc(len); bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, len); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, len, s, s->msg_callback_arg); 1 --------------------------------- 13941 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; if (1 + 2 + 16 > s->s3->rrec.length) return 0; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; int r; if (3 + payload + padding; > SSL3_RT_MAX_PLAIN_LENGTH) return 0; buffer = OPENSSL_malloc(3 + payload + padding;); bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding;); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding;, s, s->msg_callback_arg); 0 --------------------------------- 13942 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; hbtype = *p++; n2s(p, payload); pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; int r; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding, s, s->msg_callback_arg); 1 --------------------------------- 13943 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; if (1 + 2 + 16 > s->s3->rrec.length) return 0; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; unsigned int write_length = payload + padding; buffer = OPENSSL_malloc(write_length); bp = buffer; int r; if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) return 0; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, write_length, s, s->msg_callback_arg); 0 --------------------------------- 13944 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; hbtype = *p++; n2s(p, payload); pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; int r; cahr * dataArray[5]; dataArray[2] = buffer; buffer = badsource(dataArray); void badsource(char * dataArray[]) cahr * buffer = dataArray[2]; buffer = OPENSSL_malloc(1 + 2 + payload + padding); reruen buffer; bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding, s, s->msg_callback_arg); 1 --------------------------------- 13945 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; if (1 + 2 + 16 > s->s3->rrec.length) return 0; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; unsigned int write_length = payload + padding; int r; if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) return 0; cahr * dataArray[5]; dataArray[2] = buffer; buffer = badsource(dataArray); void badsource(char * dataArray[]) cahr * buffer = dataArray[2]; buffer = OPENSSL_malloc(write_length); return buffer; bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, write_length, s, s->msg_callback_arg); 0 --------------------------------- 13946 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; hbtype = *p++; n2s(p, payload); pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; int r; unionType myUnion; buffer = OPENSSL_malloc(1 + 2 + payload + padding); myUnion.unionFirst = buffer; char * buffer = myUnion.unionSecond; bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding, s, s->msg_callback_arg); 1 --------------------------------- 13947 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; if (1 + 2 + 16 > s->s3->rrec.length) return 0; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; unsigned int write_length = payload + padding; int r; if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) return 0; unionType myUnion; buffer = OPENSSL_malloc(write_length); myUnion.unionFirst = buffer; char * buffer = myUnion.unionSecond; bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, write_length, s, s->msg_callback_arg); 0 --------------------------------- 13948 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; hbtype = *p++; n2s(p, payload); pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; int r; structType myStruct; myStruct.structFirst = buffer; buffer = badsource(myStruct); void badsource(structType myStruct) char * buffer = myStruct.structFirst; buffer = OPENSSL_malloc(1 + 2 + payload + padding); return buffer; bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding, s, s->msg_callback_arg); 1 --------------------------------- 13949 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_d1_both.c Buffer_Overflow_boundedcpy 1550 unsigned int payload; unsigned int padding = 16; if (1 + 2 + 16 > s->s3->rrec.length) return 0; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; if (hbtype == TLS1_HB_REQUEST) unsigned char *buffer, *bp; unsigned int write_length = payload + padding; int r; if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) return 0; structType myStruct; myStruct.structFirst = buffer; buffer = badsource(myStruct); void badsource(structType myStruct) char * buffer = myStruct.structFirst; buffer = OPENSSL_malloc(write_length); return buffer; bp = buffer; r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, buffer, write_length, s, s->msg_callback_arg); 0 --------------------------------- 13950 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 729 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "interface setcfg %s %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 0 --------------------------------- 13951 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 926 void NetworkUtils::setDnsForwarders(CommandChain* aChain,CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "tether dns set %d %s %s", GET_FIELD(mNetId), GET_CHAR(mDns1), GET_CHAR(mDns2)); 0 --------------------------------- 13952 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = PR_snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = PR_snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 0 --------------------------------- 13953 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13954 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13955 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1239 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 20) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "interface route add %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13956 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) { PR_snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); 0 --------------------------------- 13957 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 879 void NetworkUtils::startTethering(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (!GET_FIELD(mUsbStartIp).IsEmpty() && !GET_FIELD(mUsbEndIp).IsEmpty()) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "tether start %s %s %s %s", GET_CHAR(mWifiStartIp), GET_CHAR(mWifiEndIp), GET_CHAR(mUsbStartIp), GET_CHAR(mUsbEndIp)); 0 --------------------------------- 13958 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = aDoAdd ? "add" : "remove"; PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 0 --------------------------------- 13959 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = aOptions.mDnses.Length(); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; PR_snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 0 --------------------------------- 13960 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = getNetworkAddr(ip, prefix); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 0 --------------------------------- 13961 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13962 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1264 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 20) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "interface route remove %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13963 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp String_Termination_Error 1607 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* reason = strtok(nullptr, "\0"); sendBroadcastMessage(code, reason); if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); if (!strcmp(reason, linkdownReason)) { 0 --------------------------------- 13964 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1040 void NetworkUtils::setInterfaceDns(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION <= 20) { written = PR_snprintf(command, sizeof command, "resolver setifdns %s %s", GET_CHAR(mIfname), GET_CHAR(mDomain)); 0 --------------------------------- 13965 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1257 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13966 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 723 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "interface setcfg %s %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 0 --------------------------------- 13967 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13968 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION < 16) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13969 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13970 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1232 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 0 --------------------------------- 13971 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = atoi(result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; PR_snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 0 --------------------------------- 13972 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); PR_snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 0 --------------------------------- 13973 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { PR_snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 0 --------------------------------- 13974 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 371 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; if (!strcmp(iface, "p2p0")) { PR_snprintf(command, COMMAND_SIZE, "%s", cmd); 0 --------------------------------- 13975 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 374 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; if (!strcmp(iface, "p2p0")) { PR_snprintf(command, COMMAND_SIZE, "IFNAME=%s %s", iface, cmd); 0 --------------------------------- 13976 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = aLength;} if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { CheckedInt32 size = mTextSize; size += aLength; if (!size.isValid()) { return NS_ERROR_OUT_OF_MEMORY; } mTextSize = size.value(); mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 0 --------------------------------- 13977 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 0 --------------------------------- 13978 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end());} for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = part.frames[k]; ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 0 --------------------------------- 13979 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 0 --------------------------------- 13980 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (part.ReadFromString(line)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = frame.buf; char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 0 --------------------------------- 13981 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Format_String_Attack 523 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { 0 --------------------------------- 13982 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (part.ReadFromString(line)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); 0 --------------------------------- 13983 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr + kLengthFieldLength <= packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); if (nalu_ptr + kLengthFieldLength + length <= packet_buffer + packet.sizeBytes) { required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} nalu_ptr += kLengthFieldLength + length; } else { LOG(LS_ERROR) << "Failed to insert packet due to corrupt H264 STAP-A"; return 0; } } if (required_length > packet.sizeBytes + kBufferSafetyMargin) { LOG(LS_ERROR) << "Failed to insert packet due to too many NALs in a STAP-A"; return 0;} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += (*it).sizeBytes; if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift;} memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 0 --------------------------------- 13984 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate)channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 rate) in_fmt->m_vc_size = vc_size; in_fmt->m_sdh_line_rate = rate; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 0 --------------------------------- 13985 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = get_token_len(line, line+5, &token); if (tokenlen != 0) { tokenlen = get_token_len(token, line+linelen, &next_token); if (tokenlen >= 3) { memcpy(response_chars, token, 3); 0 --------------------------------- 13986 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( pin + 2 >= pin_end ) { *err = WTAP_ERR_UNC_TRUNCATED; return ( -1 ); } bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ) if ( pout + 1 > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); *(pout++) = *(pin++); *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = code_low + 3; memset( pout, *pin++, length ); 0 --------------------------------- 13987 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ){ if ( pout + 1 > pout_end ) {*err = WTAP_ERR_UNC_OVERFLOW; return ( -1 ); } *(pout++) = *(pin++); offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset + length > pout ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = code_type; if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 0 --------------------------------- 13988 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 729 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16) { snprintf(command, MAX_COMMAND_SIZE - 1, "interface setcfg %s %s %s [%s]", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 1 --------------------------------- 13989 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 926 void NetworkUtils::setDnsForwarders(CommandChain* aChain,CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { snprintf(command, MAX_COMMAND_SIZE - 1, "tether dns set %d %s %s", GET_FIELD(mNetId), GET_CHAR(mDns1), GET_CHAR(mDns2)); 1 --------------------------------- 13990 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1050 void NetworkUtils::setInterfaceDns(CommandChain* aChain, ommandCallback aCallback,NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION >= 20) { written = snprintf(command, sizeof command, "resolver setnetdns %d %s", GET_FIELD(mNetId), GET_CHAR(mDomain)); nsTArray& dnses = GET_FIELD(mDnses); uint32_t length = dnses.Length(); for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(dnses[i]); int ret = snprintf(command + written, sizeof(command) - written, " %s", autoDns.get()); 1 --------------------------------- 13991 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1185 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return addDefaultRouteToNetwork(aChain, aOriginalCallback, aResult); void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return; } char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13992 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1006 static void callback(CommandCallback::CallbackType aOriginalCallback, CommandChain* aChain, bool aError, mozilla::dom::NetworkResultOptions& aResult) NS_ConvertUTF16toUTF8 reason(aResult.mResultReason); return removeDefaultRoute(aChain, aOriginalCallback, aResult); void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback,NetworkResultOptions& aResult) if (GET_FIELD(mLoopIndex) >= GET_FIELD(mGateways).Length()) { aCallback(aChain, false, aResult); return;} char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 13993 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1239 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 20) { snprintf(command, MAX_COMMAND_SIZE - 1, "interface route add %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 13994 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 497 void NetworkUtils::doCommand(const char* aCommand, CommandChain* aChain, CommandCallback aCallback) NU_DBG("Preparing to send \'%s\' command...", aCommand); NetdCommand* netdCommand = new NetdCommand(); if (SDK_VERSION >= 16) { snprintf((char*)netdCommand->mData, MAX_COMMAND_SIZE - 1, "0 %s", aCommand); 1 --------------------------------- 13995 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 879 void NetworkUtils::startTethering(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (!GET_FIELD(mUsbStartIp).IsEmpty() && !GET_FIELD(mUsbEndIp).IsEmpty()) { snprintf(command, MAX_COMMAND_SIZE - 1, "tether start %s %s %s %s", GET_CHAR(mWifiStartIp), GET_CHAR(mWifiEndIp), GET_CHAR(mUsbStartIp), GET_CHAR(mUsbEndIp)); 1 --------------------------------- 13996 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1164 void NetworkUtils::modifyRouteOnInterface(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult, bool aDoAdd) char command[MAX_COMMAND_SIZE]; nsCString ipOrSubnetIp = NS_ConvertUTF16toUTF8(GET_FIELD(mIp)); nsCString gatewayOrEmpty; const char* legacyOrEmpty = "legacy 0 "; if (GET_FIELD(mGateway).IsEmpty()) { ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); nsCString NetworkUtils::getSubnetIp(const nsCString& aIp, int aPrefixLength) return nsCString(); ipOrSubnetIp = getSubnetIp(ipOrSubnetIp, GET_FIELD(mPrefixLength)); const char* action = aDoAdd ? "add" : "remove"; snprintf(command, MAX_COMMAND_SIZE - 1, "network route %s%s %d %s %s/%d%s", legacyOrEmpty, action, GET_FIELD(mNetId), GET_CHAR(mIfname), ipOrSubnetIp.get(), GET_FIELD(mPrefixLength), gatewayOrEmpty.get()); 1 --------------------------------- 13997 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1682 CommandResult NetworkUtils::setDNS(NetworkParams& aOptions) uint32_t length = aOptions.mDnses.Length(); if (length > 0) { for (uint32_t i = 0; i < length; i++) { NS_ConvertUTF16toUTF8 autoDns(aOptions.mDnses[i]); char dns_prop_key[PROPERTY_VALUE_MAX]; snprintf(dns_prop_key, sizeof dns_prop_key, "net.dns%d", i+1); 1 --------------------------------- 13998 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 781 void NetworkUtils::addRouteToLocalNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; uint32_t prefix = atoi(GET_CHAR(mPrefix)); uint32_t ip = inet_addr(GET_CHAR(mIp)); char* networkAddr = getNetworkAddr(ip, prefix); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add local %s %s/%s", GET_CHAR(mInternalIfname), networkAddr, GET_CHAR(mPrefix)); 1 --------------------------------- 13999 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 14000 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Format_String_Attack 1264 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION < 20) { snprintf(command, MAX_COMMAND_SIZE - 1, "interface route remove %s secondary %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 14001 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp String_Termination_Error 1607 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* reason = strtok(nullptr, "\0"); sendBroadcastMessage(code, reason); if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); if (!strcmp(reason, linkdownReason)) { 1 --------------------------------- 14002 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1040 void NetworkUtils::setInterfaceDns(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; int written; if (SDK_VERSION <= 20) { written = snprintf(command, sizeof command, "resolver setifdns %s %s", GET_CHAR(mIfname), GET_CHAR(mDomain)); 1 --------------------------------- 14003 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1257 void NetworkUtils::removeRouteFromSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 14004 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 723 void NetworkUtils::setInterfaceUp(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 16) { snprintf(command, MAX_COMMAND_SIZE - 1, "interface setcfg %s %s %s %s", GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mLink)); 1 --------------------------------- 14005 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1005 void NetworkUtils::removeDefaultRoute(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route remove %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 14006 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 615 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION < 16) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s %s \"%s\" %s \"%s\" 6 0 8", GET_CHAR(mIfname), GET_CHAR(mWifictrlinterfacename), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 14007 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 608 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); if (SDK_VERSION >= 16 && SDK_VERSION < 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 14008 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1232 void NetworkUtils::addRouteToSecondaryTable(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) { char command[MAX_COMMAND_SIZE]; if (SDK_VERSION >= 20) { snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/%s %s", GET_FIELD(mNetId), GET_CHAR(mIfname), GET_CHAR(mIp), GET_CHAR(mPrefix), GET_CHAR(mGateway)); 1 --------------------------------- 14009 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1605 void NetworkUtils::onNetdMessage(NetdCommand* aCommand) char* data = (char*)aCommand->mData; char* result = strtok(data, NETD_MESSAGE_DELIMIT); uint32_t code = atoi(result); char* reason = strtok(nullptr, "\0"); if (isBroadcastMessage(code)) { if (code == NETD_COMMAND_INTERFACE_CHANGE) { if (gWifiTetheringParms) { char linkdownReason[MAX_COMMAND_SIZE]; snprintf(linkdownReason, MAX_COMMAND_SIZE - 1, "Iface linkstate %s down", NS_ConvertUTF16toUTF8(gWifiTetheringParms->mIfname).get()); 1 --------------------------------- 14010 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 1185 void NetworkUtils::addDefaultRouteToNetwork(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsTArray& gateways = GET_FIELD(mGateways); NS_ConvertUTF16toUTF8 autoGateway(gateways[GET_FIELD(mLoopIndex)]); int type = getIpType(autoGateway.get()); snprintf(command, MAX_COMMAND_SIZE - 1, "network route add %d %s %s/0 %s", GET_FIELD(mNetId), GET_CHAR(mIfname), type == AF_INET6 ? "::" : "0.0.0.0", autoGateway.get()); 1 --------------------------------- 14011 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_system_gonk_NetworkUtils.cpp Buffer_Overflow_LowBound 602 void NetworkUtils::setAccessPoint(CommandChain* aChain, CommandCallback aCallback, NetworkResultOptions& aResult) char command[MAX_COMMAND_SIZE]; nsCString ssid(GET_CHAR(mSsid)); nsCString key(GET_CHAR(mKey)); escapeQuote(ssid); escapeQuote(key); if (SDK_VERSION >= 19) { snprintf(command, MAX_COMMAND_SIZE - 1, "softap set %s \"%s\" broadcast 6 %s \"%s\"", GET_CHAR(mIfname), ssid.get(), GET_CHAR(mSecurity), key.get()); 1 --------------------------------- 14012 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 371 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; if (!strcmp(iface, "p2p0")) { snprintf(command, COMMAND_SIZE, "%s", cmd); 1 --------------------------------- 14013 CVE-2015-4517/Firefox_40.0b9_CVE_2015_4517_dom_wifi_WifiUtils.cpp Format_String_Attack 374 int32_t do_wifi_command(const char* iface, const char* cmd, char* buf, size_t* len) { char command[COMMAND_SIZE]; if (strcmp(iface, "p2p0")) { snprintf(command, COMMAND_SIZE, "IFNAME=%s %s", iface, cmd); 1 --------------------------------- 14014 CVE-2015-7175/Firefox_40.0b9_CVE_2015_7175_dom_xul_nsXULContentSink.cpp Buffer_Overflow_boundedcpy 1044 nsresult XULContentSinkImpl::AddText(const char16_t* aText, int32_t aLength) int32_t offset = 0; while (0 != aLength) { int32_t amount = mTextSize - mTextLength; if (amount > aLength) { amount = aLength;} if (0 == amount) { if (mConstrainSize) { nsresult rv = FlushText(); if (NS_OK != rv) { return rv; } } else { mTextSize += aLength; mText = (char16_t *) realloc(mText, sizeof(char16_t) * mTextSize); if (nullptr == mText) { return NS_ERROR_OUT_OF_MEMORY; }}} memcpy(&mText[mTextLength],aText + offset, sizeof(char16_t) * amount); 1 --------------------------------- 14015 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_LowBound 533 static void * AnimationThread(void *) int32_t width, height, fps; const char *line = descCopy.c_str(); const char *end; bool headerRead = true; vector parts; do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s",&part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); 1 --------------------------------- 14016 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 585 static void * AnimationThread(void *) do { end = strstr(line, "\n"); AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } } while (end && *(line = end + 1)); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; entry = nullptr; char search[256]; snprintf(search, sizeof(search), "%s/", part.path); while ((entry = reader.GetNextEntry(entry))) { string name = reader.GetEntryName(entry); if (name.find(search) || !entry->GetDataSize() || name.length() >= 256) continue; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); frame.file = reader.GetLocalEntry(entry); sort(part.frames.begin(), part.frames.end()); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { AnimationFrame &frame = part.frames[k]; ANativeWindowBuffer *buf = display->DequeueBuffer(); wchar_t bgfill = AsBackgroundFill(frame.bgcolor, format); wmemset((wchar_t*)vaddr, bgfill, (buf->height * buf->stride * frame.bytepp) / sizeof(wchar_t)); 1 --------------------------------- 14017 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 590 static void * AnimationThread(void *) vector parts; AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); } for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; AnimationFrame &frame = part.frames[k]; if (!frame.buf) { frame.ReadPngFrame(format); } void *vaddr; if (grmodule->lock(grmodule, buf->handle, GRALLOC_USAGE_SW_READ_NEVER | GRALLOC_USAGE_SW_WRITE_OFTEN | GRALLOC_USAGE_HW_FB, 0, 0, width, height, &vaddr)) { LOGW("Failed to lock buffer_handle_t"); display->QueueBuffer(buf); break; } if (buf->height == frame.height && buf->stride == frame.width) { memcpy(vaddr, frame.buf, frame.width * frame.height * frame.bytepp); 1 --------------------------------- 14018 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_boundedcpy 603 static void * AnimationThread(void *) AnimationPart part; if (headerRead && sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { headerRead = false; } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { parts.push_back(part); for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; uint32_t j = 0; while (sRunAnimation && (!part.count || j++ < part.count)) { for (uint32_t k = 0; k < part.frames.size(); k++) { struct timeval tv1, tv2; gettimeofday(&tv1, nullptr); AnimationFrame &frame = part.frames[k]; int startx = (buf->width - frame.width) / 2; int starty = (buf->height - frame.height) / 2; int src_stride = frame.width * frame.bytepp; int dst_stride = buf->stride * frame.bytepp; char *src = frame.buf; char *dst = (char *) vaddr + starty * dst_stride + startx * frame.bytepp; for (int i = 0; i < frame.height; i++) { memcpy(dst, src, src_stride); 1 --------------------------------- 14019 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Format_String_Attack 523 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { 1 --------------------------------- 14020 CVE-2015-7176/Firefox_40.0b9_CVE_2015_7176_widget_gonk_libdisplay_BootAnimation.cpp Buffer_Overflow_cpycat 543 static void *AnimationThread(void *) if (!reader.OpenArchive("/system/media/bootanimation.zip")) { bool OpenArchive(const char *path) fd = open(path, O_RDONLY); if (fstat(fd, &sb) == -1 || sb.st_size < sizeof(cdir_end)) { mBuf = (char *)mmap(nullptr, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); if (!reader.OpenArchive("/system/media/bootanimation.zip")) { int32_t width, height, fps; while ((entry = reader.GetNextEntry(entry))) { entry = (cdir_entry *)(mBuf + letoh32(mEnd->cdir_offset)); !entry->Valid()) if (((char *)entry + entry->GetSize()) > mCdir_limit || return entry; while ((entry = reader.GetNextEntry(entry))) { descCopy.append(file->GetData(), entry->GetDataSize()); return letoh32(compressed_size); descCopy.append(file->GetData(), entry->GetDataSize()); const char *line = descCopy.c_str(); end = strstr(line, "\n"); AnimationPart part; sscanf(line, "%d %d %d", &width, &height, &fps) == 3) { } else if (sscanf(line, "p %d %d %s", &part.count, &part.pause, part.path)) { for (uint32_t i = 0; i < parts.size(); i++) { AnimationPart &part = parts[i]; part.frames.push_back(); AnimationFrame &frame = part.frames.back(); strcpy(frame.path, name.c_str()); 1 --------------------------------- 14021 CVE-2016-5257/Firefox_48.0b9_CVE_2016_5257_media_webrtc_trunk_webrtc_modules_video_coding_main_source_session_info.cc Buffer_Overflow_boundedcpy 243 size_t VCMSessionInfo::InsertBuffer(uint8_t* frame_buffer,acketIterator packet_it) { size_t required_length = 0; while (nalu_ptr < packet_buffer + packet.sizeBytes) { size_t length = BufferToUWord16(nalu_ptr); required_length += length + (packet.insertStartCode ? kH264StartCodeLengthBytes : 0);} ShiftSubsequentPackets(packet_it, required_length); void VCMSessionInfo::ShiftSubsequentPackets(PacketIterator it, int steps_to_shift) { ++it; if (it == packets_.end()) return; uint8_t* first_packet_ptr = const_cast((*it).dataPtr); int shift_length = 0; for (; it != packets_.end(); ++it) { shift_length += (*it).sizeBytes; if ((*it).dataPtr != NULL) (*it).dataPtr += steps_to_shift; memmove(first_packet_ptr + steps_to_shift, first_packet_ptr, shift_length); 1 --------------------------------- 14022 CVE-2012-4294/Wireshark_1.8.1_CVE_2012_4294_epan_dissectors_packet-erf.c Buffer_Overflow_boundedcpy 713 static void dissect_channelised_ex_header(tvbuff_t *tvb, packet_info *pinfo, proto_tree *pseudo_hdr_tree, int idx) guint64 hdr = pinfo->pseudo_header->erf.ehdr_list[idx].ehdr; guint8 vc_id = (guint8)((hdr >> 24) & 0xFF); guint8 vc_size = (guint8)((hdr >> 16) & 0xFF); guint8 line_speed = (guint8)((hdr >> 8) & 0xFF); sdh_g707_format_t g707_format; sdh_g707_format_t g707_format; channelised_fill_sdh_g707_format(&g707_format, vc_id, vc_size, line_speed); static int channelised_fill_sdh_g707_format(sdh_g707_format_t* in_fmt, guint16 bit_flds, guint8 vc_size, guint8 speed) in_fmt->m_vc_size = vc_size; in_fmt->m_sdh_line_rate = speed; memset(&(in_fmt->m_vc_index_array[0]), 0xff, DECHAN_MAX_AUG_INDEX); 1 --------------------------------- 14023 CVE-2014-6427/Wireshark_1.12.0_CVE_2014_6427_epan_dissectors_packet-rtsp.c Buffer_Overflow_boundedcpy 454 static gboolean is_rtsp_request_or_reply(const guchar *line, size_t linelen, rtsp_type_t *type) const guchar *next_token; int tokenlen; gchar response_chars[4]; if (linelen >= 5 && g_ascii_strncasecmp("RTSP/", line, 5) == 0) { *type = RTSP_REPLY; tokenlen = get_token_len(line, line+5, &next_token); if (tokenlen != 0) { tokenlen = get_token_len(next_token, line+linelen, &next_token); if (tokenlen >= 3) { memcpy(response_chars, next_token, 3); 1 --------------------------------- 14024 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2301 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pin = inbuf; unsigned char * pout = outbuf; if ( 0 == bit_mask ) { bit_mask = 0x8000; bit_value = pletoh16(pin); pin += 2; if ( !(bit_mask & bit_value) ){ *(pout++) = *(pin++);} *(pout++) = *(pin++); code_type = (unsigned int) ((*pin) >> 4 ) & 0xF; code_low = (unsigned int) ((*pin) & 0xF ); pin++; bit_value = pletoh16(pin); *(pout++) = *(pin++); length = code_low + 3; memset( pout, *pin++, length ); 1 --------------------------------- 14025 CVE-2014-6431/Wireshark_1.12.0_CVE_2014_6431_wiretap_ngsniffer.c Buffer_Overflow_boundedcpy 2393 static int SnifferDecompress(unsigned char *inbuf, size_t inlen, unsigned char *outbuf, size_t outlen, int *err) unsigned char * pout = outbuf; int length; int offset; if ( !(bit_mask & bit_value) ) *(pout++) = *(pin++); } offset = code_low + ((unsigned int)(*pin++) << 4) + 3; if ( pout - offset < outbuf ) *err = WTAP_ERR_UNC_BAD_OFFSET; return ( -1 );} length = code_type; if ( pout + length > pout_end ) *err = WTAP_ERR_UNC_OVERFLOW; return ( -1 );} memcpy( pout, pout - offset, length ); 1 --------------------------------- 14026 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; componet_len = write_count; buffer = OPENSSL_malloc(componet_len); bp = buffer; *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); 0 --------------------------------- 14027 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { componet_len = *maxlen; *buffer = OPENSSL_malloc(componet_len); if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14028 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { componet_len = *maxlen; *buffer = OPENSSL_malloc(componet_len); if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14029 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) componet_len = length; if (componet_len < 0) memcpy(string, *buffer, length); 0 --------------------------------- 14030 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) int input_code_size) int set_code_size; set_code_size = input_code_size; componet_len = 1 << set_code_size; clear_code = componet_len for (i = 0; i < componet_len; i ++) table[1][i] = i; 0 --------------------------------- 14031 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf, sizeof(buf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; if (dmalen > buflen) { return 0; dmalen = s->ti_size; componet_len = dmalen; memcpy(buf, s->ti_buf, componet_len); 0 --------------------------------- 14032 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr, esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; if (dmalen > buflen) { return 0; dmalen = s->ti_size; componet_len = dmalen; memcpy(buf, s->ti_buf, componet_len); 0 --------------------------------- 14033 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; uint64_t write_count; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; componet_len = (char *)fidp->fs.xattr.value + off; memcpy(componet_len, sg[i].iov_base, componet_len); 0 --------------------------------- 14034 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = vmsvga_fifo_read(s); if (cursor.width > || cursor.height > || cursor.bpp > || SVGA_BITMAP_SIZE(x, y) > sizeof(cursor.mask) / sizeof(cursor.mask[0]) || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof(cursor.image) / sizeof(cursor.image[0])) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, struct vmsvga_cursor_definition_s *c) componet_len = c.bpp; fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, componet_len); 0 --------------------------------- 14035 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); componet_data = str.data; str.size = strlen(componet_data); 0 --------------------------------- 14036 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); componet_data = str.data; str.size = strlen(componet_data); 0 --------------------------------- 14037 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; uint64_t read_count; if (fidp->fs.xattr.len < off) { read_count = 0; } else { read_count = fidp->fs.xattr.len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); componet_data = str.data; str.size = strlen(componet_data); 0 --------------------------------- 14038 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, uint64_t write_count; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; } err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); componet_data = str.data; str.size = strlen(componet_data); 0 --------------------------------- 14039 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; uint64_t write_count; size_t offset = 7; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); componet_data = str.data; str.size = strlen(componet_data); 0 --------------------------------- 14040 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); pl = p; componet_len = 1 + 2 + payload; buffer = OPENSSL_malloc(componet_len + padding); bp = buffer; *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); 1 --------------------------------- 14041 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { componet_len = *maxlen; *buffer = OPENSSL_malloc(componet_len); if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14042 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { componet_len = *maxlen; *buffer = OPENSSL_malloc(componet_len); if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14043 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) componet_len = length; if (componet_len < strsize) memcpy(string, *buffer, componet_len); 1 --------------------------------- 14044 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) int set_code_size; set_code_size = input_code_size; componet_len = 1 << set_code_size; clear_code = componet_len; for (i = 0; i < componet_len; i ++){ table[0][i] = 0; table[1][i] = i; 1 --------------------------------- 14045 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; dmalen = s->ti_size; componet_len = dmalen; memcpy(buf, s->ti_buf, componet_len); 1 --------------------------------- 14046 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr,uint64_t val, unsigned int size) SysBusESPState *sysbus = opaque; uint32_t saddr; saddr = addr >> sysbus->it_shift; esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; dmalen = s->ti_size; componet_len = dmalen; memcpy(buf, s->ti_buf, componet_len); 1 --------------------------------- 14047 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; int write_count; uint64_t write_count; write_count = xattr_len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; componet_len = (char *)fidp->fs.xattr.value + off; memcpy(componet_len, sg[i].iov_base, componet_len); 1 --------------------------------- 14048 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = vmsvga_fifo_read(s); if (cursor.width > 256 || cursor.height > 256 || cursor.bpp > 32 || SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, struct vmsvga_cursor_definition_s *c) componet_len = c.bpp; fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, componet_len); 1 --------------------------------- 14049 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); componet_data = str.data; str.size = strlen(componet_data); 1 --------------------------------- 14050 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); componet_data = str.data; str.size = strlen(componet_data); 1 --------------------------------- 14051 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; int read_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; read_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); componet_data = str.data; str.size = strlen(componet_data); 1 --------------------------------- 14052 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, int write_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); componet_data = str.data; str.size = strlen(componet_data); 1 --------------------------------- 14053 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; int write_count; int64_t xattr_len; size_t offset = 7; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); componet_data = str.data; str.size = strlen(componet_data); 1 --------------------------------- 14054 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; buffer = OPENSSL_malloc(write_length); bp = buffer; bp = func(&bp) static unsigned char* func(unsigned char**bptr) unsigned char *bp = *bptr; *bp++ = TLS1_HB_RESPONSE return bp bp = func(&bp) s2n(payload, bp); memcpy(bp, pl, payload); 0 --------------------------------- 14055 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { *buffer = func(buffer, &maxlen) static char** func(char **buffer, size_t **maxlen) *buffer = OPENSSL_malloc(**maxlen); return *buffer *buffer = func(buffer, maxlen) if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14056 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { *buffer = func(buffer, &maxlen) static char** func(char **buffer, size_t **maxlen) *buffer = OPENSSL_malloc(**maxlen); return *buffer *buffer = func(buffer, maxlen) if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14057 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) bool flag = func(&length, 0); bool func(int *length, int strsize) return *length < strsize; bool flag = func(&length, strsize) if (flag) memcpy(string, *buffer, length); 0 --------------------------------- 14058 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) int set_code_size; set_code_size = input_code_size; clear_code = func(&set_code_size); short func(short *sret_code_szie) short temp = 1 << (*set_code_size); return temp; clear_code = func(&set_code_size); for (i = 0; i < clear_code; i ++) table[1][i] = i; 0 --------------------------------- 14059 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf, sizeof(buf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; if (dmalen > buflen) { return 0; damlen = func(&s); uint32_t func(ESPState **s) return (*s)->ti_size; damlen = func(&s); memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14060 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr, esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; if (dmalen > buflen) { return 0; damlen = func(&s); uint32_t func(ESPState **s) return (*s)->ti_size; damlen = func(&s); memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14061 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; uint64_t write_count; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = func(&write_count); int func(int *write_count) return write_count; to_copy = func(&write_count); memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 0 --------------------------------- 14062 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = func(&s); uint32_t func(struct vmsvga_state_s **s) return vmsvga_fifo_read(*s); cursor.bpp = func(&s); if (cursor.width > || cursor.height > || cursor.bpp > || SVGA_BITMAP_SIZE(x, y) > sizeof(cursor.mask) / sizeof(cursor.mask[0]) || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof(cursor.image) / sizeof(cursor.image[0])) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 0 --------------------------------- 14063 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(&len); ssize_t func(ssize_t *len) return -(*len); int err = func(&len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14064 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(&len); ssize_t func(ssize_t *len) return -(*len); int err = func(&len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14065 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; uint64_t read_count; if (fidp->fs.xattr.len < off) { read_count = 0; } else { read_count = fidp->fs.xattr.len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(&len); ssize_t func(ssize_t *len) return -(*len); int err = func(&len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14066 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, uint64_t write_count; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; } err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(&len); ssize_t func(ssize_t *len) return -(*len); int err = func(&len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14067 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; uint64_t write_count; size_t offset = 7; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(&len); ssize_t func(ssize_t *len) return -(*len); int err = func(&len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14068 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); pl = p; buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; bp = func(&bp) static unsigned char* func(unsigned char**bptr) unsigned char *bp = *bptr; *bp++ = TLS1_HB_RESPONSE return bp bp = func(&bp) s2n(payload, bp); memcpy(bp, pl, payload); 1 --------------------------------- 14069 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { *buffer = func(buffer, &maxlen) static char** func(char **buffer, size_t **maxlen) *buffer = OPENSSL_malloc(**maxlen); return *buffer *buffer = func(buffer, maxlen) if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14070 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { *buffer = func(buffer, &maxlen) static char** func(char **buffer, size_t **maxlen) *buffer = OPENSSL_malloc(**maxlen); return *buffer *buffer = func(buffer, maxlen) if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14071 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) bool flag = func(&length, &strsize); bool func(int *length, int *strsize) return *length < *strsize; bool flag = func(&length, &strsize) if (flag) memcpy(string, *buffer, length); 1 --------------------------------- 14072 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) static short set_code_size, clear_code; set_code_size = input_code_size; clear_code = func(&set_code_size); short func(short *sret_code_szie) short temp = 1 << (*set_code_size); return temp; clear_code = func(&set_code_size); for (i = 0; i < clear_code; i ++){ table[0][i] = 0; table[1][i] = i;} 1 --------------------------------- 14073 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; damlen = func(&s); uint32_t func(ESPState **s) return (*s)->ti_size; damlen = func(&s); memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14074 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr,uint64_t val, unsigned int size) SysBusESPState *sysbus = opaque; uint32_t saddr; saddr = addr >> sysbus->it_shift; esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; damlen = func(&s); uint32_t func(ESPState **s) return (*s)->ti_size; damlen = func(&s); memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14075 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; int write_count; uint64_t write_count; write_count = xattr_len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = func(&write_count); int func(int *write_count) return write_count; to_copy = func(&write_count); memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 1 --------------------------------- 14076 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = func(&s); uint32_t func(struct vmsvga_state_s **s) return vmsvga_fifo_read(*s); cursor.bpp = func(&s); if (cursor.width > 256 || cursor.height > 256 || cursor.bpp > 32 || SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 1 --------------------------------- 14077 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(&len); ssize_t func(ssize_t *len) return -(*len); int err = func(&len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14078 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(&len); ssize_t func(ssize_t *len) return -(*len); int err = func(&len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14079 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; int read_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; read_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(&len); ssize_t func(ssize_t *len) return -(*len); int err = func(&len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14080 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, int write_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(&len); ssize_t func(ssize_t *len) return -(*len); int err = func(&len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14081 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; int write_count; int64_t xattr_len; size_t offset = 7; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(&len); ssize_t func(ssize_t *len) return -(*len); int err = func(&len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14082 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) structType myStruct; unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; buffer = OPENSSL_malloc(write_length); bp = buffer; myStruct.structFirst = bp; bp = func(myStruct) static unsigned char* func(structType myStruct) unsigned char* bp = myStruct.structFirst; *bp++ = TLS1_HB_RESPONSE return bp bp = func(myStruct) s2n(payload, bp); memcpy(bp, pl, payload); 0 --------------------------------- 14083 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) structType myStruct; if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { myStruct.structFirst = maxlen; *buffer = func(buffer, myStruct) static char** func(char **buffer, structType myStruct) size_t *maxlen = myStruct.structFirst; *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, myStruct) if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14084 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) structType myStruct; if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { myStruct.structFirst = maxlen; *buffer = func(buffer, myStruct) static char** func(char **buffer, structType myStruct) size_t *maxlen = myStruct.structFirst; *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, myStruct) if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14085 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) structType myStruct; myStruct.structFirst = length; bool flag = func(myStruct, 0); bool func(structType myStruct, int strsize) int length = myStruct.structFirst; return length < strsize; bool flag = func(myStruct, 0) if (flag) memcpy(string, *buffer, length); 0 --------------------------------- 14086 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) structType myStruct; int set_code_size; set_code_size = input_code_size; myStruct.structFirst = set_code_size; clear_code = func(myStruct); short func(structType myStruct) short set_code_size = myStruct.structFirst; short temp = 1 << set_code_size; return temp; clear_code = func(myStruct); for (i = 0; i < clear_code; i ++) table[1][i] = i; 0 --------------------------------- 14087 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf, sizeof(buf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) structType myStruct; uint32_t dmalen; if (dmalen > buflen) { return 0; myStruct.structFirst = s; damlen = func(myStruct); uint32_t func(structType myStruct) ESPState s = myStruct.structFirst; return s->ti_size; damlen = func(myStruct); memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14088 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr, esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) structType myStruct; uint32_t dmalen; if (dmalen > buflen) { return 0; myStruct.structFirst = s; damlen = func(myStruct); uint32_t func(structType myStruct) ESPState s = myStruct.structFirst; return s->ti_size; damlen = func(myStruct); memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14089 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; uint64_t write_count; structType myStruct; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); myStruct.structFirst = write_count; to_copy = func(myStruct); int func(structType myStruct) int write_count = myStruct.structFirst; return write_count; to_copy = func(myStruct); memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 0 --------------------------------- 14090 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; structType myStruct; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); myStruct.structFirst = s; cursor.bpp = func(myStruct); uint32_t func(structType myStruct) struct vmsvga_state_s *s = myStruct.structFirst; return vmsvga_fifo_read(s); cursor.bpp = func(myStruct); if (cursor.width > || cursor.height > || cursor.bpp > || SVGA_BITMAP_SIZE(x, y) > sizeof(cursor.mask) / sizeof(cursor.mask[0]) || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof(cursor.image) / sizeof(cursor.image[0])) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 0 --------------------------------- 14091 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) structType myStruct; myStruct.structFirst = len; int err = func(myStruct); ssize_t func(structType myStruct) int len = myStruct.structFirst; return -len; int err = func(myStruct); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14092 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) structType myStruct; myStruct.structFirst = len; int err = func(myStruct); ssize_t func(structType myStruct) int len = myStruct.structFirst; return -len; int err = func(myStruct); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14093 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; uint64_t read_count; if (fidp->fs.xattr.len < off) { read_count = 0; } else { read_count = fidp->fs.xattr.len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) structType myStruct; myStruct.structFirst = len; int err = func(myStruct); ssize_t func(structType myStruct) int len = myStruct.structFirst; return -len; int err = func(myStruct); int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14094 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, uint64_t write_count; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; } err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) structType myStruct; myStruct.structFirst = len; int err = func(myStruct); ssize_t func(structType myStruct) int len = myStruct.structFirst; return -len; int err = func(myStruct); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14095 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; uint64_t write_count; size_t offset = 7; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) structType myStruct; myStruct.structFirst = len; int err = func(myStruct); ssize_t func(structType myStruct) int len = myStruct.structFirst; return -len; int err = func(myStruct); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14096 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) structType myStruct; unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); pl = p; buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; myStruct.structFirst = bp; bp = func(myStruct) static unsigned char* func(structType myStruct) unsigned char* bp = myStruct.structFirst; *bp++ = TLS1_HB_RESPONSE return bp bp = func(myStruct) s2n(payload, bp); memcpy(bp, pl, payload); 1 --------------------------------- 14097 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) structType myStruct; if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { myStruct.structFirst = maxlen; *buffer = func(buffer, myStruct) static char** func(char **buffer, structType myStruct) size_t *maxlen = myStruct.structFirst; *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, myStruct) if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14098 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) structType myStruct; if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { myStruct.structFirst = maxlen; *buffer = func(buffer, myStruct) static char** func(char **buffer, structType myStruct) size_t *maxlen = myStruct.structFirst; *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, myStruct) if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14099 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) structType myStruct; myStruct.structFirst = length; bool flag = func(myStruct, strsize); bool func(structType myStruct, int strsize) int length = myStruct.structFirst; return length < strsize; bool flag = func(myStruct, strsize) if (flag) memcpy(string, *buffer, length); 1 --------------------------------- 14100 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) structType myStruct; static short set_code_size, clear_code; set_code_size = input_code_size; myStruct.structFirst = set_code_size; clear_code = func(myStruct); short func(structType myStruct) short set_code_size = myStruct.structFirst; short temp = 1 << set_code_size; return temp; clear_code = func(myStruct); for (i = 0; i < clear_code; i ++){ table[0][i] = 0; table[1][i] = i; 1 --------------------------------- 14101 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) structType myStruct; uint32_t dmalen; myStruct.structFirst = s; damlen = func(myStruct); uint32_t func(structType myStruct) ESPState s = myStruct.structFirst; return s->ti_size; damlen = func(myStruct); memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14102 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr,uint64_t val, unsigned int size) SysBusESPState *sysbus = opaque; uint32_t saddr; saddr = addr >> sysbus->it_shift; esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) structType myStruct; uint32_t dmalen; myStruct.structFirst = s; damlen = func(myStruct); uint32_t func(structType myStruct) ESPState s = myStruct.structFirst; return s->ti_size; damlen = func(myStruct); memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14103 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; int write_count; structType myStruct; write_count = xattr_len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); myStruct.structFirst = write_count; to_copy = func(myStruct); int func(structType myStruct) int write_count = myStruct.structFirst; return write_count; to_copy = func(myStruct); memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 1 --------------------------------- 14104 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; structType myStruct; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); myStruct.structFirst = s; cursor.bpp = func(myStruct); uint32_t func(structType myStruct) struct vmsvga_state_s *s = myStruct.structFirst; return vmsvga_fifo_read(s); cursor.bpp = func(myStruct); if (cursor.width > 256 || cursor.height > 256 || cursor.bpp > 32 || SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 1 --------------------------------- 14105 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) structType myStruct; myStruct.structFirst = len; int err = func(myStruct); ssize_t func(structType myStruct) int len = myStruct.structFirst; return -len; int err = func(myStruct); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14106 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) structType myStruct; myStruct.structFirst = len; int err = func(myStruct); ssize_t func(structType myStruct) int len = myStruct.structFirst; return -len; int err = func(myStruct); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14107 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; int read_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; read_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) structType myStruct; myStruct.structFirst = len; int err = func(myStruct); ssize_t func(structType myStruct) int len = myStruct.structFirst; return -len; int err = func(myStruct); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14108 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, int write_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) structType myStruct; myStruct.structFirst = len; int err = func(myStruct); ssize_t func(structType myStruct) int len = myStruct.structFirst; return -len; int err = func(myStruct); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14109 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; int write_count; int64_t xattr_len; size_t offset = 7; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) structType myStruct; myStruct.structFirst = len; int err = func(myStruct); ssize_t func(structType myStruct) int len = myStruct.structFirst; return -len; int err = func(myStruct); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14110 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unionType myUnion; unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; buffer = OPENSSL_malloc(write_length); bp = buffer; myUnion.unionFirst = bp; bp = func(myUnion); static unsigned char* func(unionType myUnion) unsigned char* bp = myUnion.unionSecond; *bp++ = TLS1_HB_RESPONSE return bp bp = func(myUnion) s2n(payload, bp); memcpy(bp, pl, payload); 0 --------------------------------- 14111 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) unionType myUnion; if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { myUnion.unionFirst = maxlen; *buffer = func(buffer, myUnion) static char** func(char **buffer, unionType myUnion) size_t *maxlen = myUnion.unionSecond; *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, myUnion) if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14112 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) unionType myUnion; if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { myUnion.unionFirst = maxlen; *buffer = func(buffer, myUnion) static char** func(char **buffer, unionType myUnion) size_t *maxlen = myUnion.unionSecond; *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, myUnion) if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14113 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) unionType myUnion; myUnion.unionFirst = length; bool flag = func(myUnion, 0); bool func(unionType myUnion, int strsize) int length = myUnion.unionSecond; return length < strsize; bool flag = func(myUnion, 0) if (flag) memcpy(string, *buffer, length); 0 --------------------------------- 14114 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) unionType myUnion; int set_code_size; set_code_size = input_code_size; myUnion.unionFirst = set_code_size; clear_code = func(myUnion); short func(unionType myUnion) short set_code_size = myUnion.unionSecond; short temp = 1 << set_code_size; return temp; clear_code = func(myUnion); for (i = 0; i < clear_code; i ++) table[1][i] = i; 0 --------------------------------- 14115 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf, sizeof(buf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) unionType myUnion; uint32_t dmalen; if (dmalen > buflen) { return 0; damlen = func(myUnion); uint32_t func(unionType myUnion) ESPState *s = myUnion.unionSecond; return s->ti_size; dmalen = func(myUnion) memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14116 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr, esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) unionType myUnion; uint32_t dmalen; if (dmalen > buflen) { return 0; myUnion.unionFirst = s; damlen = func(myUnion); uint32_t func(unionType myUnion) ESPState *s = myUnion.unionSecond; return s->ti_size; damlen = func(myUnion); memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14117 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) unionType myUnion; int i, to_copy; uint64_t write_count; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); myUnion.unionFirst = write_count; to_copy = func(myUnion); int func(unionType myUnion) int write_count = myUnion.unionSecond; return write_count; to_copy = func(myUnion); memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 0 --------------------------------- 14118 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; unionType myUnion; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); myUnion.unionFirst= s; cursor.bpp = func(myUnion); uint32_t func(unionType myUnion) struct vmsvga_state_s *s = myUnion.unionSecond; return vmsvga_fifo_read(s); cursor.bpp = func(myUnion); if (cursor.width > || cursor.height > || cursor.bpp > || SVGA_BITMAP_SIZE(x, y) > sizeof(cursor.mask) / sizeof(cursor.mask[0]) || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof(cursor.image) / sizeof(cursor.image[0])) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 0 --------------------------------- 14119 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) unionType myUnion; myUnion.unionFirst = len; int err = func(myUnion); ssize_t func(unionType myUnion) int len = myUnion.unionSecond; return -len; int err = func(myUnion); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14120 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) unionType myUnion; myUnion.unionFirst = len; int err = func(myUnion); ssize_t func(unionType myUnion) int len = myUnion.unionSecond; return -len; int err = func(myUnion); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14121 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; uint64_t read_count; if (fidp->fs.xattr.len < off) { read_count = 0; } else { read_count = fidp->fs.xattr.len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) unionType myUnion; myUnion.unionFirst = len; int err = func(myUnion); ssize_t func(unionType myUnion) int len = myUnion.unionSecond; return -len; int err = func(myUnion); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14122 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, uint64_t write_count; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; } err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) unionType myUnion; myUnion.unionFirst = len; int err = func(myUnion); ssize_t func(unionType myUnion) int len = myUnion.unionSecond; return -len; int err = func(myUnion); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14123 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; uint64_t write_count; size_t offset = 7; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) unionType myUnion; myUnion.unionFirst = len; int err = func(myUnion); ssize_t func(unionType myUnion) int len = myUnion.unionSecond; return -len; int err = func(myUnion); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14124 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unionType myUnion; unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); pl = p; buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; myUnion.unionFirst = bp; bp = func(myUnion); static unsigned char* func(unionType myUnion) unsigned char* bp = myUnion.unionSecond; *bp++ = TLS1_HB_RESPONSE return bp bp = func(myUnion) s2n(payload, bp); memcpy(bp, pl, payload); 1 --------------------------------- 14125 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) unionType myUnion; if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { myUnion.unionFirst = maxlen; *buffer = func(buffer, myUnion) static char** func(char **buffer, unionType myUnion) size_t *maxlen = myUnion.unionSecond; *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, myUnion) if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14126 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) unionType myUnion; if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { myUnion.unionFirst = maxlen; *buffer = func(buffer, myUnion) static char** func(char **buffer, unionType myUnion) size_t *maxlen = myUnion.unionSecond; *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, myUnion) if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14127 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) unionType myUnion; myUnion.unionFirst = length; bool flag = func(myUnion, strsize); bool func(unionType myUnion, int strsize) int length = myUnion.unionSecond; return length < strsize; bool flag = func(myUnion, strsize) if (flag) memcpy(string, *buffer, length); 1 --------------------------------- 14128 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) unionType myUnion; int set_code_size; set_code_size = input_code_size; myUnion.unionFirst = set_code_size; clear_code = func(myUnion); short func(unionType myUnion) short set_code_size = myUnion.unionSecond; short temp = 1 << set_code_size; return temp; clear_code = func(myUnion); for (i = 0; i < clear_code; i ++){ table[0][i] = 0; table[1][i] = i; 1 --------------------------------- 14129 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) unionType myUnion; uint32_t dmalen; damlen = func(myUnion); uint32_t func(unionType myUnion) ESPState *s = myUnion.unionSecond; return s->ti_size; dmalen = func(myUnion); memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14130 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr,uint64_t val, unsigned int size) SysBusESPState *sysbus = opaque; uint32_t saddr; saddr = addr >> sysbus->it_shift; esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) unionType myUnion; uint32_t dmalen; myUnion.unionFirst = s; damlen = func(myUnion); uint32_t func(unionType myUnion) ESPState *s = myUnion.unionSecond; return s->ti_size; damlen = func(myUnion); memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14131 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) unionType myUnion; int i, to_copy; int write_count; write_count = xattr_len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); myUnion.unionFirst = write_count; to_copy = func(myUnion); int func(unionType myUnion) int write_count = myUnion.unionSecond; return write_count; to_copy = func(myUnion); memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 1 --------------------------------- 14132 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; unionType myUnion; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); myUnion.unionFirst= s; cursor.bpp = func(myUnion); uint32_t func(unionType myUnion) struct vmsvga_state_s *s = myUnion.unionSecond; return vmsvga_fifo_read(s); cursor.bpp = func(myUnion); if (cursor.width > 256 || cursor.height > 256 || cursor.bpp > 32 || SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 1 --------------------------------- 14133 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) unionType myUnion; myUnion.unionFirst = len; int err = func(myUnion); ssize_t func(unionType myUnion) int len = myUnion.unionSecond; return -len; int err = func(myUnion); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14134 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) unionType myUnion; myUnion.unionFirst = len; int err = func(myUnion); ssize_t func(unionType myUnion) int len = myUnion.unionSecond; return -len; int err = func(myUnion); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14135 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; int read_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; read_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) unionType myUnion; myUnion.unionFirst = len; int err = func(myUnion); ssize_t func(unionType myUnion) int len = myUnion.unionSecond; return -len; int err = func(myUnion); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14136 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, int write_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) unionType myUnion; myUnion.unionFirst = len; int err = func(myUnion); ssize_t func(unionType myUnion) int len = myUnion.unionSecond; return -len; int err = func(myUnion); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14137 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; int write_count; int64_t xattr_len; size_t offset = 7; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) unionType myUnion; myUnion.unionFirst = len; int err = func(myUnion); ssize_t func(unionType myUnion) int len = myUnion.unionSecond; return -len; int err = func(myUnion); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14138 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; buffer = OPENSSL_malloc(write_length); bp = func(bp) static unsigned char* func(const unsigned char*bp) *bp++ = TLS1_HB_RESPONSE return bp bp = func(bp) *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); 0 --------------------------------- 14139 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { *buffer = func(buffer, maxlen) static char** func(char **buffer, size_t *maxlen) *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, maxlen) if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14140 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { *buffer = func(buffer, maxlen) static char** func(char **buffer, size_t *maxlen) *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, maxlen) if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14141 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) bool flag = func(length, 0); bool func(int length, int strsize) return length < strsize; bool flag = func(length, 0) if (flag) memcpy(string, *buffer, length); 0 --------------------------------- 14142 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) int set_code_size; set_code_size = input_code_size; clear_code = func(int set_code_size); int func(int sret_code_szie) int temp = 1 << set_code_size; return temp; clear_code = func(int set_code_size); for (i = 0; i < clear_code; i ++) table[1][i] = i; 0 --------------------------------- 14143 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf, sizeof(buf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; if (dmalen > buflen) { return 0; damlen = func(s); uint32_t func(ESPState *s) return s->ti_size; damlen = func(s); memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14144 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr, esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; if (dmalen > buflen) { return 0; damlen = func(s); uint32_t func(ESPState *s) return s->ti_size; damlen = func(s); memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14145 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; uint64_t write_count; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = func(int write_count); int func(int write_count) return write_count; to_copy = func(int write_count); memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 0 --------------------------------- 14146 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = func(s); uint32_t func(struct vmsvga_state_s *s) return vmsvga_fifo_read(s); cursor.bpp = func(s); if (cursor.width > || cursor.height > || cursor.bpp > || SVGA_BITMAP_SIZE(x, y) > sizeof(cursor.mask) / sizeof(cursor.mask[0]) || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof(cursor.image) / sizeof(cursor.image[0])) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 0 --------------------------------- 14147 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(ssize_t len); ssize_t func(ssize_t len) return -len; int err = func(ssize_t len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14148 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(ssize_t len); ssize_t func(ssize_t len) return -len; int err = func(ssize_t len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14149 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; uint64_t read_count; if (fidp->fs.xattr.len < off) { read_count = 0; } else { read_count = fidp->fs.xattr.len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(ssize_t len); ssize_t func(ssize_t len) return -len; int err = func(ssize_t len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14150 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, uint64_t write_count; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; } err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(ssize_t len); ssize_t func(ssize_t len) return -len; int err = func(ssize_t len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14151 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; uint64_t write_count; size_t offset = 7; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(ssize_t len); ssize_t func(ssize_t len) return -len; int err = func(ssize_t len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14152 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 static unsigned char* (*funcPtr)(unsigned char*) = badSource; int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); pl = p; buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; bp = funcPtr(bp) static unsigned char* badSource(unsigned char *bp) *bp++ = TLS1_HB_RESPONSE return bp bp = funcPtr(bp) s2n(payload, bp); memcpy(bp, pl, payload); 1 --------------------------------- 14153 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 static char** (*funcPtr)(char **, size_t *) = badSource; static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { *buffer = funcPtr(buffer, maxlen) static char** badSource(char **buffer, size_t *maxlen) *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = funcPtr(buffer, maxlen) if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14154 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 static char** (*funcPtr)(char **, size_t *) = badSource; static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { *buffer = funcPtr(buffer, maxlen) static char** badSource(char **buffer, size_t *maxlen) *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = funcPtr(buffer, maxlen) if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14155 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 bool (*funcPtr))(int , int ) = badSource; static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) bool flag = funcPtr(length, strsize); bool badSource(int length, int strsize) return length < strsize; bool flag = funcPtr(length, strsize) if (flag) memcpy(string, *buffer, length); 1 --------------------------------- 14156 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 short (*funcPtr))(short ) = badSource; static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) static short set_code_size, clear_code; set_code_size = input_code_size; clear_code = funcPtr(short set_code_size); short badSource(short sret_code_szie) short temp = 1 << set_code_size; return temp; clear_code = funcPtr(short set_code_size); for (i = 0; i < clear_code; i ++){ table[0][i] = 0; table[1][i] = i; 1 --------------------------------- 14157 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 uint32_t (*funcPtr)(ESPState *) = badSource; static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; damlen = funcPtr(s); uint32_t badSource(ESPState *s) return s->ti_size; damlen = funcPtr(s); memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14158 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 uint32_t (*funcPtr)(ESPState *) = badSource; static void sysbus_esp_mem_write(void *opaque, hwaddr addr,uint64_t val, unsigned int size) SysBusESPState *sysbus = opaque; uint32_t saddr; saddr = addr >> sysbus->it_shift; esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; damlen = funcPtr(s); uint32_t badSource(ESPState *s) return s->ti_size; damlen = funcPtr(s); memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14159 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 int (*funcPtr)(int ) = badSource; static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; int write_count; uint64_t write_count; write_count = xattr_len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = funcPtr(int write_count); int badSource(int write_count) return write_count; to_copy = funcPtr(int write_count); memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 1 --------------------------------- 14160 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 uint32_t (*funcPtr)(struct vmsvga_state_s *) = badSource; static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = funcPtr(s); uint32_t badSource(struct vmsvga_state_s *s) return vmsvga_fifo_read(s); cursor.bpp = funcPtr(s); if (cursor.width > 256 || cursor.height > 256 || cursor.bpp > 32 || SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 1 --------------------------------- 14161 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 ssize_t (*funcPtr)(ssize_t ) = badSource; static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = funcPtr(ssize_t len); ssize_t badSource(ssize_t len) return -len; int err = funcPtr(ssize_t len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14162 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 ssize_t (*funcPtr)(ssize_t) = badSource; static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = funcPtr(ssize_t len); ssize_t badSource(ssize_t len) return -len; int err = funcPtr(ssize_t len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14163 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 ssize_t (*funcPtr)(ssize_t len) = badSource; static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; int read_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; read_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = funcPtr(ssize_t len); ssize_t badSource(ssize_t len) return -len; int err = funcPtr(ssize_t len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14164 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 ssize_t (*funcPtr)(ssize_t ) = badSource; static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, int write_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = funcPtr(ssize_t len); ssize_t badSource(ssize_t len) return -len; int err = funcPtr(ssize_t len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14165 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 ssize_t (*funcPtr)(ssize_t ) = badSource; static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; int write_count; int64_t xattr_len; size_t offset = 7; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = funcPtr(ssize_t len); ssize_t badSource(ssize_t len) return -len; int err = funcPtr(ssize_t len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14166 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; buffer = OPENSSL_malloc(write_length); bp = buffer; bp = func(bp) static unsigned char* func(const unsigned char*bp) *bp++ = TLS1_HB_RESPONSE return bp bp = func(bp) s2n(payload, bp); memcpy(bp, pl, payload); 0 --------------------------------- 14167 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { *buffer = func(buffer, maxlen) static char** func(char **buffer, size_t *maxlen) *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, maxlen) if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14168 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { *buffer = func(buffer, maxlen) static char** func(char **buffer, size_t *maxlen) *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, maxlen) if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14169 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) bool flag = func(length, 0); bool func(int length, int strsize) return length < strsize; bool flag = func(length, 0) if (flag) memcpy(string, *buffer, length); 0 --------------------------------- 14170 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) int set_code_size; set_code_size = input_code_size; clear_code = func(set_code_size); int func(int set_code_size) int temp = 1 << set_code_size; return temp; clear_code = func(set_code_size); for (i = 0; i < clear_code; i ++) table[1][i] = i; 0 --------------------------------- 14171 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf, sizeof(buf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; if (dmalen > buflen) { return 0; dmalen = func(s); uint32_t func(ESPState *s) return s->ti_size; dmalen = func(s); memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14172 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr, esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; if (dmalen > buflen) { return 0; dmalen = func(s); uint32_t func(ESPState *s) return s->ti_size; dmalen = func(s); memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14173 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; uint64_t write_count; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = func(write_count); int func(int write_count) return write_count; to_copy = func(write_count); memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 0 --------------------------------- 14174 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = func(s); uint32_t func(struct vmsvga_state_s *s) return vmsvga_fifo_read(s); cursor.bpp = func(s); if (cursor.width > || cursor.height > || cursor.bpp > || SVGA_BITMAP_SIZE(x, y) > sizeof(cursor.mask) / sizeof(cursor.mask[0]) || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof(cursor.image) / sizeof(cursor.image[0])) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 0 --------------------------------- 14175 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(len); ssize_t func(ssize_t len) return -len; int err = func(len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14176 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(len); ssize_t func(ssize_t len) return -len; int err = func(len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14177 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; uint64_t read_count; if (fidp->fs.xattr.len < off) { read_count = 0; } else { read_count = fidp->fs.xattr.len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(len); ssize_t func(ssize_t len) return -len; int err = func(len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14178 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, uint64_t write_count; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; } err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(len); ssize_t func(ssize_t len) return -len; int err = func(len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14179 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; uint64_t write_count; size_t offset = 7; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(len); ssize_t func(ssize_t len) return -len; int err = func(len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14180 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); pl = p; buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; bp = func(bp) static unsigned char* func(const unsigned char*bp) *bp++ = TLS1_HB_RESPONSE return bp bp = func(bp) s2n(payload, bp); memcpy(bp, pl, payload); 1 --------------------------------- 14181 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { *buffer = func(buffer, maxlen) static char** func(char **buffer, size_t *maxlen) *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, maxlen) if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14182 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { *buffer = func(buffer, maxlen) static char** func(char **buffer, size_t *maxlen) *buffer = OPENSSL_malloc(*maxlen); return *buffer *buffer = func(buffer, maxlen) if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14183 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) bool flag = func(length, strsize); bool func(int length, int strsize) return length < strsize; bool flag = func(length, strsize) if (flag) memcpy(string, *buffer, length); 1 --------------------------------- 14184 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) static short set_code_size, clear_code; set_code_size = input_code_size; clear_code = func(set_code_size); short func(short set_code_size) short temp = 1 << set_code_size; return temp; clear_code = func(set_code_size); for (i = 0; i < clear_code; i ++){ table[0][i] = 0; table[1][i] = i; 1 --------------------------------- 14185 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; damlen = func(s); uint32_t func(ESPState *s) return s->ti_size; damlen = func(s); memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14186 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr,uint64_t val, unsigned int size) SysBusESPState *sysbus = opaque; uint32_t saddr; saddr = addr >> sysbus->it_shift; esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; damlen = func(s); uint32_t func(ESPState *s) return s->ti_size; damlen = func(s); memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14187 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; int write_count; uint64_t write_count; write_count = xattr_len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = func(write_count); int func(int write_count) return write_count; to_copy = func(write_count); memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 1 --------------------------------- 14188 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = func(s); uint32_t func(struct vmsvga_state_s *s) return vmsvga_fifo_read(s); cursor.bpp = func(s); if (cursor.width > 256 || cursor.height > 256 || cursor.bpp > 32 || SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 1 --------------------------------- 14189 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(len); ssize_t func(ssize_t len) return -len; int err = func(len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14190 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(len); ssize_t func(ssize_t len) return -len; int err = func(len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14191 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; int read_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; read_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(len); ssize_t func(ssize_t len) return -len; int err = func(len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14192 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, int write_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(len); ssize_t func(ssize_t len) return -len; int err = func(len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14193 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; int write_count; int64_t xattr_len; size_t offset = 7; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = func(len); ssize_t func(ssize_t len) return -len; int err = func(len); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14194 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; buffer = OPENSSL_malloc(write_length); unsigned char *dataCopy = buffer; bp = dataCopy; *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); 0 --------------------------------- 14195 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { char *dataCopy = OPENSSL_malloc(*maxlen); *buffer = dataCopy; if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14196 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { char *dataCopy = OPENSSL_malloc(*maxlen); *buffer = dataCopy; if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14197 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) int *dataCopy = &length; length = *dataCopy; if (length < 0) memcpy(string, *buffer, length); 0 --------------------------------- 14198 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) int input_code_size) int set_code_size; int *dataCopy = &input_code_size; set_code_size = *dataCopy; clear_code = 1 << set_code_size; for (i = 0; i < clear_code; i ++) table[1][i] = i; 0 --------------------------------- 14199 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf, sizeof(buf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; if (dmalen > buflen) { return 0; uint32_t *dataCopy = &s->ti_size; dmalen = *dataCopy; memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14200 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr, esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; ESPState *dataCopy = s; s = dataCopy; if (dmalen > buflen) { return 0; dmalen = s->ti_size; memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14201 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; uint64_t write_count; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); int *dataCopy = write_count; to_copy = *dataCopy; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 0 --------------------------------- 14202 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = vmsvga_fifo_read(s); if (cursor.width > || cursor.height > || cursor.bpp > || SVGA_BITMAP_SIZE(x, y) > sizeof(cursor.mask) / sizeof(cursor.mask[0]) || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof(cursor.image) / sizeof(cursor.image[0])) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,struct vmsvga_cursor_definition_s *c) struct vmsvga_cursor_definition_s *dataCopy = c; c = dataCopy; fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 0 --------------------------------- 14203 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t *dataCopy = &len; int err = -(*dataCopy); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14204 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t *dataCopy = &len; int err = -(*dataCopy); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14205 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; uint64_t read_count; if (fidp->fs.xattr.len < off) { read_count = 0; } else { read_count = fidp->fs.xattr.len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t *dataCopy = &len; int err = -(*dataCopy); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14206 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, uint64_t write_count; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; } err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t *dataCopy = &len; int err = -(*dataCopy); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14207 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; uint64_t write_count; size_t offset = 7; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t *dataCopy = &len; int err = -(*dataCopy); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14208 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); pl = p; buffer = OPENSSL_malloc(1 + 2 + payload + padding); unsigned char *dataCopy = buffer; bp = dataCopy; *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); 1 --------------------------------- 14209 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { char *dataCopy = OPENSSL_malloc(*maxlen); *buffer = dataCopy; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14210 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { char *dataCopy = OPENSSL_malloc(*maxlen); *buffer = dataCopy; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14211 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) int *dataCopy = &length; length = *dataCopy; if (length < strsize) memcpy(string, *buffer, length); 1 --------------------------------- 14212 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) int set_code_size; int *dataCopy = &input_code_size; set_code_size = *dataCopy; clear_code = 1 << set_code_size; for (i = 0; i < clear_code; i ++){ table[0][i] = 0; table[1][i] = i; 1 --------------------------------- 14213 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; len = get_cmd(s, buf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; uint32_t *dataCopy = &s->ti_size; dmalen = *dataCopy; memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14214 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr,uint64_t val, unsigned int size) SysBusESPState *sysbus = opaque; uint32_t saddr; saddr = addr >> sysbus->it_shift; esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; ESPState *dataCopy = s; s = dataCopy; dmalen = s->ti_size; memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14215 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; int write_count; uint64_t write_count; write_count = xattr_len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); int *dataCopy = write_count; to_copy = *dataCopy; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 1 --------------------------------- 14216 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = vmsvga_fifo_read(s); if (cursor.width > 256 || cursor.height > 256 || cursor.bpp > 32 || SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,struct vmsvga_cursor_definition_s *c) struct vmsvga_cursor_definition_s *dataCopy = c; c = dataCopy; fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 1 --------------------------------- 14217 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t *dataCopy = &len; int err = -(*dataCopy); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14218 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t *dataCopy = &len; int err = -(*dataCopy); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14219 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; int read_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; read_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t *dataCopy = &len; int err = -(*dataCopy); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14220 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, int write_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t *dataCopy = &len; int err = -(*dataCopy); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14221 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; int write_count; int64_t xattr_len; size_t offset = 7; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t *dataCopy = &len; int err = -(*dataCopy); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14222 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; unsigned char *dataArray[5]; buffer = OPENSSL_malloc(write_length); bp = buffer; dataArray[2] = bp; bp = func(dataArray); static unsigned char* func(unsigned char *dataArray[]) *bp = dataArray[2]; *bp++ = TLS1_HB_RESPONSE; return bp; bp = func(dataArray); s2n(payload, bp); memcpy(bp, pl, payload); 0 --------------------------------- 14223 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) size_t *dataArray[5]; if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { dataArray[2] = maxlen; *buffer = func(buffer, dataArray); static char* func(char **buffer, size_t *dataArray[]) ssize_t *maxlen = dataArray[2]; *buffer = OPENSSL_malloc(*maxlen);; return *buffer; *buffer = func(buffer, dataArray); if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14224 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 #define BUFFER_INC static int doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) size_t *dataArray[5]; if (buffer) { while (*currlen >= *maxlen) { *maxlen += BUFFER_INC; if (*buffer == NULL) { dataArray[2] = maxlen; *buffer = func(buffer, dataArray); static char* func(char **buffer, size_t *dataArray[]) ssize_t *maxlen = dataArray[2]; *buffer = OPENSSL_malloc(*maxlen); return *buffer; *buffer = func(buffer, dataArray); if (*buffer == NULL) return 0; if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 0 --------------------------------- 14225 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) int dataArray[5]; dataArray[2] = length; bool flag = func(dataArray, 0); bool func(int dataArray[], int strsize); int length = dataArray[2]; return length < strsize; bool flag = func(dataArray, 0); if (flag) memcpy(string, *buffer, length); 0 --------------------------------- 14226 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) short dataArray[5]; int set_code_size; set_code_size = input_code_size; dataArray[2] = set_code_size; clear_code = func(dataArray); short func(short dataArray[]) short set_code_size = dataArray[2]; short temp = 1 << set_code_size; return temp; clear_code = func(dataArray); for (i = 0; i < clear_code; i ++) table[1][i] = i; 0 --------------------------------- 14227 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; ESPState *dataArray[5]; len = get_cmd(s, buf, sizeof(buf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) uint32_t dmalen; if (dmalen > buflen) { return 0; dataArray[2] = s; damlen = func(dataArray); uint32_t func(ESPState *dataArray[]) ESPState *s = dataArray[2]; return s->ti_size; damlen = func(dataArray); memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14228 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr, esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf, sizeof(s->cmdbuf)); static uint32_t get_cmd(ESPState *s, uint8_t *buf, uint8_t buflen) ESPState *dataArray[5]; uint32_t dmalen; if (dmalen > buflen) { return 0; dataArray[2] = s; damlen = func(dataArray); uint32_t func(ESPState *dataArray[]) ESPState *s = dataArray[2]; return s->ti_size; damlen = func(dataArray); memcpy(buf, s->ti_buf, dmalen); 0 --------------------------------- 14229 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; uint64_t dataArray[5]; uint64_t write_count; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); dataArray[2] = write_count; to_copy = func(dataArray); uint64_t func(uint64_t dataArray[]) uint64_t write_count = dataArray[2]; return write_count; to_copy = func(dataArray); memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 0 --------------------------------- 14230 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; struct vmsvga_state_s *dataArray[5]; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); dataArray[2] = s; cursor.bpp = func(dataArray); uint32_t func(struct vmsvga_state_s *dataArray[]) struct vmsvga_state_s *s = dataArray[2]; return vmsvga_fifo_read(s); cursor.bpp = func(dataArray); if (cursor.width > || cursor.height > || cursor.bpp > || SVGA_BITMAP_SIZE(x, y) > sizeof(cursor.mask) / sizeof(cursor.mask[0]) || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof(cursor.image) / sizeof(cursor.image[0])) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 0 --------------------------------- 14231 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t dataArray[5]; dataArray[2] = len; int err = func(dataArray); ssize_t func(ssize_t dataArray[]) int len = dataArray[2]; return -len; int err = func(dataArray); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14232 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t dataArray[5]; dataArray[2] = len; int err = func(dataArray); ssize_t func(ssize_t dataArray[]) int len = dataArray[2]; return -len; int err = func(dataArray); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14233 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; uint64_t read_count; if (fidp->fs.xattr.len < off) { read_count = 0; } else { read_count = fidp->fs.xattr.len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t dataArray[5]; dataArray[2] = len; int err = func(dataArray); ssize_t func(ssize_t dataArray[]) int len = dataArray[2]; return -len; int err = func(dataArray); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14234 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, uint64_t write_count; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; } err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t dataArray[5]; dataArray[2] = len; int err = func(dataArray); ssize_t func(ssize_t dataArray[]) int len = dataArray[2]; return -len; int err = func(dataArray); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14235 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; uint64_t write_count; size_t offset = 7; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t dataArray[5]; dataArray[2] = len; int err = func(dataArray); ssize_t func(ssize_t dataArray[]) int len = dataArray[2]; return -len; int err = func(dataArray); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14236 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned char *p = &s->s3->rrec.data[0], *pl; unsigned int padding = 16; unsigned int payload; unsigned char *buffer, *bp; hbtype = *p++; n2s(p, payload); pl = p; unsigned char *dataArray[5]; buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; dataArray[2] = bp; bp = func(dataArray); static unsigned char* func(unsigned char *dataArray[]) *bp = dataArray[2]; *bp++ = TLS1_HB_RESPONSE; return bp; bp = func(dataArray); s2n(payload, bp); memcpy(bp, pl, payload); 1 --------------------------------- 14237 CVE-2016-0799/OpenSSL_1.0.1_CVE-2016-0799_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) size_t *dataArray[5]; if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { dataArray[2] = maxlen; *buffer = func(buffer, dataArray); static char* func(char **buffer, size_t *dataArray[]) ssize_t *maxlen = dataArray[2]; *buffer = OPENSSL_malloc(*maxlen); return *buffer; *buffer = func(buffer, dataArray); if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14238 CVE-2016-2842/OpenSSL_1.0.1_CVE-2016-2842_b_print.c Buffer_Overflow_boundedcpy 749 static void doapr_outch( char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) size_t *dataArray[5]; if (buffer) { while (*currlen >= *maxlen) { if (*buffer == NULL) { dataArray[2] = maxlen; *buffer = func(buffer, dataArray); static char* func(char **buffer, size_t *dataArray[]) ssize_t *maxlen = dataArray[2]; *buffer = OPENSSL_malloc(*maxlen); return *buffer; *buffer = func(buffer, dataArray); if (*currlen > 0) { memcpy(*buffer, *sbuffer, *currlen); 1 --------------------------------- 14239 CVE-2007-5849/cups_1.3.4_CVE-2007-5849_snmp.c Buffer_Overflow_boundedcpy 1064 static char * asn1_get_string( unsigned char **buffer, unsigned char *bufend, int length, char *string, int strsize) int dataArray[5]; dataArray[2] = length; bool flag = func(dataArray, strsize); bool func(int dataArray[], int strsize); int length = dataArray[2]; return length < strsize; bool flag = func(dataArray, strsize); if (flag) memcpy(string, *buffer, length); 1 --------------------------------- 14240 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) short dataArray[5]; static short set_code_size, clear_code; set_code_size = input_code_size; dataArray[2] = set_code_size; clear_code = func(dataArray); short func(short dataArray[]) short set_code_size = dataArray[2]; short temp = 1 << set_code_size; return temp; clear_code = func(dataArray); for (i = 0; i < clear_code; i ++){ table[0][i] = 0; table[1][i] = i; 1 --------------------------------- 14241 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 160 static void handle_satn(ESPState *s) uint8_t buf[32]; ESPState *dataArray[5]; len = get_cmd(s, buf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; dataArray[2] = s; damlen = func(dataArray); uint32_t func(ESPState *dataArray[]) ESPState *s = dataArray[2]; return s->ti_size; damlen = func(dataArray); memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14242 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr,uint64_t val, unsigned int size) SysBusESPState *sysbus = opaque; uint32_t saddr; saddr = addr >> sysbus->it_shift; esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) ESPState *dataArray[5]; uint32_t dmalen; dataArray[2] = s; damlen = func(dataArray); uint32_t func(ESPState *dataArray[]) ESPState *s = dataArray[2]; return s->ti_size; damlen = func(dataArray); memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14243 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; QEMUIOVector qiov_full; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; int write_count; int dataArray[5]; uint64_t write_count; write_count = xattr_len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); dataArray[2] = write_count; to_copy = func(dataArray); int func(int dataArray[]) int write_count = dataArray[2]; return write_count; to_copy = func(dataArray); memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 1 --------------------------------- 14244 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; struct vmsvga_state_s *dataArray[5]; x = vmsvga_fifo_read(s); y = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); dataArray[2] = s; cursor.bpp = func(dataArray); uint32_t func(struct vmsvga_state_s *dataArray[]) struct vmsvga_state_s *s = dataArray[2]; return vmsvga_fifo_read(s); cursor.bpp = func(dataArray); if (cursor.width > 256 || cursor.height > 256 || cursor.bpp > 32 || SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s,struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 1 --------------------------------- 14245 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t dataArray[5]; dataArray[2] = len; int err = func(dataArray); ssize_t func(ssize_t dataArray[]) int len = dataArray[2]; return -len; int err = func(dataArray); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14246 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) ssize_t err = 0; V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) issize_t dataArray[5]; dataArray[2] = len; int err = func(dataArray); ssize_t func(ssize_t dataArray[]) int len = dataArray[2]; return -len; int err = func(dataArray); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14247 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) ssize_t err; size_t offset = 7; int read_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; read_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t dataArray[5]; dataArray[2] = len; int err = func(dataArray); ssize_t func(ssize_t dataArray[]) int len = dataArray[2]; return -len; int err = func(dataArray); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14248 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) ssize_t err; int32_t fid; uint64_t off; uint32_t count; size_t offset = 7; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, int write_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t dataArray[5]; dataArray[2] = len; int err = func(dataArray); ssize_t func(ssize_t dataArray[]) int len = dataArray[2]; return -len; int err = func(dataArray); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14249 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int i, to_copy; ssize_t err = 0; int write_count; int64_t xattr_len; size_t offset = 7; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) ssize_t dataArray[5]; dataArray[2] = len; int err = func(dataArray); ssize_t func(ssize_t dataArray[]) int len = dataArray[2]; return -len; int err = func(dataArray); V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14250 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; unsigned char *buffer, *bp; unsigned char *p = &s->s3->rrec.data[0], *pl; hbtype = *p++; n2s(p, payload); if (1 + 2 + payload + 16 > s->s3->rrec.length) return 0; pl = p; buffer = OPENSSL_malloc(write_length); bp = buffer; *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); 0 --------------------------------- 14251 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) size_t offset = 7; uint32_t count; QEMUIOVector qiov_full; V9fsPDU *pdu = opaque; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) uint64_t write_count; int i, to_copy; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 0 --------------------------------- 14252 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; y = vmsvga_fifo_read(s); x = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = vmsvga_fifo_read(s); if (cursor.width > || cursor.height > || cursor.bpp > || SVGA_BITMAP_SIZE(x, y) > sizeof(cursor.mask) / sizeof(cursor.mask[0]) || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof(cursor.image) / sizeof(cursor.image[0])) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 0 --------------------------------- 14253 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) V9fsPDU *pdu = opaque; ssize_t err = 0; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14254 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; ssize_t err = 0; xattr_fidp->fs.xattr.value = g_malloc0(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14255 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) size_t offset = 7; uint64_t read_count; ssize_t err; if (fidp->fs.xattr.len < off) { read_count = 0; } else { read_count = fidp->fs.xattr.len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14256 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) int32_t fid; size_t offset = 7; uint64_t off; ssize_t err; uint32_t count; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, uint64_t write_count; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; } err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14257 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) size_t offset = 7; ssize_t err = 0; int i, to_copy; uint64_t write_count; if (fidp->fs.xattr.len < off) { err = -ENOSPC; goto out; write_count = fidp->fs.xattr.len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 0 --------------------------------- 14258 CVE-2014-0160/OpenSSL_1.0.1_CVE-2014-0160_t1_lib.c Buffer_Overflow_boundedcpy 2578 int tls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; unsigned char *buffer, *bp; unsigned char *p = &s->s3->rrec.data[0], *pl; hbtype = *p++; n2s(p, payload); pl = p; buffer = OPENSSL_malloc(1 + 2 + payload + padding); bp = buffer; *bp++ = TLS1_HB_RESPONSE; s2n(payload, bp); memcpy(bp, pl, payload); 1 --------------------------------- 14259 CVE-2011-2896/cups_1.4.2_CVE-2011-2896_image-gif.c Buffer_Overflow_Indexes 463 static int gif_read_image(FILE *fp, cups_image_t *img, gif_cmap_t cmap, int interlace) unsigned char code_size; code_size = getc(fp); if (gif_read_lzw(fp, 1, code_size) < 0) static int gif_read_lzw(FILE *fp, int first_time, int input_code_size) int set_code_size; set_code_size = input_code_size; clear_code = 1 << set_code_size; for (i = 0; i < clear_code; i ++){ table[1][i] = i; table[0][i] = 0; 1 --------------------------------- 14260 CVE-2016-4441/qemu_2.3.0_CVE-2016-4441_esp.c Buffer_Overflow_boundedcpy 600 static void sysbus_esp_mem_write(void *opaque, hwaddr addr,uint64_t val, unsigned int size) uint32_t saddr; SysBusESPState *sysbus = opaque; saddr = addr >> sysbus->it_shift; esp_reg_write(&sysbus->esp, saddr, val); void esp_reg_write(ESPState *s, uint32_t saddr, uint64_t val) handle_satn_stop(s); static void handle_satn_stop(ESPState *s) s->cmdlen = get_cmd(s, s->cmdbuf); static uint32_t get_cmd(ESPState *s, uint8_t *buf) uint32_t dmalen; dmalen = s->ti_size; memcpy(buf, s->ti_buf, dmalen); 1 --------------------------------- 14261 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c Buffer_Overflow_boundedcpy 1941 static void v9fs_write(void *opaque) size_t offset = 7; uint32_t count; QEMUIOVector qiov_full; V9fsPDU *pdu = opaque; v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) int write_count; int i, to_copy; write_count = xattr_len - off; if (write_count > count) { write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); 1 --------------------------------- 14262 CVE-2016-7170/qemu_2.3.0_CVE-2016-7170_vmware_vga.c Format_String_Attack 662 static void vmsvga_fifo_run(struct vmsvga_state_s *s) struct vmsvga_cursor_definition_s cursor; int x, y, dx, dy, width, height; y = vmsvga_fifo_read(s); x = vmsvga_fifo_read(s); cursor.id = vmsvga_fifo_read(s); cursor.height = y = vmsvga_fifo_read(s); cursor.width = x = vmsvga_fifo_read(s); cursor.hot_x = vmsvga_fifo_read(s); cursor.hot_y = vmsvga_fifo_read(s); vmsvga_fifo_read(s); cursor.bpp = vmsvga_fifo_read(s); if (cursor.width > 256 || cursor.bpp > 32 || cursor.height > 256 || SVGA_BITMAP_SIZE(x, y) > sizeof cursor.mask || SVGA_PIXMAP_SIZE(x, y, cursor.bpp) > sizeof cursor.image) { goto badcmd;} vmsvga_cursor_define(s, &cursor); static inline void vmsvga_cursor_define(struct vmsvga_state_s *s, struct vmsvga_cursor_definition_s *c) fprintf(stderr, "%s: unhandled bpp %d, using fallback cursor\n",__func__, c->bpp); 1 --------------------------------- 14263 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3021 static void v9fs_xattrwalk(void *opaque) V9fsPDU *pdu = opaque; ssize_t err = 0; V9fsState *s = pdu->s; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14264 CVE-2016-9103/qemu_2.3.0_CVE-2016-9103_virtio-9p.c String_Termination_Error 3054 static void v9fs_xattrwalk(void *opaque) V9fsPDU *pdu = opaque; V9fsState *s = pdu->s; ssize_t err = 0; xattr_fidp->fs.xattr.value = g_malloc(size); err = pdu_marshal(pdu, offset, "q", size); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) int err = -len; V9fsString str; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14265 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1563 static int v9fs_xattr_read(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t max_count) size_t offset = 7; ssize_t err; int64_t xattr_len; int read_count; xattr_len = fidp->fs.xattr.len; read_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", read_count); return err; err = v9fs_xattr_read(s, pdu, fidp, off, max_count); trace_v9fs_read_return(pdu->tag, pdu->id, count, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) V9fsString str; int err = -len; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14266 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1951 static void v9fs_write(void *opaque) int32_t fid; size_t offset = 7; uint64_t off; ssize_t err; uint32_t count; V9fsPDU *pdu = opaque; err = pdu_unmarshal(pdu, offset, "dqd", &fid, &off, &count); v9fs_init_qiov_from_pdu(&qiov_full, pdu, offset, count, true); static void v9fs_init_qiov_from_pdu(QEMUIOVector *qiov, V9fsPDU *pdu, size_t skip, size_t size, qemu_iovec_concat(qiov, &elem, skip, size); trace_v9fs_write(pdu->tag, pdu->id, fid, off, count, qiov_full.niov); err = v9fs_xattr_write(s, pdu, fidp, off, count,qiov_full.iov, qiov_full.niov); static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp,uint64_t off, uint32_t count, int write_count; int64_t xattr_len; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; write_count = count; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; err = v9fs_xattr_write(s, pdu, fidp, off, count, len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) V9fsString str; int err = -len; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14267 CVE-2016-9104/qemu_2.3.0_CVE-2016-9104_virtio-9p.c String_Termination_Error 1900 static int v9fs_xattr_write(V9fsState *s, V9fsPDU *pdu, V9fsFidState *fidp, uint64_t off, uint32_t count, struct iovec *sg, int cnt) ssize_t err = 0; size_t offset = 7; int i, to_copy; int64_t xattr_len; int write_count; xattr_len = fidp->fs.xattr.len; write_count = xattr_len - off; err = pdu_marshal(pdu, offset, "d", write_count); to_copy = write_count; memcpy((char *)fidp->fs.xattr.value + off, sg[i].iov_base, to_copy); off += to_copy; len = v9fs_co_pwritev(pdu, fidp, qiov.iov, qiov.niov, off); total += len; qemu_iovec_concat(&qiov, &qiov_full, total, qiov_full.size - total); err = pdu_marshal(pdu, offset, "d", total); trace_v9fs_write_return(pdu->tag, pdu->id, total, err); complete_pdu(s, pdu, err); static void complete_pdu(V9fsState *s, V9fsPDU *pdu, ssize_t len) V9fsString str; int err = -len; str.data = strerror(err); str.size = strlen(str.data); 1 --------------------------------- 14268 CVE-2012-0856/Ffmpeg_0.9_CVE_2012_0856_libavcodec_mpegvideo.c Buffer_Overflow_boundedcpy 1232 assert(s->last_picture_ptr==NULL || s->out_format != FMT_H264 || s->codec_id == CODEC_ID_SVQ3); if (s->pict_type != AV_PICTURE_TYPE_B && s->last_picture_ptr && s->last_picture_ptr != s->next_picture_ptr && s->last_picture_ptr->f.data[0]) { if(s->out_format != FMT_H264 || s->codec_id == CODEC_ID_SVQ3){ if (s->last_picture_ptr->owner2 == s) free_frame_buffer(s, s->last_picture_ptr); if (s->pict_type != AV_PICTURE_TYPE_B) { s->last_picture_ptr= s->next_picture_ptr; if(s->codec_id != CODEC_ID_H264){ if ((s->last_picture_ptr == NULL || s->last_picture_ptr->f.data[0] == NULL) && (s->pict_type!=AV_PICTURE_TYPE_I || s->picture_structure != PICT_FRAME)){ i= ff_find_unused_picture(s, 0); s->last_picture_ptr= &s->picture[i]; s->last_picture_ptr->f.key_frame = 0; if(ff_alloc_picture(s, s->last_picture_ptr, 0) < 0) return -1; if(s->codec_id == CODEC_ID_FLV1 || s->codec_id == CODEC_ID_H263){ for(i=0; iheight; i++) memset(s->last_picture_ptr->f.data[0] + s->last_picture_ptr->f.linesize[0]*i, 16, s->width); 1 --------------------------------- 14269 CVE-2012-0856/Ffmpeg_0.9_CVE_2012_0856_libavcodec_mpegvideo.c Buffer_Overflow_boundedcpy 1232 assert(s->last_picture_ptr==NULL || s->out_format != FMT_H264 || s->codec_id == CODEC_ID_SVQ3); if (s->pict_type != AV_PICTURE_TYPE_B && s->last_picture_ptr && s->last_picture_ptr != s->next_picture_ptr && s->last_picture_ptr->f.data[0]) { if(s->out_format != FMT_H264 || s->codec_id == CODEC_ID_SVQ3){ if (s->last_picture_ptr->owner2 == s) free_frame_buffer(s, s->last_picture_ptr); if (s->pict_type != AV_PICTURE_TYPE_B) { s->last_picture_ptr= s->next_picture_ptr; if(s->codec_id != CODEC_ID_H264){ if ((s->last_picture_ptr == NULL || s->last_picture_ptr->f.data[0] == NULL) && (s->pict_type!=AV_PICTURE_TYPE_I || s->picture_structure != PICT_FRAME)){ i= ff_find_unused_picture(s, 0); s->last_picture_ptr= &s->picture[i]; s->last_picture_ptr->f.key_frame = 0; if(ff_alloc_picture(s, s->last_picture_ptr, 0) < 0) return -1; if(s->codec_id == CODEC_ID_FLV1 || s->codec_id == CODEC_ID_H263){ for(i=0; iheight; i++) memset(s->last_picture_ptr->f.data[0] + s->last_picture_ptr->f.linesize[0]*i, 16, avctx->width); 0 --------------------------------- 14270 CVE-2013-0845/Ffmpeg_1.0.3_CVE_2013_0845_libavcodec_alsdec.c Buffer_Overflow_boundedcpy 908 static int read_block(ALSDecContext *ctx, ALSBlockData *bd) GetBitContext *gb = &ctx->gb; *bd->shift_lsbs = 0; if (get_bits1(gb)) { if (read_var_block_data(ctx, bd)) return -1; else read_const_block_data(ctx, bd); static void read_const_block_data(ALSDecContext *ctx, ALSBlockData *bd) ALSSpecificConfig *sconf = &ctx->sconf; AVCodecContext *avctx = ctx->avctx; GetBitContext *gb = &ctx->gb; *bd->raw_samples = 0; *bd->const_block = get_bits1(gb); bd->js_blocks = get_bits1(gb); skip_bits(gb, 5); if (*bd->const_block) unsigned int const_val_bits = sconf->floating ? 24 : avctx->bits_per_raw_sample; *bd->raw_samples = get_sbits_long(gb, const_val_bits); *bd->const_block = 1; return 0; 1 --------------------------------- 14271 CVE-2013-0845/Ffmpeg_1.0.3_CVE_2013_0845_libavcodec_alsdec.c Buffer_Overflow_boundedcpy 908 static int read_block(ALSDecContext *ctx, ALSBlockData *bd) GetBitContext *gb = &ctx->gb; *bd->shift_lsbs = 0; if (get_bits1(gb)) { if (read_var_block_data(ctx, bd)) return -1; else if (read_const_block_data(ctx, bd) < 0) static void read_const_block_data(ALSDecContext *ctx, ALSBlockData *bd) ALSSpecificConfig *sconf = &ctx->sconf; AVCodecContext *avctx = ctx->avctx; GetBitContext *gb = &ctx->gb; if (bd->block_length <= 0) return -1; *bd->raw_samples = 0; *bd->const_block = get_bits1(gb); bd->js_blocks = get_bits1(gb); skip_bits(gb, 5); if (*bd->const_block) unsigned int const_val_bits = sconf->floating ? 24 : avctx->bits_per_raw_sample; *bd->raw_samples = get_sbits_long(gb, const_val_bits); *bd->const_block = 1; return 0; return -1; return 0; 0 --------------------------------- 14272 CVE-2013-0874/Ffmpeg_1.1.2_CVE_2013_0874_libavcodec_tiff.c Format_String_Attack 246 static char *doubles2str(double *dp, int count, const char *sep) char *ap, *ap0; int component_len; if (!sep) sep = ", "; component_len = 15 + strlen(sep); ap = av_malloc(component_len * count); if (!ap) return NULL; ap0 = ap; ap[0] = '\0'; for (i = 0; i < count; i++) unsigned l = snprintf(ap, component_len, "%f%s", dp[i], sep); if(l >= component_len) av_free(ap0); return NULL; ap += l; ap0[strlen(ap0) - strlen(sep)] = '\0'; return ap0; static char *shorts2str(int16_t *sp, int count, const char *sep) char *ap, *ap0; if (!sep) sep = ", "; ap = av_malloc((5 + strlen(sep)) * count); if (!ap) return NULL; ap0 = ap; ap[0] = '\0'; for (i = 0; i < count; i++) int l = snprintf(ap, 5 + strlen(sep), "%d%s", sp[i], sep); ap += l; ap0[strlen(ap0) - strlen(sep)] = '\0'; return ap0; 1 --------------------------------- 14273 CVE-2013-0874/Ffmpeg_1.1.2_CVE_2013_0874_libavcodec_tiff.c Format_String_Attack 246 static char *doubles2str(double *dp, int count, const char *sep) char *ap, *ap0; uint64_t component_len; if (!sep) sep = ", "; component_len = 15LL + strlen(sep); if (count >= (INT_MAX - 1)/component_len) return NULL; ap = av_malloc(component_len * count + 1); if (!ap) return NULL; ap0 = ap; ap[0] = '\0'; for (i = 0; i < count; i++) unsigned l = snprintf(ap, component_len, "%f%s", dp[i], sep); if(l >= component_len) av_free(ap0); return NULL; ap += l; ap0[strlen(ap0) - strlen(sep)] = '\0'; return ap0; static char *shorts2str(int16_t *sp, int count, const char *sep) char *ap, *ap0; uint64_t component_len; if (!sep) sep = ", "; component_len = 7LL + strlen(sep); if (count >= (INT_MAX - 1)/component_len) return NULL; ap = av_malloc(component_len * count + 1); if (!ap) return NULL; ap0 = ap; ap[0] = '\0'; for (i = 0; i < count; i++) unsigned l = snprintf(ap, component_len, "%d%s", sp[i], sep); if (l >= component_len av_free(ap0); return NULL; ap += l; ap0[strlen(ap0) - strlen(sep)] = '\0'; return ap0; 0 --------------------------------- 14274 CVE-2016-2330/Ffmpeg_2.8.2_CVE_2016_2330_libavcodec_gif.c Buffer_Overflow_boundedcpy 186 int len = 0, height = avctx->height, width = avctx->width, x, y; int x_start = 0, y_start = 0, trans = s->transparent_index; int x_end = avctx->width - 1, y_end = avctx->height - 1; while (y_start < y_end) if (memcmp(ref + y_start*ref_linesize, buf + y_start*linesize, width)) break; y_start++; while (y_end > y_start) if (memcmp(ref + y_end*ref_linesize, buf + y_end*linesize, width)) break; y_end--; height = y_end + 1 - y_start; width = x_end + 1 - x_start; av_log(avctx, AV_LOG_DEBUG,"%dx%d image at pos (%d;%d) [area:%dx%d]\n", width, height, x_start, y_start, avctx->width, avctx->height); bytestream_put_le16(bytestream, x_start); bytestream_put_le16(bytestream, y_start); bytestream_put_le16(bytestream, width); bytestream_put_le16(bytestream, height); if (honor_transparency && trans < 0) trans = pick_palette_entry(buf + y_start*linesize + x_start, linesize, width, height); ff_lzw_encode_init(s->lzw, s->buf, 2 * width * height, ptr = buf + y_start*linesize + x_start; if (honor_transparency) for (y = 0; y < height; y++) memcpy(s->tmpl, ptr, width); len += ff_lzw_encode(s->lzw, s->tmpl, width); ptr += linesize; else for (y = 0; y < height; y++) len += ff_lzw_encode(s->lzw, ptr, width); ptr += linesize; return 0; static av_cold int gif_encode_init(AVCodecContext *avctx) s->lzw = av_mallocz(ff_lzw_encode_state_size); s->buf = av_malloc(avctx->width*avctx->height*2); s->tmpl = av_malloc(avctx->width); if (!s->tmpl || !s->buf || !s->lzw) return AVERROR(ENOMEM); static int gif_encode_close(AVCodecContext *avctx) GIFContext *s = avctx->priv_data; av_freep(&s->lzw); av_freep(&s->buf); av_frame_free(&s->last_frame); av_freep(&s->tmpl); return 0; 1 --------------------------------- 14275 CVE-2016-2330/Ffmpeg_2.8.2_CVE_2016_2330_libavcodec_gif.c Buffer_Overflow_boundedcpy 186 int buf_size; int len = 0, height = avctx->height, width = avctx->width, x, y; int x_start = 0, y_start = 0, trans = s->transparent_index; int x_end = avctx->width - 1, y_end = avctx->height - 1; while (y_start < y_end) if (memcmp(ref + y_start*ref_linesize, buf + y_start*linesize, width)) break; y_start++; while (y_end > y_start) if (memcmp(ref + y_end*ref_linesize, buf + y_end*linesize, width)) break; y_end--; height = y_end + 1 - y_start; width = x_end + 1 - x_start; av_log(avctx, AV_LOG_DEBUG,"%dx%d image at pos (%d;%d) [area:%dx%d]\n", width, height, x_start, y_start, avctx->width, avctx->height); bytestream_put_le16(bytestream, x_start); bytestream_put_le16(bytestream, y_start); bytestream_put_le16(bytestream, width); bytestream_put_le16(bytestream, height); if (honor_transparency && trans < 0) trans = pick_palette_entry(buf + y_start*linesize + x_start, linesize, width, height); ff_lzw_encode_init(s->lzw, s->buf, s->buf_size, 12, FF_LZW_GIF, put_bits); ptr = buf + y_start*linesize + x_start; if (honor_transparency) for (y = 0; y < height; y++) memcpy(s->tmpl, ptr, width); len += ff_lzw_encode(s->lzw, s->tmpl, width); ptr += linesize; else for (y = 0; y < height; y++) len += ff_lzw_encode(s->lzw, ptr, width); ptr += linesize; return 0; static av_cold int gif_encode_init(AVCodecContext *avctx) s->lzw = av_mallocz(ff_lzw_encode_state_size); s->buf_size = avctx->width*avctx->height*2 + 1000; s->buf = av_malloc(s->buf_size); s->tmpl = av_malloc(avctx->width); if (!s->tmpl || !s->buf || !s->lzw) return AVERROR(ENOMEM); static int gif_encode_close(AVCodecContext *avctx) GIFContext *s = avctx->priv_data; av_freep(&s->lzw); av_freep(&s->buf); s->buf_size = 0; av_frame_free(&s->last_frame); av_freep(&s->tmpl); return 0; 0 --------------------------------- 14276 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp Buffer_Overflow_boundedcpy 7081 base = CG_BASE(cg); next = CG_NEXT(cg); offset = PTRDIFF(next, base, jsbytecode); js_ReportOutOfScriptQuota(cx); return -1; return offset; pc = CG_CODE(cg, target); op = (JSOp) *pc; cs = &js_CodeSpec[op]; extern uint8 js_opcode2extra[]; extra = js_opcode2extra[op]; ((cs->format & JOF_TMPSLOT_MASK) >> JOF_TMPSLOT_SHIFT) + depth = (uintN) cg->stackDepth + extra; depth = (uintN) cg->stackDepth + cg->maxStackDepth = depth; nuses = js_GetStackUses(cs, op, pc); cg->stackDepth -= nuses; JS_ASSERT(cg->stackDepth >= 0); JS_ReportErrorFlagsAndNumber(cx, JSREPORT_WARNING, ndefs = cs->ndefs; blockObj = cg->objectList.lastbox->object; JS_ASSERT(STOBJ_GET_CLASS(blockObj) == &js_BlockClass); JS_ASSERT(JSVAL_IS_VOID(blockObj->fslots[JSSLOT_BLOCK_DEPTH])); OBJ_SET_BLOCK_DEPTH(cx, blockObj, cg->stackDepth); ndefs = OBJ_BLOCK_COUNT(cx, blockObj); cg->stackDepth += ndefs; cg->maxStackDepth = cg->stackDepth; UpdateDepth(cx, cg, offset); ptrdiff_t offset = EmitCheck(cx, cg, op, 2); jsbytecode *next = CG_NEXT(cg); UpdateDepth(cx, cg, offset); jsbytecode *next = CG_NEXT(cg); UpdateDepth(cx, cg, offset); ptrdiff_t offset = EmitCheck(cx, cg, op, length); jsbytecode *next = CG_NEXT(cg); UpdateDepth(cx, cg, offset); JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_NEED_DIET, jt = *jtp; jt2 = jt->kids[otherDir]; *jtp = root = jt2->kids[dir]; *jtp = root = jt->kids[otherDir]; jt = cg->jtFreeList; jt->offset = args->offset; jt->balance = 0; jt->kids[JT_LEFT] = jt->kids[JT_RIGHT] = NULL; *jtp = jt; ? 1 - BalanceJumpTargets(jtp) JS_ASSERT(-1 <= jt->balance && jt->balance <= 1); JS_ASSERT(jt->balance == rh - lh); ReportStatementTooLarge(cx, cg); AddJumpTarget(&args, &cg->jumpTargets); AVLCheck(cg->jumpTargets); index = cg->numSpanDeps; ReportStatementTooLarge(cx, cg); (!(sdbase = cg->spanDeps) || index >= SPANDEPS_MIN)) { size = sdbase ? SPANDEPS_SIZE(index) : SPANDEPS_SIZE_MIN / 2; sdbase = (JSSpanDep *) JS_realloc(cx, sdbase, size + size); cg->spanDeps = sdbase; cg->numSpanDeps = index + 1; sd->top = PTRDIFF(pc, CG_BASE(cg), jsbytecode); sd->offset = sd->before = PTRDIFF(pc2, CG_BASE(cg), jsbytecode); ReportStatementTooLarge(cx, cg); if (!SetSpanDepTarget(cx, cg, sd, off)) if (!AddSpanDep(cx, cg, pc, pc2, off)) pc = AddSwitchSpanDeps(cx, cg, pc); if (!AddSpanDep(cx, cg, pc, pc, off)) UpdateJumpTargets(jt->kids[JT_LEFT], pivot, delta); UpdateJumpTargets(jt->kids[JT_RIGHT], pivot, delta); UpdateJumpTargets(cg->jumpTargets, sd2->offset, JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN); ts->filename ? ts->filename : "stdin", cg->firstLine, growth / (JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN), cg->numSpanDeps, sd2 = FindNearestSpanDep(cg, target, if (!js_SetSrcNoteOffset(cx, cg, noteIndex, i, span)) jmp = js_Emit3(cx, cg, op, JUMP_OFFSET_HI(off), JUMP_OFFSET_LO(off)); pc = CG_CODE(cg, jmp); if (!AddSpanDep(cx, cg, pc, pc, off)) if (!BuildSpanDepTable(cx, cg)) return SetSpanDepTarget(cx, cg, GetSpanDep(cg, pc), off); stmt->flags = 0; stmt->blockid = tc->blockid(); stmt->label = NULL; JS_ASSERT(!stmt->blockObj); stmt->down = tc->topStmt; if (STMT_LINKS_SCOPE(stmt)) { tc->topScopeStmt = stmt; stmt->downScope = NULL; js_PushStatement(tc, stmt, STMT_BLOCK, top); stmt->flags |= SIF_SCOPE; stmt->downScope = tc->topScopeStmt; tc->topScopeStmt = stmt; depth = cg->stackDepth; if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) if (EmitBackPatchOp(cx, cg, JSOP_BACKPATCH, &GOSUBS(*stmt)) < 0) if (js_Emit1(cx, cg, JSOP_LEAVEWITH) < 0) if (js_Emit1(cx, cg, JSOP_ENDITER) < 0) if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) i = OBJ_BLOCK_COUNT(cx, stmt->blockObj); if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) cg->stackDepth = depth; if (!EmitNonLocalJumpFixup(cx, cg, toStmt)) index = js_NewSrcNote2(cx, cg, noteType, (ptrdiff_t) ALE_INDEX(label)); valueAtom = js_AtomizeDouble(cx, dval); ale = cg->constList.add(cg->compiler, atom); JS_ASSERT(cg->flags & TCF_COMPILE_N_GO); ok = OBJ_LOOKUP_PROPERTY(cx, obj, ATOM_TO_JSID(atom), &objbox, ok = OBJ_GET_ATTRIBUTES(cx, obj, ATOM_TO_JSID(atom), prop, ok = OBJ_GET_PROPERTY(cx, obj, ATOM_TO_JSID(atom), vp); OBJ_DROP_PROPERTY(cx, objbox, prop); } while ((cg = (JSCodeGenerator *) cg->parent) != NULL); if (js_Emit1(cx, cg, (JSOp)(JSOP_INDEXBASE1 + indexBase - 1)) < 0) if (js_Emit2(cx, cg, JSOP_INDEXBASE, (JSOp)indexBase) < 0) bigSuffix = EmitBigIndexPrefix(cx, cg, index); return bigSuffix == JSOP_NOP || js_Emit1(cx, cg, bigSuffix) >= 0; return js_Emit1(cx, cg, JSOP_LENGTH) >= 0; ale = cg->atomList.add(cg->compiler, pn->pn_atom); return EmitIndexOp(cx, op, ALE_INDEX(ale), cg); return EmitIndexOp(cx, op, cg->objectList.index(objbox), cg); JS_ASSERT((jsuint) slot < cg->maxStackDepth); slot += cg->fun->u.i.nvars; js_ReportCompileErrorNumber(cx, CG_TS(cg), NULL, slot = -1; if (!EmitObjectOp(cx, pn->pn_objbox, JSOP_ENTERBLOCK, cg)) JSObject *blockObj = pn->pn_objbox->object; jsint depth = AdjustBlockSlot(cx, cg, OBJ_BLOCK_DEPTH(cx, blockObj)); limit = slot + OBJ_BLOCK_COUNT(cx, blockObj); js_ReallocSlots(cx, blockObj, JSSLOT_FREE(&js_BlockClass), JS_TRUE); JSContext *cx = cg->compiler->context; uintN upvarLevel = fun->u.i.script->staticLevel; JSLocalKind localKind = js_LookupLocal(cx, fun, atom, &index); JS_ASSERT(cg->staticLevel > upvarLevel); JSAtomListElement *ale = cg->upvarList.lookup(atom); !js_AddLocal(cx, cg->fun, atom, JSLOCAL_UPVAR)) { ale = cg->upvarList.add(cg->compiler, atom); JS_ASSERT(ALE_INDEX(ale) == cg->upvarList.count - 1); uint32 *vector = cg->upvarMap.vector; uint32 length = cg->upvarMap.length; JS_ASSERT(ALE_INDEX(ale) <= length); if (ALE_INDEX(ale) == length) { length = 2 * JS_MAX(2, length); vector = (uint32 *) JS_realloc(cx, vector, length * sizeof *vector); cg->upvarMap.vector = vector; cg->upvarMap.length = length; vector[ALE_INDEX(ale)] = MAKE_UPVAR_COOKIE(skip, index); pn->pn_op = JSOP_GETUPVAR; pn->pn_cookie = MAKE_UPVAR_COOKIE(cg->staticLevel, ALE_INDEX(ale)); pn->pn_dflags |= PND_BOUND; JS_ASSERT(pn->pn_type == TOK_NAME); JS_ASSERT(pn->pn_op != JSOP_ARGUMENTS && pn->pn_op != JSOP_CALLEE); JS_ASSERT(pn->pn_cookie == FREE_UPVAR_COOKIE); pn->pn_dflags |= (dn->pn_dflags & PND_CONST); op = PN_OP(pn); JS_ASSERT(JOF_OPTYPE(op) == JOF_ATOM); cookie = dn->pn_cookie; JS_ASSERT(cg->flags & TCF_COMPILE_N_GO); pn->pn_op = JSOP_FALSE; pn->pn_dflags |= PND_BOUND; if (pn->isConst()) pn->pn_op = op = JSOP_NAME; JS_ASSERT(cg->flags & TCF_COMPILE_N_GO); ? STOBJ_GET_PARENT(FUN_OBJECT(cg->fun)) return MakeUpvarForEval(pn, cg); case JSOP_NAME: op = JSOP_GETGVAR; break; case JSOP_SETNAME: op = JSOP_SETGVAR; break; case JSOP_INCNAME: op = JSOP_INCGVAR; break; case JSOP_NAMEINC: op = JSOP_GVARINC; break; case JSOP_DECNAME: op = JSOP_DECGVAR; break; case JSOP_NAMEDEC: op = JSOP_GVARDEC; break; pn->pn_op = op; pn->pn_cookie = cookie; pn->pn_dflags |= PND_BOUND; uintN level = UPVAR_FRAME_SKIP(cookie); JS_ASSERT(cg->staticLevel >= level); JS_ASSERT(cg->staticLevel >= level); pn->pn_op = JSOP_GETUPVAR; pn->pn_cookie = cookie; pn->pn_dflags |= PND_BOUND; return MakeUpvarForEval(pn, cg); JS_ASSERT(cg->flags & TCF_IN_FUNCTION); JS_ASSERT(cg->lexdeps.lookup(atom)); if (FUN_FLAT_CLOSURE(cg->fun)) { op = JSOP_GETDSLOT; op = JSOP_GETUPVAR; ale = cg->upvarList.lookup(atom); index = ALE_INDEX(ale); if (!js_AddLocal(cx, cg->fun, atom, JSLOCAL_UPVAR)) ale = cg->upvarList.add(cg->compiler, atom); index = ALE_INDEX(ale); JS_ASSERT(index == cg->upvarList.count - 1); uint32 *vector = cg->upvarMap.vector; if (!vector) uint32 length = cg->lexdeps.count; vector = (uint32 *) calloc(length, sizeof *vector); JS_ReportOutOfMemory(cx); cg->upvarMap.vector = vector; cg->upvarMap.length = length; pn->pn_op = op; pn->pn_cookie = index; pn->pn_dflags |= PND_BOUND; case JSOP_NAME: op = JSOP_GETLOCAL; break; case JSOP_SETNAME: op = JSOP_SETLOCAL; break; case JSOP_INCNAME: op = JSOP_INCLOCAL; break; case JSOP_NAMEINC: op = JSOP_LOCALINC; break; case JSOP_DECNAME: op = JSOP_DECLOCAL; break; case JSOP_NAMEDEC: op = JSOP_LOCALDEC; break; case JSOP_FORNAME: op = JSOP_FORLOCAL; break; case JSOP_NAME: op = JSOP_GETARG; break; case JSOP_SETNAME: op = JSOP_SETARG; break; case JSOP_INCNAME: op = JSOP_INCARG; break; case JSOP_NAMEINC: op = JSOP_ARGINC; break; case JSOP_DECNAME: op = JSOP_DECARG; break; case JSOP_NAMEDEC: op = JSOP_ARGDEC; break; case JSOP_FORNAME: op = JSOP_FORARG; break; JS_ASSERT(!pn->isConst()); JS_ASSERT(op != JSOP_CALLEE); JS_ASSERT((cg->fun->flags & JSFUN_LAMBDA) && atom == cg->fun->atom); JS_ASSERT(op != JSOP_DELNAME); op = JSOP_CALLEE; pn->pn_dflags |= PND_CONST; pn->pn_op = op; pn->pn_dflags |= PND_BOUND; case JSOP_NAME: op = JSOP_GETLOCAL; break; case JSOP_SETNAME: op = JSOP_SETLOCAL; break; case JSOP_SETCONST: op = JSOP_SETLOCAL; break; case JSOP_INCNAME: op = JSOP_INCLOCAL; break; case JSOP_NAMEINC: op = JSOP_LOCALINC; break; case JSOP_DECNAME: op = JSOP_DECLOCAL; break; case JSOP_NAMEDEC: op = JSOP_LOCALDEC; break; case JSOP_FORNAME: op = JSOP_FORLOCAL; break; JS_ASSERT(op != PN_OP(pn)); pn->pn_op = op; pn->pn_cookie = UPVAR_FRAME_SLOT(cookie); pn->pn_dflags |= PND_BOUND; JSAtomListElement *ale = cg->atomList.add(cg->compiler, pn->pn_atom); if (!EmitIndexOp(cx, JSOP_QNAMEPART, ALE_INDEX(ale), cg)) JS_ASSERT(pn->pn_arity == PN_NAME); pn2 = pn->maybeExpr(); if (!BindNameToSlot(cx, cg, pn2)) top = CG_OFFSET(cg); if (!js_EmitTree(cx, cg, pndown)) if (js_NewSrcNote2(cx, cg, SRC_PCBASE, if (!EmitSpecialPropOp(cx, pndot, JSOP_GETELEM, cg)) } else if (!EmitAtomOp(cx, pndot, PN_OP(pndot), cg)) { if (!js_EmitTree(cx, cg, pn2)) if (js_NewSrcNote2(cx, cg, SRC_PCBASE, JSParseNode *left, *right, *next, ltmp, rtmp; JS_ASSERT(pn->pn_op == JSOP_GETELEM); JS_ASSERT(pn->pn_count >= 3); left = pn->pn_head; right = pn->last(); next = left->pn_next; JS_ASSERT(next != right); if (!BindNameToSlot(cx, cg, left)) next = left->pn_next; JS_ASSERT(next != right || pn->pn_count == 3); if (!js_EmitTree(cx, cg, left)) if (!js_EmitTree(cx, cg, next)) left = <mp; JS_ASSERT(ATOM_IS_STRING(pn->pn_atom)); right->pn_op = js_IsIdentifier(ATOM_TO_STRING(pn->pn_atom)) JS_ASSERT(pn->pn_arity == PN_BINARY); if (!BindNameToSlot(cx, cg, left)) if (!js_EmitTree(cx, cg, left)) if (!js_EmitTree(cx, cg, right)) return js_Emit1(cx, cg, JSOP_ZERO) >= 0; return js_Emit1(cx, cg, JSOP_ONE) >= 0; return js_Emit2(cx, cg, JSOP_INT8, (jsbytecode)(int8)ival) >= 0; off = js_EmitN(cx, cg, JSOP_UINT24, 3); pc = CG_CODE(cg, off); off = js_EmitN(cx, cg, JSOP_INT32, 4); pc = CG_CODE(cg, off); atom = js_AtomizeDouble(cx, dval); ale = cg->atomList.add(cg->compiler, atom); return EmitIndexOp(cx, JSOP_DOUBLE, ALE_INDEX(ale), cg); JSStmtInfo *stmtInfo) count = OBJ_BLOCK_COUNT(cx, pn2->pn_objbox->object); js_PushBlockScope(cg, stmtInfo, pn2->pn_objbox->object, -1); stmtInfo->type = STMT_SWITCH; if (!EmitEnterBlock(cx, pn2, cg)) if (!js_EmitTree(cx, cg, pn->pn_left)) js_PushStatement(cg, stmtInfo, STMT_SWITCH, top); atom = js_AtomizeDouble(cx, d); ok = LookupCompileTimeConstant(cx, cg, pn4->pn_atom, &v); atom = js_AtomizeDouble(cx, d); JS_malloc(cx, ok = LookupCompileTimeConstant(cx, cg, pn4->pn_atom, &v); JS_free(cx, intmap); noteIndex = js_NewSrcNote3(cx, cg, SRC_SWITCH, 0, 0); if (js_EmitN(cx, cg, switchOp, switchSize) < 0) if (pn4 && !js_EmitTree(cx, cg, pn4)) if (!js_SetSrcNoteOffset(cx, cg, (uintN)caseNoteIndex, 0, caseNoteIndex = js_NewSrcNote2(cx, cg, SRC_PCDELTA, 0); off = EmitJump(cx, cg, JSOP_CASE, 0); noteCount = CG_NOTE_COUNT(cg); if (!js_SetSrcNoteOffset(cx, cg, (uintN)noteIndex, 1, noteCountDelta = CG_NOTE_COUNT(cg) - noteCount; !js_SetSrcNoteOffset(cx, cg, (uintN)caseNoteIndex, 0, defaultOffset = EmitJump(cx, cg, JSOP_DEFAULT, 0); pc = CG_CODE(cg, top + JUMP_OFFSET_LEN); table = (JSParseNode **) JS_malloc(cx, tableSize); if (!AddSwitchSpanDeps(cx, cg, CG_CODE(cg, top))) savepc = CG_NEXT(cg); if (js_NewSrcNote2(cx, cg, SRC_LABEL, (ptrdiff_t) if (js_NewSrcNote2(cx, cg, SRC_LABEL, (ptrdiff_t) ok = js_EmitTree(cx, cg, pn4); off = CG_OFFSET(cg) - top; ok = js_SetJumpOffset(cx, cg, CG_CODE(cg, defaultOffset), ok = js_SetJumpOffset(cx, cg, pc, off); off = CG_OFFSET(cg) - top; ok = js_SetSrcNoteOffset(cx, cg, (uintN)noteIndex, 0, off); ale = cg->atomList.add(cg->compiler, pn->pn_atom); if (!UpdateLineNumberNotes(cx, cg, pn->pn_pos.begin.lineno)) CG_SWITCH_TO_MAIN(cg); if (!emitter(cx, cg, prologOp, pn2)) if (!emitter(cx, cg, prologOp, pn3)) pn = pn->pn_kid; if (!EmitDestructuringOpsHelper(cx, cg, pn)) if (!BindNameToSlot(cx, cg, pn)) if (pn->isConst() && !pn->isInitialized()) return js_Emit1(cx, cg, JSOP_POP) >= 0; if (!EmitElemOp(cx, pn, JSOP_ENUMELEM, cg)) if (!EmitElemOp(cx, pn, JSOP_ENUMCONSTELEM, cg)) top = CG_OFFSET(cg); if (!js_EmitTree(cx, cg, pn)) if (js_Emit1(cx, cg, JSOP_ENUMELEM) < 0) intN stackDepth = cg->stackDepth; JS_ASSERT(stackDepth != 0); if (js_Emit1(cx, cg, JSOP_DUP) < 0) if (!EmitNumberOp(cx, index, cg)) JS_ASSERT(pn2->pn_type == TOK_COLON); if (js_NewSrcNote(cx, cg, SRC_INITPROP) < 0) if (!EmitNumberOp(cx, pn3->pn_dval, cg)) pn3 = pn2->pn_right; if (js_Emit1(cx, cg, JSOP_GETELEM) < 0) JS_ASSERT(cg->stackDepth == stackDepth + 1); JS_ASSERT(pn2 == pn3); for (pn2 = pn->pn_head; pn2; pn2 = pn2->pn_next) { pn3 = pn2; if (!EmitDestructuringLHS(cx, cg, pn3)) JS_ASSERT(cg->stackDepth == stackDepth); JS_ASSERT(cg->stackDepth == stackDepth + 1); if (!EmitDestructuringLHS(cx, cg, pn3)) return EmitDestructuringOpsHelper(cx, cg, pn); depth = limit = (uintN) cg->stackDepth; if (!js_EmitTree(cx, cg, pn)) i = depth; JS_ASSERT(i < limit); jsint slot = AdjustBlockSlot(cx, cg, i); if (js_Emit1(cx, cg, JSOP_POP) < 0) if (!EmitDestructuringLHS(cx, cg, pn)) JS_ASSERT(pn->pn_type == TOK_ASSIGN); JSParseNode *pn, JSOp *pop) lhs = pn->pn_left; if (!EmitGroupAssignment(cx, cg, prologOp, lhs, rhs)) JSParseNode *lhs, JSParseNode *rhs) for (pn = lhs->pn_head; pn; pn = pn->pn_next, ++i) { if (!EmitDestructuringLHS(cx, cg, pn)) off = noteIndex = -1; if (!EmitDestructuringDecls(cx, cg, PN_OP(pn), pn2)) JS_ASSERT(pn2->pn_left->pn_type == TOK_NAME); JS_ASSERT(noteIndex < 0 && !pn2->pn_next); if (!MaybeEmitGroupAssignment(cx, cg, pn2, &op)) { JSParseNode *pn, JSOp *pop) pn2, &op)) { JSParseNode *pn, JSOp *pop) pn2, &op)) { JSParseNode *pn, JSOp *pop) pn2, &op)) { if (!EmitDestructuringDecls(cx, cg, PN_OP(pn), pn3)) if (!js_EmitTree(cx, cg, pn2->pn_right)) pn3 = pn2->maybeExpr(); if (!BindNameToSlot(cx, cg, pn2)) if (!MaybeEmitVarDecl(cx, cg, PN_OP(pn), pn2, &atomIndex)) !js_DefineCompileTimeConstant(cx, cg, pn2->pn_atom, pn3)) { if (!js_EmitTree(cx, cg, pn3)) js_NewSrcNote2(cx, cg, SRC_DECL, if (js_Emit1(cx, cg, op) < 0) tmp = CG_OFFSET(cg); if (!js_SetSrcNoteOffset(cx, cg, (uintN)noteIndex, 0, tmp-off)) noteIndex = js_NewSrcNote2(cx, cg, SRC_PCDELTA, 0); index = CG_NOTE_COUNT(cg); if (((uintN)index & CG_NOTE_MASK(cg)) == 0) { if (!CG_NOTES(cg)) { js_ReportOutOfScriptQuota(cx); return -1; return index; index = AllocSrcNote(cx, cg); if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) if (EmitBackPatchOp(cx, cg, JSOP_BACKPATCH, &GOSUBS(*stmt)) < 0) return -1; sn = &CG_NOTES(cg)[index]; offset = CG_OFFSET(cg); delta = offset - CG_LAST_NOTE_OFFSET(cg); if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) if (!EmitNonLocalJumpFixup(cx, cg, toStmt)) index = js_NewSrcNote2(cx, cg, noteType, (ptrdiff_t) ALE_INDEX(label)); index = AllocSrcNote(cx, cg); return -1; sn = &CG_NOTES(cg)[index]; if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) if (!EmitNonLocalJumpFixup(cx, cg, toStmt)) index = js_NewSrcNote2(cx, cg, noteType, (ptrdiff_t) ALE_INDEX(label)); if (js_NewSrcNote(cx, cg, SRC_NULL) < 0) return -1; return index; index = js_NewSrcNote(cx, cg, type); if (!js_SetSrcNoteOffset(cx, cg, index, 0, offset)) return -1; noteIndex = js_NewSrcNote2(cx, cg, SRC_PCDELTA, 0); JS_ASSERT(noteIndex < 0 && !pn2->pn_next); pn2, &op)) { JSParseNode *pn, JSOp *pop) pn2, &op)) { pn3 = pn2->maybeExpr(); if (!BindNameToSlot(cx, cg, pn2)) return index; noteIndex = js_NewSrcNote2(cx, cg, SRC_PCDELTA, 0); JS_ASSERT(noteIndex < 0 && !pn2->pn_next); pn2, &op)) { JSParseNode *pn, JSOp *pop) pn2, &op)) { pn3 = pn2->maybeExpr(); if (!BindNameToSlot(cx, cg, pn2)) if (!js_SetSrcNoteOffset(cx, cg, index, 0, offset1)) if (!js_SetSrcNoteOffset(cx, cg, index, 1, offset2)) js_ReportOutOfScriptQuota(cx); sn = &CG_NOTES(cg)[index]; JS_ASSERT(SN_TYPE(sn) != SRC_XDELTA); for (sn++; which; sn++, which--) { if (((CG_NOTE_COUNT(cg) + 1) & CG_NOTE_MASK(cg)) <= 1) { index = PTRDIFF(sn, CG_NOTES(cg), jssrcnote); if (!GrowSrcNotes(cx, cg)) if (!js_SetSrcNoteOffset(cx, cg, index, 0, offset)) if (js_NewSrcNote2(cx, cg, SRC_PCBASE, CG_OFFSET(cg) - top) < 0) if (!EmitDestructuringLHS(cx, cg, pn3)) if (!js_SetSrcNoteOffset(cx, cg, index, 0, offset1)) noteIndex = js_NewSrcNote3(cx, cg, SRC_SWITCH, 0, 0); if (js_EmitN(cx, cg, switchOp, switchSize) < 0) sn = CG_NOTES(cg) + index; diff = CG_NOTE_COUNT(cg) - (index + 3); if (!js_SetSrcNoteOffset(cx, cg, noteIndex, i, span)) sd2 = FindNearestSpanDep(cg, target, sn += 2; index = PTRDIFF(sn, CG_NOTES(cg), jssrcnote); if (((CG_NOTE_COUNT(cg) + 1) & CG_NOTE_MASK(cg)) <= 1) { sn = CG_NOTES(cg) + index; diff = CG_NOTE_COUNT(cg) - (index + 3); JS_ASSERT(diff >= 0); memmove(sn + 3, sn + 1, SRCNOTE_SIZE(diff)); 1 --------------------------------- 14277 CVE-2011-0054/Firefox_3.5.16_CVE_2011_0054_js_src_jsemit.cpp Buffer_Overflow_boundedcpy 7081 base = CG_BASE(cg); next = CG_NEXT(cg); offset = PTRDIFF(next, base, jsbytecode); js_ReportOutOfScriptQuota(cx); return -1; return offset; pc = CG_CODE(cg, target); op = (JSOp) *pc; cs = &js_CodeSpec[op]; extern uint8 js_opcode2extra[]; extra = js_opcode2extra[op]; ((cs->format & JOF_TMPSLOT_MASK) >> JOF_TMPSLOT_SHIFT) + depth = (uintN) cg->stackDepth + extra; depth = (uintN) cg->stackDepth + cg->maxStackDepth = depth; nuses = js_GetStackUses(cs, op, pc); cg->stackDepth -= nuses; JS_ASSERT(cg->stackDepth >= 0); JS_ReportErrorFlagsAndNumber(cx, JSREPORT_WARNING, ndefs = cs->ndefs; blockObj = cg->objectList.lastbox->object; JS_ASSERT(STOBJ_GET_CLASS(blockObj) == &js_BlockClass); JS_ASSERT(JSVAL_IS_VOID(blockObj->fslots[JSSLOT_BLOCK_DEPTH])); OBJ_SET_BLOCK_DEPTH(cx, blockObj, cg->stackDepth); ndefs = OBJ_BLOCK_COUNT(cx, blockObj); cg->stackDepth += ndefs; cg->maxStackDepth = cg->stackDepth; UpdateDepth(cx, cg, offset); ptrdiff_t offset = EmitCheck(cx, cg, op, 2); jsbytecode *next = CG_NEXT(cg); UpdateDepth(cx, cg, offset); jsbytecode *next = CG_NEXT(cg); UpdateDepth(cx, cg, offset); ptrdiff_t offset = EmitCheck(cx, cg, op, length); jsbytecode *next = CG_NEXT(cg); UpdateDepth(cx, cg, offset); JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_NEED_DIET, jt = *jtp; jt2 = jt->kids[otherDir]; *jtp = root = jt2->kids[dir]; *jtp = root = jt->kids[otherDir]; jt = cg->jtFreeList; jt->offset = args->offset; jt->balance = 0; jt->kids[JT_LEFT] = jt->kids[JT_RIGHT] = NULL; *jtp = jt; ? 1 - BalanceJumpTargets(jtp) JS_ASSERT(-1 <= jt->balance && jt->balance <= 1); JS_ASSERT(jt->balance == rh - lh); ReportStatementTooLarge(cx, cg); AddJumpTarget(&args, &cg->jumpTargets); AVLCheck(cg->jumpTargets); index = cg->numSpanDeps; ReportStatementTooLarge(cx, cg); (!(sdbase = cg->spanDeps) || index >= SPANDEPS_MIN)) { size = sdbase ? SPANDEPS_SIZE(index) : SPANDEPS_SIZE_MIN / 2; sdbase = (JSSpanDep *) JS_realloc(cx, sdbase, size + size); cg->spanDeps = sdbase; cg->numSpanDeps = index + 1; sd->top = PTRDIFF(pc, CG_BASE(cg), jsbytecode); sd->offset = sd->before = PTRDIFF(pc2, CG_BASE(cg), jsbytecode); ReportStatementTooLarge(cx, cg); if (!SetSpanDepTarget(cx, cg, sd, off)) if (!AddSpanDep(cx, cg, pc, pc2, off)) pc = AddSwitchSpanDeps(cx, cg, pc); if (!AddSpanDep(cx, cg, pc, pc, off)) UpdateJumpTargets(jt->kids[JT_LEFT], pivot, delta); UpdateJumpTargets(jt->kids[JT_RIGHT], pivot, delta); UpdateJumpTargets(cg->jumpTargets, sd2->offset, JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN); ts->filename ? ts->filename : "stdin", cg->firstLine, growth / (JUMPX_OFFSET_LEN - JUMP_OFFSET_LEN), cg->numSpanDeps, sd2 = FindNearestSpanDep(cg, target, if (!js_SetSrcNoteOffset(cx, cg, noteIndex, i, span)) jmp = js_Emit3(cx, cg, op, JUMP_OFFSET_HI(off), JUMP_OFFSET_LO(off)); pc = CG_CODE(cg, jmp); if (!AddSpanDep(cx, cg, pc, pc, off)) if (!BuildSpanDepTable(cx, cg)) return SetSpanDepTarget(cx, cg, GetSpanDep(cg, pc), off); stmt->flags = 0; stmt->blockid = tc->blockid(); stmt->label = NULL; JS_ASSERT(!stmt->blockObj); stmt->down = tc->topStmt; if (STMT_LINKS_SCOPE(stmt)) { tc->topScopeStmt = stmt; stmt->downScope = NULL; js_PushStatement(tc, stmt, STMT_BLOCK, top); stmt->flags |= SIF_SCOPE; stmt->downScope = tc->topScopeStmt; tc->topScopeStmt = stmt; depth = cg->stackDepth; if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) if (EmitBackPatchOp(cx, cg, JSOP_BACKPATCH, &GOSUBS(*stmt)) < 0) if (js_Emit1(cx, cg, JSOP_LEAVEWITH) < 0) if (js_Emit1(cx, cg, JSOP_ENDITER) < 0) if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) i = OBJ_BLOCK_COUNT(cx, stmt->blockObj); if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) cg->stackDepth = depth; if (!EmitNonLocalJumpFixup(cx, cg, toStmt)) index = js_NewSrcNote2(cx, cg, noteType, (ptrdiff_t) ALE_INDEX(label)); valueAtom = js_AtomizeDouble(cx, dval); ale = cg->constList.add(cg->compiler, atom); JS_ASSERT(cg->flags & TCF_COMPILE_N_GO); ok = OBJ_LOOKUP_PROPERTY(cx, obj, ATOM_TO_JSID(atom), &objbox, ok = OBJ_GET_ATTRIBUTES(cx, obj, ATOM_TO_JSID(atom), prop, ok = OBJ_GET_PROPERTY(cx, obj, ATOM_TO_JSID(atom), vp); OBJ_DROP_PROPERTY(cx, objbox, prop); } while ((cg = (JSCodeGenerator *) cg->parent) != NULL); if (js_Emit1(cx, cg, (JSOp)(JSOP_INDEXBASE1 + indexBase - 1)) < 0) if (js_Emit2(cx, cg, JSOP_INDEXBASE, (JSOp)indexBase) < 0) bigSuffix = EmitBigIndexPrefix(cx, cg, index); return bigSuffix == JSOP_NOP || js_Emit1(cx, cg, bigSuffix) >= 0; return js_Emit1(cx, cg, JSOP_LENGTH) >= 0; ale = cg->atomList.add(cg->compiler, pn->pn_atom); return EmitIndexOp(cx, op, ALE_INDEX(ale), cg); return EmitIndexOp(cx, op, cg->objectList.index(objbox), cg); JS_ASSERT((jsuint) slot < cg->maxStackDepth); slot += cg->fun->u.i.nvars; js_ReportCompileErrorNumber(cx, CG_TS(cg), NULL, slot = -1; if (!EmitObjectOp(cx, pn->pn_objbox, JSOP_ENTERBLOCK, cg)) JSObject *blockObj = pn->pn_objbox->object; jsint depth = AdjustBlockSlot(cx, cg, OBJ_BLOCK_DEPTH(cx, blockObj)); limit = slot + OBJ_BLOCK_COUNT(cx, blockObj); js_ReallocSlots(cx, blockObj, JSSLOT_FREE(&js_BlockClass), JS_TRUE); JSContext *cx = cg->compiler->context; uintN upvarLevel = fun->u.i.script->staticLevel; JSLocalKind localKind = js_LookupLocal(cx, fun, atom, &index); JS_ASSERT(cg->staticLevel > upvarLevel); JSAtomListElement *ale = cg->upvarList.lookup(atom); !js_AddLocal(cx, cg->fun, atom, JSLOCAL_UPVAR)) { ale = cg->upvarList.add(cg->compiler, atom); JS_ASSERT(ALE_INDEX(ale) == cg->upvarList.count - 1); uint32 *vector = cg->upvarMap.vector; uint32 length = cg->upvarMap.length; JS_ASSERT(ALE_INDEX(ale) <= length); if (ALE_INDEX(ale) == length) { length = 2 * JS_MAX(2, length); vector = (uint32 *) JS_realloc(cx, vector, length * sizeof *vector); cg->upvarMap.vector = vector; cg->upvarMap.length = length; vector[ALE_INDEX(ale)] = MAKE_UPVAR_COOKIE(skip, index); pn->pn_op = JSOP_GETUPVAR; pn->pn_cookie = MAKE_UPVAR_COOKIE(cg->staticLevel, ALE_INDEX(ale)); pn->pn_dflags |= PND_BOUND; JS_ASSERT(pn->pn_type == TOK_NAME); JS_ASSERT(pn->pn_op != JSOP_ARGUMENTS && pn->pn_op != JSOP_CALLEE); JS_ASSERT(pn->pn_cookie == FREE_UPVAR_COOKIE); pn->pn_dflags |= (dn->pn_dflags & PND_CONST); op = PN_OP(pn); JS_ASSERT(JOF_OPTYPE(op) == JOF_ATOM); cookie = dn->pn_cookie; JS_ASSERT(cg->flags & TCF_COMPILE_N_GO); pn->pn_op = JSOP_FALSE; pn->pn_dflags |= PND_BOUND; if (pn->isConst()) pn->pn_op = op = JSOP_NAME; JS_ASSERT(cg->flags & TCF_COMPILE_N_GO); ? STOBJ_GET_PARENT(FUN_OBJECT(cg->fun)) return MakeUpvarForEval(pn, cg); case JSOP_NAME: op = JSOP_GETGVAR; break; case JSOP_SETNAME: op = JSOP_SETGVAR; break; case JSOP_INCNAME: op = JSOP_INCGVAR; break; case JSOP_NAMEINC: op = JSOP_GVARINC; break; case JSOP_DECNAME: op = JSOP_DECGVAR; break; case JSOP_NAMEDEC: op = JSOP_GVARDEC; break; pn->pn_op = op; pn->pn_cookie = cookie; pn->pn_dflags |= PND_BOUND; uintN level = UPVAR_FRAME_SKIP(cookie); JS_ASSERT(cg->staticLevel >= level); JS_ASSERT(cg->staticLevel >= level); pn->pn_op = JSOP_GETUPVAR; pn->pn_cookie = cookie; pn->pn_dflags |= PND_BOUND; return MakeUpvarForEval(pn, cg); JS_ASSERT(cg->flags & TCF_IN_FUNCTION); JS_ASSERT(cg->lexdeps.lookup(atom)); if (FUN_FLAT_CLOSURE(cg->fun)) { op = JSOP_GETDSLOT; op = JSOP_GETUPVAR; ale = cg->upvarList.lookup(atom); index = ALE_INDEX(ale); if (!js_AddLocal(cx, cg->fun, atom, JSLOCAL_UPVAR)) ale = cg->upvarList.add(cg->compiler, atom); index = ALE_INDEX(ale); JS_ASSERT(index == cg->upvarList.count - 1); uint32 *vector = cg->upvarMap.vector; uint32 length = cg->lexdeps.count; if (!vector || cg->upvarMap.length != length) vector = (UpvarCookie *) js_realloc(vector, length * sizeof *vector); JS_ReportOutOfMemory(cx); cg->upvarMap.vector = vector; cg->upvarMap.length = length; pn->pn_op = op; pn->pn_cookie = index; pn->pn_dflags |= PND_BOUND; case JSOP_NAME: op = JSOP_GETLOCAL; break; case JSOP_SETNAME: op = JSOP_SETLOCAL; break; case JSOP_INCNAME: op = JSOP_INCLOCAL; break; case JSOP_NAMEINC: op = JSOP_LOCALINC; break; case JSOP_DECNAME: op = JSOP_DECLOCAL; break; case JSOP_NAMEDEC: op = JSOP_LOCALDEC; break; case JSOP_FORNAME: op = JSOP_FORLOCAL; break; case JSOP_NAME: op = JSOP_GETARG; break; case JSOP_SETNAME: op = JSOP_SETARG; break; case JSOP_INCNAME: op = JSOP_INCARG; break; case JSOP_NAMEINC: op = JSOP_ARGINC; break; case JSOP_DECNAME: op = JSOP_DECARG; break; case JSOP_NAMEDEC: op = JSOP_ARGDEC; break; case JSOP_FORNAME: op = JSOP_FORARG; break; JS_ASSERT(!pn->isConst()); JS_ASSERT(op != JSOP_CALLEE); JS_ASSERT((cg->fun->flags & JSFUN_LAMBDA) && atom == cg->fun->atom); JS_ASSERT(op != JSOP_DELNAME); op = JSOP_CALLEE; pn->pn_dflags |= PND_CONST; pn->pn_op = op; pn->pn_dflags |= PND_BOUND; case JSOP_NAME: op = JSOP_GETLOCAL; break; case JSOP_SETNAME: op = JSOP_SETLOCAL; break; case JSOP_SETCONST: op = JSOP_SETLOCAL; break; case JSOP_INCNAME: op = JSOP_INCLOCAL; break; case JSOP_NAMEINC: op = JSOP_LOCALINC; break; case JSOP_DECNAME: op = JSOP_DECLOCAL; break; case JSOP_NAMEDEC: op = JSOP_LOCALDEC; break; case JSOP_FORNAME: op = JSOP_FORLOCAL; break; JS_ASSERT(op != PN_OP(pn)); pn->pn_op = op; pn->pn_cookie = UPVAR_FRAME_SLOT(cookie); pn->pn_dflags |= PND_BOUND; JSAtomListElement *ale = cg->atomList.add(cg->compiler, pn->pn_atom); if (!EmitIndexOp(cx, JSOP_QNAMEPART, ALE_INDEX(ale), cg)) JS_ASSERT(pn->pn_arity == PN_NAME); pn2 = pn->maybeExpr(); if (!BindNameToSlot(cx, cg, pn2)) top = CG_OFFSET(cg); if (!js_EmitTree(cx, cg, pndown)) if (js_NewSrcNote2(cx, cg, SRC_PCBASE, if (!EmitSpecialPropOp(cx, pndot, JSOP_GETELEM, cg)) } else if (!EmitAtomOp(cx, pndot, PN_OP(pndot), cg)) { if (!js_EmitTree(cx, cg, pn2)) if (js_NewSrcNote2(cx, cg, SRC_PCBASE, JSParseNode *left, *right, *next, ltmp, rtmp; JS_ASSERT(pn->pn_op == JSOP_GETELEM); JS_ASSERT(pn->pn_count >= 3); left = pn->pn_head; right = pn->last(); next = left->pn_next; JS_ASSERT(next != right); if (!BindNameToSlot(cx, cg, left)) next = left->pn_next; JS_ASSERT(next != right || pn->pn_count == 3); if (!js_EmitTree(cx, cg, left)) if (!js_EmitTree(cx, cg, next)) left = <mp; JS_ASSERT(ATOM_IS_STRING(pn->pn_atom)); right->pn_op = js_IsIdentifier(ATOM_TO_STRING(pn->pn_atom)) JS_ASSERT(pn->pn_arity == PN_BINARY); if (!BindNameToSlot(cx, cg, left)) if (!js_EmitTree(cx, cg, left)) if (!js_EmitTree(cx, cg, right)) return js_Emit1(cx, cg, JSOP_ZERO) >= 0; return js_Emit1(cx, cg, JSOP_ONE) >= 0; return js_Emit2(cx, cg, JSOP_INT8, (jsbytecode)(int8)ival) >= 0; off = js_EmitN(cx, cg, JSOP_UINT24, 3); pc = CG_CODE(cg, off); off = js_EmitN(cx, cg, JSOP_INT32, 4); pc = CG_CODE(cg, off); atom = js_AtomizeDouble(cx, dval); ale = cg->atomList.add(cg->compiler, atom); return EmitIndexOp(cx, JSOP_DOUBLE, ALE_INDEX(ale), cg); JSStmtInfo *stmtInfo) count = OBJ_BLOCK_COUNT(cx, pn2->pn_objbox->object); js_PushBlockScope(cg, stmtInfo, pn2->pn_objbox->object, -1); stmtInfo->type = STMT_SWITCH; if (!EmitEnterBlock(cx, pn2, cg)) if (!js_EmitTree(cx, cg, pn->pn_left)) js_PushStatement(cg, stmtInfo, STMT_SWITCH, top); atom = js_AtomizeDouble(cx, d); ok = LookupCompileTimeConstant(cx, cg, pn4->pn_atom, &v); atom = js_AtomizeDouble(cx, d); JS_malloc(cx, ok = LookupCompileTimeConstant(cx, cg, pn4->pn_atom, &v); JS_free(cx, intmap); noteIndex = js_NewSrcNote3(cx, cg, SRC_SWITCH, 0, 0); if (js_EmitN(cx, cg, switchOp, switchSize) < 0) if (pn4 && !js_EmitTree(cx, cg, pn4)) if (!js_SetSrcNoteOffset(cx, cg, (uintN)caseNoteIndex, 0, caseNoteIndex = js_NewSrcNote2(cx, cg, SRC_PCDELTA, 0); off = EmitJump(cx, cg, JSOP_CASE, 0); noteCount = CG_NOTE_COUNT(cg); if (!js_SetSrcNoteOffset(cx, cg, (uintN)noteIndex, 1, noteCountDelta = CG_NOTE_COUNT(cg) - noteCount; !js_SetSrcNoteOffset(cx, cg, (uintN)caseNoteIndex, 0, defaultOffset = EmitJump(cx, cg, JSOP_DEFAULT, 0); pc = CG_CODE(cg, top + JUMP_OFFSET_LEN); table = (JSParseNode **) JS_malloc(cx, tableSize); if (!AddSwitchSpanDeps(cx, cg, CG_CODE(cg, top))) savepc = CG_NEXT(cg); if (js_NewSrcNote2(cx, cg, SRC_LABEL, (ptrdiff_t) if (js_NewSrcNote2(cx, cg, SRC_LABEL, (ptrdiff_t) ok = js_EmitTree(cx, cg, pn4); off = CG_OFFSET(cg) - top; ok = js_SetJumpOffset(cx, cg, CG_CODE(cg, defaultOffset), ok = js_SetJumpOffset(cx, cg, pc, off); off = CG_OFFSET(cg) - top; ok = js_SetSrcNoteOffset(cx, cg, (uintN)noteIndex, 0, off); ale = cg->atomList.add(cg->compiler, pn->pn_atom); if (!UpdateLineNumberNotes(cx, cg, pn->pn_pos.begin.lineno)) CG_SWITCH_TO_MAIN(cg); if (!emitter(cx, cg, prologOp, pn2)) if (!emitter(cx, cg, prologOp, pn3)) pn = pn->pn_kid; if (!EmitDestructuringOpsHelper(cx, cg, pn)) if (!BindNameToSlot(cx, cg, pn)) if (pn->isConst() && !pn->isInitialized()) return js_Emit1(cx, cg, JSOP_POP) >= 0; if (!EmitElemOp(cx, pn, JSOP_ENUMELEM, cg)) if (!EmitElemOp(cx, pn, JSOP_ENUMCONSTELEM, cg)) top = CG_OFFSET(cg); if (!js_EmitTree(cx, cg, pn)) if (js_Emit1(cx, cg, JSOP_ENUMELEM) < 0) intN stackDepth = cg->stackDepth; JS_ASSERT(stackDepth != 0); if (js_Emit1(cx, cg, JSOP_DUP) < 0) if (!EmitNumberOp(cx, index, cg)) JS_ASSERT(pn2->pn_type == TOK_COLON); if (js_NewSrcNote(cx, cg, SRC_INITPROP) < 0) if (!EmitNumberOp(cx, pn3->pn_dval, cg)) pn3 = pn2->pn_right; if (js_Emit1(cx, cg, JSOP_GETELEM) < 0) JS_ASSERT(cg->stackDepth == stackDepth + 1); JS_ASSERT(pn2 == pn3); for (pn2 = pn->pn_head; pn2; pn2 = pn2->pn_next) { pn3 = pn2; if (!EmitDestructuringLHS(cx, cg, pn3)) JS_ASSERT(cg->stackDepth == stackDepth); JS_ASSERT(cg->stackDepth == stackDepth + 1); if (!EmitDestructuringLHS(cx, cg, pn3)) return EmitDestructuringOpsHelper(cx, cg, pn); depth = limit = (uintN) cg->stackDepth; if (!js_EmitTree(cx, cg, pn)) i = depth; JS_ASSERT(i < limit); jsint slot = AdjustBlockSlot(cx, cg, i); if (js_Emit1(cx, cg, JSOP_POP) < 0) if (!EmitDestructuringLHS(cx, cg, pn)) JS_ASSERT(pn->pn_type == TOK_ASSIGN); JSParseNode *pn, JSOp *pop) lhs = pn->pn_left; if (!EmitGroupAssignment(cx, cg, prologOp, lhs, rhs)) JSParseNode *lhs, JSParseNode *rhs) for (pn = lhs->pn_head; pn; pn = pn->pn_next, ++i) { if (!EmitDestructuringLHS(cx, cg, pn)) off = noteIndex = -1; if (!EmitDestructuringDecls(cx, cg, PN_OP(pn), pn2)) JS_ASSERT(pn2->pn_left->pn_type == TOK_NAME); JS_ASSERT(noteIndex < 0 && !pn2->pn_next); if (!MaybeEmitGroupAssignment(cx, cg, pn2, &op)) { JSParseNode *pn, JSOp *pop) pn2, &op)) { JSParseNode *pn, JSOp *pop) pn2, &op)) { JSParseNode *pn, JSOp *pop) pn2, &op)) { if (!EmitDestructuringDecls(cx, cg, PN_OP(pn), pn3)) if (!js_EmitTree(cx, cg, pn2->pn_right)) pn3 = pn2->maybeExpr(); if (!BindNameToSlot(cx, cg, pn2)) if (!MaybeEmitVarDecl(cx, cg, PN_OP(pn), pn2, &atomIndex)) !js_DefineCompileTimeConstant(cx, cg, pn2->pn_atom, pn3)) { if (!js_EmitTree(cx, cg, pn3)) js_NewSrcNote2(cx, cg, SRC_DECL, if (js_Emit1(cx, cg, op) < 0) tmp = CG_OFFSET(cg); if (!js_SetSrcNoteOffset(cx, cg, (uintN)noteIndex, 0, tmp-off)) noteIndex = js_NewSrcNote2(cx, cg, SRC_PCDELTA, 0); index = CG_NOTE_COUNT(cg); if (((uintN)index & CG_NOTE_MASK(cg)) == 0) { if (!CG_NOTES(cg)) { js_ReportOutOfScriptQuota(cx); return -1; return index; index = AllocSrcNote(cx, cg); if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) if (EmitBackPatchOp(cx, cg, JSOP_BACKPATCH, &GOSUBS(*stmt)) < 0) return -1; sn = &CG_NOTES(cg)[index]; offset = CG_OFFSET(cg); delta = offset - CG_LAST_NOTE_OFFSET(cg); if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) if (!EmitNonLocalJumpFixup(cx, cg, toStmt)) index = js_NewSrcNote2(cx, cg, noteType, (ptrdiff_t) ALE_INDEX(label)); index = AllocSrcNote(cx, cg); return -1; sn = &CG_NOTES(cg)[index]; if (js_NewSrcNote(cx, cg, SRC_HIDDEN) < 0) if (!EmitNonLocalJumpFixup(cx, cg, toStmt)) index = js_NewSrcNote2(cx, cg, noteType, (ptrdiff_t) ALE_INDEX(label)); if (js_NewSrcNote(cx, cg, SRC_NULL) < 0) return -1; return index; index = js_NewSrcNote(cx, cg, type); if (!js_SetSrcNoteOffset(cx, cg, index, 0, offset)) return -1; noteIndex = js_NewSrcNote2(cx, cg, SRC_PCDELTA, 0); JS_ASSERT(noteIndex < 0 && !pn2->pn_next); pn2, &op)) { JSParseNode *pn, JSOp *pop) pn2, &op)) { pn3 = pn2->maybeExpr(); if (!BindNameToSlot(cx, cg, pn2)) return index; noteIndex = js_NewSrcNote2(cx, cg, SRC_PCDELTA, 0); JS_ASSERT(noteIndex < 0 && !pn2->pn_next); pn2, &op)) { JSParseNode *pn, JSOp *pop) pn2, &op)) { pn3 = pn2->maybeExpr(); if (!BindNameToSlot(cx, cg, pn2)) if (!js_SetSrcNoteOffset(cx, cg, index, 0, offset1)) if (!js_SetSrcNoteOffset(cx, cg, index, 1, offset2)) js_ReportOutOfScriptQuota(cx); sn = &CG_NOTES(cg)[index]; JS_ASSERT(SN_TYPE(sn) != SRC_XDELTA); for (sn++; which; sn++, which--) { if (((CG_NOTE_COUNT(cg) + 1) & CG_NOTE_MASK(cg)) <= 1) { index = PTRDIFF(sn, CG_NOTES(cg), jssrcnote); if (!GrowSrcNotes(cx, cg)) if (!js_SetSrcNoteOffset(cx, cg, index, 0, offset)) if (js_NewSrcNote2(cx, cg, SRC_PCBASE, CG_OFFSET(cg) - top) < 0) if (!EmitDestructuringLHS(cx, cg, pn3)) if (!js_SetSrcNoteOffset(cx, cg, index, 0, offset1)) noteIndex = js_NewSrcNote3(cx, cg, SRC_SWITCH, 0, 0); if (js_EmitN(cx, cg, switchOp, switchSize) < 0) sn = CG_NOTES(cg) + index; diff = CG_NOTE_COUNT(cg) - (index + 3); if (!js_SetSrcNoteOffset(cx, cg, noteIndex, i, span)) sd2 = FindNearestSpanDep(cg, target, sn += 2; index = PTRDIFF(sn, CG_NOTES(cg), jssrcnote); if (((CG_NOTE_COUNT(cg) + 1) & CG_NOTE_MASK(cg)) <= 1) { sn = CG_NOTES(cg) + index; diff = CG_NOTE_COUNT(cg) - (index + 3); JS_ASSERT(diff >= 0); memmove(sn + 3, sn + 1, SRCNOTE_SIZE(diff)); 0 --------------------------------- 14278 CVE-2013-1705/Firefox_18.0_CVE_2013_1705_security_manager_ssl_src_nsCrypto.cpp String_Termination_Error 378 JSAutoByteString params, keyGenAlg; keyGenAlg.encode(cx, jsString); NS_ENSURE_TRUE(!!keyGenAlg, NS_ERROR_OUT_OF_MEMORY); keyGenType->keyGenType = cryptojs_interpret_key_gen_type(keyGenAlg.ptr()); static nsKeyGenType cryptojs_interpret_key_gen_type(char *keyAlg) char *end; if (keyAlg == nullptr) return invalidKeyGen; while (isspace(keyAlg[0])) keyAlg++; end = strchr(keyAlg, '\0'); if (end == nullptr) return invalidKeyGen; end--; while (isspace(*end)) end--; end[1] = '\0'; if (strcmp(keyAlg, "rsa-ex") == 0) { return rsaEnc; } else if (strcmp(keyAlg, "rsa-dual-use") == 0) { return rsaDualUse; } else if (strcmp(keyAlg, "rsa-sign") == 0) { return rsaSign; } else if (strcmp(keyAlg, "rsa-sign-nonrepudiation") == 0) { return rsaSignNonrepudiation; } else if (strcmp(keyAlg, "rsa-nonrepudiation") == 0) { return rsaNonrepudiation; } else if (strcmp(keyAlg, "ec-ex") == 0) { return ecEnc; } else if (strcmp(keyAlg, "ec-dual-use") == 0) { return ecDualUse; } else if (strcmp(keyAlg, "ec-sign") == 0) { return ecSign; } else if (strcmp(keyAlg, "ec-sign-nonrepudiation") == 0) { return ecSignNonrepudiation; } else if (strcmp(keyAlg, "ec-nonrepudiation") == 0) { return ecNonrepudiation; } else if (strcmp(keyAlg, "dsa-sign-nonrepudiation") == 0) { return dsaSignNonrepudiation; } else if (strcmp(keyAlg, "dsa-sign") ==0 ){ return dsaSign; } else if (strcmp(keyAlg, "dsa-nonrepudiation") == 0) { return dsaNonrepudiation; } else if (strcmp(keyAlg, "dh-ex") == 0) { return dhEx; return invalidKeyGen; if (keyGenType->keyGenType == invalidKeyGen) JS_ReportError(cx, "%s%s%s", JS_ERROR, "invalid key generation argument:", keyGenAlg.ptr()); goto loser; if (*slot == nullptr) *slot = nsGetSlotForKeyGen(keyGenType->keyGenType, uiCxt); if (*slot == nullptr) goto loser; rv = cryptojs_generateOneKeyPair(cx,keyGenType,keySize,params.ptr(),uiCxt, *slot,willEscrow); if (rv != NS_OK) JS_ReportError(cx,"%s%s%s", JS_ERROR, "could not generate the key for algorithm ", keyGenAlg.ptr()); goto loser; return NS_OK; loser: return NS_ERROR_FAILURE; 1 --------------------------------- 14279 CVE-2013-1705/Firefox_18.0_CVE_2013_1705_security_manager_ssl_src_nsCrypto.cpp String_Termination_Error 378 JSAutoByteString params; nsDependentJSString dependentKeyGenAlg; NS_ENSURE_TRUE(dependentKeyGenAlg.init(cx, jsString), NS_ERROR_UNEXPECTED); nsAutoString keyGenAlg(dependentKeyGenAlg); keyGenAlg.Trim("\r\n\t "); keyGenType->keyGenType = cryptojs_interpret_key_gen_type(keyGenAlg); static nsKeyGenType cryptojs_interpret_key_gen_type(char *keyAlg) if (keyAlg.EqualsLiteral("rsa-ex")) return rsaEnc; if (keyAlg.EqualsLiteral("rsa-dual-use")) return rsaDualUse; return rsaSign; if (keyAlg.EqualsLiteral("rsa-sign-nonrepudiation")) return rsaSignNonrepudiation; if (keyAlg.EqualsLiteral("rsa-nonrepudiation")) return rsaNonrepudiation; if (keyAlg.EqualsLiteral("ec-ex")) { return ecEnc; if (keyAlg.EqualsLiteral("ec-dual-use")) { return ecDualUse; if (keyAlg.EqualsLiteral("ec-sign")) return ecSign; if (keyAlg.EqualsLiteral("ec-sign-nonrepudiation")) return ecSignNonrepudiation; if (keyAlg.EqualsLiteral("ec-nonrepudiation")) return ecNonrepudiation; if (keyAlg.EqualsLiteral("dsa-sign-nonrepudiation")) return dsaSignNonrepudiation; if (keyAlg.EqualsLiteral("dsa-sign")) return dsaSign; if (keyAlg.EqualsLiteral("dsa-nonrepudiation")) return dsaNonrepudiation; if (keyAlg.EqualsLiteral("dh-ex")) return dhEx; return invalidKeyGen; if (keyGenType->keyGenType == invalidKeyGen) NS_LossyConvertUTF16toASCII keyGenAlgNarrow(dependentKeyGenAlg); JS_ReportError(cx, "%s%s%s", JS_ERROR, "invalid key generation argument:", keyGenAlgNarrow.get()); goto loser; if (*slot == nullptr) *slot = nsGetSlotForKeyGen(keyGenType->keyGenType, uiCxt); if (*slot == nullptr) goto loser; rv = cryptojs_generateOneKeyPair(cx,keyGenType,keySize,params.ptr(),uiCxt, *slot,willEscrow); if (rv != NS_OK) NS_LossyConvertUTF16toASCII keyGenAlgNarrow(dependentKeyGenAlg); JS_ReportError(cx,"%s%s%s", JS_ERROR, "could not generate the key for algorithm ", keyGenAlgNarrow.get()); goto loser; return NS_OK; loser: return NS_ERROR_FAILURE; 0 --------------------------------- 14280 CVE-2015-2739/Firefox_38.8.0esr_CVE_2015_2739_dom_base_nsXMLHttpRequest.cpp Buffer_Overflow_boundedcpy 4047 bool ArrayBufferBuilder::append(const uint8_t *aNewData, uint32_t aDataLen, uint32_t aMaxGrowth) if (mLength + aDataLen > mCapacity) uint32_t newcap; if (!aMaxGrowth || mCapacity < aMaxGrowth) newcap = mCapacity * 2; else newcap = mCapacity + aMaxGrowth; if (newcap < mLength + aDataLen) newcap = mLength + aDataLen; if (newcap < mCapacity) return false; if (!setCapacity(newcap)) { return false; MOZ_ASSERT(!areOverlappingRegions(aNewData, aDataLen, mDataPtr + mLength, aDataLen)); uint32_t aLength2) memcpy(mDataPtr + mLength, aNewData, aDataLen); 1 --------------------------------- 14281 CVE-2015-2739/Firefox_38.8.0esr_CVE_2015_2739_dom_base_nsXMLHttpRequest.cpp Buffer_Overflow_boundedcpy 4047 bool ArrayBufferBuilder::append(const uint8_t *aNewData, uint32_t aDataLen, uint32_t aMaxGrowth) CheckedUint32 neededCapacity = mLength; neededCapacity += aDataLen; if (!neededCapacity.isValid()) return false; if (mLength + aDataLen > mCapacity) CheckedUint32 newcap = mCapacity; if (!aMaxGrowth || mCapacity < aMaxGrowth) newcap *= 2; else newcap += aMaxGrowth; if (!newcap.isValid()) return false; if (newcap.value() < neededCapacity.value()) newcap = neededCapacity; if (!setCapacity(newcap.value())) return false; MOZ_ASSERT(!areOverlappingRegions(aNewData, aDataLen, mDataPtr + mLength, aDataLen)); uint32_t aLength2) memcpy(mDataPtr + mLength, aNewData, aDataLen); 0 --------------------------------- 14282 CVE-2015-7203/Firefox_42.0b9_CVE_2015_7203_gfx_thebes_gfxDWriteFontList.cpp Buffer_Overflow_boundedcpy 1513 DirectWriteFontInfo::LoadFontFamilyData(const nsAString& aFamilyName) nsAutoTArray famName; uint32_t len = aFamilyName.Length(); famName.SetLength(len + 1, fallible); memcpy(famName.Elements(), aFamilyName.BeginReading(), len * sizeof(char16_t)); 1 --------------------------------- 14283 CVE-2015-7203/Firefox_42.0b9_CVE_2015_7203_gfx_thebes_gfxDWriteFontList.cpp Buffer_Overflow_boundedcpy 1513 DirectWriteFontInfo::LoadFontFamilyData(const nsAString& aFamilyName) nsAutoTArray famName; uint32_t len = aFamilyName.Length(); if(!famName.SetLength(len + 1, fallible)) return; memcpy(famName.Elements(), aFamilyName.BeginReading(), len * sizeof(char16_t)); 0 --------------------------------- 14284 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c String_Termination_Error 409 static gboolean logcat_dump_text(wtap_dumper *wdh, const struct wtap_pkthdr *phdr, const guint8 *pd, int *err) gchar *buf; gint length; gchar priority; const gchar *tag; const gint *pid; const gint *tid; const gchar *log; gchar *log_part; const gchar *str_begin; const gchar *str_end; const guint32 *datetime; const guint32 *nanoseconds; const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header; const struct dumper_t *dumper = (const struct dumper_t *) wdh->priv; if (pseudo_header->logcat.version == 1) pid = (const gint *) (pd + 4); tid = (const gint *) (pd + 2 * 4); datetime = (const guint32 *) (pd + 3 * 4); nanoseconds = (const guint32 *) (pd + 4 * 4); priority = get_priority((const guint8 *) (pd + 5 * 4)); tag = (const gchar *) (pd + 5 * 4 + 1); log = tag + strlen(tag) + 1; else if (pseudo_header->logcat.version == 2) pid = (const gint *) (pd + 4); tid = (const gint *) (pd + 2 * 4); datetime = (const guint32 *) (pd + 3 * 4); nanoseconds = (const guint32 *) (pd + 4 * 4); priority = get_priority((const guint8 *) (pd + 6 * 4)); tag = (const char *) (pd + 6 * 4 + 1); log = tag + strlen(tag) + 1; else *err = WTAP_ERR_UNSUPPORTED_ENCAP; return FALSE; str_begin = str_end = log; while (dumper->type != DUMP_LONG && (str_end = strchr(str_begin, '\n'))) { log_part = (gchar *) g_malloc(str_end - str_begin + 1); g_strlcpy(log_part, str_begin, str_end - str_begin); log_part[str_end - str_begin] = '\0'; str_begin = str_end + 1; buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, priority, tag, log_part); if (!buf) g_free(log_part); return FALSE; g_free(log_part); length = (guint32)strlen(buf); if (!wtap_dump_file_write(wdh, buf, length, err)) g_free(buf); return FALSE; wdh->bytes_dumped += length; g_free(buf); if (*str_begin != '\0') log_part = (gchar *) g_malloc(strlen(str_begin) + 1); g_strlcpy(log_part, str_begin, strlen(str_begin)); log_part[strlen(str_begin)] = '\0'; buf = logcat_log(dumper, *datetime, *nanoseconds / 1000000, *pid, *tid, priority, tag, log_part); if (!buf) g_free(log_part); return FALSE; g_free(log_part); length = (guint32)strlen(buf); if (!wtap_dump_file_write(wdh, buf, length, err)) g_free(buf); return FALSE; wdh->bytes_dumped += length; g_free(buf); return TRUE; 1 --------------------------------- 14285 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c String_Termination_Error 409 static gboolean logcat_dump_text(wtap_dumper *wdh, const struct wtap_pkthdr *phdr, const guint8 *pd, int *err) gchar *buf; gint length; gchar priority; const struct logger_entry *log_entry = (struct logger_entry *) pd; const struct logger_entry_v2 *log_entry_v2 = (struct logger_entry_v2 *) pd; gint payload_length; const gchar *tag; gint32 pid; gint32 tid; gint32 seconds; gint32 milliseconds; const gchar *msg_begin; gint msg_pre_skip; gchar *log; gchar *log_part; const union wtap_pseudo_header *pseudo_header = &phdr->pseudo_header; const struct dumper_t *dumper = (const struct dumper_t *) wdh->priv; payload_length = GINT32_FROM_LE(log_entry->len); pid = GINT32_FROM_LE(log_entry->pid); tid = GINT32_FROM_LE(log_entry->tid); seconds = GINT32_FROM_LE(log_entry->sec); milliseconds = GINT32_FROM_LE(log_entry->nsec) / 1000000; if (pseudo_header->logcat.version == 1) priority = get_priority(log_entry->msg[0]); tag = log_entry->msg + 1; msg_pre_skip = 1 + strlen(tag) + 1; msg_begin = log_entry->msg + msg_pre_skip; else if (pseudo_header->logcat.version == 2) priority = get_priority(log_entry_v2->msg[0]); tag = log_entry_v2->msg + 1; msg_pre_skip = 1 + strlen(tag) + 1; msg_begin = log_entry_v2->msg + msg_pre_skip; else *err = WTAP_ERR_UNSUPPORTED_ENCAP; return FALSE; log = g_strndup(msg_begin, payload_length - msg_pre_skip); log_next = log; do log_part = log_next; if (dumper->type == DUMP_LONG) log_next = NULL; else log_next = strchr(log_part, '\n'); if (log_next != NULL) *log_next = '\0'; ++log_next; if (*log_next == '\0') log_next = NULL; buf = logcat_log(dumper, seconds, milliseconds, pid, tid, priority, tag, log_part); if (!buf) g_free(log); return FALSE; length = (guint32)strlen(buf); if (!wtap_dump_file_write(wdh, buf, length, err)) g_free(log); return FALSE; wdh->bytes_dumped += length; while (log_next != NULL); g_free(log); return TRUE; 0 --------------------------------- 14286 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c String_Termination_Error 151 guint16 tmp; bytes_read = file_read(&tmp, 2, wth->fh); payload_length = pletoh16(&tmp); try_header_size = pletoh16(&tmp); buffer = (guint8 *) g_malloc(5 * 4 + payload_length); bytes_read = file_read(buffer, 5 * 4 + payload_length, wth->fh); if (bytes_read != 5 * 4 + payload_length) if (bytes_read != 4 * 4 + payload_length) *err = file_error(wth->fh, err_info); if (*err == 0 && bytes_read != 0) *err = WTAP_ERR_SHORT_READ; g_free(buffer); return -1; if (try_header_size == 24) tag_length = (guint32)strlen(buffer + 5 * 4 + 1) + 1; log_length = (guint32)strlen(buffer + 5 * 4 + 1 + tag_length) + 1; if (payload_length == 1 + tag_length + log_length) g_free(buffer); return 2; tag_length = (guint32)strlen(buffer + 4 * 4 + 1) + 1; log_length = (guint32)strlen(buffer + 4 * 4 + 1 + tag_length) + 1; if (payload_length == 1 + tag_length + log_length) if (file_seek(wth->fh, file_offset + 4 * 4 + 1 + tag_length + log_length, SEEK_SET, err) == -1) g_free(buffer); return -1; g_free(buffer); return 1; g_free(buffer); return 0; 1 --------------------------------- 14287 CVE-2015-3815/Wireshark_1.12.4_CVE_2015_3815_wiretap_logcat.c String_Termination_Error 151 guint16 tmp; bytes_read = file_read(&tmp, 2, wth->fh); payload_length = pletoh16(&tmp); hdr_size = pletoh16(&tmp); read_sofar = 4; if (payload_length < 3) return -1; if (payload_length > LOGGER_ENTRY_MAX_PAYLOAD) return -1; buffer = (guint8 *) g_malloc(sizeof(*log_entry_v2) + payload_length); log_entry_v2 = (struct logger_entry_v2 *) buffer; log_entry = (struct logger_entry *) buffer; for (version = 1; version <= 2; ++version) if (version == 1) msg_payload = log_entry->msg; entry_len = sizeof(*log_entry) + payload_length; else if (version == 2) msg_payload = log_entry_v2->msg; entry_len = sizeof(*log_entry_v2) + payload_length; if (hdr_size != sizeof(*log_entry_v2)) continue; bytes_read = file_read(buffer + read_sofar, entry_len - read_sofar,wth->fh); if (bytes_read != entry_len - read_sofar) *err = file_error(wth->fh, err_info); if (*err == 0 && bytes_read != 0) *err = WTAP_ERR_SHORT_READ; version = -1; break; read_sofar += bytes_read; if (get_priority(msg_payload[0]) == '?') continue; msg_part = (guint8 *) memchr(msg_payload, '\0', payload_length - 1); if (msg_part == NULL) continue; ++msg_part; msg_len = payload_length - (msg_part - msg_payload); msg_end = (guint8 *) memchr(msg_part, '\0', msg_len); if (msg_end && (msg_payload + payload_length - 1 != msg_end)) continue; g_free(buffer); return version; g_free(buffer); return -1; 0 --------------------------------- 14288 1498/Figure2-33-windows.cpp Buffer_Overflow_Indexes 29 string str; cin >> str; cout << "str 1: " << str << endl; 0 --------------------------------- 14289 1956/HeapOverflow_Scope_good.cpp Buffer_Overflow_Indexes 25 int main(int argc, const char *argv[]) if (argc > 1){ const char *userstr=argv[1]; tester(userstr); void tester (const char *__str) { test[strlen(__str)%BUFSIZE]='a'; 0 --------------------------------- 14290 1962/HeapOverflow_ArrayIndex_good.cpp String_Termination_Error 43 return 0; t[i+1] = '\0'; return t; char *t = rand_text(); buf[strlen(t)%25]=t[strlen(t)-1]; 0 --------------------------------- 14291 1972/StackOverflow_good.cpp Buffer_Overflow_Indexes 22 char buf[MAXSIZE]; cin.width(MAXSIZE-1); cin>>buf; cout<<"result: "< 1){ const char *userstr=argv[1]; tester(userstr); void tester (const char *__str) { {test[strlen(__str)%BUFSIZE]='a'; 0 --------------------------------- 14293 102203/CWE415_Double_Free__no_assignment_op_01_bad.cpp Buffer_Overflow_cpycat 43 BadClass(BadClass &badClassObject) BadClass badClassObject1("One"), badClassObject2("Two"); this->data = new char[strlen(badClassObject.data) + 1]; strcpy(this->data, badClassObject.data); 0 --------------------------------- 14294 102203/CWE415_Double_Free__no_assignment_op_01_bad.cpp Buffer_Overflow_cpycat 21 BadClass(const char *data) this->data = new char[strlen(data) + 1]; strcpy(this->data, data); 0 --------------------------------- 14295 102203/CWE415_Double_Free__no_assignment_op_01_good1.cpp Buffer_Overflow_cpycat 21 GoodClass(const char *data) this->data = new char[strlen(data) + 1]; strcpy(this->data, data); 0 --------------------------------- 14296 102203/CWE415_Double_Free__no_assignment_op_01_good1.cpp Buffer_Overflow_cpycat 51 GoodClass& operator=(const GoodClass &goodClassObject) this->data = new char[strlen(goodClassObject.data) + 1]; strcpy(this->data, goodClassObject.data); 0 --------------------------------- 14297 102203/CWE415_Double_Free__no_assignment_op_01_good1.cpp Buffer_Overflow_cpycat 43 GoodClass goodClassObject1("One"), goodClassObject2("Two"); GoodClass(GoodClass &goodClassObject) this->data = new char[strlen(goodClassObject.data) + 1]; strcpy(this->data, goodClassObject.data); 0 --------------------------------- 14298 102204/CWE415_Double_Free__no_copy_const_01_bad.cpp Buffer_Overflow_cpycat 45 BadClass& operator=(const BadClass &badClassObject) this->data = new char[strlen(badClassObject.data) + 1]; strcpy(this->data, badClassObject.data); 0 --------------------------------- 14299 102204/CWE415_Double_Free__no_copy_const_01_bad.cpp Buffer_Overflow_cpycat 21 BadClass(const char *data) this->data = new char[strlen(data) + 1]; strcpy(this->data, data); 0 --------------------------------- 14300 102204/CWE415_Double_Free__no_copy_const_01_good1.cpp Buffer_Overflow_cpycat 43 this->data = new char[strlen(goodClassObject.data) + 1]; strcpy(this->data, goodClassObject.data); GoodClass goodClassObject("One"); GoodClass goodClassObjectCopy(goodClassObject); GoodClass(GoodClass &goodClassObject) this->data = new char[strlen(goodClassObject.data) + 1]; strcpy(this->data, goodClassObject.data); 0 --------------------------------- 14301 102204/CWE415_Double_Free__no_copy_const_01_good1.cpp Buffer_Overflow_cpycat 51 GoodClass& operator=(const GoodClass &goodClassObject) this->data = new char[strlen(goodClassObject.data) + 1]; strcpy(this->data, goodClassObject.data); 0 --------------------------------- 14302 102204/CWE415_Double_Free__no_copy_const_01_good1.cpp Buffer_Overflow_cpycat 21 GoodClass(const char *data) this->data = new char[strlen(data) + 1]; strcpy(this->data, data); 0 --------------------------------- 14303 102223/CWE416_Use_After_Free__malloc_free_char_43.cpp Buffer_Overflow_boundedcpy 55 data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); 0 --------------------------------- 14304 102223/CWE416_Use_After_Free__malloc_free_char_43.cpp Buffer_Overflow_boundedcpy 30 data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); 0 --------------------------------- 14305 102223/CWE416_Use_After_Free__malloc_free_char_43.cpp Buffer_Overflow_boundedcpy 75 data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); 0 --------------------------------- 14306 102224/CWE416_Use_After_Free__malloc_free_char_62.cpp Buffer_Overflow_boundedcpy 157 data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); 0 --------------------------------- 14307 102224/CWE416_Use_After_Free__malloc_free_char_62.cpp Buffer_Overflow_boundedcpy 143 data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); 0 --------------------------------- 14308 102224/CWE416_Use_After_Free__malloc_free_char_62.cpp Buffer_Overflow_boundedcpy 166 data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); 0 --------------------------------- 14309 102333/CWE416_Use_After_Free__malloc_free_wchar_t_43.cpp Buffer_Overflow_boundedcpy 75 data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); 0 --------------------------------- 14310 102333/CWE416_Use_After_Free__malloc_free_wchar_t_43.cpp Buffer_Overflow_boundedcpy 30 data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); 0 --------------------------------- 14311 102333/CWE416_Use_After_Free__malloc_free_wchar_t_43.cpp Buffer_Overflow_boundedcpy 55 data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); 0 --------------------------------- 14312 102334/CWE416_Use_After_Free__malloc_free_wchar_t_62.cpp Buffer_Overflow_boundedcpy 166 data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); 0 --------------------------------- 14313 102334/CWE416_Use_After_Free__malloc_free_wchar_t_62.cpp Buffer_Overflow_boundedcpy 157 data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); 0 --------------------------------- 14314 102334/CWE416_Use_After_Free__malloc_free_wchar_t_62.cpp Buffer_Overflow_boundedcpy 143 data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); 0 --------------------------------- 14315 102337/CWE416_Use_After_Free__new_delete_array_char_01.cpp Buffer_Overflow_boundedcpy 53 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14316 102337/CWE416_Use_After_Free__new_delete_array_char_01.cpp Buffer_Overflow_boundedcpy 68 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14317 102337/CWE416_Use_After_Free__new_delete_array_char_01.cpp Buffer_Overflow_boundedcpy 33 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14318 102338/CWE416_Use_After_Free__new_delete_array_char_02.cpp Buffer_Overflow_boundedcpy 61 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14319 102338/CWE416_Use_After_Free__new_delete_array_char_02.cpp Buffer_Overflow_boundedcpy 138 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14320 102338/CWE416_Use_After_Free__new_delete_array_char_02.cpp Buffer_Overflow_boundedcpy 117 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14321 102338/CWE416_Use_After_Free__new_delete_array_char_02.cpp Buffer_Overflow_boundedcpy 89 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14322 102338/CWE416_Use_After_Free__new_delete_array_char_02.cpp Buffer_Overflow_boundedcpy 35 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14323 102339/CWE416_Use_After_Free__new_delete_array_char_03.cpp Buffer_Overflow_boundedcpy 61 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14324 102339/CWE416_Use_After_Free__new_delete_array_char_03.cpp Buffer_Overflow_boundedcpy 138 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14325 102339/CWE416_Use_After_Free__new_delete_array_char_03.cpp Buffer_Overflow_boundedcpy 117 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14326 102339/CWE416_Use_After_Free__new_delete_array_char_03.cpp Buffer_Overflow_boundedcpy 89 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14327 102339/CWE416_Use_After_Free__new_delete_array_char_03.cpp Buffer_Overflow_boundedcpy 35 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14328 102340/CWE416_Use_After_Free__new_delete_array_char_04.cpp Buffer_Overflow_boundedcpy 95 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14329 102340/CWE416_Use_After_Free__new_delete_array_char_04.cpp Buffer_Overflow_boundedcpy 41 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14330 102340/CWE416_Use_After_Free__new_delete_array_char_04.cpp Buffer_Overflow_boundedcpy 67 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14331 102340/CWE416_Use_After_Free__new_delete_array_char_04.cpp Buffer_Overflow_boundedcpy 123 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14332 102340/CWE416_Use_After_Free__new_delete_array_char_04.cpp Buffer_Overflow_boundedcpy 144 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14333 102341/CWE416_Use_After_Free__new_delete_array_char_05.cpp Buffer_Overflow_boundedcpy 95 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14334 102341/CWE416_Use_After_Free__new_delete_array_char_05.cpp Buffer_Overflow_boundedcpy 41 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14335 102341/CWE416_Use_After_Free__new_delete_array_char_05.cpp Buffer_Overflow_boundedcpy 67 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14336 102341/CWE416_Use_After_Free__new_delete_array_char_05.cpp Buffer_Overflow_boundedcpy 123 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14337 102341/CWE416_Use_After_Free__new_delete_array_char_05.cpp Buffer_Overflow_boundedcpy 144 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14338 102342/CWE416_Use_After_Free__new_delete_array_char_06.cpp Buffer_Overflow_boundedcpy 66 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14339 102342/CWE416_Use_After_Free__new_delete_array_char_06.cpp Buffer_Overflow_boundedcpy 143 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14340 102342/CWE416_Use_After_Free__new_delete_array_char_06.cpp Buffer_Overflow_boundedcpy 40 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14341 102342/CWE416_Use_After_Free__new_delete_array_char_06.cpp Buffer_Overflow_boundedcpy 94 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14342 102342/CWE416_Use_After_Free__new_delete_array_char_06.cpp Buffer_Overflow_boundedcpy 122 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14343 102343/CWE416_Use_After_Free__new_delete_array_char_07.cpp Buffer_Overflow_boundedcpy 66 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14344 102343/CWE416_Use_After_Free__new_delete_array_char_07.cpp Buffer_Overflow_boundedcpy 143 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14345 102343/CWE416_Use_After_Free__new_delete_array_char_07.cpp Buffer_Overflow_boundedcpy 40 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14346 102343/CWE416_Use_After_Free__new_delete_array_char_07.cpp Buffer_Overflow_boundedcpy 94 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14347 102343/CWE416_Use_After_Free__new_delete_array_char_07.cpp Buffer_Overflow_boundedcpy 122 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14348 102344/CWE416_Use_After_Free__new_delete_array_char_08.cpp Buffer_Overflow_boundedcpy 130 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14349 102344/CWE416_Use_After_Free__new_delete_array_char_08.cpp Buffer_Overflow_boundedcpy 151 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14350 102344/CWE416_Use_After_Free__new_delete_array_char_08.cpp Buffer_Overflow_boundedcpy 48 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14351 102344/CWE416_Use_After_Free__new_delete_array_char_08.cpp Buffer_Overflow_boundedcpy 102 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14352 102344/CWE416_Use_After_Free__new_delete_array_char_08.cpp Buffer_Overflow_boundedcpy 74 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14353 102345/CWE416_Use_After_Free__new_delete_array_char_09.cpp Buffer_Overflow_boundedcpy 61 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14354 102345/CWE416_Use_After_Free__new_delete_array_char_09.cpp Buffer_Overflow_boundedcpy 138 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14355 102345/CWE416_Use_After_Free__new_delete_array_char_09.cpp Buffer_Overflow_boundedcpy 117 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14356 102345/CWE416_Use_After_Free__new_delete_array_char_09.cpp Buffer_Overflow_boundedcpy 89 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14357 102345/CWE416_Use_After_Free__new_delete_array_char_09.cpp Buffer_Overflow_boundedcpy 35 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14358 102346/CWE416_Use_After_Free__new_delete_array_char_10.cpp Buffer_Overflow_boundedcpy 61 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14359 102346/CWE416_Use_After_Free__new_delete_array_char_10.cpp Buffer_Overflow_boundedcpy 138 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14360 102346/CWE416_Use_After_Free__new_delete_array_char_10.cpp Buffer_Overflow_boundedcpy 117 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14361 102346/CWE416_Use_After_Free__new_delete_array_char_10.cpp Buffer_Overflow_boundedcpy 89 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14362 102346/CWE416_Use_After_Free__new_delete_array_char_10.cpp Buffer_Overflow_boundedcpy 35 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14363 102347/CWE416_Use_After_Free__new_delete_array_char_11.cpp Buffer_Overflow_boundedcpy 116 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14364 102347/CWE416_Use_After_Free__new_delete_array_char_11.cpp Buffer_Overflow_boundedcpy 34 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14365 102347/CWE416_Use_After_Free__new_delete_array_char_11.cpp Buffer_Overflow_boundedcpy 60 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14366 102347/CWE416_Use_After_Free__new_delete_array_char_11.cpp Buffer_Overflow_boundedcpy 137 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14367 102347/CWE416_Use_After_Free__new_delete_array_char_11.cpp Buffer_Overflow_boundedcpy 88 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14368 102348/CWE416_Use_After_Free__new_delete_array_char_12.cpp Buffer_Overflow_boundedcpy 76 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14369 102348/CWE416_Use_After_Free__new_delete_array_char_12.cpp Buffer_Overflow_boundedcpy 84 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14370 102348/CWE416_Use_After_Free__new_delete_array_char_12.cpp Buffer_Overflow_boundedcpy 34 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14371 102348/CWE416_Use_After_Free__new_delete_array_char_12.cpp Buffer_Overflow_boundedcpy 116 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14372 102348/CWE416_Use_After_Free__new_delete_array_char_12.cpp Buffer_Overflow_boundedcpy 42 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14373 102348/CWE416_Use_After_Free__new_delete_array_char_12.cpp Buffer_Overflow_boundedcpy 123 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14374 102349/CWE416_Use_After_Free__new_delete_array_char_13.cpp Buffer_Overflow_boundedcpy 116 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14375 102349/CWE416_Use_After_Free__new_delete_array_char_13.cpp Buffer_Overflow_boundedcpy 34 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14376 102349/CWE416_Use_After_Free__new_delete_array_char_13.cpp Buffer_Overflow_boundedcpy 60 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14377 102349/CWE416_Use_After_Free__new_delete_array_char_13.cpp Buffer_Overflow_boundedcpy 137 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14378 102349/CWE416_Use_After_Free__new_delete_array_char_13.cpp Buffer_Overflow_boundedcpy 88 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14379 102350/CWE416_Use_After_Free__new_delete_array_char_14.cpp Buffer_Overflow_boundedcpy 116 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14380 102350/CWE416_Use_After_Free__new_delete_array_char_14.cpp Buffer_Overflow_boundedcpy 34 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14381 102350/CWE416_Use_After_Free__new_delete_array_char_14.cpp Buffer_Overflow_boundedcpy 60 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14382 102350/CWE416_Use_After_Free__new_delete_array_char_14.cpp Buffer_Overflow_boundedcpy 137 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14383 102350/CWE416_Use_After_Free__new_delete_array_char_14.cpp Buffer_Overflow_boundedcpy 88 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14384 102351/CWE416_Use_After_Free__new_delete_array_char_15.cpp Buffer_Overflow_boundedcpy 108 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14385 102351/CWE416_Use_After_Free__new_delete_array_char_15.cpp Buffer_Overflow_boundedcpy 73 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14386 102351/CWE416_Use_After_Free__new_delete_array_char_15.cpp Buffer_Overflow_boundedcpy 147 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14387 102351/CWE416_Use_After_Free__new_delete_array_char_15.cpp Buffer_Overflow_boundedcpy 35 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14388 102351/CWE416_Use_After_Free__new_delete_array_char_15.cpp Buffer_Overflow_boundedcpy 176 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14389 102352/CWE416_Use_After_Free__new_delete_array_char_16.cpp Buffer_Overflow_boundedcpy 34 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14390 102352/CWE416_Use_After_Free__new_delete_array_char_16.cpp Buffer_Overflow_boundedcpy 87 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14391 102352/CWE416_Use_After_Free__new_delete_array_char_16.cpp Buffer_Overflow_boundedcpy 62 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14392 102353/CWE416_Use_After_Free__new_delete_array_char_17.cpp Buffer_Overflow_boundedcpy 62 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14393 102353/CWE416_Use_After_Free__new_delete_array_char_17.cpp Buffer_Overflow_boundedcpy 35 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14394 102353/CWE416_Use_After_Free__new_delete_array_char_17.cpp Buffer_Overflow_boundedcpy 86 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14395 102354/CWE416_Use_After_Free__new_delete_array_char_18.cpp Buffer_Overflow_boundedcpy 34 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14396 102354/CWE416_Use_After_Free__new_delete_array_char_18.cpp Buffer_Overflow_boundedcpy 79 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14397 102354/CWE416_Use_After_Free__new_delete_array_char_18.cpp Buffer_Overflow_boundedcpy 58 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14398 102355/CWE416_Use_After_Free__new_delete_array_char_43.cpp Buffer_Overflow_boundedcpy 55 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14399 102355/CWE416_Use_After_Free__new_delete_array_char_43.cpp Buffer_Overflow_boundedcpy 30 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14400 102355/CWE416_Use_After_Free__new_delete_array_char_43.cpp Buffer_Overflow_boundedcpy 75 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14401 102356/CWE416_Use_After_Free__new_delete_array_char_62.cpp Buffer_Overflow_boundedcpy 157 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14402 102356/CWE416_Use_After_Free__new_delete_array_char_62.cpp Buffer_Overflow_boundedcpy 143 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14403 102356/CWE416_Use_After_Free__new_delete_array_char_62.cpp Buffer_Overflow_boundedcpy 166 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14404 102357/CWE416_Use_After_Free__new_delete_array_char_63.cpp Buffer_Overflow_boundedcpy 71 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14405 102357/CWE416_Use_After_Free__new_delete_array_char_63.cpp Buffer_Overflow_boundedcpy 36 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14406 102357/CWE416_Use_After_Free__new_delete_array_char_63.cpp Buffer_Overflow_boundedcpy 56 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14407 102358/CWE416_Use_After_Free__new_delete_array_char_64.cpp Buffer_Overflow_boundedcpy 71 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14408 102358/CWE416_Use_After_Free__new_delete_array_char_64.cpp Buffer_Overflow_boundedcpy 36 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14409 102358/CWE416_Use_After_Free__new_delete_array_char_64.cpp Buffer_Overflow_boundedcpy 56 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 14410 102469/CWE416_Use_After_Free__new_delete_array_wchar_t_01.cpp Buffer_Overflow_boundedcpy 68 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14411 102469/CWE416_Use_After_Free__new_delete_array_wchar_t_01.cpp Buffer_Overflow_boundedcpy 53 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14412 102469/CWE416_Use_After_Free__new_delete_array_wchar_t_01.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14413 102470/CWE416_Use_After_Free__new_delete_array_wchar_t_02.cpp Buffer_Overflow_boundedcpy 117 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14414 102470/CWE416_Use_After_Free__new_delete_array_wchar_t_02.cpp Buffer_Overflow_boundedcpy 35 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14415 102470/CWE416_Use_After_Free__new_delete_array_wchar_t_02.cpp Buffer_Overflow_boundedcpy 61 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14416 102470/CWE416_Use_After_Free__new_delete_array_wchar_t_02.cpp Buffer_Overflow_boundedcpy 138 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14417 102470/CWE416_Use_After_Free__new_delete_array_wchar_t_02.cpp Buffer_Overflow_boundedcpy 89 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14418 102471/CWE416_Use_After_Free__new_delete_array_wchar_t_03.cpp Buffer_Overflow_boundedcpy 117 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14419 102471/CWE416_Use_After_Free__new_delete_array_wchar_t_03.cpp Buffer_Overflow_boundedcpy 35 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14420 102471/CWE416_Use_After_Free__new_delete_array_wchar_t_03.cpp Buffer_Overflow_boundedcpy 61 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14421 102471/CWE416_Use_After_Free__new_delete_array_wchar_t_03.cpp Buffer_Overflow_boundedcpy 138 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14422 102471/CWE416_Use_After_Free__new_delete_array_wchar_t_03.cpp Buffer_Overflow_boundedcpy 89 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14423 102472/CWE416_Use_After_Free__new_delete_array_wchar_t_04.cpp Buffer_Overflow_boundedcpy 67 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14424 102472/CWE416_Use_After_Free__new_delete_array_wchar_t_04.cpp Buffer_Overflow_boundedcpy 123 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14425 102472/CWE416_Use_After_Free__new_delete_array_wchar_t_04.cpp Buffer_Overflow_boundedcpy 144 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14426 102472/CWE416_Use_After_Free__new_delete_array_wchar_t_04.cpp Buffer_Overflow_boundedcpy 95 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14427 102472/CWE416_Use_After_Free__new_delete_array_wchar_t_04.cpp Buffer_Overflow_boundedcpy 41 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14428 102473/CWE416_Use_After_Free__new_delete_array_wchar_t_05.cpp Buffer_Overflow_boundedcpy 67 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14429 102473/CWE416_Use_After_Free__new_delete_array_wchar_t_05.cpp Buffer_Overflow_boundedcpy 123 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14430 102473/CWE416_Use_After_Free__new_delete_array_wchar_t_05.cpp Buffer_Overflow_boundedcpy 144 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14431 102473/CWE416_Use_After_Free__new_delete_array_wchar_t_05.cpp Buffer_Overflow_boundedcpy 95 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14432 102473/CWE416_Use_After_Free__new_delete_array_wchar_t_05.cpp Buffer_Overflow_boundedcpy 41 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14433 102474/CWE416_Use_After_Free__new_delete_array_wchar_t_06.cpp Buffer_Overflow_boundedcpy 94 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14434 102474/CWE416_Use_After_Free__new_delete_array_wchar_t_06.cpp Buffer_Overflow_boundedcpy 40 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14435 102474/CWE416_Use_After_Free__new_delete_array_wchar_t_06.cpp Buffer_Overflow_boundedcpy 122 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14436 102474/CWE416_Use_After_Free__new_delete_array_wchar_t_06.cpp Buffer_Overflow_boundedcpy 66 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14437 102474/CWE416_Use_After_Free__new_delete_array_wchar_t_06.cpp Buffer_Overflow_boundedcpy 143 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14438 102475/CWE416_Use_After_Free__new_delete_array_wchar_t_07.cpp Buffer_Overflow_boundedcpy 94 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14439 102475/CWE416_Use_After_Free__new_delete_array_wchar_t_07.cpp Buffer_Overflow_boundedcpy 40 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14440 102475/CWE416_Use_After_Free__new_delete_array_wchar_t_07.cpp Buffer_Overflow_boundedcpy 122 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14441 102475/CWE416_Use_After_Free__new_delete_array_wchar_t_07.cpp Buffer_Overflow_boundedcpy 66 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14442 102475/CWE416_Use_After_Free__new_delete_array_wchar_t_07.cpp Buffer_Overflow_boundedcpy 143 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14443 102476/CWE416_Use_After_Free__new_delete_array_wchar_t_08.cpp Buffer_Overflow_boundedcpy 48 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14444 102476/CWE416_Use_After_Free__new_delete_array_wchar_t_08.cpp Buffer_Overflow_boundedcpy 102 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14445 102476/CWE416_Use_After_Free__new_delete_array_wchar_t_08.cpp Buffer_Overflow_boundedcpy 74 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14446 102476/CWE416_Use_After_Free__new_delete_array_wchar_t_08.cpp Buffer_Overflow_boundedcpy 151 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14447 102476/CWE416_Use_After_Free__new_delete_array_wchar_t_08.cpp Buffer_Overflow_boundedcpy 130 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14448 102477/CWE416_Use_After_Free__new_delete_array_wchar_t_09.cpp Buffer_Overflow_boundedcpy 117 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14449 102477/CWE416_Use_After_Free__new_delete_array_wchar_t_09.cpp Buffer_Overflow_boundedcpy 35 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14450 102477/CWE416_Use_After_Free__new_delete_array_wchar_t_09.cpp Buffer_Overflow_boundedcpy 61 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14451 102477/CWE416_Use_After_Free__new_delete_array_wchar_t_09.cpp Buffer_Overflow_boundedcpy 138 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14452 102477/CWE416_Use_After_Free__new_delete_array_wchar_t_09.cpp Buffer_Overflow_boundedcpy 89 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14453 102478/CWE416_Use_After_Free__new_delete_array_wchar_t_10.cpp Buffer_Overflow_boundedcpy 117 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14454 102478/CWE416_Use_After_Free__new_delete_array_wchar_t_10.cpp Buffer_Overflow_boundedcpy 35 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14455 102478/CWE416_Use_After_Free__new_delete_array_wchar_t_10.cpp Buffer_Overflow_boundedcpy 61 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14456 102478/CWE416_Use_After_Free__new_delete_array_wchar_t_10.cpp Buffer_Overflow_boundedcpy 138 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14457 102478/CWE416_Use_After_Free__new_delete_array_wchar_t_10.cpp Buffer_Overflow_boundedcpy 89 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14458 102479/CWE416_Use_After_Free__new_delete_array_wchar_t_11.cpp Buffer_Overflow_boundedcpy 60 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14459 102479/CWE416_Use_After_Free__new_delete_array_wchar_t_11.cpp Buffer_Overflow_boundedcpy 116 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14460 102479/CWE416_Use_After_Free__new_delete_array_wchar_t_11.cpp Buffer_Overflow_boundedcpy 88 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14461 102479/CWE416_Use_After_Free__new_delete_array_wchar_t_11.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14462 102479/CWE416_Use_After_Free__new_delete_array_wchar_t_11.cpp Buffer_Overflow_boundedcpy 137 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14463 102480/CWE416_Use_After_Free__new_delete_array_wchar_t_12.cpp Buffer_Overflow_boundedcpy 116 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14464 102480/CWE416_Use_After_Free__new_delete_array_wchar_t_12.cpp Buffer_Overflow_boundedcpy 76 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14465 102480/CWE416_Use_After_Free__new_delete_array_wchar_t_12.cpp Buffer_Overflow_boundedcpy 123 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14466 102480/CWE416_Use_After_Free__new_delete_array_wchar_t_12.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14467 102480/CWE416_Use_After_Free__new_delete_array_wchar_t_12.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14468 102480/CWE416_Use_After_Free__new_delete_array_wchar_t_12.cpp Buffer_Overflow_boundedcpy 42 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14469 102481/CWE416_Use_After_Free__new_delete_array_wchar_t_13.cpp Buffer_Overflow_boundedcpy 60 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14470 102481/CWE416_Use_After_Free__new_delete_array_wchar_t_13.cpp Buffer_Overflow_boundedcpy 116 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14471 102481/CWE416_Use_After_Free__new_delete_array_wchar_t_13.cpp Buffer_Overflow_boundedcpy 88 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14472 102481/CWE416_Use_After_Free__new_delete_array_wchar_t_13.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14473 102481/CWE416_Use_After_Free__new_delete_array_wchar_t_13.cpp Buffer_Overflow_boundedcpy 137 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14474 102482/CWE416_Use_After_Free__new_delete_array_wchar_t_14.cpp Buffer_Overflow_boundedcpy 60 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14475 102482/CWE416_Use_After_Free__new_delete_array_wchar_t_14.cpp Buffer_Overflow_boundedcpy 116 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14476 102482/CWE416_Use_After_Free__new_delete_array_wchar_t_14.cpp Buffer_Overflow_boundedcpy 88 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14477 102482/CWE416_Use_After_Free__new_delete_array_wchar_t_14.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14478 102482/CWE416_Use_After_Free__new_delete_array_wchar_t_14.cpp Buffer_Overflow_boundedcpy 137 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14479 102483/CWE416_Use_After_Free__new_delete_array_wchar_t_15.cpp Buffer_Overflow_boundedcpy 147 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14480 102483/CWE416_Use_After_Free__new_delete_array_wchar_t_15.cpp Buffer_Overflow_boundedcpy 35 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14481 102483/CWE416_Use_After_Free__new_delete_array_wchar_t_15.cpp Buffer_Overflow_boundedcpy 108 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14482 102483/CWE416_Use_After_Free__new_delete_array_wchar_t_15.cpp Buffer_Overflow_boundedcpy 176 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14483 102483/CWE416_Use_After_Free__new_delete_array_wchar_t_15.cpp Buffer_Overflow_boundedcpy 73 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14484 102484/CWE416_Use_After_Free__new_delete_array_wchar_t_16.cpp Buffer_Overflow_boundedcpy 62 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14485 102484/CWE416_Use_After_Free__new_delete_array_wchar_t_16.cpp Buffer_Overflow_boundedcpy 87 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14486 102484/CWE416_Use_After_Free__new_delete_array_wchar_t_16.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14487 102485/CWE416_Use_After_Free__new_delete_array_wchar_t_17.cpp Buffer_Overflow_boundedcpy 35 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14488 102485/CWE416_Use_After_Free__new_delete_array_wchar_t_17.cpp Buffer_Overflow_boundedcpy 62 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14489 102485/CWE416_Use_After_Free__new_delete_array_wchar_t_17.cpp Buffer_Overflow_boundedcpy 86 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14490 102486/CWE416_Use_After_Free__new_delete_array_wchar_t_18.cpp Buffer_Overflow_boundedcpy 58 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14491 102486/CWE416_Use_After_Free__new_delete_array_wchar_t_18.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14492 102486/CWE416_Use_After_Free__new_delete_array_wchar_t_18.cpp Buffer_Overflow_boundedcpy 79 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14493 102487/CWE416_Use_After_Free__new_delete_array_wchar_t_43.cpp Buffer_Overflow_boundedcpy 75 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14494 102487/CWE416_Use_After_Free__new_delete_array_wchar_t_43.cpp Buffer_Overflow_boundedcpy 30 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14495 102487/CWE416_Use_After_Free__new_delete_array_wchar_t_43.cpp Buffer_Overflow_boundedcpy 55 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14496 102488/CWE416_Use_After_Free__new_delete_array_wchar_t_62.cpp Buffer_Overflow_boundedcpy 166 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14497 102488/CWE416_Use_After_Free__new_delete_array_wchar_t_62.cpp Buffer_Overflow_boundedcpy 157 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14498 102488/CWE416_Use_After_Free__new_delete_array_wchar_t_62.cpp Buffer_Overflow_boundedcpy 143 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14499 102489/CWE416_Use_After_Free__new_delete_array_wchar_t_63.cpp Buffer_Overflow_boundedcpy 36 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14500 102489/CWE416_Use_After_Free__new_delete_array_wchar_t_63.cpp Buffer_Overflow_boundedcpy 56 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14501 102489/CWE416_Use_After_Free__new_delete_array_wchar_t_63.cpp Buffer_Overflow_boundedcpy 71 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14502 102490/CWE416_Use_After_Free__new_delete_array_wchar_t_64.cpp Buffer_Overflow_boundedcpy 36 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14503 102490/CWE416_Use_After_Free__new_delete_array_wchar_t_64.cpp Buffer_Overflow_boundedcpy 56 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14504 102490/CWE416_Use_After_Free__new_delete_array_wchar_t_64.cpp Buffer_Overflow_boundedcpy 71 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 14505 110334/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_33.cpp Buffer_Overflow_Indexes 86 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14506 110334/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_33.cpp Buffer_Overflow_boundedcpy 76 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14507 110338/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_43.cpp Buffer_Overflow_Indexes 82 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14508 110338/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_43.cpp Buffer_Overflow_boundedcpy 72 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14509 110346/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_62.cpp Buffer_Overflow_Indexes 197 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14510 110346/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_62.cpp Buffer_Overflow_boundedcpy 187 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14511 110353/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_72.cpp Buffer_Overflow_Indexes 92 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14512 110353/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_72.cpp Buffer_Overflow_boundedcpy 82 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14513 110354/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_73.cpp Buffer_Overflow_Indexes 92 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14514 110354/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_73.cpp Buffer_Overflow_boundedcpy 82 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14515 110355/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_74.cpp Buffer_Overflow_Indexes 92 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14516 110355/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_74.cpp Buffer_Overflow_boundedcpy 82 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14517 110382/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_33.cpp Buffer_Overflow_Indexes 35 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14518 110382/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_33.cpp Buffer_Overflow_fgets 35 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14519 110386/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_43.cpp Buffer_Overflow_Indexes 31 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14520 110386/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_43.cpp Buffer_Overflow_fgets 31 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = -1; badSource(data); static void badSource(int &data) if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14521 110394/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_62.cpp Buffer_Overflow_Indexes 146 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14522 110394/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_62.cpp Buffer_Overflow_fgets 146 void badSource(int &data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14523 110401/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_72.cpp Buffer_Overflow_Indexes 41 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14524 110401/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_72.cpp Buffer_Overflow_fgets 41 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14525 110402/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_73.cpp Buffer_Overflow_Indexes 41 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14526 110402/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_73.cpp Buffer_Overflow_fgets 41 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14527 110403/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_74.cpp Buffer_Overflow_Indexes 41 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14528 110403/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_74.cpp Buffer_Overflow_fgets 41 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14529 110526/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_33.cpp Buffer_Overflow_Indexes 95 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14530 110526/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_33.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14531 110530/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_43.cpp Buffer_Overflow_Indexes 91 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14532 110530/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_43.cpp Buffer_Overflow_boundedcpy 73 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14533 110538/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_62.cpp Buffer_Overflow_Indexes 206 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14534 110538/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_62.cpp Buffer_Overflow_boundedcpy 188 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14535 110545/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_72.cpp Buffer_Overflow_Indexes 101 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14536 110545/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_72.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14537 110546/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_73.cpp Buffer_Overflow_Indexes 101 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14538 110546/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_73.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14539 110547/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_74.cpp Buffer_Overflow_Indexes 101 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14540 110547/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_74.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14541 110600/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_01.cpp Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14542 110600/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_01.cpp Buffer_Overflow_boundedcpy 75 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14543 110601/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_02.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14544 110601/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_02.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14545 110602/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_03.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14546 110602/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_03.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14547 110603/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_04.cpp Buffer_Overflow_Indexes 93 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14548 110603/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_04.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14549 110604/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_05.cpp Buffer_Overflow_Indexes 93 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14550 110604/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_05.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14551 110605/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_06.cpp Buffer_Overflow_Indexes 92 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14552 110605/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_06.cpp Buffer_Overflow_boundedcpy 82 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14553 110606/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_07.cpp Buffer_Overflow_Indexes 92 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14554 110606/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_07.cpp Buffer_Overflow_boundedcpy 82 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14555 110607/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_08.cpp Buffer_Overflow_Indexes 100 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14556 110607/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_08.cpp Buffer_Overflow_boundedcpy 90 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14557 110608/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_09.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14558 110608/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_09.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14559 110609/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_10.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14560 110609/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_10.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14561 110610/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_11.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14562 110610/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_11.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14563 110611/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_12.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14564 110611/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_12.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14565 110612/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_13.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14566 110612/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_13.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14567 110613/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_14.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14568 110613/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_14.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14569 110614/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_15.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14570 110614/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_15.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14571 110615/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_16.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14572 110615/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_16.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14573 110616/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_17.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14574 110616/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_17.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14575 110617/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_18.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14576 110617/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_18.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14577 110618/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_21.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14578 110618/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_21.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14579 110619/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_22.cpp Buffer_Overflow_Indexes 241 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14580 110619/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_22.cpp Buffer_Overflow_boundedcpy 231 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14581 110620/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_31.cpp Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14582 110620/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_31.cpp Buffer_Overflow_boundedcpy 75 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14583 110621/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_32.cpp Buffer_Overflow_Indexes 89 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14584 110621/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_32.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14585 110622/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_33.cpp Buffer_Overflow_Indexes 86 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14586 110622/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_33.cpp Buffer_Overflow_boundedcpy 76 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14587 110623/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_34.cpp Buffer_Overflow_Indexes 92 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14588 110623/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_34.cpp Buffer_Overflow_boundedcpy 82 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14589 110624/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_41.cpp Buffer_Overflow_Indexes 102 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14590 110624/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_41.cpp Buffer_Overflow_boundedcpy 92 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14591 110625/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_42.cpp Buffer_Overflow_Indexes 82 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14592 110625/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_42.cpp Buffer_Overflow_boundedcpy 72 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14593 110626/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_43.cpp Buffer_Overflow_Indexes 82 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14594 110626/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_43.cpp Buffer_Overflow_boundedcpy 72 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14595 110627/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_44.cpp Buffer_Overflow_Indexes 104 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14596 110627/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_44.cpp Buffer_Overflow_boundedcpy 94 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14597 110628/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_45.cpp Buffer_Overflow_Indexes 106 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14598 110628/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_45.cpp Buffer_Overflow_boundedcpy 96 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14599 110629/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_51.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14600 110629/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_51.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14601 110630/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_52.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14602 110630/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_52.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14603 110631/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_53.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14604 110631/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_53.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14605 110632/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_54.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14606 110632/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_54.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14607 110633/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_61.cpp Buffer_Overflow_Indexes 218 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14608 110633/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_61.cpp Buffer_Overflow_boundedcpy 208 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14609 110634/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_62.cpp Buffer_Overflow_Indexes 218 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14610 110634/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_62.cpp Buffer_Overflow_boundedcpy 208 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14611 110635/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_63.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14612 110635/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_63.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14613 110636/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_64.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14614 110636/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_64.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14615 110637/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_65.cpp Buffer_Overflow_Indexes 90 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14616 110637/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_65.cpp Buffer_Overflow_boundedcpy 80 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14617 110638/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_66.cpp Buffer_Overflow_Indexes 89 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14618 110638/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_66.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14619 110639/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_67.cpp Buffer_Overflow_Indexes 94 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14620 110639/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_67.cpp Buffer_Overflow_boundedcpy 84 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14621 110640/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_68.cpp Buffer_Overflow_Indexes 91 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14622 110640/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_68.cpp Buffer_Overflow_boundedcpy 81 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14623 110641/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_72.cpp Buffer_Overflow_Indexes 92 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14624 110641/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_72.cpp Buffer_Overflow_boundedcpy 82 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14625 110642/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_73.cpp Buffer_Overflow_Indexes 92 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14626 110642/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_73.cpp Buffer_Overflow_boundedcpy 82 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14627 110643/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_74.cpp Buffer_Overflow_Indexes 92 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14628 110643/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_74.cpp Buffer_Overflow_boundedcpy 82 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14629 110648/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_01.cpp Buffer_Overflow_Indexes 34 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14630 110648/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_01.cpp Buffer_Overflow_fgets 34 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14631 110649/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_02.cpp Buffer_Overflow_Indexes 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14632 110649/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_02.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14633 110650/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_03.cpp Buffer_Overflow_Indexes 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14634 110650/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_03.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14635 110651/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_04.cpp Buffer_Overflow_Indexes 42 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14636 110651/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_04.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14637 110652/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_05.cpp Buffer_Overflow_Indexes 42 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14638 110652/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_05.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14639 110653/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_06.cpp Buffer_Overflow_Indexes 41 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14640 110653/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_06.cpp Buffer_Overflow_fgets 41 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14641 110654/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_07.cpp Buffer_Overflow_Indexes 41 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14642 110654/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_07.cpp Buffer_Overflow_fgets 41 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14643 110655/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_08.cpp Buffer_Overflow_Indexes 49 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14644 110655/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_08.cpp Buffer_Overflow_fgets 49 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14645 110656/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_09.cpp Buffer_Overflow_Indexes 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14646 110656/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_09.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14647 110657/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_10.cpp Buffer_Overflow_Indexes 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14648 110657/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_10.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14649 110658/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_11.cpp Buffer_Overflow_Indexes 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14650 110658/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_11.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14651 110659/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_12.cpp Buffer_Overflow_Indexes 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14652 110659/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_12.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14653 110660/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_13.cpp Buffer_Overflow_Indexes 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14654 110660/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_13.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14655 110661/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_14.cpp Buffer_Overflow_Indexes 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14656 110661/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_14.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14657 110662/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_15.cpp Buffer_Overflow_Indexes 37 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14658 110662/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_15.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14659 110663/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_16.cpp Buffer_Overflow_Indexes 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14660 110663/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_16.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 14661 110664/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_17.cpp Buffer_Overflow_Indexes 37 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14662 110664/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_17.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); 0 --------------------------------- 14663 110665/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_18.cpp Buffer_Overflow_Indexes 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14664 110665/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_18.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14665 110666/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_21.cpp Buffer_Overflow_Indexes 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14666 110666/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_21.cpp Buffer_Overflow_fgets 36 data = -1; data = badSource(data); static int badSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14667 110667/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_22.cpp Buffer_Overflow_Indexes 190 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14668 110667/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_22.cpp Buffer_Overflow_fgets 190 int badSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14669 110668/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_31.cpp Buffer_Overflow_Indexes 34 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14670 110668/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_31.cpp Buffer_Overflow_fgets 34 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14671 110669/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_32.cpp Buffer_Overflow_Indexes 38 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14672 110669/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_32.cpp Buffer_Overflow_fgets 38 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14673 110670/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_33.cpp Buffer_Overflow_Indexes 35 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14674 110670/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_33.cpp Buffer_Overflow_fgets 35 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14675 110671/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_34.cpp Buffer_Overflow_Indexes 41 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14676 110671/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_34.cpp Buffer_Overflow_fgets 41 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14677 110672/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_41.cpp Buffer_Overflow_Indexes 51 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14678 110672/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_41.cpp Buffer_Overflow_fgets 51 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14679 110673/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_42.cpp Buffer_Overflow_Indexes 31 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14680 110673/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_42.cpp Buffer_Overflow_fgets 31 data = -1; data = badSource(data); static int badSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14681 110674/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_43.cpp Buffer_Overflow_Indexes 31 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14682 110674/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_43.cpp Buffer_Overflow_fgets 31 data = -1; badSource(data); void badSource(int &data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14683 110675/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_44.cpp Buffer_Overflow_Indexes 53 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14684 110675/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_44.cpp Buffer_Overflow_fgets 53 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14685 110676/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_45.cpp Buffer_Overflow_Indexes 55 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14686 110676/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_45.cpp Buffer_Overflow_fgets 55 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14687 110677/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_51.cpp Buffer_Overflow_Indexes 37 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14688 110677/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_51.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14689 110678/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_52.cpp Buffer_Overflow_Indexes 37 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14690 110678/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_52.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14691 110679/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_53.cpp Buffer_Overflow_Indexes 37 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14692 110679/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_53.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14693 110680/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_54.cpp Buffer_Overflow_Indexes 37 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14694 110680/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_54.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14695 110681/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_61.cpp Buffer_Overflow_Indexes 147 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14696 110681/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_61.cpp Buffer_Overflow_fgets 147 int badSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14697 110682/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_62.cpp Buffer_Overflow_Indexes 147 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14698 110682/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_62.cpp Buffer_Overflow_fgets 147 void badSource(int &data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14699 110683/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_63.cpp Buffer_Overflow_Indexes 37 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14700 110683/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_63.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14701 110684/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_64.cpp Buffer_Overflow_Indexes 37 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14702 110684/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_64.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14703 110685/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_65.cpp Buffer_Overflow_Indexes 39 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14704 110685/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_65.cpp Buffer_Overflow_fgets 39 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14705 110686/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_66.cpp Buffer_Overflow_Indexes 38 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14706 110686/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_66.cpp Buffer_Overflow_fgets 38 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14707 110687/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_67.cpp Buffer_Overflow_Indexes 43 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14708 110687/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_67.cpp Buffer_Overflow_fgets 43 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14709 110688/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_68.cpp Buffer_Overflow_Indexes 40 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14710 110688/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_68.cpp Buffer_Overflow_fgets 40 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14711 110689/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_72.cpp Buffer_Overflow_Indexes 41 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14712 110689/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_72.cpp Buffer_Overflow_fgets 41 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14713 110690/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_73.cpp Buffer_Overflow_Indexes 41 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14714 110690/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_73.cpp Buffer_Overflow_fgets 41 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14715 110691/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_74.cpp Buffer_Overflow_Indexes 41 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14716 110691/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_74.cpp Buffer_Overflow_fgets 41 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14717 110792/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_01.cpp Buffer_Overflow_Indexes 94 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14718 110792/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_01.cpp Buffer_Overflow_boundedcpy 76 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14719 110793/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_02.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14720 110793/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_02.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14721 110794/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_03.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14722 110794/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_03.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14723 110795/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_04.cpp Buffer_Overflow_Indexes 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14724 110795/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_04.cpp Buffer_Overflow_boundedcpy 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14725 110796/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_05.cpp Buffer_Overflow_Indexes 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14726 110796/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_05.cpp Buffer_Overflow_boundedcpy 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14727 110797/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_06.cpp Buffer_Overflow_Indexes 101 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14728 110797/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_06.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14729 110798/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_07.cpp Buffer_Overflow_Indexes 101 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14730 110798/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_07.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14731 110799/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_08.cpp Buffer_Overflow_Indexes 109 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14732 110799/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_08.cpp Buffer_Overflow_boundedcpy 91 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14733 110800/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_09.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14734 110800/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_09.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14735 110801/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_10.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14736 110801/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_10.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14737 110802/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_11.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14738 110802/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_11.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14739 110803/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_12.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14740 110803/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_12.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14741 110804/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_13.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14742 110804/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_13.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14743 110805/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_14.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14744 110805/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_14.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14745 110806/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_15.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14746 110806/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_15.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14747 110807/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_16.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14748 110807/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_16.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14749 110808/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_17.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14750 110808/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_17.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14751 110809/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_18.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14752 110809/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_18.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14753 110810/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_21.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14754 110810/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_21.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14755 110811/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_22.cpp Buffer_Overflow_Indexes 250 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14756 110811/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_22.cpp Buffer_Overflow_boundedcpy 232 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14757 110812/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_31.cpp Buffer_Overflow_Indexes 94 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14758 110812/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_31.cpp Buffer_Overflow_boundedcpy 76 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14759 110813/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_32.cpp Buffer_Overflow_Indexes 98 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14760 110813/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_32.cpp Buffer_Overflow_boundedcpy 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14761 110814/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_33.cpp Buffer_Overflow_Indexes 95 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14762 110814/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_33.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14763 110815/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_34.cpp Buffer_Overflow_Indexes 101 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14764 110815/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_34.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14765 110816/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_41.cpp Buffer_Overflow_Indexes 111 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14766 110816/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_41.cpp Buffer_Overflow_boundedcpy 93 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14767 110817/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_42.cpp Buffer_Overflow_Indexes 91 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14768 110817/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_42.cpp Buffer_Overflow_boundedcpy 73 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14769 110818/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_43.cpp Buffer_Overflow_Indexes 91 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14770 110818/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_43.cpp Buffer_Overflow_boundedcpy 73 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14771 110819/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_44.cpp Buffer_Overflow_Indexes 113 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14772 110819/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_44.cpp Buffer_Overflow_boundedcpy 95 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14773 110820/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_45.cpp Buffer_Overflow_Indexes 115 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14774 110820/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_45.cpp Buffer_Overflow_boundedcpy 97 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14775 110821/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_51.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14776 110821/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_51.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14777 110822/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_52.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14778 110822/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_52.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14779 110823/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_53.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14780 110823/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_53.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14781 110824/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_54.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14782 110824/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_54.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14783 110825/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_61.cpp Buffer_Overflow_Indexes 227 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14784 110825/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_61.cpp Buffer_Overflow_boundedcpy 209 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14785 110826/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_62.cpp Buffer_Overflow_Indexes 227 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14786 110826/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_62.cpp Buffer_Overflow_boundedcpy 209 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14787 110827/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_63.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14788 110827/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_63.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14789 110828/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_64.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14790 110828/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_64.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14791 110829/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_65.cpp Buffer_Overflow_Indexes 99 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14792 110829/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_65.cpp Buffer_Overflow_boundedcpy 81 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14793 110830/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_66.cpp Buffer_Overflow_Indexes 98 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14794 110830/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_66.cpp Buffer_Overflow_boundedcpy 80 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14795 110831/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_67.cpp Buffer_Overflow_Indexes 103 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14796 110831/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_67.cpp Buffer_Overflow_boundedcpy 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14797 110832/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_68.cpp Buffer_Overflow_Indexes 100 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14798 110832/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_68.cpp Buffer_Overflow_boundedcpy 82 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14799 110833/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_72.cpp Buffer_Overflow_Indexes 101 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14800 110833/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_72.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14801 110834/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_73.cpp Buffer_Overflow_Indexes 101 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14802 110834/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_73.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14803 110835/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_74.cpp Buffer_Overflow_Indexes 101 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int Pointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) int Pointer[i] = 0; 1 --------------------------------- 14804 110835/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_74.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14805 62538/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_33.cpp Buffer_Overflow_Indexes 212 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 14806 62538/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_33.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 14807 62538/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_33.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14808 62538/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_33.cpp Buffer_Overflow_boundedcpy 202 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14809 62542/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_43.cpp Buffer_Overflow_Indexes 83 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 14810 62542/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_43.cpp Buffer_Overflow_Indexes 210 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 14811 62542/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_43.cpp Buffer_Overflow_boundedcpy 200 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14812 62542/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_43.cpp Buffer_Overflow_boundedcpy 73 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14813 62550/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_62.cpp Buffer_Overflow_Indexes 240 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 14814 62550/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_62.cpp Buffer_Overflow_Indexes 313 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 14815 62550/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_62.cpp Buffer_Overflow_boundedcpy 230 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14816 62550/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_62.cpp Buffer_Overflow_boundedcpy 303 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14817 62557/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_72.cpp Buffer_Overflow_Indexes 188 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 14818 62557/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_72.cpp Buffer_Overflow_Indexes 93 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 14819 62557/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_72.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14820 62557/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_72.cpp Buffer_Overflow_boundedcpy 178 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14821 62558/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_73.cpp Buffer_Overflow_Indexes 188 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 14822 62558/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_73.cpp Buffer_Overflow_Indexes 93 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 14823 62558/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_73.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14824 62558/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_73.cpp Buffer_Overflow_boundedcpy 178 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14825 62559/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_74.cpp Buffer_Overflow_Indexes 188 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 14826 62559/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_74.cpp Buffer_Overflow_Indexes 93 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 14827 62559/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_74.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14828 62559/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_74.cpp Buffer_Overflow_boundedcpy 178 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14829 62586/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_33.cpp Buffer_Overflow_Indexes 118 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14830 62586/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_33.cpp Buffer_Overflow_Indexes 36 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14831 62586/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_33.cpp Buffer_Overflow_fgets 118 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14832 62586/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_33.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14833 62590/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_43.cpp Buffer_Overflow_Indexes 32 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14834 62590/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_43.cpp Buffer_Overflow_Indexes 116 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14835 62590/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_43.cpp Buffer_Overflow_fgets 32 data = -1; badSource(data); static void badSource(int &data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14836 62590/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_43.cpp Buffer_Overflow_fgets 116 data = -1; goodB2GSource(data); static void goodB2GSource(int &data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14837 62598/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_62.cpp Buffer_Overflow_Indexes 189 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14838 62598/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_62.cpp Buffer_Overflow_Indexes 219 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14839 62598/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_62.cpp Buffer_Overflow_fgets 189 void badSource(int &data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14840 62598/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_62.cpp Buffer_Overflow_fgets 219 data = -1; goodB2GSource(data); void goodB2GSource(int &data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14841 62605/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_72.cpp Buffer_Overflow_Indexes 94 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14842 62605/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_72.cpp Buffer_Overflow_Indexes 42 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14843 62605/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_72.cpp Buffer_Overflow_fgets 94 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14844 62605/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_72.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14845 62606/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_73.cpp Buffer_Overflow_Indexes 94 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14846 62606/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_73.cpp Buffer_Overflow_Indexes 42 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14847 62606/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_73.cpp Buffer_Overflow_fgets 94 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14848 62606/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_73.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14849 62607/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_74.cpp Buffer_Overflow_Indexes 94 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14850 62607/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_74.cpp Buffer_Overflow_Indexes 42 if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14851 62607/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_74.cpp Buffer_Overflow_fgets 94 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14852 62607/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_74.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 14853 62730/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_33.cpp Buffer_Overflow_Indexes 234 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 14854 62730/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_33.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 14855 62730/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_33.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) 0 --------------------------------- 14856 62730/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_33.cpp Buffer_Overflow_boundedcpy 216 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14857 62734/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_43.cpp Buffer_Overflow_Indexes 92 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 14858 62734/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_43.cpp Buffer_Overflow_Indexes 232 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 14859 62734/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_43.cpp Buffer_Overflow_boundedcpy 214 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14860 62734/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_43.cpp Buffer_Overflow_boundedcpy 74 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14861 62742/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_62.cpp Buffer_Overflow_Indexes 249 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 14862 62742/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_62.cpp Buffer_Overflow_Indexes 335 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 14863 62742/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_62.cpp Buffer_Overflow_boundedcpy 317 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14864 62742/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_62.cpp Buffer_Overflow_boundedcpy 231 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14865 62749/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_72.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 14866 62749/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_72.cpp Buffer_Overflow_Indexes 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 14867 62749/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_72.cpp Buffer_Overflow_boundedcpy 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14868 62749/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_72.cpp Buffer_Overflow_boundedcpy 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14869 62750/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_73.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 14870 62750/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_73.cpp Buffer_Overflow_Indexes 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 14871 62750/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_73.cpp Buffer_Overflow_boundedcpy 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14872 62750/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_73.cpp Buffer_Overflow_boundedcpy 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14873 62751/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_74.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 14874 62751/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_74.cpp Buffer_Overflow_Indexes 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 14875 62751/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_74.cpp Buffer_Overflow_boundedcpy 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14876 62751/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_74.cpp Buffer_Overflow_boundedcpy 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 14877 62874/CWE121_Stack_Based_Buffer_Overflow__CWE131_memcpy_33.cpp Buffer_Overflow_boundedcpy 59 int * &dataRef = data; data = (int *)ALLOCA(10*sizeof(int)); int * data = dataRef; int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 0 --------------------------------- 14878 62874/CWE121_Stack_Based_Buffer_Overflow__CWE131_memcpy_33.cpp Buffer_Overflow_boundedcpy 36 int * &dataRef = data; data = (int *)ALLOCA(10); int * data = dataRef; int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 1 --------------------------------- 14879 62878/CWE121_Stack_Based_Buffer_Overflow__CWE131_memcpy_43.cpp Buffer_Overflow_boundedcpy 62 data = (int *)ALLOCA(10*sizeof(int)); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 0 --------------------------------- 14880 62878/CWE121_Stack_Based_Buffer_Overflow__CWE131_memcpy_43.cpp Buffer_Overflow_boundedcpy 38 data = (int *)ALLOCA(10); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 1 --------------------------------- 14881 62886/CWE121_Stack_Based_Buffer_Overflow__CWE131_memcpy_62.cpp Buffer_Overflow_boundedcpy 55 int source[10] = {0}; data = (int *)ALLOCA(10*sizeof(int)); memcpy(data, source, 10*sizeof(int)); 0 --------------------------------- 14882 62886/CWE121_Stack_Based_Buffer_Overflow__CWE131_memcpy_62.cpp Buffer_Overflow_boundedcpy 35 data = NULL; badSource(data); data = (int *)ALLOCA(10); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 1 --------------------------------- 14883 62893/CWE121_Stack_Based_Buffer_Overflow__CWE131_memcpy_72.cpp Buffer_Overflow_boundedcpy 156 vector dataVector; data = (int *)ALLOCA(10*sizeof(int)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); void goodG2BSink(vector dataVector) int * data = dataVector[2]; memcpy(data, source, 10*sizeof(int)); 0 --------------------------------- 14884 62894/CWE121_Stack_Based_Buffer_Overflow__CWE131_memcpy_73.cpp Buffer_Overflow_boundedcpy 140 list dataList; data = (int *)ALLOCA(10); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) int * data = dataList.back(); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 1 --------------------------------- 14885 62894/CWE121_Stack_Based_Buffer_Overflow__CWE131_memcpy_73.cpp Buffer_Overflow_boundedcpy 156 list dataList; data = (int *)ALLOCA(10*sizeof(int)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); void goodG2BSink(list dataList) int * data = dataList.back(); memcpy(data, source, 10*sizeof(int)); 0 --------------------------------- 14886 62895/CWE121_Stack_Based_Buffer_Overflow__CWE131_memcpy_74.cpp Buffer_Overflow_boundedcpy 156 data = (int *)ALLOCA(10*sizeof(int)); dataMap[2] = data; goodG2BSink(dataMap); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); void goodG2BSink(map dataMap) int * data = dataMap[2]; memcpy(data, source, 10*sizeof(int)); 0 --------------------------------- 14887 62922/CWE121_Stack_Based_Buffer_Overflow__CWE131_memmove_33.cpp Buffer_Overflow_boundedcpy 59 int * &dataRef = data; data = (int *)ALLOCA(10*sizeof(int)); int * data = dataRef; int source[10] = {0}; memmove(data, source, 10*sizeof(int)); 0 --------------------------------- 14888 62922/CWE121_Stack_Based_Buffer_Overflow__CWE131_memmove_33.cpp Buffer_Overflow_boundedcpy 36 int * &dataRef = data; data = NULL; data = (int *)ALLOCA(10); int * data = dataRef; int source[10] = {0}; memmove(data, source, 10*sizeof(int)); 1 --------------------------------- 14889 62926/CWE121_Stack_Based_Buffer_Overflow__CWE131_memmove_43.cpp Buffer_Overflow_boundedcpy 62 data = (int *)ALLOCA(10*sizeof(int)); int source[10] = {0}; memmove(data, source, 10*sizeof(int)); 0 --------------------------------- 14890 62926/CWE121_Stack_Based_Buffer_Overflow__CWE131_memmove_43.cpp Buffer_Overflow_boundedcpy 38 data = (int *)ALLOCA(10); int source[10] = {0}; memmove(data, source, 10*sizeof(int)); 1 --------------------------------- 14891 62934/CWE121_Stack_Based_Buffer_Overflow__CWE131_memmove_62.cpp Buffer_Overflow_boundedcpy 35 data = NULL; badSource(data); data = (int *)ALLOCA(10); int source[10] = {0}; memmove(data, source, 10*sizeof(int)); void badSource(int * &data); memmove(data, source, 10*sizeof(int)); 1 --------------------------------- 14892 62934/CWE121_Stack_Based_Buffer_Overflow__CWE131_memmove_62.cpp Buffer_Overflow_boundedcpy 55 int source[10] = {0}; data = (int *)ALLOCA(10*sizeof(int)); memmove(data, source, 10*sizeof(int)); 0 --------------------------------- 14893 62941/CWE121_Stack_Based_Buffer_Overflow__CWE131_memmove_72.cpp Buffer_Overflow_boundedcpy 156 vector dataVector; data = (int *)ALLOCA(10*sizeof(int)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); int source[10] = {0}; memmove(data, source, 10*sizeof(int)); void goodG2BSink(vector dataVector) int * data = dataVector[2]; memmove(data, source, 10*sizeof(int)); 0 --------------------------------- 14894 62941/CWE121_Stack_Based_Buffer_Overflow__CWE131_memmove_72.cpp Buffer_Overflow_boundedcpy 140 vector dataVector; data = NULL; data = (int *)ALLOCA(10*sizeof(int)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) int * data = dataVector[2]; int source[10] = {0}; memmove(data, source, 10*sizeof(int)); 1 --------------------------------- 14895 62942/CWE121_Stack_Based_Buffer_Overflow__CWE131_memmove_73.cpp Buffer_Overflow_boundedcpy 156 list dataList; data = (int *)ALLOCA(10*sizeof(int)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); int source[10] = {0}; memmove(data, source, 10*sizeof(int)); void goodG2BSink(list dataList) int * data = dataList.back(); memmove(data, source, 10*sizeof(int)); 0 --------------------------------- 14896 62942/CWE121_Stack_Based_Buffer_Overflow__CWE131_memmove_73.cpp Buffer_Overflow_boundedcpy 140 int * data; list dataList; data = NULL; data = (int *)ALLOCA(10); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) int * data = dataList.back(); int source[10] = {0}; memmove(data, source, 10*sizeof(int)); 1 --------------------------------- 14897 62943/CWE121_Stack_Based_Buffer_Overflow__CWE131_memmove_74.cpp Buffer_Overflow_boundedcpy 156 data = (int *)ALLOCA(10*sizeof(int)); dataMap[2] = data; goodG2BSink(dataMap); int source[10] = {0}; memmove(data, source, 10*sizeof(int)); void goodG2BSink(map dataMap) int * data = dataMap[2]; memmove(data, source, 10*sizeof(int)); 0 --------------------------------- 14898 62943/CWE121_Stack_Based_Buffer_Overflow__CWE131_memmove_74.cpp Buffer_Overflow_boundedcpy 140 int * data; map dataMap; data = NULL; data = (int *)ALLOCA(10); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) int * data = dataMap[2]; int source[10] = {0}; memmove(data, source, 10*sizeof(int)); 1 --------------------------------- 14899 62970/CWE121_Stack_Based_Buffer_Overflow__CWE135_33.cpp String_Termination_Error 66 #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = (void *)CHAR_STRING; void * &dataRef = data; void * data = dataRef; size_t dataLen = strlen((char *)data); 0 --------------------------------- 14900 62970/CWE121_Stack_Based_Buffer_Overflow__CWE135_33.cpp String_Termination_Error 41 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = (void *)WIDE_STRING; void * &dataRef = data; void * data = dataRef; size_t dataLen = strlen((char *)data); 1 --------------------------------- 14901 62970/CWE121_Stack_Based_Buffer_Overflow__CWE135_33.cpp Buffer_Overflow_boundedcpy 89 void * &dataRef = data; data = (void *)WIDE_STRING; void * data = dataRef; size_t dataLen = wcslen((wchar_t *)data); 0 --------------------------------- 14902 62970/CWE121_Stack_Based_Buffer_Overflow__CWE135_33.cpp Buffer_Overflow_boundedcpy 43 void * &dataRef = data; data = (void *)WIDE_STRING; void * data = dataRef; size_t dataLen = strlen((char *)data); 1 --------------------------------- 14903 62970/CWE121_Stack_Based_Buffer_Overflow__CWE135_33.cpp Buffer_Overflow_boundedcpy 68 void * &dataRef = data; data = (void *)CHAR_STRING; void * data = dataRef; size_t dataLen = strlen((char *)data); 0 --------------------------------- 14904 62974/CWE121_Stack_Based_Buffer_Overflow__CWE135_43.cpp String_Termination_Error 69 data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); 0 --------------------------------- 14905 62974/CWE121_Stack_Based_Buffer_Overflow__CWE135_43.cpp String_Termination_Error 43 data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); 1 --------------------------------- 14906 62974/CWE121_Stack_Based_Buffer_Overflow__CWE135_43.cpp Buffer_Overflow_boundedcpy 45 data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); 0 --------------------------------- 14907 62974/CWE121_Stack_Based_Buffer_Overflow__CWE135_43.cpp Buffer_Overflow_boundedcpy 93 data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); 0 --------------------------------- 14908 62974/CWE121_Stack_Based_Buffer_Overflow__CWE135_43.cpp Buffer_Overflow_boundedcpy 71 data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); 0 --------------------------------- 14909 62982/CWE121_Stack_Based_Buffer_Overflow__CWE135_62.cpp String_Termination_Error 37 data = NULL; badSource(data); void badSource(void * &data); data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); 1 --------------------------------- 14910 62982/CWE121_Stack_Based_Buffer_Overflow__CWE135_62.cpp String_Termination_Error 59 data = NULL; goodG2BSource(data); void goodG2BSource(void * &data); data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); 0 --------------------------------- 14911 62982/CWE121_Stack_Based_Buffer_Overflow__CWE135_62.cpp Buffer_Overflow_boundedcpy 61 data = NULL; goodG2BSource(data); void goodG2BSource(void * &data); data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 14912 62982/CWE121_Stack_Based_Buffer_Overflow__CWE135_62.cpp Buffer_Overflow_boundedcpy 79 data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 14913 62982/CWE121_Stack_Based_Buffer_Overflow__CWE135_62.cpp Buffer_Overflow_boundedcpy 39 data = NULL; badSource(data); void badSource(void * &data); data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); 1 --------------------------------- 14914 62989/CWE121_Stack_Based_Buffer_Overflow__CWE135_72.cpp String_Termination_Error 162 void * data; vector dataVector; data = NULL; data = (void *)WIDE_STRING; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) void * data = dataVector[2]; size_t dataLen = strlen((char *)data); 1 --------------------------------- 14915 62989/CWE121_Stack_Based_Buffer_Overflow__CWE135_72.cpp String_Termination_Error 180 void * data; vector dataVector; data = NULL; data = (void *)CHAR_STRING; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void goodG2BSink(vector dataVector) void * data = dataVector[2]; size_t dataLen = strlen((char *)data); 0 --------------------------------- 14916 62989/CWE121_Stack_Based_Buffer_Overflow__CWE135_72.cpp Buffer_Overflow_boundedcpy 182 void * data; vector dataVector; data = NULL; data = (void *)CHAR_STRING; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void goodG2BSink(vector dataVector) void * data = dataVector[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 14917 62989/CWE121_Stack_Based_Buffer_Overflow__CWE135_72.cpp Buffer_Overflow_boundedcpy 164 void * data; vector dataVector; data = NULL; data = (void *)WIDE_STRING; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) void * data = dataVector[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 14918 62989/CWE121_Stack_Based_Buffer_Overflow__CWE135_72.cpp Buffer_Overflow_boundedcpy 196 vector dataVector; data = (void *)WIDE_STRING; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodB2GSink(dataVector); void goodB2GSink(vector dataVector) void * data = dataVector[2]; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 14919 62990/CWE121_Stack_Based_Buffer_Overflow__CWE135_73.cpp String_Termination_Error 162 void * data; vector dataVector; data = NULL; data = (void *)WIDE_STRING; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(list dataList) void * data = dataList.back(); size_t dataLen = strlen((char *)data); 1 --------------------------------- 14920 62990/CWE121_Stack_Based_Buffer_Overflow__CWE135_73.cpp String_Termination_Error 180 void * data; list dataList; data = NULL; data = (void *)CHAR_STRING; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void goodG2BSink(list dataList) void * data = dataList.back(); size_t dataLen = strlen((char *)data); 0 --------------------------------- 14921 62990/CWE121_Stack_Based_Buffer_Overflow__CWE135_73.cpp Buffer_Overflow_boundedcpy 182 void * data; list dataList; data = NULL; data = (void *)CHAR_STRING; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void goodG2BSink(list dataList) void * data = dataList.back(); size_t dataLen = strlen((char *)data); 0 --------------------------------- 14922 62990/CWE121_Stack_Based_Buffer_Overflow__CWE135_73.cpp Buffer_Overflow_boundedcpy 164 void * data; list dataList; data = NULL; data = (void *)WIDE_STRING; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) void * data = dataList.back(); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 14923 62990/CWE121_Stack_Based_Buffer_Overflow__CWE135_73.cpp Buffer_Overflow_boundedcpy 196 list dataList; data = (void *)WIDE_STRING; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodB2GSink(dataList); void goodB2GSink(list dataList) void * data = dataList.back(); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 14924 62991/CWE121_Stack_Based_Buffer_Overflow__CWE135_74.cpp String_Termination_Error 162 void * data; map dataMap; data = NULL; data = (void *)WIDE_STRING; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) void * data = dataMap[2]; size_t dataLen = strlen((char *)data); 1 --------------------------------- 14925 62991/CWE121_Stack_Based_Buffer_Overflow__CWE135_74.cpp String_Termination_Error 180 void * data; map dataMap; data = NULL; data = (void *)CHAR_STRING; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) void * data = dataMap[2]; size_t dataLen = strlen((char *)data); 0 --------------------------------- 14926 62991/CWE121_Stack_Based_Buffer_Overflow__CWE135_74.cpp Buffer_Overflow_boundedcpy 182 void * data; map dataMap; data = NULL; data = (void *)CHAR_STRING; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) void * data = dataMap[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 14927 62991/CWE121_Stack_Based_Buffer_Overflow__CWE135_74.cpp Buffer_Overflow_boundedcpy 164 void * data; map dataMap; data = NULL; data = (void *)WIDE_STRING; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) void * data = dataMap[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 14928 62991/CWE121_Stack_Based_Buffer_Overflow__CWE135_74.cpp Buffer_Overflow_boundedcpy 196 data = (void *)WIDE_STRING; dataMap[2] = data; goodB2GSink(dataMap); void goodB2GSink(map dataMap) void * data = dataMap[2]; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 14929 63016/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_33.cpp Buffer_Overflow_cpycat 72 char * &dataRef = data; char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 14930 63016/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_33.cpp Buffer_Overflow_cpycat 46 char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 14931 63031/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_72.cpp Buffer_Overflow_cpycat 160 vector dataVector; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 14932 63031/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_72.cpp Buffer_Overflow_cpycat 176 vector dataVector; char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char source[10+1] = SRC_STRING; strcpy(data, source); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcpy(data, source); 0 --------------------------------- 14933 63032/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_73.cpp Buffer_Overflow_cpycat 160 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 14934 63032/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_73.cpp Buffer_Overflow_cpycat 176 char * data; list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char source[10+1] = SRC_STRING; strcpy(data, source); void goodG2BSink(list dataList) char * data = dataList.back(); strcpy(data, source); 0 --------------------------------- 14935 63033/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_74.cpp Buffer_Overflow_cpycat 176 char * data; map dataMap; char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char source[10+1] = SRC_STRING; strcpy(data, source); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcpy(data, source); 0 --------------------------------- 14936 63033/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_74.cpp Buffer_Overflow_cpycat 160 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 14937 63132/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 74 char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14938 63132/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 47 char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14939 63147/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 161 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14940 63147/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 178 vector dataVector; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14941 63148/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 161 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14942 63148/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 178 list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(list dataList) char * data = dataList.back(); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14943 63149/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 161 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14944 63149/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 178 data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(map dataMap) char * data = dataMap[2]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14945 63172/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 74 char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14946 63172/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 47 char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14947 63187/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 161 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); 、 data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14948 63187/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 178 vector dataVector; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14949 63188/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 161 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14950 63188/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 178 list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(list dataList) char * data = dataList.back(); memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14951 63189/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 161 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14952 63189/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 178 data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(map dataMap) char * data = dataMap[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14953 63212/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_33.cpp Off_by_One_Error_in_Methods 47 char * &dataRef = data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 14954 63212/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_33.cpp Off_by_One_Error_in_Methods 74 char * &dataRef = data; char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 14955 63212/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_33.cpp Buffer_Overflow_LowBound 47 char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 14956 63227/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_72.cpp Buffer_Overflow_boundedcpy 161 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 14957 63227/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_72.cpp Buffer_Overflow_boundedcpy 178 vector dataVector; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 14958 63228/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_73.cpp Buffer_Overflow_boundedcpy 161 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 14959 63228/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_73.cpp Buffer_Overflow_boundedcpy 178 list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(list dataList) char * data = dataList.back(); strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 14960 63229/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_74.cpp Buffer_Overflow_boundedcpy 161 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 14961 63229/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_74.cpp Buffer_Overflow_boundedcpy 178 data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 14962 63252/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_33.cpp Buffer_Overflow_cpycat 72 char * &dataRef = data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; char * data = dataRef; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 14963 63252/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_33.cpp Buffer_Overflow_cpycat 46 char * &dataRef = data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 14964 63267/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_72.cpp Buffer_Overflow_cpycat 160 char * data; vector dataVector; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 14965 63267/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_72.cpp Buffer_Overflow_cpycat 176 vector dataVector; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char source[10+1] = SRC_STRING; strcpy(data, source); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcpy(data, source); 0 --------------------------------- 14966 63268/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_73.cpp Buffer_Overflow_cpycat 160 char * data; list dataList; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 14967 63268/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_73.cpp Buffer_Overflow_cpycat 176 list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char source[10+1] = SRC_STRING; strcpy(data, source); void goodG2BSink(list dataList) char * data = dataList.back(); strcpy(data, source); 0 --------------------------------- 14968 63269/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_74.cpp Buffer_Overflow_cpycat 176 data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char source[10+1] = SRC_STRING; strcpy(data, source); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcpy(data, source); 0 --------------------------------- 14969 63269/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_74.cpp Buffer_Overflow_cpycat 160 char * data; map dataMap; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 14970 63348/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 161 char * data; list dataList; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14971 63348/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 178 list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(list dataList) char * data = dataList.back(); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14972 63349/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 161 char * data; map dataMap; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14973 63349/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 178 data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(map dataMap) char * data = dataMap[2]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14974 63372/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 74 char * &dataRef = data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14975 63372/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 47 char * &dataRef = data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14976 63387/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 161 char * data; vector dataVector; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, ata); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14977 63387/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 178 vector dataVector; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14978 63388/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 161 char * data; list dataList; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14979 63388/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 178 list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(list dataList) char * data = dataList.back(); memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14980 63389/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 161 char * data; map dataMap; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 14981 63389/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 178 data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(map dataMap) char * data = dataMap[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 14982 63412/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_33.cpp Buffer_Overflow_boundedcpy 47 char * &dataRef = data; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 14983 63412/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_33.cpp Buffer_Overflow_boundedcpy 74 char * &dataRef = data; data = dataGoodBuffer; data[0] = '\0'; char * data = dataRef; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 14984 63427/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 161 char * data; vector dataVector; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, ata); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 14985 63427/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 178 vector dataVector; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 14986 63428/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_73.cpp Buffer_Overflow_boundedcpy 161 char * data; list dataList; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 14987 63428/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_73.cpp Buffer_Overflow_boundedcpy 178 list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(list dataList) char * data = dataList.back(); strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 14988 63429/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_74.cpp Buffer_Overflow_boundedcpy 161 char * data; map dataMap; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 14989 63429/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_74.cpp Buffer_Overflow_boundedcpy 178 data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 14990 63452/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_33.cpp Buffer_Overflow_cpycat 46 wchar_t * &dataRef = data; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 14991 63452/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_33.cpp Buffer_Overflow_cpycat 72 wchar_t * &dataRef = data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 14992 63467/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_72.cpp Buffer_Overflow_cpycat 176 vector dataVector; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(data, source); 0 --------------------------------- 14993 63467/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_72.cpp Buffer_Overflow_cpycat 160 char * data; vector dataVector; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, ata); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 14994 63468/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_73.cpp Buffer_Overflow_cpycat 176 list dataList; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcscpy(data, source); 0 --------------------------------- 14995 63468/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_73.cpp Buffer_Overflow_cpycat 160 char * data; list dataList; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 14996 63469/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_74.cpp Buffer_Overflow_cpycat 160 char * data; map dataMap; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 14997 63469/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_74.cpp Buffer_Overflow_cpycat 176 data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(data, source); 0 --------------------------------- 14998 63532/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 47 wchar_t * &dataRef = data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 14999 63532/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 74 wchar_t * &dataRef = data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15000 63547/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 178 vector dataVector; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15001 63547/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 161 char * data; vector dataVector; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, ata); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15002 63548/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 178 list dataList; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15003 63548/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 161 char * data; list dataList; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15004 63549/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 178 data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15005 63549/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 161 char * data; map dataMap; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15006 63572/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 47 wchar_t * &dataRef = data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataBadBuffer; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15007 63572/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 74 wchar_t * &dataRef = data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15008 63587/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 161 char * data; vector dataVector; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, ata); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15009 63587/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 178 vector dataVector; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15010 63588/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 161 char * data; list dataList; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15011 63588/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 178 list dataList; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15012 63589/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 161 char * data; map dataMap; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15013 63589/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 178 data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15014 63612/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_33.cpp Buffer_Overflow_boundedcpy 47 wchar_t * &dataRef = data; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 15015 63612/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_33.cpp Buffer_Overflow_boundedcpy 74 wchar_t * &dataRef = data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 15016 63627/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_72.cpp Buffer_Overflow_boundedcpy 161 char * data; vector dataVector; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, ata); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 15017 63627/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_72.cpp Buffer_Overflow_boundedcpy 178 vector dataVector; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 15018 63628/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_73.cpp Buffer_Overflow_boundedcpy 161 char * data; list dataList; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 15019 63628/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_73.cpp Buffer_Overflow_boundedcpy 178 list dataList; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 15020 63629/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_74.cpp Buffer_Overflow_boundedcpy 161 char * data; map dataMap; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 15021 63629/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_74.cpp Buffer_Overflow_boundedcpy 178 data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 15022 63652/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_33.cpp Buffer_Overflow_cpycat 46 wchar_t * &dataRef = data; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 15023 63652/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_33.cpp Buffer_Overflow_cpycat 72 wchar_t * &dataRef = data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 15024 63667/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_72.cpp Buffer_Overflow_cpycat 176 vector dataVector; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(data, source); 0 --------------------------------- 15025 63667/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_72.cpp Buffer_Overflow_cpycat 160 char * data; vector dataVector; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, ata); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 15026 63668/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_73.cpp Buffer_Overflow_cpycat 176 list dataList; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcscpy(data, source); 0 --------------------------------- 15027 63668/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_73.cpp Buffer_Overflow_cpycat 160 char * data; list dataList; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 15028 63669/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_74.cpp Buffer_Overflow_cpycat 160 char * data; map dataMap; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 15029 63669/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_74.cpp Buffer_Overflow_cpycat 176 data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(data, source); 0 --------------------------------- 15030 63732/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 47 wchar_t * &dataRef = data; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15031 63732/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 74 wchar_t * &dataRef = data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15032 63747/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 178 vector dataVector; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15033 63747/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 161 char * data; vector dataVector; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, ata); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15034 63748/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 178 list dataList; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15035 63748/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 161 char * data; list dataList; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15036 63749/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 178 data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15037 63749/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 161 char * data; map dataMap; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15038 63772/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 47 wchar_t * &dataRef = data; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15039 63772/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 74 wchar_t * &dataRef = data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15040 63787/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 161 char * data; vector dataVector; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, ata); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15041 63787/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 178 vector dataVector; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15042 63788/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 161 char * data; list dataList; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15043 63788/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 178 list dataList; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15044 63789/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 161 char * data; map dataMap; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 15045 63789/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 178 data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 15046 63812/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_33.cpp Off_by_One_Error_in_Methods 47 wchar_t * data; wchar_t * &dataRef = data; wchar_t dataBadBuffer[10]; wchar_t dataGoodBuffer[10+1]; data = dataBadBuffer; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 15047 63812/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_33.cpp Off_by_One_Error_in_Methods 74 wchar_t * data; wchar_t * &dataRef = data; wchar_t dataBadBuffer[10]; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 15048 63827/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_72.cpp Off_by_One_Error_in_Methods 161 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[10]; wchar_t dataGoodBuffer[10+1]; * string copies in the sinks */ data = dataBadBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 15049 63827/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_72.cpp Off_by_One_Error_in_Methods 178 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[10]; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 15050 63828/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_73.cpp Off_by_One_Error_in_Methods 161 wchar_t * data; list dataList; wchar_t dataBadBuffer[10]; wchar_t dataGoodBuffer[10+1]; * string copies in the sinks */ data = dataBadBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 15051 63828/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_73.cpp Off_by_One_Error_in_Methods 178 wchar_t * data; list dataList; wchar_t dataBadBuffer[10]; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 15052 63829/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_74.cpp Off_by_One_Error_in_Methods 161 wchar_t * data; map dataMap; wchar_t dataBadBuffer[10]; wchar_t dataGoodBuffer[10+1]; * string copies in the sinks */ data = dataBadBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 15053 63829/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_74.cpp Off_by_One_Error_in_Methods 178 data = dataGoodBuffer; data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 15054 63829/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_74.cpp Buffer_Overflow_LowBound 161 wchar_t * data; map dataMap; wchar_t dataBadBuffer[10]; wchar_t dataGoodBuffer[10+1]; * string copies in the sinks */ data = dataBadBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 15055 63829/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_74.cpp Buffer_Overflow_LowBound 178 wchar_t * data; map dataMap; wchar_t dataBadBuffer[10]; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 15056 63852/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_loop_33.cpp Buffer_Overflow_boundedcpy 73 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15057 63852/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_loop_33.cpp Buffer_Overflow_boundedcpy 41 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15058 63867/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_loop_72.cpp Buffer_Overflow_boundedcpy 172 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15059 63867/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_loop_72.cpp Buffer_Overflow_boundedcpy 149 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15060 63868/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_loop_73.cpp Buffer_Overflow_boundedcpy 172 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15061 63868/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_loop_73.cpp Buffer_Overflow_boundedcpy 149 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15062 63869/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_loop_74.cpp Buffer_Overflow_boundedcpy 172 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15063 63869/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_loop_74.cpp Buffer_Overflow_boundedcpy 149 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15064 63892/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15065 63892/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 71 char * data; char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; char * data = dataRef; source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 15066 63892/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 68 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15067 63907/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15068 63907/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 151 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 15069 63907/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 170 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data[0] = '\0'; data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 15070 63908/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15071 63908/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 151 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 15072 63908/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 170 list dataList; char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data[0] = '\0'; data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); void goodG2BSink(list dataList) char * data = dataList.back(); memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 15073 63909/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15074 63909/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 151 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 15075 63909/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15076 63909/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 170 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); void goodG2BSink(map dataMap) char * data = dataMap[2]; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 15077 63932/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15078 63932/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 43 char * data; char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; char * data = dataRef; source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 15079 63947/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15080 63947/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 151 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 15081 63947/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 170 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 15082 63948/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15083 63948/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15084 63948/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 151 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 15085 63948/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 170 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); void goodG2BSink(list dataList) char * data = dataList.back(); memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 15086 63949/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15087 63949/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15088 63949/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 151 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 15089 63949/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 170 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); void goodG2BSink(map dataMap) char * data = dataMap[2]; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 15090 63972/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_33.cpp Off_by_One_Error_in_Methods 70 char * data; char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBadBuffer; char * data = dataRef; source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 15091 63972/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_33.cpp Off_by_One_Error_in_Methods 43 char * data; char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; char * data = dataRef; source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 15092 63972/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_33.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15093 63972/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_33.cpp Buffer_Overflow_boundedcpy 67 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15094 63987/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_72.cpp Off_by_One_Error_in_Methods 169 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = '\0'; strncat(data, source, 100); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncat(data, source, 100); 0 --------------------------------- 15095 63987/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_72.cpp Off_by_One_Error_in_Methods 151 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 15096 63988/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_73.cpp Off_by_One_Error_in_Methods 169 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; strncat(data, source, 100); void goodG2BSink(list dataList) char * data = dataList.back(); strncat(data, source, 100); 0 --------------------------------- 15097 63988/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_73.cpp Off_by_One_Error_in_Methods 151 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 15098 63989/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_74.cpp Off_by_One_Error_in_Methods 151 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 15099 63989/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_74.cpp Buffer_Overflow_LowBound 169 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = '\0'; strncat(data, source, 100); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncat(data, source, 100); 0 --------------------------------- 15100 64012/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_33.cpp Off_by_One_Error_in_Methods 71 char * data; char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBadBuffer; char * data = dataRef; source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 15101 64012/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_33.cpp Off_by_One_Error_in_Methods 43 char * data; char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; char * data = dataRef; source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 15102 64012/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_33.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15103 64012/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_33.cpp Buffer_Overflow_boundedcpy 68 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15104 64027/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_72.cpp Off_by_One_Error_in_Methods 151 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 15105 64027/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_72.cpp Off_by_One_Error_in_Methods 170 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = '\0'; strncpy(data, source, 100-1); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncpy(data, source, 100-1); 0 --------------------------------- 15106 64028/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_73.cpp Off_by_One_Error_in_Methods 151 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 15107 64028/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_73.cpp Off_by_One_Error_in_Methods 170 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; strncpy(data, source, 100-1); void goodG2BSink(list dataList) char * data = dataList.back(); strncpy(data, source, 100-1); 0 --------------------------------- 15108 64029/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_74.cpp Off_by_One_Error_in_Methods 151 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 15109 64029/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_74.cpp Off_by_One_Error_in_Methods 170 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = '\0'; strncpy(data, source, 100-1); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncpy(data, source, 100-1); 0 --------------------------------- 15110 64052/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_33.cpp Buffer_Overflow_boundedcpy 73 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15111 64052/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_33.cpp Buffer_Overflow_boundedcpy 46 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15112 64067/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_72.cpp Buffer_Overflow_boundedcpy 154 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15113 64067/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_72.cpp Buffer_Overflow_boundedcpy 172 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15114 64068/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_73.cpp Buffer_Overflow_boundedcpy 154 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15115 64068/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_73.cpp Buffer_Overflow_boundedcpy 172 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15116 64069/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_74.cpp Buffer_Overflow_boundedcpy 154 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15117 64069/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_74.cpp Buffer_Overflow_boundedcpy 172 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15118 64092/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_loop_33.cpp Buffer_Overflow_boundedcpy 73 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15119 64092/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_loop_33.cpp Buffer_Overflow_boundedcpy 41 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15120 64107/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_loop_72.cpp Buffer_Overflow_boundedcpy 172 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15121 64107/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_loop_72.cpp Buffer_Overflow_boundedcpy 149 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15122 64108/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_loop_73.cpp Buffer_Overflow_boundedcpy 172 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15123 64108/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_loop_73.cpp Buffer_Overflow_boundedcpy 149 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15124 64109/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_loop_74.cpp Buffer_Overflow_boundedcpy 172 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15125 64109/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_loop_74.cpp Buffer_Overflow_boundedcpy 149 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15126 64132/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15127 64132/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 71 char * data; char * &dataRef = data; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; char * data = dataRef; source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 15128 64132/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 68 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15129 64147/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15130 64147/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 151 char * data; vector dataVector; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 15131 64147/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 170 char * data; vector dataVector; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 15132 64147/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15133 64148/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15134 64148/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 151 char * data; list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 15135 64148/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 170 char * data; list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); void goodG2BSink(list dataList) char * data = dataList.back(); memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 15136 64148/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15137 64149/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15138 64149/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 151 char * data; map dataMap; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 15139 64149/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15140 64149/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 170 char * data; map dataMap; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); void goodG2BSink(map dataMap) char * data = dataMap[2]; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 15141 64172/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15142 64172/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 43 char * data; char * &dataRef = data; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; char * data = dataRef; source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 15143 64172/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 68 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15144 64187/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15145 64187/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15146 64187/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 151 char * data; vector dataVector; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 15147 64187/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 170 char * data; vector dataVector; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 15148 64188/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15149 64188/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15150 64188/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 151 char * data; list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 15151 64188/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 170 char * data; list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); void goodG2BSink(list dataList) char * data = dataList.back(); memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 15152 64189/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15153 64189/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15154 64189/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 151 char * data; map dataMap; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 15155 64189/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 170 char * data; map dataMap; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); void goodG2BSink(map dataMap) char * data = dataMap[2]; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 15156 64212/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_33.cpp Off_by_One_Error_in_Methods 70 char * data; char * &dataRef = data; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataBadBuffer; char * data = dataRef; source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 15157 64212/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_33.cpp Off_by_One_Error_in_Methods 43 char * data; char * &dataRef = data; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; char * data = dataRef; source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 15158 64212/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_33.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15159 64212/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_33.cpp Buffer_Overflow_boundedcpy 67 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15160 64227/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_72.cpp Off_by_One_Error_in_Methods 169 char * data; vector dataVector; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = '\0'; strncat(data, source, 100); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncat(data, source, 100); 0 --------------------------------- 15161 64227/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_72.cpp Off_by_One_Error_in_Methods 151 char * data; vector dataVector; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 15162 64228/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_73.cpp Off_by_One_Error_in_Methods 169 char * data; list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; strncat(data, source, 100); void goodG2BSink(list dataList) char * data = dataList.back(); strncat(data, source, 100); 0 --------------------------------- 15163 64228/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_73.cpp Off_by_One_Error_in_Methods 151 char * data; list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 15164 64229/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_74.cpp Off_by_One_Error_in_Methods 169 char * data; map dataMap; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = '\0'; strncat(data, source, 100); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncat(data, source, 100); 0 --------------------------------- 15165 64229/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_74.cpp Off_by_One_Error_in_Methods 151 char * data; map dataMap; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 15166 64229/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_74.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15167 64252/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_33.cpp Off_by_One_Error_in_Methods 71 char * data; char * &dataRef = data; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataBadBuffer; char * data = dataRef; source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 15168 64252/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_33.cpp Off_by_One_Error_in_Methods 43 char * data; char * &dataRef = data; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; char * data = dataRef; source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 15169 64252/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_33.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15170 64252/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_33.cpp Buffer_Overflow_boundedcpy 68 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15171 64267/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_72.cpp Off_by_One_Error_in_Methods 151 char * data; vector dataVector; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 15172 64267/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_72.cpp Off_by_One_Error_in_Methods 170 char * data; vector dataVector; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = '\0'; strncpy(data, source, 100-1); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncpy(data, source, 100-1); 0 --------------------------------- 15173 64267/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 167 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15174 64267/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15175 64268/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_73.cpp Off_by_One_Error_in_Methods 151 char * data; list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 15176 64268/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_73.cpp Off_by_One_Error_in_Methods 170 list dataList; data = dataGoodBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; strncpy(data, source, 100-1); void goodG2BSink(list dataList) char * data = dataList.back(); strncpy(data, source, 100-1); 0 --------------------------------- 15177 64268/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_73.cpp Buffer_Overflow_LowBound 151 char * data; list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 15178 64268/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_73.cpp Buffer_Overflow_LowBound 170 char * data; list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; strncpy(data, source, 100-1); void goodG2BSink(list dataList) char * data = dataList.back(); strncpy(data, source, 100-1); 0 --------------------------------- 15179 64269/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_74.cpp Off_by_One_Error_in_Methods 151 char * data; map dataMap; char dataBadBuffer[50]; char dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 15180 64269/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_74.cpp Off_by_One_Error_in_Methods 170 char * data; map dataMap; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = '\0'; strncpy(data, source, 100-1); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncpy(data, source, 100-1); 0 --------------------------------- 15181 64292/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_33.cpp Buffer_Overflow_boundedcpy 73 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15182 64292/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_33.cpp Buffer_Overflow_boundedcpy 46 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15183 64307/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_72.cpp Buffer_Overflow_boundedcpy 154 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15184 64307/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_72.cpp Buffer_Overflow_boundedcpy 172 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15185 64308/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_73.cpp Buffer_Overflow_boundedcpy 154 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15186 64308/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_73.cpp Buffer_Overflow_boundedcpy 172 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15187 64309/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_74.cpp Buffer_Overflow_boundedcpy 154 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15188 64309/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_74.cpp Buffer_Overflow_boundedcpy 172 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 15189 64372/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 38 int64_t * data; int64_t * &dataRef = data; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); data = dataBadBuffer; int64_t * data = dataRef; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15190 64372/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 62 int64_t * data; int64_t * &dataRef = data; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); data = dataGoodBuffer; int64_t * data = dataRef; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15191 64387/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 143 int64_t * data; vector dataVector; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) int64_t * data = dataVector[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15192 64387/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 159 int64_t * data; vector dataVector; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); void goodG2BSink(vector dataVector) int64_t * data = dataVector[2]; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15193 64388/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 143 int64_t * data; list dataList; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) int64_t * data = dataList.back(); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15194 64388/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 159 int64_t * data; list dataList; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); void goodG2BSink(list dataList) int64_t * data = dataList.back(); memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15195 64389/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 143 int64_t * data; map dataMap; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) int64_t * data = dataMap[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15196 64389/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 159 int64_t * data; map dataMap; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); data = dataGoodBuffer; dataMap[2] = data; goodG2BSink(dataMap); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); void goodG2BSink(map dataMap) int64_t * data = dataMap[2]; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15197 64412/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 38 int64_t * data; int64_t * &dataRef = data; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); data = dataBadBuffer; int64_t * data = dataRef; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15198 64412/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 62 int64_t * data; int64_t * &dataRef = data; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); data = dataGoodBuffer; int64_t * data = dataRef; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15199 64427/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 159 int64_t * data; vector dataVector; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); void goodG2BSink(vector dataVector) int64_t * data = dataVector[2]; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15200 64427/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 143 int64_t * data; vector dataVector; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) int64_t * data = dataVector[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15201 64428/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 159 int64_t * data; list dataList; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); void goodG2BSink(list dataList) int64_t * data = dataList.back(); memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15202 64428/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 143 int64_t * data; list dataList; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) int64_t * data = dataList.back(); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15203 64429/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 159 int64_t * data; map dataMap; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); data = dataGoodBuffer; dataMap[2] = data; goodG2BSink(dataMap); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); void goodG2BSink(map dataMap) int64_t * data = dataMap[2]; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15204 64429/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 143 int64_t * data; map dataMap; int64_t * dataBadBuffer = (int64_t *)ALLOCA(50*sizeof(int64_t)); int64_t * dataGoodBuffer = (int64_t *)ALLOCA(100*sizeof(int64_t)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) int64_t * data = dataMap[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15205 64492/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 38 int64_t * data; int64_t * &dataRef = data; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; data = dataBadBuffer; int64_t * data = dataRef; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15206 64492/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 62 int64_t * data; int64_t * &dataRef = data; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; data = dataGoodBuffer; int64_t * data = dataRef; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15207 64507/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 143 int64_t * data; vector dataVector; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) int64_t * data = dataVector[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15208 64507/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 159 int64_t * data; vector dataVector; int64_t dataGoodBuffer[100]; data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); void goodG2BSink(vector dataVector) int64_t * data = dataVector[2]; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15209 64508/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 143 int64_t * data; list dataList; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) int64_t * data = dataList.back(); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15210 64508/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 159 int64_t * data; list dataList; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); void goodG2BSink(list dataList) int64_t * data = dataList.back(); memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15211 64509/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 143 int64_t * data; map dataMap; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) int64_t * data = dataMap[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15212 64509/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 159 int64_t * data; map dataMap; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; data = dataGoodBuffer; dataMap[2] = data; goodG2BSink(dataMap); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); void goodG2BSink(map dataMap) int64_t * data = dataMap[2]; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15213 64532/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 38 int64_t * data; int64_t * &dataRef = data; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; data = dataBadBuffer; int64_t * data = dataRef; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15214 64532/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 62 int64_t * data; int64_t * &dataRef = data; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; data = dataGoodBuffer; int64_t * data = dataRef; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15215 64547/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 159 int64_t * data; vector dataVector; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); void goodG2BSink(vector dataVector) int64_t * data = dataVector[2]; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15216 64547/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 143 int64_t * data; vector dataVector; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) int64_t * data = dataVector[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15217 64548/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 159 int64_t * data; list dataList; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); void goodG2BSink(list dataList) int64_t * data = dataList.back(); memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15218 64548/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 143 int64_t * data; list dataList; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) int64_t * data = dataList.back(); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15219 64549/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 159 int64_t * data; map dataMap; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; data = dataGoodBuffer; dataMap[2] = data; goodG2BSink(dataMap); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); void goodG2BSink(map dataMap) int64_t * data = dataMap[2]; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 15220 64549/CWE121_Stack_Based_Buffer_Overflow__CWE805_int64_t_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 143 int64_t * data; map dataMap; int64_t dataBadBuffer[50]; int64_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) int64_t * data = dataMap[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 15221 64612/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 38 int * data; int * &dataRef = data; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); data = dataBadBuffer; int * data = dataRef; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 15222 64612/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 62 int * data; int * &dataRef = data; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); data = dataGoodBuffer; int * data = dataRef; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 15223 64627/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 143 int * data; vector dataVector; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) int * data = dataVector[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 15224 64627/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 159 int * data; vector dataVector; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); void goodG2BSink(vector dataVector) int * data = dataVector[2]; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 15225 64628/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 143 int * data; list dataList; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) int * data = dataList.back(); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 15226 64628/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 159 int * data; list dataList; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); void goodG2BSink(list dataList) int * data = dataList.back(); memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 15227 64629/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 143 int * data; map dataMap; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) int * data = dataMap[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 15228 64629/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 159 int * data; map dataMap; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); data = dataGoodBuffer; dataMap[2] = data; goodG2BSink(dataMap); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); void goodG2BSink(map dataMap) int * data = dataMap[2]; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 15229 64652/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 38 int * data; int * &dataRef = data; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); data = dataBadBuffer; int * data = dataRef; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 15230 64652/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 62 int * data; int * &dataRef = data; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); data = dataGoodBuffer; int * data = dataRef; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 15231 64667/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 159 int * data vector dataVector; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); void goodG2BSink(vector dataVector) int * data = dataVector[2]; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 15232 64667/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 143 int * data; vector dataVector; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) int * data = dataVector[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 15233 64668/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 159 int * data; list dataList; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); void goodG2BSink(list dataList) int * data = dataList.back(); memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 15234 64668/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 143 int * data; list dataList; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) int * data = dataList.back(); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 15235 64669/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 159 int * data; map dataMap; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); data = dataGoodBuffer; dataMap[2] = data; goodG2BSink(dataMap); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); void goodG2BSink(map dataMap) int * data = dataMap[2]; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 15236 64669/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 143 int * data; map dataMap; int * dataBadBuffer = (int *)ALLOCA(50*sizeof(int)); int * dataGoodBuffer = (int *)ALLOCA(100*sizeof(int)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) int * data = dataMap[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 15237 64732/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 62 int * data; int * &dataRef = data; int dataBadBuffer[50]; int dataGoodBuffer[100]; data = dataBadBuffer; int * data = dataRef; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 15238 64732/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 38 int * data; int * &dataRef = data; int dataBadBuffer[50]; int dataGoodBuffer[100]; data = dataGoodBuffer; int * data = dataRef; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 15239 64747/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 143 int * data; vector dataVector; int dataGoodBuffer[100]; data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) int * data = dataVector[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 15240 64747/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 159 int * data; vector dataVector; int dataGoodBuffer[100]; data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); void goodG2BSink(vector dataVector) int * data = dataVector[2]; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 15241 64748/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 143 int * data; list dataList; int dataGoodBuffer[100]; data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) int * data = dataList.back(); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 15242 64748/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 159 int * data; list dataList; int dataGoodBuffer[100]; data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); void goodG2BSink(list dataList) int * data = dataList.back(); memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 15243 64749/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 143 int * data; map dataMap; int dataBadBuffer[50]; int dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) int * data = dataMap[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 15244 64749/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 159 int * data; map dataMap; int dataBadBuffer[50]; int dataGoodBuffer[100]; data = dataGoodBuffer; dataMap[2] = data; goodG2BSink(dataMap); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); void goodG2BSink(map dataMap) int * data = dataMap[2]; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 15245 64772/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 62 int * data; int * &dataRef = data; int dataBadBuffer[50]; int dataGoodBuffer[100]; data = dataBadBuffer; int * data = dataRef; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 15246 64772/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 38 int * data; int * &dataRef = data; int dataBadBuffer[50]; int dataGoodBuffer[100]; data = dataGoodBuffer; int * data = dataRef; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 15247 64787/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 159 int * data; vector dataVector; int dataGoodBuffer[100]; data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); void goodG2BSink(vector dataVector) int * data = dataVector[2]; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 15248 64787/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 143 int * data; vector dataVector; int dataGoodBuffer[100]; data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) int * data = dataVector[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 15249 64788/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 159 int * data; list dataList; int dataBadBuffer[50]; int dataGoodBuffer[100]; data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); void goodG2BSink(list dataList) int * data = dataList.back(); memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 15250 64788/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 143 int * data; list dataList; int dataBadBuffer[50]; int dataGoodBuffer[100]; data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) int * data = dataList.back(); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 15251 64789/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 159 int * data; int * &dataRef = data; int dataBadBuffer[50]; int dataGoodBuffer[100]; data = dataGoodBuffer; dataMap[2] = data; goodG2BSink(dataMap); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); void goodG2BSink(map dataMap) int * data = dataMap[2]; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 15252 64789/CWE121_Stack_Based_Buffer_Overflow__CWE805_int_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 143 int * data; map dataMap; int dataBadBuffer[50]; int dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) int * data = dataMap[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 15253 64852/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 80 twoIntsStruct * data; twoIntsStruct * &dataRef = data; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); data = dataBadBuffer; twoIntsStruct * data = dataRef; twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15254 64852/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 47 twoIntsStruct * data; twoIntsStruct * &dataRef = data; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); data = dataGoodBuffer; twoIntsStruct * data = dataRef; twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15255 64867/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 152 twoIntsStruct * data; vector dataVector; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) twoIntsStruct * data = dataVector[2]; twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15256 64867/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 177 twoIntsStruct * data; vector dataVector; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); void goodG2BSink(vector dataVector) twoIntsStruct * data = dataVector[2]; memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15257 64868/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 152 twoIntsStruct * data; vector dataVector; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(list dataList) twoIntsStruct * data = dataList.back(); twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15258 64868/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 177 list dataList; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); void goodG2BSink(list dataList) twoIntsStruct * data = dataList.back(); memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15259 64869/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 152 twoIntsStruct * data; map dataMap; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) twoIntsStruct * data = dataMap[2]; twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15260 64869/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 177 twoIntsStruct * data; map dataMap; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); data = dataGoodBuffer; dataMap[2] = data; goodG2BSink(dataMap); twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); void goodG2BSink(map dataMap) twoIntsStruct * data = dataMap[2]; memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15261 64892/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 80 twoIntsStruct * data; twoIntsStruct * &dataRef = data; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); data = dataBadBuffer; twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15262 64892/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 47 twoIntsStruct * data; twoIntsStruct * &dataRef = data; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); data = dataGoodBuffer; twoIntsStruct * data = dataRef; twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15263 64907/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 152 twoIntsStruct * data; vector dataVector; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) twoIntsStruct * data = dataVector[2]; twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15264 64907/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 177 twoIntsStruct * data; vector dataVector; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); void goodG2BSink(vector dataVector) twoIntsStruct * data = dataVector[2]; memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15265 64908/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 152 twoIntsStruct * data; list dataList; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) twoIntsStruct * data = dataList.back(); twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15266 64908/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 177 twoIntsStruct * data; list dataList; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); void goodG2BSink(list dataList) twoIntsStruct * data = dataList.back(); memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15267 64909/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 152 twoIntsStruct * data; map dataMap; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) twoIntsStruct * data = dataMap[2]; twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15268 64909/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 177 twoIntsStruct * data; map dataMap; twoIntsStruct * dataBadBuffer = (twoIntsStruct *)ALLOCA(50*sizeof(twoIntsStruct)); twoIntsStruct * dataGoodBuffer = (twoIntsStruct *)ALLOCA(100*sizeof(twoIntsStruct)); data = dataGoodBuffer; dataMap[2] = data; goodG2BSink(dataMap); twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); void goodG2BSink(map dataMap) twoIntsStruct * data = dataMap[2]; memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15269 64972/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 80 twoIntsStruct * data; twoIntsStruct * &dataRef = data; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; twoIntsStruct * data = dataRef; data = dataGoodBuffer; twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15270 64972/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 80 twoIntsStruct * data; twoIntsStruct * &dataRef = data; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; data = dataBadBuffer; twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15271 64987/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 152 twoIntsStruct * data; vector dataVector; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) twoIntsStruct * data = dataVector[2]; twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15272 64987/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 177 twoIntsStruct * data; vector dataVector; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); void goodG2BSink(vector dataVector) twoIntsStruct * data = dataVector[2]; memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15273 64988/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 152 twoIntsStruct * data; list dataList; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) twoIntsStruct * data = dataList.back(); twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15274 64988/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 177 twoIntsStruct * data; list dataList; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); void goodG2BSink(list dataList) twoIntsStruct * data = dataList.back(); memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15275 64989/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 152 twoIntsStruct * data; map dataMap; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) twoIntsStruct * data = dataMap[2]; twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15276 64989/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 177 twoIntsStruct * data; map dataMap; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; data = dataGoodBuffer; dataMap[2] = data; goodG2BSink(dataMap); twoIntsStruct source[100]; source[i].intOne = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); void goodG2BSink(map dataMap) twoIntsStruct * data = dataMap[2]; memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15277 65012/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 80 twoIntsStruct * data; twoIntsStruct * &dataRef = data; twoIntsStruct dataGoodBuffer[100]; twoIntsStruct * data = dataRef; twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15278 65012/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 47 twoIntsStruct * data; twoIntsStruct * &dataRef = data; twoIntsStruct dataBadBuffer[50]; data = dataBadBuffer; twoIntsStruct * data = dataRef; twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15279 65027/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 152 twoIntsStruct * data; vector dataVector; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) twoIntsStruct * data = dataVector[2]; twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15280 65027/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 177 twoIntsStruct * data; vector dataVector; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); void goodG2BSink(vector dataVector) twoIntsStruct * data = dataVector[2]; memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15281 65028/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 152 twoIntsStruct * data; list dataList; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) twoIntsStruct * data = dataList.back(); twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15282 65028/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 177 twoIntsStruct * data; list dataList; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); void goodG2BSink(list dataList) twoIntsStruct * data = dataList.back(); memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15283 65029/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 152 twoIntsStruct * data; map dataMap; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) twoIntsStruct * data = dataMap[2]; twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 15284 65029/CWE121_Stack_Based_Buffer_Overflow__CWE805_struct_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 177 twoIntsStruct * data; map dataMap; twoIntsStruct dataBadBuffer[50]; twoIntsStruct dataGoodBuffer[100]; data = dataGoodBuffer; dataMap[2] = data; goodG2BSink(dataMap); twoIntsStruct source[100]; source[i].intOne = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); void goodG2BSink(map dataMap) twoIntsStruct * data = dataMap[2]; memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 15285 65052/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_loop_33.cpp Buffer_Overflow_boundedcpy 73 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15286 65052/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_loop_33.cpp Buffer_Overflow_boundedcpy 41 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15287 65067/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_loop_72.cpp Buffer_Overflow_boundedcpy 172 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15288 65067/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_loop_72.cpp Buffer_Overflow_boundedcpy 149 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15289 65068/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_loop_73.cpp Buffer_Overflow_boundedcpy 172 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15290 65068/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_loop_73.cpp Buffer_Overflow_boundedcpy 149 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15291 65069/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_loop_74.cpp Buffer_Overflow_boundedcpy 172 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15292 65069/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_loop_74.cpp Buffer_Overflow_boundedcpy 149 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15293 65092/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 68 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15294 65092/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 43 wchar_t * data; wchar_t * &dataRef = data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 15295 65092/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15296 65107/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15297 65107/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 167 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15298 65107/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 151 wchar_t * data; vector dataVector; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 15299 65107/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 170 wchar_t * data; vector dataVector; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data[0] = L'\0'; data = dataGoodBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 15300 65108/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15301 65108/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 167 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15302 65108/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 151 wchar_t * data; list dataList; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 15303 65108/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 170 wchar_t * data; list dataList; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data[0] = L'\0'; data = dataGoodBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 15304 65109/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15305 65109/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 167 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15306 65109/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 151 wchar_t * data; map dataMap; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 15307 65109/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 170 wchar_t * data; map dataMap; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 15308 65172/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_33.cpp Off_by_One_Error_in_Methods 70 wchar_t * data; wchar_t * &dataRef = data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBadBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 15309 65172/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_33.cpp Off_by_One_Error_in_Methods 43 wchar_t * data; wchar_t * &dataRef = data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 15310 65172/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_33.cpp Buffer_Overflow_boundedcpy 67 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15311 65172/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15312 65187/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_72.cpp Off_by_One_Error_in_Methods 151 wchar_t * data; vector dataVector; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 15313 65187/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_72.cpp Off_by_One_Error_in_Methods 169 wchar_t * data; vector dataVector; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = L'\0'; wcsncat(data, source, 100); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncat(data, source, 100); 0 --------------------------------- 15314 65187/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15315 65187/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_72.cpp Buffer_Overflow_boundedcpy 151 wchar_t * data; vector dataVector; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 15316 65187/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_72.cpp Buffer_Overflow_boundedcpy 169 wchar_t * data; vector dataVector; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = L'\0'; wcsncat(data, source, 100); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncat(data, source, 100); 0 --------------------------------- 15317 65188/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_73.cpp Off_by_One_Error_in_Methods 151 wchar_t * data; vector dataList; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 15318 65188/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_73.cpp Off_by_One_Error_in_Methods 169 wchar_t * data; list dataList; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = L'\0'; wcsncat(data, source, 100); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncat(data, source, 100); 0 --------------------------------- 15319 65188/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15320 65189/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_74.cpp Off_by_One_Error_in_Methods 151 wchar_t * data; map dataMap; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 15321 65189/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_74.cpp Off_by_One_Error_in_Methods 169 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = L'\0'; wcsncat(data, source, 100); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncat(data, source, 100); 0 --------------------------------- 15322 65189/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15323 65212/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_33.cpp Off_by_One_Error_in_Methods 43 wchar_t * data; wchar_t * &dataRef = data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBadBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 15324 65212/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_33.cpp Off_by_One_Error_in_Methods 71 wchar_t * data; wchar_t * &dataRef = data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 15325 65212/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15326 65227/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_72.cpp Off_by_One_Error_in_Methods 170 wchar_t * data; vector dataVector; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncpy(data, source, 100-1); 0 --------------------------------- 15327 65227/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_72.cpp Off_by_One_Error_in_Methods 151 wchar_t * data; vector dataVector; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 15328 65227/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15329 65228/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_73.cpp Off_by_One_Error_in_Methods 170 wchar_t * data; list dataList; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncpy(data, source, 100-1); 0 --------------------------------- 15330 65228/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_73.cpp Off_by_One_Error_in_Methods 151 wchar_t * data; list dataList; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 15331 65228/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15332 65229/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_74.cpp Off_by_One_Error_in_Methods 170 wchar_t * data; map dataMap; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncpy(data, source, 100-1); 0 --------------------------------- 15333 65229/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_74.cpp Off_by_One_Error_in_Methods 151 wchar_t * data; map dataMap; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 15334 65229/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15335 65252/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_33.cpp Buffer_Overflow_boundedcpy 46 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15336 65267/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_72.cpp Buffer_Overflow_boundedcpy 172 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15337 65268/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_73.cpp Buffer_Overflow_boundedcpy 172 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15338 65269/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_74.cpp Buffer_Overflow_boundedcpy 172 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15339 65292/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_loop_33.cpp Buffer_Overflow_boundedcpy 73 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15340 65307/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_loop_72.cpp Buffer_Overflow_boundedcpy 172 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15341 65308/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_loop_73.cpp Buffer_Overflow_boundedcpy 149 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15342 65309/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_loop_74.cpp Buffer_Overflow_boundedcpy 172 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15343 65309/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_loop_74.cpp Buffer_Overflow_boundedcpy 149 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15344 65332/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 68 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15345 65332/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 43 wchar_t * data; wchar_t * &dataRef = data; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 15346 65347/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15347 65347/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 167 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15348 65347/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 151 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 15349 65347/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 170 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 15350 65348/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15351 65348/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 167 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15352 65348/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 151 wchar_t * data; list dataList; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 15353 65348/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 170 wchar_t * data; list dataList; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 15354 65349/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15355 65349/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 167 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15356 65349/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 151 wchar_t * data; map dataMap; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 15357 65349/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 170 wchar_t * data; map dataMap; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 15358 65372/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 71 wchar_t * data; wchar_t * &dataRef = data; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 15359 65372/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 68 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15360 65387/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 151 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 15361 65387/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15362 65387/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 167 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15363 65387/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 170 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 15364 65388/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 151 wchar_t * data; list dataList; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 15365 65388/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15366 65388/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 167 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15367 65388/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 170 wchar_t * data; list dataList; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 15368 65389/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 151 wchar_t * data; map dataMap; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 15369 65389/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15370 65389/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 167 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15371 65389/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 170 wchar_t * data; map dataMap; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 15372 65412/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_33.cpp Off_by_One_Error_in_Methods 70 wchar_t * data; wchar_t * &dataRef = data; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 15373 65412/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_33.cpp Off_by_One_Error_in_Methods 43 wchar_t * data; wchar_t * &dataRef = data; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 15374 65412/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_33.cpp Buffer_Overflow_boundedcpy 67 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15375 65412/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15376 65427/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_72.cpp Off_by_One_Error_in_Methods 169 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = L'\0'; wcsncat(data, source, 100); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncat(data, source, 100); 0 --------------------------------- 15377 65427/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_72.cpp Buffer_Overflow_LowBound 151 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 15378 65427/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15379 65428/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_73.cpp Off_by_One_Error_in_Methods 151 wchar_t * data; list dataList; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 15380 65428/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_73.cpp Off_by_One_Error_in_Methods 169 wchar_t * data; list dataList; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = L'\0'; wcsncat(data, source, 100); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncat(data, source, 100); 0 --------------------------------- 15381 65429/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_74.cpp Off_by_One_Error_in_Methods 151 wchar_t * data; map dataMap; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 15382 65429/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_74.cpp Off_by_One_Error_in_Methods 169 wchar_t * data; map dataMap; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = L'\0'; wcsncat(data, source, 100); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncat(data, source, 100); 0 --------------------------------- 15383 65429/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_74.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15384 65452/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_33.cpp Off_by_One_Error_in_Methods 43 wchar_t * data; wchar_t * &dataRef = data; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 15385 65452/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_33.cpp Off_by_One_Error_in_Methods 71 wchar_t * data; wchar_t * &dataRef = data; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 15386 65452/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15387 65467/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_72.cpp Off_by_One_Error_in_Methods 170 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncpy(data, source, 100-1); 0 --------------------------------- 15388 65467/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_72.cpp Off_by_One_Error_in_Methods 151 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 15389 65467/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 167 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15390 65468/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_73.cpp Off_by_One_Error_in_Methods 170 wchar_t * data; list dataList; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncpy(data, source, 100-1); 0 --------------------------------- 15391 65468/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_73.cpp Off_by_One_Error_in_Methods 151 wchar_t * data; list dataList; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 15392 65468/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_73.cpp Buffer_Overflow_boundedcpy 167 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 15393 69519/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_53.cpp Buffer_Overflow_boundedcpy 234 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15394 69520/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_54.cpp Buffer_Overflow_boundedcpy 287 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) badSink_e(data); void badSink_e(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15395 69520/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_54.cpp Buffer_Overflow_boundedcpy 304 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) goodG2BSink_e(data); void goodG2BSink_e(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 15396 69520/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_54.cpp Buffer_Overflow_boundedcpy 52 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15397 69520/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_54.cpp Buffer_Overflow_boundedcpy 34 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15398 69521/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_61.cpp Buffer_Overflow_boundedcpy 133 data = new char[100]; data = badSource(data); char * badSource(char * data) memset(data, 'A', 100-1); 0 --------------------------------- 15399 69521/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_61.cpp Buffer_Overflow_boundedcpy 59 char * data; data = new char[100]; data = goodG2BSource(data); char * goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 15400 69521/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_61.cpp Buffer_Overflow_boundedcpy 37 char * data; data = new char[100]; data = badSource(data); char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15401 69521/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_61.cpp Buffer_Overflow_boundedcpy 146 data = new char[100]; data = goodG2BSource(data); char * goodG2BSource(char * data) memset(data, 'A', 50-1); 0 --------------------------------- 15402 69522/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 133 data = new char[100]; badSource(data); void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 15403 69522/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 145 data = new char[100]; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 15404 69522/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 37 char * data; data = new char[100]; badSource(data); void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15405 69522/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 59 char * data; data = new char[100]; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 15406 69523/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_63.cpp Buffer_Overflow_boundedcpy 144 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; goodG2BSink(&data); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 15407 69523/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_63.cpp Buffer_Overflow_boundedcpy 34 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15408 69523/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_63.cpp Buffer_Overflow_boundedcpy 126 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15409 69523/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_63.cpp Buffer_Overflow_boundedcpy 51 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15410 69524/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_64.cpp Buffer_Overflow_boundedcpy 34 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15411 69524/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_64.cpp Buffer_Overflow_boundedcpy 150 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 15412 69524/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_64.cpp Buffer_Overflow_boundedcpy 129 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15413 69524/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_64.cpp Buffer_Overflow_boundedcpy 51 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15414 69525/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_65.cpp Buffer_Overflow_boundedcpy 36 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15415 69525/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_65.cpp Buffer_Overflow_boundedcpy 55 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15416 69525/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_65.cpp Buffer_Overflow_boundedcpy 129 char * data; void (*funcPtr) (char *) = badSink; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); void badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15417 69525/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_65.cpp Buffer_Overflow_boundedcpy 146 char * data; void (*funcPtr) (char *) = goodG2BSink; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); void goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 15418 69526/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_66.cpp Buffer_Overflow_boundedcpy 152 char * data; char * dataArray[5]; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 15419 69526/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_66.cpp Buffer_Overflow_boundedcpy 134 char * data; char * dataArray[5]; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; dataArray[2] = data; badSink(dataArray); void badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15420 69526/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_66.cpp Buffer_Overflow_boundedcpy 35 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15421 69526/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_66.cpp Buffer_Overflow_boundedcpy 57 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15422 69527/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_67.cpp Buffer_Overflow_boundedcpy 59 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15423 69527/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_67.cpp Buffer_Overflow_boundedcpy 158 char * data; structType myStruct; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 15424 69527/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_67.cpp Buffer_Overflow_boundedcpy 140 char * data; structType myStruct; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15425 69527/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_67.cpp Buffer_Overflow_boundedcpy 40 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15426 69528/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_68.cpp Buffer_Overflow_boundedcpy 37 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15427 69528/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_68.cpp Buffer_Overflow_boundedcpy 155 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_68_goodG2BData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 15428 69528/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_68.cpp Buffer_Overflow_boundedcpy 56 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15429 69528/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_68.cpp Buffer_Overflow_boundedcpy 137 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_68_badData = data; badSink(); void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_68_badData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15430 69529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 62 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15431 69529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 163 char * data; vector dataVector; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 15432 69529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 38 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15433 69529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 145 char * data; vector dataVector; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15434 69530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 62 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15435 69530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 163 char * data; list dataList; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 15436 69530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 38 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15437 69530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 145 char * data; list dataList; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15438 69531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 62 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15439 69531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 163 char * data; map dataMap; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 15440 69531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 38 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15441 69531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 145 char * data; map dataMap; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 15442 69536/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_01.cpp Buffer_Overflow_LowBound 42 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15443 69536/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_01.cpp Buffer_Overflow_LowBound 63 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15444 69536/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_01.cpp Buffer_Overflow_boundedcpy 37 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15445 69536/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_01.cpp Buffer_Overflow_boundedcpy 58 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15446 69537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_02.cpp Buffer_Overflow_LowBound 94 char * data; data = new char[100]; if(1) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15447 69537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_02.cpp Buffer_Overflow_LowBound 45 char * data; data = new char[100]; if(1) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15448 69537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_02.cpp Buffer_Overflow_LowBound 74 char * data; data = new char[100]; if(0) else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15449 69537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_02.cpp Buffer_Overflow_boundedcpy 68 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15450 69537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_02.cpp Buffer_Overflow_boundedcpy 39 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15451 69537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_02.cpp Buffer_Overflow_boundedcpy 88 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15452 69538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_03.cpp Buffer_Overflow_LowBound 94 char * data; data = new char[100]; if(5==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15453 69538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_03.cpp Buffer_Overflow_LowBound 45 char * data; data = new char[100]; if(5==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15454 69538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_03.cpp Buffer_Overflow_LowBound 74 char * data; data = new char[100]; if(5!=5) else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15455 69538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_03.cpp Buffer_Overflow_boundedcpy 68 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15456 69538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_03.cpp Buffer_Overflow_boundedcpy 39 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15457 69538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_03.cpp Buffer_Overflow_boundedcpy 88 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15458 69539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_04.cpp Buffer_Overflow_LowBound 51 char * data; data = new char[100]; if(STATIC_CONST_TRUE) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15459 69539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_04.cpp Buffer_Overflow_LowBound 80 char * data; data = new char[100]; if(STATIC_CONST_FALSE) else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15460 69539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_04.cpp Buffer_Overflow_LowBound 100 char * data; data = new char[100]; if(STATIC_CONST_TRUE) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15461 69539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_04.cpp Buffer_Overflow_boundedcpy 45 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15462 69539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_04.cpp Buffer_Overflow_boundedcpy 94 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15463 69539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_04.cpp Buffer_Overflow_boundedcpy 74 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15464 69540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_05.cpp Buffer_Overflow_LowBound 51 char * data; data = new char[100]; if(staticTrue) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15465 69540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_05.cpp Buffer_Overflow_LowBound 80 char * data; data = new char[100]; if(staticFalse) else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15466 69540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_05.cpp Buffer_Overflow_LowBound 100 char * data; data = new char[100]; if(staticTrue) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15467 69540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_05.cpp Buffer_Overflow_boundedcpy 45 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15468 69540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_05.cpp Buffer_Overflow_boundedcpy 94 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15469 69540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_05.cpp Buffer_Overflow_boundedcpy 74 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15470 69541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_06.cpp Buffer_Overflow_LowBound 99 char * data; data = new char[100]; if(STATIC_CONST_FIVE==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15471 69541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_06.cpp Buffer_Overflow_LowBound 50 char * data; data = new char[100]; if(STATIC_CONST_FIVE==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15472 69541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_06.cpp Buffer_Overflow_LowBound 79 char * data; data = new char[100]; if(STATIC_CONST_FIVE!=5) else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15473 69541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_06.cpp Buffer_Overflow_boundedcpy 73 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15474 69541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_06.cpp Buffer_Overflow_boundedcpy 44 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15475 69541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_06.cpp Buffer_Overflow_boundedcpy 93 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15476 69542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_07.cpp Buffer_Overflow_LowBound 99 char * data; data = new char[100]; if(staticFive==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15477 69542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_07.cpp Buffer_Overflow_LowBound 50 char * data; data = new char[100]; if(staticFive==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15478 69542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_07.cpp Buffer_Overflow_LowBound 79 char * data; data = new char[100]; if(staticFive!=5) else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15479 69542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_07.cpp Buffer_Overflow_boundedcpy 73 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15480 69542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_07.cpp Buffer_Overflow_boundedcpy 44 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15481 69542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_07.cpp Buffer_Overflow_boundedcpy 93 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15482 69543/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_08.cpp Buffer_Overflow_LowBound 107 char * data; data = new char[100]; if(staticReturnsTrue()) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15483 69543/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_08.cpp Buffer_Overflow_LowBound 58 char * data; data = new char[100]; if(staticReturnsTrue()) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15484 69543/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_08.cpp Buffer_Overflow_LowBound 87 char * data; data = new char[100]; if(staticReturnsFalse()) else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15485 69543/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_08.cpp Buffer_Overflow_boundedcpy 81 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15486 69543/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_08.cpp Buffer_Overflow_boundedcpy 52 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15487 69543/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_08.cpp Buffer_Overflow_boundedcpy 101 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15488 69544/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_09.cpp Buffer_Overflow_LowBound 94 char * data; data = new char[100]; if(GLOBAL_CONST_TRUE) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15489 69544/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_09.cpp Buffer_Overflow_LowBound 45 char * data; data = new char[100]; if(GLOBAL_CONST_TRUE) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15490 69544/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_09.cpp Buffer_Overflow_LowBound 74 char * data; data = new char[100]; if(GLOBAL_CONST_FALSE) else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15491 69544/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_09.cpp Buffer_Overflow_boundedcpy 68 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15492 69544/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_09.cpp Buffer_Overflow_boundedcpy 39 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15493 69544/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_09.cpp Buffer_Overflow_boundedcpy 88 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15494 69545/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_10.cpp Buffer_Overflow_LowBound 94 char * data; data = new char[100]; if(globalTrue) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15495 69545/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_10.cpp Buffer_Overflow_LowBound 45 char * data; data = new char[100]; if(globalTrue) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15496 69545/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_10.cpp Buffer_Overflow_LowBound 74 char * data; data = new char[100]; if(globalFalse) else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15497 69545/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_10.cpp Buffer_Overflow_boundedcpy 68 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15498 69545/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_10.cpp Buffer_Overflow_boundedcpy 39 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15499 69545/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_10.cpp Buffer_Overflow_boundedcpy 88 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15500 69546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_11.cpp Buffer_Overflow_LowBound 94 char * data; data = new char[100]; if(globalReturnsTrue()) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15501 69546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_11.cpp Buffer_Overflow_LowBound 45 char * data; data = new char[100]; if(globalReturnsTrue()) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15502 69546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_11.cpp Buffer_Overflow_LowBound 74 char * data; data = new char[100]; if(globalReturnsFalse()) else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15503 69546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_11.cpp Buffer_Overflow_boundedcpy 68 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15504 69546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_11.cpp Buffer_Overflow_boundedcpy 39 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15505 69546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_11.cpp Buffer_Overflow_boundedcpy 88 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15506 69547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_12.cpp Buffer_Overflow_LowBound 51 char * data; data = new char[100]; if(globalReturnsTrueOrFalse()) memset(data, 'A', 100-1); data[100-1] = '\0'; else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15507 69547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_12.cpp Buffer_Overflow_LowBound 82 char * data; data = new char[100]; if(globalReturnsTrueOrFalse()) memset(data, 'A', 50-1); data[50-1] = '\0'; else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15508 69547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_12.cpp Buffer_Overflow_boundedcpy 70 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15509 69547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_12.cpp Buffer_Overflow_boundedcpy 76 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15510 69547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_12.cpp Buffer_Overflow_boundedcpy 45 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15511 69547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_12.cpp Buffer_Overflow_boundedcpy 39 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15512 69548/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_13.cpp Buffer_Overflow_LowBound 94 char * data; data = new char[100]; if(GLOBAL_CONST_FIVE==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15513 69548/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_13.cpp Buffer_Overflow_LowBound 45 char * data; data = new char[100]; if(GLOBAL_CONST_FIVE==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15514 69548/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_13.cpp Buffer_Overflow_LowBound 74 char * data; data = new char[100]; if(GLOBAL_CONST_FIVE!=5) else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15515 69548/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_13.cpp Buffer_Overflow_boundedcpy 68 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15516 69548/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_13.cpp Buffer_Overflow_boundedcpy 39 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15517 69548/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_13.cpp Buffer_Overflow_boundedcpy 88 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15518 69549/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_14.cpp Buffer_Overflow_LowBound 94 char * data; data = new char[100]; if(globalFive==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15519 69549/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_14.cpp Buffer_Overflow_LowBound 45 char * data; data = new char[100]; if(globalFive==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15520 69549/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_14.cpp Buffer_Overflow_LowBound 74 char * data; data = new char[100]; if(globalFive!=5) else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15521 69549/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_14.cpp Buffer_Overflow_boundedcpy 68 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15522 69549/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_14.cpp Buffer_Overflow_boundedcpy 39 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15523 69549/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_14.cpp Buffer_Overflow_boundedcpy 88 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15524 69550/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_15.cpp Buffer_Overflow_LowBound 81 char * data; data = new char[100]; switch(5) default: memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15525 69550/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_15.cpp Buffer_Overflow_LowBound 51 char * data; data = new char[100]; switch(6) case 6: memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15526 69550/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_15.cpp Buffer_Overflow_LowBound 107 char * data; data = new char[100]; switch(6) case 6: memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15527 69550/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_15.cpp Buffer_Overflow_boundedcpy 74 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15528 69550/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_15.cpp Buffer_Overflow_boundedcpy 96 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15529 69550/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_15.cpp Buffer_Overflow_boundedcpy 40 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15530 69551/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_16.cpp Buffer_Overflow_LowBound 46 char * data; data = new char[100]; while(1) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15531 69551/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_16.cpp Buffer_Overflow_LowBound 71 char * data; data = new char[100]; while(1) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15532 69551/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_16.cpp Buffer_Overflow_boundedcpy 39 data = new char[100]; data[100-1] = '\0'; memset(data, 'A', 100-1); 0 --------------------------------- 15533 69551/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_16.cpp Buffer_Overflow_boundedcpy 64 data = new char[100]; data[50-1] = '\0'; memset(data, 'A', 50-1); 0 --------------------------------- 15534 69552/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_17.cpp Buffer_Overflow_LowBound 46 char * data; data = new char[100]; for(i = 0; i < 1; i++) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15535 69552/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_17.cpp Buffer_Overflow_LowBound 71 char * data; data = new char[100]; for(h = 0; h < 1; h++) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15536 69552/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_17.cpp Buffer_Overflow_boundedcpy 65 data = new char[100]; data[50-1] = '\0'; memset(data, 'A', 50-1); 0 --------------------------------- 15537 69552/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_17.cpp Buffer_Overflow_boundedcpy 40 data = new char[100]; data[100-1] = '\0'; memset(data, 'A', 100-1); 0 --------------------------------- 15538 69553/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_18.cpp Buffer_Overflow_LowBound 67 char * data; data = new char[100]; goto source; source: memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15539 69553/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_18.cpp Buffer_Overflow_LowBound 44 char * data; data = new char[100]; goto source; source: memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15540 69553/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_18.cpp Buffer_Overflow_boundedcpy 62 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15541 69553/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_18.cpp Buffer_Overflow_boundedcpy 39 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15542 69554/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_21.cpp Buffer_Overflow_LowBound 96 char * data; data = new char[100]; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) else memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15543 69554/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_21.cpp Buffer_Overflow_LowBound 55 char * data; data = new char[100]; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15544 69554/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_21.cpp Buffer_Overflow_LowBound 124 char * data; data = new char[100]; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15545 69554/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_21.cpp Buffer_Overflow_boundedcpy 81 data = new char[100]; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) memset(data, 'A', 50-1); 0 --------------------------------- 15546 69554/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_21.cpp Buffer_Overflow_boundedcpy 109 data = new char[100]; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) memset(data, 'A', 50-1); 0 --------------------------------- 15547 69554/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_21.cpp Buffer_Overflow_boundedcpy 40 data = new char[100]; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); 0 --------------------------------- 15548 69555/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_22.cpp Buffer_Overflow_LowBound 94 char * data; data = new char[100]; goodG2B2Global = 1; data = goodG2B2Source(data); char * goodG2B2Source(char * data) if(goodG2B2Global) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15549 69555/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_22.cpp Buffer_Overflow_LowBound 75 char * data; data = new char[100]; goodG2B1Global = 0; data = goodG2B1Source(data); char * goodG2B1Source(char * data) if(goodG2B1Global) else memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15550 69555/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_22.cpp Buffer_Overflow_LowBound 47 char * data; data = new char[100]; badGlobal = 1; data = badSource(data); char * badSource(char * data) if(badGlobal) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15551 69555/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_22.cpp Buffer_Overflow_boundedcpy 201 char * goodG2B1Source(char * data) memset(data, 'A', 50-1); 0 --------------------------------- 15552 69555/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_22.cpp Buffer_Overflow_boundedcpy 175 char * badSource(char * data) memset(data, 'A', 100-1); 0 --------------------------------- 15553 69555/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_22.cpp Buffer_Overflow_boundedcpy 213 data = new char[100]; data = goodG2B2Source(data); char * goodG2B2Source(char * data) memset(data, 'A', 50-1); 0 --------------------------------- 15554 69556/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_31.cpp Buffer_Overflow_LowBound 70 char * data data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15555 69556/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_31.cpp Buffer_Overflow_LowBound 45 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15556 69556/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_31.cpp Buffer_Overflow_boundedcpy 62 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15557 69556/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_31.cpp Buffer_Overflow_boundedcpy 37 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15558 69557/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_32.cpp Buffer_Overflow_LowBound 80 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = new char[100]; char * data = *dataPtr1; memset(data, 'A', 50-1); data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15559 69557/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_32.cpp Buffer_Overflow_LowBound 50 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = new char[100]; char * data = *dataPtr1; memset(data, 'A', 100-1); data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15560 69557/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_32.cpp Buffer_Overflow_boundedcpy 71 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15561 69557/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_32.cpp Buffer_Overflow_boundedcpy 41 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15562 69558/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_33.cpp Buffer_Overflow_LowBound 70 char * data; char * &dataRef = data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15563 69558/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_33.cpp Buffer_Overflow_LowBound 45 char * data; char * &dataRef = data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15564 69558/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_33.cpp Buffer_Overflow_boundedcpy 63 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15565 69558/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_33.cpp Buffer_Overflow_boundedcpy 38 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15566 69559/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_34.cpp Buffer_Overflow_LowBound 78 char * data; unionType myUnion; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15567 69559/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_34.cpp Buffer_Overflow_LowBound 52 char * data; unionType myUnion; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15568 69559/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_34.cpp Buffer_Overflow_boundedcpy 70 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15569 69559/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_34.cpp Buffer_Overflow_boundedcpy 44 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15570 69560/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_41.cpp Buffer_Overflow_LowBound 62 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15571 69560/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_41.cpp Buffer_Overflow_LowBound 37 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; badSink(data); void badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15572 69560/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_41.cpp Buffer_Overflow_boundedcpy 74 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15573 69560/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_41.cpp Buffer_Overflow_boundedcpy 48 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15574 69561/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_42.cpp Buffer_Overflow_LowBound 75 char * data; data = new char[100]; data = goodG2BSource(data); static char * goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15575 69561/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_42.cpp Buffer_Overflow_LowBound 48 char * data; data = new char[100]; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15576 69561/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_42.cpp Buffer_Overflow_boundedcpy 61 data = new char[100]; data = goodG2BSource(data); static char * goodG2BSource(char * data) memset(data, 'A', 50-1); 0 --------------------------------- 15577 69561/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_42.cpp Buffer_Overflow_boundedcpy 35 data = new char[100]; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); 0 --------------------------------- 15578 69562/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_43.cpp Buffer_Overflow_LowBound 73 char * data; data = new char[100]; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15579 69562/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_43.cpp Buffer_Overflow_LowBound 47 char * data; data = new char[100]; badSource(data); void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15580 69562/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_43.cpp Buffer_Overflow_boundedcpy 61 data = new char[100]; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 15581 69562/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_43.cpp Buffer_Overflow_boundedcpy 35 data = new char[100]; badSource(data); void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 15582 69563/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_44.cpp Buffer_Overflow_LowBound 37 char * data; void (*funcPtr) (char *) = badSink; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15583 69563/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_44.cpp Buffer_Overflow_LowBound 66 char * data; void (*funcPtr) (char *) = goodG2BSink; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15584 69563/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_44.cpp Buffer_Overflow_boundedcpy 78 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15585 69563/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_44.cpp Buffer_Overflow_boundedcpy 50 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15586 69564/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_45.cpp Buffer_Overflow_LowBound 41 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; badData = data; badSink(); static void badSink() char * data = badData; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15587 69564/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_45.cpp Buffer_Overflow_LowBound 69 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = goodG2BData; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15588 69564/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_45.cpp Buffer_Overflow_boundedcpy 52 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15589 69564/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_45.cpp Buffer_Overflow_boundedcpy 80 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15590 69565/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_51.cpp Buffer_Overflow_LowBound 140 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; badSink(data); void badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15591 69565/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_51.cpp Buffer_Overflow_LowBound 156 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15592 69565/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_51.cpp Buffer_Overflow_boundedcpy 58 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15593 69565/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_51.cpp Buffer_Overflow_boundedcpy 40 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15594 69566/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_52.cpp Buffer_Overflow_LowBound 215 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15595 69566/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_52.cpp Buffer_Overflow_LowBound 199 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15596 69566/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_52.cpp Buffer_Overflow_boundedcpy 58 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15597 69566/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_52.cpp Buffer_Overflow_boundedcpy 40 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15598 69567/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_53.cpp Buffer_Overflow_LowBound 274 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15599 69567/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_53.cpp Buffer_Overflow_LowBound 258 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15600 69567/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_53.cpp Buffer_Overflow_boundedcpy 58 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15601 69567/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_53.cpp Buffer_Overflow_boundedcpy 40 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15602 69568/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_54.cpp Buffer_Overflow_LowBound 333 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) goodG2BSink_e(data); void goodG2BSink_e(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15603 69568/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_54.cpp Buffer_Overflow_LowBound 317 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) badSink_e(data); void badSink_e(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15604 69568/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_54.cpp Buffer_Overflow_boundedcpy 58 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15605 69568/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_54.cpp Buffer_Overflow_boundedcpy 40 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15606 69569/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_61.cpp Buffer_Overflow_LowBound 43 char * data; data = new char[100]; data = badSource(data); char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15607 69569/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_61.cpp Buffer_Overflow_LowBound 64 char * data; data = new char[100]; data = goodG2BSource(data); char * goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15608 69569/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_61.cpp Buffer_Overflow_boundedcpy 143 char * badSource(char * data) memset(data, 'A', 100-1); 0 --------------------------------- 15609 69569/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_61.cpp Buffer_Overflow_boundedcpy 156 data = new char[100]; data = goodG2BSource(data); char * goodG2BSource(char * data) memset(data, 'A', 50-1); 0 --------------------------------- 15610 69570/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_62.cpp Buffer_Overflow_LowBound 43 char * data; data = new char[100]; badSource(data); void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15611 69570/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_62.cpp Buffer_Overflow_LowBound 64 char * data; data = new char[100]; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15612 69570/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_62.cpp Buffer_Overflow_boundedcpy 143 void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 15613 69570/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_62.cpp Buffer_Overflow_boundedcpy 155 data = new char[100]; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 15614 69571/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_63.cpp Buffer_Overflow_LowBound 155 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; goodG2BSink(&data); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15615 69571/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_63.cpp Buffer_Overflow_LowBound 138 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15616 69571/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_63.cpp Buffer_Overflow_boundedcpy 57 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15617 69571/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_63.cpp Buffer_Overflow_boundedcpy 40 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15618 69572/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_64.cpp Buffer_Overflow_LowBound 161 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15619 69572/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_64.cpp Buffer_Overflow_LowBound 141 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = *dataPtr; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15620 69572/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_64.cpp Buffer_Overflow_boundedcpy 57 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15621 69572/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_64.cpp Buffer_Overflow_boundedcpy 40 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15622 69573/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_65.cpp Buffer_Overflow_LowBound 157 char * data; void (*funcPtr) (char *) = goodG2BSink; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); void goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15623 69573/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_65.cpp Buffer_Overflow_LowBound 141 char * data; void (*funcPtr) (char *) = badSink; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); void badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15624 69573/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_65.cpp Buffer_Overflow_boundedcpy 42 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15625 69573/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_65.cpp Buffer_Overflow_boundedcpy 61 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15626 69574/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_66.cpp Buffer_Overflow_LowBound 163 char * data; char * dataArray[5]; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15627 69574/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_66.cpp Buffer_Overflow_LowBound 146 char * data; char * dataArray[5]; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; dataArray[2] = data; badSink(dataArray); void badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15628 69574/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_66.cpp Buffer_Overflow_boundedcpy 63 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15629 69574/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_66.cpp Buffer_Overflow_boundedcpy 41 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15630 69575/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_67.cpp Buffer_Overflow_LowBound 169 char * data; structType myStruct; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15631 69575/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_67.cpp Buffer_Overflow_LowBound 152 char * data; structType myStruct; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15632 69575/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_67.cpp Buffer_Overflow_boundedcpy 65 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15633 69575/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_67.cpp Buffer_Overflow_boundedcpy 46 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15634 69576/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_68.cpp Buffer_Overflow_LowBound 166 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_68_goodG2BData; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15635 69576/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_68.cpp Buffer_Overflow_LowBound 149 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_68_badData = data; badSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_68_badData; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15636 69576/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_68.cpp Buffer_Overflow_boundedcpy 62 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15637 69576/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_68.cpp Buffer_Overflow_boundedcpy 43 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15638 69577/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_72.cpp Buffer_Overflow_LowBound 168 char * data; vector dataVector; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15639 69577/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_72.cpp Buffer_Overflow_LowBound 151 char * data; vector dataVector; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15640 69577/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_72.cpp Buffer_Overflow_boundedcpy 62 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15641 69577/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_72.cpp Buffer_Overflow_boundedcpy 38 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15642 69578/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_73.cpp Buffer_Overflow_LowBound 168 char * data; list dataList; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15643 69578/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_73.cpp Buffer_Overflow_LowBound 151 char * data; list dataList; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15644 69578/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_73.cpp Buffer_Overflow_boundedcpy 62 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15645 69578/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_73.cpp Buffer_Overflow_boundedcpy 38 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15646 69579/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_74.cpp Buffer_Overflow_LowBound 168 char * data; map dataMap; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 15647 69579/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_74.cpp Buffer_Overflow_LowBound 151 char * data; map dataMap; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 15648 69579/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_74.cpp Buffer_Overflow_boundedcpy 62 data = new char[100]; memset(data, 'A', 50-1); 0 --------------------------------- 15649 69579/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_74.cpp Buffer_Overflow_boundedcpy 38 data = new char[100]; memset(data, 'A', 100-1); 0 --------------------------------- 15650 69632/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_01.cpp Buffer_Overflow_boundedcpy 53 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15651 69632/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_01.cpp Buffer_Overflow_boundedcpy 36 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15652 69632/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_01.cpp Buffer_Overflow_boundedcpy 31 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15653 69632/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_01.cpp Buffer_Overflow_boundedcpy 58 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15654 69633/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(1) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15655 69633/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15656 69633/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15657 69633/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15658 69633/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(0) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15659 69633/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(1) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15660 69634/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(5==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15661 69634/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15662 69634/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15663 69634/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15664 69634/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(5!=5) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15665 69634/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(5==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15666 69635/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 90 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15667 69635/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 39 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15668 69635/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 75 wchar_t * data; data = new wchar_t[100]; if(STATIC_CONST_FALSE) esle wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15669 69635/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 96 wchar_t * data; data = new wchar_t[100]; if(STATIC_CONST_TRUE) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15670 69635/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; data = new wchar_t[100]; if(STATIC_CONST_TRUE) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15671 69635/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 69 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15672 69636/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 90 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15673 69636/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 39 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15674 69636/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 75 wchar_t * data; data = new wchar_t[100]; if(staticFalse) esle wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15675 69636/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 96 wchar_t * data; data = new wchar_t[100]; if(staticTrue) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15676 69636/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; data = new wchar_t[100]; if(staticTrue) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15677 69636/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 69 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15678 69637/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 95 wchar_t * data; data = new wchar_t[100]; if(STATIC_CONST_FIVE==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15679 69637/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 38 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15680 69637/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 74 wchar_t * data; data = new wchar_t[100]; if(STATIC_CONST_FIVE!=5) esle wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15681 69637/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; data = new wchar_t[100]; if(STATIC_CONST_FIVE==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15682 69637/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 68 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15683 69637/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 89 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15684 69638/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 95 wchar_t * data; data = new wchar_t[100]; if(staticFive==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15685 69638/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 38 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15686 69638/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 74 wchar_t * data; data = new wchar_t[100]; if(staticFive!=5) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15687 69638/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; data = new wchar_t[100]; if(staticFive==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15688 69638/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 68 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15689 69638/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 89 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15690 69639/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 103 wchar_t * data; data = new wchar_t[100]; if(staticReturnsTrue()) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15691 69639/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 97 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15692 69639/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 82 wchar_t * data; data = new wchar_t[100]; if(staticReturnsFalse()) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15693 69639/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 52 wchar_t * data; data = new wchar_t[100]; if(staticReturnsTrue()) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15694 69639/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 46 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15695 69639/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 76 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15696 69640/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(GLOBAL_CONST_TRUE) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15697 69640/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15698 69640/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15699 69640/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15700 69640/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(GLOBAL_CONST_FALSE) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15701 69640/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(GLOBAL_CONST_TRUE) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15702 69641/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(globalTrue) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15703 69641/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15704 69641/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15705 69641/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15706 69641/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(globalFalse) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15707 69641/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(globalTrue) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15708 69642/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(globalReturnsTrue()) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15709 69642/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15710 69642/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15711 69642/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15712 69642/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(globalReturnsFalse()) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15713 69642/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(globalReturnsTrue()) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15714 69643/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_12.cpp Buffer_Overflow_boundedcpy 65 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15715 69643/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_12.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; data = new wchar_t[100]; if(globalReturnsTrueOrFalse()) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15716 69643/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_12.cpp Buffer_Overflow_boundedcpy 77 wchar_t * data; data = new wchar_t[100]; if(globalReturnsTrueOrFalse()) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15717 69643/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_12.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15718 69643/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_12.cpp Buffer_Overflow_boundedcpy 39 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15719 69643/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_12.cpp Buffer_Overflow_boundedcpy 71 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15720 69644/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(GLOBAL_CONST_FIVE==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15721 69644/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15722 69644/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15723 69644/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15724 69644/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(GLOBAL_CONST_FIVE!=5) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15725 69644/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(GLOBAL_CONST_FIVE==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15726 69645/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(globalFive==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15727 69645/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15728 69645/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15729 69645/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15730 69645/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(globalFive!=5) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15731 69645/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(globalFive==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15732 69646/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 103 wchar_t * data; data = new wchar_t[100]; switch(6) case 6: wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15733 69646/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 92 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15734 69646/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; data = new wchar_t[100]; switch(6) case 6: wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15735 69646/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 76 wchar_t * data; data = new wchar_t[100]; switch(5) default: wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15736 69646/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 69 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15737 69646/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15738 69647/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_16.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 15739 69647/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_16.cpp Buffer_Overflow_boundedcpy 40 wchar_t * data; data = new wchar_t[100]; while(1) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15740 69647/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_16.cpp Buffer_Overflow_boundedcpy 59 data = new wchar_t[100]; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 15741 69647/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_16.cpp Buffer_Overflow_boundedcpy 66 wchar_t * data; data = new wchar_t[100]; while(1) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15742 69648/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_17.cpp Buffer_Overflow_boundedcpy 40 wchar_t * data; data = new wchar_t[100]; for(i = 0; i < 1; i++) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15743 69648/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_17.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 15744 69648/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_17.cpp Buffer_Overflow_boundedcpy 60 data = new wchar_t[100]; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 15745 69648/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_17.cpp Buffer_Overflow_boundedcpy 66 wchar_t * data; data = new wchar_t[100]; for(h = 0; h < 1; h++) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15746 69649/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_18.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15747 69649/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_18.cpp Buffer_Overflow_boundedcpy 38 wchar_t * data; data = new wchar_t[100]; goto source; source: wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15748 69649/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_18.cpp Buffer_Overflow_boundedcpy 62 wchar_t * data; data = new wchar_t[100]; goto source; source: wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15749 69649/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_18.cpp Buffer_Overflow_boundedcpy 57 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15750 69650/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 105 data = new wchar_t[100]; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15751 69650/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 49 wchar_t * data; data = new wchar_t[100]; badStatic = 1; data = badSource(data); static wchar_t * badSource(wchar_t * data) if(badStatic) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15752 69650/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 15753 69650/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 120 wchar_t * data; data = new wchar_t[100]; goodG2B2Static = 1; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Static) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15754 69650/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 91 wchar_t * data; data = new wchar_t[100]; goodG2B1Static = 0; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Static) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15755 69650/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 76 data = new wchar_t[100]; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15756 69651/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 70 wchar_t * data; data = new wchar_t[100]; goodG2B1Global = 0; data = goodG2B1Source(data); wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Global) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15757 69651/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 41 wchar_t * data; data = new wchar_t[100]; badGlobal = 1; data = badSource(data); wchar_t * badSource(wchar_t * data) if(badStatic) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15758 69651/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 172 wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 15759 69651/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 210 data = new wchar_t[100]; data = goodG2B2Source(data); wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15760 69651/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 198 wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15761 69651/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; goodG2B2Global = 1; data = goodG2B2Source(data); wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Global) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15762 69652/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_31.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15763 69652/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_31.cpp Buffer_Overflow_boundedcpy 31 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15764 69652/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_31.cpp Buffer_Overflow_boundedcpy 65 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15765 69652/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_31.cpp Buffer_Overflow_boundedcpy 57 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15766 69653/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_32.cpp Buffer_Overflow_boundedcpy 66 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15767 69653/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_32.cpp Buffer_Overflow_boundedcpy 35 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15768 69653/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_32.cpp Buffer_Overflow_boundedcpy 75 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = new wchar_t[100]; wchar_t * data = *dataPtr1; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15769 69653/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_32.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = new wchar_t[100]; wchar_t * data = *dataPtr1; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15770 69654/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; wchar_t * &dataRef = data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15771 69654/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 58 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15772 69654/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 32 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15773 69654/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 65 wchar_t * data; wchar_t * &dataRef = data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15774 69655/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_34.cpp Buffer_Overflow_boundedcpy 38 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15775 69655/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_34.cpp Buffer_Overflow_boundedcpy 46 wchar_t * data; unionType myUnion; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15776 69655/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_34.cpp Buffer_Overflow_boundedcpy 65 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15777 69655/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_34.cpp Buffer_Overflow_boundedcpy 73 wchar_t * data; unionType myUnion; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15778 69656/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_41.cpp Buffer_Overflow_boundedcpy 31 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15779 69656/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_41.cpp Buffer_Overflow_boundedcpy 43 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15780 69656/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_41.cpp Buffer_Overflow_boundedcpy 70 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15781 69656/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_41.cpp Buffer_Overflow_boundedcpy 57 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15782 69657/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_42.cpp Buffer_Overflow_boundedcpy 56 data = new wchar_t[100]; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15783 69657/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_42.cpp Buffer_Overflow_boundedcpy 70 wchar_t * data; data = new wchar_t[100]; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15784 69657/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_42.cpp Buffer_Overflow_boundedcpy 29 data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 15785 69657/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_42.cpp Buffer_Overflow_boundedcpy 42 wchar_t * data; data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15786 69658/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 56 data = new wchar_t[100]; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15787 69658/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 29 data = new wchar_t[100]; badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 15788 69658/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 68 wchar_t * data; data = new wchar_t[100]; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15789 69658/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 41 wchar_t * data; data = new wchar_t[100]; badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15790 69659/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_44.cpp Buffer_Overflow_boundedcpy 31 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15791 69659/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_44.cpp Buffer_Overflow_boundedcpy 74 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15792 69659/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_44.cpp Buffer_Overflow_boundedcpy 61 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15793 69659/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_44.cpp Buffer_Overflow_boundedcpy 45 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15794 69660/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_45.cpp Buffer_Overflow_boundedcpy 64 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = goodG2BData; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15795 69660/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_45.cpp Buffer_Overflow_boundedcpy 35 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badData = data; badSink(); static void badSink() wchar_t * data = badData; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15796 69660/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_45.cpp Buffer_Overflow_boundedcpy 76 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15797 69660/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_45.cpp Buffer_Overflow_boundedcpy 47 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15798 69661/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_51.cpp Buffer_Overflow_boundedcpy 128 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15799 69661/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_51.cpp Buffer_Overflow_boundedcpy 52 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15800 69661/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_51.cpp Buffer_Overflow_boundedcpy 145 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15801 69661/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_51.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15802 69662/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_52.cpp Buffer_Overflow_boundedcpy 181 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink_b(data); void badSink_b(wchar_t * data) badSink_c(data); void badSink_c(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15803 69662/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_52.cpp Buffer_Overflow_boundedcpy 198 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink_b(data); void goodG2BSink_b(wchar_t * data) goodG2BSink_c(data); void goodG2BSink_c(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15804 69662/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_52.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15805 69662/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_52.cpp Buffer_Overflow_boundedcpy 52 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15806 69663/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_53.cpp Buffer_Overflow_boundedcpy 251 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink_b(data); void goodG2BSink_b(wchar_t * data) goodG2BSink_c(data); void goodG2BSink_c(wchar_t * data) goodG2BSink_d(data); void goodG2BSink_d(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15807 69663/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_53.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15808 69663/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_53.cpp Buffer_Overflow_boundedcpy 52 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15809 69663/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_53.cpp Buffer_Overflow_boundedcpy 234 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink_b(data); void badSink_b(wchar_t * data) badSink_c(data); void badSink_c(wchar_t * data) badSink_d(data); void badSink_d(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15810 69664/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_54.cpp Buffer_Overflow_boundedcpy 287 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink_b(data); void badSink_b(wchar_t * data) badSink_c(data); void badSink_c(wchar_t * data) badSink_d(data); void badSink_d(wchar_t * data) badSink_e(data); void badSink_e(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15811 69664/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_54.cpp Buffer_Overflow_boundedcpy 304 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink_b(data); void goodG2BSink_b(wchar_t * data) goodG2BSink_c(data); void goodG2BSink_c(wchar_t * data) goodG2BSink_d(data); void goodG2BSink_d(wchar_t * data) goodG2BSink_e(data); void goodG2BSink_e(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15812 69664/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_54.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15813 69664/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_54.cpp Buffer_Overflow_boundedcpy 52 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15814 69665/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_61.cpp Buffer_Overflow_boundedcpy 146 data = new wchar_t[100]; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15815 69665/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_61.cpp Buffer_Overflow_boundedcpy 133 wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 15816 69665/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_61.cpp Buffer_Overflow_boundedcpy 37 wchar_t * data; data = new wchar_t[100]; data = badSource(data); wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15817 69665/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_61.cpp Buffer_Overflow_boundedcpy 59 wchar_t * data; data = new wchar_t[100]; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15818 69666/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 133 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 15819 69666/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 37 wchar_t * data; data = new wchar_t[100]; badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15820 69666/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 59 wchar_t * data; data = new wchar_t[100]; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15821 69666/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 145 data = new wchar_t[100]; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15822 69667/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_63.cpp Buffer_Overflow_boundedcpy 144 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(&data); void goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15823 69667/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_63.cpp Buffer_Overflow_boundedcpy 126 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(&data); void badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15824 69667/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_63.cpp Buffer_Overflow_boundedcpy 51 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15825 69667/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_63.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15826 69668/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_64.cpp Buffer_Overflow_boundedcpy 51 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15827 69668/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_64.cpp Buffer_Overflow_boundedcpy 150 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15828 69668/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_64.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15829 69668/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_64.cpp Buffer_Overflow_boundedcpy 129 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(&data); void badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15830 69669/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_65.cpp Buffer_Overflow_boundedcpy 36 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15831 69669/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_65.cpp Buffer_Overflow_boundedcpy 146 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15832 69669/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_65.cpp Buffer_Overflow_boundedcpy 129 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); void badSink(wchar_t * data) wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15833 69669/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_65.cpp Buffer_Overflow_boundedcpy 55 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15834 69670/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_66.cpp Buffer_Overflow_boundedcpy 152 wchar_t * data; wchar_t * dataArray[5]; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15835 69670/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_66.cpp Buffer_Overflow_boundedcpy 35 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15836 69670/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_66.cpp Buffer_Overflow_boundedcpy 134 wchar_t * data; wchar_t * dataArray[5]; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataArray[2] = data; badSink(dataArray); void badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15837 69670/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_66.cpp Buffer_Overflow_boundedcpy 57 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15838 69671/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_67.cpp Buffer_Overflow_boundedcpy 40 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15839 69671/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_67.cpp Buffer_Overflow_boundedcpy 59 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15840 69671/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_67.cpp Buffer_Overflow_boundedcpy 158 wchar_t * data; structType myStruct; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15841 69671/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_67.cpp Buffer_Overflow_boundedcpy 140 wchar_t * data; structType myStruct; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15842 69672/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_68.cpp Buffer_Overflow_boundedcpy 37 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15843 69672/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_68.cpp Buffer_Overflow_boundedcpy 56 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15844 69672/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_68.cpp Buffer_Overflow_boundedcpy 155 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_68_goodG2BData; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15845 69672/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_68.cpp Buffer_Overflow_boundedcpy 137 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_68_badData = data; badSink(); void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_68_badData; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15846 69673/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 62 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15847 69673/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 38 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15848 69673/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 163 wchar_t * data; vector dataVector; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15849 69673/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 145 wchar_t * data; vector dataVector; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15850 69674/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 62 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15851 69674/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 38 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15852 69674/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 163 wchar_t * data; list dataList; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15853 69674/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 145 wchar_t * data; list dataList; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15854 69675/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 62 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15855 69675/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 38 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15856 69675/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 163 wchar_t * data; map dataMap; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15857 69675/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 145 wchar_t * data; map dataMap; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15858 69680/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_01.cpp Buffer_Overflow_boundedcpy 58 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15859 69680/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_01.cpp Buffer_Overflow_boundedcpy 36 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15860 69680/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_01.cpp Buffer_Overflow_boundedcpy 31 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15861 69680/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_01.cpp Buffer_Overflow_boundedcpy 53 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15862 69681/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_02.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(0) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15863 69681/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_02.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15864 69681/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_02.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15865 69681/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_02.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15866 69681/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_02.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(1) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15867 69681/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_02.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(1) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15868 69682/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_03.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(5!=5) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15869 69682/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_03.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15870 69682/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_03.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15871 69682/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_03.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15872 69682/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_03.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(5==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15873 69682/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_03.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(5==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15874 69683/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_04.cpp Buffer_Overflow_boundedcpy 90 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15875 69683/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_04.cpp Buffer_Overflow_boundedcpy 75 wchar_t * data; data = new wchar_t[100]; if(STATIC_CONST_FALSE) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15876 69683/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_04.cpp Buffer_Overflow_boundedcpy 39 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15877 69683/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_04.cpp Buffer_Overflow_boundedcpy 96 wchar_t * data; data = new wchar_t[100]; if(STATIC_CONST_TRUE) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15878 69683/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_04.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; data = new wchar_t[100]; if(STATIC_CONST_TRUE) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15879 69683/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_04.cpp Buffer_Overflow_boundedcpy 69 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15880 69684/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_05.cpp Buffer_Overflow_boundedcpy 90 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15881 69684/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_05.cpp Buffer_Overflow_boundedcpy 75 wchar_t * data; data = new wchar_t[100]; if(staticFalse) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15882 69684/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_05.cpp Buffer_Overflow_boundedcpy 39 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15883 69684/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_05.cpp Buffer_Overflow_boundedcpy 96 wchar_t * data; data = new wchar_t[100]; if(staticTrue) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15884 69684/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_05.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; data = new wchar_t[100]; if(staticTrue) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15885 69684/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_05.cpp Buffer_Overflow_boundedcpy 69 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15886 69685/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_06.cpp Buffer_Overflow_boundedcpy 95 wchar_t * data; data = new wchar_t[100]; if(STATIC_CONST_FIVE==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15887 69685/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_06.cpp Buffer_Overflow_boundedcpy 38 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15888 69685/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_06.cpp Buffer_Overflow_boundedcpy 68 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15889 69685/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_06.cpp Buffer_Overflow_boundedcpy 74 wchar_t * data; data = new wchar_t[100]; if(STATIC_CONST_FIVE!=5) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15890 69685/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_06.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; data = new wchar_t[100]; if(STATIC_CONST_FIVE==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15891 69685/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_06.cpp Buffer_Overflow_boundedcpy 89 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15892 69686/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_07.cpp Buffer_Overflow_boundedcpy 95 wchar_t * data; data = new wchar_t[100]; if(staticFive==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15893 69686/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_07.cpp Buffer_Overflow_boundedcpy 38 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15894 69686/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_07.cpp Buffer_Overflow_boundedcpy 68 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15895 69686/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_07.cpp Buffer_Overflow_boundedcpy 74 wchar_t * data; data = new wchar_t[100]; if(staticFive!=5) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15896 69686/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_07.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; data = new wchar_t[100]; if(staticFive==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15897 69686/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_07.cpp Buffer_Overflow_boundedcpy 89 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15898 69687/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_08.cpp Buffer_Overflow_boundedcpy 82 wchar_t * data; data = new wchar_t[100]; if(staticReturnsFalse()) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15899 69687/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_08.cpp Buffer_Overflow_boundedcpy 97 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15900 69687/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_08.cpp Buffer_Overflow_boundedcpy 46 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15901 69687/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_08.cpp Buffer_Overflow_boundedcpy 52 wchar_t * data; data = new wchar_t[100]; if(staticReturnsTrue()) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15902 69687/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_08.cpp Buffer_Overflow_boundedcpy 103 wchar_t * data; data = new wchar_t[100]; if(staticReturnsTrue()) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15903 69687/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_08.cpp Buffer_Overflow_boundedcpy 76 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15904 69688/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_09.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(GLOBAL_CONST_FALSE) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15905 69688/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_09.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15906 69688/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_09.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15907 69688/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_09.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15908 69688/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_09.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(GLOBAL_CONST_TRUE) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15909 69688/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_09.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(GLOBAL_CONST_TRUE) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15910 69689/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_10.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(globalFalse) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15911 69689/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_10.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15912 69689/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_10.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15913 69689/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_10.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15914 69689/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_10.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(globalTrue) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15915 69689/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_10.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(globalTrue) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15916 69690/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_11.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(globalReturnsFalse()) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15917 69690/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_11.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15918 69690/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_11.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15919 69690/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_11.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15920 69690/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_11.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(globalReturnsTrue()) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15921 69690/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_11.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(globalReturnsTrue()) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15922 69691/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_12.cpp Buffer_Overflow_boundedcpy 65 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15923 69691/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_12.cpp Buffer_Overflow_boundedcpy 77 wchar_t * data; data = new wchar_t[100]; if(globalReturnsTrueOrFalse()) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15924 69691/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_12.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15925 69691/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_12.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; data = new wchar_t[100]; if(globalReturnsTrueOrFalse()) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15926 69691/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_12.cpp Buffer_Overflow_boundedcpy 39 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15927 69691/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_12.cpp Buffer_Overflow_boundedcpy 71 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15928 69692/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_13.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(GLOBAL_CONST_FIVE!=5) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15929 69692/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_13.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15930 69692/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_13.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15931 69692/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_13.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15932 69692/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_13.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(GLOBAL_CONST_FIVE==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15933 69692/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_13.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(GLOBAL_CONST_FIVE==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15934 69693/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_14.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = new wchar_t[100]; if(globalFive!=5) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15935 69693/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_14.cpp Buffer_Overflow_boundedcpy 84 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15936 69693/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_14.cpp Buffer_Overflow_boundedcpy 63 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15937 69693/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_14.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15938 69693/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_14.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; if(globalFive==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15939 69693/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_14.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; if(globalFive==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15940 69694/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_15.cpp Buffer_Overflow_boundedcpy 92 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15941 69694/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_15.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15942 69694/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_15.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; data = new wchar_t[100]; switch(6) case 6: wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15943 69694/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_15.cpp Buffer_Overflow_boundedcpy 69 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15944 69694/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_15.cpp Buffer_Overflow_boundedcpy 103 wchar_t * data; data = new wchar_t[100]; switch(6) case 6: wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15945 69694/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_15.cpp Buffer_Overflow_boundedcpy 76 wchar_t * data; data = new wchar_t[100]; switch(5) default: wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15946 69695/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_16.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 15947 69695/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_16.cpp Buffer_Overflow_boundedcpy 66 wchar_t * data; data = new wchar_t[100]; while(1) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15948 69695/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_16.cpp Buffer_Overflow_boundedcpy 59 data = new wchar_t[100]; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 15949 69695/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_16.cpp Buffer_Overflow_boundedcpy 40 wchar_t * data; data = new wchar_t[100]; while(1) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15950 69696/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_17.cpp Buffer_Overflow_boundedcpy 66 wchar_t * data; data = new wchar_t[100]; for(h = 0; h < 1; h++) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15951 69696/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_17.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; data[100-1] = L'\0'; wmemset(data, L'A', 100-1); 0 --------------------------------- 15952 69696/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_17.cpp Buffer_Overflow_boundedcpy 60 data = new wchar_t[100]; data[50-1] = L'\0'; wmemset(data, L'A', 50-1); 0 --------------------------------- 15953 69696/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_17.cpp Buffer_Overflow_boundedcpy 40 wchar_t * data; data = new wchar_t[100]; for(i = 0; i < 1; i++) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15954 69697/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_18.cpp Buffer_Overflow_boundedcpy 33 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15955 69697/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_18.cpp Buffer_Overflow_boundedcpy 62 wchar_t * data; data = new wchar_t[100]; goto source; source: wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15956 69697/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_18.cpp Buffer_Overflow_boundedcpy 57 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15957 69697/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_18.cpp Buffer_Overflow_boundedcpy 38 wchar_t * data; data = new wchar_t[100]; goto source; source: wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15958 69698/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_21.cpp Buffer_Overflow_boundedcpy 49 wchar_t * data; data = new wchar_t[100]; badStatic = 1; data = badSource(data); static wchar_t * badSource(wchar_t * data) if(badStatic) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15959 69698/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_21.cpp Buffer_Overflow_boundedcpy 105 data = new wchar_t[100]; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15960 69698/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_21.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 15961 69698/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_21.cpp Buffer_Overflow_boundedcpy 91 wchar_t * data; data = new wchar_t[100]; goodG2B1Static = 0; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Static) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15962 69698/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_21.cpp Buffer_Overflow_boundedcpy 76 data = new wchar_t[100]; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15963 69698/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_21.cpp Buffer_Overflow_boundedcpy 120 wchar_t * data; data = new wchar_t[100]; goodG2B2Static = 1; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Static) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15964 69699/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_22.cpp Buffer_Overflow_boundedcpy 41 wchar_t * data; data = new wchar_t[100]; badGlobal = 1; data = badSource(data); wchar_t * badSource(wchar_t * data) if(badGlobal) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15965 69699/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_22.cpp Buffer_Overflow_boundedcpy 172 wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 15966 69699/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_22.cpp Buffer_Overflow_boundedcpy 210 data = new wchar_t[100]; data = goodG2B2Source(data); wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15967 69699/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_22.cpp Buffer_Overflow_boundedcpy 90 wchar_t * data; data = new wchar_t[100]; goodG2B2Global = 1; data = goodG2B2Source(data); wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Global) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15968 69699/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_22.cpp Buffer_Overflow_boundedcpy 198 wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15969 69699/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_22.cpp Buffer_Overflow_boundedcpy 70 wchar_t * data; data = new wchar_t[100]; goodG2B1Global = 0; data = goodG2B1Source(data); wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Global) else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15970 69700/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_31.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15971 69700/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_31.cpp Buffer_Overflow_boundedcpy 65 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15972 69700/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_31.cpp Buffer_Overflow_boundedcpy 57 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15973 69700/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_31.cpp Buffer_Overflow_boundedcpy 31 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15974 69701/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_32.cpp Buffer_Overflow_boundedcpy 66 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15975 69701/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_32.cpp Buffer_Overflow_boundedcpy 35 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15976 69701/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_32.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = new wchar_t[100]; wchar_t * data = *dataPtr1; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15977 69701/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_32.cpp Buffer_Overflow_boundedcpy 75 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = new wchar_t[100]; wchar_t * data = *dataPtr1; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15978 69702/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 58 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15979 69702/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; wchar_t * &dataRef = data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15980 69702/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 32 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15981 69702/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 65 wchar_t * data; wchar_t * &dataRef = data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15982 69703/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_34.cpp Buffer_Overflow_boundedcpy 38 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15983 69703/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_34.cpp Buffer_Overflow_boundedcpy 73 wchar_t * data; unionType myUnion; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15984 69703/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_34.cpp Buffer_Overflow_boundedcpy 46 wchar_t * data; unionType myUnion; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15985 69703/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_34.cpp Buffer_Overflow_boundedcpy 65 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15986 69704/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_41.cpp Buffer_Overflow_boundedcpy 57 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15987 69704/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_41.cpp Buffer_Overflow_boundedcpy 31 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15988 69704/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_41.cpp Buffer_Overflow_boundedcpy 70 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 15989 69704/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_41.cpp Buffer_Overflow_boundedcpy 43 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 15990 69705/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_42.cpp Buffer_Overflow_boundedcpy 42 wchar_t * data; data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15991 69705/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_42.cpp Buffer_Overflow_boundedcpy 56 data = new wchar_t[100]; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15992 69705/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_42.cpp Buffer_Overflow_boundedcpy 29 data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); 0 --------------------------------- 15993 69705/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_42.cpp Buffer_Overflow_boundedcpy 70 wchar_t * data; data = new wchar_t[100]; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15994 69706/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 41 wchar_t * data; data = new wchar_t[100]; badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 15995 69706/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 56 data = new wchar_t[100]; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 15996 69706/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 68 wchar_t * data; data = new wchar_t[100]; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15997 69706/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 29 data = new wchar_t[100]; badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 15998 69707/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_44.cpp Buffer_Overflow_boundedcpy 61 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 15999 69707/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_44.cpp Buffer_Overflow_boundedcpy 74 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 16000 69707/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_44.cpp Buffer_Overflow_boundedcpy 31 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16001 69707/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_44.cpp Buffer_Overflow_boundedcpy 45 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 16002 69708/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_45.cpp Buffer_Overflow_boundedcpy 76 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 16003 69708/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_45.cpp Buffer_Overflow_boundedcpy 47 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 16004 69708/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_45.cpp Buffer_Overflow_boundedcpy 35 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badData = data; badSink(); static void badSink() wchar_t * data = badData; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16005 69708/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_45.cpp Buffer_Overflow_boundedcpy 64 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = goodG2BData; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16006 69709/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_51.cpp Buffer_Overflow_boundedcpy 145 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16007 69709/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_51.cpp Buffer_Overflow_boundedcpy 34 data = new wchar_t[100]; wmemset(data, L'A', 100-1); 0 --------------------------------- 16008 69709/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_51.cpp Buffer_Overflow_boundedcpy 52 data = new wchar_t[100]; wmemset(data, L'A', 50-1); 0 --------------------------------- 16009 69709/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_51.cpp Buffer_Overflow_boundedcpy 128 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16010 69710/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_52.cpp Buffer_Overflow_boundedcpy 181 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink_b(data); void badSink_c(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16011 69710/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_52.cpp Buffer_Overflow_boundedcpy 198 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink_b(data); void goodG2BSink_c(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16012 69711/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_53.cpp Buffer_Overflow_boundedcpy 234 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink_b(data) void badSink_d(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)) 1 --------------------------------- 16013 69711/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_53.cpp Buffer_Overflow_boundedcpy 251 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink_b(data); void goodG2BSink_d(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16014 69712/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_54.cpp Buffer_Overflow_boundedcpy 287 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink_b(data); void badSink_e(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16015 69712/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_54.cpp Buffer_Overflow_boundedcpy 304 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink_b(data); void goodG2BSink_e(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16016 69713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_61.cpp Buffer_Overflow_boundedcpy 37 wchar_t * data; data = new wchar_t[100]; data = badSource(data); wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16017 69713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_61.cpp Buffer_Overflow_boundedcpy 59 wchar_t * data; data = new wchar_t[100]; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; data = goodG2BSource(data); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16018 69714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 37 wchar_t * data; data = new wchar_t[100]; badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16019 69714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 59 wchar_t * data; data = new wchar_t[100]; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; data[50-1] = L'\0'; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16020 69715/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_63.cpp Buffer_Overflow_boundedcpy 126 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(&data); void badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16021 69715/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_63.cpp Buffer_Overflow_boundedcpy 144 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(&data); void goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16022 69716/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_64.cpp Buffer_Overflow_boundedcpy 129 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(&data); void badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16023 69716/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_64.cpp Buffer_Overflow_boundedcpy 150 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16024 69717/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_65.cpp Buffer_Overflow_boundedcpy 146 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16025 69717/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_65.cpp Buffer_Overflow_boundedcpy 129 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); void badSink(wchar_t * data) wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16026 69718/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_66.cpp Buffer_Overflow_boundedcpy 134 wchar_t * data; wchar_t * dataArray[5]; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataArray[2] = data; badSink(dataArray); void badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16027 69718/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_66.cpp Buffer_Overflow_boundedcpy 152 wchar_t * data; wchar_t * dataArray[5]; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16028 69719/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_67.cpp Buffer_Overflow_boundedcpy 158 wchar_t * data; structType myStruct; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16029 69719/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_67.cpp Buffer_Overflow_boundedcpy 140 wchar_t * data; structType myStruct; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16030 69720/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_68.cpp Buffer_Overflow_boundedcpy 137 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_68_badData = data; badSink(); void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_68_badData; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16031 69720/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_68.cpp Buffer_Overflow_boundedcpy 155 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_68_goodG2BData; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16032 69721/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 145 wchar_t * data; vector dataVector; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16033 69721/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 163 wchar_t * data; vector dataVector; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16034 69722/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 145 wchar_t * data; list dataList; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16035 69722/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 163 wchar_t * data; list dataList; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16036 69723/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 145 wchar_t * data; map dataMap; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16037 69723/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 163 wchar_t * data; map dataMap; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16038 69728/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_01.cpp Off_by_One_Error_in_Methods 58 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16039 69728/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_01.cpp Off_by_One_Error_in_Methods 36 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16040 69729/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_02.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16041 69729/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_02.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16042 69730/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_03.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16043 69730/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_03.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16044 69731/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_04.cpp Off_by_One_Error_in_Methods 75 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16045 69731/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_04.cpp Off_by_One_Error_in_Methods 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16046 69732/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_05.cpp Off_by_One_Error_in_Methods 75 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16047 69732/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_05.cpp Off_by_One_Error_in_Methods 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16048 69733/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_06.cpp Off_by_One_Error_in_Methods 74 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16049 69733/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_06.cpp Off_by_One_Error_in_Methods 44 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16050 69734/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_07.cpp Off_by_One_Error_in_Methods 74 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16051 69734/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_07.cpp Off_by_One_Error_in_Methods 44 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16052 69735/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_08.cpp Off_by_One_Error_in_Methods 82 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16053 69735/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_08.cpp Off_by_One_Error_in_Methods 52 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16054 69736/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_09.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16055 69736/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_09.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16056 69737/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_10.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16057 69737/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_10.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16058 69738/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_11.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16059 69738/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_11.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16060 69739/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_12.cpp Off_by_One_Error_in_Methods 77 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16061 69739/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_12.cpp Off_by_One_Error_in_Methods 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16062 69740/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_13.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16063 69740/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_13.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16064 69741/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_14.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16065 69741/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_14.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16066 69742/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_15.cpp Off_by_One_Error_in_Methods 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16067 69742/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_15.cpp Off_by_One_Error_in_Methods 76 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16068 69743/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_16.cpp Off_by_One_Error_in_Methods 40 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16069 69743/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_16.cpp Off_by_One_Error_in_Methods 66 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16070 69744/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_17.cpp Off_by_One_Error_in_Methods 40 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16071 69744/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_17.cpp Off_by_One_Error_in_Methods 66 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16072 69745/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_18.cpp Off_by_One_Error_in_Methods 38 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16073 69745/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_18.cpp Off_by_One_Error_in_Methods 62 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16074 69746/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_21.cpp Off_by_One_Error_in_Methods 49 wchar_t * data; data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16075 69746/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_21.cpp Off_by_One_Error_in_Methods 91 wchar_t * data; data = new wchar_t[100]; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; data = goodG2B1Source(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16076 69747/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_22.cpp Off_by_One_Error_in_Methods 41 wchar_t * data; data = new wchar_t[100]; data = badSource(data); wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16077 69747/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_22.cpp Off_by_One_Error_in_Methods 70 wchar_t * data; data = new wchar_t[100]; data = goodG2B1Source(data); wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; data = goodG2B1Source(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16078 69748/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_31.cpp Off_by_One_Error_in_Methods 65 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16079 69748/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_31.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16080 69749/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_32.cpp Off_by_One_Error_in_Methods 75 data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16081 69749/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_32.cpp Off_by_One_Error_in_Methods 44 data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16082 69750/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_33.cpp Off_by_One_Error_in_Methods 65 wchar_t * data; wchar_t * &dataRef = data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16083 69750/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_33.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; wchar_t * &dataRef = data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16084 69751/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_34.cpp Off_by_One_Error_in_Methods 73 wchar_t * data; unionType myUnion; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16085 69751/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_34.cpp Off_by_One_Error_in_Methods 46 wchar_t * data; unionType myUnion; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16086 69752/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_41.cpp Off_by_One_Error_in_Methods 57 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16087 69752/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_41.cpp Off_by_One_Error_in_Methods 31 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16088 69753/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_42.cpp Off_by_One_Error_in_Methods 70 wchar_t * data; data = new wchar_t[100]; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; data = goodG2BSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16089 69753/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_42.cpp Off_by_One_Error_in_Methods 42 wchar_t * data; data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16090 69754/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_43.cpp Off_by_One_Error_in_Methods 41 wchar_t * data; data = new wchar_t[100]; badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; data[100-1] = L'\0'; badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16091 69754/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_43.cpp Off_by_One_Error_in_Methods 68 wchar_t * data; data = new wchar_t[100]; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16092 69755/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_44.cpp Off_by_One_Error_in_Methods 61 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16093 69755/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_44.cpp Off_by_One_Error_in_Methods 31 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16094 69756/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_45.cpp Off_by_One_Error_in_Methods 35 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badData = data; badSink(); static void badSink() wchar_t * data = badData; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16095 69756/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_45.cpp Off_by_One_Error_in_Methods 64 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = goodG2BData; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16096 69757/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_51.cpp Off_by_One_Error_in_Methods 145 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16097 69757/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_51.cpp Off_by_One_Error_in_Methods 128 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16098 69758/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_52.cpp Off_by_One_Error_in_Methods 198 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink_b(data); void goodG2BSink_c(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16099 69758/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_52.cpp Off_by_One_Error_in_Methods 181 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink_b(data); void badSink_c(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16100 69759/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_53.cpp Off_by_One_Error_in_Methods 251 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink_b(data); void goodG2BSink_d(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16101 69759/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_53.cpp Off_by_One_Error_in_Methods 234 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink_b(data); void badSink_d(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16102 69760/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_54.cpp Off_by_One_Error_in_Methods 304 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink_b(data); void goodG2BSink_e(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16103 69760/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_54.cpp Off_by_One_Error_in_Methods 287 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink_b(data); void badSink_e(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16104 69761/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_61.cpp Off_by_One_Error_in_Methods 59 wchar_t * data; data = new wchar_t[100]; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; data = goodG2BSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16105 69761/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_61.cpp Off_by_One_Error_in_Methods 37 wchar_t * data; data = new wchar_t[100]; data = badSource(data); wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16106 69762/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_62.cpp Off_by_One_Error_in_Methods 59 wchar_t * data; data = new wchar_t[100]; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSource(data); wchar_t dest[50] = L""; data[50-1] = L'\0'; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16107 69762/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_62.cpp Off_by_One_Error_in_Methods 37 wchar_t * data; data = new wchar_t[100]; badSource(data); void badSource(wchar_t * &data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16108 69763/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_63.cpp Off_by_One_Error_in_Methods 126 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(&data); void badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16109 69763/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_63.cpp Off_by_One_Error_in_Methods 144 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(&data); void goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16110 69764/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_64.cpp Off_by_One_Error_in_Methods 129 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(&data); void badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16111 69764/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_64.cpp Off_by_One_Error_in_Methods 150 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16112 69765/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_65.cpp Off_by_One_Error_in_Methods 129 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16113 69765/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_65.cpp Off_by_One_Error_in_Methods 146 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16114 69766/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_66.cpp Off_by_One_Error_in_Methods 134 wchar_t * data; wchar_t * dataArray[5]; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataArray[2] = data; badSink(dataArray); void badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16115 69766/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_66.cpp Off_by_One_Error_in_Methods 152 wchar_t * data; wchar_t * dataArray[5]; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16116 69767/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_67.cpp Off_by_One_Error_in_Methods 158 wchar_t * data; structType myStruct; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16117 69767/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_67.cpp Off_by_One_Error_in_Methods 140 wchar_t * data; structType myStruct; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16118 69768/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_68.cpp Off_by_One_Error_in_Methods 137 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_68_badData = data; badSink(); void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_68_badData; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16119 69768/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_68.cpp Off_by_One_Error_in_Methods 155 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_68_goodG2BData = data; goodG2BSink(); void goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_68_goodG2BData; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16120 69769/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_72.cpp Off_by_One_Error_in_Methods 145 wchar_t * data; vector dataVector; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16121 69769/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_72.cpp Off_by_One_Error_in_Methods 163 wchar_t * data; vector dataVector; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16122 69770/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_73.cpp Off_by_One_Error_in_Methods 145 wchar_t * data; list dataList; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16123 69770/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_73.cpp Off_by_One_Error_in_Methods 163 wchar_t * data; list dataList; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16124 69771/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_74.cpp Off_by_One_Error_in_Methods 145 wchar_t * data; list dataList; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16125 69771/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_74.cpp Off_by_One_Error_in_Methods 163 wchar_t * data; list dataList; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16126 69846/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_33.cpp Buffer_Overflow_boundedcpy 60 int * data; int * &dataRef = data; data = NULL; data = (int *)malloc(10*sizeof(int)); int * data = dataRef; int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 0 --------------------------------- 16127 69846/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_33.cpp Buffer_Overflow_boundedcpy 36 int * data; int * &dataRef = data; data = NULL; data = (int *)malloc(10); int * data = dataRef; int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 1 --------------------------------- 16128 69850/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_43.cpp Buffer_Overflow_boundedcpy 63 int * data; data = NULL; goodG2BSource(data); static void goodG2BSource(int * &data) data = (int *)malloc(10*sizeof(int)); goodG2BSource(data); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 0 --------------------------------- 16129 69850/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_43.cpp Buffer_Overflow_boundedcpy 38 int * data; data = NULL; badSource(data); static void badSource(int * &data) data = (int *)malloc(10); badSource(data); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 1 --------------------------------- 16130 69858/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_62.cpp Buffer_Overflow_boundedcpy 56 int * data; data = NULL; goodG2BSource(data); void goodG2BSource(int * &data); data = (int *)malloc(10*sizeof(int)); goodG2BSource(data); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 0 --------------------------------- 16131 69858/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_62.cpp Buffer_Overflow_boundedcpy 35 int * data; data = NULL; badSource(data); void badSource(int * &data) data = (int *)malloc(10); badSource(data); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 1 --------------------------------- 16132 69865/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_72.cpp Buffer_Overflow_boundedcpy 157 int * data; vector dataVector; data = NULL; data = (int *)malloc(10*sizeof(int)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int * data = dataVector[2]; int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 0 --------------------------------- 16133 69865/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_72.cpp Buffer_Overflow_boundedcpy 140 int * data; vector dataVector; data = NULL; data = (int *)malloc(10); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int * data = dataVector[2]; int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 1 --------------------------------- 16134 69866/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_73.cpp Buffer_Overflow_boundedcpy 157 int * data; list dataList; data = NULL; data = (int *)malloc(10*sizeof(int)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int * data = dataList.back(); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 0 --------------------------------- 16135 69866/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_73.cpp Buffer_Overflow_boundedcpy 140 int * data; list dataList; data = NULL; data = (int *)malloc(10); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int * data = dataList.back(); int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 1 --------------------------------- 16136 69867/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_74.cpp Buffer_Overflow_boundedcpy 157 int * data; map dataMap; data = NULL; data = (int *)malloc(10*sizeof(int)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int * data = dataMap[2]; int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 0 --------------------------------- 16137 69867/CWE122_Heap_Based_Buffer_Overflow__CWE131_memcpy_74.cpp Buffer_Overflow_boundedcpy 140 int * data; map dataMap; data = NULL; data = (int *)malloc(10); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int * data = dataMap[2]; int source[10] = {0}; memcpy(data, source, 10*sizeof(int)); 1 --------------------------------- 16138 69872/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_01.cpp Off_by_One_Error_in_Methods 36 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16139 69872/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_01.cpp Off_by_One_Error_in_Methods 58 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16140 69873/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_02.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16141 69873/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_02.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16142 69874/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_03.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16143 69874/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_03.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16144 69875/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_04.cpp Off_by_One_Error_in_Methods 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16145 69875/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_04.cpp Off_by_One_Error_in_Methods 75 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16146 69876/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_05.cpp Off_by_One_Error_in_Methods 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16147 69876/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_05.cpp Off_by_One_Error_in_Methods 75 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16148 69877/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_06.cpp Off_by_One_Error_in_Methods 44 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16149 69877/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_06.cpp Off_by_One_Error_in_Methods 74 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16150 69878/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_07.cpp Off_by_One_Error_in_Methods 44 wchar_t * data; data = new wchar_t[100]; if(staticFive==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16151 69878/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_07.cpp Off_by_One_Error_in_Methods 74 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16152 69879/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_08.cpp Off_by_One_Error_in_Methods 52 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16153 69879/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_08.cpp Off_by_One_Error_in_Methods 82 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16154 69880/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_09.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0';e */ wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16155 69880/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_09.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16156 69881/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_10.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16157 69881/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_10.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16158 69882/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_11.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16159 69882/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_11.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16160 69883/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_12.cpp Off_by_One_Error_in_Methods 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16161 69883/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_12.cpp Off_by_One_Error_in_Methods 77 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16162 69884/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_13.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16163 69884/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_13.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16164 69885/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_14.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16165 69885/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_14.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16166 69886/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_15.cpp Off_by_One_Error_in_Methods 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16167 69886/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_15.cpp Off_by_One_Error_in_Methods 76 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16168 69887/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_16.cpp Off_by_One_Error_in_Methods 40 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16169 69887/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_16.cpp Off_by_One_Error_in_Methods 66 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16170 69888/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_17.cpp Off_by_One_Error_in_Methods 40 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16171 69888/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_17.cpp Off_by_One_Error_in_Methods 66 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16172 69889/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_18.cpp Off_by_One_Error_in_Methods 38 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16173 69889/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_18.cpp Off_by_One_Error_in_Methods 62 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16174 69890/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_21.cpp Off_by_One_Error_in_Methods 91 data[50-1] = L'\0'; return data; data = new wchar_t[100]; data = goodG2B1Source(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); static wchar_t * goodG2B1Source(wchar_t * data) return data; data = goodG2B1Source(data); wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16175 69890/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_21.cpp Off_by_One_Error_in_Methods 49 wchar_t * data; data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16176 69891/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_22.cpp Off_by_One_Error_in_Methods 70 wchar_t * data; data = new wchar_t[100]; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; data = goodG2B1Source(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16177 69891/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_22.cpp Off_by_One_Error_in_Methods 41 wchar_t * data; data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16178 69892/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_31.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16179 69892/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_31.cpp Off_by_One_Error_in_Methods 65 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16180 69893/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_32.cpp Off_by_One_Error_in_Methods 75 wchar_t * *dataPtr2 = &data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16181 69893/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_32.cpp Off_by_One_Error_in_Methods 44 wchar_t * *dataPtr2 = &data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16182 69894/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_33.cpp Off_by_One_Error_in_Methods 39 wchar_t * &dataRef = data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16183 69894/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_33.cpp Off_by_One_Error_in_Methods 65 wchar_t * data; wchar_t * &dataRef = data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16184 69895/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_34.cpp Off_by_One_Error_in_Methods 46 wchar_t * data; unionType myUnion; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myUnion.unionFirst = data wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16185 69895/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_34.cpp Off_by_One_Error_in_Methods 73 wchar_t * data; unionType myUnion; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16186 69896/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_41.cpp Off_by_One_Error_in_Methods 31 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16187 69896/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_41.cpp Off_by_One_Error_in_Methods 57 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16188 69897/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_42.cpp Off_by_One_Error_in_Methods 70 wchar_t * data; data = new wchar_t[100]; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; data = goodG2BSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16189 69897/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_42.cpp Off_by_One_Error_in_Methods 42 wchar_t * data; data = new wchar_t[100]; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16190 69898/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_43.cpp Off_by_One_Error_in_Methods 68 wchar_t * data; data = new wchar_t[100]; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16191 69898/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_43.cpp Off_by_One_Error_in_Methods 41 wchar_t * data; data = new wchar_t[100]; badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16192 69899/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_44.cpp Off_by_One_Error_in_Methods 31 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0';/ funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16193 69899/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_44.cpp Off_by_One_Error_in_Methods 61 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16194 69900/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_45.cpp Off_by_One_Error_in_Methods 64 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = goodG2BData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16195 69900/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_45.cpp Off_by_One_Error_in_Methods 35 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badData = data; badSink(); static void badSink() wchar_t * data = badData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16196 69901/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_51.cpp Off_by_One_Error_in_Methods 128 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16197 69901/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_51.cpp Off_by_One_Error_in_Methods 145 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16198 69902/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_52.cpp Off_by_One_Error_in_Methods 181 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink_b(data); void badSink_c(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16199 69902/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_52.cpp Off_by_One_Error_in_Methods 198 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink_b(data); void goodG2BSink_c(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16200 69903/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_53.cpp Off_by_One_Error_in_Methods 251 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink_b(data); void goodG2BSink_d(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16201 69903/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_53.cpp Off_by_One_Error_in_Methods 234 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink_b(data); void badSink_d(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16202 69904/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_54.cpp Off_by_One_Error_in_Methods 287 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink_b(data); void badSink_e(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16203 69904/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_54.cpp Off_by_One_Error_in_Methods 304 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink_b(data); void goodG2BSink_e(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16204 69905/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_61.cpp Off_by_One_Error_in_Methods 37 wchar_t * data; data = new wchar_t[100]; data = badSource(data); wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16205 69905/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_61.cpp Off_by_One_Error_in_Methods 59 wchar_t * data; data = new wchar_t[100]; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; data = goodG2BSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16206 69906/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_62.cpp Off_by_One_Error_in_Methods 37 wchar_t * data; data = new wchar_t[100]; badSource(data); void badSource(wchar_t * &data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16207 69906/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_62.cpp Off_by_One_Error_in_Methods 59 wchar_t * data; data = new wchar_t[100]; goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSource(data); wchar_t dest[50] = L""; data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16208 69907/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_63.cpp Off_by_One_Error_in_Methods 144 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(&data); void goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16209 69907/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_63.cpp Off_by_One_Error_in_Methods 126 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(&data); void badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16210 69908/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_64.cpp Off_by_One_Error_in_Methods 150 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16211 69908/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_64.cpp Off_by_One_Error_in_Methods 129 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; badSink(&data); void badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16212 69909/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_65.cpp Off_by_One_Error_in_Methods 129 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16213 69909/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_65.cpp Off_by_One_Error_in_Methods 146 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16214 69910/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_66.cpp Off_by_One_Error_in_Methods 152 wchar_t * data; wchar_t * dataArray[5]; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16215 69910/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_66.cpp Off_by_One_Error_in_Methods 134 wchar_t * data; wchar_t * dataArray[5]; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataArray[2] = data; badSink(dataArray); void badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16216 69911/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_67.cpp Off_by_One_Error_in_Methods 158 wchar_t * data; structType myStruct; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16217 69911/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_67.cpp Off_by_One_Error_in_Methods 140 wchar_t * data; structType myStruct; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16218 69912/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_68.cpp Off_by_One_Error_in_Methods 155 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_68_goodG2BData = data; goodG2BSink(); void goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_68_goodG2BData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16219 69912/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_68.cpp Off_by_One_Error_in_Methods 137 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_68_badData = data; badSink(); void badSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_68_badData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16220 69913/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_72.cpp Off_by_One_Error_in_Methods 163 wchar_t * data; vector dataVector; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16221 69913/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_72.cpp Off_by_One_Error_in_Methods 145 wchar_t * data; vector dataVector; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16222 69914/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_73.cpp Off_by_One_Error_in_Methods 163 wchar_t * data; list dataList; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16223 69914/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_73.cpp Off_by_One_Error_in_Methods 145 wchar_t * data; list dataList; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16224 69915/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_74.cpp Off_by_One_Error_in_Methods 163 wchar_t * data; map dataMap; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16225 69915/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_74.cpp Off_by_One_Error_in_Methods 145 wchar_t * data; map dataMap; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16226 69920/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_01.cpp Format_String_Attack 63 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16227 69920/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_01.cpp Format_String_Attack 42 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16228 69921/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_02.cpp Format_String_Attack 74 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16229 69921/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_02.cpp Format_String_Attack 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16230 69922/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_03.cpp Format_String_Attack 74 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16231 69922/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_03.cpp Format_String_Attack 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16232 69923/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_04.cpp Format_String_Attack 80 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16233 69923/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_04.cpp Format_String_Attack 51 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16234 69924/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_05.cpp Format_String_Attack 80 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16235 69924/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_05.cpp Format_String_Attack 51 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16236 69925/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_06.cpp Format_String_Attack 79 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16237 69925/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_06.cpp Format_String_Attack 50 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16238 69926/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_07.cpp Format_String_Attack 79 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16239 69926/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_07.cpp Format_String_Attack 50 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16240 69927/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_08.cpp Format_String_Attack 87 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16241 69927/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_08.cpp Format_String_Attack 58 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16242 69928/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_09.cpp Format_String_Attack 74 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16243 69928/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_09.cpp Format_String_Attack 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16244 69929/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_10.cpp Format_String_Attack 74 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16245 69929/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_10.cpp Format_String_Attack 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16246 69930/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_11.cpp Format_String_Attack 74 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16247 69930/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_11.cpp Format_String_Attack 45 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16248 69931/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_12.cpp Format_String_Attack 82 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16249 69931/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_12.cpp Format_String_Attack 51 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16250 70666/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_43.cpp Buffer_Overflow_Indexes 92 badSource(data); static void badSource(int &data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 16251 70666/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_43.cpp Buffer_Overflow_boundedcpy 74 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 16252 70666/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_43.cpp Buffer_Overflow_boundedcpy 226 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 16253 70674/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_62.cpp Buffer_Overflow_Indexes 267 badSource(data); void badSource(int &data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 16254 70674/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_62.cpp Buffer_Overflow_Indexes 353 goodB2GSource(data); void goodB2GSource(int &data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16255 70674/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_62.cpp Buffer_Overflow_boundedcpy 335 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 16256 70674/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_62.cpp Buffer_Overflow_boundedcpy 249 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 16257 70681/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_72.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2GSink(dataVector); void goodB2GSink(vector dataVector) int data = dataVector[2]; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16258 70681/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_72.cpp Buffer_Overflow_Indexes 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badSink(dataVector); void badSink(vector dataVector) int data = dataVector[2]; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 16259 70681/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_72.cpp Buffer_Overflow_boundedcpy 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 16260 70681/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_72.cpp Buffer_Overflow_boundedcpy 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 16261 70682/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_73.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2GSink(dataList); void goodB2GSink(list dataList) if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16262 70682/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_73.cpp Buffer_Overflow_Indexes 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badSink(dataList); void badSink(list dataList) if (data >= 0) buffer[data] = 1; 1 --------------------------------- 16263 70682/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_73.cpp Buffer_Overflow_boundedcpy 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 16264 70682/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_73.cpp Buffer_Overflow_boundedcpy 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 16265 70683/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_74.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2GSink(dataMap); void goodB2GSink(map dataMap) int data = dataMap[2]; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16266 70683/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_74.cpp Buffer_Overflow_Indexes 102 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badSink(dataMap); void badSink(map dataMap) int data = dataMap[2]; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 16267 70683/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_74.cpp Buffer_Overflow_boundedcpy 84 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 16268 70683/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_74.cpp Buffer_Overflow_boundedcpy 192 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 16269 70758/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_33.cpp Buffer_Overflow_cpycat 67 char * &dataRef = data; data = (char *)malloc((10+1)*sizeof(char)); char * data = dataRef; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 16270 70758/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_33.cpp Buffer_Overflow_cpycat 43 char * &dataRef = data; data = (char *)malloc(10*sizeof(char)); char * data = dataRef; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 16271 70762/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_43.cpp Buffer_Overflow_cpycat 45 badSource(data); static void badSource(char * &data) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 16272 70762/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_43.cpp Buffer_Overflow_cpycat 70 goodG2BSource(data); static void goodG2BSource(char * &data) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 16273 70770/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_62.cpp Buffer_Overflow_cpycat 42 data = NULL; badSource(data); void badSource(char * &data) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 16274 70770/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_62.cpp Buffer_Overflow_cpycat 63 data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 16275 70777/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_72.cpp Buffer_Overflow_cpycat 154 vector dataVector; data = (char *)malloc(10*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 16276 70777/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_72.cpp Buffer_Overflow_cpycat 171 vector dataVector; data = (char *)malloc((10+1)*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 16277 70778/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_73.cpp Buffer_Overflow_cpycat 154 list dataList; data = (char *)malloc(10*sizeof(char)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 16278 70778/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_73.cpp Buffer_Overflow_cpycat 171 list dataList; data = (char *)malloc((10+1)*sizeof(char)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 16279 70779/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_74.cpp Buffer_Overflow_cpycat 154 map dataMap; data = (char *)malloc(10*sizeof(char)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 16280 70779/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_74.cpp Buffer_Overflow_cpycat 171 map dataMap; data = (char *)malloc((10+1)*sizeof(char)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 16281 70854/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 69 char * &dataRef = data; data = (char *)malloc((10+1)*sizeof(char)); char * data = dataRef; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 16282 70854/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 44 char * &dataRef = data; data = (char *)malloc(10*sizeof(char)); char * data = dataRef; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 16283 70858/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 46 badSource(data); static void badSource(char * &data) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 16284 70858/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 72 goodG2BSource(data); static void goodG2BSource(char * &data) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 16285 70866/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 65 goodG2BSource(data); void goodG2BSource(char * &data) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 16286 70866/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 43 badSource(data); void badSource(char * &data) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 16287 70873/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 155 vector dataVector; data = (char *)malloc(10*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 16288 70873/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 173 vector dataVector; data = (char *)malloc((10+1)*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 16289 70874/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 155 list dataList; data = (char *)malloc(10*sizeof(char)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 16290 70874/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 173 list dataList; data = (char *)malloc((10+1)*sizeof(char)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 16291 70875/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 155 map dataMap; data = (char *)malloc(10*sizeof(char)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 16292 70875/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 173 map dataMap; data = (char *)malloc((10+1)*sizeof(char)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 16293 70902/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_33.cpp Buffer_Overflow_boundedcpy 44 char * &dataRef = data; data = (char *)malloc(10*sizeof(char)); char * data = dataRef; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 16294 70902/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_33.cpp Buffer_Overflow_boundedcpy 69 char * &dataRef = data; data = (char *)malloc((10+1)*sizeof(char)); char * data = dataRef; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 16295 70906/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_43.cpp Buffer_Overflow_boundedcpy 72 goodG2BSource(data); static void goodG2BSource(char * &data) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 16296 70906/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_43.cpp Buffer_Overflow_boundedcpy 46 badSource(data); static void badSource(char * &data) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 16297 70914/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_62.cpp Buffer_Overflow_boundedcpy 43 badSource(data); void badSource(char * &data); data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 16298 70914/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_62.cpp Buffer_Overflow_boundedcpy 65 goodG2BSource(data); void goodG2BSource(char * &data) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 16299 70921/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_72.cpp Buffer_Overflow_boundedcpy 155 vector dataVector; data = (char *)malloc(10*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 16300 70921/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_72.cpp Buffer_Overflow_boundedcpy 173 vector dataVector; data = (char *)malloc((10+1)*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 16301 70922/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_73.cpp Buffer_Overflow_boundedcpy 155 list dataList; data = (char *)malloc(10*sizeof(char)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 16302 70922/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_73.cpp Buffer_Overflow_boundedcpy 173 list dataList; data = (char *)malloc((10+1)*sizeof(char)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 16303 70923/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_74.cpp Buffer_Overflow_boundedcpy 155 map dataMap; data = (char *)malloc(10*sizeof(char)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 16304 70923/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_74.cpp Buffer_Overflow_boundedcpy 173 map dataMap; data = (char *)malloc((10+1)*sizeof(char)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 16305 70950/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_33.cpp Buffer_Overflow_boundedcpy 69 char * &dataRef = data; data = (char *)malloc((10+1)*sizeof(char)); char * data = dataRef; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 16306 70950/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_33.cpp Buffer_Overflow_boundedcpy 44 char * &dataRef = data; data = (char *)malloc(10*sizeof(char)); char * data = dataRef; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 16307 70954/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_43.cpp Buffer_Overflow_boundedcpy 72 goodG2BSource(data); static void goodG2BSource(char * &data) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 16308 70954/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_43.cpp Buffer_Overflow_boundedcpy 46 badSource(data); static void badSource(char * &data) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 16309 70962/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 43 badSource(data); void badSource(char * &data) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 16310 70962/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 65 goodG2BSource(data); void goodG2BSource(char * &data) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 16311 70969/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 173 vector dataVector; data = (char *)malloc((10+1)*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 16312 70969/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 155 vector dataVector; data = (char *)malloc(10*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 16313 70970/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 173 list dataList; data = (char *)malloc((10+1)*sizeof(char)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 16314 70970/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 155 list dataList; data = (char *)malloc(10*sizeof(char)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 16315 70971/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 173 map dataMap; data = (char *)malloc((10+1)*sizeof(char)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 16316 70971/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 155 map dataMap; data = (char *)malloc(10*sizeof(char)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 16317 70998/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_33.cpp Buffer_Overflow_cpycat 43 wchar_t * &dataRef = data; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 16318 70998/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_33.cpp Buffer_Overflow_cpycat 67 wchar_t * &dataRef = data; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 16319 71002/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_43.cpp Buffer_Overflow_cpycat 70 goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 16320 71002/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_43.cpp Buffer_Overflow_cpycat 45 badSource(data); static void badSource(wchar_t * &data) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 16321 71010/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_62.cpp Buffer_Overflow_cpycat 63 goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 16322 71010/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_62.cpp Buffer_Overflow_cpycat 42 badSource(data); void badSource(wchar_t * &data) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 16323 71017/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_72.cpp Buffer_Overflow_cpycat 154 vector dataVector; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 16324 71017/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_72.cpp Buffer_Overflow_cpycat 171 vector dataVector; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 16325 71018/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_73.cpp Buffer_Overflow_cpycat 154 list dataList; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 16326 71018/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_73.cpp Buffer_Overflow_cpycat 171 list dataList; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 16327 71019/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_74.cpp Buffer_Overflow_cpycat 154 map dataMap; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 16328 71019/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_74.cpp Buffer_Overflow_cpycat 171 map dataMap; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 16329 71094/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 44 wchar_t * &dataRef = data; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 16330 71094/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 69 wchar_t * &dataRef = data; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 16331 71098/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 46 badSource(data); static void badSource(wchar_t * &data) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 16332 71098/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 72 goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 16333 71106/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 43 badSource(data); void badSource(wchar_t * &data); data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 16334 71106/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 65 goodG2BSource(data); void goodG2BSource(wchar_t * &data) wchar_t source[10+1] = SRC_STRING; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 16335 71113/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 155 vector dataVector; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 16336 71113/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 173 vector dataVector; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 16337 71114/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 155 list dataList; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 16338 71114/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 173 list dataList; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 16339 71115/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 155 map dataMap; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 16340 71115/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 173 map dataMap; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 16341 71142/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 44 wchar_t * &dataRef = data; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 16342 71142/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 69 wchar_t * &dataRef = data; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 16343 71146/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 46 badSource(data); static void badSource(wchar_t * &data) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 16344 71146/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 72 goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 16345 71154/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 65 goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 16346 71154/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 43 badSource(data); void badSource(wchar_t * &data); data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 16347 71161/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 173 vector dataVector; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 16348 71161/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 155 vector dataVector; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 16349 71162/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 173 list dataList; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 16350 71162/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 155 list dataList; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 16351 71163/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 173 map dataMap; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 16352 71163/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 155 map dataMap; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 16353 71190/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_33.cpp Buffer_Overflow_boundedcpy 69 wchar_t * &dataRef = data; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 16354 71190/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_33.cpp Buffer_Overflow_boundedcpy 44 wchar_t * &dataRef = data; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 16355 71194/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_43.cpp Buffer_Overflow_boundedcpy 72 goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 16356 71194/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_43.cpp Buffer_Overflow_boundedcpy 46 badSource(data); static void badSource(wchar_t * &data) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 16357 71202/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_62.cpp Buffer_Overflow_boundedcpy 43 badSource(data); void badSource(wchar_t * &data); data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 16358 71202/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_62.cpp Buffer_Overflow_boundedcpy 65 goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 16359 71209/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_72.cpp Buffer_Overflow_boundedcpy 173 vector dataVector; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 16360 71209/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_72.cpp Buffer_Overflow_boundedcpy 155 vector dataVector; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 16361 71210/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_73.cpp Buffer_Overflow_boundedcpy 173 list dataList; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 16362 71210/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_73.cpp Buffer_Overflow_boundedcpy 155 list dataList; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 16363 71211/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_74.cpp Buffer_Overflow_boundedcpy 173 map dataMap; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 16364 71211/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_74.cpp Buffer_Overflow_boundedcpy 155 map dataMap; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 16365 71286/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 41 char * &dataRef = data; data = (char *)malloc(50*sizeof(char)); char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 16366 71286/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 66 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16367 71286/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 69 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 16368 71286/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 38 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16369 71290/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16370 71290/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 43 badSource(data); static void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 16371 71290/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 72 goodG2BSource(data); static void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 16372 71290/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 69 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16373 71298/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 36 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16374 71298/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 39 badSource(data); void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 16375 71298/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 63 goodG2BSource(data); void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 16376 71298/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 60 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16377 71305/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 148 vector dataVector; data = (char *)malloc(50*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 16378 71305/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 145 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16379 71305/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 168 vector dataVector; data = (char *)malloc(100*sizeof(char)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 16380 71305/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 165 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16381 71306/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 148 list dataList; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 16382 71306/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 145 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16383 71306/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 168 list dataList; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 16384 71306/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 165 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16385 71307/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 148 map dataMap; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 16386 71307/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 145 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16387 71307/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 168 map dataMap; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 16388 71307/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 165 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16389 71334/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_33.cpp Buffer_Overflow_boundedcpy 66 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16390 71334/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_33.cpp Buffer_Overflow_boundedcpy 69 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 16391 71334/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_33.cpp Buffer_Overflow_boundedcpy 38 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16392 71334/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_33.cpp Buffer_Overflow_boundedcpy 41 char * &dataRef = data; data = (char *)malloc(50*sizeof(char)); char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 16393 71338/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_43.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16394 71338/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_43.cpp Buffer_Overflow_boundedcpy 43 badSource(data); static void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 16395 71338/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_43.cpp Buffer_Overflow_boundedcpy 72 goodG2BSource(data); static void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 16396 71338/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_43.cpp Buffer_Overflow_boundedcpy 69 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16397 71346/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_62.cpp Buffer_Overflow_boundedcpy 36 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16398 71346/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_62.cpp Buffer_Overflow_boundedcpy 60 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16399 71346/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_62.cpp Buffer_Overflow_boundedcpy 63 goodG2BSource(data); void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 16400 71346/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_62.cpp Buffer_Overflow_boundedcpy 39 badSource(data); void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 16401 71353/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_72.cpp Buffer_Overflow_boundedcpy 148 vector dataVector; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 16402 71353/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_72.cpp Buffer_Overflow_boundedcpy 145 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16403 71353/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_72.cpp Buffer_Overflow_boundedcpy 168 vector dataVector; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 16404 71353/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_72.cpp Buffer_Overflow_boundedcpy 165 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16405 71354/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_73.cpp Buffer_Overflow_boundedcpy 148 list dataList; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 16406 71354/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_73.cpp Buffer_Overflow_boundedcpy 145 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16407 71354/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_73.cpp Buffer_Overflow_boundedcpy 168 list dataList; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 16408 71354/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_73.cpp Buffer_Overflow_boundedcpy 165 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16409 71355/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_74.cpp Buffer_Overflow_boundedcpy 148 map dataMap; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 16410 71355/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_74.cpp Buffer_Overflow_boundedcpy 145 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16411 71355/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_74.cpp Buffer_Overflow_boundedcpy 168 map dataMap; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 16412 71355/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_memmove_74.cpp Buffer_Overflow_boundedcpy 165 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16413 71382/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_33.cpp Buffer_Overflow_boundedcpy 41 char * &dataRef = data; data = (char *)malloc(50*sizeof(char)); char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 16414 71382/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_33.cpp Buffer_Overflow_boundedcpy 65 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16415 71382/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_33.cpp Buffer_Overflow_boundedcpy 38 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16416 71382/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_33.cpp Buffer_Overflow_boundedcpy 68 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 16417 71386/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_43.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16418 71386/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_43.cpp Buffer_Overflow_boundedcpy 43 badSource(data); static void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 16419 71386/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_43.cpp Buffer_Overflow_boundedcpy 68 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16420 71386/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_43.cpp Buffer_Overflow_boundedcpy 71 goodG2BSource(data); static void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 16421 71394/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_62.cpp Buffer_Overflow_boundedcpy 62 goodG2BSource(data); void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 16422 71394/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_62.cpp Buffer_Overflow_boundedcpy 36 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16423 71394/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_62.cpp Buffer_Overflow_boundedcpy 59 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16424 71394/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_62.cpp Buffer_Overflow_boundedcpy 39 badSource(data); void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 16425 71401/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_72.cpp Buffer_Overflow_boundedcpy 145 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16426 71401/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_72.cpp Buffer_Overflow_boundedcpy 164 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16427 71401/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_72.cpp Buffer_Overflow_boundedcpy 167 vector dataVector; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 16428 71401/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_72.cpp Buffer_Overflow_boundedcpy 148 vector dataVector; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 16429 71402/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_73.cpp Buffer_Overflow_boundedcpy 145 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16430 71402/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_73.cpp Buffer_Overflow_boundedcpy 164 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16431 71402/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_73.cpp Buffer_Overflow_boundedcpy 167 list dataList; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 16432 71402/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_73.cpp Buffer_Overflow_boundedcpy 148 list dataList; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 16433 71403/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_74.cpp Buffer_Overflow_boundedcpy 145 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16434 71403/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_74.cpp Buffer_Overflow_boundedcpy 164 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16435 71403/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_74.cpp Buffer_Overflow_boundedcpy 167 map dataMap; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 16436 71403/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_74.cpp Buffer_Overflow_boundedcpy 148 map dataMap; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 16437 71430/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_33.cpp Buffer_Overflow_boundedcpy 69 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 16438 71430/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_33.cpp Buffer_Overflow_boundedcpy 66 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16439 71430/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_33.cpp Buffer_Overflow_boundedcpy 41 char * &dataRef = data; data = (char *)malloc(50*sizeof(char)); char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 16440 71430/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_33.cpp Buffer_Overflow_boundedcpy 38 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16441 71434/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_43.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16442 71434/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_43.cpp Buffer_Overflow_boundedcpy 72 goodG2BSource(data); static void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 16443 71434/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_43.cpp Buffer_Overflow_boundedcpy 43 badSource(data); static void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 16444 71434/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_43.cpp Buffer_Overflow_boundedcpy 69 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16445 71442/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 63 goodG2BSource(data); void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 16446 71442/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 39 badSource(data); void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 16447 71442/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 36 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16448 71442/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 60 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16449 71449/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 168 vector dataVector; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 16450 71449/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 145 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16451 71449/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 148 vector dataVector; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 16452 71449/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 165 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16453 71450/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 168 list dataList; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 16454 71450/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 145 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16455 71450/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 148 list dataList; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 16456 71450/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 165 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16457 71451/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 168 map dataMap; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 16458 71451/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 145 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16459 71451/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 148 map dataMap; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 16460 71451/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 165 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16461 71478/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_33.cpp Buffer_Overflow_LowBound 47 char * &dataRef = data; data = (char *)malloc(50*sizeof(char)); char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 16462 71478/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_33.cpp Buffer_Overflow_LowBound 74 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 16463 71478/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_33.cpp Buffer_Overflow_boundedcpy 71 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16464 71478/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_33.cpp Buffer_Overflow_boundedcpy 44 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16465 71482/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_43.cpp Buffer_Overflow_LowBound 77 goodG2BSource(data); static void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 16466 71482/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_43.cpp Buffer_Overflow_LowBound 49 badSource(data); static void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 16467 71482/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_43.cpp Buffer_Overflow_boundedcpy 74 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16468 71482/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_43.cpp Buffer_Overflow_boundedcpy 46 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16469 71490/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_62.cpp Buffer_Overflow_LowBound 45 badSource(data); void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 16470 71490/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_62.cpp Buffer_Overflow_LowBound 68 goodG2BSource(data); void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 16471 71490/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_62.cpp Buffer_Overflow_boundedcpy 42 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16472 71490/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_62.cpp Buffer_Overflow_boundedcpy 65 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16473 71497/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_72.cpp Buffer_Overflow_LowBound 173 vector dataVector; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 16474 71497/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_72.cpp Buffer_Overflow_LowBound 154 vector dataVector; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 16475 71497/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_72.cpp Buffer_Overflow_boundedcpy 151 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16476 71497/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_72.cpp Buffer_Overflow_boundedcpy 170 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16477 71498/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_73.cpp Buffer_Overflow_LowBound 173 list dataList; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 16478 71498/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_73.cpp Buffer_Overflow_LowBound 154 list dataList; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 16479 71498/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_73.cpp Buffer_Overflow_boundedcpy 151 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16480 71498/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_73.cpp Buffer_Overflow_boundedcpy 170 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16481 71499/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_74.cpp Buffer_Overflow_LowBound 173 map dataMap; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 16482 71499/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_74.cpp Buffer_Overflow_LowBound 154 map dataMap; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 16483 71499/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_74.cpp Buffer_Overflow_boundedcpy 151 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16484 71499/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_74.cpp Buffer_Overflow_boundedcpy 170 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 16485 71574/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 36 int64_t * &dataRef = data; data = (int64_t *)malloc(50*sizeof(int64_t)); int64_t * data = dataRef; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 16486 71574/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 60 int64_t * &dataRef = data; data = (int64_t *)malloc(100*sizeof(int64_t)); int64_t * data = dataRef; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 16487 71578/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 63 goodG2BSource(data); static void goodG2BSource(int64_t * &data) data = (int64_t *)malloc(100*sizeof(int64_t)); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 16488 71578/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 38 badSource(data); static void badSource(int64_t * &data) data = (int64_t *)malloc(50*sizeof(int64_t)); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 16489 71586/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 56 goodG2BSource(data); void goodG2BSource(int64_t * &data) data = (int64_t *)malloc(100*sizeof(int64_t)); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 16490 71586/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 35 badSource(data); void badSource(int64_t * &data) data = (int64_t *)malloc(50*sizeof(int64_t)); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 16491 71593/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 157 vector dataVector; data = (int64_t *)malloc(100*sizeof(int64_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int64_t * data = dataVector[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 16492 71593/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 140 vector dataVector; data = (int64_t *)malloc(50*sizeof(int64_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int64_t * data = dataVector[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 16493 71594/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 157 list dataList; data = (int64_t *)malloc(100*sizeof(int64_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int64_t * data = dataList.back(); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 16494 71594/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 140 list dataList; data = (int64_t *)malloc(50*sizeof(int64_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int64_t * data = dataList.back(); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 16495 71595/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 157 map dataMap; data = (int64_t *)malloc(100*sizeof(int64_t)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int64_t * data = dataMap[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 16496 71595/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 140 map dataMap; data = (int64_t *)malloc(50*sizeof(int64_t)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int64_t * data = dataMap[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 16497 71622/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_33.cpp Buffer_Overflow_boundedcpy 60 int64_t * &dataRef = data; data = (int64_t *)malloc(100*sizeof(int64_t)); int64_t * data = dataRef; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 16498 71622/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_33.cpp Buffer_Overflow_boundedcpy 36 int64_t * &dataRef = data; data = (int64_t *)malloc(50*sizeof(int64_t)); int64_t * data = dataRef; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 16499 71626/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_43.cpp Buffer_Overflow_boundedcpy 38 badSource(data); static void badSource(int64_t * &data) data = (int64_t *)malloc(50*sizeof(int64_t)); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 16500 71626/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_43.cpp Buffer_Overflow_boundedcpy 63 goodG2BSource(data); static void goodG2BSource(int64_t * &data) data = (int64_t *)malloc(100*sizeof(int64_t)); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 16501 71634/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_62.cpp Buffer_Overflow_boundedcpy 35 badSource(data); void badSource(int64_t * &data); data = (int64_t *)malloc(50*sizeof(int64_t)); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 16502 71634/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_62.cpp Buffer_Overflow_boundedcpy 56 goodG2BSource(data); void goodG2BSource(int64_t * &data); data = (int64_t *)malloc(100*sizeof(int64_t)); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 16503 71641/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_72.cpp Buffer_Overflow_boundedcpy 157 vector dataVector; data = (int64_t *)malloc(100*sizeof(int64_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int64_t * data = dataVector[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 16504 71641/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_72.cpp Buffer_Overflow_boundedcpy 140 vector dataVector; data = (int64_t *)malloc(50*sizeof(int64_t)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int64_t * data = dataVector[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 16505 71642/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_73.cpp Buffer_Overflow_boundedcpy 157 list dataList; data = (int64_t *)malloc(100*sizeof(int64_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int64_t * data = dataList.back(); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 16506 71642/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_73.cpp Buffer_Overflow_boundedcpy 140 list dataList; data = (int64_t *)malloc(50*sizeof(int64_t)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int64_t * data = dataList.back(); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 16507 71643/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_74.cpp Buffer_Overflow_boundedcpy 157 map dataMap; data = (int64_t *)malloc(100*sizeof(int64_t)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int64_t * data = dataMap[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 16508 71643/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int64_t_memmove_74.cpp Buffer_Overflow_boundedcpy 140 map dataMap; data = (int64_t *)malloc(50*sizeof(int64_t)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int64_t * data = dataMap[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 16509 71718/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_33.cpp Buffer_Overflow_boundedcpy 36 int * &dataRef = data; data = (int *)malloc(50*sizeof(int)); int * data = dataRef; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 16510 71718/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_33.cpp Buffer_Overflow_boundedcpy 60 int * &dataRef = data; data = (int *)malloc(100*sizeof(int)); int * data = dataRef; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 16511 71722/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_43.cpp Buffer_Overflow_boundedcpy 63 goodG2BSource(data); static void goodG2BSource(int * &data) data = (int *)malloc(100*sizeof(int)); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 16512 71722/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_43.cpp Buffer_Overflow_boundedcpy 38 badSource(data); static void badSource(int * &data) data = (int *)malloc(50*sizeof(int)); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 16513 71730/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_62.cpp Buffer_Overflow_boundedcpy 56 goodG2BSource(data); void goodG2BSource(int * &data) data = (int *)malloc(100*sizeof(int)); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 16514 71730/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_62.cpp Buffer_Overflow_boundedcpy 35 badSource(data); badSource(data); void badSource(int * &data) data = (int *)malloc(50*sizeof(int)); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 16515 71737/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_72.cpp Buffer_Overflow_boundedcpy 140 vector dataVector; data = (int *)malloc(50*sizeof(int)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int * data = dataVector[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 16516 71737/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_72.cpp Buffer_Overflow_boundedcpy 157 vector dataVector; data = (int *)malloc(100*sizeof(int)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int * data = dataVector[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 16517 71738/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_73.cpp Buffer_Overflow_boundedcpy 140 list dataList; data = (int *)malloc(50*sizeof(int)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int * data = dataList.back(); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 16518 71738/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_73.cpp Buffer_Overflow_boundedcpy 157 list dataList; data = (int *)malloc(100*sizeof(int)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int * data = dataList.back(); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 16519 71739/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_74.cpp Buffer_Overflow_boundedcpy 140 map dataMap; data = (int *)malloc(50*sizeof(int)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int * data = dataMap[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 16520 71739/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memcpy_74.cpp Buffer_Overflow_boundedcpy 157 map dataMap; data = (int *)malloc(100*sizeof(int)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int * data = dataMap[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 16521 71766/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_33.cpp Buffer_Overflow_boundedcpy 36 int * &dataRef = data; data = (int *)malloc(50*sizeof(int)); int * data = dataRef; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 16522 71766/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_33.cpp Buffer_Overflow_boundedcpy 60 int * &dataRef = data; data = (int *)malloc(100*sizeof(int)); int * data = dataRef; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 16523 71770/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_43.cpp Buffer_Overflow_boundedcpy 38 badSource(data); static void badSource(int * &data) data = (int *)malloc(50*sizeof(int)); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 16524 71770/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_43.cpp Buffer_Overflow_boundedcpy 63 goodG2BSource(data); static void goodG2BSource(int * &data) data = (int *)malloc(100*sizeof(int)); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 16525 71778/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_62.cpp Buffer_Overflow_boundedcpy 56 goodG2BSource(data); void goodG2BSource(int * &data) data = (int *)malloc(100*sizeof(int)); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 16526 71778/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_62.cpp Buffer_Overflow_boundedcpy 35 badSource(data); void badSource(int * &data) data = (int *)malloc(50*sizeof(int)); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 16527 71785/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_72.cpp Buffer_Overflow_boundedcpy 157 vector dataVector; data = (int *)malloc(100*sizeof(int)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int * data = dataVector[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 16528 71785/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_72.cpp Buffer_Overflow_boundedcpy 140 vector dataVector; data = (int *)malloc(50*sizeof(int)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int * data = dataVector[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 16529 71786/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_73.cpp Buffer_Overflow_boundedcpy 157 list dataList; data = (int *)malloc(100*sizeof(int)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int * data = dataList.back(); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 16530 71786/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_73.cpp Buffer_Overflow_boundedcpy 140 list dataList; data = (int *)malloc(50*sizeof(int)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int * data = dataList.back(); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 16531 71787/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_74.cpp Buffer_Overflow_boundedcpy 157 map dataMap; data = (int *)malloc(100*sizeof(int)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int * data = dataMap[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 16532 71787/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_int_memmove_74.cpp Buffer_Overflow_boundedcpy 140 map dataMap; data = (int *)malloc(50*sizeof(int)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int * data = dataMap[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 16533 71862/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_33.cpp Buffer_Overflow_boundedcpy 45 twoIntsStruct * &dataRef = data; data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); twoIntsStruct * data = dataRef; twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 16534 71862/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_33.cpp Buffer_Overflow_boundedcpy 78 twoIntsStruct * &dataRef = data; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); twoIntsStruct * data = dataRef; twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 16535 71866/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_43.cpp Buffer_Overflow_boundedcpy 81 goodG2BSource(data); static void goodG2BSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 16536 71866/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_43.cpp Buffer_Overflow_boundedcpy 47 badSource(data); static void badSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 16537 71874/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_62.cpp Buffer_Overflow_boundedcpy 74 goodG2BSource(data); void goodG2BSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 16538 71874/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_62.cpp Buffer_Overflow_boundedcpy 44 badSource(data); void badSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 16539 71881/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_72.cpp Buffer_Overflow_boundedcpy 149 vector dataVector; data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) twoIntsStruct * data = dataVector[2]; twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 16540 71881/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_72.cpp Buffer_Overflow_boundedcpy 175 vector dataVector; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) twoIntsStruct * data = dataVector[2]; twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 16541 71882/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_73.cpp Buffer_Overflow_boundedcpy 149 list dataList; data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) twoIntsStruct * data = dataList.back(); twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 16542 71882/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_73.cpp Buffer_Overflow_boundedcpy 175 list dataList; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) twoIntsStruct * data = dataList.back(); twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 16543 71883/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_74.cpp Buffer_Overflow_boundedcpy 149 map dataMap; data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) twoIntsStruct * data = dataMap[2]; twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 16544 71883/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memcpy_74.cpp Buffer_Overflow_boundedcpy 175 map dataMap; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) twoIntsStruct * data = dataMap[2]; twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 16545 71910/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_33.cpp Buffer_Overflow_boundedcpy 78 twoIntsStruct * &dataRef = data; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); twoIntsStruct * data = dataRef; twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 16546 71910/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_33.cpp Buffer_Overflow_boundedcpy 45 twoIntsStruct * &dataRef = data; data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); twoIntsStruct * data = dataRef; twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 16547 71914/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_43.cpp Buffer_Overflow_boundedcpy 47 badSource(data); static void badSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 16548 71914/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_43.cpp Buffer_Overflow_boundedcpy 81 goodG2BSource(data); static void goodG2BSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 16549 71922/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_62.cpp Buffer_Overflow_boundedcpy 44 badSource(data); void badSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 16550 71922/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_62.cpp Buffer_Overflow_boundedcpy 74 goodG2BSource(data); void goodG2BSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 16551 71929/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_72.cpp Buffer_Overflow_boundedcpy 149 vector dataVector; data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) twoIntsStruct * data = dataVector[2]; twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 16552 71929/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_72.cpp Buffer_Overflow_boundedcpy 175 vector dataVector; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) twoIntsStruct * data = dataVector[2]; twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 16553 71930/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_73.cpp Buffer_Overflow_boundedcpy 149 list dataList; data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) twoIntsStruct * data = dataList.back(); twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 16554 71930/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_73.cpp Buffer_Overflow_boundedcpy 175 list dataList; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) twoIntsStruct * data = dataList.back(); twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 16555 71931/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_74.cpp Buffer_Overflow_boundedcpy 149 map dataMap; data = (twoIntsStruct *)malloc(50*sizeof(twoIntsStruct)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) twoIntsStruct * data = dataMap[2]; twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 1 --------------------------------- 16556 71931/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_struct_memmove_74.cpp Buffer_Overflow_boundedcpy 175 map dataMap; data = (twoIntsStruct *)malloc(100*sizeof(twoIntsStruct)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) twoIntsStruct * data = dataMap[2]; twoIntsStruct source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(twoIntsStruct)); 0 --------------------------------- 16557 72006/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 41 wchar_t * &dataRef = data; data = (wchar_t *)malloc(50*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 16558 72006/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 38 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16559 72006/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 69 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 16560 72006/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 66 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16561 72010/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 43 badSource(data); static void badSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 16562 72010/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 72 goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 16563 72010/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16564 72010/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 69 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16565 72018/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 60 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16566 72018/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 36 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16567 72018/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 39 badSource(data); void badSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 16568 72018/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 63 goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 16569 72025/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 168 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 16570 72025/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 165 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16571 72025/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 148 vector dataVector; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 16572 72025/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 145 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16573 72026/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 168 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 16574 72026/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 165 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16575 72026/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 148 list dataList; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 16576 72026/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 145 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16577 72027/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 168 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 16578 72027/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 165 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16579 72027/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 148 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 16580 72027/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 145 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16581 72054/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 41 wchar_t * &dataRef = data; data = (wchar_t *)malloc(50*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 16582 72054/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 69 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 16583 72054/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 38 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16584 72054/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 66 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16585 72058/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 72 goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 16586 72058/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 69 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16587 72058/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 43 badSource(data); static void badSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 16588 72058/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16589 72066/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 63 goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 16590 72066/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 39 badSource(data); void badSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 16591 72066/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 36 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16592 72066/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 60 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16593 72073/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 168 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 16594 72073/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 165 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16595 72073/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 148 vector dataVector; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 16596 72073/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 145 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16597 72074/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 168 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 16598 72074/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 165 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16599 72074/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 148 list dataList; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 16600 72074/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 145 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16601 72075/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 168 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 16602 72075/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 165 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16603 72075/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 148 map dataMap; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 16604 72075/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 145 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16605 72102/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_33.cpp Buffer_Overflow_boundedcpy 38 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16606 72102/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_33.cpp Buffer_Overflow_boundedcpy 68 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 16607 72102/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_33.cpp Buffer_Overflow_boundedcpy 41 wchar_t * &dataRef = data; data = (wchar_t *)malloc(50*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 16608 72102/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_33.cpp Buffer_Overflow_boundedcpy 65 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16609 72106/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_43.cpp Buffer_Overflow_boundedcpy 68 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16610 72106/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_43.cpp Buffer_Overflow_boundedcpy 71 goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 16611 72106/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_43.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16612 72106/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_43.cpp Buffer_Overflow_boundedcpy 43 badSource(data); static void badSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 16613 72114/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_62.cpp Buffer_Overflow_boundedcpy 36 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16614 72114/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_62.cpp Buffer_Overflow_boundedcpy 59 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16615 72114/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_62.cpp Buffer_Overflow_boundedcpy 39 badSource(data); void badSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 16616 72114/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_62.cpp Buffer_Overflow_boundedcpy 62 goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 16617 72121/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_72.cpp Buffer_Overflow_boundedcpy 164 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16618 72121/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_72.cpp Buffer_Overflow_boundedcpy 167 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 16619 72121/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_72.cpp Buffer_Overflow_boundedcpy 148 vector dataVector; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 16620 72121/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_72.cpp Buffer_Overflow_boundedcpy 145 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16621 72122/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_73.cpp Buffer_Overflow_boundedcpy 164 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16622 72122/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_73.cpp Buffer_Overflow_boundedcpy 167 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 16623 72122/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_73.cpp Buffer_Overflow_boundedcpy 148 list dataList; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 16624 72122/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_73.cpp Buffer_Overflow_boundedcpy 145 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16625 72123/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_74.cpp Buffer_Overflow_boundedcpy 164 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16626 72123/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_74.cpp Buffer_Overflow_boundedcpy 167 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 16627 72123/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_74.cpp Buffer_Overflow_boundedcpy 148 map dataMap; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 16628 72123/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_74.cpp Buffer_Overflow_boundedcpy 145 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16629 72150/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_33.cpp Buffer_Overflow_boundedcpy 38 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16630 72150/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_33.cpp Buffer_Overflow_boundedcpy 69 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 16631 72150/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_33.cpp Buffer_Overflow_boundedcpy 41 wchar_t * &dataRef = data; data = (wchar_t *)malloc(50*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 16632 72150/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_33.cpp Buffer_Overflow_boundedcpy 66 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16633 72154/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_43.cpp Buffer_Overflow_boundedcpy 43 badSource(data); static void badSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 16634 72154/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_43.cpp Buffer_Overflow_boundedcpy 69 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16635 72154/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_43.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16636 72154/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_43.cpp Buffer_Overflow_boundedcpy 72 goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 16637 72162/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_62.cpp Buffer_Overflow_boundedcpy 36 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16638 72162/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_62.cpp Buffer_Overflow_boundedcpy 39 badSource(data); void badSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 16639 72162/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_62.cpp Buffer_Overflow_boundedcpy 63 goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 16640 72162/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_62.cpp Buffer_Overflow_boundedcpy 60 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16641 72169/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_72.cpp Buffer_Overflow_boundedcpy 148 vector dataVector; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 16642 72169/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_72.cpp Buffer_Overflow_boundedcpy 165 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16643 72169/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_72.cpp Buffer_Overflow_boundedcpy 168 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 16644 72169/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_72.cpp Buffer_Overflow_boundedcpy 145 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16645 72170/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_73.cpp Buffer_Overflow_boundedcpy 148 list dataList; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 16646 72170/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_73.cpp Buffer_Overflow_boundedcpy 165 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16647 72170/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_73.cpp Buffer_Overflow_boundedcpy 168 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 16648 72170/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_73.cpp Buffer_Overflow_boundedcpy 145 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16649 72171/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_74.cpp Buffer_Overflow_boundedcpy 148 map dataMap; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 16650 72171/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_74.cpp Buffer_Overflow_boundedcpy 165 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16651 72171/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_74.cpp Buffer_Overflow_boundedcpy 168 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 16652 72171/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_74.cpp Buffer_Overflow_boundedcpy 145 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16653 72198/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_33.cpp Buffer_Overflow_LowBound 74 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 16654 72198/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_33.cpp Buffer_Overflow_LowBound 47 wchar_t * &dataRef = data; data = (wchar_t *)malloc(50*sizeof(wchar_t)); wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 16655 72198/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_33.cpp Buffer_Overflow_boundedcpy 44 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16656 72198/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_33.cpp Buffer_Overflow_boundedcpy 71 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16657 72202/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_43.cpp Buffer_Overflow_LowBound 77 goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 16658 72202/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_43.cpp Buffer_Overflow_LowBound 49 badSource(data); static void badSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 16659 72202/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_43.cpp Buffer_Overflow_boundedcpy 46 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16660 72202/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_43.cpp Buffer_Overflow_boundedcpy 74 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16661 72210/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_62.cpp Buffer_Overflow_LowBound 45 badSource(data); void badSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 16662 72210/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_62.cpp Buffer_Overflow_LowBound 68 goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 16663 72210/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_62.cpp Buffer_Overflow_boundedcpy 42 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16664 72210/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_62.cpp Buffer_Overflow_boundedcpy 65 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16665 72217/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_72.cpp Buffer_Overflow_LowBound 154 vector dataVector; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 16666 72217/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_72.cpp Buffer_Overflow_LowBound 173 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 16667 72217/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_72.cpp Buffer_Overflow_boundedcpy 151 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16668 72217/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_72.cpp Buffer_Overflow_boundedcpy 170 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16669 72218/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_73.cpp Buffer_Overflow_LowBound 154 list dataList; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 16670 72218/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_73.cpp Buffer_Overflow_LowBound 173 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 16671 72218/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_73.cpp Buffer_Overflow_boundedcpy 151 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16672 72218/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_73.cpp Buffer_Overflow_boundedcpy 170 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16673 72219/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_74.cpp Buffer_Overflow_LowBound 154 map dataMap; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 16674 72219/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_74.cpp Buffer_Overflow_LowBound 173 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 16675 72219/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_74.cpp Buffer_Overflow_boundedcpy 151 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16676 72219/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_74.cpp Buffer_Overflow_boundedcpy 170 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 16677 72294/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 39 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 16678 72294/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 65 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 16679 72298/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 41 data = (char *)malloc(100*sizeof(char)); badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 16680 72298/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 68 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 16681 72306/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 37 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 16682 72306/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 59 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); void goodG2BSource(char * &data); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 16683 72313/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 146 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 16684 72313/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 164 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 16685 72314/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 146 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 16686 72314/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 164 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 16687 72315/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 146 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 16688 72315/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 164 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 16689 72342/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_33.cpp Buffer_Overflow_boundedcpy 65 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 16690 72342/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_33.cpp Buffer_Overflow_boundedcpy 39 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 16691 72346/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_43.cpp Buffer_Overflow_boundedcpy 41 data = (char *)malloc(100*sizeof(char)); badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 16692 72346/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_43.cpp Buffer_Overflow_boundedcpy 68 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 16693 72354/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_62.cpp Buffer_Overflow_boundedcpy 37 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 16694 72354/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_62.cpp Buffer_Overflow_boundedcpy 59 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); void goodG2BSource(char * &data); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 16695 72361/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_72.cpp Buffer_Overflow_boundedcpy 164 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 16696 72361/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_72.cpp Buffer_Overflow_boundedcpy 146 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 16697 72362/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_73.cpp Buffer_Overflow_boundedcpy 164 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 16698 72362/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_73.cpp Buffer_Overflow_boundedcpy 146 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[10-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 16699 72363/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_74.cpp Buffer_Overflow_boundedcpy 164 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 16700 72363/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_74.cpp Buffer_Overflow_boundedcpy 146 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 16701 72390/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_33.cpp Buffer_Overflow_boundedcpy 39 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 16702 72390/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_33.cpp Buffer_Overflow_boundedcpy 65 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 16703 72394/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_43.cpp Buffer_Overflow_boundedcpy 68 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 16704 72394/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_43.cpp Buffer_Overflow_boundedcpy 41 data = (char *)malloc(100*sizeof(char)); badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 16705 72402/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_62.cpp Buffer_Overflow_boundedcpy 37 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 16706 72402/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_62.cpp Buffer_Overflow_boundedcpy 59 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); void goodG2BSource(char * &data); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 16707 72409/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_72.cpp Buffer_Overflow_boundedcpy 146 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 16708 72409/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_72.cpp Buffer_Overflow_boundedcpy 164 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 16709 72410/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_73.cpp Buffer_Overflow_boundedcpy 146 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 16710 72410/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_73.cpp Buffer_Overflow_boundedcpy 164 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 16711 72411/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_74.cpp Buffer_Overflow_boundedcpy 146 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 16712 72411/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_74.cpp Buffer_Overflow_boundedcpy 164 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 16713 72438/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_33.cpp Buffer_Overflow_boundedcpy 39 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 16714 72438/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_33.cpp Buffer_Overflow_boundedcpy 65 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 16715 72442/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_43.cpp Buffer_Overflow_boundedcpy 41 data = (char *)malloc(100*sizeof(char)); badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 16716 72442/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_43.cpp Buffer_Overflow_boundedcpy 68 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 16717 72450/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 59 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 16718 72450/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 37 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 16719 72457/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 146 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 16720 72457/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 164 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 16721 72458/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 146 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 16722 72458/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 164 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 16723 72459/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 164 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 16724 72459/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 146 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 16725 72486/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_33.cpp Buffer_Overflow_LowBound 70 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 16726 72486/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_33.cpp Buffer_Overflow_LowBound 45 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 16727 72490/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_43.cpp Buffer_Overflow_LowBound 73 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 16728 72490/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_43.cpp Buffer_Overflow_LowBound 47 data = (char *)malloc(100*sizeof(char)); badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 16729 72498/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_62.cpp Buffer_Overflow_LowBound 43 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 16730 72498/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_62.cpp Buffer_Overflow_LowBound 64 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 16731 72505/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_72.cpp Buffer_Overflow_LowBound 169 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 16732 72505/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_72.cpp Buffer_Overflow_LowBound 152 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 16733 72506/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_73.cpp Buffer_Overflow_LowBound 169 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 16734 72506/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_73.cpp Buffer_Overflow_LowBound 152 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 16735 72507/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_74.cpp Buffer_Overflow_LowBound 169 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 16736 72507/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_74.cpp Buffer_Overflow_LowBound 152 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 16737 72582/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 39 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16738 72582/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 65 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16739 72586/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 68 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16740 72586/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 41 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16741 72594/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 37 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16742 72594/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 59 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16743 72601/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 164 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16744 72601/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 146 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16745 72602/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 164 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16746 72602/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 146 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16747 72603/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 164 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16748 72603/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 146 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16749 72630/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 39 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16750 72630/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 65 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16751 72634/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 68 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16752 72634/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 41 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16753 72642/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 59 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16754 72642/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 37 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16755 72649/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 146 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16756 72649/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 164 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16757 72650/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 146 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16758 72650/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 164 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16759 72651/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 146 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 16760 72651/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 164 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 16761 72678/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_33.cpp Buffer_Overflow_boundedcpy 65 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16762 72678/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_33.cpp Buffer_Overflow_boundedcpy 39 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16763 72682/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_43.cpp Buffer_Overflow_boundedcpy 41 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16764 72682/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_43.cpp Buffer_Overflow_boundedcpy 68 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16765 72690/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_62.cpp Buffer_Overflow_boundedcpy 59 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16766 72690/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_62.cpp Buffer_Overflow_boundedcpy 37 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16767 72697/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_72.cpp Buffer_Overflow_boundedcpy 146 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16768 72697/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_72.cpp Buffer_Overflow_boundedcpy 164 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16769 72698/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_73.cpp Buffer_Overflow_boundedcpy 146 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16770 72698/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_73.cpp Buffer_Overflow_boundedcpy 164 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16771 72699/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_74.cpp Buffer_Overflow_boundedcpy 146 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 16772 72699/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncat_74.cpp Buffer_Overflow_boundedcpy 164 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 16773 72726/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_33.cpp Buffer_Overflow_boundedcpy 39 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16774 72726/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_33.cpp Buffer_Overflow_boundedcpy 65 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16775 72730/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_43.cpp Buffer_Overflow_boundedcpy 68 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16776 72730/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_43.cpp Buffer_Overflow_boundedcpy 41 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16777 72738/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_62.cpp Buffer_Overflow_boundedcpy 37 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16778 72738/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_62.cpp Buffer_Overflow_boundedcpy 59 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16779 72745/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_72.cpp Buffer_Overflow_boundedcpy 164 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16780 72745/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_72.cpp Buffer_Overflow_boundedcpy 146 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16781 72746/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_73.cpp Buffer_Overflow_boundedcpy 164 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16782 72746/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_73.cpp Buffer_Overflow_boundedcpy 146 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16783 72747/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_74.cpp Buffer_Overflow_boundedcpy 164 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 16784 72747/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_74.cpp Buffer_Overflow_boundedcpy 146 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 16785 72774/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_33.cpp Buffer_Overflow_LowBound 70 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16786 72774/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_33.cpp Buffer_Overflow_LowBound 45 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16787 72778/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_43.cpp Buffer_Overflow_LowBound 73 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16788 72778/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_43.cpp Buffer_Overflow_LowBound 47 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16789 72786/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_62.cpp Buffer_Overflow_LowBound 64 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16790 72786/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_62.cpp Buffer_Overflow_LowBound 43 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16791 72793/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_72.cpp Buffer_Overflow_LowBound 169 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16792 72793/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_72.cpp Buffer_Overflow_LowBound 152 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16793 72794/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_73.cpp Buffer_Overflow_LowBound 169 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16794 72794/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_73.cpp Buffer_Overflow_LowBound 152 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16795 72795/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_74.cpp Buffer_Overflow_LowBound 169 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 16796 72795/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_74.cpp Buffer_Overflow_LowBound 152 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 16797 72822/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_33.cpp Buffer_Overflow_cpycat 68 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 16798 72822/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_33.cpp Buffer_Overflow_cpycat 41 char * &dataRef = data; data = (char *)malloc(50*sizeof(char)); char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 16799 72826/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_43.cpp Buffer_Overflow_cpycat 43 badSource(data); static void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 16800 72826/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_43.cpp Buffer_Overflow_cpycat 71 goodG2BSource(data); static void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 16801 72834/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_62.cpp Buffer_Overflow_cpycat 62 goodG2BSource(data); void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 16802 72834/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_62.cpp Buffer_Overflow_cpycat 39 badSource(data); void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 16803 72841/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_72.cpp Buffer_Overflow_cpycat 148 vector dataVector; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 16804 72841/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_72.cpp Buffer_Overflow_cpycat 167 vector dataVector; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 16805 72842/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_73.cpp Buffer_Overflow_cpycat 148 list dataList; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 16806 72842/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_73.cpp Buffer_Overflow_cpycat 167 list dataList; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 16807 72843/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_74.cpp Buffer_Overflow_cpycat 148 map dataMap; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 16808 72843/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_74.cpp Buffer_Overflow_cpycat 167 map dataMap; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 16809 72870/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_33.cpp Buffer_Overflow_cpycat 41 char * &dataRef = data; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 16810 72870/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_33.cpp Buffer_Overflow_cpycat 68 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 16811 72874/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_43.cpp Buffer_Overflow_cpycat 43 badSource(data); static void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 16812 72874/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_43.cpp Buffer_Overflow_cpycat 71 goodG2BSource(data); static void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 16813 72882/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_62.cpp Buffer_Overflow_cpycat 62 goodG2BSource(data); void goodG2BSource(char * &data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 16814 72882/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_62.cpp Buffer_Overflow_cpycat 39 badSource(data); void badSource(char * &data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 16815 72889/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_72.cpp Buffer_Overflow_cpycat 148 vector dataVector; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 16816 72889/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_72.cpp Buffer_Overflow_cpycat 167 vector dataVector; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 16817 72890/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_73.cpp Buffer_Overflow_cpycat 148 list dataList; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 16818 72890/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_73.cpp Buffer_Overflow_cpycat 167 list dataList; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 16819 72891/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_74.cpp Buffer_Overflow_cpycat 148 map dataMap; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 16820 72891/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_74.cpp Buffer_Overflow_cpycat 167 map dataMap; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 16821 72966/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_33.cpp Buffer_Overflow_cpycat 41 wchar_t * &dataRef = data; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 16822 72966/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_33.cpp Buffer_Overflow_cpycat 68 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 16823 72970/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_43.cpp Buffer_Overflow_cpycat 71 goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 16824 72970/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_43.cpp Buffer_Overflow_cpycat 43 badSource(data); static void badSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 16825 72978/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_62.cpp Buffer_Overflow_cpycat 62 goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 16826 72978/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_62.cpp Buffer_Overflow_cpycat 39 badSource(data); void badSource(wchar_t * &data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 16827 72985/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_72.cpp Buffer_Overflow_cpycat 148 vector dataVector; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 16828 72985/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_72.cpp Buffer_Overflow_cpycat 167 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 16829 72986/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_73.cpp Buffer_Overflow_cpycat 148 list dataList; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 16830 72986/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_73.cpp Buffer_Overflow_cpycat 167 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 16831 72987/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_74.cpp Buffer_Overflow_cpycat 148 map dataMap; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 16832 72987/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_74.cpp Buffer_Overflow_cpycat 167 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 16833 73014/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_33.cpp Buffer_Overflow_cpycat 39 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 16834 73014/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_33.cpp Buffer_Overflow_cpycat 64 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 16835 73018/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_43.cpp Buffer_Overflow_cpycat 67 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 16836 73018/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_43.cpp Buffer_Overflow_cpycat 41 data = (char *)malloc(100*sizeof(char)); badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 16837 73026/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_62.cpp Buffer_Overflow_cpycat 58 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 16838 73026/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_62.cpp Buffer_Overflow_cpycat 37 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 16839 73033/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_72.cpp Buffer_Overflow_cpycat 163 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 16840 73033/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_72.cpp Buffer_Overflow_cpycat 146 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 16841 73034/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_73.cpp Buffer_Overflow_cpycat 163 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 16842 73034/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_73.cpp Buffer_Overflow_cpycat 146 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 16843 73035/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_74.cpp Buffer_Overflow_cpycat 163 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 16844 73035/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_74.cpp Buffer_Overflow_cpycat 146 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 16845 73062/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_33.cpp Buffer_Overflow_cpycat 64 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 16846 73062/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_33.cpp Buffer_Overflow_cpycat 39 char * &dataRef = data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 16847 73066/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_43.cpp Buffer_Overflow_cpycat 41 data = (char *)malloc(100*sizeof(char)); badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 16848 73066/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_43.cpp Buffer_Overflow_cpycat 67 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 16849 73074/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_62.cpp Buffer_Overflow_cpycat 37 data = (char *)malloc(100*sizeof(char)); badSource(data); void badSource(char * &data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 16850 73074/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_62.cpp Buffer_Overflow_cpycat 58 data = (char *)malloc(100*sizeof(char)); goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 16851 73081/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_72.cpp Buffer_Overflow_cpycat 163 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 16852 73081/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_72.cpp Buffer_Overflow_cpycat 146 vector dataVector; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 16853 73082/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_73.cpp Buffer_Overflow_cpycat 163 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 16854 73082/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_73.cpp Buffer_Overflow_cpycat 146 list dataList; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 16855 73083/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_74.cpp Buffer_Overflow_cpycat 163 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 16856 73083/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_74.cpp Buffer_Overflow_cpycat 146 map dataMap; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 16857 73158/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_33.cpp Buffer_Overflow_cpycat 39 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 16858 73158/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_33.cpp Buffer_Overflow_cpycat 64 wchar_t * &dataRef = data; data = (wchar_t *)malloc(100*sizeof(wchar_t)) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 16859 73162/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_43.cpp Buffer_Overflow_cpycat 41 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 16860 73162/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_43.cpp Buffer_Overflow_cpycat 67 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 16861 73170/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_62.cpp Buffer_Overflow_cpycat 37 data = (wchar_t *)malloc(100*sizeof(wchar_t)); badSource(data); void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 16862 73170/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_62.cpp Buffer_Overflow_cpycat 58 data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 16863 73177/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_72.cpp Buffer_Overflow_cpycat 146 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 16864 73177/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_72.cpp Buffer_Overflow_cpycat 163 vector dataVector; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 16865 73178/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_73.cpp Buffer_Overflow_cpycat 146 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 16866 73178/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_73.cpp Buffer_Overflow_cpycat 163 list dataList; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 16867 73179/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_74.cpp Buffer_Overflow_cpycat 146 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 16868 73179/CWE122_Heap_Based_Buffer_Overflow__c_src_wchar_t_cpy_74.cpp Buffer_Overflow_cpycat 163 map dataMap; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 16869 73248/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_33.cpp MultiByte_String_Length 54 data = NULL; data = (double *)malloc(sizeof(*data)); *data = 1.7E300; double * data = dataRef; printDoubleLine(*data); 0 --------------------------------- 16870 73248/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_33.cpp MultiByte_String_Length 32 data = NULL; data = (double *)malloc(sizeof(data)); *data = 1.7E300; double * data = dataRef; printDoubleLine(*data); 1 --------------------------------- 16871 73252/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_43.cpp MultiByte_String_Length 28 data = NULL; badSource(data); static void badSource(double * &data) data = (double *)malloc(sizeof(data)); *data = 1.7E300; printDoubleLine(*data); 1 --------------------------------- 16872 73252/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_43.cpp MultiByte_String_Length 51 data = NULL; goodG2BSource(data); static void goodG2BSource(double * &data) data = (double *)malloc(sizeof(*data)); *data = 1.7E300; printDoubleLine(*data); 0 --------------------------------- 16873 73260/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_62.cpp MultiByte_String_Length 135 data = NULL; goodG2BSource(data); void goodG2BSource(double * &data) data = (double *)malloc(sizeof(*data)); *data = 1.7E300; printDoubleLine(*data); 0 --------------------------------- 16874 73260/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_62.cpp MultiByte_String_Length 123 data = NULL; badSource(data); void badSource(double * &data) data = (double *)malloc(sizeof(data)); *data = 1.7E300; printDoubleLine(*data); 1 --------------------------------- 16875 73267/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_72.cpp MultiByte_String_Length 63 vector dataVector; data = NULL; data = (double *)malloc(sizeof(*data)); *data = 1.7E300; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) double * data = dataVector[2]; printDoubleLine(*data); 0 --------------------------------- 16876 73267/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_72.cpp MultiByte_String_Length 38 vector dataVector; data = NULL; data = (double *)malloc(sizeof(data)); *data = 1.7E300; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) double * data = dataVector[2]; printDoubleLine(*data); 1 --------------------------------- 16877 73268/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_73.cpp MultiByte_String_Length 63 list dataList; data = NULL; data = (double *)malloc(sizeof(*data)); *data = 1.7E300; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) double * data = dataList.back(); printDoubleLine(*data); 0 --------------------------------- 16878 73268/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_73.cpp MultiByte_String_Length 38 list dataList; data = NULL; data = (double *)malloc(sizeof(data)); *data = 1.7E300; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) double * data = dataList.back(); printDoubleLine(*data); 1 --------------------------------- 16879 73269/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_74.cpp MultiByte_String_Length 63 map dataMap; data = NULL; data = (double *)malloc(sizeof(*data)); *data = 1.7E300; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) double * data = dataMap[2]; printDoubleLine(*data); 0 --------------------------------- 16880 73269/CWE122_Heap_Based_Buffer_Overflow__sizeof_double_74.cpp MultiByte_String_Length 38 map dataMap; data = NULL; data = (double *)malloc(sizeof(data)); *data = 1.7E300; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) double * data = dataMap[2]; printDoubleLine(*data); 1 --------------------------------- 16881 73296/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_33.cpp MultiByte_String_Length 32 data = NULL; data = (int64_t *)malloc(sizeof(data)); *data = 2147483643LL; int64_t * data = dataRef; printLongLongLine(*data); 1 --------------------------------- 16882 73296/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_33.cpp MultiByte_String_Length 54 data = NULL; data = (int64_t *)malloc(sizeof(*data)); *data = 2147483643LL; int64_t * data = dataRef; printLongLongLine(*data); 0 --------------------------------- 16883 73300/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_43.cpp MultiByte_String_Length 51 data = NULL; goodG2BSource(data); static void goodG2BSource(int64_t * &data) data = (int64_t *)malloc(sizeof(*data)); *data = 2147483643LL; printLongLongLine(*data); 0 --------------------------------- 16884 73300/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_43.cpp MultiByte_String_Length 28 data = NULL; badSource(data); static void badSource(int64_t * &data) data = (int64_t *)malloc(sizeof(data)); *data = 2147483643LL; printLongLongLine(*data); 1 --------------------------------- 16885 73308/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_62.cpp MultiByte_String_Length 123 data = NULL; badSource(data); void badSource(int64_t * &data) data = (int64_t *)malloc(sizeof(data)); *data = 2147483643LL; printLongLongLine(*data); 1 --------------------------------- 16886 73308/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_62.cpp MultiByte_String_Length 135 data = NULL; goodG2BSource(data); void goodG2BSource(int64_t * &data) data = (int64_t *)malloc(sizeof(*data)); *data = 2147483643LL; printLongLongLine(*data); 0 --------------------------------- 16887 73315/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_72.cpp MultiByte_String_Length 38 vector dataVector; data = NULL; data = (int64_t *)malloc(sizeof(data)); *data = 2147483643LL; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int64_t * data = dataVector[2]; printLongLongLine(*data); 1 --------------------------------- 16888 73315/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_72.cpp MultiByte_String_Length 63 vector dataVector; data = NULL; data = (int64_t *)malloc(sizeof(*data)); *data = 2147483643LL; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int64_t * data = dataVector[2]; printLongLongLine(*data); 0 --------------------------------- 16889 73316/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_73.cpp MultiByte_String_Length 38 list dataList; data = NULL; data = (int64_t *)malloc(sizeof(data)); *data = 2147483643LL; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int64_t * data = dataList.back(); printLongLongLine(*data); 1 --------------------------------- 16890 73316/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_73.cpp MultiByte_String_Length 63 list dataList; data = NULL; data = (int64_t *)malloc(sizeof(*data)); *data = 2147483643LL; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int64_t * data = dataList.back(); printLongLongLine(*data); 0 --------------------------------- 16891 73317/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_74.cpp MultiByte_String_Length 38 map dataMap; data = NULL; data = (int64_t *)malloc(sizeof(data)); *data = 2147483643LL; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int64_t * data = dataMap[2]; printLongLongLine(*data); 1 --------------------------------- 16892 73317/CWE122_Heap_Based_Buffer_Overflow__sizeof_int64_t_74.cpp MultiByte_String_Length 63 map dataMap; data = NULL; data = (int64_t *)malloc(sizeof(*data)); *data = 2147483643LL; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int64_t * data = dataMap[2]; printLongLongLine(*data); 0 --------------------------------- 16893 73344/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_33.cpp MultiByte_String_Length 55 data = NULL; data = (twoIntsStruct *)malloc(sizeof(*data)); twoIntsStruct * data = dataRef; printStructLine(data); 0 --------------------------------- 16894 73344/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_33.cpp MultiByte_String_Length 32 data = NULL; data = (twoIntsStruct *)malloc(sizeof(data)); twoIntsStruct * data = dataRef; printStructLine(data); 1 --------------------------------- 16895 73348/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_43.cpp MultiByte_String_Length 52 data = NULL; goodG2BSource(data); static void goodG2BSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(sizeof(*data)); printStructLine(data); 0 --------------------------------- 16896 73348/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_43.cpp MultiByte_String_Length 28 data = NULL; badSource(data); static void badSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(sizeof(data)); printStructLine(data); 1 --------------------------------- 16897 73356/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_62.cpp MultiByte_String_Length 136 data = NULL; goodG2BSource(data); void goodG2BSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(sizeof(*data)); printStructLine(data); 0 --------------------------------- 16898 73356/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_62.cpp MultiByte_String_Length 123 data = NULL; badSource(data); void badSource(twoIntsStruct * &data) data = (twoIntsStruct *)malloc(sizeof(data)); printStructLine(data); 1 --------------------------------- 16899 73363/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_72.cpp MultiByte_String_Length 38 vector dataVector; data = NULL; data = (twoIntsStruct *)malloc(sizeof(data)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) twoIntsStruct * data = dataVector[2]; printStructLine(data); 1 --------------------------------- 16900 73363/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_72.cpp MultiByte_String_Length 64 vector dataVector; data = NULL; data = (twoIntsStruct *)malloc(sizeof(*data)); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) twoIntsStruct * data = dataVector[2]; printStructLine(data); 0 --------------------------------- 16901 73364/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_73.cpp MultiByte_String_Length 38 list dataList; data = NULL; data = (twoIntsStruct *)malloc(sizeof(data)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) twoIntsStruct * data = dataList.back(); printStructLine(data); 1 --------------------------------- 16902 73364/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_73.cpp MultiByte_String_Length 64 list dataList; data = NULL; data = (twoIntsStruct *)malloc(sizeof(*data)); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) twoIntsStruct * data = dataList.back(); printStructLine(data); 0 --------------------------------- 16903 73365/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_74.cpp MultiByte_String_Length 38 map dataMap; data = NULL; data = (twoIntsStruct *)malloc(sizeof(data)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) twoIntsStruct * data = dataMap[2]; printStructLine(data); 1 --------------------------------- 16904 73365/CWE122_Heap_Based_Buffer_Overflow__sizeof_struct_74.cpp MultiByte_String_Length 64 map dataMap; data = NULL; data = (twoIntsStruct *)malloc(sizeof(*data)); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) twoIntsStruct * data = dataMap[2]; printStructLine(data); 0 --------------------------------- 16905 73428/CWE123_Write_What_Where_Condition__connect_socket_33.cpp Buffer_Overflow_boundedcpy 90 data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; SOCKET connectSocket = INVALID_SOCKET; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); recvResult = recv(connectSocket, (char*)&data, sizeof(data), 0); linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16906 73432/CWE123_Write_What_Where_Condition__connect_socket_43.cpp Buffer_Overflow_boundedcpy 82 data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; badSource(data); static void badSource(badStruct &data) memset(&service, 0, sizeof(service)); recvResult = recv(connectSocket, (char*)&data, sizeof(data), 0); linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16907 73440/CWE123_Write_What_Where_Condition__connect_socket_62.cpp Buffer_Overflow_boundedcpy 228 data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; badSource(data); void badSource(badStruct &data) memset(&service, 0, sizeof(service)); recvResult = recv(connectSocket, (char*)&data, sizeof(data), 0); linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16908 73447/CWE123_Write_What_Where_Condition__connect_socket_72.cpp Buffer_Overflow_boundedcpy 96 data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; memset(&service, 0, sizeof(service)); recvResult = recv(connectSocket, (char*)&data, sizeof(data), 0); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) badStruct data = dataVector[2]; linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16909 73448/CWE123_Write_What_Where_Condition__connect_socket_73.cpp Buffer_Overflow_boundedcpy 96 data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; memset(&service, 0, sizeof(service)); recvResult = recv(connectSocket, (char*)&data, sizeof(data), 0); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) badStruct data = dataList.back(); linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16910 73449/CWE123_Write_What_Where_Condition__connect_socket_74.cpp Buffer_Overflow_boundedcpy 96 data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; memset(&service, 0, sizeof(service)); recvResult = recv(connectSocket, (char*)&data, sizeof(data), 0); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) badStruct data = dataMap[2]; linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16911 73476/CWE123_Write_What_Where_Condition__fgets_33.cpp Buffer_Overflow_fgets 48 linkedList head = { &head, &head }; data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; if (fgets((char*)&data, sizeof(data), stdin) == NULL) linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16912 73480/CWE123_Write_What_Where_Condition__fgets_43.cpp Buffer_Overflow_fgets 40 data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; badSource(data); static void badSource(badStruct &data) if (fgets((char*)&data, sizeof(data), stdin) == NULL) linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16913 73488/CWE123_Write_What_Where_Condition__fgets_62.cpp Buffer_Overflow_fgets 186 data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; badSource(data); void badSource(badStruct &data) if (fgets((char*)&data, sizeof(data), stdin) == NULL) linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16914 73495/CWE123_Write_What_Where_Condition__fgets_72.cpp Buffer_Overflow_fgets 54 badStruct data; vector dataVector; linkedList head = { &head, &head }; data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; if (fgets((char*)&data, sizeof(data), stdin) == NULL) dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) badStruct data = dataVector[2]; linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16915 73496/CWE123_Write_What_Where_Condition__fgets_73.cpp Buffer_Overflow_fgets 54 badStruct data; list dataList; linkedList head = { &head, &head }; data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; if (fgets((char*)&data, sizeof(data), stdin) == NULL) dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) badStruct data = dataList.back(); linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16916 73497/CWE123_Write_What_Where_Condition__fgets_74.cpp Buffer_Overflow_fgets 54 badStruct data; map dataMap; linkedList head = { &head, &head }; data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; if (fgets((char*)&data, sizeof(data), stdin) == NULL) dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) badStruct data = dataMap[2]; linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16917 73524/CWE123_Write_What_Where_Condition__listen_socket_33.cpp Buffer_Overflow_boundedcpy 91 data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; memset(&service, 0, sizeof(service)); recvResult = recv(acceptSocket, (char*)&data, sizeof(data), 0); linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16918 73528/CWE123_Write_What_Where_Condition__listen_socket_43.cpp Buffer_Overflow_boundedcpy 83 data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; badSource(data); static void badSource(badStruct &data) memset(&service, 0, sizeof(service)); recvResult = recv(acceptSocket, (char*)&data, sizeof(data), 0); linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16919 73536/CWE123_Write_What_Where_Condition__listen_socket_62.cpp Buffer_Overflow_boundedcpy 229 data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; badSource(data); void badSource(badStruct &data) memset(&service, 0, sizeof(service)); recvResult = recv(acceptSocket, (char*)&data, sizeof(data), 0); linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16920 73543/CWE123_Write_What_Where_Condition__listen_socket_72.cpp Buffer_Overflow_boundedcpy 97 vector dataVector; data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; memset(&service, 0, sizeof(service)); recvResult = recv(acceptSocket, (char*)&data, sizeof(data), 0); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) badStruct data = dataVector[2]; linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16921 73544/CWE123_Write_What_Where_Condition__listen_socket_73.cpp Buffer_Overflow_boundedcpy 97 list dataList; data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; memset(&service, 0, sizeof(service)); recvResult = recv(acceptSocket, (char*)&data, sizeof(data), 0); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) badStruct data = dataList.back(); linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16922 73545/CWE123_Write_What_Where_Condition__listen_socket_74.cpp Buffer_Overflow_boundedcpy 97 map dataMap; data.list.next = head.next; data.list.prev = head.prev; head.next = &data.list; head.prev = &data.list; memset(&service, 0, sizeof(service)); recvResult = recv(acceptSocket, (char*)&data, sizeof(data), 0); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) badStruct data = dataMap[2]; linkedListPrev = data.list.prev; linkedListNext = data.list.next; linkedListPrev->next = linkedListNext; linkedListNext->prev = linkedListPrev; 1 --------------------------------- 16923 73572/CWE124_Buffer_Underwrite__CWE839_connect_socket_33.cpp Buffer_Overflow_Indexes 212 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16924 73572/CWE124_Buffer_Underwrite__CWE839_connect_socket_33.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16925 73576/CWE124_Buffer_Underwrite__CWE839_connect_socket_43.cpp Buffer_Overflow_Indexes 83 badSource(data); static void badSource(int &data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16926 73576/CWE124_Buffer_Underwrite__CWE839_connect_socket_43.cpp Buffer_Overflow_Indexes 210 goodB2GSource(data); static void goodB2GSource(int &data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16927 73584/CWE124_Buffer_Underwrite__CWE839_connect_socket_62.cpp Buffer_Overflow_Indexes 240 badSource(data); void badSource(int &data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16928 73584/CWE124_Buffer_Underwrite__CWE839_connect_socket_62.cpp Buffer_Overflow_Indexes 313 goodB2GSource(data); void goodB2GSource(int &data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16929 73591/CWE124_Buffer_Underwrite__CWE839_connect_socket_72.cpp Buffer_Overflow_Indexes 188 vector dataVector; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodB2GSink(dataVector); void goodB2GSink(vector dataVector) int data = dataVector[2]; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16930 73591/CWE124_Buffer_Underwrite__CWE839_connect_socket_72.cpp Buffer_Overflow_Indexes 93 vector dataVector; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int data = dataVector[2]; if (data < 10) buffer[data] = 1; 1 --------------------------------- 16931 73592/CWE124_Buffer_Underwrite__CWE839_connect_socket_73.cpp Buffer_Overflow_Indexes 188 list dataList; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodB2GSink(dataList); void goodB2GSink(list dataList) int data = dataList.back(); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16932 73592/CWE124_Buffer_Underwrite__CWE839_connect_socket_73.cpp Buffer_Overflow_Indexes 93 list dataList; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int data = dataList.back(); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16933 73593/CWE124_Buffer_Underwrite__CWE839_connect_socket_74.cpp Buffer_Overflow_Indexes 188 map dataMap; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodB2GSink(dataMap); void goodB2GSink(map dataMap) int data = dataMap[2]; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16934 73593/CWE124_Buffer_Underwrite__CWE839_connect_socket_74.cpp Buffer_Overflow_Indexes 93 map dataMap; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int data = dataMap[2]; if (data < 10) buffer[data] = 1; 1 --------------------------------- 16935 73620/CWE124_Buffer_Underwrite__CWE839_fgets_33.cpp Buffer_Overflow_fgets 118 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16936 73620/CWE124_Buffer_Underwrite__CWE839_fgets_33.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16937 73624/CWE124_Buffer_Underwrite__CWE839_fgets_43.cpp Buffer_Overflow_fgets 32 char inputBuffer[CHAR_ARRAY_SIZE] = ""; data = -1; badSource(data); static void badSource(int &data) if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16938 73624/CWE124_Buffer_Underwrite__CWE839_fgets_43.cpp Buffer_Overflow_fgets 116 char inputBuffer[CHAR_ARRAY_SIZE] = ""; data = -1; goodB2GSource(data); static void goodB2GSource(int &data) if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16939 73632/CWE124_Buffer_Underwrite__CWE839_fgets_62.cpp Buffer_Overflow_fgets 189 badSource(data); void badSource(int &data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16940 73632/CWE124_Buffer_Underwrite__CWE839_fgets_62.cpp Buffer_Overflow_fgets 219 goodB2GSource(data); void goodB2GSource(int &data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16941 73639/CWE124_Buffer_Underwrite__CWE839_fgets_72.cpp Buffer_Overflow_fgets 94 vector dataVector; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodB2GSink(dataVector); void goodB2GSink(vector dataVector) int data = dataVector[2]; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16942 73639/CWE124_Buffer_Underwrite__CWE839_fgets_72.cpp Buffer_Overflow_fgets 42 vector dataVector; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int data = dataVector[2]; if (data < 10) buffer[data] = 1; 1 --------------------------------- 16943 73640/CWE124_Buffer_Underwrite__CWE839_fgets_73.cpp Buffer_Overflow_fgets 94 list dataList; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodB2GSink(dataList); void goodB2GSink(list dataList) int data = dataList.back(); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16944 73640/CWE124_Buffer_Underwrite__CWE839_fgets_73.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int data = dataList.back(); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16945 73641/CWE124_Buffer_Underwrite__CWE839_fgets_74.cpp Buffer_Overflow_fgets 94 map dataMap; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodB2GSink(dataMap); void goodB2GSink(map dataMap) int data = dataMap[2]; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16946 73641/CWE124_Buffer_Underwrite__CWE839_fgets_74.cpp Buffer_Overflow_fgets 42 map dataMap; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int data = dataMap[2]; if (data < 10) buffer[data] = 1; 1 --------------------------------- 16947 73668/CWE124_Buffer_Underwrite__CWE839_fscanf_33.cpp Buffer_Overflow_unbounded 32 fscanf(stdin, "%d", &data); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16948 73668/CWE124_Buffer_Underwrite__CWE839_fscanf_33.cpp Buffer_Overflow_unbounded 103 fscanf(stdin, "%d", &data); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16949 73672/CWE124_Buffer_Underwrite__CWE839_fscanf_43.cpp Buffer_Overflow_unbounded 28 badSource(data); static void badSource(int &data) fscanf(stdin, "%d", &data); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16950 73672/CWE124_Buffer_Underwrite__CWE839_fscanf_43.cpp Buffer_Overflow_unbounded 101 goodB2GSource(data); static void goodB2GSource(int &data) fscanf(stdin, "%d", &data); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16951 73680/CWE124_Buffer_Underwrite__CWE839_fscanf_62.cpp Buffer_Overflow_unbounded 185 badSource(data); void badSource(int &data) fscanf(stdin, "%d", &data); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16952 73680/CWE124_Buffer_Underwrite__CWE839_fscanf_62.cpp Buffer_Overflow_unbounded 204 goodB2GSource(data); void goodB2GSource(int &data) fscanf(stdin, "%d", &data); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16953 73687/CWE124_Buffer_Underwrite__CWE839_fscanf_72.cpp Buffer_Overflow_unbounded 79 vector dataVector; fscanf(stdin, "%d", &data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodB2GSink(dataVector); void goodB2GSink(vector dataVector) int data = dataVector[2]; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16954 73687/CWE124_Buffer_Underwrite__CWE839_fscanf_72.cpp Buffer_Overflow_unbounded 38 vector dataVector; fscanf(stdin, "%d", &data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int data = dataVector[2]; if (data < 10) buffer[data] = 1; 1 --------------------------------- 16955 73688/CWE124_Buffer_Underwrite__CWE839_fscanf_73.cpp Buffer_Overflow_unbounded 79 list dataList; fscanf(stdin, "%d", &data); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodB2GSink(dataList); void goodB2GSink(list dataList) int data = dataList.back(); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16956 73688/CWE124_Buffer_Underwrite__CWE839_fscanf_73.cpp Buffer_Overflow_unbounded 38 list dataList; fscanf(stdin, "%d", &data); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int data = dataList.back(); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16957 73689/CWE124_Buffer_Underwrite__CWE839_fscanf_74.cpp Buffer_Overflow_unbounded 79 map dataMap; fscanf(stdin, "%d", &data); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodB2GSink(dataMap); void goodB2GSink(map dataMap) int data = dataMap[2]; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16958 73689/CWE124_Buffer_Underwrite__CWE839_fscanf_74.cpp Buffer_Overflow_unbounded 38 map dataMap; fscanf(stdin, "%d", &data); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int data = dataMap[2]; if (data < 10) buffer[data] = 1; 1 --------------------------------- 16959 73716/CWE124_Buffer_Underwrite__CWE839_listen_socket_33.cpp Buffer_Overflow_Indexes 234 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16960 73716/CWE124_Buffer_Underwrite__CWE839_listen_socket_33.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 16961 73720/CWE124_Buffer_Underwrite__CWE839_listen_socket_43.cpp Buffer_Overflow_Indexes 92 badSource(data); static void badSource(int &data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16962 73720/CWE124_Buffer_Underwrite__CWE839_listen_socket_43.cpp Buffer_Overflow_Indexes 232 goodB2GSource(data); static void goodB2GSource(int &data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16963 73728/CWE124_Buffer_Underwrite__CWE839_listen_socket_62.cpp Buffer_Overflow_Indexes 249 badSource(data); void badSource(int &data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16964 73728/CWE124_Buffer_Underwrite__CWE839_listen_socket_62.cpp Buffer_Overflow_Indexes 335 goodB2GSource(data); void goodB2GSource(int &data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16965 73735/CWE124_Buffer_Underwrite__CWE839_listen_socket_72.cpp Buffer_Overflow_Indexes 210 vector dataVector; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodB2GSink(dataVector); void goodB2GSink(vector dataVector) int data = dataVector[2]; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16966 73735/CWE124_Buffer_Underwrite__CWE839_listen_socket_72.cpp Buffer_Overflow_Indexes 102 vector dataVector; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int data = dataVector[2]; if (data < 10) buffer[data] = 1; 1 --------------------------------- 16967 73736/CWE124_Buffer_Underwrite__CWE839_listen_socket_73.cpp Buffer_Overflow_Indexes 210 list dataList; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodB2GSink(dataList); void goodB2GSink(list dataList) int data = dataList.back(); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16968 73736/CWE124_Buffer_Underwrite__CWE839_listen_socket_73.cpp Buffer_Overflow_Indexes 102 list dataList; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int data = dataList.back(); if (data < 10) buffer[data] = 1; 1 --------------------------------- 16969 73737/CWE124_Buffer_Underwrite__CWE839_listen_socket_74.cpp Buffer_Overflow_Indexes 210 map dataMap; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodB2GSink(dataMap); void goodB2GSink(map dataMap) int data = dataMap[2]; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 16970 73737/CWE124_Buffer_Underwrite__CWE839_listen_socket_74.cpp Buffer_Overflow_Indexes 102 map dataMap; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int data = dataMap[2]; if (data < 10) buffer[data] = 1; 1 --------------------------------- 16971 73762/CWE124_Buffer_Underwrite__char_alloca_cpy_33.cpp Buffer_Overflow_cpycat 42 char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 16972 73762/CWE124_Buffer_Underwrite__char_alloca_cpy_33.cpp Buffer_Overflow_cpycat 69 char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 16973 73777/CWE124_Buffer_Underwrite__char_alloca_cpy_72.cpp Buffer_Overflow_cpycat 168 vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 16974 73777/CWE124_Buffer_Underwrite__char_alloca_cpy_72.cpp Buffer_Overflow_cpycat 150 vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 16975 73778/CWE124_Buffer_Underwrite__char_alloca_cpy_73.cpp Buffer_Overflow_cpycat 168 list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 16976 73778/CWE124_Buffer_Underwrite__char_alloca_cpy_73.cpp Buffer_Overflow_cpycat 150 list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 16977 73779/CWE124_Buffer_Underwrite__char_alloca_cpy_74.cpp Buffer_Overflow_cpycat 168 map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 16978 73779/CWE124_Buffer_Underwrite__char_alloca_cpy_74.cpp Buffer_Overflow_cpycat 150 map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 16979 73842/CWE124_Buffer_Underwrite__char_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 71 char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 16980 73842/CWE124_Buffer_Underwrite__char_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 42 char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 16981 73857/CWE124_Buffer_Underwrite__char_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 170 vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 16982 73857/CWE124_Buffer_Underwrite__char_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 150 vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 16983 73858/CWE124_Buffer_Underwrite__char_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 170 list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 16984 73858/CWE124_Buffer_Underwrite__char_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 150 list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 16985 73859/CWE124_Buffer_Underwrite__char_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 170 map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 16986 73859/CWE124_Buffer_Underwrite__char_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 150 map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 16987 73882/CWE124_Buffer_Underwrite__char_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 42 char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 16988 73882/CWE124_Buffer_Underwrite__char_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 71 char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 16989 73897/CWE124_Buffer_Underwrite__char_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 170 vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 16990 73897/CWE124_Buffer_Underwrite__char_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 150 vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 16991 73898/CWE124_Buffer_Underwrite__char_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 170 list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 16992 73898/CWE124_Buffer_Underwrite__char_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 150 list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 16993 73899/CWE124_Buffer_Underwrite__char_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 170 map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 16994 73899/CWE124_Buffer_Underwrite__char_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 150 map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 16995 73922/CWE124_Buffer_Underwrite__char_alloca_ncpy_33.cpp Buffer_Overflow_boundedcpy 71 char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 16996 73922/CWE124_Buffer_Underwrite__char_alloca_ncpy_33.cpp Buffer_Overflow_boundedcpy 42 char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 16997 73937/CWE124_Buffer_Underwrite__char_alloca_ncpy_72.cpp Buffer_Overflow_boundedcpy 170 vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 16998 73937/CWE124_Buffer_Underwrite__char_alloca_ncpy_72.cpp Buffer_Overflow_boundedcpy 150 vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 16999 73938/CWE124_Buffer_Underwrite__char_alloca_ncpy_73.cpp Buffer_Overflow_boundedcpy 170 list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17000 73938/CWE124_Buffer_Underwrite__char_alloca_ncpy_73.cpp Buffer_Overflow_boundedcpy 150 list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17001 73939/CWE124_Buffer_Underwrite__char_alloca_ncpy_74.cpp Buffer_Overflow_boundedcpy 170 map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17002 73939/CWE124_Buffer_Underwrite__char_alloca_ncpy_74.cpp Buffer_Overflow_boundedcpy 150 map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17003 73962/CWE124_Buffer_Underwrite__char_declare_cpy_33.cpp Buffer_Overflow_cpycat 42 char * &dataRef = data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17004 73962/CWE124_Buffer_Underwrite__char_declare_cpy_33.cpp Buffer_Overflow_cpycat 69 char * &dataRef = data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17005 73977/CWE124_Buffer_Underwrite__char_declare_cpy_72.cpp Buffer_Overflow_cpycat 168 vector dataVector; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17006 73977/CWE124_Buffer_Underwrite__char_declare_cpy_72.cpp Buffer_Overflow_cpycat 150 vector dataVector; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17007 73978/CWE124_Buffer_Underwrite__char_declare_cpy_73.cpp Buffer_Overflow_cpycat 168 list dataList; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17008 73978/CWE124_Buffer_Underwrite__char_declare_cpy_73.cpp Buffer_Overflow_cpycat 150 list dataList; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17009 73979/CWE124_Buffer_Underwrite__char_declare_cpy_74.cpp Buffer_Overflow_cpycat 168 map dataMap; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17010 73979/CWE124_Buffer_Underwrite__char_declare_cpy_74.cpp Buffer_Overflow_cpycat 150 map dataMap; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17011 74042/CWE124_Buffer_Underwrite__char_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 71 char * &dataRef = data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17012 74042/CWE124_Buffer_Underwrite__char_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 42 char * &dataRef = data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17013 74057/CWE124_Buffer_Underwrite__char_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 170 vector dataVector; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17014 74057/CWE124_Buffer_Underwrite__char_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 150 vector dataVector; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17015 74058/CWE124_Buffer_Underwrite__char_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 170 list dataList; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17016 74058/CWE124_Buffer_Underwrite__char_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 150 list dataList; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17017 74059/CWE124_Buffer_Underwrite__char_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 170 map dataMap; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17018 74059/CWE124_Buffer_Underwrite__char_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 150 map dataMap; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17019 74082/CWE124_Buffer_Underwrite__char_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 42 char * &dataRef = data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17020 74082/CWE124_Buffer_Underwrite__char_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 71 char * &dataRef = data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17021 74097/CWE124_Buffer_Underwrite__char_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 170 vector dataVector; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17022 74097/CWE124_Buffer_Underwrite__char_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 150 vector dataVector; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17023 74098/CWE124_Buffer_Underwrite__char_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 170 list dataList; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17024 74098/CWE124_Buffer_Underwrite__char_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 150 list dataList; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17025 74099/CWE124_Buffer_Underwrite__char_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 170 map dataMap; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17026 74099/CWE124_Buffer_Underwrite__char_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 150 map dataMap; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17027 74122/CWE124_Buffer_Underwrite__char_declare_ncpy_33.cpp Buffer_Overflow_boundedcpy 71 char * &dataRef = data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17028 74122/CWE124_Buffer_Underwrite__char_declare_ncpy_33.cpp Buffer_Overflow_boundedcpy 42 char * &dataRef = data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17029 74137/CWE124_Buffer_Underwrite__char_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 170 vector dataVector; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17030 74137/CWE124_Buffer_Underwrite__char_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 150 vector dataVector; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17031 65469/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_74.cpp Off_by_One_Error_in_Methods 170 wchar_t * data; map dataMap; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataMap[2] = data; void goodG2BSink(map dataMap) wchar_t source[100]; wchar_t * data = dataMap[2]; source[100-1] = L'\0' wcsncpy(data, source, 100-1); 0 --------------------------------- 17032 65469/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_74.cpp Off_by_One_Error_in_Methods 151 wchar_t * data; map dataMap; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 17033 65469/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 17034 65492/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_33.cpp Format_String_Attack 49 wchar_t * data; wchar_t * &dataRef = data; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = L'\0'; wchar_t * data = dataRef; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 17035 65492/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_33.cpp Buffer_Overflow_LowBound 49 wchar_t * data; wchar_t * &dataRef = data; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataGoodBuffer; data[0] = L'\0'; wchar_t * data = dataRef; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 17036 65492/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_33.cpp Buffer_Overflow_boundedcpy 46 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 17037 65507/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_72.cpp Format_String_Attack 157 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t source[100]; wchar_t * data = dataVector[2]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 17038 65507/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_72.cpp Format_String_Attack 175 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void goodG2BSink(vector dataVector) wchar_t source[100]; wchar_t * data = dataVector[2]; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 17039 65507/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_72.cpp Buffer_Overflow_boundedcpy 172 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 17040 65508/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_73.cpp Format_String_Attack 157 wchar_t * data; list dataList; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 17041 65508/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_73.cpp Format_String_Attack 175 list dataList; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void goodG2BSink(list dataList) wchar_t source[100]; wchar_t * data = dataList.back(); SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 17042 65508/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_73.cpp Buffer_Overflow_boundedcpy 172 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 17043 65509/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_74.cpp Format_String_Attack 157 wchar_t * data; map dataMap; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t source[100]; wchar_t * data = dataMap[2]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 17044 65509/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_74.cpp Format_String_Attack 175 wchar_t * data; map dataMap; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataGoodBuffer; data[0] = L'\0'; goodG2BSink(dataMap); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void goodG2BSink(map dataMap) wchar_t source[100]; wchar_t * data = dataMap[2]; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 17045 65509/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_74.cpp Buffer_Overflow_boundedcpy 172 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 17046 65534/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_loop_33.cpp Buffer_Overflow_boundedcpy 33 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17047 65538/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_loop_43.cpp Buffer_Overflow_boundedcpy 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); memset(data, 'A', 100-1); char dest[50] = ""; size_t i, dataLen; dataLen = strlen(data); for (i = 0; i < dataLen; i++) dest[i] = data[i]; 1 --------------------------------- 17048 65538/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_loop_43.cpp Buffer_Overflow_boundedcpy 61 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; size_t i, dataLen; dataLen = strlen(data); for (i = 0; i < dataLen; i++) dest[i] = data[i]; 0 --------------------------------- 17049 65546/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_loop_62.cpp String_Termination_Error 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); memset(data, 'A', 100-1); char dest[50] = ""; size_t i, dataLen; dataLen = strlen(data); for (i = 0; i < dataLen; i++) dest[i] = data[i]; 1 --------------------------------- 17050 65546/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_loop_62.cpp Buffer_Overflow_boundedcpy 156 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; size_t i, dataLen; dataLen = strlen(data); for (i = 0; i < dataLen; i++) dest[i] = data[i]; 0 --------------------------------- 17051 65582/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_33.cpp String_Termination_Error 40 char * data; char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17052 65582/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_33.cpp String_Termination_Error 66 char * data; char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17053 65586/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_43.cpp Buffer_Overflow_boundedcpy 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); char dest[50] = ""; memset(data, 'A', 100-1); 1 --------------------------------- 17054 65586/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_43.cpp Buffer_Overflow_boundedcpy 56 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); char dest[50] = ""; memset(data, 'A', 50-1); 0 --------------------------------- 17055 65594/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_62.cpp String_Termination_Error 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); memset(data, 'A', 100-1); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17056 65594/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_62.cpp Buffer_Overflow_boundedcpy 146 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17057 65601/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_72.cpp String_Termination_Error 165 char * data; vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char dest[50] = ""; char * data = dataVector[2]; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17058 65601/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 148 char * data; vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17059 65602/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_73.cpp String_Termination_Error 148 char * data; list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17060 65602/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_73.cpp String_Termination_Error 165 char * data; list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char dest[50] = ""; char * data = dataList.back(); memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17061 65603/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_74.cpp String_Termination_Error 148 char * data; map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char dest[50] = ""; char * data = dataMap[2]; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17062 65603/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_74.cpp String_Termination_Error 165 char * data; map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char dest[50] = ""; char * data = dataMap[2]; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17063 65630/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_33.cpp String_Termination_Error 66 char * data; char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17064 65630/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_33.cpp String_Termination_Error 40 char * data; char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17065 65634/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_43.cpp Buffer_Overflow_boundedcpy 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); memset(data, 'A', 100-1); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17066 65634/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_43.cpp Buffer_Overflow_boundedcpy 56 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); memset(data, 'A', 50-1); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17067 65642/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_62.cpp String_Termination_Error 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); memset(data, 'A', 100-1); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17068 65642/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_62.cpp Buffer_Overflow_boundedcpy 146 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); memset(data, 'A', 50-1); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17069 65649/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_72.cpp String_Termination_Error 148 char * data; vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17070 65649/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_72.cpp String_Termination_Error 165 char * data; vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17071 65650/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_73.cpp String_Termination_Error 148 char * data; list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17072 65650/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_73.cpp String_Termination_Error 165 char * data; list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17073 65651/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_74.cpp String_Termination_Error 148 char * data; map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char dest[50] = ""; char * data = dataMap[2]; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17074 65651/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_74.cpp String_Termination_Error 165 char * data; map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char dest[50] = ""; char * data = dataMap[2]; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17075 65678/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_33.cpp Off_by_One_Error_in_Methods 66 char * data; char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); char * data = dataRef; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 17076 65678/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_33.cpp Off_by_One_Error_in_Methods 40 char * data; char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); char * data = dataRef; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 17077 65682/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_43.cpp Buffer_Overflow_boundedcpy 56 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 17078 65682/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_43.cpp Buffer_Overflow_boundedcpy 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 17079 65690/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_62.cpp Off_by_One_Error_in_Methods 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); memset(data, 'A', 100-1); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 17080 65690/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_62.cpp Buffer_Overflow_boundedcpy 146 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 17081 65697/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_72.cpp Off_by_One_Error_in_Methods 165 char * data; vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char dest[50] = ""; strncat(dest, data, strlen(data)); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncat(dest, data, strlen(data)); 0 --------------------------------- 17082 65697/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_72.cpp String_Termination_Error 148 char * data; vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char dest[50] = ""; char * data = dataVector[2]; strncat(dest, data, strlen(data)); 1 --------------------------------- 17083 65698/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_73.cpp Off_by_One_Error_in_Methods 165 char * data; list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char dest[50] = ""; strncat(dest, data, strlen(data)); void goodG2BSink(list dataList) char * data = dataList.back(); strncat(dest, data, strlen(data)); 0 --------------------------------- 17084 65698/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_73.cpp Off_by_One_Error_in_Methods 148 char * data; list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 17085 65699/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_74.cpp Off_by_One_Error_in_Methods 165 char * data; map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); char dest[50] = ""; strncat(dest, data, strlen(data)); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncat(dest, data, strlen(data)); 0 --------------------------------- 17086 65699/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_74.cpp Off_by_One_Error_in_Methods 148 char * data; map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 17087 65726/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_33.cpp Off_by_One_Error_in_Methods 40 char * data; char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 17088 65726/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_33.cpp Off_by_One_Error_in_Methods 66 char * data; char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 17089 65730/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_43.cpp Buffer_Overflow_boundedcpy 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 17090 65730/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_43.cpp Buffer_Overflow_boundedcpy 56 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 17091 65738/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_62.cpp Buffer_Overflow_LowBound 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); memset(data, 'A', 100-1); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 17092 65738/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_62.cpp Buffer_Overflow_boundedcpy 146 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 17093 65745/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_72.cpp Off_by_One_Error_in_Methods 165 char * data; vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); ; goodG2BSink(dataVector); char dest[50] = ""; char * data = dataVector[2]; strncpy(dest, data, strlen(data)); 0 --------------------------------- 17094 65745/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_72.cpp Off_by_One_Error_in_Methods 148 char * data; vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 17095 65746/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_73.cpp Off_by_One_Error_in_Methods 165 char * data; list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char dest[50] = ""; strncpy(dest, data, strlen(data)); void goodG2BSink(list dataList) char * data = dataList.back(); strncpy(dest, data, strlen(data)); 0 --------------------------------- 17096 65746/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_73.cpp Off_by_One_Error_in_Methods 148 char * data; list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 17097 65747/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_74.cpp Off_by_One_Error_in_Methods 165 char * data; map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); char dest[50] = ""; strncpy(dest, data, strlen(data)); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncpy(dest, data, strlen(data)); 0 --------------------------------- 17098 65747/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_74.cpp Off_by_One_Error_in_Methods 148 char * data; map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 17099 65774/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_33.cpp Format_String_Attack 46 char * data; char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); char * data = dataRef; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 17100 65774/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_33.cpp Format_String_Attack 71 char * data; char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); char * data = dataRef; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 17101 65778/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_43.cpp Buffer_Overflow_boundedcpy 61 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 17102 65778/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_43.cpp Buffer_Overflow_boundedcpy 35 char * data char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 17103 65786/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_62.cpp Format_String_Attack 44 char * data ; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); memset(data, 'A', 100-1); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); void badSource(char * &data); SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 17104 65786/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_62.cpp Buffer_Overflow_boundedcpy 150 char * data ; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 17105 65793/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_72.cpp Format_String_Attack 170 char * data; vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); void goodG2BSink(vector dataVector) char * data = dataVector[2]; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 17106 65793/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_72.cpp Format_String_Attack 154 char * data; vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 17107 65794/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_73.cpp Format_String_Attack 170 char * data; list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); void goodG2BSink(list dataList) char * data = dataList.back(); SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 17108 65794/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_73.cpp Format_String_Attack 154 char * data; list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 17109 65795/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_74.cpp Format_String_Attack 170 char * data; map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); void goodG2BSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 17110 65795/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_74.cpp Format_String_Attack 154 char * data; map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 17111 65826/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_loop_43.cpp Buffer_Overflow_boundedcpy 29 char * data; char dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); char dest[50] = ""; for (i = 0; i < dataLen; i++) dest[i] = data[i]; 1 --------------------------------- 17112 65826/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_loop_43.cpp Buffer_Overflow_boundedcpy 61 char * data; char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; for (i = 0; i < dataLen; i++) dest[i] = data[i]; 0 --------------------------------- 17113 65834/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_loop_62.cpp Buffer_Overflow_boundedcpy 156 char * data; char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; size_t i, dataLen; dataLen = strlen(data); for (i = 0; i < dataLen; i++) dest[i] = data[i]; 0 --------------------------------- 17114 65834/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_loop_62.cpp Buffer_Overflow_boundedcpy 144 char * data; char dataBuffer[100]; data = dataBuffer; void badSource(char * &data) memset(data, 'A', 100-1); char dest[50] = ""; size_t i, dataLen; dataLen = strlen(data); for (i = 0; i < dataLen; i++) dest[i] = data[i]; 1 --------------------------------- 17115 65841/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_loop_72.cpp String_Termination_Error 170 char * data; vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char dest[50] = ""; size_t i, dataLen; dataLen = strlen(data); for (i = 0; i < dataLen; i++) dest[i] = data[i]; 0 --------------------------------- 17116 65842/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_loop_73.cpp String_Termination_Error 148 char * data; vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(list dataList) char * data = dataList.back(); dataLen = strlen(data); char dest[50] = ""; size_t i, dataLen; dataLen = strlen(data); for (i = 0; i < dataLen; i++) dest[i] = data[i]; 1 --------------------------------- 17117 65843/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_loop_74.cpp String_Termination_Error 148 char * data; map dataMap; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; dataLen = strlen(data); char dest[50] = ""; size_t i, dataLen; dataLen = strlen(data); for (i = 0; i < dataLen; i++) dest[i] = data[i]; 1 --------------------------------- 17118 65843/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_loop_74.cpp String_Termination_Error 148 char * data; map dataMap; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[05-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; dataLen = strlen(data); char dest[50] = ""; size_t i, dataLen; dataLen = strlen(data); for (i = 0; i < dataLen; i++) dest[i] = data[i]; 0 --------------------------------- 17119 65870/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 40 char * data; char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); char * data = dataRef; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17120 65870/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 66 char * data; char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); char * data = dataRef; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17121 65874/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_43.cpp Buffer_Overflow_boundedcpy 29 char * data; char dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17122 65874/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_43.cpp Buffer_Overflow_boundedcpy 56 char * data; char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17123 65882/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_62.cpp String_Termination_Error 38 char * data; char dataBuffer[100]; data = dataBuffer; badSource(data); void badSource(char * &data); memset(data, 'A', 100-1); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17124 65882/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_62.cpp Buffer_Overflow_boundedcpy 146 char * data; char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17125 65889/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_72.cpp String_Termination_Error 148 char * data; vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17126 65889/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_72.cpp String_Termination_Error 165 char * data; vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17127 65890/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_73.cpp String_Termination_Error 148 char * data; list dataList; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17128 65890/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_73.cpp String_Termination_Error 165 char * data; list dataList; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17129 65891/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_74.cpp String_Termination_Error 148 char * data; map dataMap; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17130 65891/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_74.cpp String_Termination_Error 165 char * data; map dataMap; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17131 65918/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_33.cpp String_Termination_Error 40 char * data; char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17132 65918/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 66 char * data; char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17133 65922/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_43.cpp Buffer_Overflow_boundedcpy 29 char * data; char dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17134 65922/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_43.cpp Buffer_Overflow_boundedcpy 56 char * data ; char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17135 65930/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_62.cpp String_Termination_Error 38 char * data; char dataBuffer[100]; data = dataBuffer; badSource(data); void badSource(char * &data); memset(data, 'A', 100-1); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17136 65930/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_62.cpp Buffer_Overflow_boundedcpy 146 char * data; char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17137 65937/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_72.cpp String_Termination_Error 148 char * data; vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17138 65937/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_72.cpp String_Termination_Error 165 char * data; vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17139 65938/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_73.cpp String_Termination_Error 148 char * data; list dataList; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17140 65938/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_73.cpp String_Termination_Error 165 char * data; list dataList; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17141 65939/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_74.cpp String_Termination_Error 148 char * data; map dataMap; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 17142 65939/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_74.cpp String_Termination_Error 165 char * data; map dataMap; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 17143 65966/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_33.cpp Off_by_One_Error_in_Methods 66 char * data; char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 17144 65966/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_33.cpp Off_by_One_Error_in_Methods 40 char * data; char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 17145 74137/CWE124_Buffer_Underwrite__char_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 150 char * data; vector dataVector; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17146 74137/CWE124_Buffer_Underwrite__char_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 167 char * data; vector dataVector; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17147 74138/CWE124_Buffer_Underwrite__char_declare_ncpy_73.cpp Off_by_One_Error_in_Methods 150 char * data; list dataList; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17148 74138/CWE124_Buffer_Underwrite__char_declare_ncpy_73.cpp Off_by_One_Error_in_Methods 170 char * data; list dataList; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17149 74139/CWE124_Buffer_Underwrite__char_declare_ncpy_74.cpp Off_by_One_Error_in_Methods 150 char * data; map dataMap; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17150 74139/CWE124_Buffer_Underwrite__char_declare_ncpy_74.cpp Off_by_One_Error_in_Methods 170 char * data; map dataMap; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17151 74260/CWE124_Buffer_Underwrite__malloc_char_cpy_33.cpp Buffer_Overflow_cpycat 45 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17152 74260/CWE124_Buffer_Underwrite__malloc_char_cpy_33.cpp Buffer_Overflow_cpycat 77 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17153 74264/CWE124_Buffer_Underwrite__malloc_char_cpy_43.cpp Buffer_Overflow_cpycat 80 char * data; data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17154 74264/CWE124_Buffer_Underwrite__malloc_char_cpy_43.cpp Buffer_Overflow_cpycat 47 char * data; data = NULL; badSource(data); static void badSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17155 74272/CWE124_Buffer_Underwrite__malloc_char_cpy_62.cpp Buffer_Overflow_cpycat 39 char * data; data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSource(data); har source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17156 74272/CWE124_Buffer_Underwrite__malloc_char_cpy_62.cpp Buffer_Overflow_cpycat 63 char * data; data = NULL; goodG2BSource(char * &data) void goodG2BSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSource(char * &data) har source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17157 74279/CWE124_Buffer_Underwrite__malloc_char_cpy_72.cpp Buffer_Overflow_cpycat 176 char * data; vector dataVector; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17158 74279/CWE124_Buffer_Underwrite__malloc_char_cpy_72.cpp Buffer_Overflow_cpycat 156 char * data; vector dataVector; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17159 74280/CWE124_Buffer_Underwrite__malloc_char_cpy_73.cpp Buffer_Overflow_cpycat 176 char * data; list dataList; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17160 74280/CWE124_Buffer_Underwrite__malloc_char_cpy_73.cpp Buffer_Overflow_cpycat 156 char * data; list dataList; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17161 74281/CWE124_Buffer_Underwrite__malloc_char_cpy_74.cpp Buffer_Overflow_cpycat 176 char * data; map dataMap; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap) void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17162 74281/CWE124_Buffer_Underwrite__malloc_char_cpy_74.cpp Buffer_Overflow_cpycat 156 char * data; map dataMap; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17163 74308/CWE124_Buffer_Underwrite__malloc_char_loop_33.cpp Buffer_Overflow_boundedcpy 81 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17164 74308/CWE124_Buffer_Underwrite__malloc_char_loop_33.cpp Buffer_Overflow_boundedcpy 43 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17165 74312/CWE124_Buffer_Underwrite__malloc_char_loop_43.cpp Buffer_Overflow_boundedcpy 84 char * data; data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17166 74312/CWE124_Buffer_Underwrite__malloc_char_loop_43.cpp Buffer_Overflow_boundedcpy 45 char * data; data = NULL; badSource(data); static void badSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17167 74320/CWE124_Buffer_Underwrite__malloc_char_loop_62.cpp Buffer_Overflow_boundedcpy 67 char * data; data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSource(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17168 74320/CWE124_Buffer_Underwrite__malloc_char_loop_62.cpp Buffer_Overflow_boundedcpy 37 char * data; data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSource(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17169 74327/CWE124_Buffer_Underwrite__malloc_char_loop_72.cpp Buffer_Overflow_boundedcpy 180 char * data; vector dataVector; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17170 74327/CWE124_Buffer_Underwrite__malloc_char_loop_72.cpp Buffer_Overflow_boundedcpy 154 char * data; vector dataVector; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17171 74328/CWE124_Buffer_Underwrite__malloc_char_loop_73.cpp Buffer_Overflow_boundedcpy 180 char * data; list dataList; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17172 74328/CWE124_Buffer_Underwrite__malloc_char_loop_73.cpp Buffer_Overflow_boundedcpy 154 char * data; list dataList; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17173 74329/CWE124_Buffer_Underwrite__malloc_char_loop_74.cpp Buffer_Overflow_boundedcpy 39 char * data; map dataMap; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17174 74329/CWE124_Buffer_Underwrite__malloc_char_loop_74.cpp Buffer_Overflow_boundedcpy 67 char * data; map dataMap; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17175 74356/CWE124_Buffer_Underwrite__malloc_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 45 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17176 74356/CWE124_Buffer_Underwrite__malloc_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 79 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17177 74360/CWE124_Buffer_Underwrite__malloc_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 82 char * data; data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17178 74360/CWE124_Buffer_Underwrite__malloc_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; badSource(data); static void badSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17179 74368/CWE124_Buffer_Underwrite__malloc_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17180 74368/CWE124_Buffer_Underwrite__malloc_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 65 char * data; data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17181 74375/CWE124_Buffer_Underwrite__malloc_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 156 char * data; vector dataVector; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17182 74375/CWE124_Buffer_Underwrite__malloc_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 178 char * data; vector dataVector; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17183 74376/CWE124_Buffer_Underwrite__malloc_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 156 char * data; list dataList; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17184 74376/CWE124_Buffer_Underwrite__malloc_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 178 char * data; list dataList; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17185 74377/CWE124_Buffer_Underwrite__malloc_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 156 char * data; map dataMap; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17186 74377/CWE124_Buffer_Underwrite__malloc_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 178 char * data; map dataMap; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17187 74404/CWE124_Buffer_Underwrite__malloc_char_memmove_33.cpp Buffer_Overflow_boundedcpy 79 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17188 74404/CWE124_Buffer_Underwrite__malloc_char_memmove_33.cpp Buffer_Overflow_boundedcpy 45 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17189 74408/CWE124_Buffer_Underwrite__malloc_char_memmove_43.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; badSource(data); static void badSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17190 74408/CWE124_Buffer_Underwrite__malloc_char_memmove_43.cpp Buffer_Overflow_boundedcpy 82 char * data; data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17191 74416/CWE124_Buffer_Underwrite__malloc_char_memmove_62.cpp Buffer_Overflow_boundedcpy 65 char * data; data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17192 74416/CWE124_Buffer_Underwrite__malloc_char_memmove_62.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17193 74423/CWE124_Buffer_Underwrite__malloc_char_memmove_72.cpp Buffer_Overflow_boundedcpy 156 char * data; vector dataVector; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17194 74423/CWE124_Buffer_Underwrite__malloc_char_memmove_72.cpp Buffer_Overflow_boundedcpy 178 char * data; vector dataVector; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17195 74424/CWE124_Buffer_Underwrite__malloc_char_memmove_73.cpp Buffer_Overflow_boundedcpy 156 char * data; list dataList; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17196 74424/CWE124_Buffer_Underwrite__malloc_char_memmove_73.cpp Buffer_Overflow_boundedcpy 178 char * data; list dataList; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17197 74425/CWE124_Buffer_Underwrite__malloc_char_memmove_74.cpp Buffer_Overflow_boundedcpy 156 char * data; map dataMap; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17198 74425/CWE124_Buffer_Underwrite__malloc_char_memmove_74.cpp Buffer_Overflow_boundedcpy 178 char * data; map dataMap; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17199 74452/CWE124_Buffer_Underwrite__malloc_char_ncpy_33.cpp Buffer_Overflow_LowBound 79 char * &dataRef = data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17200 74452/CWE124_Buffer_Underwrite__malloc_char_ncpy_33.cpp Buffer_Overflow_LowBound 45 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17201 74456/CWE124_Buffer_Underwrite__malloc_char_ncpy_43.cpp Off_by_One_Error_in_Methods 47 char * data; data = NULL; badSource(data); static void badSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17202 74456/CWE124_Buffer_Underwrite__malloc_char_ncpy_43.cpp Off_by_One_Error_in_Methods 82 char * data; data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17203 74464/CWE124_Buffer_Underwrite__malloc_char_ncpy_62.cpp Off_by_One_Error_in_Methods 39 char * data; data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17204 74464/CWE124_Buffer_Underwrite__malloc_char_ncpy_62.cpp Off_by_One_Error_in_Methods 65 char * data; data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17205 74471/CWE124_Buffer_Underwrite__malloc_char_ncpy_72.cpp Off_by_One_Error_in_Methods 156 char * data; vector dataVector; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17206 74471/CWE124_Buffer_Underwrite__malloc_char_ncpy_72.cpp Off_by_One_Error_in_Methods 178 char * data; vector dataVector; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17207 74472/CWE124_Buffer_Underwrite__malloc_char_ncpy_73.cpp Off_by_One_Error_in_Methods 156 char * data; list dataList; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17208 74472/CWE124_Buffer_Underwrite__malloc_char_ncpy_73.cpp Off_by_One_Error_in_Methods 178 char * data; list dataList; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17209 74473/CWE124_Buffer_Underwrite__malloc_char_ncpy_74.cpp Off_by_One_Error_in_Methods 156 char * data; map dataMap; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17210 74473/CWE124_Buffer_Underwrite__malloc_char_ncpy_74.cpp Off_by_One_Error_in_Methods 178 char * data; map dataMap; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17211 74500/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_33.cpp Buffer_Overflow_cpycat 45 wchar_t * data; wchar_t * &dataRef = data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 17212 74500/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_33.cpp Buffer_Overflow_cpycat 77 wchar_t * data; wchar_t * &dataRef = data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 17213 74504/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_43.cpp Buffer_Overflow_cpycat 47 wchar_t * data; data = NULL; badSource(data); static void badSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 17214 74504/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_43.cpp Buffer_Overflow_cpycat 80 wchar_t * data; data = NULL; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 17215 74512/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_62.cpp Buffer_Overflow_cpycat 63 wchar_t * data; data = NULL; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 17216 74512/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_62.cpp Buffer_Overflow_cpycat 39 wchar_t * data; data = NULL; badSource(data); void badSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 17217 74519/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_72.cpp Buffer_Overflow_cpycat 156 wchar_t * data; vector dataVector; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 17218 74519/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_72.cpp Buffer_Overflow_cpycat 176 wchar_t * data; vector dataVector; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 17219 74520/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_73.cpp Buffer_Overflow_cpycat 156 wchar_t * data; list dataList; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 17220 74520/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_73.cpp Buffer_Overflow_cpycat 176 wchar_t * data; list dataList; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcscpy(data, source); 0 --------------------------------- 17221 74521/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_74.cpp Buffer_Overflow_cpycat 156 wchar_t * data; map dataMap; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 17222 74521/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_74.cpp Buffer_Overflow_cpycat 176 wchar_t * data; map dataMap; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 17223 74548/CWE124_Buffer_Underwrite__malloc_wchar_t_loop_33.cpp Buffer_Overflow_boundedcpy 81 wchar_t * data; wchar_t * &dataRef = data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * data = dataRef; size_t i; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17224 74548/CWE124_Buffer_Underwrite__malloc_wchar_t_loop_33.cpp Buffer_Overflow_boundedcpy 71 wchar_t * data; wchar_t * &dataRef = data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * data = dataRef; size_t i; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17225 74552/CWE124_Buffer_Underwrite__malloc_wchar_t_loop_43.cpp Buffer_Overflow_boundedcpy 84 wchar_t * data; data = NULL; badSource(data); static void badSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17226 74552/CWE124_Buffer_Underwrite__malloc_wchar_t_loop_43.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; data = NULL; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17227 74560/CWE124_Buffer_Underwrite__malloc_wchar_t_loop_62.cpp Buffer_Overflow_boundedcpy 167 wchar_t * data; data = NULL; badSource(data); void badSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; badSource(data); size_t i; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17228 74560/CWE124_Buffer_Underwrite__malloc_wchar_t_loop_62.cpp Buffer_Overflow_boundedcpy 67 wchar_t * data; data = NULL; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17229 74567/CWE124_Buffer_Underwrite__malloc_wchar_t_loop_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; vector dataVector; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17230 74567/CWE124_Buffer_Underwrite__malloc_wchar_t_loop_72.cpp Buffer_Overflow_boundedcpy 180 wchar_t * data; vector dataVector; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17231 74568/CWE124_Buffer_Underwrite__malloc_wchar_t_loop_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; list dataList; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17232 74568/CWE124_Buffer_Underwrite__malloc_wchar_t_loop_73.cpp Buffer_Overflow_boundedcpy 180 wchar_t * data; list dataList; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17233 74569/CWE124_Buffer_Underwrite__malloc_wchar_t_loop_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; map dataMap; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17234 74569/CWE124_Buffer_Underwrite__malloc_wchar_t_loop_74.cpp Buffer_Overflow_boundedcpy 180 wchar_t * data; map dataMap; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17235 74596/CWE124_Buffer_Underwrite__malloc_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 79 wchar_t * data; wchar_t * &dataRef = data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 17236 74596/CWE124_Buffer_Underwrite__malloc_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; wchar_t * &dataRef = data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 17237 74600/CWE124_Buffer_Underwrite__malloc_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 82 wchar_t * data; data = NULL; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 17238 74600/CWE124_Buffer_Underwrite__malloc_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 47 wchar_t * data; data = NULL; badSource(data); static void badSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 17239 74608/CWE124_Buffer_Underwrite__malloc_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = NULL; badSource(data); void badSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 17240 74608/CWE124_Buffer_Underwrite__malloc_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 65 wchar_t * data; data = NULL; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 17241 74615/CWE124_Buffer_Underwrite__malloc_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 178 wchar_t * data; vector dataVector; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 17242 74615/CWE124_Buffer_Underwrite__malloc_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 156 wchar_t * data; vector dataVector; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 17243 74616/CWE124_Buffer_Underwrite__malloc_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 178 wchar_t * data; list dataList; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 17244 74616/CWE124_Buffer_Underwrite__malloc_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 156 wchar_t * data; list dataList; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 17245 74617/CWE124_Buffer_Underwrite__malloc_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 178 wchar_t * data; map dataMap; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 17246 74617/CWE124_Buffer_Underwrite__malloc_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 156 wchar_t * data; map dataMap; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 17247 74644/CWE124_Buffer_Underwrite__malloc_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; wchar_t * &dataRef = data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 17248 74644/CWE124_Buffer_Underwrite__malloc_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 79 wchar_t * data; wchar_t * &dataRef = data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 17249 74648/CWE124_Buffer_Underwrite__malloc_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 47 wchar_t * data; data = NULL; badSource(data); static void badSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 17250 74648/CWE124_Buffer_Underwrite__malloc_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 82 data = NULL; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 17251 74656/CWE124_Buffer_Underwrite__malloc_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 39 wchar_t * data; data = NULL; badSource(data); void badSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; badSource(data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 17252 74656/CWE124_Buffer_Underwrite__malloc_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 65 wchar_t * data; data = NULL; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 17253 74663/CWE124_Buffer_Underwrite__malloc_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 156 wchar_t * data; vector dataVector; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 17254 74663/CWE124_Buffer_Underwrite__malloc_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 178 wchar_t * data; vector dataVector; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 17255 74664/CWE124_Buffer_Underwrite__malloc_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 156 wchar_t * data; list dataList; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 17256 74664/CWE124_Buffer_Underwrite__malloc_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 178 wchar_t * data; list dataList; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 17257 74665/CWE124_Buffer_Underwrite__malloc_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 156 wchar_t * data; map dataMap; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 17258 74665/CWE124_Buffer_Underwrite__malloc_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 178 wchar_t * data; map dataMap; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 17259 74692/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_33.cpp Off_by_One_Error_in_Methods 79 wchar_t * data; wchar_t * &dataRef = data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 17260 74692/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_33.cpp Off_by_One_Error_in_Methods 45 wchar_t * data; wchar_t * &dataRef = data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 17261 74696/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_43.cpp Off_by_One_Error_in_Methods 82 wchar_t * data; data = NULL; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 17262 74696/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_43.cpp Off_by_One_Error_in_Methods 47 wchar_t * data; data = NULL; badSource(data); static void badSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 17263 74704/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_62.cpp Off_by_One_Error_in_Methods 65 wchar_t * data; data = NULL; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 17264 74704/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_62.cpp Off_by_One_Error_in_Methods 39 wchar_t * data; data = NULL; badSource(data); void badSource(wchar_t * &data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 17265 74711/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_72.cpp Off_by_One_Error_in_Methods 156 wchar_t * data; vector dataVector; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 17266 74711/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_72.cpp Off_by_One_Error_in_Methods 178 wchar_t * data; vector dataVector; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 17267 74712/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_73.cpp Off_by_One_Error_in_Methods 156 wchar_t * data; list dataList; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 17268 74712/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_73.cpp Off_by_One_Error_in_Methods 178 wchar_t * data; list dataList; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 17269 74713/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_74.cpp Off_by_One_Error_in_Methods 156 wchar_t * data; map dataMap; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 17270 74713/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_74.cpp Off_by_One_Error_in_Methods 178 wchar_t * data; map dataMap; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 17271 74718/CWE124_Buffer_Underwrite__new_char_cpy_01.cpp Buffer_Overflow_cpycat 42 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17272 74718/CWE124_Buffer_Underwrite__new_char_cpy_01.cpp Buffer_Overflow_cpycat 70 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17273 74719/CWE124_Buffer_Underwrite__new_char_cpy_02.cpp Buffer_Overflow_cpycat 45 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17274 74719/CWE124_Buffer_Underwrite__new_char_cpy_02.cpp Buffer_Overflow_cpycat 81 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17275 74720/CWE124_Buffer_Underwrite__new_char_cpy_03.cpp Buffer_Overflow_cpycat 45 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17276 74720/CWE124_Buffer_Underwrite__new_char_cpy_03.cpp Buffer_Overflow_cpycat 81 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17277 74721/CWE124_Buffer_Underwrite__new_char_cpy_04.cpp Buffer_Overflow_cpycat 51 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17278 74721/CWE124_Buffer_Underwrite__new_char_cpy_04.cpp Buffer_Overflow_cpycat 87 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17279 74722/CWE124_Buffer_Underwrite__new_char_cpy_05.cpp Buffer_Overflow_cpycat 51 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17280 74722/CWE124_Buffer_Underwrite__new_char_cpy_05.cpp Buffer_Overflow_cpycat 87 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17281 74723/CWE124_Buffer_Underwrite__new_char_cpy_06.cpp Buffer_Overflow_cpycat 50 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17282 74723/CWE124_Buffer_Underwrite__new_char_cpy_06.cpp Buffer_Overflow_cpycat 86 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17283 74724/CWE124_Buffer_Underwrite__new_char_cpy_07.cpp Buffer_Overflow_cpycat 50 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17284 74724/CWE124_Buffer_Underwrite__new_char_cpy_07.cpp Buffer_Overflow_cpycat 86 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17285 74725/CWE124_Buffer_Underwrite__new_char_cpy_08.cpp Buffer_Overflow_cpycat 58 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17286 74725/CWE124_Buffer_Underwrite__new_char_cpy_08.cpp Buffer_Overflow_cpycat 94 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17287 74726/CWE124_Buffer_Underwrite__new_char_cpy_09.cpp Buffer_Overflow_cpycat 45 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17288 74726/CWE124_Buffer_Underwrite__new_char_cpy_09.cpp Buffer_Overflow_cpycat 81 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17289 74727/CWE124_Buffer_Underwrite__new_char_cpy_10.cpp Buffer_Overflow_cpycat 45 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17290 74727/CWE124_Buffer_Underwrite__new_char_cpy_10.cpp Buffer_Overflow_cpycat 81 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17291 74728/CWE124_Buffer_Underwrite__new_char_cpy_11.cpp Buffer_Overflow_cpycat 45 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17292 74728/CWE124_Buffer_Underwrite__new_char_cpy_11.cpp Buffer_Overflow_cpycat 81 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17293 74729/CWE124_Buffer_Underwrite__new_char_cpy_12.cpp Buffer_Overflow_cpycat 97 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17294 74729/CWE124_Buffer_Underwrite__new_char_cpy_12.cpp Buffer_Overflow_cpycat 55 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17295 74730/CWE124_Buffer_Underwrite__new_char_cpy_13.cpp Buffer_Overflow_cpycat 45 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17296 74730/CWE124_Buffer_Underwrite__new_char_cpy_13.cpp Buffer_Overflow_cpycat 81 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17297 74731/CWE124_Buffer_Underwrite__new_char_cpy_14.cpp Buffer_Overflow_cpycat 45 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17298 74731/CWE124_Buffer_Underwrite__new_char_cpy_14.cpp Buffer_Overflow_cpycat 81 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17299 74732/CWE124_Buffer_Underwrite__new_char_cpy_15.cpp Buffer_Overflow_cpycat 88 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17300 74732/CWE124_Buffer_Underwrite__new_char_cpy_15.cpp Buffer_Overflow_cpycat 51 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17301 74733/CWE124_Buffer_Underwrite__new_char_cpy_16.cpp Buffer_Overflow_cpycat 78 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17302 74733/CWE124_Buffer_Underwrite__new_char_cpy_16.cpp Buffer_Overflow_cpycat 46 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17303 74734/CWE124_Buffer_Underwrite__new_char_cpy_17.cpp Buffer_Overflow_cpycat 46 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17304 74734/CWE124_Buffer_Underwrite__new_char_cpy_17.cpp Buffer_Overflow_cpycat 78 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17305 74735/CWE124_Buffer_Underwrite__new_char_cpy_18.cpp Buffer_Overflow_cpycat 74 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17306 74735/CWE124_Buffer_Underwrite__new_char_cpy_18.cpp Buffer_Overflow_cpycat 44 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17307 74736/CWE124_Buffer_Underwrite__new_char_cpy_21.cpp Buffer_Overflow_cpycat 138 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; data = goodG2B1Source(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17308 74736/CWE124_Buffer_Underwrite__new_char_cpy_21.cpp Buffer_Overflow_cpycat 55 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; data = badSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17309 74737/CWE124_Buffer_Underwrite__new_char_cpy_22.cpp Buffer_Overflow_cpycat 74 char * data; data = NULL; data = goodG2B1Source(data); char * goodG2B1Source(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; data = goodG2B1Source(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17310 74737/CWE124_Buffer_Underwrite__new_char_cpy_22.cpp Buffer_Overflow_cpycat 43 char * data; data = NULL; data = badSource(data); char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; data = badSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17311 74738/CWE124_Buffer_Underwrite__new_char_cpy_31.cpp Buffer_Overflow_cpycat 77 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17312 74738/CWE124_Buffer_Underwrite__new_char_cpy_31.cpp Buffer_Overflow_cpycat 45 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17313 74739/CWE124_Buffer_Underwrite__new_char_cpy_32.cpp Buffer_Overflow_cpycat 50 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17314 74739/CWE124_Buffer_Underwrite__new_char_cpy_32.cpp Buffer_Overflow_cpycat 87 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17315 74740/CWE124_Buffer_Underwrite__new_char_cpy_33.cpp Buffer_Overflow_cpycat 45 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17316 74740/CWE124_Buffer_Underwrite__new_char_cpy_33.cpp Buffer_Overflow_cpycat 77 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17317 74741/CWE124_Buffer_Underwrite__new_char_cpy_34.cpp Buffer_Overflow_cpycat 85 char * data; unionType myUnion; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17318 74741/CWE124_Buffer_Underwrite__new_char_cpy_34.cpp Buffer_Overflow_cpycat 52 char * data; unionType myUnion; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17319 74742/CWE124_Buffer_Underwrite__new_char_cpy_41.cpp Buffer_Overflow_cpycat 65 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17320 74742/CWE124_Buffer_Underwrite__new_char_cpy_41.cpp Buffer_Overflow_cpycat 33 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17321 74743/CWE124_Buffer_Underwrite__new_char_cpy_42.cpp Buffer_Overflow_cpycat 82 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; data = goodG2BSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17322 74743/CWE124_Buffer_Underwrite__new_char_cpy_42.cpp Buffer_Overflow_cpycat 48 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; data = badSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17323 74744/CWE124_Buffer_Underwrite__new_char_cpy_43.cpp Buffer_Overflow_cpycat 80 char * data; data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17324 74744/CWE124_Buffer_Underwrite__new_char_cpy_43.cpp Buffer_Overflow_cpycat 47 char * data; data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17325 74745/CWE124_Buffer_Underwrite__new_char_cpy_44.cpp Buffer_Overflow_cpycat 69 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17326 74745/CWE124_Buffer_Underwrite__new_char_cpy_44.cpp Buffer_Overflow_cpycat 33 char * data; void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17327 74746/CWE124_Buffer_Underwrite__new_char_cpy_45.cpp Buffer_Overflow_cpycat 37 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badData = data; badSink(); static void badSink() char * data = badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17328 74746/CWE124_Buffer_Underwrite__new_char_cpy_45.cpp Buffer_Overflow_cpycat 72 static void goodG2B() char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17329 74747/CWE124_Buffer_Underwrite__new_char_cpy_51.cpp Buffer_Overflow_cpycat 138 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17330 74747/CWE124_Buffer_Underwrite__new_char_cpy_51.cpp Buffer_Overflow_cpycat 157 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17331 74748/CWE124_Buffer_Underwrite__new_char_cpy_52.cpp Buffer_Overflow_cpycat 210 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17332 74748/CWE124_Buffer_Underwrite__new_char_cpy_52.cpp Buffer_Overflow_cpycat 191 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17333 74749/CWE124_Buffer_Underwrite__new_char_cpy_53.cpp Buffer_Overflow_cpycat 244 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17334 74749/CWE124_Buffer_Underwrite__new_char_cpy_53.cpp Buffer_Overflow_cpycat 263 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17335 74750/CWE124_Buffer_Underwrite__new_char_cpy_54.cpp Buffer_Overflow_cpycat 297 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17336 74750/CWE124_Buffer_Underwrite__new_char_cpy_54.cpp Buffer_Overflow_cpycat 316 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17337 74751/CWE124_Buffer_Underwrite__new_char_cpy_61.cpp Buffer_Overflow_cpycat 63 char * data; data = NULL; data = goodG2BSource(data); char * goodG2BSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; data = goodG2BSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17338 74751/CWE124_Buffer_Underwrite__new_char_cpy_61.cpp Buffer_Overflow_cpycat 39 char * data; data = NULL; data = badSource(data); char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; data = badSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17339 74752/CWE124_Buffer_Underwrite__new_char_cpy_62.cpp Buffer_Overflow_cpycat 63 char * data; data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17340 74752/CWE124_Buffer_Underwrite__new_char_cpy_62.cpp Buffer_Overflow_cpycat 39 char * data; data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17341 74753/CWE124_Buffer_Underwrite__new_char_cpy_63.cpp Buffer_Overflow_cpycat 136 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17342 74753/CWE124_Buffer_Underwrite__new_char_cpy_63.cpp Buffer_Overflow_cpycat 156 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(&data); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17343 74754/CWE124_Buffer_Underwrite__new_char_cpy_64.cpp Buffer_Overflow_cpycat 162 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17344 74754/CWE124_Buffer_Underwrite__new_char_cpy_64.cpp Buffer_Overflow_cpycat 139 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17345 74755/CWE124_Buffer_Underwrite__new_char_cpy_65.cpp Buffer_Overflow_cpycat 139 char * data; void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17346 74755/CWE124_Buffer_Underwrite__new_char_cpy_65.cpp Buffer_Overflow_cpycat 158 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17347 74756/CWE124_Buffer_Underwrite__new_char_cpy_66.cpp Buffer_Overflow_cpycat 144 char * data; char * dataArray[5]; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; badSink(dataArray); void badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17348 74756/CWE124_Buffer_Underwrite__new_char_cpy_66.cpp Buffer_Overflow_cpycat 164 char * data; char * dataArray[5]; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17349 74757/CWE124_Buffer_Underwrite__new_char_cpy_67.cpp Buffer_Overflow_cpycat 170 char * data; structType myStruct; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17350 74757/CWE124_Buffer_Underwrite__new_char_cpy_67.cpp Buffer_Overflow_cpycat 150 char * data; structType myStruct; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17351 74758/CWE124_Buffer_Underwrite__new_char_cpy_68.cpp Buffer_Overflow_cpycat 147 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__new_char_cpy_68_badData = data; badSink(); void badSink() char * data = CWE124_Buffer_Underwrite__new_char_cpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17352 74758/CWE124_Buffer_Underwrite__new_char_cpy_68.cpp Buffer_Overflow_cpycat 167 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__new_char_cpy_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() char * data = CWE124_Buffer_Underwrite__new_char_cpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17353 74759/CWE124_Buffer_Underwrite__new_char_cpy_72.cpp Buffer_Overflow_cpycat 155 char * data; vector dataVector; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17354 74759/CWE124_Buffer_Underwrite__new_char_cpy_72.cpp Buffer_Overflow_cpycat 175 char * data; vector dataVector; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17355 74760/CWE124_Buffer_Underwrite__new_char_cpy_73.cpp Buffer_Overflow_cpycat 155 char * data; list dataList; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17356 74760/CWE124_Buffer_Underwrite__new_char_cpy_73.cpp Buffer_Overflow_cpycat 175 char * data; list dataList; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17357 74761/CWE124_Buffer_Underwrite__new_char_cpy_74.cpp Buffer_Overflow_cpycat 155 char * data; map dataMap; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 17358 74761/CWE124_Buffer_Underwrite__new_char_cpy_74.cpp Buffer_Overflow_cpycat 175 char * data; map dataMap; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 17359 74766/CWE124_Buffer_Underwrite__new_char_loop_01.cpp Buffer_Overflow_boundedcpy 40 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17360 74766/CWE124_Buffer_Underwrite__new_char_loop_01.cpp Buffer_Overflow_boundedcpy 66 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17361 74767/CWE124_Buffer_Underwrite__new_char_loop_02.cpp Buffer_Overflow_boundedcpy 43 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17362 74767/CWE124_Buffer_Underwrite__new_char_loop_02.cpp Buffer_Overflow_boundedcpy 85 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17363 74768/CWE124_Buffer_Underwrite__new_char_loop_03.cpp Buffer_Overflow_boundedcpy 43 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17364 74768/CWE124_Buffer_Underwrite__new_char_loop_03.cpp Buffer_Overflow_boundedcpy 85 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17365 74769/CWE124_Buffer_Underwrite__new_char_loop_04.cpp Buffer_Overflow_boundedcpy 49 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17366 74769/CWE124_Buffer_Underwrite__new_char_loop_04.cpp Buffer_Overflow_boundedcpy 91 static void goodG2B1() char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17367 74770/CWE124_Buffer_Underwrite__new_char_loop_05.cpp Buffer_Overflow_boundedcpy 49 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17368 74770/CWE124_Buffer_Underwrite__new_char_loop_05.cpp Buffer_Overflow_boundedcpy 91 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17369 74771/CWE124_Buffer_Underwrite__new_char_loop_06.cpp Buffer_Overflow_boundedcpy 48 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17370 74771/CWE124_Buffer_Underwrite__new_char_loop_06.cpp Buffer_Overflow_boundedcpy 114 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17371 74772/CWE124_Buffer_Underwrite__new_char_loop_07.cpp Buffer_Overflow_boundedcpy 48 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17372 74772/CWE124_Buffer_Underwrite__new_char_loop_07.cpp Buffer_Overflow_boundedcpy 90 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17373 74773/CWE124_Buffer_Underwrite__new_char_loop_08.cpp Buffer_Overflow_boundedcpy 56 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17374 74773/CWE124_Buffer_Underwrite__new_char_loop_08.cpp Buffer_Overflow_boundedcpy 98 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17375 74774/CWE124_Buffer_Underwrite__new_char_loop_09.cpp Buffer_Overflow_boundedcpy 43 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17376 74774/CWE124_Buffer_Underwrite__new_char_loop_09.cpp Buffer_Overflow_boundedcpy 85 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17377 74775/CWE124_Buffer_Underwrite__new_char_loop_10.cpp Buffer_Overflow_boundedcpy 43 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17378 74775/CWE124_Buffer_Underwrite__new_char_loop_10.cpp Buffer_Overflow_boundedcpy 85 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17379 74776/CWE124_Buffer_Underwrite__new_char_loop_11.cpp Buffer_Overflow_boundedcpy 43 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17380 74776/CWE124_Buffer_Underwrite__new_char_loop_11.cpp Buffer_Overflow_boundedcpy 85 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17381 74777/CWE124_Buffer_Underwrite__new_char_loop_12.cpp Buffer_Overflow_boundedcpy 53 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17382 74777/CWE124_Buffer_Underwrite__new_char_loop_12.cpp Buffer_Overflow_boundedcpy 92 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17383 74778/CWE124_Buffer_Underwrite__new_char_loop_13.cpp Buffer_Overflow_boundedcpy 109 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17384 74778/CWE124_Buffer_Underwrite__new_char_loop_13.cpp Buffer_Overflow_boundedcpy 76 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17385 74779/CWE124_Buffer_Underwrite__new_char_loop_14.cpp Buffer_Overflow_boundedcpy 109 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17386 74779/CWE124_Buffer_Underwrite__new_char_loop_14.cpp Buffer_Overflow_boundedcpy 76 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17387 74780/CWE124_Buffer_Underwrite__new_char_loop_15.cpp Buffer_Overflow_boundedcpy 131 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17388 74780/CWE124_Buffer_Underwrite__new_char_loop_15.cpp Buffer_Overflow_boundedcpy 35 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17389 74781/CWE124_Buffer_Underwrite__new_char_loop_16.cpp Buffer_Overflow_boundedcpy 34 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17390 74781/CWE124_Buffer_Underwrite__new_char_loop_16.cpp Buffer_Overflow_boundedcpy 82 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17391 74782/CWE124_Buffer_Underwrite__new_char_loop_17.cpp Buffer_Overflow_boundedcpy 44 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17392 74782/CWE124_Buffer_Underwrite__new_char_loop_17.cpp Buffer_Overflow_boundedcpy 82 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17393 74783/CWE124_Buffer_Underwrite__new_char_loop_18.cpp Buffer_Overflow_boundedcpy 34 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17394 74783/CWE124_Buffer_Underwrite__new_char_loop_18.cpp Buffer_Overflow_boundedcpy 42 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17395 74784/CWE124_Buffer_Underwrite__new_char_loop_21.cpp Buffer_Overflow_boundedcpy 89 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; data = badSource(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17396 74784/CWE124_Buffer_Underwrite__new_char_loop_21.cpp Buffer_Overflow_boundedcpy 35 char * data; data = NULL; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; data = goodG2B1Source(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17397 74785/CWE124_Buffer_Underwrite__new_char_loop_22.cpp Buffer_Overflow_boundedcpy 227 char * data; data = NULL; data = badSource(data); char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; data = badSource(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17398 74785/CWE124_Buffer_Underwrite__new_char_loop_22.cpp Buffer_Overflow_boundedcpy 106 char * data; data = NULL; data = goodG2B1Source(data); char * goodG2B1Source(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; data = goodG2B1Source(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17399 74786/CWE124_Buffer_Underwrite__new_char_loop_31.cpp Buffer_Overflow_boundedcpy 32 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17400 74786/CWE124_Buffer_Underwrite__new_char_loop_31.cpp Buffer_Overflow_boundedcpy 81 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17401 74787/CWE124_Buffer_Underwrite__new_char_loop_32.cpp Buffer_Overflow_boundedcpy 48 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17402 74787/CWE124_Buffer_Underwrite__new_char_loop_32.cpp Buffer_Overflow_boundedcpy 79 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17403 74788/CWE124_Buffer_Underwrite__new_char_loop_33.cpp Buffer_Overflow_boundedcpy 71 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17404 74788/CWE124_Buffer_Underwrite__new_char_loop_33.cpp Buffer_Overflow_boundedcpy 81 char * data; char * &dataRef = data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17405 74789/CWE124_Buffer_Underwrite__new_char_loop_34.cpp Buffer_Overflow_boundedcpy 50 char * data; unionType myUnion; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17406 74789/CWE124_Buffer_Underwrite__new_char_loop_34.cpp Buffer_Overflow_boundedcpy 89 char * data; unionType myUnion; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17407 74790/CWE124_Buffer_Underwrite__new_char_loop_41.cpp Buffer_Overflow_boundedcpy 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(data); void badSink(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17408 74790/CWE124_Buffer_Underwrite__new_char_loop_41.cpp Buffer_Overflow_boundedcpy 52 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(data); void goodG2BSink(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17409 74791/CWE124_Buffer_Underwrite__new_char_loop_42.cpp Buffer_Overflow_boundedcpy 69 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; data = badSource(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17410 74791/CWE124_Buffer_Underwrite__new_char_loop_42.cpp Buffer_Overflow_boundedcpy 86 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; data = goodG2BSource(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17411 74792/CWE124_Buffer_Underwrite__new_char_loop_43.cpp Buffer_Overflow_boundedcpy 69 char * data; data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSource(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17412 74792/CWE124_Buffer_Underwrite__new_char_loop_43.cpp Buffer_Overflow_boundedcpy 84 char * data; data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSource(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17413 74793/CWE124_Buffer_Underwrite__new_char_loop_44.cpp Buffer_Overflow_boundedcpy 31 char * data; void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17414 74793/CWE124_Buffer_Underwrite__new_char_loop_44.cpp Buffer_Overflow_boundedcpy 95 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17415 74794/CWE124_Buffer_Underwrite__new_char_loop_45.cpp Buffer_Overflow_boundedcpy 76 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(data); void badSink(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17416 74794/CWE124_Buffer_Underwrite__new_char_loop_45.cpp Buffer_Overflow_boundedcpy 97 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(data); void goodG2BSink(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17417 74795/CWE124_Buffer_Underwrite__new_char_loop_51.cpp Buffer_Overflow_boundedcpy 136 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_c(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17418 74795/CWE124_Buffer_Underwrite__new_char_loop_51.cpp Buffer_Overflow_boundedcpy 161 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_c(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17419 74796/CWE124_Buffer_Underwrite__new_char_loop_52.cpp Buffer_Overflow_boundedcpy 57 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17420 74796/CWE124_Buffer_Underwrite__new_char_loop_52.cpp Buffer_Overflow_boundedcpy 35 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17421 74797/CWE124_Buffer_Underwrite__new_char_loop_53.cpp Buffer_Overflow_boundedcpy 242 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_d(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17422 74797/CWE124_Buffer_Underwrite__new_char_loop_53.cpp Buffer_Overflow_boundedcpy 57 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_d(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17423 74798/CWE124_Buffer_Underwrite__new_char_loop_54.cpp Buffer_Overflow_boundedcpy 320 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_e(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17424 74798/CWE124_Buffer_Underwrite__new_char_loop_54.cpp Buffer_Overflow_boundedcpy 295 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_e(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17425 74799/CWE124_Buffer_Underwrite__new_char_loop_61.cpp Buffer_Overflow_boundedcpy 67 char * data; data = NULL; data = badSource(data); char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; return data; data = badSource(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17426 74799/CWE124_Buffer_Underwrite__new_char_loop_61.cpp Buffer_Overflow_boundedcpy 167 char * data; data = NULL; data = goodG2BSource(data); char * goodG2BSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; data = goodG2BSource(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17427 74800/CWE124_Buffer_Underwrite__new_char_loop_62.cpp Buffer_Overflow_boundedcpy 67 char * data; data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSource(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17428 74800/CWE124_Buffer_Underwrite__new_char_loop_62.cpp Buffer_Overflow_boundedcpy 150 char * data; data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSource(data); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17429 74801/CWE124_Buffer_Underwrite__new_char_loop_63.cpp Buffer_Overflow_boundedcpy 160 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17430 74801/CWE124_Buffer_Underwrite__new_char_loop_63.cpp Buffer_Overflow_boundedcpy 35 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(&data); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17431 74802/CWE124_Buffer_Underwrite__new_char_loop_64.cpp Buffer_Overflow_boundedcpy 137 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17432 74802/CWE124_Buffer_Underwrite__new_char_loop_64.cpp Buffer_Overflow_boundedcpy 35 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17433 74803/CWE124_Buffer_Underwrite__new_char_loop_65.cpp Buffer_Overflow_boundedcpy 37 char * data; void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void badSink(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17434 74803/CWE124_Buffer_Underwrite__new_char_loop_65.cpp Buffer_Overflow_boundedcpy 162 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void goodG2BSink(char * data) size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17435 74804/CWE124_Buffer_Underwrite__new_char_loop_66.cpp Buffer_Overflow_boundedcpy 168 char * data; char * dataArray[5]; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; badSink(dataArray); void badSink(char * dataArray[]) char * data = dataArray[2]; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17436 74804/CWE124_Buffer_Underwrite__new_char_loop_66.cpp Buffer_Overflow_boundedcpy 36 char * data; char * dataArray[5]; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17437 74805/CWE124_Buffer_Underwrite__new_char_loop_67.cpp Buffer_Overflow_boundedcpy 41 char * data; structType myStruct; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; badSink(myStruct); char * data = myStruct.structFirst; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17438 74805/CWE124_Buffer_Underwrite__new_char_loop_67.cpp Buffer_Overflow_boundedcpy 148 char * data; structType myStruct; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17439 74806/CWE124_Buffer_Underwrite__new_char_loop_68.cpp Buffer_Overflow_boundedcpy 61 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__new_char_loop_68_badData = data; badSink(); void badSink() char * data = CWE124_Buffer_Underwrite__new_char_loop_68_badData; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17440 74806/CWE124_Buffer_Underwrite__new_char_loop_68.cpp Buffer_Overflow_boundedcpy 145 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__new_char_loop_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() char * data = CWE124_Buffer_Underwrite__new_char_loop_68_goodG2BData; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17441 74807/CWE124_Buffer_Underwrite__new_char_loop_72.cpp Buffer_Overflow_boundedcpy 39 char * data; vector dataVector; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17442 74807/CWE124_Buffer_Underwrite__new_char_loop_72.cpp Buffer_Overflow_boundedcpy 153 char * data; vector dataVector; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17443 74808/CWE124_Buffer_Underwrite__new_char_loop_73.cpp Buffer_Overflow_boundedcpy 39 char * data; list dataList; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17444 74808/CWE124_Buffer_Underwrite__new_char_loop_73.cpp Buffer_Overflow_boundedcpy 153 char * data; list dataList; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17445 74809/CWE124_Buffer_Underwrite__new_char_loop_74.cpp Buffer_Overflow_boundedcpy 39 char * data; map dataMap; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 1 --------------------------------- 17446 74809/CWE124_Buffer_Underwrite__new_char_loop_74.cpp Buffer_Overflow_boundedcpy 153 char * data; map dataMap; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; size_t i; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; 0 --------------------------------- 17447 74814/CWE124_Buffer_Underwrite__new_char_memcpy_01.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17448 74814/CWE124_Buffer_Underwrite__new_char_memcpy_01.cpp Buffer_Overflow_boundedcpy 42 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17449 74815/CWE124_Buffer_Underwrite__new_char_memcpy_02.cpp Buffer_Overflow_boundedcpy 83 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17450 74815/CWE124_Buffer_Underwrite__new_char_memcpy_02.cpp Buffer_Overflow_boundedcpy 45 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17451 74816/CWE124_Buffer_Underwrite__new_char_memcpy_03.cpp Buffer_Overflow_boundedcpy 83 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17452 74816/CWE124_Buffer_Underwrite__new_char_memcpy_03.cpp Buffer_Overflow_boundedcpy 45 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17453 74817/CWE124_Buffer_Underwrite__new_char_memcpy_04.cpp Buffer_Overflow_boundedcpy 51 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17454 74817/CWE124_Buffer_Underwrite__new_char_memcpy_04.cpp Buffer_Overflow_boundedcpy 89 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17455 74818/CWE124_Buffer_Underwrite__new_char_memcpy_05.cpp Buffer_Overflow_boundedcpy 51 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17456 74818/CWE124_Buffer_Underwrite__new_char_memcpy_05.cpp Buffer_Overflow_boundedcpy 89 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17457 74819/CWE124_Buffer_Underwrite__new_char_memcpy_06.cpp Buffer_Overflow_boundedcpy 50 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17458 74819/CWE124_Buffer_Underwrite__new_char_memcpy_06.cpp Buffer_Overflow_boundedcpy 88 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17459 74820/CWE124_Buffer_Underwrite__new_char_memcpy_07.cpp Buffer_Overflow_boundedcpy 50 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17460 74820/CWE124_Buffer_Underwrite__new_char_memcpy_07.cpp Buffer_Overflow_boundedcpy 88 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17461 74821/CWE124_Buffer_Underwrite__new_char_memcpy_08.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17462 74821/CWE124_Buffer_Underwrite__new_char_memcpy_08.cpp Buffer_Overflow_boundedcpy 58 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17463 74822/CWE124_Buffer_Underwrite__new_char_memcpy_09.cpp Buffer_Overflow_boundedcpy 83 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17464 74822/CWE124_Buffer_Underwrite__new_char_memcpy_09.cpp Buffer_Overflow_boundedcpy 45 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17465 74822/CWE124_Buffer_Underwrite__new_char_memcpy_09.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17466 74822/CWE124_Buffer_Underwrite__new_char_memcpy_09.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17467 74823/CWE124_Buffer_Underwrite__new_char_memcpy_10.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(globalFalse) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17468 74823/CWE124_Buffer_Underwrite__new_char_memcpy_10.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(globalTrue) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17469 74823/CWE124_Buffer_Underwrite__new_char_memcpy_10.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(globalTrue) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17470 74824/CWE124_Buffer_Underwrite__new_char_memcpy_11.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(globalReturnsFalse()) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17471 74824/CWE124_Buffer_Underwrite__new_char_memcpy_11.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(globalReturnsTrue()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17472 74824/CWE124_Buffer_Underwrite__new_char_memcpy_11.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(globalReturnsTrue()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17473 74825/CWE124_Buffer_Underwrite__new_char_memcpy_12.cpp Buffer_Overflow_boundedcpy 55 data = NULL; if(globalReturnsTrueOrFalse()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17474 74825/CWE124_Buffer_Underwrite__new_char_memcpy_12.cpp Buffer_Overflow_boundedcpy 99 data = NULL; if(globalReturnsTrueOrFalse()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17475 74826/CWE124_Buffer_Underwrite__new_char_memcpy_13.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(GLOBAL_CONST_FIVE!=5) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17476 74826/CWE124_Buffer_Underwrite__new_char_memcpy_13.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17477 74826/CWE124_Buffer_Underwrite__new_char_memcpy_13.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17478 74827/CWE124_Buffer_Underwrite__new_char_memcpy_14.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(globalFive!=5) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17479 74827/CWE124_Buffer_Underwrite__new_char_memcpy_14.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(globalFive==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17480 74827/CWE124_Buffer_Underwrite__new_char_memcpy_14.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(globalFive==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17481 74828/CWE124_Buffer_Underwrite__new_char_memcpy_15.cpp Buffer_Overflow_boundedcpy 125 data = NULL; switch(6) case 6: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17482 74828/CWE124_Buffer_Underwrite__new_char_memcpy_15.cpp Buffer_Overflow_boundedcpy 51 data = NULL; switch(6) case 6: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17483 74828/CWE124_Buffer_Underwrite__new_char_memcpy_15.cpp Buffer_Overflow_boundedcpy 90 data = NULL; switch(5) default: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17484 74829/CWE124_Buffer_Underwrite__new_char_memcpy_16.cpp Buffer_Overflow_boundedcpy 46 data = NULL; while(1) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17485 74829/CWE124_Buffer_Underwrite__new_char_memcpy_16.cpp Buffer_Overflow_boundedcpy 80 data = NULL; while(1) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17486 74830/CWE124_Buffer_Underwrite__new_char_memcpy_17.cpp Buffer_Overflow_boundedcpy 46 data = NULL; for(i = 0; i < 1; i++) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17487 74830/CWE124_Buffer_Underwrite__new_char_memcpy_17.cpp Buffer_Overflow_boundedcpy 80 data = NULL; for(h = 0; h < 1; h++) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17488 74831/CWE124_Buffer_Underwrite__new_char_memcpy_18.cpp Buffer_Overflow_boundedcpy 76 data = NULL; goto source; source: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17489 74831/CWE124_Buffer_Underwrite__new_char_memcpy_18.cpp Buffer_Overflow_boundedcpy 44 data = NULL; goto source; source: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17490 74832/CWE124_Buffer_Underwrite__new_char_memcpy_21.cpp Buffer_Overflow_boundedcpy 105 data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17491 74832/CWE124_Buffer_Underwrite__new_char_memcpy_21.cpp Buffer_Overflow_boundedcpy 55 data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17492 74832/CWE124_Buffer_Underwrite__new_char_memcpy_21.cpp Buffer_Overflow_boundedcpy 142 data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17493 74833/CWE124_Buffer_Underwrite__new_char_memcpy_22.cpp Buffer_Overflow_boundedcpy 43 data = NULL; badGlobal = 1; data = badSource(data); char * badSource(char * data) if(badGlobal) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17494 74833/CWE124_Buffer_Underwrite__new_char_memcpy_22.cpp Buffer_Overflow_boundedcpy 76 data = NULL; goodG2B1Global = 0; data = goodG2B1Source(data); char * goodG2B1Source(char * data) if(goodG2B1Global) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17495 74833/CWE124_Buffer_Underwrite__new_char_memcpy_22.cpp Buffer_Overflow_boundedcpy 100 data = NULL; goodG2B2Global = 1; data = goodG2B2Source(data); char * goodG2B2Source(char * data) if(goodG2B2Global) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17496 74834/CWE124_Buffer_Underwrite__new_char_memcpy_31.cpp Buffer_Overflow_boundedcpy 45 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17497 74834/CWE124_Buffer_Underwrite__new_char_memcpy_31.cpp Buffer_Overflow_boundedcpy 79 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17498 74835/CWE124_Buffer_Underwrite__new_char_memcpy_32.cpp Buffer_Overflow_boundedcpy 50 char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17499 74835/CWE124_Buffer_Underwrite__new_char_memcpy_32.cpp Buffer_Overflow_boundedcpy 89 char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17500 74836/CWE124_Buffer_Underwrite__new_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 45 char * &dataRef = data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17501 74836/CWE124_Buffer_Underwrite__new_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 79 char * &dataRef = data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17502 74837/CWE124_Buffer_Underwrite__new_char_memcpy_34.cpp Buffer_Overflow_boundedcpy 52 unionType myUnion; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17503 74837/CWE124_Buffer_Underwrite__new_char_memcpy_34.cpp Buffer_Overflow_boundedcpy 87 unionType myUnion; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17504 74838/CWE124_Buffer_Underwrite__new_char_memcpy_41.cpp Buffer_Overflow_boundedcpy 33 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17505 74838/CWE124_Buffer_Underwrite__new_char_memcpy_41.cpp Buffer_Overflow_boundedcpy 67 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17506 74839/CWE124_Buffer_Underwrite__new_char_memcpy_42.cpp Buffer_Overflow_boundedcpy 84 data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17507 74839/CWE124_Buffer_Underwrite__new_char_memcpy_42.cpp Buffer_Overflow_boundedcpy 48 data = NULL; data = badSource(data); static char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17508 74840/CWE124_Buffer_Underwrite__new_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 82 data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17509 74840/CWE124_Buffer_Underwrite__new_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 47 data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17510 74841/CWE124_Buffer_Underwrite__new_char_memcpy_44.cpp Buffer_Overflow_boundedcpy 71 void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17511 74841/CWE124_Buffer_Underwrite__new_char_memcpy_44.cpp Buffer_Overflow_boundedcpy 33 void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17512 74842/CWE124_Buffer_Underwrite__new_char_memcpy_45.cpp Buffer_Overflow_boundedcpy 74 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17513 74842/CWE124_Buffer_Underwrite__new_char_memcpy_45.cpp Buffer_Overflow_boundedcpy 37 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badData = data; badSink(); static void badSink() char * data = badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17514 74843/CWE124_Buffer_Underwrite__new_char_memcpy_51.cpp Buffer_Overflow_boundedcpy 159 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17515 74843/CWE124_Buffer_Underwrite__new_char_memcpy_51.cpp Buffer_Overflow_boundedcpy 138 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17516 74844/CWE124_Buffer_Underwrite__new_char_memcpy_52.cpp Buffer_Overflow_boundedcpy 212 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17517 74844/CWE124_Buffer_Underwrite__new_char_memcpy_52.cpp Buffer_Overflow_boundedcpy 191 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17518 74845/CWE124_Buffer_Underwrite__new_char_memcpy_53.cpp Buffer_Overflow_boundedcpy 265 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17519 74845/CWE124_Buffer_Underwrite__new_char_memcpy_53.cpp Buffer_Overflow_boundedcpy 244 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17520 74846/CWE124_Buffer_Underwrite__new_char_memcpy_54.cpp Buffer_Overflow_boundedcpy 318 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) goodG2BSink_e(data); void goodG2BSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17521 74846/CWE124_Buffer_Underwrite__new_char_memcpy_54.cpp Buffer_Overflow_boundedcpy 297 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) badSink_e(data); void badSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17522 74847/CWE124_Buffer_Underwrite__new_char_memcpy_61.cpp Buffer_Overflow_boundedcpy 39 data = badSource(data); char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17523 74847/CWE124_Buffer_Underwrite__new_char_memcpy_61.cpp Buffer_Overflow_boundedcpy 65 data = goodG2BSource(data); char * goodG2BSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17524 74848/CWE124_Buffer_Underwrite__new_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 39 data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17525 74848/CWE124_Buffer_Underwrite__new_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 65 data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17526 74849/CWE124_Buffer_Underwrite__new_char_memcpy_63.cpp Buffer_Overflow_boundedcpy 136 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17527 74849/CWE124_Buffer_Underwrite__new_char_memcpy_63.cpp Buffer_Overflow_boundedcpy 158 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(&data); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17528 74850/CWE124_Buffer_Underwrite__new_char_memcpy_64.cpp Buffer_Overflow_boundedcpy 139 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17529 74850/CWE124_Buffer_Underwrite__new_char_memcpy_64.cpp Buffer_Overflow_boundedcpy 164 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17530 74851/CWE124_Buffer_Underwrite__new_char_memcpy_65.cpp Buffer_Overflow_boundedcpy 160 void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17531 74851/CWE124_Buffer_Underwrite__new_char_memcpy_65.cpp Buffer_Overflow_boundedcpy 139 void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17532 74852/CWE124_Buffer_Underwrite__new_char_memcpy_66.cpp Buffer_Overflow_boundedcpy 166 char * dataArray[5]; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17533 74852/CWE124_Buffer_Underwrite__new_char_memcpy_66.cpp Buffer_Overflow_boundedcpy 144 char * dataArray[5]; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; badSink(dataArray); void badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17534 74853/CWE124_Buffer_Underwrite__new_char_memcpy_67.cpp Buffer_Overflow_boundedcpy 150 structType myStruct; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17535 74853/CWE124_Buffer_Underwrite__new_char_memcpy_67.cpp Buffer_Overflow_boundedcpy 172 structType myStruct; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17536 74854/CWE124_Buffer_Underwrite__new_char_memcpy_68.cpp Buffer_Overflow_boundedcpy 147 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__new_char_memcpy_68_badData = data; badSink(); void badSink() char * data = CWE124_Buffer_Underwrite__new_char_memcpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17537 74854/CWE124_Buffer_Underwrite__new_char_memcpy_68.cpp Buffer_Overflow_boundedcpy 169 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__new_char_memcpy_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() char * data = CWE124_Buffer_Underwrite__new_char_memcpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17538 74855/CWE124_Buffer_Underwrite__new_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 177 vector dataVector; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17539 74855/CWE124_Buffer_Underwrite__new_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 155 vector dataVector; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17540 74856/CWE124_Buffer_Underwrite__new_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 177 list dataList; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17541 74856/CWE124_Buffer_Underwrite__new_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 155 list dataList; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17542 74857/CWE124_Buffer_Underwrite__new_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 177 map dataMap; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 17543 74857/CWE124_Buffer_Underwrite__new_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 155 map dataMap; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 17544 74862/CWE124_Buffer_Underwrite__new_char_memmove_01.cpp Buffer_Overflow_boundedcpy 42 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17545 74862/CWE124_Buffer_Underwrite__new_char_memmove_01.cpp Buffer_Overflow_boundedcpy 72 char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17546 74863/CWE124_Buffer_Underwrite__new_char_memmove_02.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(0) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17547 74863/CWE124_Buffer_Underwrite__new_char_memmove_02.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(1) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17548 74863/CWE124_Buffer_Underwrite__new_char_memmove_02.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(1) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17549 74864/CWE124_Buffer_Underwrite__new_char_memmove_03.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(5!=5) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17550 74864/CWE124_Buffer_Underwrite__new_char_memmove_03.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(5==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17551 74864/CWE124_Buffer_Underwrite__new_char_memmove_03.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(5==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17552 74865/CWE124_Buffer_Underwrite__new_char_memmove_04.cpp Buffer_Overflow_boundedcpy 51 data = NULL; if(STATIC_CONST_TRUE) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17553 74865/CWE124_Buffer_Underwrite__new_char_memmove_04.cpp Buffer_Overflow_boundedcpy 118 data = NULL; if(STATIC_CONST_TRUE) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17554 74865/CWE124_Buffer_Underwrite__new_char_memmove_04.cpp Buffer_Overflow_boundedcpy 89 data = NULL; if(STATIC_CONST_FALSE) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17555 74866/CWE124_Buffer_Underwrite__new_char_memmove_05.cpp Buffer_Overflow_boundedcpy 51 data = NULL; if(staticTrue) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17556 74866/CWE124_Buffer_Underwrite__new_char_memmove_05.cpp Buffer_Overflow_boundedcpy 118 data = NULL; if(staticTrue) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17557 74866/CWE124_Buffer_Underwrite__new_char_memmove_05.cpp Buffer_Overflow_boundedcpy 89 data = NULL; if(staticFalse) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17558 74867/CWE124_Buffer_Underwrite__new_char_memmove_06.cpp Buffer_Overflow_boundedcpy 117 data = NULL; if(STATIC_CONST_FIVE==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17559 74867/CWE124_Buffer_Underwrite__new_char_memmove_06.cpp Buffer_Overflow_boundedcpy 88 data = NULL; if(STATIC_CONST_FIVE!=5) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17560 74867/CWE124_Buffer_Underwrite__new_char_memmove_06.cpp Buffer_Overflow_boundedcpy 50 data = NULL; if(STATIC_CONST_FIVE==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17561 74868/CWE124_Buffer_Underwrite__new_char_memmove_07.cpp Buffer_Overflow_boundedcpy 117 data = NULL; if(staticFive==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17562 74868/CWE124_Buffer_Underwrite__new_char_memmove_07.cpp Buffer_Overflow_boundedcpy 88 data = NULL; if(staticFive!=5) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17563 74868/CWE124_Buffer_Underwrite__new_char_memmove_07.cpp Buffer_Overflow_boundedcpy 50 data = NULL; if(staticFive==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17564 74869/CWE124_Buffer_Underwrite__new_char_memmove_08.cpp Buffer_Overflow_boundedcpy 125 data = NULL; if(staticReturnsTrue()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17565 74869/CWE124_Buffer_Underwrite__new_char_memmove_08.cpp Buffer_Overflow_boundedcpy 96 data = NULL; if(staticReturnsFalse()) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17566 74869/CWE124_Buffer_Underwrite__new_char_memmove_08.cpp Buffer_Overflow_boundedcpy 58 data = NULL; if(staticReturnsTrue()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17567 74870/CWE124_Buffer_Underwrite__new_char_memmove_09.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(GLOBAL_CONST_FALSE)) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17568 74870/CWE124_Buffer_Underwrite__new_char_memmove_09.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(GLOBAL_CONST_TRUE)) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17569 74870/CWE124_Buffer_Underwrite__new_char_memmove_09.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17570 74871/CWE124_Buffer_Underwrite__new_char_memmove_10.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(globalFalse)) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17571 74871/CWE124_Buffer_Underwrite__new_char_memmove_10.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(globalTrue)) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17572 74871/CWE124_Buffer_Underwrite__new_char_memmove_10.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(globalTrue) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17573 74872/CWE124_Buffer_Underwrite__new_char_memmove_11.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(globalReturnsFalse()) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17574 74872/CWE124_Buffer_Underwrite__new_char_memmove_11.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(globalReturnsTrue()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17575 74872/CWE124_Buffer_Underwrite__new_char_memmove_11.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(globalReturnsTrue()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17576 74873/CWE124_Buffer_Underwrite__new_char_memmove_12.cpp Buffer_Overflow_boundedcpy 55 data = NULL; if(globalReturnsTrueOrFalse()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17577 74873/CWE124_Buffer_Underwrite__new_char_memmove_12.cpp Buffer_Overflow_boundedcpy 99 data = NULL; if(globalReturnsTrueOrFalse()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17578 74874/CWE124_Buffer_Underwrite__new_char_memmove_13.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(GLOBAL_CONST_FIVE!=5) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17579 74874/CWE124_Buffer_Underwrite__new_char_memmove_13.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17580 74874/CWE124_Buffer_Underwrite__new_char_memmove_13.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17581 74875/CWE124_Buffer_Underwrite__new_char_memmove_14.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(globalFive!=5) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17582 74875/CWE124_Buffer_Underwrite__new_char_memmove_14.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(globalFive==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17583 74875/CWE124_Buffer_Underwrite__new_char_memmove_14.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(globalFive==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17584 74876/CWE124_Buffer_Underwrite__new_char_memmove_15.cpp Buffer_Overflow_boundedcpy 51 data = NULL; switch(6) case 6: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17585 74876/CWE124_Buffer_Underwrite__new_char_memmove_15.cpp Buffer_Overflow_boundedcpy 125 data = NULL; switch(6) case 6: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17586 74876/CWE124_Buffer_Underwrite__new_char_memmove_15.cpp Buffer_Overflow_boundedcpy 90 data = NULL; switch(5) default: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17587 74877/CWE124_Buffer_Underwrite__new_char_memmove_16.cpp Buffer_Overflow_boundedcpy 80 data = NULL; while(1) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17588 74877/CWE124_Buffer_Underwrite__new_char_memmove_16.cpp Buffer_Overflow_boundedcpy 46 data = NULL; while(1) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17589 74878/CWE124_Buffer_Underwrite__new_char_memmove_17.cpp Buffer_Overflow_boundedcpy 80 data = NULL; for(h = 0; h < 1; h++) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17590 74878/CWE124_Buffer_Underwrite__new_char_memmove_17.cpp Buffer_Overflow_boundedcpy 46 data = NULL; for(i = 0; i < 1; i++) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17591 74879/CWE124_Buffer_Underwrite__new_char_memmove_18.cpp Buffer_Overflow_boundedcpy 76 data = NULL; goto source; source: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17592 74879/CWE124_Buffer_Underwrite__new_char_memmove_18.cpp Buffer_Overflow_boundedcpy 44 data = NULL; goto source; source: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17593 74880/CWE124_Buffer_Underwrite__new_char_memmove_21.cpp Buffer_Overflow_boundedcpy 55 data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17594 74880/CWE124_Buffer_Underwrite__new_char_memmove_21.cpp Buffer_Overflow_boundedcpy 142 data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17595 74880/CWE124_Buffer_Underwrite__new_char_memmove_21.cpp Buffer_Overflow_boundedcpy 105 data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17596 74881/CWE124_Buffer_Underwrite__new_char_memmove_22.cpp Buffer_Overflow_boundedcpy 100 data = NULL; goodG2B2Global = 1; data = goodG2B2Source(data); char * goodG2B2Source(char * data) if(goodG2B2Global) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17597 74881/CWE124_Buffer_Underwrite__new_char_memmove_22.cpp Buffer_Overflow_boundedcpy 43 data = NULL; badGlobal = 1; data = badSource(data); char * badSource(char * data) if(badGlobal) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17598 74881/CWE124_Buffer_Underwrite__new_char_memmove_22.cpp Buffer_Overflow_boundedcpy 76 data = NULL; goodG2B1Global = 0; data = goodG2B1Source(data); char * goodG2B1Source(char * data) if(goodG2B1Global) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17599 74882/CWE124_Buffer_Underwrite__new_char_memmove_31.cpp Buffer_Overflow_boundedcpy 79 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17600 74882/CWE124_Buffer_Underwrite__new_char_memmove_31.cpp Buffer_Overflow_boundedcpy 45 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17601 74883/CWE124_Buffer_Underwrite__new_char_memmove_32.cpp Buffer_Overflow_boundedcpy 50 data = NULL; char * data = *dataPtr1; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17602 74883/CWE124_Buffer_Underwrite__new_char_memmove_32.cpp Buffer_Overflow_boundedcpy 89 data = NULL; char * data = *dataPtr1; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17603 74884/CWE124_Buffer_Underwrite__new_char_memmove_33.cpp Buffer_Overflow_boundedcpy 79 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17604 74884/CWE124_Buffer_Underwrite__new_char_memmove_33.cpp Buffer_Overflow_boundedcpy 45 data = NULL; char * data = *dataPtr1; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17605 74885/CWE124_Buffer_Underwrite__new_char_memmove_34.cpp Buffer_Overflow_boundedcpy 87 unionType myUnion; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17606 74885/CWE124_Buffer_Underwrite__new_char_memmove_34.cpp Buffer_Overflow_boundedcpy 52 unionType myUnion; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17607 74886/CWE124_Buffer_Underwrite__new_char_memmove_41.cpp Buffer_Overflow_boundedcpy 67 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17608 74886/CWE124_Buffer_Underwrite__new_char_memmove_41.cpp Buffer_Overflow_boundedcpy 33 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17609 74887/CWE124_Buffer_Underwrite__new_char_memmove_42.cpp Buffer_Overflow_boundedcpy 48 data = NULL; data = badSource(data); static char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17610 74887/CWE124_Buffer_Underwrite__new_char_memmove_42.cpp Buffer_Overflow_boundedcpy 84 data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17611 74888/CWE124_Buffer_Underwrite__new_char_memmove_43.cpp Buffer_Overflow_boundedcpy 47 data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17612 74888/CWE124_Buffer_Underwrite__new_char_memmove_43.cpp Buffer_Overflow_boundedcpy 82 data = NULL; goodG2BSource(data); static char * goodG2BSource(char * data) static void goodG2BSource(char * &data) memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17613 74889/CWE124_Buffer_Underwrite__new_char_memmove_44.cpp Buffer_Overflow_boundedcpy 33 void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17614 74889/CWE124_Buffer_Underwrite__new_char_memmove_44.cpp Buffer_Overflow_boundedcpy 71 void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17615 74890/CWE124_Buffer_Underwrite__new_char_memmove_45.cpp Buffer_Overflow_boundedcpy 37 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badData = data; badSink(); static void badSink() char * data = badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17616 74890/CWE124_Buffer_Underwrite__new_char_memmove_45.cpp Buffer_Overflow_boundedcpy 74 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17617 74891/CWE124_Buffer_Underwrite__new_char_memmove_51.cpp Buffer_Overflow_boundedcpy 159 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17618 74891/CWE124_Buffer_Underwrite__new_char_memmove_51.cpp Buffer_Overflow_boundedcpy 138 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17619 74892/CWE124_Buffer_Underwrite__new_char_memmove_52.cpp Buffer_Overflow_boundedcpy 191 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17620 74892/CWE124_Buffer_Underwrite__new_char_memmove_52.cpp Buffer_Overflow_boundedcpy 212 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17621 74893/CWE124_Buffer_Underwrite__new_char_memmove_53.cpp Buffer_Overflow_boundedcpy 265 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17622 74893/CWE124_Buffer_Underwrite__new_char_memmove_53.cpp Buffer_Overflow_boundedcpy 244 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17623 74894/CWE124_Buffer_Underwrite__new_char_memmove_54.cpp Buffer_Overflow_boundedcpy 318 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) goodG2BSink_e(data); void goodG2BSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17624 74894/CWE124_Buffer_Underwrite__new_char_memmove_54.cpp Buffer_Overflow_boundedcpy 297 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) badSink_e(data); void badSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17625 74895/CWE124_Buffer_Underwrite__new_char_memmove_61.cpp Buffer_Overflow_boundedcpy 65 data = NULL; data = goodG2BSource(data); char * goodG2BSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17626 74895/CWE124_Buffer_Underwrite__new_char_memmove_61.cpp Buffer_Overflow_boundedcpy 39 data = NULL; data = badSource(data); char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17627 74896/CWE124_Buffer_Underwrite__new_char_memmove_62.cpp Buffer_Overflow_boundedcpy 65 data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17628 74896/CWE124_Buffer_Underwrite__new_char_memmove_62.cpp Buffer_Overflow_boundedcpy 39 data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17629 74897/CWE124_Buffer_Underwrite__new_char_memmove_63.cpp Buffer_Overflow_boundedcpy 158 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(&data); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17630 74897/CWE124_Buffer_Underwrite__new_char_memmove_63.cpp Buffer_Overflow_boundedcpy 136 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17631 74898/CWE124_Buffer_Underwrite__new_char_memmove_64.cpp Buffer_Overflow_boundedcpy 164 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17632 74898/CWE124_Buffer_Underwrite__new_char_memmove_64.cpp Buffer_Overflow_boundedcpy 139 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17633 74899/CWE124_Buffer_Underwrite__new_char_memmove_65.cpp Buffer_Overflow_boundedcpy 139 void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17634 74899/CWE124_Buffer_Underwrite__new_char_memmove_65.cpp Buffer_Overflow_boundedcpy 160 void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17635 74900/CWE124_Buffer_Underwrite__new_char_memmove_66.cpp Buffer_Overflow_boundedcpy 144 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffe - 8; dataArray[2] = data; badSink(dataArray); void badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17636 74900/CWE124_Buffer_Underwrite__new_char_memmove_66.cpp Buffer_Overflow_boundedcpy 166 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17637 74901/CWE124_Buffer_Underwrite__new_char_memmove_67.cpp Buffer_Overflow_boundedcpy 150 structType myStruct; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17638 74901/CWE124_Buffer_Underwrite__new_char_memmove_67.cpp Buffer_Overflow_boundedcpy 172 structType myStruct; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17639 74902/CWE124_Buffer_Underwrite__new_char_memmove_68.cpp Buffer_Overflow_boundedcpy 147 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(); void badSink() char * data = CWE124_Buffer_Underwrite__new_char_memmove_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17640 74902/CWE124_Buffer_Underwrite__new_char_memmove_68.cpp Buffer_Overflow_boundedcpy 169 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(); void goodG2BSink() char * data = CWE124_Buffer_Underwrite__new_char_memmove_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17641 74903/CWE124_Buffer_Underwrite__new_char_memmove_72.cpp Buffer_Overflow_boundedcpy 177 vector dataVector; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17642 74903/CWE124_Buffer_Underwrite__new_char_memmove_72.cpp Buffer_Overflow_boundedcpy 155 vector dataVector; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17643 74904/CWE124_Buffer_Underwrite__new_char_memmove_73.cpp Buffer_Overflow_boundedcpy 177 list dataList; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17644 74904/CWE124_Buffer_Underwrite__new_char_memmove_73.cpp Buffer_Overflow_boundedcpy 155 list dataList; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17645 74905/CWE124_Buffer_Underwrite__new_char_memmove_74.cpp Buffer_Overflow_boundedcpy 177 map dataMap; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 17646 74905/CWE124_Buffer_Underwrite__new_char_memmove_74.cpp Buffer_Overflow_boundedcpy 155 map dataMap; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 17647 74910/CWE124_Buffer_Underwrite__new_char_ncpy_01.cpp Buffer_Overflow_boundedcpy 72 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17648 74910/CWE124_Buffer_Underwrite__new_char_ncpy_01.cpp Buffer_Overflow_boundedcpy 42 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17649 74911/CWE124_Buffer_Underwrite__new_char_ncpy_02.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(1) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17650 74911/CWE124_Buffer_Underwrite__new_char_ncpy_02.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(0) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17651 74911/CWE124_Buffer_Underwrite__new_char_ncpy_02.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(1) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17652 74912/CWE124_Buffer_Underwrite__new_char_ncpy_03.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(5==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17653 74912/CWE124_Buffer_Underwrite__new_char_ncpy_03.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(5!=5) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17654 74912/CWE124_Buffer_Underwrite__new_char_ncpy_03.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(5==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17655 74913/CWE124_Buffer_Underwrite__new_char_ncpy_04.cpp Buffer_Overflow_boundedcpy 51 data = NULL; if(STATIC_CONST_TRUE) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17656 74913/CWE124_Buffer_Underwrite__new_char_ncpy_04.cpp Buffer_Overflow_boundedcpy 118 data = NULL; if(STATIC_CONST_TRUE) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17657 74913/CWE124_Buffer_Underwrite__new_char_ncpy_04.cpp Buffer_Overflow_boundedcpy 89 data = NULL; if(STATIC_CONST_FALSE) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17658 74914/CWE124_Buffer_Underwrite__new_char_ncpy_05.cpp Buffer_Overflow_boundedcpy 51 data = NULL; if(staticTrue) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17659 74914/CWE124_Buffer_Underwrite__new_char_ncpy_05.cpp Buffer_Overflow_boundedcpy 118 data = NULL; if(staticTrue) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17660 74914/CWE124_Buffer_Underwrite__new_char_ncpy_05.cpp Buffer_Overflow_boundedcpy 89 data = NULL; if(staticFalse) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17661 74915/CWE124_Buffer_Underwrite__new_char_ncpy_06.cpp Buffer_Overflow_boundedcpy 50 data = NULL; if(STATIC_CONST_FIVE==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17662 74915/CWE124_Buffer_Underwrite__new_char_ncpy_06.cpp Buffer_Overflow_boundedcpy 117 data = NULL; if(STATIC_CONST_FIVE==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17663 74915/CWE124_Buffer_Underwrite__new_char_ncpy_06.cpp Buffer_Overflow_boundedcpy 88 data = NULL; if(STATIC_CONST_FIVE!=5) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17664 74916/CWE124_Buffer_Underwrite__new_char_ncpy_07.cpp Buffer_Overflow_boundedcpy 50 data = NULL; if(staticFive==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17665 74916/CWE124_Buffer_Underwrite__new_char_ncpy_07.cpp Buffer_Overflow_boundedcpy 117 data = NULL; if(staticFive==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17666 74916/CWE124_Buffer_Underwrite__new_char_ncpy_07.cpp Buffer_Overflow_boundedcpy 88 data = NULL; if(staticFive!=5) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17667 74917/CWE124_Buffer_Underwrite__new_char_ncpy_08.cpp Buffer_Overflow_boundedcpy 125 data = NULL; if(staticReturnsTrue()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17668 74917/CWE124_Buffer_Underwrite__new_char_ncpy_08.cpp Buffer_Overflow_boundedcpy 96 data = NULL; if(staticReturnsFalse()) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17669 74917/CWE124_Buffer_Underwrite__new_char_ncpy_08.cpp Buffer_Overflow_boundedcpy 58 data = NULL; if(staticReturnsTrue()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17670 74918/CWE124_Buffer_Underwrite__new_char_ncpy_09.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17671 74918/CWE124_Buffer_Underwrite__new_char_ncpy_09.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(GLOBAL_CONST_FALSE) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17672 74918/CWE124_Buffer_Underwrite__new_char_ncpy_09.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17673 74919/CWE124_Buffer_Underwrite__new_char_ncpy_10.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(globalTrue) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17674 74919/CWE124_Buffer_Underwrite__new_char_ncpy_10.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(globalFalse) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17675 74919/CWE124_Buffer_Underwrite__new_char_ncpy_10.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(globalTrue) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17676 74920/CWE124_Buffer_Underwrite__new_char_ncpy_11.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(globalReturnsTrue()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17677 74920/CWE124_Buffer_Underwrite__new_char_ncpy_11.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(globalReturnsFalse()) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17678 74920/CWE124_Buffer_Underwrite__new_char_ncpy_11.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(globalReturnsTrue()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17679 74921/CWE124_Buffer_Underwrite__new_char_ncpy_12.cpp Buffer_Overflow_boundedcpy 55 data = NULL; if(globalReturnsTrueOrFalse()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17680 74921/CWE124_Buffer_Underwrite__new_char_ncpy_12.cpp Buffer_Overflow_boundedcpy 99 data = NULL; if(globalReturnsTrueOrFalse()) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17681 74922/CWE124_Buffer_Underwrite__new_char_ncpy_13.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17682 74922/CWE124_Buffer_Underwrite__new_char_ncpy_13.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(GLOBAL_CONST_FIVE!=5) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17683 74922/CWE124_Buffer_Underwrite__new_char_ncpy_13.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17684 74923/CWE124_Buffer_Underwrite__new_char_ncpy_14.cpp Buffer_Overflow_boundedcpy 112 data = NULL; if(globalFive==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17685 74923/CWE124_Buffer_Underwrite__new_char_ncpy_14.cpp Buffer_Overflow_boundedcpy 83 data = NULL; if(globalFive!=5) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17686 74923/CWE124_Buffer_Underwrite__new_char_ncpy_14.cpp Buffer_Overflow_boundedcpy 45 data = NULL; if(globalFive==5) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17687 74924/CWE124_Buffer_Underwrite__new_char_ncpy_15.cpp Buffer_Overflow_boundedcpy 125 data = NULL; switch(6) case 6: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17688 74924/CWE124_Buffer_Underwrite__new_char_ncpy_15.cpp Buffer_Overflow_boundedcpy 51 data = NULL; switch(6) case 6: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17689 74924/CWE124_Buffer_Underwrite__new_char_ncpy_15.cpp Buffer_Overflow_boundedcpy 90 data = NULL; switch(5) default: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17690 74925/CWE124_Buffer_Underwrite__new_char_ncpy_16.cpp Buffer_Overflow_boundedcpy 80 data = NULL; while(1) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17691 74925/CWE124_Buffer_Underwrite__new_char_ncpy_16.cpp Buffer_Overflow_boundedcpy 46 data = NULL; while(1) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17692 74926/CWE124_Buffer_Underwrite__new_char_ncpy_17.cpp Buffer_Overflow_boundedcpy 80 data = NULL; for(h = 0; h < 1; h++) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17693 74926/CWE124_Buffer_Underwrite__new_char_ncpy_17.cpp Buffer_Overflow_boundedcpy 46 data = NULL; for(i = 0; i < 1; i++) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17694 74927/CWE124_Buffer_Underwrite__new_char_ncpy_18.cpp Buffer_Overflow_boundedcpy 44 data = NULL; goto source; source: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17695 74927/CWE124_Buffer_Underwrite__new_char_ncpy_18.cpp Buffer_Overflow_boundedcpy 76 data = NULL; goto source; source: char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17696 74928/CWE124_Buffer_Underwrite__new_char_ncpy_21.cpp Buffer_Overflow_boundedcpy 105 data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17697 74928/CWE124_Buffer_Underwrite__new_char_ncpy_21.cpp Buffer_Overflow_boundedcpy 55 data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17698 74928/CWE124_Buffer_Underwrite__new_char_ncpy_21.cpp Buffer_Overflow_boundedcpy 142 data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17699 74929/CWE124_Buffer_Underwrite__new_char_ncpy_22.cpp Buffer_Overflow_boundedcpy 43 data = NULL; badGlobal = 1; data = badSource(data); char * badSource(char * data) if(badGlobal) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17700 74929/CWE124_Buffer_Underwrite__new_char_ncpy_22.cpp Buffer_Overflow_boundedcpy 76 data = NULL; goodG2B1Global = 0; data = goodG2B1Source(data); char * goodG2B1Source(char * data) if(goodG2B1Global) else char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17701 74929/CWE124_Buffer_Underwrite__new_char_ncpy_22.cpp Buffer_Overflow_boundedcpy 100 data = NULL; goodG2B2Global = 1; data = goodG2B2Source(data); char * goodG2B2Source(char * data) if(goodG2B2Global) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17702 74930/CWE124_Buffer_Underwrite__new_char_ncpy_31.cpp Buffer_Overflow_boundedcpy 45 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17703 74930/CWE124_Buffer_Underwrite__new_char_ncpy_31.cpp Buffer_Overflow_boundedcpy 79 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17704 74931/CWE124_Buffer_Underwrite__new_char_ncpy_32.cpp Buffer_Overflow_boundedcpy 50 data = NULL; char * data = *dataPtr1; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17705 74931/CWE124_Buffer_Underwrite__new_char_ncpy_32.cpp Buffer_Overflow_boundedcpy 89 data = NULL; char * data = *dataPtr1; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17706 74932/CWE124_Buffer_Underwrite__new_char_ncpy_33.cpp Buffer_Overflow_boundedcpy 45 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17707 74932/CWE124_Buffer_Underwrite__new_char_ncpy_33.cpp Buffer_Overflow_boundedcpy 79 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17708 74933/CWE124_Buffer_Underwrite__new_char_ncpy_34.cpp Buffer_Overflow_boundedcpy 52 unionType myUnion; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17709 74933/CWE124_Buffer_Underwrite__new_char_ncpy_34.cpp Buffer_Overflow_boundedcpy 87 unionType myUnion; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17710 74934/CWE124_Buffer_Underwrite__new_char_ncpy_41.cpp Buffer_Overflow_boundedcpy 33 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17711 74934/CWE124_Buffer_Underwrite__new_char_ncpy_41.cpp Buffer_Overflow_boundedcpy 67 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17712 74935/CWE124_Buffer_Underwrite__new_char_ncpy_42.cpp Buffer_Overflow_boundedcpy 48 data = NULL; data = badSource(data); static char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17713 74935/CWE124_Buffer_Underwrite__new_char_ncpy_42.cpp Buffer_Overflow_boundedcpy 84 data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17714 74936/CWE124_Buffer_Underwrite__new_char_ncpy_43.cpp Buffer_Overflow_boundedcpy 82 data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17715 74936/CWE124_Buffer_Underwrite__new_char_ncpy_43.cpp Buffer_Overflow_boundedcpy 47 data = NULL; badSource(data); static void badSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17716 74937/CWE124_Buffer_Underwrite__new_char_ncpy_44.cpp Buffer_Overflow_boundedcpy 71 void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17717 74937/CWE124_Buffer_Underwrite__new_char_ncpy_44.cpp Buffer_Overflow_boundedcpy 33 void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17718 74938/CWE124_Buffer_Underwrite__new_char_ncpy_45.cpp Buffer_Overflow_boundedcpy 74 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17719 74938/CWE124_Buffer_Underwrite__new_char_ncpy_45.cpp Buffer_Overflow_boundedcpy 37 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badData = data; badSink(); static void badSink() char * data = badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17720 74939/CWE124_Buffer_Underwrite__new_char_ncpy_51.cpp Buffer_Overflow_boundedcpy 159 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17721 74939/CWE124_Buffer_Underwrite__new_char_ncpy_51.cpp Buffer_Overflow_boundedcpy 138 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17722 74940/CWE124_Buffer_Underwrite__new_char_ncpy_52.cpp Buffer_Overflow_boundedcpy 191 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17723 74940/CWE124_Buffer_Underwrite__new_char_ncpy_52.cpp Buffer_Overflow_boundedcpy 212 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17724 74941/CWE124_Buffer_Underwrite__new_char_ncpy_53.cpp Buffer_Overflow_boundedcpy 265 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17725 74941/CWE124_Buffer_Underwrite__new_char_ncpy_53.cpp Buffer_Overflow_boundedcpy 244 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17726 74942/CWE124_Buffer_Underwrite__new_char_ncpy_54.cpp Buffer_Overflow_boundedcpy 297 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) badSink_e(data); void badSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17727 74942/CWE124_Buffer_Underwrite__new_char_ncpy_54.cpp Buffer_Overflow_boundedcpy 318 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) goodG2BSink_e(data); void goodG2BSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17728 74943/CWE124_Buffer_Underwrite__new_char_ncpy_61.cpp Buffer_Overflow_boundedcpy 39 data = NULL; data = badSource(data); char * badSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17729 74943/CWE124_Buffer_Underwrite__new_char_ncpy_61.cpp Buffer_Overflow_boundedcpy 65 data = NULL; data = goodG2BSource(data); char * goodG2BSource(char * data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17730 74944/CWE124_Buffer_Underwrite__new_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 39 data = NULL; badSource(data); void badSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17731 74944/CWE124_Buffer_Underwrite__new_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 65 data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17732 74945/CWE124_Buffer_Underwrite__new_char_ncpy_63.cpp Buffer_Overflow_boundedcpy 136 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17733 74945/CWE124_Buffer_Underwrite__new_char_ncpy_63.cpp Buffer_Overflow_boundedcpy 158 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(&data); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17734 74946/CWE124_Buffer_Underwrite__new_char_ncpy_64.cpp Buffer_Overflow_boundedcpy 139 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17735 74946/CWE124_Buffer_Underwrite__new_char_ncpy_64.cpp Buffer_Overflow_boundedcpy 164 data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 17736 74947/CWE124_Buffer_Underwrite__new_char_ncpy_65.cpp Buffer_Overflow_boundedcpy 139 void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 17737 65966/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_33.cpp Buffer_Overflow_boundedcpy 33 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17738 65966/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_33.cpp Buffer_Overflow_boundedcpy 40 char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 17739 65970/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_43.cpp Off_by_One_Error_in_Methods 69 data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 17740 65970/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_43.cpp Off_by_One_Error_in_Methods 42 data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 17741 65970/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_43.cpp Buffer_Overflow_boundedcpy 69 data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 17742 65970/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_43.cpp Buffer_Overflow_boundedcpy 56 char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 17743 65970/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_43.cpp Buffer_Overflow_boundedcpy 29 char dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 17744 65978/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_62.cpp Off_by_One_Error_in_Methods 60 char dest[50] = ""; data[50-1] = '\0'; strncat(dest, data, strlen(data)); 0 --------------------------------- 17745 65978/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_62.cpp Buffer_Overflow_LowBound 38 char dataBuffer[100]; data = dataBuffer; badSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); void badSource(char * &data); strncat(dest, data, strlen(data)); 1 --------------------------------- 17746 65978/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_62.cpp Buffer_Overflow_boundedcpy 146 char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 17747 65978/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_62.cpp Buffer_Overflow_boundedcpy 134 void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 17748 65985/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_72.cpp Off_by_One_Error_in_Methods 165 vector dataVector; data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char dest[50] = ""; strncat(dest, data, strlen(data)); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncat(dest, data, strlen(data)); 0 --------------------------------- 17749 65985/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_72.cpp Off_by_One_Error_in_Methods 148 char * data; vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 17750 65985/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_72.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17751 65985/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_72.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 17752 65986/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_73.cpp Off_by_One_Error_in_Methods 148 char * data; list dataList; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 17753 65986/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_73.cpp Buffer_Overflow_boundedcpy 165 list dataList; data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char dest[50] = ""; strncat(dest, data, strlen(data)); void goodG2BSink(list dataList) char * data = dataList.back(); strncat(dest, data, strlen(data)); 0 --------------------------------- 17754 65986/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_73.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17755 65986/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_73.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 17756 65987/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_74.cpp Off_by_One_Error_in_Methods 148 char * data; map dataMap; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strncat(dest, data, strlen(data)); 65987 1 CWE-121 -------------------------------- 2048 /Mixed/65987/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_74.cpp Buffer_Overflow_boundedcpy data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char dest[50] = ""; strncat(dest, data, strlen(data)); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncat(dest, data, strlen(data)); 0 --------------------------------- 17757 65987/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_74.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17758 65987/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_74.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 17759 66014/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_33.cpp Off_by_One_Error_in_Methods 40 char * &dataRef = data; data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 17760 66014/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_33.cpp Off_by_One_Error_in_Methods 66 char * &dataRef = data; data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 17761 66014/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_33.cpp Buffer_Overflow_boundedcpy 59 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 17762 66014/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_33.cpp Buffer_Overflow_boundedcpy 33 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17763 66018/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_43.cpp Off_by_One_Error_in_Methods 69 data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 17764 66018/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_43.cpp Off_by_One_Error_in_Methods 42 data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 17765 66018/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_43.cpp Buffer_Overflow_boundedcpy 29 char dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 17766 66018/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_43.cpp Buffer_Overflow_boundedcpy 56 char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 17767 66026/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_62.cpp Off_by_One_Error_in_Methods 38 char dataBuffer[100]; data = dataBuffer; badSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); void badSource(char * &data); strncpy(dest, data, strlen(data)); 1 --------------------------------- 17768 66026/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_62.cpp Off_by_One_Error_in_Methods 60 char dest[50] = ""; data[50-1] = '\0'; strncpy(dest, data, strlen(data)); 0 --------------------------------- 17769 66026/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_62.cpp Buffer_Overflow_boundedcpy 146 char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 17770 66026/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_62.cpp Buffer_Overflow_boundedcpy 134 void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 17771 66033/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_72.cpp Off_by_One_Error_in_Methods 165 vector dataVector; data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char dest[50] = ""; strncpy(dest, data, strlen(data)); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncpy(dest, data, strlen(data)); 0 --------------------------------- 17772 66033/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_72.cpp Off_by_One_Error_in_Methods 148 char * data; vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 17773 66033/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17774 66033/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 17775 66034/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_73.cpp Off_by_One_Error_in_Methods 165 list dataList; data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char dest[50] = ""; strncpy(dest, data, strlen(data)); void goodG2BSink(list dataList) char * data = dataList.back(); strncpy(dest, data, strlen(data)); 0 --------------------------------- 17776 66034/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_73.cpp Off_by_One_Error_in_Methods 148 char * data; list dataList; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 17777 66034/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_73.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17778 66034/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_73.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 17779 66035/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_74.cpp Off_by_One_Error_in_Methods 165 data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char dest[50] = ""; strncpy(dest, data, strlen(data)); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncpy(dest, data, strlen(data)); 0 --------------------------------- 17780 66035/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_74.cpp Off_by_One_Error_in_Methods 148 char * data; map dataMap; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 17781 66035/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_74.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17782 66035/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_74.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 17783 66062/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_33.cpp Format_String_Attack 46 char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 17784 66062/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_33.cpp Format_String_Attack 71 char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 17785 66062/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_33.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17786 66062/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_33.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 17787 66066/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_43.cpp Format_String_Attack 48 data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 17788 66066/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_43.cpp Format_String_Attack 74 data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 17789 66066/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_43.cpp Buffer_Overflow_boundedcpy 61 char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 17790 66066/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_43.cpp Buffer_Overflow_boundedcpy 35 char dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 17791 66074/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_62.cpp Format_String_Attack 65 char dest[50] = ""; data[50-1] = '\0'; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 17792 66074/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_62.cpp Format_String_Attack 44 char dataBuffer[100]; data = dataBuffer; badSource(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); void badSource(char * &data); SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 17793 66074/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_62.cpp Buffer_Overflow_boundedcpy 150 char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 17794 66074/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_62.cpp Buffer_Overflow_boundedcpy 138 void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 17795 66081/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_72.cpp Format_String_Attack 170 vector dataVector; data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); void goodG2BSink(vector dataVector) char * data = dataVector[2]; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 17796 66081/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_72.cpp Format_String_Attack 154 char * data; vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 17797 66081/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_72.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17798 66081/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_72.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 17799 66082/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_73.cpp Format_String_Attack 170 list dataList; data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); void goodG2BSink(list dataList) char * data = dataList.back(); SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 17800 66082/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_73.cpp Format_String_Attack 154 char * data; list dataList; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 17801 66082/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_73.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17802 66082/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_73.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 17803 66083/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_74.cpp Format_String_Attack 170 data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); void goodG2BSink(map dataMap) char * data = dataMap[2]; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 17804 66083/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_74.cpp Format_String_Attack 154 char * data; map dataMap; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 17805 66083/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_74.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 17806 66083/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_74.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 17807 66110/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17808 66110/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_33.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17809 66114/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_43.cpp Buffer_Overflow_boundedcpy 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17810 66114/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17811 66122/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_62.cpp Buffer_Overflow_boundedcpy 144 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17812 66122/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_62.cpp Buffer_Overflow_boundedcpy 156 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17813 66129/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17814 66129/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_loop_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17815 66158/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17816 66158/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t * &dataRef = data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17817 66158/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 59 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17818 66158/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_33.cpp Buffer_Overflow_boundedcpy 66 wchar_t * &dataRef = data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17819 66162/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_43.cpp Buffer_Overflow_boundedcpy 69 data[50-1] = L'\0'; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17820 66162/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17821 66162/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_43.cpp Buffer_Overflow_boundedcpy 56 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17822 66162/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_43.cpp Buffer_Overflow_boundedcpy 42 data[100-1] = L'\0'; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17823 66170/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_62.cpp Buffer_Overflow_boundedcpy 146 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17824 66170/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_62.cpp Buffer_Overflow_boundedcpy 134 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17825 66170/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_62.cpp Buffer_Overflow_boundedcpy 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); void badSource(wchar_t * &data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17826 66170/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_62.cpp Buffer_Overflow_boundedcpy 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wchar_t dest[50] = L""; data[50-1] = L'\0'; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17827 66177/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 165 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17828 66177/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17829 66177/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t * data; vector dataVector; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17830 66177/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17831 66178/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 165 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17832 66178/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17833 66178/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t * data; list dataList; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17834 66178/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17835 66179/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17836 66179/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 165 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17837 66179/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17838 66179/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memcpy_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t * data; map dataMap; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17839 66206/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17840 66206/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 66 wchar_t * &dataRef = data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wchar_t * data = dataRef; wmemset(data, L'A', 100-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17841 66206/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 59 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17842 66206/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t * &dataRef = data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17843 66210/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_43.cpp Buffer_Overflow_boundedcpy 69 data[50-1] = L'\0'; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17844 66210/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_43.cpp Buffer_Overflow_boundedcpy 42 data[100-1] = L'\0'; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17845 66210/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_43.cpp Buffer_Overflow_boundedcpy 56 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17846 66210/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17847 66218/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_62.cpp Buffer_Overflow_boundedcpy 146 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17848 66218/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_62.cpp Buffer_Overflow_boundedcpy 134 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17849 66218/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_62.cpp Buffer_Overflow_boundedcpy 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; data[50-1] = L'\0'; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17850 66218/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_62.cpp Buffer_Overflow_boundedcpy 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); void badSource(wchar_t * &data); memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17851 66225/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 165 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17852 66225/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17853 66225/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t * data; vector dataVector; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17854 66225/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17855 66226/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 165 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17856 66226/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17857 66226/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t * data; list dataList; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17858 66226/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17859 66227/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 165 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17860 66227/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17861 66227/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t * data; map dataMap; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17862 66227/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_memmove_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17863 66254/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_33.cpp Off_by_One_Error_in_Methods 40 wchar_t * &dataRef = data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 17864 66254/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_33.cpp Off_by_One_Error_in_Methods 66 wchar_t * &dataRef = data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 17865 66254/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17866 66254/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_33.cpp Buffer_Overflow_boundedcpy 59 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17867 66258/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_43.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 17868 66258/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_43.cpp Off_by_One_Error_in_Methods 42 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 17869 66258/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17870 66258/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_43.cpp Buffer_Overflow_boundedcpy 56 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17871 66266/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_62.cpp Off_by_One_Error_in_Methods 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); void badSource(wchar_t * &data); wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 17872 66266/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_62.cpp Off_by_One_Error_in_Methods 60 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; data[50-1] = L'\0'; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 17873 66266/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_62.cpp Buffer_Overflow_boundedcpy 134 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17874 66266/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_62.cpp Buffer_Overflow_boundedcpy 146 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17875 66273/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_72.cpp Off_by_One_Error_in_Methods 165 vector dataVector; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 17876 66273/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_72.cpp Buffer_Overflow_LowBound 148 wchar_t * data; vector dataVector; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 17877 66273/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17878 66273/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17879 66274/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_73.cpp Off_by_One_Error_in_Methods 165 list dataList; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 17880 66274/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17881 66274/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17882 66275/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_74.cpp Off_by_One_Error_in_Methods 165 wchar_t * data; map dataMap; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 17883 66275/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_74.cpp Off_by_One_Error_in_Methods 148 wchar_t * data; map dataMap; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 17884 66275/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17885 66275/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17886 66302/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_33.cpp Off_by_One_Error_in_Methods 40 wchar_t * &dataRef = data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 17887 66302/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_33.cpp Off_by_One_Error_in_Methods 66 wchar_t * &dataRef = data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 17888 66302/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17889 66302/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_33.cpp Buffer_Overflow_boundedcpy 59 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17890 66306/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_43.cpp Off_by_One_Error_in_Methods 69 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 17891 66306/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_43.cpp Buffer_Overflow_LowBound 42 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 17892 66306/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17893 66306/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_43.cpp Buffer_Overflow_boundedcpy 56 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17894 66314/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_62.cpp Off_by_One_Error_in_Methods 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); void badSource(wchar_t * &data); wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 17895 66314/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_62.cpp Off_by_One_Error_in_Methods 60 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 17896 66314/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_62.cpp Buffer_Overflow_boundedcpy 146 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17897 66314/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_62.cpp Buffer_Overflow_boundedcpy 134 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17898 66321/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_72.cpp Off_by_One_Error_in_Methods 165 vector dataVector; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 17899 66321/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_72.cpp Off_by_One_Error_in_Methods 148 wchar_t * data; vector dataVector; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 17900 66321/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17901 66321/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17902 66322/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_73.cpp Off_by_One_Error_in_Methods 165 list dataList; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 17903 66322/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_73.cpp Off_by_One_Error_in_Methods 148 wchar_t * data; list dataList; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 17904 66322/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17905 66322/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17906 66323/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_74.cpp Off_by_One_Error_in_Methods 165 wchar_t * data; map dataMap; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 17907 66323/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_74.cpp Off_by_One_Error_in_Methods 148 wchar_t * data; map dataMap; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 17908 66323/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17909 66323/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17910 66350/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_33.cpp Format_String_Attack 46 wchar_t * &dataRef = data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 17911 66350/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_33.cpp Format_String_Attack 71 wchar_t * &dataRef = data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 17912 66350/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_33.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17913 66350/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_33.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17914 66354/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_43.cpp Format_String_Attack 74 data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 17915 66354/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_43.cpp Format_String_Attack 48 data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 17916 66354/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_43.cpp Buffer_Overflow_boundedcpy 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17917 66354/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_43.cpp Buffer_Overflow_boundedcpy 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17918 66362/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_62.cpp Format_String_Attack 65 wchar_t dest[50] = L""; data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 17919 66362/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_62.cpp Format_String_Attack 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); void badSource(wchar_t * &data); SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 17920 66362/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_62.cpp Buffer_Overflow_boundedcpy 150 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17921 66362/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_62.cpp Buffer_Overflow_boundedcpy 138 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17922 66369/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_72.cpp Format_String_Attack 154 wchar_t * data; vector dataVector; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 17923 66369/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_72.cpp Format_String_Attack 170 vector dataVector; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 17924 66369/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17925 66369/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17926 66370/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_73.cpp Format_String_Attack 154 wchar_t * data; list dataList; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 17927 66370/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_73.cpp Format_String_Attack 170 list dataList; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 17928 66370/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17929 66370/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17930 66371/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_74.cpp Format_String_Attack 154 wchar_t * data; map dataMap; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 17931 66371/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_74.cpp Format_String_Attack 170 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 17932 66371/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17933 66371/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17934 66398/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17935 66398/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_33.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17936 66402/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_43.cpp Buffer_Overflow_boundedcpy 61 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17937 66402/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17938 66410/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_62.cpp Buffer_Overflow_boundedcpy 144 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17939 66410/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_62.cpp Buffer_Overflow_boundedcpy 156 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17940 66417/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17941 66417/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17942 66418/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17943 66418/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17944 66419/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17945 66419/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_loop_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17946 66446/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17947 66446/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t * &dataRef = data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17948 66446/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 59 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17949 66446/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_33.cpp Buffer_Overflow_boundedcpy 66 wchar_t * &dataRef = data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); wchar_t * data = dataRef; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17950 66450/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_43.cpp Buffer_Overflow_boundedcpy 69 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17951 66450/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17952 66450/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_43.cpp Buffer_Overflow_boundedcpy 56 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17953 66450/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_43.cpp Buffer_Overflow_boundedcpy 42 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17954 66458/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_62.cpp Buffer_Overflow_boundedcpy 146 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17955 66458/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_62.cpp Buffer_Overflow_boundedcpy 134 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17956 66458/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_62.cpp Buffer_Overflow_boundedcpy 38 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); void badSource(wchar_t * &data); memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17957 66458/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_62.cpp Buffer_Overflow_boundedcpy 60 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; data[50-1] = L'\0'; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17958 66465/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 165 vector dataVector; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17959 66465/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17960 66465/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t * data; vector dataVector; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17961 66465/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17962 66466/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 165 list dataList; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17963 66466/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17964 66466/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t * data; list dataList; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17965 66466/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17966 66467/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17967 66467/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 165 wchar_t * data; map dataMap; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17968 66467/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17969 66467/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memcpy_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t * data; map dataMap; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; memcpy(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17970 66494/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17971 66494/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 66 wchar_t * &dataRef = data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17972 66494/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 59 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17973 66494/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t * &dataRef = data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17974 66498/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_43.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17975 66498/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_43.cpp Buffer_Overflow_boundedcpy 42 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17976 66498/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_43.cpp Buffer_Overflow_boundedcpy 56 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17977 66498/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17978 66506/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_62.cpp Buffer_Overflow_boundedcpy 146 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 17979 66506/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_62.cpp Buffer_Overflow_boundedcpy 134 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 17980 66506/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_62.cpp Buffer_Overflow_boundedcpy 60 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; data[50-1] = L'\0'; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17981 66506/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_62.cpp Buffer_Overflow_boundedcpy 38 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); void badSource(wchar_t * &data); memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17982 66513/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 165 vector dataVector; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17983 66513/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17984 66513/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t * data; vector dataVector; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17985 66513/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17986 66514/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 165 list dataList; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17987 66514/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17988 66514/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t * data; list dataList; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17989 66514/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17990 66515/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 165 wchar_t * data; map dataMap; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 0 --------------------------------- 17991 66515/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17992 66515/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t * data; map dataMap; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; memmove(dest, data, wcslen(data)*sizeof(wchar_t)); 1 --------------------------------- 17993 66515/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_memmove_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17994 66542/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_33.cpp Buffer_Overflow_LowBound 40 wchar_t * &dataRef = data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 17995 66542/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_33.cpp Buffer_Overflow_LowBound 66 wchar_t * &dataRef = data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 17996 66542/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 17997 66542/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_33.cpp Buffer_Overflow_boundedcpy 59 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 17998 66546/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_43.cpp Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 17999 66546/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_43.cpp Buffer_Overflow_LowBound 42 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 18000 66546/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18001 66546/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_43.cpp Buffer_Overflow_boundedcpy 56 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18002 66554/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_62.cpp Off_by_One_Error_in_Methods 38 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); void badSource(wchar_t * &data); wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 18003 66554/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_62.cpp Off_by_One_Error_in_Methods 60 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; data[50-1] = L'\0'; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 18004 66554/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_62.cpp Buffer_Overflow_boundedcpy 134 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18005 66554/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_62.cpp Buffer_Overflow_boundedcpy 146 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18006 66561/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_72.cpp Off_by_One_Error_in_Methods 165 vector dataVector; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 18007 66561/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_72.cpp Off_by_One_Error_in_Methods 148 wchar_t * data; vector dataVector; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 18008 66561/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18009 66561/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18010 66562/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_73.cpp Buffer_Overflow_LowBound 165 list dataList; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 18011 66562/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_73.cpp Buffer_Overflow_LowBound 148 wchar_t * data; list dataList; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 18012 66562/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18013 66562/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18014 66563/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_74.cpp Off_by_One_Error_in_Methods 165 wchar_t * data; map dataMap; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 18015 66563/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_74.cpp Off_by_One_Error_in_Methods 148 wchar_t * data; map dataMap; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 18016 66563/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18017 66563/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18018 66590/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_33.cpp Off_by_One_Error_in_Methods 40 wchar_t * &dataRef = data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 18019 66590/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_33.cpp Off_by_One_Error_in_Methods 66 wchar_t * &dataRef = data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 18020 66590/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18021 66590/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_33.cpp Buffer_Overflow_boundedcpy 59 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18022 66594/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_43.cpp Off_by_One_Error_in_Methods 69 data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 18023 66594/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_43.cpp Off_by_One_Error_in_Methods 42 data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 18024 66594/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18025 66594/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_43.cpp Buffer_Overflow_boundedcpy 56 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18026 66602/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_62.cpp Buffer_Overflow_boundedcpy 146 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18027 66602/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_62.cpp Buffer_Overflow_boundedcpy 134 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18028 66602/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_62.cpp Buffer_Overflow_boundedcpy 38 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); void badSource(wchar_t * &data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 18029 66602/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_62.cpp Buffer_Overflow_boundedcpy 60 wchar_t dest[50] = L""; data[50-1] = L'\0'; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 18030 66609/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_72.cpp Off_by_One_Error_in_Methods 165 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 18031 66609/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_72.cpp Off_by_One_Error_in_Methods 148 vector dataVector; data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 18032 66609/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18033 66609/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18034 66610/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_73.cpp Off_by_One_Error_in_Methods 165 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 18035 66610/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_73.cpp Off_by_One_Error_in_Methods 148 list dataList; data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 18036 66610/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18037 66610/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18038 66611/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_74.cpp Off_by_One_Error_in_Methods 165 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 18039 66611/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_74.cpp Off_by_One_Error_in_Methods 148 wchar_t * data; map dataMap; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 18040 66611/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18041 66611/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18042 66638/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_33.cpp Format_String_Attack 46 wchar_t * &dataRef = data; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 18043 66638/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_33.cpp Format_String_Attack 71 wchar_t * &dataRef = data; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 18044 66638/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_33.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18045 66638/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_33.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18046 66642/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_43.cpp Format_String_Attack 74 data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 18047 66642/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_43.cpp Format_String_Attack 48 data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 18048 66642/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_43.cpp Buffer_Overflow_boundedcpy 61 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18049 66642/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_43.cpp Buffer_Overflow_boundedcpy 35 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18050 66650/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_62.cpp Format_String_Attack 65 wchar_t dest[50] = L""; data[50-1] = L'\0'; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 18051 66650/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_62.cpp Format_String_Attack 44 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); void badSource(wchar_t * &data); SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 18052 66650/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_62.cpp Buffer_Overflow_boundedcpy 150 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18053 66650/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_62.cpp Buffer_Overflow_boundedcpy 138 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18054 66657/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_72.cpp Format_String_Attack 154 vector dataVector; data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 18055 66657/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_72.cpp Format_String_Attack 170 vector dataVector; data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 18056 66657/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18057 66657/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18058 66658/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_73.cpp Format_String_Attack 154 list dataList; data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 18059 66658/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_73.cpp Format_String_Attack 170 list dataList; data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 18060 66658/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18061 66658/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18062 66659/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_74.cpp Format_String_Attack 154 wchar_t * data; map dataMap; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 18063 66659/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_74.cpp Format_String_Attack 170 data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 18064 66659/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18065 66659/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18066 66684/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_33.cpp String_Termination_Error 43 char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * data = dataRef; source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 18067 66684/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_33.cpp String_Termination_Error 70 char * &dataRef = data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * data = dataRef; source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 18068 66684/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_33.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18069 66684/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_33.cpp Buffer_Overflow_boundedcpy 67 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18070 66699/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_72.cpp String_Termination_Error 151 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 18071 66699/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_72.cpp String_Termination_Error 169 vector dataVector; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = '\0'; strcat(data, source); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcat(data, source); 0 --------------------------------- 18072 66699/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_72.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18073 66699/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_72.cpp Buffer_Overflow_boundedcpy 166 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18074 66700/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_73.cpp String_Termination_Error 151 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 18075 66700/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_73.cpp String_Termination_Error 169 list dataList; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; strcat(data, source); void goodG2BSink(list dataList) char * data = dataList.back(); strcat(data, source); 0 --------------------------------- 18076 66700/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_73.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18077 66700/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_73.cpp Buffer_Overflow_boundedcpy 166 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18078 66701/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_74.cpp String_Termination_Error 151 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 18079 66701/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_74.cpp String_Termination_Error 169 data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = '\0'; strcat(data, source); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcat(data, source); 0 --------------------------------- 18080 66701/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_74.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18081 66701/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_74.cpp Buffer_Overflow_boundedcpy 166 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18082 66724/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_33.cpp Buffer_Overflow_cpycat 43 char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * data = dataRef; source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 18083 66724/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_33.cpp Buffer_Overflow_cpycat 70 char * &dataRef = data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * data = dataRef; source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 18084 66724/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_33.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18085 66724/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_33.cpp Buffer_Overflow_boundedcpy 67 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18086 66739/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_72.cpp Buffer_Overflow_cpycat 169 vector dataVector; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = '\0'; strcpy(data, source); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcpy(data, source); 0 --------------------------------- 18087 66739/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_72.cpp Buffer_Overflow_cpycat 151 char * data; vector dataVector; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 18088 66739/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_72.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18089 66739/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_72.cpp Buffer_Overflow_boundedcpy 166 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18090 66740/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_73.cpp Buffer_Overflow_cpycat 169 list dataList; list dataList; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; strcpy(data, source); void goodG2BSink(list dataList) char * data = dataList.back(); strcpy(data, source); 0 --------------------------------- 18091 66740/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_73.cpp Buffer_Overflow_cpycat 151 char * data; list dataList; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 18092 66740/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_73.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18093 66740/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_73.cpp Buffer_Overflow_boundedcpy 166 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18094 66741/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_74.cpp Buffer_Overflow_cpycat 169 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = '\0'; strcpy(data, source); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcpy(data, source); 0 --------------------------------- 18095 66741/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_74.cpp Buffer_Overflow_cpycat 151 char * data; map dataMap; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 18096 66741/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_74.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18097 66741/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_74.cpp Buffer_Overflow_boundedcpy 166 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18098 66764/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_33.cpp String_Termination_Error 43 char * &dataRef = data; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataBadBuffer; data[0] = '\0'; char * data = dataRef; source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 18099 66764/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_33.cpp String_Termination_Error 70 char * &dataRef = data; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char * data = dataRef; source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 18100 66764/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_33.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18101 66764/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_33.cpp Buffer_Overflow_boundedcpy 67 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18102 66779/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_72.cpp String_Termination_Error 151 char * data; vector dataVector; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 18103 66779/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_72.cpp String_Termination_Error 169 vector dataVector; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = '\0'; strcat(data, source); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcat(data, source); 0 --------------------------------- 18104 66779/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_72.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18105 66779/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_72.cpp Buffer_Overflow_boundedcpy 166 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18106 66780/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_73.cpp String_Termination_Error 151 char * data; list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 18107 66780/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_73.cpp String_Termination_Error 169 list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; strcat(data, source); void goodG2BSink(list dataList) char * data = dataList.back(); strcat(data, source); 0 --------------------------------- 18108 66780/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_73.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18109 66780/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_73.cpp Buffer_Overflow_boundedcpy 166 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18110 66781/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_74.cpp String_Termination_Error 151 char * data; map dataMap; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 18111 66781/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_74.cpp String_Termination_Error 169 char * data; map dataMap; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = '\0'; strcat(data, source); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcat(data, source); 0 --------------------------------- 18112 66781/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_74.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18113 66781/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_74.cpp Buffer_Overflow_boundedcpy 166 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18114 66804/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_33.cpp Buffer_Overflow_cpycat 43 char * &dataRef = data; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataBadBuffer; data[0] = '\0'; char * data = dataRef; source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 18115 66804/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_33.cpp Buffer_Overflow_cpycat 70 char * &dataRef = data; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char * data = dataRef; source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 18116 66804/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_33.cpp Buffer_Overflow_boundedcpy 40 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18117 66804/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_33.cpp Buffer_Overflow_boundedcpy 67 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18118 66819/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_72.cpp Buffer_Overflow_cpycat 169 vector dataVector; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = '\0'; strcpy(data, source); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcpy(data, source); 0 --------------------------------- 18119 66819/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_72.cpp Buffer_Overflow_cpycat 151 char * data; vector dataVector; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataBadBuffer; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 18120 66819/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_72.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18121 66819/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_72.cpp Buffer_Overflow_boundedcpy 166 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18122 66820/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_73.cpp Buffer_Overflow_cpycat 169 list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = '\0'; strcpy(data, source); void goodG2BSink(list dataList) char * data = dataList.back(); strcpy(data, source); 0 --------------------------------- 18123 66820/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_73.cpp Buffer_Overflow_cpycat 151 char * data; list dataList; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataBadBuffer; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 18124 66820/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_73.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18125 66820/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_73.cpp Buffer_Overflow_boundedcpy 166 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18126 66821/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_74.cpp Buffer_Overflow_cpycat 169 map dataMap; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = '\0'; strcpy(data, source); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcpy(data, source); 0 --------------------------------- 18127 66821/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_74.cpp Buffer_Overflow_cpycat 151 char * data; map dataMap; char dataBadBuffer[50]; char dataGoodBuffer[100]; data = dataBadBuffer; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 18128 66821/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_74.cpp Buffer_Overflow_boundedcpy 148 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18129 66821/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_74.cpp Buffer_Overflow_boundedcpy 166 char source[100]; memset(source, 'C', 100-1); 0 --------------------------------- 18130 66844/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_33.cpp Buffer_Overflow_boundedcpy 67 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18131 66844/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18132 66859/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18133 66859/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_72.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18134 66860/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18135 66860/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_73.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18136 66861/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18137 66861/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cat_74.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18138 66884/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_33.cpp Buffer_Overflow_cpycat 70 wchar_t * &dataRef = data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 18139 66884/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_33.cpp Buffer_Overflow_cpycat 43 wchar_t * &dataRef = data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBadBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 18140 66884/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_33.cpp Buffer_Overflow_boundedcpy 67 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18141 66884/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18142 66899/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_72.cpp Buffer_Overflow_cpycat 169 vector dataVector; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = L'\0'; wcscpy(data, source); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(data, source); 0 --------------------------------- 18143 66899/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_72.cpp Buffer_Overflow_cpycat 151 wchar_t * data; vector dataVector; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 18144 66899/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18145 66899/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_72.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18146 66900/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_73.cpp Buffer_Overflow_cpycat 169 list dataList; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = L'\0'; wcscpy(data, source); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcscpy(data, source); 0 --------------------------------- 18147 66900/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_73.cpp Buffer_Overflow_cpycat 151 wchar_t * data; list dataList; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 18148 66900/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18149 66900/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_73.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18150 66901/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_74.cpp Buffer_Overflow_cpycat 169 map dataMap; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = L'\0'; wcscpy(data, source); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(data, source); 0 --------------------------------- 18151 66901/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_74.cpp Buffer_Overflow_cpycat 151 wchar_t * data; map dataMap; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 18152 66901/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18153 66901/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_74.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18154 66924/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_33.cpp Buffer_Overflow_boundedcpy 67 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18155 66924/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18156 66939/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18157 66939/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_72.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18158 66940/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18159 66940/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_73.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18160 66941/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18161 66941/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cat_74.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18162 66964/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_33.cpp Buffer_Overflow_cpycat 70 wchar_t * &dataRef = data; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 18163 66964/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_33.cpp Buffer_Overflow_cpycat 43 wchar_t * &dataRef = data; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; * buffer in various memory copying functions using a "large" source buffer. */ data = dataBadBuffer; wchar_t * data = dataRef; source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 18164 66964/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_33.cpp Buffer_Overflow_boundedcpy 67 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18165 66964/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_33.cpp Buffer_Overflow_boundedcpy 40 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18166 66979/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_72.cpp Buffer_Overflow_cpycat 169 vector dataVector; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); source[100-1] = L'\0'; wcscpy(data, source); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(data, source); 0 --------------------------------- 18167 66979/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_72.cpp Buffer_Overflow_cpycat 151 wchar_t * data; vector dataVector; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 18168 66979/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_72.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18169 66979/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_72.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18170 66980/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_73.cpp Buffer_Overflow_cpycat 169 list dataList; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); source[100-1] = L'\0'; wcscpy(data, source); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcscpy(data, source); 0 --------------------------------- 18171 66980/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_73.cpp Buffer_Overflow_cpycat 151 wchar_t * data; list dataList; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 18172 66980/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_73.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18173 66980/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_73.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18174 66981/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_74.cpp Buffer_Overflow_cpycat 169 map dataMap; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); source[100-1] = L'\0'; wcscpy(data, source); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(data, source); 0 --------------------------------- 18175 66981/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_74.cpp Buffer_Overflow_cpycat 151 wchar_t * data; map dataMap; wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataBadBuffer; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 18176 66981/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_74.cpp Buffer_Overflow_boundedcpy 148 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18177 66981/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_74.cpp Buffer_Overflow_boundedcpy 166 wchar_t source[100]; wmemset(source, L'C', 100-1); 0 --------------------------------- 18178 67086/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_33.cpp String_Termination_Error 65 char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 18179 67086/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_33.cpp String_Termination_Error 40 char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 18180 67086/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_33.cpp Buffer_Overflow_boundedcpy 33 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18181 67086/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_33.cpp Buffer_Overflow_boundedcpy 58 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18182 67090/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_43.cpp String_Termination_Error 68 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 18183 67090/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_43.cpp String_Termination_Error 42 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 18184 67090/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_43.cpp Buffer_Overflow_boundedcpy 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 18185 67090/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_43.cpp Buffer_Overflow_boundedcpy 55 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 18186 67098/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_62.cpp String_Termination_Error 59 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; data[50-1] = '\0'; strcat(dest, data); 0 --------------------------------- 18187 67098/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_62.cpp String_Termination_Error 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); void badSource(char * &data); strcat(dest, data); 1 --------------------------------- 18188 67098/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_62.cpp Buffer_Overflow_boundedcpy 132 void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 18189 67098/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_62.cpp Buffer_Overflow_boundedcpy 144 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 18190 67105/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_72.cpp String_Termination_Error 148 char * data; vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 18191 67105/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_72.cpp String_Termination_Error 164 vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char dest[50] = ""; strcat(dest, data); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcat(dest, data); 0 --------------------------------- 18192 67105/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_72.cpp Buffer_Overflow_boundedcpy 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18193 67105/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_72.cpp Buffer_Overflow_boundedcpy 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18194 67106/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_73.cpp String_Termination_Error 148 char * data; list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 18195 67106/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_73.cpp String_Termination_Error 164 list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char dest[50] = ""; strcat(dest, data); void goodG2BSink(list dataList) char * data = dataList.back(); strcat(dest, data); 0 --------------------------------- 18196 67106/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_73.cpp Buffer_Overflow_boundedcpy 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18197 67106/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_73.cpp Buffer_Overflow_boundedcpy 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18198 67107/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_74.cpp String_Termination_Error 148 char * data; map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 18199 67107/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_74.cpp String_Termination_Error 164 map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char dest[50] = ""; strcat(dest, data); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcat(dest, data); 0 --------------------------------- 18200 67107/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_74.cpp Buffer_Overflow_boundedcpy 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18201 67107/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_74.cpp Buffer_Overflow_boundedcpy 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18202 67134/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_33.cpp Buffer_Overflow_cpycat 65 char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 18203 67134/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_33.cpp Buffer_Overflow_cpycat 40 char * &dataRef = data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 18204 67134/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_33.cpp Buffer_Overflow_boundedcpy 33 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18205 67134/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_33.cpp Buffer_Overflow_boundedcpy 58 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18206 67138/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_43.cpp Buffer_Overflow_cpycat 42 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 18207 67138/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_43.cpp Buffer_Overflow_cpycat 68 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 18208 67138/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_43.cpp Buffer_Overflow_boundedcpy 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 18209 67138/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_43.cpp Buffer_Overflow_boundedcpy 55 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 18210 67146/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_62.cpp Buffer_Overflow_cpycat 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badSource(data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); void badSource(char * &data); strcpy(dest, data); 1 --------------------------------- 18211 67146/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_62.cpp Buffer_Overflow_cpycat 59 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; data[50-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 18212 67146/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_62.cpp Buffer_Overflow_boundedcpy 132 void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 18213 67146/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_62.cpp Buffer_Overflow_boundedcpy 144 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 18214 67153/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_72.cpp Buffer_Overflow_cpycat 148 char * data; vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 18215 67153/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_72.cpp Buffer_Overflow_cpycat 164 vector dataVector; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char dest[50] = ""; strcpy(dest, data); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcpy(dest, data); 0 --------------------------------- 18216 67153/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_72.cpp Buffer_Overflow_boundedcpy 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18217 67153/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_72.cpp Buffer_Overflow_boundedcpy 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18218 67154/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_73.cpp Buffer_Overflow_cpycat 148 char * data; list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 18219 67154/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_73.cpp Buffer_Overflow_cpycat 164 list dataList; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char dest[50] = ""; strcpy(dest, data); void goodG2BSink(list dataList) char * data = dataList.back(); strcpy(dest, data); 0 --------------------------------- 18220 67154/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_73.cpp Buffer_Overflow_boundedcpy 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18221 67154/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_73.cpp Buffer_Overflow_boundedcpy 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18222 67155/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_74.cpp Buffer_Overflow_cpycat 148 char * data; map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 18223 67155/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_74.cpp Buffer_Overflow_cpycat 164 map dataMap; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char dest[50] = ""; strcpy(dest, data); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcpy(dest, data); 0 --------------------------------- 18224 67155/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_74.cpp Buffer_Overflow_boundedcpy 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18225 67155/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_74.cpp Buffer_Overflow_boundedcpy 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18226 67182/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_33.cpp String_Termination_Error 65 char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 18227 67182/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_33.cpp String_Termination_Error 40 char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 18228 67182/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_33.cpp Buffer_Overflow_boundedcpy 33 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18229 67182/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_33.cpp Buffer_Overflow_boundedcpy 58 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18230 67186/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_43.cpp String_Termination_Error 68 char * data; char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 18231 67186/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_43.cpp String_Termination_Error 42 char * data; char dataBuffer[100]; data = dataBuffer; badSource(data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 18232 67186/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_43.cpp Buffer_Overflow_boundedcpy 29 char dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 18233 67186/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_43.cpp Buffer_Overflow_boundedcpy 55 char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 18234 67194/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_62.cpp String_Termination_Error 59 char * data; char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; data[50-1] = '\0'; strcat(dest, data); 0 --------------------------------- 18235 67194/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_62.cpp String_Termination_Error 38 char dataBuffer[100]; data = dataBuffer; badSource(data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); void badSource(char * &data); strcat(dest, data); 1 --------------------------------- 18236 67194/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_62.cpp Buffer_Overflow_boundedcpy 132 void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 18237 67194/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_62.cpp Buffer_Overflow_boundedcpy 144 char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 18238 67201/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_72.cpp String_Termination_Error 148 char * data; vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 18239 67201/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_72.cpp String_Termination_Error 164 vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char dest[50] = ""; strcat(dest, data); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcat(dest, data); 0 --------------------------------- 18240 67201/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_72.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18241 67201/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_72.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18242 67202/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_73.cpp String_Termination_Error 148 char * data; list dataList; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 18243 67202/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_73.cpp String_Termination_Error 164 list dataList; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char dest[50] = ""; strcat(dest, data); void goodG2BSink(list dataList) char * data = dataList.back(); strcat(dest, data); 0 --------------------------------- 18244 67202/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_73.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18245 67202/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_73.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18246 67203/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_74.cpp String_Termination_Error 148 char * data; map dataMap; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 18247 67203/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_74.cpp String_Termination_Error 164 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char dest[50] = ""; strcat(dest, data); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcat(dest, data); 0 --------------------------------- 18248 67203/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_74.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18249 67203/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_74.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18250 67230/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_33.cpp Buffer_Overflow_cpycat 65 char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = dataRef; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 18251 67230/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_33.cpp Buffer_Overflow_cpycat 40 char * &dataRef = data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = dataRef; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 18252 67230/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_33.cpp Buffer_Overflow_boundedcpy 33 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18253 67230/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_33.cpp Buffer_Overflow_boundedcpy 58 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18254 67234/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_43.cpp Buffer_Overflow_cpycat 42 data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 18255 67234/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_43.cpp Buffer_Overflow_cpycat 68 data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 18256 67234/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_43.cpp Buffer_Overflow_boundedcpy 29 char dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 18257 67234/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_43.cpp Buffer_Overflow_boundedcpy 55 char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 18258 67242/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_62.cpp Buffer_Overflow_cpycat 38 char dataBuffer[100]; data = dataBuffer; badSource(data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); void badSource(char * &data); strcpy(dest, data); 1 --------------------------------- 18259 67242/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_62.cpp Buffer_Overflow_cpycat 59 char * data; char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; data[50-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 18260 67242/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_62.cpp Buffer_Overflow_boundedcpy 132 void badSource(char * &data) memset(data, 'A', 100-1); 0 --------------------------------- 18261 67242/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_62.cpp Buffer_Overflow_boundedcpy 144 char dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(char * &data) memset(data, 'A', 50-1); 0 --------------------------------- 18262 67249/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_72.cpp Buffer_Overflow_cpycat 148 char * data; vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 18263 67249/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_72.cpp Buffer_Overflow_cpycat 164 vector dataVector; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char dest[50] = ""; strcpy(dest, data); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcpy(dest, data); 0 --------------------------------- 18264 67249/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_72.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18265 67249/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_72.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18266 67250/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_73.cpp Buffer_Overflow_cpycat 148 char * data; list dataList; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 18267 67250/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_73.cpp Buffer_Overflow_cpycat 164 list dataList; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char dest[50] = ""; strcpy(dest, data); void goodG2BSink(list dataList) char * data = dataList.back(); strcpy(dest, data); 0 --------------------------------- 18268 67250/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_73.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18269 67250/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_73.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18270 67251/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_74.cpp Buffer_Overflow_cpycat 148 char * data; map dataMap; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 18271 67251/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_74.cpp Buffer_Overflow_cpycat 164 char * data; map dataMap; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataMap[2] = data; goodG2BSink(dataMap); char dest[50] = ""; strcpy(dest, data); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcpy(dest, data); 0 --------------------------------- 18272 67251/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_74.cpp Buffer_Overflow_boundedcpy 39 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); 0 --------------------------------- 18273 67251/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_74.cpp Buffer_Overflow_boundedcpy 64 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); 0 --------------------------------- 18274 67278/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_33.cpp Buffer_Overflow_boundedcpy 58 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18275 67278/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18276 67282/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18277 67282/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_43.cpp Buffer_Overflow_boundedcpy 55 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18278 67290/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_62.cpp Buffer_Overflow_boundedcpy 144 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18279 67290/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_62.cpp Buffer_Overflow_boundedcpy 132 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18280 67297/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18281 67297/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18282 67298/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18283 67298/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18284 67299/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18285 67299/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cat_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18286 67326/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_33.cpp Buffer_Overflow_cpycat 65 wchar_t * &dataRef = data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 18287 67326/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_33.cpp Buffer_Overflow_cpycat 40 wchar_t * &dataRef = data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); wchar_t * data = dataRef; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 18288 67326/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_33.cpp Buffer_Overflow_boundedcpy 58 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18289 67326/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18290 67330/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_43.cpp Buffer_Overflow_cpycat 42 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 18291 67330/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_43.cpp Buffer_Overflow_cpycat 68 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 18292 67330/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18293 67330/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_43.cpp Buffer_Overflow_boundedcpy 55 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18294 67338/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_62.cpp Buffer_Overflow_cpycat 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); void badSource(wchar_t * &data); wcscpy(dest, data); 1 --------------------------------- 18295 67338/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_62.cpp Buffer_Overflow_cpycat 59 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; data[50-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 18296 67338/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_62.cpp Buffer_Overflow_boundedcpy 144 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18297 67338/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_62.cpp Buffer_Overflow_boundedcpy 132 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18298 67345/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_72.cpp Buffer_Overflow_cpycat 164 vector dataVector; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t dest[50] = L""; wcscpy(dest, data); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(dest, data); 0 --------------------------------- 18299 67345/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_72.cpp Buffer_Overflow_cpycat 148 wchar_t * data; vector dataVector; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 18300 67345/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18301 67345/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18302 67346/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_73.cpp Buffer_Overflow_cpycat 164 list dataList; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t dest[50] = L""; wcscpy(dest, data); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcscpy(dest, data); 0 --------------------------------- 18303 67346/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_73.cpp Buffer_Overflow_cpycat 148 wchar_t * data; list dataList; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 18304 67346/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18305 67346/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18306 67347/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_74.cpp Buffer_Overflow_cpycat 164 wchar_t * data; map dataMap; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t dest[50] = L""; wcscpy(dest, data); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(dest, data); 0 --------------------------------- 18307 67347/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_74.cpp Buffer_Overflow_cpycat 148 wchar_t * data; map dataMap; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 18308 67347/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18309 67347/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18310 67374/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_33.cpp Buffer_Overflow_boundedcpy 58 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18311 67374/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18312 67378/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18313 67378/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_43.cpp Buffer_Overflow_boundedcpy 55 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18314 67386/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_62.cpp Buffer_Overflow_boundedcpy 144 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18315 67386/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_62.cpp Buffer_Overflow_boundedcpy 132 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18316 67393/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18317 67393/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18318 67394/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18319 67394/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18320 67395/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18321 67395/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cat_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18322 67422/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_33.cpp Buffer_Overflow_cpycat 65 wchar_t * &dataRef = data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 18323 67422/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_33.cpp Buffer_Overflow_cpycat 40 wchar_t * &dataRef = data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = dataRef; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 18324 67422/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_33.cpp Buffer_Overflow_boundedcpy 58 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18325 67422/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_33.cpp Buffer_Overflow_boundedcpy 33 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18326 67426/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_43.cpp Buffer_Overflow_cpycat 42 data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 18327 67426/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_43.cpp Buffer_Overflow_cpycat 68 data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 18328 67426/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_43.cpp Buffer_Overflow_boundedcpy 29 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); static void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18329 67426/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_43.cpp Buffer_Overflow_boundedcpy 55 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18330 67434/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_62.cpp Buffer_Overflow_cpycat 38 wchar_t dataBuffer[100]; data = dataBuffer; badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); void badSource(wchar_t * &data); wcscpy(dest, data); 1 --------------------------------- 18331 67434/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_62.cpp Buffer_Overflow_cpycat 59 wchar_t dest[50] = L""; data[50-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 18332 67434/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_62.cpp Buffer_Overflow_boundedcpy 144 wchar_t dataBuffer[100]; data = dataBuffer; goodG2BSource(data); void goodG2BSource(wchar_t * &data) wmemset(data, L'A', 50-1); 0 --------------------------------- 18333 67434/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_62.cpp Buffer_Overflow_boundedcpy 132 void badSource(wchar_t * &data) wmemset(data, L'A', 100-1); 0 --------------------------------- 18334 67441/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_72.cpp Buffer_Overflow_cpycat 164 vector dataVector; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t dest[50] = L""; wcscpy(dest, data); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(dest, data); 0 --------------------------------- 18335 67441/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_72.cpp Buffer_Overflow_cpycat 148 wchar_t * data; vector dataVector; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 18336 67441/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_72.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18337 67441/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_72.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18338 67442/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_73.cpp Buffer_Overflow_cpycat 164 list dataList; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t dest[50] = L""; wcscpy(dest, data); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcscpy(dest, data); 0 --------------------------------- 18339 67442/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_73.cpp Buffer_Overflow_cpycat 148 wchar_t * data; list dataList; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 18340 67442/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_73.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18341 67442/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_73.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18342 67443/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_74.cpp Buffer_Overflow_cpycat 164 wchar_t * data; map dataMap; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataMap[2] = data; goodG2BSink(dataMap); wchar_t dest[50] = L""; wcscpy(dest, data); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(dest, data); 0 --------------------------------- 18343 67443/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_74.cpp Buffer_Overflow_cpycat 148 wchar_t * data; map dataMap; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 18344 67443/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_74.cpp Buffer_Overflow_boundedcpy 64 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); 0 --------------------------------- 18345 67443/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_74.cpp Buffer_Overflow_boundedcpy 39 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); 0 --------------------------------- 18346 67520/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_01.cpp Buffer_Overflow_Indexes 86 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18347 67520/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_01.cpp Buffer_Overflow_Indexes 215 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18348 67520/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_01.cpp Buffer_Overflow_boundedcpy 76 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18349 67520/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_01.cpp Buffer_Overflow_boundedcpy 205 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18350 67521/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_02.cpp Buffer_Overflow_Indexes 187 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18351 67521/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_02.cpp Buffer_Overflow_Indexes 286 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18352 67521/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_02.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18353 67521/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_02.cpp Buffer_Overflow_boundedcpy 276 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18354 67521/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_02.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18355 67521/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_02.cpp Buffer_Overflow_boundedcpy 177 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18356 67522/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_03.cpp Buffer_Overflow_Indexes 187 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18357 67522/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_03.cpp Buffer_Overflow_Indexes 286 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18358 67522/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_03.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18359 67522/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_03.cpp Buffer_Overflow_boundedcpy 276 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18360 67522/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_03.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18361 67522/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_03.cpp Buffer_Overflow_boundedcpy 177 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18362 67523/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_04.cpp Buffer_Overflow_Indexes 292 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18363 67523/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_04.cpp Buffer_Overflow_Indexes 94 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18364 67523/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_04.cpp Buffer_Overflow_Indexes 193 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18365 67523/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_04.cpp Buffer_Overflow_boundedcpy 84 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18366 67523/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_04.cpp Buffer_Overflow_boundedcpy 183 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18367 67523/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_04.cpp Buffer_Overflow_boundedcpy 282 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18368 67524/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_05.cpp Buffer_Overflow_Indexes 292 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18369 67524/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_05.cpp Buffer_Overflow_Indexes 94 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18370 67524/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_05.cpp Buffer_Overflow_Indexes 193 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18371 67524/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_05.cpp Buffer_Overflow_boundedcpy 84 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18372 67524/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_05.cpp Buffer_Overflow_boundedcpy 183 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18373 67524/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_05.cpp Buffer_Overflow_boundedcpy 282 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18374 67525/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_06.cpp Buffer_Overflow_Indexes 291 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18375 67525/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_06.cpp Buffer_Overflow_Indexes 93 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18376 67525/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_06.cpp Buffer_Overflow_Indexes 192 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18377 67525/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_06.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18378 67525/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_06.cpp Buffer_Overflow_boundedcpy 182 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18379 67525/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_06.cpp Buffer_Overflow_boundedcpy 281 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18380 67526/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_07.cpp Buffer_Overflow_Indexes 291 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18381 67526/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_07.cpp Buffer_Overflow_Indexes 93 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18382 67526/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_07.cpp Buffer_Overflow_Indexes 192 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18383 67526/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_07.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18384 67526/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_07.cpp Buffer_Overflow_boundedcpy 182 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18385 67526/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_07.cpp Buffer_Overflow_boundedcpy 281 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18386 67527/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_08.cpp Buffer_Overflow_Indexes 299 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18387 67527/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_08.cpp Buffer_Overflow_Indexes 101 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18388 67527/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_08.cpp Buffer_Overflow_Indexes 200 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18389 67527/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_08.cpp Buffer_Overflow_boundedcpy 91 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18390 67527/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_08.cpp Buffer_Overflow_boundedcpy 190 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18391 67527/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_08.cpp Buffer_Overflow_boundedcpy 289 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18392 67528/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_09.cpp Buffer_Overflow_Indexes 187 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18393 67528/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_09.cpp Buffer_Overflow_Indexes 286 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18394 67528/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_09.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18395 67528/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_09.cpp Buffer_Overflow_boundedcpy 276 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18396 67528/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_09.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18397 67528/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_09.cpp Buffer_Overflow_boundedcpy 177 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18398 67529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_10.cpp Buffer_Overflow_Indexes 187 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18399 67529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_10.cpp Buffer_Overflow_Indexes 286 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18400 67529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_10.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18401 67529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_10.cpp Buffer_Overflow_boundedcpy 276 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18402 67529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_10.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18403 67529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_10.cpp Buffer_Overflow_boundedcpy 177 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18404 67530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_11.cpp Buffer_Overflow_Indexes 285 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18405 67530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_11.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18406 67530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_11.cpp Buffer_Overflow_Indexes 186 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18407 67530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_11.cpp Buffer_Overflow_boundedcpy 275 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18408 67530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_11.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18409 67530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_11.cpp Buffer_Overflow_boundedcpy 176 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18410 67531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_12.cpp Buffer_Overflow_Indexes 221 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18411 67531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_12.cpp Buffer_Overflow_Indexes 280 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18412 67531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_12.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18413 67531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_12.cpp Buffer_Overflow_boundedcpy 211 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18414 67531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_12.cpp Buffer_Overflow_boundedcpy 270 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18415 67531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_12.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18416 67532/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_13.cpp Buffer_Overflow_Indexes 285 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18417 67532/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_13.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18418 67532/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_13.cpp Buffer_Overflow_Indexes 186 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18419 67532/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_13.cpp Buffer_Overflow_boundedcpy 275 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18420 67532/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_13.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18421 67532/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_13.cpp Buffer_Overflow_boundedcpy 176 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18422 67533/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_14.cpp Buffer_Overflow_Indexes 285 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18423 67533/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_14.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18424 67533/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_14.cpp Buffer_Overflow_Indexes 186 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18425 67533/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_14.cpp Buffer_Overflow_boundedcpy 275 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18426 67533/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_14.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18427 67533/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_14.cpp Buffer_Overflow_boundedcpy 176 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18428 67534/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_15.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18429 67534/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_15.cpp Buffer_Overflow_Indexes 199 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18430 67534/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_15.cpp Buffer_Overflow_Indexes 305 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18431 67534/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_15.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18432 67534/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_15.cpp Buffer_Overflow_boundedcpy 189 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18433 67534/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_15.cpp Buffer_Overflow_boundedcpy 295 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18434 67535/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_16.cpp Buffer_Overflow_Indexes 188 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18435 67535/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_16.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18436 67535/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_16.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18437 67535/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_16.cpp Buffer_Overflow_boundedcpy 178 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18438 67536/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_17.cpp Buffer_Overflow_Indexes 188 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18439 67536/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_17.cpp Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18440 67536/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_17.cpp Buffer_Overflow_boundedcpy 78 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18441 67536/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_17.cpp Buffer_Overflow_boundedcpy 178 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18442 67537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_18.cpp Buffer_Overflow_Indexes 184 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18443 67537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_18.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18444 67537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_18.cpp Buffer_Overflow_boundedcpy 174 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18445 67537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_18.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18446 67538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_21.cpp Buffer_Overflow_Indexes 329 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18447 67538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_21.cpp Buffer_Overflow_Indexes 232 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18448 67538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_21.cpp Buffer_Overflow_Indexes 121 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18449 67538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_21.cpp Buffer_Overflow_boundedcpy 222 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18450 67538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_21.cpp Buffer_Overflow_boundedcpy 319 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18451 67538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_21.cpp Buffer_Overflow_boundedcpy 111 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18452 67539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_22.cpp Buffer_Overflow_Indexes 92 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18453 67539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_22.cpp Buffer_Overflow_Indexes 238 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18454 67539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_22.cpp Buffer_Overflow_Indexes 170 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18455 67539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_22.cpp Buffer_Overflow_boundedcpy 228 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18456 67539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_22.cpp Buffer_Overflow_boundedcpy 160 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18457 67539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_22.cpp Buffer_Overflow_boundedcpy 82 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18458 67540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_31.cpp Buffer_Overflow_Indexes 86 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18459 67540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_31.cpp Buffer_Overflow_Indexes 223 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18460 67540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_31.cpp Buffer_Overflow_boundedcpy 76 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18461 67540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_31.cpp Buffer_Overflow_boundedcpy 213 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18462 67541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_32.cpp Buffer_Overflow_Indexes 237 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18463 67541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_32.cpp Buffer_Overflow_Indexes 90 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18464 67541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_32.cpp Buffer_Overflow_boundedcpy 227 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18465 67541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_32.cpp Buffer_Overflow_boundedcpy 80 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18466 67542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_33.cpp Buffer_Overflow_Indexes 224 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18467 67542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_33.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18468 67542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_33.cpp Buffer_Overflow_boundedcpy 214 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18469 67542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_33.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18470 67543/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_34.cpp Buffer_Overflow_Indexes 93 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18471 67543/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_34.cpp Buffer_Overflow_Indexes 232 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18472 67543/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_34.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18473 67543/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_34.cpp Buffer_Overflow_boundedcpy 222 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18474 67544/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_41.cpp Buffer_Overflow_Indexes 115 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18475 67544/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_41.cpp Buffer_Overflow_Indexes 253 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18476 67544/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_41.cpp Buffer_Overflow_boundedcpy 243 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18477 67544/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_41.cpp Buffer_Overflow_boundedcpy 105 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18478 67545/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_42.cpp Buffer_Overflow_Indexes 83 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18479 67545/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_42.cpp Buffer_Overflow_Indexes 224 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18480 67545/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_42.cpp Buffer_Overflow_boundedcpy 214 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18481 67545/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_42.cpp Buffer_Overflow_boundedcpy 73 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18482 67546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_43.cpp Buffer_Overflow_Indexes 83 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18483 67546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_43.cpp Buffer_Overflow_Indexes 222 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18484 67546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_43.cpp Buffer_Overflow_boundedcpy 212 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18485 67546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_43.cpp Buffer_Overflow_boundedcpy 73 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18486 67547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_44.cpp Buffer_Overflow_Indexes 117 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18487 67547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_44.cpp Buffer_Overflow_Indexes 258 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18488 67547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_44.cpp Buffer_Overflow_boundedcpy 107 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18489 67547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_44.cpp Buffer_Overflow_boundedcpy 248 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18490 67548/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_45.cpp Buffer_Overflow_Indexes 262 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18491 67548/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_45.cpp Buffer_Overflow_Indexes 120 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18492 67548/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_45.cpp Buffer_Overflow_boundedcpy 252 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18493 67548/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_45.cpp Buffer_Overflow_boundedcpy 110 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18494 67549/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_51.cpp Buffer_Overflow_Indexes 174 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18495 67549/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_51.cpp Buffer_Overflow_Indexes 89 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18496 67549/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_51.cpp Buffer_Overflow_boundedcpy 164 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18497 67549/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_51.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18498 67550/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_52.cpp Buffer_Overflow_Indexes 174 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18499 67550/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_52.cpp Buffer_Overflow_Indexes 89 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18500 67550/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_52.cpp Buffer_Overflow_boundedcpy 164 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18501 67550/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_52.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18502 67551/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_53.cpp Buffer_Overflow_Indexes 174 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18503 67551/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_53.cpp Buffer_Overflow_Indexes 89 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18504 67551/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_53.cpp Buffer_Overflow_boundedcpy 164 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18505 67551/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_53.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18506 67552/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_54.cpp Buffer_Overflow_Indexes 174 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18507 67552/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_54.cpp Buffer_Overflow_Indexes 89 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18508 67552/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_54.cpp Buffer_Overflow_boundedcpy 164 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18509 67552/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_54.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18510 67553/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_61.cpp Buffer_Overflow_Indexes 355 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18511 67553/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_61.cpp Buffer_Overflow_Indexes 280 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18512 67553/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_61.cpp Buffer_Overflow_boundedcpy 270 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18513 67553/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_61.cpp Buffer_Overflow_boundedcpy 345 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18514 67554/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_62.cpp Buffer_Overflow_Indexes 280 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18515 67554/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_62.cpp Buffer_Overflow_Indexes 353 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18516 67554/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_62.cpp Buffer_Overflow_boundedcpy 270 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18517 67554/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_62.cpp Buffer_Overflow_boundedcpy 343 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18518 67555/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_63.cpp Buffer_Overflow_Indexes 174 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18519 67555/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_63.cpp Buffer_Overflow_Indexes 89 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18520 67555/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_63.cpp Buffer_Overflow_boundedcpy 164 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18521 67555/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_63.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18522 67556/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_64.cpp Buffer_Overflow_Indexes 174 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18523 67556/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_64.cpp Buffer_Overflow_Indexes 89 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18524 67556/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_64.cpp Buffer_Overflow_boundedcpy 164 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18525 67556/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_64.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18526 67557/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_65.cpp Buffer_Overflow_Indexes 91 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18527 67557/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_65.cpp Buffer_Overflow_Indexes 179 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18528 67557/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_65.cpp Buffer_Overflow_boundedcpy 81 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18529 67557/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_65.cpp Buffer_Overflow_boundedcpy 169 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18530 67558/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_66.cpp Buffer_Overflow_Indexes 180 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18531 67558/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_66.cpp Buffer_Overflow_Indexes 90 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18532 67558/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_66.cpp Buffer_Overflow_boundedcpy 80 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18533 67558/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_66.cpp Buffer_Overflow_boundedcpy 170 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18534 67559/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_67.cpp Buffer_Overflow_Indexes 184 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18535 67559/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_67.cpp Buffer_Overflow_Indexes 95 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18536 67559/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_67.cpp Buffer_Overflow_boundedcpy 174 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18537 67559/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_67.cpp Buffer_Overflow_boundedcpy 85 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18538 67560/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_68.cpp Buffer_Overflow_Indexes 180 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18539 67560/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_68.cpp Buffer_Overflow_Indexes 93 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18540 67560/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_68.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18541 67560/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_68.cpp Buffer_Overflow_boundedcpy 170 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18542 67561/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_72.cpp Buffer_Overflow_Indexes 188 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18543 67561/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_72.cpp Buffer_Overflow_Indexes 93 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18544 67561/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_72.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18545 67561/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_72.cpp Buffer_Overflow_boundedcpy 178 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18546 67562/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_73.cpp Buffer_Overflow_Indexes 188 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18547 67562/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_73.cpp Buffer_Overflow_Indexes 93 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18548 67562/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_73.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18549 67562/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_73.cpp Buffer_Overflow_boundedcpy 178 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18550 67563/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_74.cpp Buffer_Overflow_Indexes 188 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18551 67563/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_74.cpp Buffer_Overflow_Indexes 93 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18552 67563/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_74.cpp Buffer_Overflow_boundedcpy 83 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18553 67563/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_74.cpp Buffer_Overflow_boundedcpy 178 struct sockaddr_in service; connectSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = inet_addr(IP_ADDRESS); service.sin_port = htons(TCP_PORT); if (connect(connectSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18554 67568/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_01.cpp Buffer_Overflow_fgets 35 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18555 67568/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_01.cpp Buffer_Overflow_fgets 121 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18556 67569/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_02.cpp Buffer_Overflow_fgets 93 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18557 67569/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_02.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18558 67569/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_02.cpp Buffer_Overflow_fgets 149 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18559 67570/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_03.cpp Buffer_Overflow_fgets 93 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18560 67570/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_03.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18561 67570/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_03.cpp Buffer_Overflow_fgets 149 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18562 67571/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_04.cpp Buffer_Overflow_fgets 155 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18563 67571/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_04.cpp Buffer_Overflow_fgets 99 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18564 67571/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_04.cpp Buffer_Overflow_fgets 43 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18565 67572/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_05.cpp Buffer_Overflow_fgets 155 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18566 67572/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_05.cpp Buffer_Overflow_fgets 99 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18567 67572/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_05.cpp Buffer_Overflow_fgets 43 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18568 67573/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_06.cpp Buffer_Overflow_fgets 154 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18569 67573/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_06.cpp Buffer_Overflow_fgets 98 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18570 67573/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_06.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18571 67574/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_07.cpp Buffer_Overflow_fgets 154 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18572 67574/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_07.cpp Buffer_Overflow_fgets 98 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18573 67574/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_07.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18574 67575/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_08.cpp Buffer_Overflow_fgets 50 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18575 67575/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_08.cpp Buffer_Overflow_fgets 162 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18576 67575/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_08.cpp Buffer_Overflow_fgets 106 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18577 67576/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_09.cpp Buffer_Overflow_fgets 93 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18578 67576/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_09.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18579 67576/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_09.cpp Buffer_Overflow_fgets 149 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18580 67577/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_10.cpp Buffer_Overflow_fgets 93 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18581 67577/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_10.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18582 67577/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_10.cpp Buffer_Overflow_fgets 149 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18583 67578/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_11.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18584 67578/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_11.cpp Buffer_Overflow_fgets 148 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18585 67578/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_11.cpp Buffer_Overflow_fgets 92 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18586 67579/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_12.cpp Buffer_Overflow_fgets 143 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18587 67579/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_12.cpp Buffer_Overflow_fgets 127 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18588 67579/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_12.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18589 67580/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_13.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18590 67580/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_13.cpp Buffer_Overflow_fgets 148 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18591 67580/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_13.cpp Buffer_Overflow_fgets 92 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18592 67581/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_14.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18593 67581/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_14.cpp Buffer_Overflow_fgets 148 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18594 67581/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_14.cpp Buffer_Overflow_fgets 92 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18595 67582/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_15.cpp Buffer_Overflow_fgets 168 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18596 67582/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_15.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18597 67582/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_15.cpp Buffer_Overflow_fgets 105 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18598 67583/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_16.cpp Buffer_Overflow_fgets 94 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18599 67583/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_16.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18600 67584/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_17.cpp Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18601 67584/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_17.cpp Buffer_Overflow_fgets 94 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18602 67585/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_18.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18603 67585/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_18.cpp Buffer_Overflow_fgets 90 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18604 67586/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_21.cpp Buffer_Overflow_fgets 192 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18605 67586/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_21.cpp Buffer_Overflow_fgets 70 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18606 67586/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_21.cpp Buffer_Overflow_fgets 138 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18607 67587/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_22.cpp Buffer_Overflow_fgets 101 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18608 67587/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_22.cpp Buffer_Overflow_fgets 76 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18609 67587/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_22.cpp Buffer_Overflow_fgets 41 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18610 67588/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_31.cpp Buffer_Overflow_fgets 35 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18611 67588/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_31.cpp Buffer_Overflow_fgets 129 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18612 67589/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_32.cpp Buffer_Overflow_fgets 39 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18613 67589/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_32.cpp Buffer_Overflow_fgets 143 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18614 67590/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_33.cpp Buffer_Overflow_fgets 36 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18615 67590/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_33.cpp Buffer_Overflow_fgets 130 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18616 67591/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_34.cpp Buffer_Overflow_fgets 138 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18617 67591/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_34.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18618 67592/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_41.cpp Buffer_Overflow_fgets 159 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18619 67592/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_41.cpp Buffer_Overflow_fgets 64 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18620 67593/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_42.cpp Buffer_Overflow_fgets 32 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = -1; data = badSource(data); static int badSource(int data) if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18621 67593/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_42.cpp Buffer_Overflow_fgets 130 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = -1; data = goodB2GSource(data); static int goodB2GSource(int data) if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18622 67594/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_43.cpp Buffer_Overflow_fgets 32 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = -1; badSource(data); void badSource(int &data) if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18623 67594/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_43.cpp Buffer_Overflow_fgets 128 char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = -1; goodB2GSource(data); static void goodB2GSource(int &data) if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18624 67595/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_44.cpp Buffer_Overflow_fgets 164 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18625 67595/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_44.cpp Buffer_Overflow_fgets 66 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18626 67596/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_45.cpp Buffer_Overflow_fgets 168 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18627 67596/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_45.cpp Buffer_Overflow_fgets 69 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18628 67597/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_51.cpp Buffer_Overflow_fgets 80 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18629 67597/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_51.cpp Buffer_Overflow_fgets 38 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18630 67598/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_52.cpp Buffer_Overflow_fgets 80 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18631 67598/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_52.cpp Buffer_Overflow_fgets 38 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18632 67599/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_53.cpp Buffer_Overflow_fgets 80 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18633 67599/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_53.cpp Buffer_Overflow_fgets 38 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18634 67600/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_54.cpp Buffer_Overflow_fgets 80 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18635 67600/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_54.cpp Buffer_Overflow_fgets 38 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18636 67601/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_61.cpp Buffer_Overflow_fgets 209 int badSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18637 67601/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_61.cpp Buffer_Overflow_fgets 241 data = -1; data = goodB2GSource(data); char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) int goodB2GSource(int data) if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18638 67602/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_62.cpp Buffer_Overflow_fgets 239 data = -1; goodB2GSource(data); char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) void goodB2GSource(int &data) if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18639 67602/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_62.cpp Buffer_Overflow_fgets 209 void badSource(int &data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18640 67603/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_63.cpp Buffer_Overflow_fgets 80 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18641 67603/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_63.cpp Buffer_Overflow_fgets 38 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18642 67604/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_64.cpp Buffer_Overflow_fgets 80 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18643 67604/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_64.cpp Buffer_Overflow_fgets 38 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18644 67605/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_65.cpp Buffer_Overflow_fgets 40 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18645 67605/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_65.cpp Buffer_Overflow_fgets 85 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18646 67606/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_66.cpp Buffer_Overflow_fgets 39 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18647 67606/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_66.cpp Buffer_Overflow_fgets 86 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18648 67607/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_67.cpp Buffer_Overflow_fgets 44 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18649 67607/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_67.cpp Buffer_Overflow_fgets 90 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18650 67608/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_68.cpp Buffer_Overflow_fgets 86 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18651 67608/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_68.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18652 67609/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_72.cpp Buffer_Overflow_fgets 94 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18653 67609/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_72.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18654 67610/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_73.cpp Buffer_Overflow_fgets 94 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18655 67610/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_73.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18656 67611/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_74.cpp Buffer_Overflow_fgets 94 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18657 67611/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fgets_74.cpp Buffer_Overflow_fgets 42 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) 0 --------------------------------- 18658 67712/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_01.cpp Buffer_Overflow_Indexes 95 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18659 67712/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_01.cpp Buffer_Overflow_Indexes 237 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18660 67712/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_01.cpp Buffer_Overflow_boundedcpy 219 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18661 67712/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_01.cpp Buffer_Overflow_boundedcpy 77 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18662 67713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_02.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18663 67713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_02.cpp Buffer_Overflow_Indexes 321 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18664 67713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_02.cpp Buffer_Overflow_Indexes 209 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18665 67713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_02.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18666 67713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_02.cpp Buffer_Overflow_boundedcpy 303 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18667 67713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_02.cpp Buffer_Overflow_boundedcpy 191 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18668 67714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_03.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18669 67714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_03.cpp Buffer_Overflow_Indexes 321 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18670 67714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_03.cpp Buffer_Overflow_Indexes 209 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18671 67714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_03.cpp Buffer_Overflow_Indexes 209 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18672 67714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_03.cpp Buffer_Overflow_boundedcpy 79 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18673 67715/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_04.cpp Buffer_Overflow_Indexes 103 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18674 67715/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_04.cpp Buffer_Overflow_Indexes 103 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18675 67715/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_04.cpp Buffer_Overflow_boundedcpy 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18676 67716/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_05.cpp Buffer_Overflow_Indexes 103 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18677 67716/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_05.cpp Buffer_Overflow_Indexes 103 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18678 67716/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_05.cpp Buffer_Overflow_boundedcpy 85 struct sockaddr_in service; listenSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); memset(&service, 0, sizeof(service)); service.sin_family = AF_INET; service.sin_addr.s_addr = INADDR_ANY; service.sin_port = htons(TCP_PORT); if (bind(listenSocket, (struct sockaddr*)&service, sizeof(service)) == SOCKET_ERROR) memset(&service, 0, sizeof(service)); 0 --------------------------------- 18679 67717/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_06.cpp Buffer_Overflow_Indexes 214 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18680 67717/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_06.cpp Buffer_Overflow_Indexes 214 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18681 67718/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_07.cpp Buffer_Overflow_Indexes 214 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18682 67718/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_07.cpp Buffer_Overflow_Indexes 214 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18683 67719/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_08.cpp Buffer_Overflow_Indexes 222 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18684 67719/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_08.cpp Buffer_Overflow_Indexes 222 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18685 67720/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_09.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18686 67720/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_09.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18687 67721/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_10.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18688 67721/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_10.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18689 67722/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_11.cpp Buffer_Overflow_Indexes 320 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18690 67722/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_11.cpp Buffer_Overflow_Indexes 320 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18691 67723/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_12.cpp Buffer_Overflow_Indexes 315 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18692 67723/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_12.cpp Buffer_Overflow_Indexes 315 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18693 67724/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_13.cpp Buffer_Overflow_Indexes 320 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18694 67724/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_13.cpp Buffer_Overflow_Indexes 320 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18695 67725/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_14.cpp Buffer_Overflow_Indexes 320 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18696 67725/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_14.cpp Buffer_Overflow_Indexes 320 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18697 67726/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_15.cpp Buffer_Overflow_Indexes 340 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18698 67726/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_15.cpp Buffer_Overflow_Indexes 340 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18699 67727/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_16.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18700 67727/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_16.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18701 67728/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_17.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18702 67728/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_17.cpp Buffer_Overflow_Indexes 97 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18703 67729/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_18.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18704 67729/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_18.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18705 67730/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_21.cpp Buffer_Overflow_Indexes 364 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18706 67730/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_21.cpp Buffer_Overflow_Indexes 364 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18707 67731/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_22.cpp Buffer_Overflow_Indexes 273 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18708 67731/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_22.cpp Buffer_Overflow_Indexes 273 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18709 67732/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_31.cpp Buffer_Overflow_Indexes 95 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18710 67732/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_31.cpp Buffer_Overflow_Indexes 95 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18711 67733/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_32.cpp Buffer_Overflow_Indexes 99 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18712 67733/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_32.cpp Buffer_Overflow_Indexes 99 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18713 67734/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_33.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18714 67734/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_33.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18715 67735/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_34.cpp Buffer_Overflow_Indexes 254 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18716 67735/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_34.cpp Buffer_Overflow_Indexes 254 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18717 67736/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_41.cpp Buffer_Overflow_Indexes 275 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18718 67736/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_41.cpp Buffer_Overflow_Indexes 275 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18719 67737/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_42.cpp Buffer_Overflow_Indexes 92 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18720 67737/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_42.cpp Buffer_Overflow_Indexes 92 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18721 67738/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_43.cpp Buffer_Overflow_Indexes 244 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18722 67738/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_43.cpp Buffer_Overflow_Indexes 244 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18723 67739/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_44.cpp Buffer_Overflow_Indexes 280 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18724 67739/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_44.cpp Buffer_Overflow_Indexes 280 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18725 67740/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_45.cpp Buffer_Overflow_Indexes 129 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18726 67740/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_45.cpp Buffer_Overflow_Indexes 129 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18727 67741/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_51.cpp Buffer_Overflow_Indexes 196 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18728 67741/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_51.cpp Buffer_Overflow_Indexes 196 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18729 67742/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_52.cpp Buffer_Overflow_Indexes 196 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18730 67742/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_52.cpp Buffer_Overflow_Indexes 196 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18731 67743/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_53.cpp Buffer_Overflow_Indexes 196 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18732 67743/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_53.cpp Buffer_Overflow_Indexes 196 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18733 67744/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_54.cpp Buffer_Overflow_Indexes 196 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18734 67744/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_54.cpp Buffer_Overflow_Indexes 196 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18735 67745/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_61.cpp Buffer_Overflow_Indexes 289 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18736 67745/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_61.cpp Buffer_Overflow_Indexes 289 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18737 67746/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_62.cpp Buffer_Overflow_Indexes 289 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18738 67746/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_62.cpp Buffer_Overflow_Indexes 289 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18739 67747/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_63.cpp Buffer_Overflow_Indexes 196 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18740 67747/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_63.cpp Buffer_Overflow_Indexes 196 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18741 67748/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_64.cpp Buffer_Overflow_Indexes 196 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18742 67748/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_64.cpp Buffer_Overflow_Indexes 196 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18743 67749/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_65.cpp Buffer_Overflow_Indexes 100 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18744 67749/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_65.cpp Buffer_Overflow_Indexes 100 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18745 67750/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_66.cpp Buffer_Overflow_Indexes 99 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18746 67750/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_66.cpp Buffer_Overflow_Indexes 99 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18747 67751/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_67.cpp Buffer_Overflow_Indexes 104 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18748 67751/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_67.cpp Buffer_Overflow_Indexes 104 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18749 67752/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_68.cpp Buffer_Overflow_Indexes 202 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18750 67752/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_68.cpp Buffer_Overflow_Indexes 202 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18751 67753/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_72.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18752 67753/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_72.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18753 67754/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_73.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18754 67754/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_73.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18755 67755/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_74.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 18756 67755/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_74.cpp Buffer_Overflow_Indexes 210 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 18757 67808/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_01.cpp Buffer_Overflow_cpycat 60 if(1) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18758 67809/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_02.cpp Buffer_Overflow_cpycat 90 data = NULL; if(1) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18759 67809/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_02.cpp Buffer_Overflow_cpycat 43 data = NULL; data = new char[10+1]; if(0) printLine("Benign, fixed string"); else char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18760 67809/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_02.cpp Buffer_Overflow_cpycat 71 data = NULL; if(1) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18761 67810/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_03.cpp Buffer_Overflow_cpycat 90 data = NULL; if(5==5) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18762 67810/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_03.cpp Buffer_Overflow_cpycat 43 data = NULL; if(5!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18763 67810/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_03.cpp Buffer_Overflow_cpycat 71 data = NULL; if(5==5) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18764 67811/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_04.cpp Buffer_Overflow_cpycat 77 data = NULL; if(STATIC_CONST_FALSE) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18765 67811/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_04.cpp Buffer_Overflow_cpycat 96 data = NULL; if(STATIC_CONST_TRUE) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18766 67811/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_04.cpp Buffer_Overflow_cpycat 49 data = NULL; if(STATIC_CONST_TRUE) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18767 67812/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_05.cpp Buffer_Overflow_cpycat 77 data = NULL; if(staticTrue) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18768 67812/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_05.cpp Buffer_Overflow_cpycat 96 data = NULL; if(staticFalse) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18769 67812/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_05.cpp Buffer_Overflow_cpycat 49 data = NULL; if(staticTrue) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18770 67813/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_06.cpp Buffer_Overflow_cpycat 48 data = NULL; if(STATIC_CONST_FIVE==5) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18771 67813/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_06.cpp Buffer_Overflow_cpycat 76 data = NULL; if(STATIC_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18772 67813/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_06.cpp Buffer_Overflow_cpycat 95 data = NULL; if(STATIC_CONST_FIVE==5) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18773 67814/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_07.cpp Buffer_Overflow_cpycat 48 data = NULL; if(staticFive==5) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18774 67814/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_07.cpp Buffer_Overflow_cpycat 76 data = NULL; if(staticFive!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18775 67814/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_07.cpp Buffer_Overflow_cpycat 95 data = NULL; if(staticFive==5) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18776 67815/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_08.cpp Buffer_Overflow_cpycat 56 data = NULL; if(staticReturnsTrue()) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18777 67815/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_08.cpp Buffer_Overflow_cpycat 84 data = NULL; if(staticReturnsFalse()) char source[10+1] = SRC_STRING; else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18778 67815/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_08.cpp Buffer_Overflow_cpycat 103 data = NULL; if(staticReturnsTrue()) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18779 67816/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_09.cpp Buffer_Overflow_cpycat 90 data = NULL; if(GLOBAL_CONST_TRUE) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18780 67816/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_09.cpp Buffer_Overflow_cpycat 43 data = NULL; if(GLOBAL_CONST_TRUE) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18781 67816/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_09.cpp Buffer_Overflow_cpycat 71 data = NULL; if(GLOBAL_CONST_FALSE) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18782 67817/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_10.cpp Buffer_Overflow_cpycat 90 data = NULL; if(globalFalse) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18783 67817/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_10.cpp Buffer_Overflow_cpycat 43 data = NULL; if(globalTrue) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18784 67817/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_10.cpp Buffer_Overflow_cpycat 71 data = NULL; if(globalTrue) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18785 67818/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_11.cpp Buffer_Overflow_cpycat 90 data = NULL; if(globalReturnsTrue()) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18786 67818/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_11.cpp Buffer_Overflow_cpycat 43 data = NULL; if(globalReturnsTrue()) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18787 67818/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_11.cpp Buffer_Overflow_cpycat 71 data = NULL; if(globalReturnsFalse()) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18788 67819/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_12.cpp Buffer_Overflow_cpycat 77 data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18789 67819/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_12.cpp Buffer_Overflow_cpycat 48 data = new char[10]; data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18790 67820/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_13.cpp Buffer_Overflow_cpycat 90 data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18791 67820/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_13.cpp Buffer_Overflow_cpycat 43 data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18792 67820/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_13.cpp Buffer_Overflow_cpycat 71 data = NULL; if(GLOBAL_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18793 67821/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_14.cpp Buffer_Overflow_cpycat 90 data = NULL; if(globalFive!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18794 67821/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_14.cpp Buffer_Overflow_cpycat 43 data = NULL; if(globalFive==5) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18795 67821/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_14.cpp Buffer_Overflow_cpycat 71 data = NULL; if(globalFive==5) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18796 67822/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_15.cpp Buffer_Overflow_cpycat 78 data = NULL; switch(6) case 6: data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18797 67822/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_15.cpp Buffer_Overflow_cpycat 49 data = NULL; switch(6) case 6: data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18798 67822/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_15.cpp Buffer_Overflow_cpycat 103 data = NULL; switch(5) case 6: printLine("Benign, fixed string"); data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18799 67823/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_16.cpp Buffer_Overflow_cpycat 68 data = NULL; data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18800 67823/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_16.cpp Buffer_Overflow_cpycat 44 data = NULL; data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18801 67824/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_17.cpp Buffer_Overflow_cpycat 68 data = NULL; data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18802 67824/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_17.cpp Buffer_Overflow_cpycat 44 data = NULL; data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18803 67825/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_18.cpp Buffer_Overflow_cpycat 42 data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18804 67825/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_18.cpp Buffer_Overflow_cpycat 64 data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18805 67826/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_21.cpp Buffer_Overflow_cpycat 93 data = NULL; data = goodG2B1Source(data); if(goodG2B1Static) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); static char * goodG2B1Source(char * data) return data; data = goodG2B1Source(data); strcpy(data, source); 0 --------------------------------- 18806 67826/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_21.cpp Buffer_Overflow_cpycat 120 data = NULL; data = goodG2B2Source(data); if(goodG2B2Static) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); static char * goodG2B2Source(char * data) return data; data = goodG2B2Source(data); strcpy(data, source); 0 --------------------------------- 18807 67826/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_21.cpp Buffer_Overflow_cpycat 53 data = badSource(data); data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); static char * badSource(char * data) return data; data = badSource(data); strcpy(data, source); 1 --------------------------------- 18808 67827/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_22.cpp Buffer_Overflow_cpycat 74 data = goodG2B1Source(data); if(goodG2B1Global) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18809 67827/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_22.cpp Buffer_Overflow_cpycat 93 data = NULL; data = goodG2B2Source(data); if(goodG2B2Global) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18810 67827/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_22.cpp Buffer_Overflow_cpycat 46 data = badSource(data); if(badGlobal) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18811 67828/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_31.cpp Buffer_Overflow_cpycat 43 data = new char[10]; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18812 67828/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_31.cpp Buffer_Overflow_cpycat 67 data = new char[10+1]; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18813 67829/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_32.cpp Buffer_Overflow_cpycat 77 char * *dataPtr2 = &data; data = new char[10]; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18814 67829/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_32.cpp Buffer_Overflow_cpycat 48 char * *dataPtr2 = &data; data = new char[10+1]; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18815 67830/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_33.cpp Buffer_Overflow_cpycat 67 char * &dataRef = data; data = new char[10]; char * data = dataRef; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18816 67830/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_33.cpp Buffer_Overflow_cpycat 43 char * &dataRef = data; data = new char[10+1]; char * data = dataRef; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18817 67831/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_34.cpp Buffer_Overflow_cpycat 50 unionType myUnion; data = new char[10+1]; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18818 67831/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_34.cpp Buffer_Overflow_cpycat 75 unionType myUnion; data = new char[10]; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18819 67832/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_41.cpp Buffer_Overflow_cpycat 36 char source[10+1] = SRC_STRING; strcpy(data, source); data = new char[10]; badSink(data); void badSink(char * data) strcpy(data, source); 1 --------------------------------- 18820 67832/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_41.cpp Buffer_Overflow_cpycat 60 char source[10+1] = SRC_STRING; strcpy(data, source); data = new char[10+1]; goodG2BSink(data); void goodG2BSink(char * data) strcpy(data, source); 0 --------------------------------- 18821 67833/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_42.cpp Buffer_Overflow_cpycat 72 data = goodG2BSource(data); data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18822 67833/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_42.cpp Buffer_Overflow_cpycat 46 data = badSource(data); data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18823 67834/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_43.cpp Buffer_Overflow_cpycat 45 data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18824 67834/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_43.cpp Buffer_Overflow_cpycat 70 data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18825 67835/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_44.cpp Buffer_Overflow_cpycat 64 static void goodG2BSink(char * data) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18826 67835/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_44.cpp Buffer_Overflow_cpycat 36 static void badSink(char * data) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18827 67836/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_45.cpp Buffer_Overflow_cpycat 40 char * data = badData; data = new char[10]; badData = data; badSink(); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18828 67836/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_45.cpp Buffer_Overflow_cpycat 67 char * data = goodG2BData; data = new char[10+1]; goodG2BData = data; goodG2BSink(); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18829 67837/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_51.cpp Buffer_Overflow_cpycat 136 void badSink(char * data) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18830 67837/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_51.cpp Buffer_Overflow_cpycat 152 goodG2BSink(data); data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18831 67838/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_52.cpp Buffer_Overflow_cpycat 194 void badSink_c(char * data) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18832 67838/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_52.cpp Buffer_Overflow_cpycat 210 void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18833 67839/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_53.cpp Buffer_Overflow_cpycat 252 void badSink_d(char * data) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18834 67839/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_53.cpp Buffer_Overflow_cpycat 268 void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18835 67840/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_54.cpp Buffer_Overflow_cpycat 310 void badSink_e(char * data) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18836 67840/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_54.cpp Buffer_Overflow_cpycat 326 void goodG2BSink_d(char * data) goodG2BSink_e(data); void goodG2BSink_e(char * data) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18837 67841/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_61.cpp Buffer_Overflow_cpycat 42 data = badSource(data); data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18838 67841/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_61.cpp Buffer_Overflow_cpycat 63 data = goodG2BSource(data); data = new char[10+1]; return data; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18839 67842/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_62.cpp Buffer_Overflow_cpycat 42 data = NULL; badSource(data); data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); void badSource(char * &data); strcpy(data, source); 1 --------------------------------- 18840 67842/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_62.cpp Buffer_Overflow_cpycat 63 char source[10+1] = SRC_STRING; data = new char[10+1]; strcpy(data, source); 0 --------------------------------- 18841 67843/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_63.cpp Buffer_Overflow_cpycat 134 void badSink(char * * dataPtr) char * data = *dataPtr; data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18842 67843/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_63.cpp Buffer_Overflow_cpycat 151 data = new char[10+1]; goodG2BSink(&data); char source[10+1] = SRC_STRING; strcpy(data, source); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; strcpy(data, source); 0 --------------------------------- 18843 67844/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_64.cpp Buffer_Overflow_cpycat 157 data = new char[10+1]; goodG2BSink(&data); char source[10+1] = SRC_STRING; strcpy(data, source); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strcpy(data, source); 0 --------------------------------- 18844 67844/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_64.cpp Buffer_Overflow_cpycat 137 void badSink(void * dataVoidPtr) data = new char[10]; char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18845 67845/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_65.cpp Buffer_Overflow_cpycat 137 void badSink(char * data) data = new char[10]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18846 67845/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_65.cpp Buffer_Overflow_cpycat 153 void goodG2BSink(char * data) data = new char[10+1]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18847 67846/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_66.cpp Buffer_Overflow_cpycat 142 void badSink(char * dataArray[]) data = new char[10]; char * dataArray[5]; dataArray[2] = data; char * data = dataArray[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18848 67846/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_66.cpp Buffer_Overflow_cpycat 159 data = new char[10+1]; dataArray[2] = data; goodG2BSink(dataArray); char source[10+1] = SRC_STRING; strcpy(data, source); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strcpy(data, source); 0 --------------------------------- 18849 67847/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_67.cpp Buffer_Overflow_cpycat 165 structType myStruct; data = new char[10+1]; myStruct.structFirst = data; void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; strcpy(data, source); 0 --------------------------------- 18850 67847/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_67.cpp Buffer_Overflow_cpycat 148 data = new char[10]; myStruct.structFirst = data; void badSink(structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18851 67848/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_68.cpp Buffer_Overflow_cpycat 162 data = new char[10]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_68_badData = data; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18852 67848/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_68.cpp Buffer_Overflow_cpycat 145 data = new char[10+1]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_68_goodG2BData = data; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 18853 67849/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_72.cpp Buffer_Overflow_cpycat 170 vector dataVector; data = new char[10+1]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char source[10+1] = SRC_STRING; strcpy(data, source); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strcpy(data, source); 0 --------------------------------- 18854 67849/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_72.cpp Buffer_Overflow_cpycat 153 char * data; vector dataVector; data = NULL; data = new char[10]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18855 67850/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_73.cpp Buffer_Overflow_cpycat 170 list dataList; data = new char[10+1]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char source[10+1] = SRC_STRING; strcpy(data, source); void goodG2BSink(list dataList) char * data = dataList.back(); strcpy(data, source); 0 --------------------------------- 18856 67850/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_73.cpp Buffer_Overflow_cpycat 153 char * data; list dataList; data = NULL; data = new char[10]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18857 67851/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_74.cpp Buffer_Overflow_cpycat 170 data = new char[10+1]; dataMap[2] = data; goodG2BSink(dataMap); char source[10+1] = SRC_STRING; strcpy(data, source); void goodG2BSink(map dataMap) char * data = dataMap[2]; strcpy(data, source); 0 --------------------------------- 18858 67851/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_74.cpp Buffer_Overflow_cpycat 153 char * data; map dataMap; data = NULL; data = new char[10]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 18859 67904/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_01.cpp String_Termination_Error 41 data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18860 67904/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_01.cpp String_Termination_Error 62 data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18861 67905/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_02.cpp String_Termination_Error 73 if(1) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18862 67905/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_02.cpp String_Termination_Error 93 if(0) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18863 67905/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_02.cpp String_Termination_Error 44 if(1) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18864 67906/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_03.cpp String_Termination_Error 73 if(5==5) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18865 67906/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_03.cpp String_Termination_Error 93 if(5!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18866 67906/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_03.cpp String_Termination_Error 44 if(5==5) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18867 67907/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_04.cpp String_Termination_Error 99 if(STATIC_CONST_TRUE) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18868 67907/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_04.cpp String_Termination_Error 50 if(STATIC_CONST_TRUE) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18869 67907/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_04.cpp String_Termination_Error 79 if(STATIC_CONST_FALSE) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18870 67908/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_05.cpp String_Termination_Error 99 if(staticTrue) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18871 67908/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_05.cpp String_Termination_Error 50 if(staticFalse) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18872 67908/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_05.cpp String_Termination_Error 79 if(staticTrue) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18873 67909/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_06.cpp String_Termination_Error 49 if(STATIC_CONST_FIVE==5) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18874 67909/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_06.cpp String_Termination_Error 78 if(STATIC_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18875 67909/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_06.cpp String_Termination_Error 98 if(STATIC_CONST_FIVE==5) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18876 67910/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_07.cpp String_Termination_Error 49 if(staticFive==5) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18877 67910/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_07.cpp String_Termination_Error 78 if(staticFive!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18878 67910/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_07.cpp String_Termination_Error 98 if(staticFive==5) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18879 67911/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_08.cpp String_Termination_Error 57 if(staticReturnsTrue()) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18880 67911/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_08.cpp String_Termination_Error 86 if(staticReturnsFalse()) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18881 67911/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_08.cpp String_Termination_Error 106 if(staticReturnsTrue()) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18882 67912/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_09.cpp String_Termination_Error 73 if(GLOBAL_CONST_TRUE) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18883 67912/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_09.cpp String_Termination_Error 93 if(GLOBAL_CONST_FALSE) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18884 67912/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_09.cpp String_Termination_Error 44 if(GLOBAL_CONST_TRUE) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18885 67913/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_10.cpp String_Termination_Error 73 if(globalTrue) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18886 67913/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_10.cpp String_Termination_Error 93 if(globalFalse) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18887 67913/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_10.cpp String_Termination_Error 44 if(globalTrue) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18888 67914/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_11.cpp String_Termination_Error 73 if(globalReturnsTrue()) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18889 67914/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_11.cpp String_Termination_Error 93 if(globalReturnsFalse()) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18890 67914/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_11.cpp String_Termination_Error 44 if(globalReturnsTrue()) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18891 67915/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_12.cpp Buffer_Overflow_boundedcpy 49 if(globalReturnsTrueOrFalse()) data = new char[10]; else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18892 67915/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_12.cpp Buffer_Overflow_boundedcpy 79 if(globalReturnsTrueOrFalse()) data = new char[10+1]; else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18893 67916/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_13.cpp String_Termination_Error 73 if(GLOBAL_CONST_FIVE==5) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18894 67916/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_13.cpp String_Termination_Error 93 if(GLOBAL_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18895 67916/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_13.cpp String_Termination_Error 44 if(GLOBAL_CONST_FIVE==5) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18896 67917/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_14.cpp String_Termination_Error 73 if(globalFive==5) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18897 67917/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_14.cpp String_Termination_Error 93 char source[10+1] = SRC_STRING; if(globalFive!=5) printLine("Benign, fixed string"); else data = new char[10+1]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18898 67917/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_14.cpp String_Termination_Error 44 if(globalFive==5) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18899 67918/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_15.cpp String_Termination_Error 80 switch(6) data = new char[10] char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18900 67918/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_15.cpp String_Termination_Error 50 switch(5) printLine("Benign, fixed string"); break; default: char source[10+1] = SRC_STRING; data = new char[10+1]; break; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18901 67918/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_15.cpp String_Termination_Error 106 switch(6) data = new char[10+1] char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18902 67919/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_16.cpp String_Termination_Error 70 while(1) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18903 67919/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_16.cpp String_Termination_Error 45 while(1) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18904 67920/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_17.cpp String_Termination_Error 70 for(i = 0; i < 1; i++) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18905 67920/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_17.cpp String_Termination_Error 45 for(h = 0; h < 1; h++) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18906 67921/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_18.cpp String_Termination_Error 43 data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18907 67921/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_18.cpp String_Termination_Error 66 data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18908 67922/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_21.cpp Buffer_Overflow_boundedcpy 54 data = badSource(data); if(goodG2B2Static) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18909 67922/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_21.cpp Buffer_Overflow_boundedcpy 123 data = NULL; data = goodG2B2Source(data); if(goodG2B2Static) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18910 67922/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_21.cpp Buffer_Overflow_boundedcpy 95 data = new char[10+1]; return data; data = NULL; data = goodG2B1Source(data); if(goodG2B1Static) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); static char * goodG2B1Source(char * data) return data; data = goodG2B1Source(data); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18911 67923/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_22.cpp Buffer_Overflow_boundedcpy 96 data = NULL; data = goodG2B2Source(data); if(goodG2B1Global) rintLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18912 67923/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_22.cpp Buffer_Overflow_boundedcpy 47 data = badSource(data); if(badGlobal) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18913 67923/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_22.cpp Buffer_Overflow_boundedcpy 76 data = goodG2B1Source(data); if(goodG2B2Global) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18914 67924/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_31.cpp Buffer_Overflow_boundedcpy 69 data = new char[10+1]; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18915 67924/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_31.cpp Buffer_Overflow_boundedcpy 44 data = new char[10]; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18916 67925/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_32.cpp Buffer_Overflow_boundedcpy 49 char * *dataPtr2 = &data; data = new char[10]; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18917 67925/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_32.cpp Buffer_Overflow_boundedcpy 79 char * *dataPtr2 = &data; data = new char[10+1]; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18918 67926/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 69 char * &dataRef = data; data = new char[10]; char * data = dataRef; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18919 67926/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 44 char * &dataRef = data; data = new char[10+1]; char * data = dataRef; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18920 67927/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_34.cpp Buffer_Overflow_boundedcpy 51 unionType myUnion; data = new char[10]; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18921 67927/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_34.cpp Buffer_Overflow_boundedcpy 77 unionType myUnion; data = new char[10+1]; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18922 67928/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_41.cpp Buffer_Overflow_boundedcpy 62 goodG2BSink(data); data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18923 67928/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_41.cpp Buffer_Overflow_boundedcpy 37 badSink(data); data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18924 67929/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_42.cpp Buffer_Overflow_boundedcpy 74 data = goodG2BSource(data); data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18925 67929/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_42.cpp Buffer_Overflow_boundedcpy 47 data = badSource(data); data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18926 67930/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 46 data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18927 67930/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 72 data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18928 67931/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_44.cpp Buffer_Overflow_boundedcpy 37 static void badSink(char * data) data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18929 67931/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_44.cpp Buffer_Overflow_boundedcpy 66 static void goodG2BSink(char * data) data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18930 67932/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_45.cpp Buffer_Overflow_boundedcpy 41 char * data = badData; data = new char[10]; badData = data; badSink(); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18931 67932/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_45.cpp Buffer_Overflow_boundedcpy 69 data = new char[10+1]; goodG2BData = data; goodG2BSink(); char * data = goodG2BData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18932 67933/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_51.cpp Buffer_Overflow_boundedcpy 137 data = new char[10]; void badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18933 67933/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_51.cpp Buffer_Overflow_boundedcpy 154 data = new char[10+1]; goodG2BSink(data); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18934 67934/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_52.cpp Buffer_Overflow_boundedcpy 195 data = new char[10]; void badSink_c(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18935 67934/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_52.cpp Buffer_Overflow_boundedcpy 212 data = new char[10+1]; void goodG2BSink_c(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18936 67935/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_53.cpp Buffer_Overflow_boundedcpy 270 data = new char[10+1]; goodG2BSink_d(data); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18937 67935/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_53.cpp Buffer_Overflow_boundedcpy 253 data = new char[10]; void badSink_d(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18938 67936/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_54.cpp Buffer_Overflow_boundedcpy 328 data = new char[10+1]; void goodG2BSink_e(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18939 67936/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_54.cpp Buffer_Overflow_boundedcpy 311 data = new char[10]; void badSink_e(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18940 67937/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_61.cpp Buffer_Overflow_boundedcpy 65 data = goodG2BSource(data); data = new char[10+1]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18941 67937/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_61.cpp Buffer_Overflow_boundedcpy 43 data = badSource(data); data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18942 67938/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 65 goodG2BSource(data); char source[10+1] = SRC_STRING; data = new char[10+1]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18943 67938/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 43 data = NULL; badSource(data); data = new char[10]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18944 67939/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_63.cpp Buffer_Overflow_boundedcpy 153 data = new char[10+1]; goodG2BSink(&data); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18945 67939/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_63.cpp Buffer_Overflow_boundedcpy 135 data = new char[10]; void badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18946 67940/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_64.cpp Buffer_Overflow_boundedcpy 138 data = new char[10]; void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18947 67940/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_64.cpp Buffer_Overflow_boundedcpy 159 data = new char[10+1]; goodG2BSink(&data); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18948 67941/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_65.cpp Buffer_Overflow_boundedcpy 155 data = new char[10+1]; void goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18949 67941/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_65.cpp Buffer_Overflow_boundedcpy 138 data = new char[10]; void badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18950 67942/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_66.cpp Buffer_Overflow_boundedcpy 161 data = new char[10+1]; dataArray[2] = data; goodG2BSink(dataArray); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18951 67942/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_66.cpp Buffer_Overflow_boundedcpy 143 data = new char[10]; dataArray[2] = data; void badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18952 67943/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_67.cpp Buffer_Overflow_boundedcpy 149 structType myStruct; data = new char[10]; myStruct.structFirst = data; void badSink(structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18953 67943/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_67.cpp Buffer_Overflow_boundedcpy 167 structType myStruct; data = new char[10+1]; myStruct.structFirst = data; goodG2BSink(myStruct); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18954 67944/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_68.cpp Buffer_Overflow_boundedcpy 146 data = new char[10]; char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_68_badData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18955 67944/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_68.cpp Buffer_Overflow_boundedcpy 164 data = new char[10+1]; char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_68_goodG2BData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18956 67945/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 154 char * data; vector dataVector; data = NULL; data = new char[10]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18957 67945/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 172 vector dataVector; data = new char[10+1]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18958 67946/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 154 list dataList; data = new char[10]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18959 67946/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 172 list dataList; data = new char[10+1]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(list dataList) char * data = dataList.back(); memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18960 67947/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 154 char * data; map dataMap; data = NULL; data = new char[10]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18961 67947/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 172 char * data; map dataMap; data = NULL; data = new char[10+1]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(map dataMap) char * data = dataMap[2]; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18962 67952/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_01.cpp Buffer_Overflow_boundedcpy 41 data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18963 67952/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_01.cpp Buffer_Overflow_boundedcpy 62 data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18964 67953/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_02.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(1) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18965 67953/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_02.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(0) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18966 67953/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_02.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(1) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18967 67954/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_03.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(5==5) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18968 67954/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_03.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(5!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18969 67954/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_03.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(5==5) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18970 67955/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_04.cpp Buffer_Overflow_boundedcpy 99 data = NULL; if(STATIC_CONST_TRUE) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18971 67955/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_04.cpp Buffer_Overflow_boundedcpy 50 data = NULL; if(STATIC_CONST_TRUE) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18972 67955/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_04.cpp Buffer_Overflow_boundedcpy 79 data = NULL; if(STATIC_CONST_FALSE) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18973 67956/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_05.cpp Buffer_Overflow_boundedcpy 99 data = NULL; if(staticTrue) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18974 67956/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_05.cpp Buffer_Overflow_boundedcpy 50 data = NULL; if(staticTrue) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18975 67956/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_05.cpp Buffer_Overflow_boundedcpy 79 data = NULL; if(staticFalse) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18976 67957/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_06.cpp Buffer_Overflow_boundedcpy 49 data = NULL; if(STATIC_CONST_FIVE==5) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18977 67957/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_06.cpp Buffer_Overflow_boundedcpy 98 data = NULL; if(STATIC_CONST_FIVE==5) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18978 67957/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_06.cpp Buffer_Overflow_boundedcpy 78 data = NULL; if(STATIC_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18979 67958/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_07.cpp Buffer_Overflow_boundedcpy 49 data = NULL; if(staticFive==5) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18980 67958/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_07.cpp Buffer_Overflow_boundedcpy 98 data = NULL; if(staticFive==5) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18981 67958/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_07.cpp Buffer_Overflow_boundedcpy 78 data = NULL; if(staticFive!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18982 67959/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_08.cpp Buffer_Overflow_boundedcpy 57 data = NULL; if(staticReturnsTrue()) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18983 67959/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_08.cpp Buffer_Overflow_boundedcpy 106 data = NULL; if(staticReturnsTrue()) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18984 67959/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_08.cpp Buffer_Overflow_boundedcpy 86 data = NULL; if(staticReturnsFalse()) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18985 67960/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_09.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(GLOBAL_CONST_TRUE) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18986 67960/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_09.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(GLOBAL_CONST_TRUE) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18987 67960/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_09.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(GLOBAL_CONST_FALSE) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18988 67961/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_10.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(globalTrue) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18989 67961/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_10.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(globalTrue) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18990 67961/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_10.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(globalFalse) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18991 67962/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_11.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(globalReturnsTrue()) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18992 67962/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_11.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(globalReturnsTrue()) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18993 67962/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_11.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(globalReturnsFalse()) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18994 67963/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_12.cpp Buffer_Overflow_boundedcpy 49 data = new char[10]; data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18995 67963/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_12.cpp Buffer_Overflow_boundedcpy 79 data = new char[10+1]; data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18996 67964/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_13.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 18997 67964/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_13.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(GLOBAL_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18998 67964/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_13.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 18999 67965/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_14.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(globalFive==5) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19000 67965/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_14.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(globalFive==5) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19001 67965/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_14.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(globalFive!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19002 67966/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_15.cpp Buffer_Overflow_boundedcpy 106 switch(5) default: data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19003 67966/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_15.cpp Buffer_Overflow_boundedcpy 50 data = NULL; data = NULL; switch(6) case 6: data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19004 67966/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_15.cpp Buffer_Overflow_boundedcpy 80 data = NULL; switch(6) case 6: data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19005 67967/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_16.cpp Buffer_Overflow_boundedcpy 45 data = NULL; while(1) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19006 67967/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_16.cpp Buffer_Overflow_boundedcpy 70 data = NULL; while(1) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19007 67968/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_17.cpp String_Termination_Error 45 for(h = 0; h < 1; h++) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19008 67968/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_17.cpp String_Termination_Error 70 for(i = 0; i < 1; i++) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19009 67969/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_18.cpp String_Termination_Error 43 data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19010 67969/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_18.cpp String_Termination_Error 66 data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19011 67970/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_21.cpp Buffer_Overflow_boundedcpy 123 data = NULL; data = goodG2B2Source(data); data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19012 67970/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_21.cpp Buffer_Overflow_boundedcpy 95 data = NULL; data = goodG2B1Source(data); data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19013 67970/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_21.cpp Buffer_Overflow_boundedcpy 54 data = NULL; data = badSource(data); data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19014 67971/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_22.cpp Buffer_Overflow_boundedcpy 76 data = goodG2B1Source(data); printLine("Benign, fixed string"); if(goodG2B1Global) else data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19015 67971/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_22.cpp Buffer_Overflow_boundedcpy 47 data = badSource(data); if(goodG2B2Global) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19016 67971/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_22.cpp Buffer_Overflow_boundedcpy 96 data = NULL; data = goodG2B2Source(data); if(goodG2B2Global) data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); char * goodG2B2Source(char * data) return data; data = goodG2B2Source(data); memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19017 67972/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_31.cpp Buffer_Overflow_boundedcpy 44 data = new char[10]; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19018 67972/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_31.cpp Buffer_Overflow_boundedcpy 69 data = new char[10+1]; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19019 67973/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_32.cpp Buffer_Overflow_boundedcpy 49 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[10]; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19020 67973/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_32.cpp Buffer_Overflow_boundedcpy 79 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[10+1]; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19021 67974/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_33.cpp Buffer_Overflow_boundedcpy 44 char * data; char * &dataRef = data; data = NULL; data = new char[10]; char * data = dataRef; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19022 67974/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_33.cpp Buffer_Overflow_boundedcpy 69 char * data; char * &dataRef = data; data = NULL; data = new char[10+1]; char * data = dataRef; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19023 67975/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_34.cpp Buffer_Overflow_boundedcpy 51 char * data; unionType myUnion; data = NULL; data = new char[10]; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19024 67975/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_34.cpp Buffer_Overflow_boundedcpy 77 char * data; unionType myUnion; data = NULL; data = new char[10+1]; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19025 67976/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_41.cpp Buffer_Overflow_boundedcpy 37 data = new char[10]; badSink(data); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19026 67976/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_41.cpp Buffer_Overflow_boundedcpy 62 data = new char[10+1]; goodG2BSink(data); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19027 67977/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_42.cpp Buffer_Overflow_boundedcpy 74 data = new char[10+1]; data = goodG2BSource(data); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19028 67977/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_42.cpp Buffer_Overflow_boundedcpy 47 data = new char[10]; data = badSource(data); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19029 67978/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_43.cpp String_Termination_Error 72 badSource(data) data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19030 67978/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_43.cpp String_Termination_Error 46 goodG2BSource(data); data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19031 67979/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_44.cpp Buffer_Overflow_boundedcpy 66 data = new char[10+1]; static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19032 67979/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_44.cpp Buffer_Overflow_boundedcpy 37 data = new char[10]; static void badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19033 67980/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_45.cpp Buffer_Overflow_boundedcpy 41 char * data = badData; data = new char[10]; badData = data; badSink(); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19034 67980/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_45.cpp Buffer_Overflow_boundedcpy 69 data = new char[10+1]; goodG2BData = data; goodG2BSink(); char * data = goodG2BData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19035 67981/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_51.cpp Buffer_Overflow_boundedcpy 137 data = new char[10]; void badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19036 67981/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_51.cpp Buffer_Overflow_boundedcpy 154 data = new char[10+1]; goodG2BSink(data); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(char * data) memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19037 67982/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_52.cpp Buffer_Overflow_boundedcpy 195 data = new char[10]; void badSink_c(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19038 67982/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_52.cpp Buffer_Overflow_boundedcpy 212 data = new char[10+1]; goodG2BSink_c(data); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19039 67983/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_53.cpp Buffer_Overflow_boundedcpy 253 data = new char[10]; void badSink_d(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19040 67983/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_53.cpp Buffer_Overflow_boundedcpy 270 data = new char[10+1]; goodG2BSink_d(data); void goodG2BSink_d(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19041 67984/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_54.cpp Buffer_Overflow_boundedcpy 311 data = new char[10]; void badSink_e(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19042 67984/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_54.cpp Buffer_Overflow_boundedcpy 328 data = new char[10+1]; goodG2BSink_e(data); void goodG2BSink_e(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19043 67985/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_61.cpp Buffer_Overflow_boundedcpy 43 data = badSource(data); data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19044 67985/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_61.cpp Buffer_Overflow_boundedcpy 65 data = goodG2BSource(data); data = new char[10+1]; return data; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19045 67986/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_62.cpp Buffer_Overflow_boundedcpy 43 data = NULL; badSource(data); data = new char[10]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19046 67986/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_62.cpp Buffer_Overflow_boundedcpy 65 data = NULL; goodG2BSource(data); data = new char[10+1]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19047 67987/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_63.cpp Buffer_Overflow_boundedcpy 153 data = new char[10+1]; goodG2BSink(&data); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19048 67987/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_63.cpp Buffer_Overflow_boundedcpy 135 data = new char[10]; void badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19049 67988/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_64.cpp Buffer_Overflow_boundedcpy 138 data = new char[10]; void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19050 67988/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_64.cpp Buffer_Overflow_boundedcpy 159 data = new char[10+1]; goodG2BSink(&data); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19051 67989/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_65.cpp Buffer_Overflow_boundedcpy 155 data = new char[10+1]; void goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19052 67989/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_65.cpp Buffer_Overflow_boundedcpy 138 data = new char[10]; void badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19053 67990/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_66.cpp Buffer_Overflow_boundedcpy 161 data = new char[10+1]; dataArray[2] = data; goodG2BSink(dataArray); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19054 67990/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_66.cpp Buffer_Overflow_boundedcpy 143 data = new char[10]; void badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19055 67991/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_67.cpp Buffer_Overflow_boundedcpy 167 char * data; structType myStruct; data = NULL; data = new char[10+1]; myStruct.structFirst = data; goodG2BSink(myStruct); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19056 67991/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_67.cpp Buffer_Overflow_boundedcpy 149 char * data; structType myStruct; data = NULL; data = new char[10]; myStruct.structFirst = data; void badSink(structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19057 67992/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_68.cpp Buffer_Overflow_boundedcpy 164 data = new char[10]; char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_68_goodG2BData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19058 67992/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_68.cpp Buffer_Overflow_boundedcpy 146 data = new char[10+1]; char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_68_badData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19059 67993/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_72.cpp Buffer_Overflow_boundedcpy 172 vector dataVector; data = new char[10+1]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(vector dataVector) char * data = dataVector[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19060 67993/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_72.cpp Buffer_Overflow_boundedcpy 154 vector dataVector; data = new char[10]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19061 67994/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_73.cpp Buffer_Overflow_boundedcpy 172 list dataList; data = new char[10+1]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(list dataList) char * data = dataList.back(); memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19062 67994/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_73.cpp Buffer_Overflow_boundedcpy 154 list dataList; data = new char[10+1]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19063 67995/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_74.cpp Buffer_Overflow_boundedcpy 172 char * data; map dataMap; data = NULL; data = new char[10+1]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); void goodG2BSink(map dataMap) char * data = dataMap[2]; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 19064 67995/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_74.cpp Buffer_Overflow_boundedcpy 154 char * data; map dataMap; data = NULL; data = new char[10]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 19065 68000/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_01.cpp Off_by_One_Error_in_Methods 62 data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19066 68000/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_01.cpp Off_by_One_Error_in_Methods 41 data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19067 68001/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_02.cpp Off_by_One_Error_in_Methods 93 data = NULL; if(0) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19068 68001/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_02.cpp Off_by_One_Error_in_Methods 44 data = NULL; if(1) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19069 68001/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_02.cpp Off_by_One_Error_in_Methods 93 data = NULL; if(1) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19070 68002/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_03.cpp Off_by_One_Error_in_Methods 93 data = NULL; if(5!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19071 68002/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_03.cpp Off_by_One_Error_in_Methods 44 data = NULL; if(5==5) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19072 68002/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_03.cpp Off_by_One_Error_in_Methods 73 data = NULL; if(5==5) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19073 68003/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_04.cpp Off_by_One_Error_in_Methods 79 data = NULL; if(STATIC_CONST_FALSE) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19074 68003/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_04.cpp Off_by_One_Error_in_Methods 99 data = NULL; if(STATIC_CONST_TRUE) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19075 68003/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_04.cpp Off_by_One_Error_in_Methods 50 data = NULL; if(STATIC_CONST_TRUE) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19076 68004/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_05.cpp Off_by_One_Error_in_Methods 79 data = NULL; if(staticFalse) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19077 68004/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_05.cpp Off_by_One_Error_in_Methods 99 data = NULL; if(staticTrue) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19078 68004/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_05.cpp Off_by_One_Error_in_Methods 50 data = NULL; if(staticTrue) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19079 68005/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_06.cpp Off_by_One_Error_in_Methods 78 data = NULL; if(STATIC_CONST_FIVE==5) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19080 68005/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_06.cpp Off_by_One_Error_in_Methods 49 data = NULL; if(STATIC_CONST_FIVE==5) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19081 68005/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_06.cpp Off_by_One_Error_in_Methods 98 data = NULL; if(STATIC_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19082 68006/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_07.cpp Off_by_One_Error_in_Methods 78 data = NULL; if(staticFive==5) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19083 68006/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_07.cpp Off_by_One_Error_in_Methods 49 data = NULL; if(staticFive==5) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19084 68006/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_07.cpp Off_by_One_Error_in_Methods 98 data = NULL; if(staticFive!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19085 68007/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_08.cpp Off_by_One_Error_in_Methods 86 data = NULL; if(staticReturnsTrue()) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19086 68007/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_08.cpp Off_by_One_Error_in_Methods 57 data = NULL; if(staticReturnsTrue()) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19087 68007/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_08.cpp Off_by_One_Error_in_Methods 106 data = NULL; if(staticReturnsFalse()) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19088 68008/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_09.cpp Off_by_One_Error_in_Methods 93 data = NULL; if(GLOBAL_CONST_TRUE) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19089 68008/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_09.cpp Off_by_One_Error_in_Methods 44 data = NULL; if(GLOBAL_CONST_TRUE) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19090 68008/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_09.cpp Off_by_One_Error_in_Methods 73 data = NULL; if(GLOBAL_CONST_FALSE) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; 0 --------------------------------- 19091 68009/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_10.cpp Off_by_One_Error_in_Methods 93 data = NULL; if(globalTrue) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19092 68009/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_10.cpp Off_by_One_Error_in_Methods 44 data = NULL; if(globalTrue) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19093 68009/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_10.cpp Off_by_One_Error_in_Methods 73 data = NULL; if(globalFalse) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19094 68010/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_11.cpp Off_by_One_Error_in_Methods 93 data = NULL; if(globalReturnsTrue()) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19095 68010/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_11.cpp Off_by_One_Error_in_Methods 44 data = NULL; if(globalReturnsTrue()) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19096 68010/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_11.cpp Off_by_One_Error_in_Methods 73 data = NULL; if(globalReturnsFalse()) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19097 68011/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_12.cpp Off_by_One_Error_in_Methods 49 if(globalReturnsTrueOrFalse()) data = new char[10]; else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19098 68011/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_12.cpp Buffer_Overflow_LowBound 79 if(globalReturnsTrueOrFalse()) data = new char[10+1]; else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19099 68012/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_13.cpp Off_by_One_Error_in_Methods 93 data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19100 68012/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_13.cpp Off_by_One_Error_in_Methods 44 data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19101 68012/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_13.cpp Off_by_One_Error_in_Methods 73 data = NULL; if(GLOBAL_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19102 68013/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_14.cpp Off_by_One_Error_in_Methods 93 data = NULL; if(globalFive==5) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19103 68013/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_14.cpp Off_by_One_Error_in_Methods 44 data = NULL; if(globalFive==5) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19104 68013/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_14.cpp Off_by_One_Error_in_Methods 73 data = NULL; if(globalFive!=5) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19105 68014/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_15.cpp Off_by_One_Error_in_Methods 80 data = NULL; switch(5) case 6: printLine("Benign, fixed string"); break; default: data = new char[10+1]; break; data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19106 68014/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_15.cpp Off_by_One_Error_in_Methods 50 data = NULL; switch(6) case 6: data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19107 68014/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_15.cpp Off_by_One_Error_in_Methods 106 data = NULL; switch(6) case 6: data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19108 68015/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_16.cpp String_Termination_Error 70 while(1) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19109 68015/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_16.cpp Buffer_Overflow_LowBound 45 data = NULL; while(1) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19110 68016/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_17.cpp Off_by_One_Error_in_Methods 45 data = NULL; for(i = 0; i < 1; i++) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19111 68016/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_17.cpp Off_by_One_Error_in_Methods 70 data = NULL; for(h = 0; h < 1; h++) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19112 68017/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_18.cpp Off_by_One_Error_in_Methods 43 data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19113 68017/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_18.cpp Off_by_One_Error_in_Methods 66 data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19114 68018/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_21.cpp Off_by_One_Error_in_Methods 95 data = goodG2B1Source(data); if(goodG2B1Static) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19115 68018/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_21.cpp Off_by_One_Error_in_Methods 54 data = badSource(data); if(badStatic) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19116 68018/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_21.cpp Off_by_One_Error_in_Methods 123 data = goodG2B2Source(data); if(goodG2B2Static) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); static char * goodG2B2Source(char * data) return data; data = goodG2B2Source(data); strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19117 68019/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_22.cpp Off_by_One_Error_in_Methods 47 data = badSource(data); if(badGlobal) data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19118 68019/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_22.cpp Off_by_One_Error_in_Methods 96 data = NULL; data = goodG2B2Source(data); if(goodG2B2Global) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19119 68019/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_22.cpp Buffer_Overflow_boundedcpy 76 data = goodG2B1Source(data); if(goodG2B1Global) printLine("Benign, fixed string"); else data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19120 68020/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_31.cpp Off_by_One_Error_in_Methods 69 data = new char[10+1]; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19121 68020/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_31.cpp Off_by_One_Error_in_Methods 44 data = new char[10]; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19122 68020/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_31.cpp Buffer_Overflow_LowBound 69 data = new char[10+1]; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19123 68021/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_32.cpp Off_by_One_Error_in_Methods 49 char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[10]; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19124 68021/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_32.cpp Buffer_Overflow_LowBound 79 char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[10+1]; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19125 68022/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_33.cpp Off_by_One_Error_in_Methods 44 char * &dataRef = data; data = new char[10]; char * data = dataRef; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19126 68022/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_33.cpp Buffer_Overflow_LowBound 69 char * &dataRef = data; data = new char[10+1]; char * data = dataRef; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19127 68023/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_34.cpp Off_by_One_Error_in_Methods 77 char * data; unionType myUnion; data = NULL; data = new char[10]; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19128 68023/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_34.cpp Off_by_One_Error_in_Methods 51 char * data; unionType myUnion; data = NULL; data = new char[10+1]; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19129 68024/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_41.cpp Off_by_One_Error_in_Methods 37 data = new char[10]; badSink(data); void badSink(char * data) strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19130 68024/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_41.cpp Off_by_One_Error_in_Methods 62 data = new char[10+1]; goodG2BSink(data); void goodG2BSink(char * data) strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19131 68025/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_42.cpp Off_by_One_Error_in_Methods 47 data = new char[10]; data = badSource(data); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19132 68025/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_42.cpp Off_by_One_Error_in_Methods 74 data = new char[10+1]; data = goodG2BSource(data); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19133 68026/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_43.cpp Off_by_One_Error_in_Methods 72 data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19134 68026/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_43.cpp Off_by_One_Error_in_Methods 46 data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19135 68027/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_44.cpp Off_by_One_Error_in_Methods 37 data = new char[10]; static void badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19136 68027/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_44.cpp Off_by_One_Error_in_Methods 66 data = new char[10+1]; static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19137 68028/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_45.cpp Off_by_One_Error_in_Methods 69 data = new char[10+1]; goodG2BData = data; goodG2BSink(); char * data = goodG2BData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19138 68028/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_45.cpp Off_by_One_Error_in_Methods 41 char * data = badData; data = new char[10]; badData = data; badSink(); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19139 68029/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_51.cpp Off_by_One_Error_in_Methods 137 data = new char[10]; void badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19140 68029/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_51.cpp Off_by_One_Error_in_Methods 154 data = new char[10+1]; goodG2BSink(data); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(char * data) strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19141 68030/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_52.cpp Off_by_One_Error_in_Methods 195 data = new char[10]; void badSink_c(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19142 68030/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_52.cpp Off_by_One_Error_in_Methods 212 data = new char[10+1]; void goodG2BSink_c(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19143 68031/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_53.cpp Off_by_One_Error_in_Methods 253 data = new char[10]; void badSink_d(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19144 68031/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_53.cpp Off_by_One_Error_in_Methods 270 data = new char[10+1]; void goodG2BSink_d(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19145 68032/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_54.cpp Off_by_One_Error_in_Methods 311 data = new char[10]; void badSink_e(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19146 68032/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_54.cpp Off_by_One_Error_in_Methods 328 data = new char[10+1]; void goodG2BSink_e(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19147 68033/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_61.cpp Off_by_One_Error_in_Methods 43 data = badSource(data); data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19148 68033/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_61.cpp Off_by_One_Error_in_Methods 65 data = goodG2BSource(data); data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19149 68034/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_62.cpp Off_by_One_Error_in_Methods 43 data = NULL; badSource(data); data = new char[10]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19150 68034/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_62.cpp Off_by_One_Error_in_Methods 65 goodG2BSource(char * &data) data = new char[10+1]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19151 68035/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_63.cpp Off_by_One_Error_in_Methods 135 data = new char[10]; void badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19152 68035/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_63.cpp Off_by_One_Error_in_Methods 153 data = new char[10+1]; goodG2BSink(&data); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19153 68036/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_64.cpp Off_by_One_Error_in_Methods 159 data = new char[10+1]; goodG2BSink(&data); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19154 68036/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_64.cpp Off_by_One_Error_in_Methods 138 data = new char[10]; void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19155 68037/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_65.cpp Off_by_One_Error_in_Methods 155 data = new char[10+1]; void goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19156 68037/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_65.cpp Off_by_One_Error_in_Methods 138 data = new char[10]; void badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19157 68038/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_66.cpp Off_by_One_Error_in_Methods 143 char * data; char * dataArray[5]; data = NULL; data = new char[10]; dataArray[2] = data; void badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19158 68038/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_66.cpp Off_by_One_Error_in_Methods 161 char * data; char * dataArray[5]; data = NULL; data = new char[10+1]; dataArray[2] = data; goodG2BSink(dataArray); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19159 68039/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_67.cpp Off_by_One_Error_in_Methods 167 char * data; structType myStruct; data = NULL; data = new char[10+1]; myStruct.structFirst = data; goodG2BSink(myStruct); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19160 68039/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_67.cpp Off_by_One_Error_in_Methods 149 char * data; structType myStruct; data = NULL; data = new char[10]; myStruct.structFirst = data; void badSink(structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19161 68040/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_68.cpp Off_by_One_Error_in_Methods 164 data = new char[10]; char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_68_goodG2BData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19162 68040/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_68.cpp Off_by_One_Error_in_Methods 146 data = new char[10+1]; char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_68_badData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19163 68041/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_72.cpp Off_by_One_Error_in_Methods 172 vector dataVector; data = new char[10+1]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(vector dataVector) char * data = dataVector[2]; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19164 68041/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_72.cpp Off_by_One_Error_in_Methods 154 vector dataVector; data = NULL; data = new char[10]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) char * data = dataVector[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19165 68042/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_73.cpp Off_by_One_Error_in_Methods 172 list dataList; data = new char[10+1]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(list dataList) char * data = dataList.back(); strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19166 68042/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_73.cpp Off_by_One_Error_in_Methods 154 list dataList; data = new char[10]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) char * data = dataList.back(); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19167 68043/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_74.cpp Off_by_One_Error_in_Methods 172 data = new char[10+1]; dataMap[2] = data; goodG2BSink(dataMap); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); void goodG2BSink(map dataMap) char * data = dataMap[2]; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 19168 68043/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_74.cpp Off_by_One_Error_in_Methods 154 data = new char[10]; dataMap[2] = data; void badSink(map dataMap) char * data = dataMap[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 19169 68048/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_01.cpp Buffer_Overflow_cpycat 60 data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19170 68048/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_01.cpp Buffer_Overflow_cpycat 40 data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19171 68049/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_02.cpp Buffer_Overflow_cpycat 71 data = NULL; if(0) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19172 68049/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_02.cpp Buffer_Overflow_cpycat 90 data = NULL; if(1) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19173 68049/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_02.cpp Buffer_Overflow_cpycat 43 data = NULL; if(1) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19174 68050/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_03.cpp Buffer_Overflow_cpycat 71 data = NULL; if(5==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19175 68050/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_03.cpp Buffer_Overflow_cpycat 90 data = NULL; if(5!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19176 68050/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_03.cpp Buffer_Overflow_cpycat 43 data = NULL; if(5==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19177 68051/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_04.cpp Buffer_Overflow_cpycat 49 data = NULL; if(STATIC_CONST_TRUE) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19178 68051/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_04.cpp Buffer_Overflow_cpycat 77 data = NULL; if(STATIC_CONST_TRUE) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19179 68051/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_04.cpp Buffer_Overflow_cpycat 96 data = NULL; if(STATIC_CONST_FALSE) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19180 68052/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_05.cpp Buffer_Overflow_cpycat 49 data = NULL; if(staticTrue) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19181 68052/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_05.cpp Buffer_Overflow_cpycat 77 data = NULL; if(staticTrue) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19182 68052/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_05.cpp Buffer_Overflow_cpycat 96 data = NULL; if(staticFalse) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19183 68053/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_06.cpp Buffer_Overflow_cpycat 76 data = NULL; f(STATIC_CONST_FIVE==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19184 68053/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_06.cpp Buffer_Overflow_cpycat 95 data = NULL; if(STATIC_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19185 68053/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_06.cpp Buffer_Overflow_cpycat 48 data = NULL; f(STATIC_CONST_FIVE==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19186 68054/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_07.cpp Buffer_Overflow_cpycat 76 data = NULL; if(staticFive==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19187 68054/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_07.cpp Buffer_Overflow_cpycat 95 data = NULL; if(staticFive!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19188 68054/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_07.cpp Buffer_Overflow_cpycat 48 data = NULL; if(staticFive==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19189 68055/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_08.cpp Buffer_Overflow_cpycat 84 data = NULL; if(staticReturnsFalse()) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19190 68055/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_08.cpp Buffer_Overflow_cpycat 103 data = NULL; if(staticReturnsTrue()) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19191 68055/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_08.cpp Buffer_Overflow_cpycat 56 data = NULL; if(staticReturnsTrue()) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19192 68056/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_09.cpp Buffer_Overflow_cpycat 71 data = NULL; if(GLOBAL_CONST_TRUE) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19193 68056/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_09.cpp Buffer_Overflow_cpycat 90 data = NULL; if(GLOBAL_CONST_FALSE) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19194 68056/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_09.cpp Buffer_Overflow_cpycat 43 data = NULL; if(GLOBAL_CONST_TRUE) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19195 68057/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_10.cpp Buffer_Overflow_cpycat 71 data = NULL; if(globalTrue) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19196 68057/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_10.cpp Buffer_Overflow_cpycat 90 data = NULL; if(globalFalse) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19197 68057/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_10.cpp Buffer_Overflow_cpycat 43 data = NULL; if(globalTrue) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19198 68058/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_11.cpp Buffer_Overflow_cpycat 71 data = NULL; if(globalReturnsTrue()) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19199 68058/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_11.cpp Buffer_Overflow_cpycat 90 data = NULL; if(globalReturnsFalse()) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19200 68058/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_11.cpp Buffer_Overflow_cpycat 43 data = NULL; if(globalReturnsTrue()) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19201 68059/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_12.cpp Buffer_Overflow_cpycat 77 if(globalReturnsTrueOrFalse()) data = new wchar_t[10+1]; else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19202 68059/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_12.cpp Buffer_Overflow_cpycat 48 if(globalReturnsTrueOrFalse()) data = new wchar_t[10]; else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19203 68060/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_13.cpp Buffer_Overflow_cpycat 71 data = NULL; if(GLOBAL_CONST_FIVE==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19204 68060/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_13.cpp Buffer_Overflow_cpycat 90 data = NULL; if(GLOBAL_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19205 68060/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_13.cpp Buffer_Overflow_cpycat 43 data = NULL; if(GLOBAL_CONST_FIVE==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19206 68061/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_14.cpp Buffer_Overflow_cpycat 71 data = NULL; if(globalFive==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19207 68061/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_14.cpp Buffer_Overflow_cpycat 90 data = NULL; if(globalFive!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19208 68061/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_14.cpp Buffer_Overflow_cpycat 43 data = NULL; if(globalFive==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19209 68062/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_15.cpp Buffer_Overflow_cpycat 78 data = NULL; switch(5) case 6: printLine("Benign, fixed string"); break; default: data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19210 68062/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_15.cpp Buffer_Overflow_cpycat 49 data = NULL; switch(6) case 6: data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19211 68062/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_15.cpp Buffer_Overflow_cpycat 103 data = NULL; switch(6) case 6: data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19212 68063/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_16.cpp Buffer_Overflow_cpycat 44 data = NULL; while(1) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19213 68063/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_16.cpp Buffer_Overflow_cpycat 68 data = NULL; while(1) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19214 68064/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_17.cpp Buffer_Overflow_cpycat 44 data = NULL; for(i = 0; i < 1; i++) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19215 68064/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_17.cpp Buffer_Overflow_cpycat 68 data = NULL; for(i = 0; i < 1; i++) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19216 68065/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_18.cpp Buffer_Overflow_cpycat 42 data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19217 68065/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_18.cpp Buffer_Overflow_cpycat 64 data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19218 68066/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_21.cpp Buffer_Overflow_cpycat 93 data = goodG2B1Source(data); if(goodG2B1Static) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); static wchar_t * goodG2B1Source(wchar_t * data) return data; data = goodG2B1Source(data); wcscpy(data, source); 0 --------------------------------- 19219 68066/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_21.cpp Buffer_Overflow_cpycat 120 data = goodG2B2Source(data); if(goodG2B2Static) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); static wchar_t * goodG2B2Source(wchar_t * data) return data; data = goodG2B2Source(data); wcscpy(data, source); 0 --------------------------------- 19220 68066/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_21.cpp Buffer_Overflow_cpycat 53 data = badSource(data); if(badStatic) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19221 68067/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_22.cpp Buffer_Overflow_cpycat 46 data = badSource(data); if(badGlobal) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19222 68067/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_22.cpp Buffer_Overflow_cpycat 74 data = goodG2B1Source(data); if(goodG2B1Global) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19223 68067/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_22.cpp Buffer_Overflow_cpycat 93 data = goodG2B2Source(data); if(goodG2B2Global) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19224 68068/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_31.cpp Buffer_Overflow_cpycat 67 data = new wchar_t[10+1]; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19225 68068/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_31.cpp Buffer_Overflow_cpycat 43 data = new wchar_t[10]; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19226 68069/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_32.cpp Buffer_Overflow_cpycat 77 wchar_t * *dataPtr2 = &data; data = new wchar_t[10]; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19227 68069/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_32.cpp Buffer_Overflow_cpycat 48 wchar_t * *dataPtr2 = &data; data = new wchar_t[10+1]; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19228 68070/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_33.cpp Buffer_Overflow_cpycat 43 wchar_t * &dataRef = data; data = new wchar_t[10]; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19229 68070/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_33.cpp Buffer_Overflow_cpycat 67 wchar_t * &dataRef = data; data = new wchar_t[10+1]; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19230 68071/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_34.cpp Buffer_Overflow_cpycat 50 wchar_t * data; unionType myUnion; data = NULL; data = new wchar_t[10]; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19231 68071/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_34.cpp Buffer_Overflow_cpycat 75 wchar_t * data; unionType myUnion; data = NULL; data = new wchar_t[10+1]; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19232 68072/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_41.cpp Buffer_Overflow_cpycat 60 wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); data = new wchar_t[10+1]; goodG2BSink(data); void goodG2BSink(wchar_t * data) wcscpy(data, source); 0 --------------------------------- 19233 68072/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_41.cpp Buffer_Overflow_cpycat 36 wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); data = new wchar_t[10]; badSink(data); void badSink(wchar_t * data) wcscpy(data, source); 1 --------------------------------- 19234 68073/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_42.cpp Buffer_Overflow_cpycat 46 data = new wchar_t[10]; return data; data = badSource(data); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19235 68073/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_42.cpp Buffer_Overflow_cpycat 72 data = new wchar_t[10+1]; return data; data = goodG2BSource(data); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19236 68074/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_43.cpp Buffer_Overflow_cpycat 70 data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19237 68074/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_43.cpp Buffer_Overflow_cpycat 45 data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19238 68075/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_44.cpp Buffer_Overflow_cpycat 36 data = new wchar_t[10]; static void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19239 68075/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_44.cpp Buffer_Overflow_cpycat 64 data = new wchar_t[10+1]; static void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19240 68076/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_45.cpp Buffer_Overflow_cpycat 40 wchar_t * data = badData; data = new wchar_t[10]; badData = data; badSink(); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19241 68076/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_45.cpp Buffer_Overflow_cpycat 67 wchar_t * data = goodG2BData; data = new wchar_t[10+1]; goodG2BData = data; goodG2BSink(); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19242 68077/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_51.cpp Buffer_Overflow_cpycat 152 data = new wchar_t[10+1]; goodG2BSink(data); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(wchar_t * data) wcscpy(data, source); 0 --------------------------------- 19243 68077/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_51.cpp Buffer_Overflow_cpycat 136 data = new wchar_t[10]; void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19244 68078/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_52.cpp Buffer_Overflow_cpycat 210 data = new wchar_t[10+1]; goodG2BSink_c(data); void goodG2BSink_c(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19245 68078/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_52.cpp Buffer_Overflow_cpycat 194 data = new wchar_t[10]; void badSink_c(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19246 68079/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_53.cpp Buffer_Overflow_cpycat 268 data = new wchar_t[10+1]; void goodG2BSink_c(wchar_t * data) goodG2BSink_d(data); void goodG2BSink_d(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19247 68079/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_53.cpp Buffer_Overflow_cpycat 252 data = new wchar_t[10]; void badSink_d(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19248 68080/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_54.cpp Buffer_Overflow_cpycat 326 data = new wchar_t[10+1]; goodG2BSink_e(data); void goodG2BSink_e(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19249 68080/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_54.cpp Buffer_Overflow_cpycat 310 data = new wchar_t[10]; void badSink_e(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19250 68081/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_61.cpp Buffer_Overflow_cpycat 63 data = goodG2BSource(data); data = new wchar_t[10+1]; return data; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19251 68081/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_61.cpp Buffer_Overflow_cpycat 42 data = badSource(data); data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19252 68082/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_62.cpp Buffer_Overflow_cpycat 63 goodG2BSource(data); data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19253 68082/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_62.cpp Buffer_Overflow_cpycat 42 badSource(data); data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19254 68083/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_63.cpp Buffer_Overflow_cpycat 134 data = new wchar_t[10]; void badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19255 68083/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_63.cpp Buffer_Overflow_cpycat 151 data = new wchar_t[10+1]; goodG2BSink(&data); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcscpy(data, source); 0 --------------------------------- 19256 68084/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_64.cpp Buffer_Overflow_cpycat 137 data = new wchar_t[10]; void badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19257 68084/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_64.cpp Buffer_Overflow_cpycat 157 data = new wchar_t[10+1]; goodG2BSink(&data); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcscpy(data, source); 0 --------------------------------- 19258 68085/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_65.cpp Buffer_Overflow_cpycat 137 data = new wchar_t[10]; void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19259 68085/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_65.cpp Buffer_Overflow_cpycat 153 data = new wchar_t[10+1]; void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19260 68086/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_66.cpp Buffer_Overflow_cpycat 142 wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = new wchar_t[10]; dataArray[2] = data; void badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19261 68086/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_66.cpp Buffer_Overflow_cpycat 159 wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = new wchar_t[10+1]; dataArray[2] = data; goodG2BSink(dataArray); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcscpy(data, source); 0 --------------------------------- 19262 68087/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_67.cpp Buffer_Overflow_cpycat 148 wchar_t * data; structType myStruct; data = NULL; data = new wchar_t[10]; myStruct.structFirst = data; void badSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19263 68087/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_67.cpp Buffer_Overflow_cpycat 165 wchar_t * data; structType myStruct; data = NULL; data = new wchar_t[10+1]; myStruct.structFirst = data; goodG2BSink(myStruct); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(structType myStruct) wchar_t * data = myStruct.structFirst; wcscpy(data, source); 0 --------------------------------- 19264 68088/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_68.cpp Buffer_Overflow_cpycat 145 data = new wchar_t[10]; wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_68_badData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19265 68088/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_68.cpp Buffer_Overflow_cpycat 162 data = new wchar_t[10+1]; wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_68_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 19266 68089/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_72.cpp Buffer_Overflow_cpycat 153 wchar_t * data; vector dataVector; data = NULL; data = new wchar_t[10]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19267 68089/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_72.cpp Buffer_Overflow_cpycat 170 wchar_t * data; vector dataVector; data = NULL; data = new wchar_t[10+1]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wcscpy(data, source); 0 --------------------------------- 19268 68090/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_73.cpp Buffer_Overflow_cpycat 153 wchar_t * data; list dataList; data = NULL; data = new wchar_t[10]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19269 68090/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_73.cpp Buffer_Overflow_cpycat 170 wchar_t * data; list dataList; data = NULL; data = new wchar_t[10+1]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wcscpy(data, source); 0 --------------------------------- 19270 68091/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_74.cpp Buffer_Overflow_cpycat 153 wchar_t * data; map dataMap; data = NULL; data = new wchar_t[10]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 19271 68091/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_74.cpp Buffer_Overflow_cpycat 170 wchar_t * data; map dataMap; data = NULL; data = new wchar_t[10+1]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wcscpy(data, source); 0 --------------------------------- 19272 68144/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_01.cpp Buffer_Overflow_boundedcpy 62 data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19273 68144/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_01.cpp Buffer_Overflow_boundedcpy 41 data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19274 68145/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(1) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19275 68145/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(1) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19276 68145/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(0) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19277 68146/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(5==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19278 68146/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(5==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19279 68146/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(5!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19280 68147/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 99 data = NULL; if(STATIC_CONST_TRUE) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19281 68147/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 79 data = NULL; if(STATIC_CONST_FALSE) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19282 68147/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 50 data = NULL; if(STATIC_CONST_TRUE) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19283 68148/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 99 data = NULL; if(staticTrue) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19284 68148/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 79 data = NULL; if(staticFalse) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19285 68148/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 50 data = NULL; if(staticTrue) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19286 68149/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 78 data = NULL; if(STATIC_CONST_FIVE==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19287 68149/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 98 data = NULL; if(STATIC_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19288 68149/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 49 data = NULL; if(STATIC_CONST_FIVE==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19289 68150/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 78 data = NULL; if(staticFive==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19290 68150/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 98 data = NULL; if(staticFive!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19291 68150/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 49 data = NULL; if(staticFive==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19292 68151/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 86 data = NULL; if(staticReturnsTrue()) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19293 68151/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 106 data = NULL; if(staticReturnsFalse()) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19294 68151/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 57 data = NULL; if(staticReturnsTrue()) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19295 68152/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(GLOBAL_CONST_TRUE) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19296 68152/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(GLOBAL_CONST_TRUE) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19297 68152/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(GLOBAL_CONST_FALSE) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19298 68153/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(globalTrue) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19299 68153/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(globalTrue) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19300 68153/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(globalFalse) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19301 68154/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(globalReturnsTrue()) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19302 68154/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(globalReturnsTrue()) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19303 68154/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(globalReturnsFalse()) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19304 68155/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_12.cpp Buffer_Overflow_boundedcpy 79 if(globalReturnsTrueOrFalse()) data = new wchar_t[10+1]; else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19305 68155/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_12.cpp Buffer_Overflow_boundedcpy 49 if(globalReturnsTrueOrFalse()) data = new wchar_t[10]; else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19306 68156/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(GLOBAL_CONST_FIVE==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19307 68156/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(GLOBAL_CONST_FIVE==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19308 68156/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(GLOBAL_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19309 68157/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(globalFive==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19310 68157/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(globalFive==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19311 68157/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(globalFive!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19312 68158/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 80 data = NULL; switch(5) case 6: printLine("Benign, fixed string"); default: data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19313 68158/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 50 data = NULL; switch(6) case 6: data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19314 68158/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 106 data = NULL; switch(6) case 6: data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19315 68159/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_16.cpp Buffer_Overflow_boundedcpy 70 data = NULL; while(1) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19316 68159/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_16.cpp Buffer_Overflow_boundedcpy 45 data = NULL; while(1) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19317 68160/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_17.cpp Buffer_Overflow_boundedcpy 70 data = NULL; for(i = 0; i < 1; i++) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19318 68160/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_17.cpp Buffer_Overflow_boundedcpy 45 data = NULL; for(i = 0; i < 1; i++) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19319 68161/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_18.cpp Buffer_Overflow_boundedcpy 43 data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19320 68161/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_18.cpp Buffer_Overflow_boundedcpy 66 data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19321 68162/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 123 data = goodG2B2Source(data); if(goodG2B2Static) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); static wchar_t * goodG2B2Source(wchar_t * data) return data; data = goodG2B2Source(data); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19322 68162/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 54 data = badSource(data); if(badStatic) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19323 68162/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 95 data = goodG2B1Source(data); if(goodG2B1Static) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); static wchar_t * goodG2B1Source(wchar_t * data) return data; data = goodG2B1Source(data); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19324 68163/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 76 data = goodG2B1Source(data); if(goodG2B1Global) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19325 68163/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 96 data = goodG2B2Source(data); if(goodG2B2Global) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); wchar_t * goodG2B2Source(wchar_t * data) return data; data = goodG2B2Source(data); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19326 68163/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 47 data = badSource(data); if(badGlobal) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19327 68164/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_31.cpp Buffer_Overflow_boundedcpy 44 data = new wchar_t[10]; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19328 68164/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_31.cpp Buffer_Overflow_boundedcpy 69 data = new wchar_t[10+1]; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19329 68165/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_32.cpp Buffer_Overflow_boundedcpy 79 wchar_t * *dataPtr2 = &data; data = new wchar_t[10]; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19330 68165/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_32.cpp Buffer_Overflow_boundedcpy 49 wchar_t * *dataPtr2 = &data; data = new wchar_t[10+1]; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19331 68166/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 44 wchar_t * &dataRef = data; data = new wchar_t[10]; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19332 68166/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 69 wchar_t * &dataRef = data; data = new wchar_t[10+1]; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19333 68167/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_34.cpp Buffer_Overflow_boundedcpy 51 wchar_t * data; unionType myUnion; data = NULL; data = new wchar_t[10]; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19334 68167/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_34.cpp Buffer_Overflow_boundedcpy 77 wchar_t * data; unionType myUnion; data = NULL; data = new wchar_t[10+1]; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19335 68168/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_41.cpp Buffer_Overflow_boundedcpy 62 data = new wchar_t[10+1]; goodG2BSink(data); void goodG2BSink(wchar_t * data) memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19336 68168/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_41.cpp Buffer_Overflow_boundedcpy 37 data = new wchar_t[10]; badSink(data); void badSink(wchar_t * data) memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19337 68169/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_42.cpp Buffer_Overflow_boundedcpy 47 data = badSource(data); data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19338 68169/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_42.cpp Buffer_Overflow_boundedcpy 74 data = goodG2BSource(data); data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19339 68170/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 46 data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19340 68170/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 72 data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19341 68171/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_44.cpp Buffer_Overflow_boundedcpy 37 data = new wchar_t[10]; static void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19342 68171/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_44.cpp Buffer_Overflow_boundedcpy 66 data = new wchar_t[10+1]; static void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19343 68172/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_45.cpp Buffer_Overflow_boundedcpy 69 data = new wchar_t[10+1]; goodG2BData = data; goodG2BSink(); wchar_t * data = goodG2BData; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19344 68172/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_45.cpp Buffer_Overflow_boundedcpy 41 data = new wchar_t[10]; badData = data; badSink(); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19345 68173/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_51.cpp Buffer_Overflow_boundedcpy 154 data = new wchar_t[10+1]; goodG2BSink(data); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19346 68173/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_51.cpp Buffer_Overflow_boundedcpy 137 data = new wchar_t[10]; void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19347 68174/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_52.cpp Buffer_Overflow_boundedcpy 212 data = new wchar_t[10+1]; void goodG2BSink_c(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19348 68174/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_52.cpp Buffer_Overflow_boundedcpy 195 data = new wchar_t[10]; void badSink_c(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19349 68175/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_53.cpp Buffer_Overflow_boundedcpy 270 data = new wchar_t[10+1]; void goodG2BSink_d(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19350 68175/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_53.cpp Buffer_Overflow_boundedcpy 253 data = new wchar_t[10]; void badSink_d(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19351 68176/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_54.cpp Buffer_Overflow_boundedcpy 328 data = new wchar_t[10+1]; void goodG2BSink_e(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19352 68176/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_54.cpp Buffer_Overflow_boundedcpy 311 data = new wchar_t[10]; void badSink_e(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19353 68177/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_61.cpp Buffer_Overflow_boundedcpy 43 data = badSource(data); data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19354 68177/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_61.cpp Buffer_Overflow_boundedcpy 65 data = goodG2BSource(data); data = new wchar_t[10+1]; return data; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19355 68178/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 43 data = NULL; badSource(data); data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19356 68178/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 65 goodG2BSource(data); data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19357 68179/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_63.cpp Buffer_Overflow_boundedcpy 135 data = new wchar_t[10]; void badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19358 68179/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_63.cpp Buffer_Overflow_boundedcpy 153 data = new wchar_t[10+1]; goodG2BSink(&data); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19359 68180/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_64.cpp Buffer_Overflow_boundedcpy 159 data = new wchar_t[10+1]; goodG2BSink(&data); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19360 68180/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_64.cpp Buffer_Overflow_boundedcpy 138 data = new wchar_t[10]; void badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19361 68181/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_65.cpp Buffer_Overflow_boundedcpy 155 data = new wchar_t[10+1]; void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19362 68181/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_65.cpp Buffer_Overflow_boundedcpy 138 data = new wchar_t[10]; void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19363 68182/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_66.cpp Buffer_Overflow_boundedcpy 143 wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = new wchar_t[10]; dataArray[2] = data; void badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19364 68182/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_66.cpp Buffer_Overflow_boundedcpy 161 wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = new wchar_t[10+1]; dataArray[2] = data; goodG2BSink(dataArray); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19365 68183/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_67.cpp Buffer_Overflow_boundedcpy 149 wchar_t * data; structType myStruct; data = NULL; data = new wchar_t[10]; myStruct.structFirst = data; void badSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19366 68183/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_67.cpp Buffer_Overflow_boundedcpy 167 wchar_t * data; structType myStruct; data = NULL; data = new wchar_t[10]; myStruct.structFirst = data; myStruct.structFirst = data; goodG2BSink(myStruct); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19367 68184/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_68.cpp Buffer_Overflow_boundedcpy 164 data = new wchar_t[10]; wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_68_goodG2BData; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19368 68184/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_68.cpp Buffer_Overflow_boundedcpy 146 data = new wchar_t[10+1]; wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_68_badData; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19369 68185/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 172 vector dataVector; data = new wchar_t[10+1]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19370 68185/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 154 wchar_t * data; vector dataVector; data = NULL; data = new wchar_t[10]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19371 68186/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 172 list dataList; data = new wchar_t[10+1]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19372 68186/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 154 list dataList; data = new wchar_t[10]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19373 68187/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 172 wchar_t * data; map dataMap; data = NULL; data = new wchar_t[10+1]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19374 68187/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 154 wchar_t * data; map dataMap; data = NULL; data = new wchar_t[10]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; memcpy(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19375 68192/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_01.cpp Buffer_Overflow_boundedcpy 62 data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19376 68192/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_01.cpp Buffer_Overflow_boundedcpy 41 data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19377 68193/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_02.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(1) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19378 68193/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_02.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(1) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19379 68193/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_02.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(0) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19380 68194/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_03.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(5==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19381 68194/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_03.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(5==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19382 68194/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_03.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(5!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19383 68195/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_04.cpp Buffer_Overflow_boundedcpy 79 data = NULL; if(STATIC_CONST_FALSE) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19384 68195/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_04.cpp Buffer_Overflow_boundedcpy 50 data = NULL; if(STATIC_CONST_TRUE) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19385 68195/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_04.cpp Buffer_Overflow_boundedcpy 99 data = NULL; if(STATIC_CONST_TRUE) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19386 68196/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_05.cpp Buffer_Overflow_boundedcpy 79 data = NULL; if(staticFalse) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19387 68196/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_05.cpp Buffer_Overflow_boundedcpy 50 data = NULL; if(staticTrue) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19388 68196/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_05.cpp Buffer_Overflow_boundedcpy 99 data = NULL; if(staticTrue) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19389 68197/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_06.cpp Buffer_Overflow_boundedcpy 78 data = NULL; if(STATIC_CONST_FIVE==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19390 68197/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_06.cpp Buffer_Overflow_boundedcpy 49 data = NULL; if(STATIC_CONST_FIVE==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19391 68197/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_06.cpp Buffer_Overflow_boundedcpy 98 data = NULL; if(STATIC_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19392 68198/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_07.cpp Buffer_Overflow_boundedcpy 78 data = NULL; if(staticFive==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19393 68198/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_07.cpp Buffer_Overflow_boundedcpy 49 data = NULL; if(staticFive==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19394 68198/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_07.cpp Buffer_Overflow_boundedcpy 98 data = NULL; if(staticFive!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19395 68199/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_08.cpp Buffer_Overflow_boundedcpy 86 data = NULL; if(staticReturnsTrue()) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19396 68199/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_08.cpp Buffer_Overflow_boundedcpy 57 data = NULL; if(staticReturnsTrue()) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19397 68199/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_08.cpp Buffer_Overflow_boundedcpy 106 data = NULL; if(staticReturnsFalse()) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19398 68200/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_09.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(GLOBAL_CONST_TRUE) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19399 68200/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_09.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(GLOBAL_CONST_TRUE) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19400 68200/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_09.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(GLOBAL_CONST_FALSE) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19401 68201/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_10.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(globalTrue) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19402 68201/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_10.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(globalTrue) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19403 68201/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_10.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(globalFalse) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19404 68202/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_11.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(globalReturnsTrue()) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19405 68202/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_11.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(globalReturnsTrue()) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19406 68202/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_11.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(globalReturnsFalse()) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19407 68203/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_12.cpp Buffer_Overflow_boundedcpy 49 if(globalReturnsTrueOrFalse()) data = new wchar_t[10]; else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19408 68203/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_12.cpp Buffer_Overflow_boundedcpy 79 if(globalReturnsTrueOrFalse()) data = new wchar_t[10+1]; else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19409 68204/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_13.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(GLOBAL_CONST_FIVE==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19410 68204/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_13.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(GLOBAL_CONST_FIVE==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19411 68204/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_13.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(GLOBAL_CONST_FIVE!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19412 68205/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_14.cpp Buffer_Overflow_boundedcpy 73 data = NULL; if(globalFive==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19413 68205/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_14.cpp Buffer_Overflow_boundedcpy 44 data = NULL; if(globalFive==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19414 68205/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_14.cpp Buffer_Overflow_boundedcpy 93 data = NULL; if(globalFive!=5) printLine("Benign, fixed string"); else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19415 68206/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_15.cpp Buffer_Overflow_boundedcpy 50 data = NULL; switch(6) case 6: data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19416 68206/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_15.cpp Buffer_Overflow_boundedcpy 106 data = NULL; switch(5) case 6: printLine("Benign, fixed string"); default: data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19417 68206/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_15.cpp Buffer_Overflow_boundedcpy 80 data = NULL; switch(6) case 6: data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19418 68207/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_16.cpp Buffer_Overflow_boundedcpy 70 data = NULL; while(1) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19419 68207/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_16.cpp Buffer_Overflow_boundedcpy 45 data = NULL; while(1) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19420 68208/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_17.cpp Buffer_Overflow_boundedcpy 70 data = NULL; for(i = 0; i < 1; i++) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19421 68208/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_17.cpp Buffer_Overflow_boundedcpy 45 data = NULL; for(i = 0; i < 1; i++) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19422 68209/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_18.cpp Buffer_Overflow_boundedcpy 66 data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19423 68209/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_18.cpp Buffer_Overflow_boundedcpy 43 data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19424 68210/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_21.cpp Buffer_Overflow_boundedcpy 54 data = new wchar_t[10]; return data; data = NULL; data = badSource(data); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19425 68210/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_21.cpp Buffer_Overflow_boundedcpy 95 data = new wchar_t[10+1]; return data; data = NULL; data = goodG2B1Source(data); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19426 68210/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_21.cpp Buffer_Overflow_boundedcpy 123 data = new wchar_t[10+1]; return data; data = NULL; data = goodG2B2Source(data); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); static wchar_t * goodG2B2Source(wchar_t * data) return data; data = goodG2B2Source(data); memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19427 68211/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_22.cpp Buffer_Overflow_boundedcpy 76 data = goodG2B1Source(data); if(goodG2B1Global) printLine("Benign, fixed string"); else wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19428 68211/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_22.cpp Buffer_Overflow_boundedcpy 47 data = badSource(data); if(badGlobal) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19429 68211/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_22.cpp Buffer_Overflow_boundedcpy 96 data = goodG2B2Source(data); if(goodG2B2Global) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19430 68212/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_31.cpp Buffer_Overflow_boundedcpy 44 data = new wchar_t[10]; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19431 68212/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_31.cpp Buffer_Overflow_boundedcpy 69 data = new wchar_t[10+1]; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19432 68213/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_32.cpp Buffer_Overflow_boundedcpy 49 wchar_t * *dataPtr2 = &data; data = new wchar_t[10+1]; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19433 68213/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_32.cpp Buffer_Overflow_boundedcpy 79 wchar_t * *dataPtr2 = &data; data = new wchar_t[10]; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19434 68214/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 44 wchar_t * &dataRef = data; data = new wchar_t[10+1]; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19435 68214/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 69 wchar_t * &dataRef = data; data = new wchar_t[10]; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19436 68215/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_34.cpp Buffer_Overflow_boundedcpy 77 wchar_t * data; unionType myUnion; data = NULL; data = new wchar_t[10]; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19437 68215/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_34.cpp Buffer_Overflow_boundedcpy 51 wchar_t * data; unionType myUnion; data = NULL; data = new wchar_t[10+1]; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19438 68216/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_41.cpp Buffer_Overflow_boundedcpy 62 data = new wchar_t[10+1]; goodG2BSink(data); void goodG2BSink(wchar_t * data) memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19439 68216/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_41.cpp Buffer_Overflow_boundedcpy 37 data = new wchar_t[10]; badSink(data); void badSink(wchar_t * data) memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19440 68217/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_42.cpp Buffer_Overflow_boundedcpy 47 data = new wchar_t[10]; data = badSource(data); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 19441 68217/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_42.cpp Buffer_Overflow_boundedcpy 74 data = new wchar_t[10+1]; return data; data = goodG2BSource(data); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 19442 68627/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_04.cpp Buffer_Overflow_boundedcpy 88 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19443 68627/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_04.cpp Buffer_Overflow_boundedcpy 51 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19444 68628/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_05.cpp Buffer_Overflow_boundedcpy 88 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19445 68628/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_05.cpp Buffer_Overflow_boundedcpy 51 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19446 68629/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_06.cpp Buffer_Overflow_boundedcpy 50 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19447 68629/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_06.cpp Buffer_Overflow_boundedcpy 87 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19448 68630/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_07.cpp Buffer_Overflow_boundedcpy 50 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19449 68630/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_07.cpp Buffer_Overflow_boundedcpy 87 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19450 68631/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_08.cpp Buffer_Overflow_boundedcpy 58 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19451 68631/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_08.cpp Buffer_Overflow_boundedcpy 95 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19452 68632/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_09.cpp Buffer_Overflow_boundedcpy 82 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19453 68632/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_09.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19454 68633/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_10.cpp Buffer_Overflow_boundedcpy 82 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19455 68633/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_10.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19456 68634/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_11.cpp Buffer_Overflow_boundedcpy 82 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19457 68634/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_11.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19458 68635/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_12.cpp Buffer_Overflow_boundedcpy 50 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19459 68635/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_12.cpp Buffer_Overflow_boundedcpy 88 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19460 68636/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_13.cpp Buffer_Overflow_boundedcpy 82 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19461 68636/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_13.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19462 68637/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_14.cpp Buffer_Overflow_boundedcpy 82 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19463 68637/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_14.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19464 68638/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_15.cpp Buffer_Overflow_boundedcpy 51 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19465 68638/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_15.cpp Buffer_Overflow_boundedcpy 89 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19466 68639/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_16.cpp Buffer_Overflow_boundedcpy 46 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19467 68639/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_16.cpp Buffer_Overflow_boundedcpy 79 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19468 68640/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_17.cpp Buffer_Overflow_boundedcpy 46 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19469 68640/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_17.cpp Buffer_Overflow_boundedcpy 79 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19470 68641/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_18.cpp Buffer_Overflow_boundedcpy 75 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19471 68641/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_18.cpp Buffer_Overflow_boundedcpy 44 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19472 68642/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_21.cpp Buffer_Overflow_boundedcpy 104 data = NULL; data = goodG2B1Source(data); static TwoIntsClass * goodG2B1Source(TwoIntsClass * data) data = new TwoIntsClass[100]; return data; data = goodG2B1Source(data); TwoIntsClass source[100]; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19473 68642/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_21.cpp Buffer_Overflow_boundedcpy 55 data = NULL; data = badSource(data); static TwoIntsClass * badSource(TwoIntsClass * data) data = new TwoIntsClass[50]; return data; data = badSource(data); TwoIntsClass source[100]; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19474 68643/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_22.cpp Buffer_Overflow_boundedcpy 85 data = NULL; data = goodG2B1Source(data); TwoIntsClass * goodG2B1Source(TwoIntsClass * data) data = new TwoIntsClass[100]; return data; data = goodG2B1Source(data); TwoIntsClass source[100]; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19475 68643/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_22.cpp Buffer_Overflow_boundedcpy 48 data = NULL; data = badSource(data); TwoIntsClass * badSource(TwoIntsClass * data) data = new TwoIntsClass[50]; return data; data = badSource(data); TwoIntsClass source[100]; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19476 68644/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_31.cpp Buffer_Overflow_boundedcpy 45 data = new TwoIntsClass[50]; TwoIntsClass * dataCopy = data; TwoIntsClass * data = dataCopy; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19477 68644/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_31.cpp Buffer_Overflow_boundedcpy 78 data = new TwoIntsClass[100]; TwoIntsClass * dataCopy = data; TwoIntsClass * data = dataCopy; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19478 68645/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_32.cpp Buffer_Overflow_boundedcpy 50 data = new TwoIntsClass[50]; TwoIntsClass * *dataPtr2 = &data; TwoIntsClass * data = *dataPtr2; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19479 68645/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_32.cpp Buffer_Overflow_boundedcpy 88 ata = new TwoIntsClass[100]; TwoIntsClass * *dataPtr2 = &data; TwoIntsClass * data = *dataPtr2; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19480 68646/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_33.cpp Buffer_Overflow_boundedcpy 45 ata = new TwoIntsClass[50]; TwoIntsClass * &dataRef = data; TwoIntsClass * data = dataRef; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19481 68646/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_33.cpp Buffer_Overflow_boundedcpy 78 ata = new TwoIntsClass[100]; TwoIntsClass * &dataRef = data; TwoIntsClass * data = dataRef; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19482 68647/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_34.cpp Buffer_Overflow_boundedcpy 86 unionType myUnion; data = NULL; data = new TwoIntsClass[100]; myUnion.unionFirst = data; TwoIntsClass * data = myUnion.unionSecond; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19483 68647/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_34.cpp Buffer_Overflow_boundedcpy 52 unionType myUnion; data = NULL; data = new TwoIntsClass[50]; myUnion.unionFirst = data; TwoIntsClass * data = myUnion.unionSecond; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19484 68648/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_41.cpp Buffer_Overflow_boundedcpy 38 data = NULL; data = new TwoIntsClass[50]; badSink(data); void badSink(TwoIntsClass * data) TwoIntsClass source[100]; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19485 68648/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_41.cpp Buffer_Overflow_boundedcpy 71 data = NULL; data = new TwoIntsClass[100]; goodG2BSink(data); void goodG2BSink(TwoIntsClass * data) TwoIntsClass source[100]; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19486 68649/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_42.cpp Buffer_Overflow_boundedcpy 48 data = NULL; data = badSource(data); data = new TwoIntsClass[50]; return data; data = badSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19487 68649/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_42.cpp Buffer_Overflow_boundedcpy 83 data = NULL; data = goodG2BSource(data); data = new TwoIntsClass[100]; return data; data = goodG2BSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19488 68650/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_43.cpp Buffer_Overflow_boundedcpy 81 data = NULL; goodG2BSource(data); static void goodG2BSource(TwoIntsClass * &data) data = new TwoIntsClass[50]; goodG2BSource(data); TwoIntsClass source[100]; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19489 68650/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_43.cpp Buffer_Overflow_boundedcpy 47 data = NULL; badSource(data); void badSource(TwoIntsClass * &data) data = new TwoIntsClass[50]; badSource(data); TwoIntsClass source[100]; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19490 68651/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_44.cpp Buffer_Overflow_boundedcpy 75 void (*funcPtr) (TwoIntsClass *) = goodG2BSink; data = NULL; data = new TwoIntsClass[100]; funcPtr(data); static void goodG2BSink(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19491 68651/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_44.cpp Buffer_Overflow_boundedcpy 38 void (*funcPtr) (TwoIntsClass *) = badSink; data = NULL; data = new TwoIntsClass[50]; funcPtr(data); static void badSink(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19492 68652/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_45.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new TwoIntsClass[50]; badData = data; badSink(); static void badSink() TwoIntsClass * data = badData; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19493 68652/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_45.cpp Buffer_Overflow_boundedcpy 78 data = NULL; data = new TwoIntsClass[100]; goodG2BData = data; goodG2BSink(); static void goodG2BSink() TwoIntsClass * data = badData; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19494 68653/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_51.cpp Buffer_Overflow_boundedcpy 131 data = NULL; data = new TwoIntsClass[50]; badSink(data); void badSink(TwoIntsClass * data) TwoIntsClass source[100]; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19495 68653/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_51.cpp Buffer_Overflow_boundedcpy 156 data = NULL; data = new TwoIntsClass[100]; goodG2BSink(data); void goodG2BSink(TwoIntsClass * data) TwoIntsClass source[100]; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19496 68654/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_52.cpp Buffer_Overflow_boundedcpy 182 data = NULL; data = new TwoIntsClass[50]; badSink_b(data); void badSink_c(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19497 68654/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_52.cpp Buffer_Overflow_boundedcpy 207 data = NULL; data = new TwoIntsClass[100]; goodG2BSink_b(data); void goodG2BSink_c(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19498 68655/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_53.cpp Buffer_Overflow_boundedcpy 258 data = NULL; data = new TwoIntsClass[100]; goodG2BSink_b(data); void goodG2BSink_d(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19499 68655/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_53.cpp Buffer_Overflow_boundedcpy 233 data = NULL; data = new TwoIntsClass[50]; badSink_b(data); void badSink_d(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19500 68656/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_54.cpp Buffer_Overflow_boundedcpy 309 data = NULL; data = new TwoIntsClass[100]; goodG2BSink_b(data); void goodG2BSink_e(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19501 68656/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_54.cpp Buffer_Overflow_boundedcpy 284 data = NULL; data = new TwoIntsClass[50]; badSink_b(data); void badSink_e(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19502 68657/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_61.cpp Buffer_Overflow_boundedcpy 74 data = NULL; data = goodG2BSource(data); TwoIntsClass * goodG2BSource(TwoIntsClass * data) data = new TwoIntsClass[100]; return data; data = goodG2BSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19503 68657/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_61.cpp Buffer_Overflow_boundedcpy 44 data = NULL; data = badSource(data); TwoIntsClass * badSource(TwoIntsClass * data) data = new TwoIntsClass[50]; return data; data = badSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19504 68658/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_62.cpp Buffer_Overflow_boundedcpy 74 data = NULL; goodG2BSource(data); void goodG2BSource(TwoIntsClass * &data) data = new TwoIntsClass[100]; goodG2BSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19505 68658/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_62.cpp Buffer_Overflow_boundedcpy 44 data = NULL; badSource(data); void badSource(TwoIntsClass * &data); data = new TwoIntsClass[50]; badSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19506 68659/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_63.cpp Buffer_Overflow_boundedcpy 155 data = NULL; data = new TwoIntsClass[100]; goodG2BSink(&data); void goodG2BSink(TwoIntsClass * * dataPtr) TwoIntsClass * data = *dataPtr; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19507 68659/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_63.cpp Buffer_Overflow_boundedcpy 129 data = NULL; data = new TwoIntsClass[50]; badSink(&data); void badSink(TwoIntsClass * * dataPtr) TwoIntsClass * data = *dataPtr; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19508 68660/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_64.cpp Buffer_Overflow_boundedcpy 161 data = NULL; data = new TwoIntsClass[100]; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) TwoIntsClass * * dataPtr = (TwoIntsClass * *)dataVoidPtr; TwoIntsClass * data = (*dataPtr); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19509 68660/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_64.cpp Buffer_Overflow_boundedcpy 132 data = NULL; data = new TwoIntsClass[50]; badSink(&data); void badSink(void * dataVoidPtr) TwoIntsClass * * dataPtr = (TwoIntsClass * *)dataVoidPtr; TwoIntsClass * data = (*dataPtr); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19510 68661/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_65.cpp Buffer_Overflow_boundedcpy 157 void (*funcPtr) (TwoIntsClass *) = goodG2BSink; data = NULL; data = new TwoIntsClass[100]; funcPtr(data); void goodG2BSink(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19511 68661/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_65.cpp Buffer_Overflow_boundedcpy 132 void (*funcPtr) (TwoIntsClass *) = badSink; data = NULL; data = new TwoIntsClass[50]; funcPtr(data); void badSink(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19512 68662/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_66.cpp Buffer_Overflow_boundedcpy 163 TwoIntsClass * dataArray[5]; data = NULL; data = new TwoIntsClass[100]; dataArray[2] = data; goodG2BSink(dataArray); goodG2BSink(dataArray); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19513 68662/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_66.cpp Buffer_Overflow_boundedcpy 137 TwoIntsClass * dataArray[5]; data = NULL; data = new TwoIntsClass[50]; dataArray[2] = data; badSink(dataArray); void badSink(TwoIntsClass * dataArray[]) TwoIntsClass * data = dataArray[2]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19514 68663/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_67.cpp Buffer_Overflow_boundedcpy 169 structType myStruct; data = NULL; data = new TwoIntsClass[100]; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19515 68663/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_67.cpp Buffer_Overflow_boundedcpy 143 structType myStruct; data = NULL; data = new TwoIntsClass[50]; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) TwoIntsClass * data = myStruct.structFirst; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19516 68664/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_68.cpp Buffer_Overflow_boundedcpy 166 data = NULL; data = new TwoIntsClass[100]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_68_goodG2BData = data; goodG2BSink(); void goodG2BSink(); TwoIntsClass * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_68_goodG2BData; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19517 68664/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_68.cpp Buffer_Overflow_boundedcpy 140 data = NULL; data = new TwoIntsClass[50]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_68_badData = data; badSink(); void badSink(); TwoIntsClass * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_68_badData; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19518 68665/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_72.cpp Buffer_Overflow_boundedcpy 174 vector dataVector; data = new TwoIntsClass[100]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector); TwoIntsClass * data = dataVector[2]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19519 68665/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_72.cpp Buffer_Overflow_boundedcpy 148 vector dataVector; data = NULL; data = new TwoIntsClass[50]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) TwoIntsClass * data = dataVector[2]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19520 68666/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_73.cpp Buffer_Overflow_boundedcpy 174 list dataList; data = new TwoIntsClass[100]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); void goodG2BSink(list dataList) TwoIntsClass * data = dataList.back(); memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19521 68666/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_73.cpp Buffer_Overflow_boundedcpy 148 list dataList; data = NULL; data = new TwoIntsClass[50]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) TwoIntsClass * data = dataList.back(); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19522 68667/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_74.cpp Buffer_Overflow_boundedcpy 174 map dataMap; data = NULL; data = new TwoIntsClass[100]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) TwoIntsClass * data = dataMap[2]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19523 68667/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_74.cpp Buffer_Overflow_boundedcpy 148 map dataMap; data = NULL; data = new TwoIntsClass[50]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) TwoIntsClass * data = dataMap[2]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19524 68672/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_01.cpp Buffer_Overflow_boundedcpy 71 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19525 68672/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_01.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19526 68673/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_02.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19527 68673/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_02.cpp Buffer_Overflow_boundedcpy 82 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19528 68674/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_03.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19529 68674/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_03.cpp Buffer_Overflow_boundedcpy 82 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19530 68675/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_04.cpp Buffer_Overflow_boundedcpy 51 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19531 68675/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_04.cpp Buffer_Overflow_boundedcpy 88 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19532 68676/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_05.cpp Buffer_Overflow_boundedcpy 51 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19533 68676/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_05.cpp Buffer_Overflow_boundedcpy 88 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19534 68677/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_06.cpp Buffer_Overflow_boundedcpy 87 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19535 68677/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_06.cpp Buffer_Overflow_boundedcpy 50 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19536 68678/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_07.cpp Buffer_Overflow_boundedcpy 87 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19537 68678/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_07.cpp Buffer_Overflow_boundedcpy 50 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19538 68679/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_08.cpp Buffer_Overflow_boundedcpy 95 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19539 68679/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_08.cpp Buffer_Overflow_boundedcpy 58 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19540 68680/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_09.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19541 68680/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_09.cpp Buffer_Overflow_boundedcpy 82 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19542 68681/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_10.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19543 68681/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_10.cpp Buffer_Overflow_boundedcpy 82 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19544 68682/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_11.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19545 68682/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_11.cpp Buffer_Overflow_boundedcpy 82 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19546 68683/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_12.cpp Buffer_Overflow_boundedcpy 88 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19547 68683/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_12.cpp Buffer_Overflow_boundedcpy 50 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19548 68684/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_13.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19549 68684/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_13.cpp Buffer_Overflow_boundedcpy 82 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19550 68685/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_14.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19551 68685/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_14.cpp Buffer_Overflow_boundedcpy 82 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19552 68686/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_15.cpp Buffer_Overflow_boundedcpy 51 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19553 68686/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_15.cpp Buffer_Overflow_boundedcpy 89 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19554 68687/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_16.cpp Buffer_Overflow_boundedcpy 46 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19555 68687/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_16.cpp Buffer_Overflow_boundedcpy 79 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19556 68688/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_17.cpp Buffer_Overflow_boundedcpy 46 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19557 68688/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_17.cpp Buffer_Overflow_boundedcpy 79 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19558 68689/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_18.cpp Buffer_Overflow_boundedcpy 44 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19559 68689/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_18.cpp Buffer_Overflow_boundedcpy 75 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19560 68690/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_21.cpp Buffer_Overflow_boundedcpy 104 data = NULL; data = goodG2B1Source(data); static TwoIntsClass * goodG2B1Source(TwoIntsClass * data) data = new TwoIntsClass[100]; return data; data = goodG2B1Source(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19561 68690/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_21.cpp Buffer_Overflow_boundedcpy 55 data = NULL; data = badSource(data); static TwoIntsClass * badSource(TwoIntsClass * data) data = new TwoIntsClass[50]; return data; data = badSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19562 68691/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_22.cpp Buffer_Overflow_boundedcpy 85 data = NULL; data = goodG2B1Source(data); TwoIntsClass * goodG2B1Source(TwoIntsClass * data) data = new TwoIntsClass[100]; return data; data = goodG2B1Source(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19563 68691/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_22.cpp Buffer_Overflow_boundedcpy 48 data = NULL; data = badSource(data); TwoIntsClass * badSource(TwoIntsClass * data) data = new TwoIntsClass[50]; return data; data = badSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19564 68692/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_31.cpp Buffer_Overflow_boundedcpy 78 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass * dataCopy = data; TwoIntsClass * data = dataCopy; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19565 68692/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_31.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass * dataCopy = data; TwoIntsClass * data = dataCopy; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19566 68693/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_32.cpp Buffer_Overflow_boundedcpy 88 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass * *dataPtr2 = &data; TwoIntsClass * data = *dataPtr2; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19567 68693/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_32.cpp Buffer_Overflow_boundedcpy 50 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass * *dataPtr2 = &data; TwoIntsClass * data = *dataPtr2; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19568 68694/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_33.cpp Buffer_Overflow_boundedcpy 78 data = NULL; data = new TwoIntsClass[100]; TwoIntsClass * &dataRef = data; TwoIntsClass * data = dataRef; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19569 68694/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_33.cpp Buffer_Overflow_boundedcpy 45 data = NULL; data = new TwoIntsClass[50]; TwoIntsClass * &dataRef = data; TwoIntsClass * data = dataRef; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19570 68695/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_34.cpp Buffer_Overflow_boundedcpy 52 unionType myUnion; data = NULL; data = new TwoIntsClass[50]; TwoIntsClass * data = myUnion.unionSecond; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19571 68695/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_34.cpp Buffer_Overflow_boundedcpy 86 unionType myUnion; data = NULL; data = new TwoIntsClass[100]; TwoIntsClass * data = myUnion.unionSecond; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19572 68696/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_41.cpp Buffer_Overflow_boundedcpy 38 data = NULL; data = new TwoIntsClass[50]; badSink(data); void badSink(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19573 68696/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_41.cpp Buffer_Overflow_boundedcpy 71 data = NULL; data = new TwoIntsClass[100]; goodG2BSink(data); void goodG2BSink(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19574 68697/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_42.cpp Buffer_Overflow_boundedcpy 83 data = NULL; data = goodG2BSource(data); static TwoIntsClass * goodG2BSource(TwoIntsClass * data) data = new TwoIntsClass[100]; return data; data = goodG2BSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19575 68697/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_42.cpp Buffer_Overflow_boundedcpy 48 data = NULL; data = badSource(data); static TwoIntsClass * badSource(TwoIntsClass * data) data = new TwoIntsClass[50]; return data; data = badSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19576 68698/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_43.cpp Buffer_Overflow_boundedcpy 47 data = NULL; data = badSource(data); static TwoIntsClass * badSource(TwoIntsClass * data) data = new TwoIntsClass[50]; return data; data = badSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19577 68698/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_43.cpp Buffer_Overflow_boundedcpy 81 data = NULL; data = goodG2BSource(data); static TwoIntsClass * goodG2BSource(TwoIntsClass * data) data = new TwoIntsClass[100]; return data; data = goodG2BSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19578 68699/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_44.cpp Buffer_Overflow_boundedcpy 75 void (*funcPtr) (TwoIntsClass *) = goodG2BSink; data = NULL; data = new TwoIntsClass[100]; funcPtr(data); static void goodG2BSink(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19579 68699/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_44.cpp Buffer_Overflow_boundedcpy 38 void (*funcPtr) (TwoIntsClass *) = badSink; data = NULL; data = new TwoIntsClass[50]; funcPtr(data); static void badSink(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19580 68700/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_45.cpp Buffer_Overflow_boundedcpy 78 data = new TwoIntsClass[100]; goodG2BData = data; goodG2BSink(); static void goodG2BSink() TwoIntsClass * data = goodG2BData; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19581 68700/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_45.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new TwoIntsClass[50]; badData = data; badSink(); static void badSink() TwoIntsClass * data = badData; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19582 68701/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_51.cpp Buffer_Overflow_boundedcpy 156 data = NULL; data = new TwoIntsClass[100]; goodG2BSink(data); void goodG2BSink(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19583 68701/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_51.cpp Buffer_Overflow_boundedcpy 131 data = NULL; data = new TwoIntsClass[50]; badSink(data); void badSink(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19584 68702/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_52.cpp Buffer_Overflow_boundedcpy 182 data = NULL; data = new TwoIntsClass[50]; badSink_b(data); void badSink_c(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19585 68702/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_52.cpp Buffer_Overflow_boundedcpy 207 data = NULL; data = new TwoIntsClass[100]; goodG2BSink_b(data); void goodG2BSink_c(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19586 68703/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_53.cpp Buffer_Overflow_boundedcpy 258 data = NULL; data = new TwoIntsClass[100]; goodG2BSink_b(data); void goodG2BSink_d(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19587 68703/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_53.cpp Buffer_Overflow_boundedcpy 233 data = NULL; data = new TwoIntsClass[50]; badSink_b(data); void badSink_d(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19588 68704/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_54.cpp Buffer_Overflow_boundedcpy 284 data = NULL; data = new TwoIntsClass[50]; badSink_b(data); void badSink_e(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19589 68704/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_54.cpp Buffer_Overflow_boundedcpy 309 data = NULL; data = new TwoIntsClass[100]; goodG2BSink_b(data); void goodG2BSink_e(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19590 68705/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_61.cpp Buffer_Overflow_boundedcpy 44 data = NULL; data = badSource(data); TwoIntsClass * badSource(TwoIntsClass * data) data = new TwoIntsClass[50]; return data; data = badSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19591 68705/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_61.cpp Buffer_Overflow_boundedcpy 74 data = NULL; data = goodG2BSource(data); TwoIntsClass * goodG2BSource(TwoIntsClass * data) data = new TwoIntsClass[100]; return data; data = goodG2BSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19592 68706/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_62.cpp Buffer_Overflow_boundedcpy 44 data = NULL; badSource(data); void badSource(TwoIntsClass * &data); data = new TwoIntsClass[50]; badSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19593 68706/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_62.cpp Buffer_Overflow_boundedcpy 74 data = NULL; goodG2BSource(data); void goodG2BSource(TwoIntsClass * &data); data = new TwoIntsClass[50]; goodG2BSource(data); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19594 68707/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_63.cpp Buffer_Overflow_boundedcpy 155 data = new TwoIntsClass[100]; goodG2BSink(&data); void goodG2BSink(TwoIntsClass * * dataPtr) TwoIntsClass * data = *dataPtr; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19595 68707/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_63.cpp Buffer_Overflow_boundedcpy 129 data = new TwoIntsClass[50]; badSink(&data); void badSink(TwoIntsClass * * dataPtr) TwoIntsClass * data = *dataPtr; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19596 68708/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_64.cpp Buffer_Overflow_boundedcpy 132 data = NULL; data = new TwoIntsClass[50]; badSink(&data); void badSink(void * dataVoidPtr) TwoIntsClass * * dataPtr = (TwoIntsClass * *)dataVoidPtr; TwoIntsClass * data = (*dataPtr); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19597 68708/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_64.cpp Buffer_Overflow_boundedcpy 161 data = NULL; data = new TwoIntsClass[100]; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) TwoIntsClass * * dataPtr = (TwoIntsClass * *)dataVoidPtr; TwoIntsClass * data = (*dataPtr); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19598 68709/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_65.cpp Buffer_Overflow_boundedcpy 132 void (*funcPtr) (TwoIntsClass *) = badSink; data = NULL; data = new TwoIntsClass[50]; funcPtr(data); void badSink(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19599 68709/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_65.cpp Buffer_Overflow_boundedcpy 157 void (*funcPtr) (TwoIntsClass *) = goodG2BSink; data = NULL; data = new TwoIntsClass[100]; funcPtr(data); void goodG2BSink(TwoIntsClass * data) TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19600 68710/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_66.cpp Buffer_Overflow_boundedcpy 163 TwoIntsClass * dataArray[5]; data = NULL; data = new TwoIntsClass[100]; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(TwoIntsClass * dataArray[]) TwoIntsClass * data = dataArray[2]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19601 68710/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_66.cpp Buffer_Overflow_boundedcpy 137 TwoIntsClass * dataArray[5]; data = NULL; data = new TwoIntsClass[50]; dataArray[2] = data; badSink(dataArray); void badSink(TwoIntsClass * dataArray[]) TwoIntsClass * data = dataArray[2]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19602 68711/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_67.cpp Buffer_Overflow_boundedcpy 143 structType myStruct; data = NULL; data = new TwoIntsClass[50]; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) TwoIntsClass * data = myStruct.structFirst; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19603 68711/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_67.cpp Buffer_Overflow_boundedcpy 169 structType myStruct; data = NULL; data = new TwoIntsClass[100]; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) TwoIntsClass * data = myStruct.structFirst; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19604 68712/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_68.cpp Buffer_Overflow_boundedcpy 140 data = NULL; data = new TwoIntsClass[50]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_68_badData = data; badSink(); void badSink() TwoIntsClass * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_68_badData; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19605 68712/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_68.cpp Buffer_Overflow_boundedcpy 166 data = NULL; data = new TwoIntsClass[100]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() TwoIntsClass * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_68_goodG2BData; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19606 68713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_72.cpp Buffer_Overflow_boundedcpy 148 vector dataVector; data = NULL; data = new TwoIntsClass[50]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) TwoIntsClass * data = dataVector[2]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19607 68713/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_72.cpp Buffer_Overflow_boundedcpy 174 vector dataVector; data = new TwoIntsClass[100]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) TwoIntsClass * data = dataVector[2]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19608 68714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_73.cpp Buffer_Overflow_boundedcpy 148 list dataList; data = NULL; data = new TwoIntsClass[50]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) TwoIntsClass * data = dataList.back(); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19609 68714/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_73.cpp Buffer_Overflow_boundedcpy 174 list dataList; data = NULL; data = new TwoIntsClass[100]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) TwoIntsClass * data = dataList.back(); TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19610 68715/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_74.cpp Buffer_Overflow_boundedcpy 148 map dataMap; data = NULL; data = new TwoIntsClass[50]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) TwoIntsClass * data = dataMap[2]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 19611 68715/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memmove_74.cpp Buffer_Overflow_boundedcpy 174 map dataMap; data = NULL; data = new TwoIntsClass[100]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) TwoIntsClass * data = dataMap[2]; TwoIntsClass source[100]; source[i].intOne = 0; source[i].intTwo = 0; memmove(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 19612 68768/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_01.cpp Buffer_Overflow_boundedcpy 53 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19613 68768/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_01.cpp Buffer_Overflow_boundedcpy 33 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19614 68769/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19615 68769/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19616 68770/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19617 68770/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19618 68771/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 70 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19619 68771/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 42 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19620 68772/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 70 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19621 68772/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 42 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19622 68773/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 69 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19623 68773/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 41 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19624 68774/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 88 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19625 68774/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 41 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19626 68775/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 77 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19627 68775/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 49 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19628 68776/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19629 68776/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19630 68777/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19631 68777/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19632 68778/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19633 68778/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19634 68779/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_12.cpp Buffer_Overflow_boundedcpy 70 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19635 68779/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_12.cpp Buffer_Overflow_boundedcpy 41 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19636 68780/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19637 68780/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19638 68781/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19639 68781/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19640 68782/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 71 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19641 68782/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 42 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19642 68783/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_16.cpp Buffer_Overflow_boundedcpy 37 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19643 68783/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_16.cpp Buffer_Overflow_boundedcpy 61 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19644 68784/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_17.cpp Buffer_Overflow_boundedcpy 37 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19645 68784/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_17.cpp Buffer_Overflow_boundedcpy 61 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19646 68785/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_18.cpp Buffer_Overflow_boundedcpy 35 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19647 68785/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_18.cpp Buffer_Overflow_boundedcpy 57 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19648 68786/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 46 data = NULL; badStatic = 1; data = badSource(data); static int64_t * badSource(int64_t * data) data = new int64_t[50]; return data; data = badSource(data); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19649 68786/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 86 data = NULL; data = goodG2B1Source(data); static int64_t * goodG2B1Source(int64_t * data) data = new int64_t[100]; return data; data = goodG2B1Source(data); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19650 68787/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 39 data = NULL; badGlobal = 1; data = badSource(data); int64_t * badSource(int64_t * data) data = new int64_t[50]; return data; data = badSource(data); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19651 68787/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 67 data = NULL; goodG2B1Global = 0; data = goodG2B1Source(data); int64_t * goodG2B1Source(int64_t * data) data = new int64_t[50]; return data; data = goodG2B1Source(data); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19652 68788/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_31.cpp Buffer_Overflow_boundedcpy 60 data = NULL; data = new int64_t[100]; int64_t * dataCopy = data; int64_t * data = dataCopy; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19653 68788/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_31.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int64_t[50]; int64_t * dataCopy = data; int64_t * data = dataCopy; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19654 68789/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_32.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new int64_t[100]; int64_t * *dataPtr2 = &data; int64_t * data = *dataPtr2; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19655 68789/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_32.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new int64_t[50]; int64_t * *dataPtr2 = &data; int64_t * data = *dataPtr2; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19656 68790/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 60 data = NULL; data = new int64_t[100]; int64_t * &dataRef = data; int64_t * data = dataRef; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19657 68790/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int64_t[50]; int64_t * &dataRef = data; int64_t * data = dataRef; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19658 68791/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_34.cpp Buffer_Overflow_boundedcpy 43 unionType myUnion; data = NULL; data = new int64_t[50]; myUnion.unionFirst = data; int64_t * data = myUnion.unionSecond; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19659 68791/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_34.cpp Buffer_Overflow_boundedcpy 68 unionType myUnion; data = NULL; data = new int64_t[100]; myUnion.unionFirst = data; int64_t * data = myUnion.unionSecond; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19660 68792/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_41.cpp Buffer_Overflow_boundedcpy 53 data = NULL; data = new int64_t[100]; goodG2BSink(data); void goodG2BSink(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19661 68792/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_41.cpp Buffer_Overflow_boundedcpy 29 data = NULL; data = new int64_t[50]; badSink(data); void badSink(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19662 68793/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_42.cpp Buffer_Overflow_boundedcpy 39 data = NULL; data = badSource(data); static int64_t * badSource(int64_t * data) data = badSource(data); data = new int64_t[50]; return data; data = badSource(data); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19663 68793/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_42.cpp Buffer_Overflow_boundedcpy 65 data = NULL; data = goodG2BSource(data); static int64_t * goodG2BSource(int64_t * data) data = goodG2BSource(data); data = new int64_t[50]; return data; data = goodG2BSource(data); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19664 68794/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 63 data = NULL; goodG2BSource(data); void goodG2BSource(int64_t * &data) data = new int64_t[100]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19665 68794/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 38 data = NULL; badSource(data); void badSource(int64_t * &data) data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19666 68795/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_44.cpp Buffer_Overflow_boundedcpy 29 void (*funcPtr) (int64_t *) = badSink; data = NULL; data = new int64_t[50]; funcPtr(data); static void badSink(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19667 68795/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_44.cpp Buffer_Overflow_boundedcpy 57 void (*funcPtr) (int64_t *) = goodG2BSink; data = NULL; data = new int64_t[100]; funcPtr(data); static void goodG2BSink(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19668 68796/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_45.cpp Buffer_Overflow_boundedcpy 60 data = NULL; data = new int64_t[100]; goodG2BData = data; goodG2BSink(); static void goodG2BSink() int64_t * data = goodG2BData; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19669 68796/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_45.cpp Buffer_Overflow_boundedcpy 33 data = NULL; data = new int64_t[50]; badData = data; badSink(); int64_t * data = badData; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19670 68797/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_51.cpp Buffer_Overflow_boundedcpy 122 data = NULL; data = new int64_t[50]; badSink(data); void badSink(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19671 68797/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_51.cpp Buffer_Overflow_boundedcpy 138 data = NULL; data = new int64_t[100]; goodG2BSink(data); void goodG2BSink(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19672 68798/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_52.cpp Buffer_Overflow_boundedcpy 173 data = NULL; data = new int64_t[50]; badSink_b(data); void badSink_c(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19673 68798/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_52.cpp Buffer_Overflow_boundedcpy 189 data = NULL; data = new int64_t[100]; goodG2BSink_b(data); void goodG2BSink_c(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19674 68799/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_53.cpp Buffer_Overflow_boundedcpy 224 data = NULL; data = new int64_t[50]; badSink_b(data); void badSink_d(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19675 68799/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_53.cpp Buffer_Overflow_boundedcpy 240 data = NULL; data = new int64_t[100]; goodG2BSink_b(data); void goodG2BSink_d(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19676 68800/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_54.cpp Buffer_Overflow_boundedcpy 275 data = NULL; data = new int64_t[50]; badSink_b(data); void badSink_e(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19677 68800/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_54.cpp Buffer_Overflow_boundedcpy 291 data = NULL; data = new int64_t[100]; goodG2BSink_b(data); void goodG2BSink_e(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19678 68801/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_61.cpp Buffer_Overflow_boundedcpy 56 data = NULL; data = goodG2BSource(data); int64_t * goodG2BSource(int64_t * data) data = new int64_t[100]; return data; data = badSourgoodG2BSourcece(data); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19679 68801/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_61.cpp Buffer_Overflow_boundedcpy 35 data = NULL; data = badSource(data); int64_t * badSource(int64_t * data) data = new int64_t[50]; return data; data = badSource(data); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19680 68802/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 56 data = NULL; goodG2BSource(data); void goodG2BSource(int64_t * &data); data = new int64_t[100]; int64_t source[100] = {0}; data = new int64_t[100]; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19681 68802/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 35 data = NULL; badSource(data); void badSource(int64_t * &data); data = new int64_t[50]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19682 68803/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_63.cpp Buffer_Overflow_boundedcpy 120 data = NULL; data = new int64_t[50]; badSink(&data); void badSink(int64_t * * dataPtr) int64_t * data = *dataPtr; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19683 68803/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_63.cpp Buffer_Overflow_boundedcpy 137 data = NULL; data = new int64_t[100]; goodG2BSink(&data); void goodG2BSink(int64_t * * dataPtr) int64_t * data = *dataPtr; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19684 68804/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_64.cpp Buffer_Overflow_boundedcpy 143 data = NULL; data = new int64_t[100]; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) int64_t * * dataPtr = (int64_t * *)dataVoidPtr; int64_t * data = (*dataPtr); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19685 68804/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_64.cpp Buffer_Overflow_boundedcpy 123 data = NULL; data = new int64_t[50]; badSink(&data); void badSink(void * dataVoidPtr) int64_t * * dataPtr = (int64_t * *)dataVoidPtr; int64_t * data = (*dataPtr); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19686 68805/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_65.cpp Buffer_Overflow_boundedcpy 123 void (*funcPtr) (int64_t *) = badSink; data = NULL; data = new int64_t[50]; funcPtr(data); void badSink(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19687 68805/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_65.cpp Buffer_Overflow_boundedcpy 139 void (*funcPtr) (int64_t *) = goodG2BSink; data = NULL; data = new int64_t[100]; funcPtr(data); void goodG2BSink(int64_t * data) int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19688 68806/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_66.cpp Buffer_Overflow_boundedcpy 128 int64_t * dataArray[5]; data = NULL; data = new int64_t[50]; dataArray[2] = data; badSink(dataArray); void badSink(int64_t * dataArray[]) int64_t * data = dataArray[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19689 68806/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_66.cpp Buffer_Overflow_boundedcpy 145 int64_t * dataArray[5]; data = NULL; data = new int64_t[100]; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(int64_t * dataArray[]) int64_t * data = dataArray[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19690 68807/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_67.cpp Buffer_Overflow_boundedcpy 151 structType myStruct; data = NULL; data = new int64_t[100]; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) int64_t * data = myStruct.structFirst; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19691 68807/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_67.cpp Buffer_Overflow_boundedcpy 134 structType myStruct; data = NULL; data = new int64_t[50]; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) int64_t * data = myStruct.structFirst; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19692 68808/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_68.cpp Buffer_Overflow_boundedcpy 131 data = NULL; data = new int64_t[50]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_68_badData = data; badSink(); void badSink() int64_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_68_badData; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19693 68808/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_68.cpp Buffer_Overflow_boundedcpy 148 data = NULL; data = new int64_t[100]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_68_goodG2BData = data; goodG2BSink(); void goodG2BSink(); int64_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_68_goodG2BData; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19694 68809/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 139 vector dataVector; data = NULL; data = new int64_t[50]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int64_t * data = dataVector[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19695 68809/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 156 vector dataVector; data = new int64_t[100]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int64_t * data = dataVector[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19696 68810/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 139 list dataList; data = NULL; data = new int64_t[50]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int64_t * data = dataList.back(); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19697 68810/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 156 list dataList; data = NULL; data = new int64_t[100]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int64_t * data = dataList.back(); int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19698 68811/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 139 map dataMap; data = NULL; data = new int64_t[50]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int64_t * data = dataMap[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19699 68811/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 156 map dataMap; data = NULL; data = new int64_t[100]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int64_t * data = dataMap[2]; int64_t source[100] = {0}; memcpy(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19700 68816/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_01.cpp Buffer_Overflow_boundedcpy 33 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19701 68816/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_01.cpp Buffer_Overflow_boundedcpy 53 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19702 68817/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_02.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19703 68817/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_02.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19704 68818/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_03.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19705 68818/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_03.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19706 68819/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_04.cpp Buffer_Overflow_boundedcpy 70 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19707 68819/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_04.cpp Buffer_Overflow_boundedcpy 42 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19708 68820/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_05.cpp Buffer_Overflow_boundedcpy 70 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19709 68820/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_05.cpp Buffer_Overflow_boundedcpy 42 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19710 68821/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_06.cpp Buffer_Overflow_boundedcpy 41 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19711 68821/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_06.cpp Buffer_Overflow_boundedcpy 69 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19712 68822/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_07.cpp Buffer_Overflow_boundedcpy 41 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19713 68822/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_07.cpp Buffer_Overflow_boundedcpy 69 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19714 68823/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_08.cpp Buffer_Overflow_boundedcpy 49 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19715 68823/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_08.cpp Buffer_Overflow_boundedcpy 77 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19716 68824/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_09.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19717 68824/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_09.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19718 68825/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_10.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19719 68825/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_10.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19720 68826/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_11.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19721 68826/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_11.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19722 68827/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_12.cpp Buffer_Overflow_boundedcpy 41 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19723 68827/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_12.cpp Buffer_Overflow_boundedcpy 70 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19724 68828/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_13.cpp Buffer_Overflow_boundedcpy 64 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19725 68828/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_13.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19726 68829/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_14.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19727 68829/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_14.cpp Buffer_Overflow_boundedcpy 36 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19728 68830/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_15.cpp Buffer_Overflow_boundedcpy 42 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19729 68830/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_15.cpp Buffer_Overflow_boundedcpy 71 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19730 68831/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_16.cpp Buffer_Overflow_boundedcpy 61 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19731 68831/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_16.cpp Buffer_Overflow_boundedcpy 37 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19732 68832/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_17.cpp Buffer_Overflow_boundedcpy 61 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19733 68832/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_17.cpp Buffer_Overflow_boundedcpy 37 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19734 68833/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_18.cpp Buffer_Overflow_boundedcpy 57 int64_t * data; data = NULL; data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19735 68833/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_18.cpp Buffer_Overflow_boundedcpy 35 int64_t * data; data = NULL; data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19736 68834/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_21.cpp Buffer_Overflow_boundedcpy 86 data = NULL; data = goodG2B1Source(data); int64_t * goodG2B1Source(int64_t * data) data = new int64_t[100]; return data; data = goodG2B1Source(data); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19737 68834/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_21.cpp Buffer_Overflow_boundedcpy 46 data = NULL; data = badSource(data); int64_t * badSource(int64_t * data) data = new int64_t[50]; return data; data = badSource(data); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19738 68835/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_22.cpp Buffer_Overflow_boundedcpy 67 data = NULL; badGlobal = 1; data = goodG2B1Source(data); int64_t * goodG2B1Source(int64_t * data) data = new int64_t[100]; return data; data = goodG2B1Source(data); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19739 68835/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_22.cpp Buffer_Overflow_boundedcpy 39 data = NULL; data = badSource(data); int64_t * badSource(int64_t * data) data = new int64_t[50]; return data; data = badSource(data); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19740 68836/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_31.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int64_t[50]; int64_t * dataCopy = data; int64_t * data = dataCopy; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19741 68836/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_31.cpp Buffer_Overflow_boundedcpy 60 data = NULL; data = new int64_t[100]; int64_t * dataCopy = data; int64_t * data = dataCopy; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19742 68837/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_32.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new int64_t[50]; int64_t * *dataPtr2 = &data; int64_t * data = *dataPtr2; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19743 68837/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_32.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new int64_t[100]; int64_t * *dataPtr2 = &data; int64_t * data = *dataPtr2; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19744 68838/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_33.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int64_t[50]; int64_t * &dataRef = data; int64_t * data = dataRef; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19745 68838/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_33.cpp Buffer_Overflow_boundedcpy 60 data = NULL; data = new int64_t[100]; int64_t * &dataRef = data; int64_t * data = dataRef; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19746 68839/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_34.cpp Buffer_Overflow_boundedcpy 43 unionType myUnion; data = NULL; data = new int64_t[50]; myUnion.unionFirst = data; int64_t * data = myUnion.unionSecond; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19747 68839/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_34.cpp Buffer_Overflow_boundedcpy 68 unionType myUnion; data = NULL; data = new int64_t[100]; myUnion.unionFirst = data; int64_t * data = myUnion.unionSecond; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19748 68840/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_41.cpp Buffer_Overflow_boundedcpy 29 data = NULL; data = new int64_t[50]; badSink(data); void badSink(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19749 68840/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_41.cpp Buffer_Overflow_boundedcpy 53 data = NULL; data = new int64_t[100]; goodG2BSink(data); void goodG2BSink(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19750 68841/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_42.cpp Buffer_Overflow_boundedcpy 65 data = NULL; data = goodG2BSource(data); static int64_t * goodG2BSource(int64_t * data) data = new int64_t[100]; return data; data = goodG2BSource(data); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19751 68841/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_42.cpp Buffer_Overflow_boundedcpy 39 data = NULL; data = badSource(data); static int64_t * badSource(int64_t * data) data = new int64_t[50]; return data; data = badSource(data); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19752 68842/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_43.cpp Buffer_Overflow_boundedcpy 38 data = NULL; badSource(data); void badSource(int64_t * &data) data = new int64_t[50]; badSource(data); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19753 68842/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_43.cpp Buffer_Overflow_boundedcpy 63 data = NULL; goodG2BSource(data); void goodG2BSource(int64_t * &data) data = new int64_t[100]; goodG2BSource(data); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19754 68843/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_44.cpp Buffer_Overflow_boundedcpy 57 void (*funcPtr) (int64_t *) = goodG2BSink; data = NULL; data = new int64_t[100]; funcPtr(data); static void goodG2BSink(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19755 68843/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_44.cpp Buffer_Overflow_boundedcpy 29 void (*funcPtr) (int64_t *) = badSink; data = NULL; data = new int64_t[50]; funcPtr(data); static void badSink(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19756 68844/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_45.cpp Buffer_Overflow_boundedcpy 33 data = NULL; data = new int64_t[50]; badData = data; badSink(); int64_t * data = badData; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19757 68844/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_45.cpp Buffer_Overflow_boundedcpy 60 data = NULL; data = new int64_t[100]; goodG2BData = data; goodG2BSink(); int64_t * data = goodG2BData; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19758 68845/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_51.cpp Buffer_Overflow_boundedcpy 138 data = NULL; data = new int64_t[100]; goodG2BSink(data); void goodG2BSink(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19759 68845/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_51.cpp Buffer_Overflow_boundedcpy 122 data = NULL; data = new int64_t[50]; badSink(data); void badSink(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19760 68846/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_52.cpp Buffer_Overflow_boundedcpy 189 data = NULL; data = new int64_t[100]; goodG2BSink_b(data); void goodG2BSink_c(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19761 68846/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_52.cpp Buffer_Overflow_boundedcpy 173 data = NULL; data = new int64_t[50]; badSink_b(data); void badSink_c(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19762 68847/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_53.cpp Buffer_Overflow_boundedcpy 240 data = NULL; data = new int64_t[100]; goodG2BSink_b(data); void goodG2BSink_d(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19763 68847/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_53.cpp Buffer_Overflow_boundedcpy 224 data = NULL; data = new int64_t[50]; badSink_b(data); void badSink_d(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19764 68848/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_54.cpp Buffer_Overflow_boundedcpy 291 data = NULL; data = new int64_t[100]; goodG2BSink_b(data); void goodG2BSink_e(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19765 68848/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_54.cpp Buffer_Overflow_boundedcpy 275 data = NULL; data = new int64_t[50]; badSink_b(data); void badSink_e(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19766 68849/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_61.cpp Buffer_Overflow_boundedcpy 35 data = NULL; data = badSource(data); int64_t * badSource(int64_t * data) data = new int64_t[50]; return data; data = badSource(data); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19767 68849/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_61.cpp Buffer_Overflow_boundedcpy 56 data = NULL; data = goodG2BSource(data); int64_t * goodG2BSource(int64_t * data) data = new int64_t[100]; return data; data = goodG2BSource(data); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19768 68850/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_62.cpp Buffer_Overflow_boundedcpy 35 data = NULL; badSource(data); void badSource(int64_t * &data) data = new int64_t[50]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19769 68850/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_62.cpp Buffer_Overflow_boundedcpy 56 data = NULL; goodG2BSource(data) void goodG2BSource(int64_t * &data) data = new int64_t[100]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19770 68851/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_63.cpp Buffer_Overflow_boundedcpy 137 data = NULL; data = new int64_t[100]; goodG2BSink(&data); void goodG2BSink(int64_t * * dataPtr) int64_t * data = *dataPtr; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19771 68851/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_63.cpp Buffer_Overflow_boundedcpy 120 data = NULL; data = new int64_t[50]; badSink(&data); void badSink(int64_t * * dataPtr) int64_t * data = *dataPtr; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19772 68852/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_64.cpp Buffer_Overflow_boundedcpy 123 data = NULL; data = new int64_t[50]; badSink(&data); void badSink(void * dataVoidPtr) int64_t * * dataPtr = (int64_t * *)dataVoidPtr; int64_t * data = (*dataPtr); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19773 68852/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_64.cpp Buffer_Overflow_boundedcpy 143 data = NULL; data = new int64_t[100]; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) int64_t * * dataPtr = (int64_t * *)dataVoidPtr; int64_t * data = (*dataPtr); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19774 68853/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_65.cpp Buffer_Overflow_boundedcpy 139 void (*funcPtr) (int64_t *) = goodG2BSink; data = NULL; data = new int64_t[100]; funcPtr(data); void goodG2BSink(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19775 68853/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_65.cpp Buffer_Overflow_boundedcpy 123 void (*funcPtr) (int64_t *) = badSink; data = NULL; data = new int64_t[50]; funcPtr(data); void badSink(int64_t * data) int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19776 68854/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_66.cpp Buffer_Overflow_boundedcpy 145 int64_t * dataArray[5]; data = NULL; data = new int64_t[100]; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(int64_t * dataArray[]) int64_t * data = dataArray[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19777 68854/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_66.cpp Buffer_Overflow_boundedcpy 128 int64_t * dataArray[5]; data = NULL; data = new int64_t[50]; dataArray[2] = data; badSink(dataArray); void badSink(int64_t * dataArray[]) int64_t * data = dataArray[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19778 68855/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_67.cpp Buffer_Overflow_boundedcpy 134 structType myStruct; data = NULL; data = new int64_t[50]; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) int64_t * data = myStruct.structFirst; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19779 68855/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_67.cpp Buffer_Overflow_boundedcpy 151 structType myStruct; data = NULL; data = new int64_t[100]; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) int64_t * data = myStruct.structFirst; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19780 68856/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_68.cpp Buffer_Overflow_boundedcpy 131 data = NULL; data = new int64_t[50]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_68_badData = data; badSink(); void badSink() int64_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_68_badData; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19781 68856/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_68.cpp Buffer_Overflow_boundedcpy 148 data = NULL; data = new int64_t[100]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() int64_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_68_goodG2BData; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19782 68857/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_72.cpp Buffer_Overflow_boundedcpy 139 vector dataVector; data = NULL; data = new int64_t[50]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int64_t * data = dataVector[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19783 68857/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_72.cpp Buffer_Overflow_boundedcpy 156 vector dataVector; data = new int64_t[100]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int64_t * data = dataVector[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19784 68858/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_73.cpp Buffer_Overflow_boundedcpy 139 list dataList; data = NULL; data = new int64_t[50]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int64_t * data = dataList.back(); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19785 68858/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_73.cpp Buffer_Overflow_boundedcpy 156 list dataList; data = new int64_t[100]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int64_t * data = dataList.back(); int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19786 68859/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_74.cpp Buffer_Overflow_boundedcpy 139 map dataMap; data = NULL; data = new int64_t[50]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int64_t * data = dataMap[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 1 --------------------------------- 19787 68859/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int64_t_memmove_74.cpp Buffer_Overflow_boundedcpy 156 map dataMap; data = NULL; data = new int64_t[100]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int64_t * data = dataMap[2]; int64_t source[100] = {0}; memmove(data, source, 100*sizeof(int64_t)); 0 --------------------------------- 19788 68912/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_01.cpp Buffer_Overflow_boundedcpy 33 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19789 68912/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_01.cpp Buffer_Overflow_boundedcpy 53 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19790 68913/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_02.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19791 68913/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_02.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19792 68914/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_03.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19793 68914/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_03.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19794 68915/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_04.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19795 68915/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_04.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19796 68916/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_05.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19797 68916/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_05.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19798 68917/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_06.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19799 68917/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_06.cpp Buffer_Overflow_boundedcpy 69 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19800 68918/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_07.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19801 68918/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_07.cpp Buffer_Overflow_boundedcpy 69 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19802 68919/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_08.cpp Buffer_Overflow_boundedcpy 49 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19803 68919/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_08.cpp Buffer_Overflow_boundedcpy 77 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19804 68920/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_09.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19805 68920/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_09.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19806 68921/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_10.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19807 68921/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_10.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19808 68922/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_11.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19809 68922/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_11.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19810 68923/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_12.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19811 68923/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_12.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19812 68924/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_13.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19813 68924/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_13.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19814 68925/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_14.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19815 68925/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_14.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19816 68926/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_15.cpp Buffer_Overflow_boundedcpy 71 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19817 68926/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_15.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19818 68927/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_16.cpp Buffer_Overflow_boundedcpy 61 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19819 68927/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_16.cpp Buffer_Overflow_boundedcpy 37 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19820 68928/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_17.cpp Buffer_Overflow_boundedcpy 61 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19821 68928/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_17.cpp Buffer_Overflow_boundedcpy 37 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19822 68929/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_18.cpp Buffer_Overflow_boundedcpy 57 data = NULL; data = new int[100]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19823 68929/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_18.cpp Buffer_Overflow_boundedcpy 35 data = NULL; data = new int[50]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19824 68930/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_21.cpp Buffer_Overflow_boundedcpy 46 data = NULL; data = badSource(data); static int * badSource(int * data) data = new int[50]; return data; data = badSource(data); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19825 68930/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_21.cpp Buffer_Overflow_boundedcpy 86 data = NULL; data = goodG2B1Source(data); static int * goodG2B1Source(int * data) data = new int[100]; return data; data = goodG2B1Source(data); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19826 68931/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_22.cpp Buffer_Overflow_boundedcpy 39 data = NULL; data = badSource(data); int * badSource(int * data) data = new int[50]; return data; data = badSource(data); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19827 68931/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_22.cpp Buffer_Overflow_boundedcpy 67 data = NULL; data = goodG2B1Source(data); int * goodG2B2Source(int * data) data = new int[100]; return data; data = goodG2B1Source(data); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19828 68932/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_31.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int * dataCopy = data; int * data = dataCopy; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19829 68932/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_31.cpp Buffer_Overflow_boundedcpy 60 data = NULL; data = new int[100]; int * dataCopy = data; int * data = dataCopy; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19830 68933/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_32.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new int[50]; int * *dataPtr2 = &data; int * data = *dataPtr2; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19831 68933/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_32.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new int[100]; int * *dataPtr2 = &data; int * data = *dataPtr2; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19832 68934/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_33.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int * &dataRef = data; int * data = dataRef; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19833 68934/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_33.cpp Buffer_Overflow_boundedcpy 60 data = NULL; data = new int[100]; int * &dataRef = data; int * data = dataRef; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19834 68935/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_34.cpp Buffer_Overflow_boundedcpy 68 unionType myUnion; data = NULL; data = new int[100]; myUnion.unionFirst = data; int * data = myUnion.unionSecond; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19835 68935/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_34.cpp Buffer_Overflow_boundedcpy 43 unionType myUnion; data = NULL; data = new int[50]; myUnion.unionFirst = data; int * data = myUnion.unionSecond; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19836 68936/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_41.cpp Buffer_Overflow_boundedcpy 29 data = NULL; data = new int[50]; badSink(data); void badSink(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); data = new int[50]; 1 --------------------------------- 19837 68936/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_41.cpp Buffer_Overflow_boundedcpy 53 data = NULL; data = new int[100]; goodG2BSink(data); void goodG2BSink(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19838 68937/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_42.cpp Buffer_Overflow_boundedcpy 39 data = NULL; data = badSource(data); static int * badSource(int * data) data = new int[50]; return data; data = badSource(data); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19839 68937/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_42.cpp Buffer_Overflow_boundedcpy 65 data = NULL; data = goodG2BSource(data); static int * goodG2BSource(int * data) data = new int[100]; return data; data = goodG2BSource(data); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19840 68938/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_43.cpp Buffer_Overflow_boundedcpy 63 data = NULL; goodG2BSource(data); data = new int[100]; goodG2BSource(data); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19841 68938/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_43.cpp Buffer_Overflow_boundedcpy 38 data = NULL; badSource(data); data = new int[50]; badSource(data); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19842 68939/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_44.cpp Buffer_Overflow_boundedcpy 57 void (*funcPtr) (int *) = goodG2BSink; data = NULL; data = new int[100]; funcPtr(data); static void goodG2BSink(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19843 68939/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_44.cpp Buffer_Overflow_boundedcpy 29 void (*funcPtr) (int *) = badSink; data = NULL; data = new int[50]; funcPtr(data); static void badSink(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19844 68940/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_45.cpp Buffer_Overflow_boundedcpy 33 data = NULL; data = new int[50]; badData = data; badSink(); static void badSink() int * data = badData; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19845 68940/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_45.cpp Buffer_Overflow_boundedcpy 60 data = NULL; data = new int[100]; goodG2BSink(data); static void goodG2BSink() int * data = goodG2BData; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19846 68941/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_51.cpp Buffer_Overflow_boundedcpy 138 data = NULL; data = new int[100]; goodG2BSink(data); void goodG2BSink(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19847 68941/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_51.cpp Buffer_Overflow_boundedcpy 122 data = NULL; data = new int[50]; badSink(data); void badSink(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19848 68942/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_52.cpp Buffer_Overflow_boundedcpy 189 data = NULL; data = new int[100]; goodG2BSink_b(data); void goodG2BSink_c(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19849 68942/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_52.cpp Buffer_Overflow_boundedcpy 173 data = NULL; data = new int[50]; badSink_b(data); void badSink_c(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19850 68943/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_53.cpp Buffer_Overflow_boundedcpy 224 data = NULL; data = new int[50]; badSink_b(data); void badSink_d(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19851 68943/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_53.cpp Buffer_Overflow_boundedcpy 240 data = NULL; data = new int[100]; goodG2BSink_b(data); void goodG2BSink_d(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19852 68944/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_54.cpp Buffer_Overflow_boundedcpy 291 data = NULL; data = new int[100]; goodG2BSink_b(data); void goodG2BSink_e(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19853 68944/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_54.cpp Buffer_Overflow_boundedcpy 275 data = NULL; data = new int[50]; badSink_b(data); void badSink_e(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19854 68945/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_61.cpp Buffer_Overflow_boundedcpy 56 data = NULL; data = goodG2BSource(data); int * goodG2BSource(int * data) data = new int[100]; return data; data = goodG2BSource(data); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19855 68945/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_61.cpp Buffer_Overflow_boundedcpy 35 data = NULL; data = badSource(data); int * badSource(int * data) data = new int[50]; return data; data = badSource(data); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19856 68946/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_62.cpp Buffer_Overflow_boundedcpy 56 data = NULL; goodG2BSource(data); void goodG2BSource(int * &data); data = new int[50]; goodG2BSource(data); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19857 68946/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_62.cpp Buffer_Overflow_boundedcpy 35 data = NULL; badSource(data); void badSource(int * &data); data = new int[50]; badSource(data); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19858 68947/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_63.cpp Buffer_Overflow_boundedcpy 120 data = NULL; data = new int[50]; badSink(&data); void badSink(int * * dataPtr) int * data = *dataPtr; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19859 68947/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_63.cpp Buffer_Overflow_boundedcpy 137 data = NULL; data = new int[100]; goodG2BSink(&data); void goodG2BSink(int * * dataPtr) int * data = *dataPtr; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19860 68948/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_64.cpp Buffer_Overflow_boundedcpy 143 data = NULL; data = new int[100]; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) int * * dataPtr = (int * *)dataVoidPtr; int * data = (*dataPtr); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19861 68948/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_64.cpp Buffer_Overflow_boundedcpy 123 data = NULL; data = new int[50]; badSink(&data); void badSink(void * dataVoidPtr) int * * dataPtr = (int * *)dataVoidPtr; int * data = (*dataPtr); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19862 68949/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_65.cpp Buffer_Overflow_boundedcpy 139 void (*funcPtr) (int *) = goodG2BSink; data = NULL; data = new int[100]; funcPtr(data); void goodG2BSink(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19863 68949/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_65.cpp Buffer_Overflow_boundedcpy 123 void (*funcPtr) (int *) = badSink; data = NULL; data = new int[50]; funcPtr(data); void badSink(int * data) int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19864 68950/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_66.cpp Buffer_Overflow_boundedcpy 128 int * dataArray[5]; data = NULL; data = new int[50]; dataArray[2] = data; badSink(dataArray); void badSink(int * dataArray[]) int * data = dataArray[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19865 68950/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_66.cpp Buffer_Overflow_boundedcpy 145 int * dataArray[5]; data = NULL; data = new int[100]; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(int * dataArray[]) int * data = dataArray[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19866 68951/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_67.cpp Buffer_Overflow_boundedcpy 151 structType myStruct; data = NULL; data = new int[100]; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) int * data = myStruct.structFirst; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19867 68951/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_67.cpp Buffer_Overflow_boundedcpy 134 structType myStruct; data = NULL; data = new int[50]; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) int * data = myStruct.structFirst; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19868 68952/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_68.cpp Buffer_Overflow_boundedcpy 148 data = NULL; data = new int[100]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() int * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_68_goodG2BData; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19869 68952/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_68.cpp Buffer_Overflow_boundedcpy 131 data = NULL; data = new int[50]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_68_badData = data; badSink(); void badSink() int * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_68_badData; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19870 68953/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_72.cpp Buffer_Overflow_boundedcpy 156 vector dataVector; data = new int[100]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int * data = dataVector[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19871 68953/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_72.cpp Buffer_Overflow_boundedcpy 139 vector dataVector; data = NULL; data = new int[50]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int * data = dataVector[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19872 68954/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_73.cpp Buffer_Overflow_boundedcpy 156 list dataList; data = new int[100]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int * data = dataList.back(); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19873 68954/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_73.cpp Buffer_Overflow_boundedcpy 139 list dataList; data = NULL; data = new int[50]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int * data = dataList.back(); int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19874 68955/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_74.cpp Buffer_Overflow_boundedcpy 156 map dataMap; data = NULL; data = new int[100]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int * data = dataMap[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 0 --------------------------------- 19875 68955/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memcpy_74.cpp Buffer_Overflow_boundedcpy 139 map dataMap; data = NULL; data = new int[50]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int * data = dataMap[2]; int source[100] = {0}; memcpy(data, source, 100*sizeof(int)); 1 --------------------------------- 19876 68960/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_01.cpp Buffer_Overflow_boundedcpy 53 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19877 68960/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_01.cpp Buffer_Overflow_boundedcpy 33 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19878 68961/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_02.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19879 68961/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_02.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19880 68962/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_03.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19881 68962/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_03.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19882 68963/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_04.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19883 68963/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_04.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19884 68964/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_05.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19885 68964/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_05.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19886 68965/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_06.cpp Buffer_Overflow_boundedcpy 69 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19887 68965/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_06.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19888 68966/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_07.cpp Buffer_Overflow_boundedcpy 69 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19889 68966/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_07.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19890 68967/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_08.cpp Buffer_Overflow_boundedcpy 77 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19891 68967/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_08.cpp Buffer_Overflow_boundedcpy 49 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19892 68968/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_09.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19893 68968/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_09.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19894 68969/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_10.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19895 68969/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_10.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19896 68970/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_11.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19897 68970/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_11.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19898 68971/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_12.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19899 68971/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_12.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19900 68972/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_13.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19901 68972/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_13.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19902 68973/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_14.cpp Buffer_Overflow_boundedcpy 64 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19903 68973/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_14.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19904 68974/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_15.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19905 68974/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_15.cpp Buffer_Overflow_boundedcpy 71 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19906 68975/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_16.cpp Buffer_Overflow_boundedcpy 37 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19907 68975/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_16.cpp Buffer_Overflow_boundedcpy 61 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19908 68976/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_17.cpp Buffer_Overflow_boundedcpy 37 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19909 68976/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_17.cpp Buffer_Overflow_boundedcpy 61 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19910 68977/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_18.cpp Buffer_Overflow_boundedcpy 35 data = NULL; data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19911 68977/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_18.cpp Buffer_Overflow_boundedcpy 57 data = NULL; data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19912 68978/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_21.cpp Buffer_Overflow_boundedcpy 46 data = NULL; data = badSource(data); static int * badSource(int * data) data = new int[50]; return data; data = badSource(data); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19913 68978/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_21.cpp Buffer_Overflow_boundedcpy 86 data = NULL; data = goodG2B1Source(data); static int * goodG2B1Source(int * data) data = new int[100]; return data; data = goodG2B1Source(data); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19914 68979/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_22.cpp Buffer_Overflow_boundedcpy 67 data = NULL; data = goodG2B1Source(data); int * goodG2B1Source(int * data); data = new int[100]; return data; data = goodG2B1Source(data); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19915 68979/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_22.cpp Buffer_Overflow_boundedcpy 39 data = NULL; data = badSource(data); int * badSource(int * data); data = new int[50]; return data; data = badSource(data); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19916 68980/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_31.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int * dataCopy = data; int * data = dataCopy; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19917 68980/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_31.cpp Buffer_Overflow_boundedcpy 60 data = NULL; data = new int[100]; int * dataCopy = data; int * data = dataCopy; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19918 68981/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_32.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new int[100]; int * *dataPtr2 = &data; int * data = *dataPtr2; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19919 68981/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_32.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new int[50]; int * *dataPtr2 = &data; int * data = *dataPtr2; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19920 68982/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_33.cpp Buffer_Overflow_boundedcpy 36 data = NULL; data = new int[50]; int * &dataRef = data; int * data = dataRef; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19921 68982/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_33.cpp Buffer_Overflow_boundedcpy 60 data = NULL; data = new int[100]; int * &dataRef = data; int * data = dataRef; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19922 68983/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_34.cpp Buffer_Overflow_boundedcpy 43 unionType myUnion; data = NULL; data = new int[50]; myUnion.unionFirst = data; int * data = myUnion.unionSecond; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19923 68983/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_34.cpp Buffer_Overflow_boundedcpy 68 unionType myUnion; data = NULL; data = new int[100]; myUnion.unionFirst = data; int * data = myUnion.unionSecond; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19924 68984/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_41.cpp Buffer_Overflow_boundedcpy 53 data = NULL; data = new int[100]; goodG2BSink(data); void goodG2BSink(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19925 68984/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_41.cpp Buffer_Overflow_boundedcpy 29 data = NULL; data = new int[50]; badSink(data); void badSink(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19926 68985/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_42.cpp Buffer_Overflow_boundedcpy 65 data = NULL; data = goodG2BSource(data); static int * goodG2BSource(int * data) data = new int[100]; return data; data = goodG2BSource(data); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19927 68985/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_42.cpp Buffer_Overflow_boundedcpy 39 data = NULL; data = badSource(data); static int * badSource(int * data) data = new int[50]; return data; data = badSource(data); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19928 68986/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_43.cpp Buffer_Overflow_boundedcpy 38 data = NULL; badSource(data); void badSource(int * &data) data = new int[50]; badSource(data); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19929 68986/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_43.cpp Buffer_Overflow_boundedcpy 63 data = NULL; goodG2BSource(data); void goodG2BSource(int * &data) data = new int[100]; goodG2BSource(data); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19930 68987/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_44.cpp Buffer_Overflow_boundedcpy 29 void (*funcPtr) (int *) = badSink; data = NULL; data = new int[50]; funcPtr(data); static void badSink(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19931 68987/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_44.cpp Buffer_Overflow_boundedcpy 57 void (*funcPtr) (int *) = goodG2BSink; data = NULL; data = new int[100]; funcPtr(data); static void goodG2BSink(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19932 68988/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_45.cpp Buffer_Overflow_boundedcpy 33 data = NULL; data = new int[50]; badData = data; badSink(); static void badSink() int * data = badData; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19933 68988/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_45.cpp Buffer_Overflow_boundedcpy 60 data = NULL; data = new int[100]; goodG2BData = data; goodG2BSink(); static void goodG2BSink() int * data = goodG2BData; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19934 68989/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_51.cpp Buffer_Overflow_boundedcpy 138 data = NULL; data = new int[100]; goodG2BSink(data); void goodG2BSink(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19935 68989/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_51.cpp Buffer_Overflow_boundedcpy 122 data = NULL; data = new int[50]; badSink(data); void badSink(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19936 68990/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_52.cpp Buffer_Overflow_boundedcpy 173 data = NULL; data = new int[50]; badSink_b(data); void badSink_c(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19937 68990/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_52.cpp Buffer_Overflow_boundedcpy 189 data = NULL; data = new int[100]; goodG2BSink_b(data); void goodG2BSink_c(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19938 68991/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_53.cpp Buffer_Overflow_boundedcpy 224 data = NULL; data = new int[50]; badSink_b(data); void badSink_d(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19939 68991/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_53.cpp Buffer_Overflow_boundedcpy 240 data = NULL; data = new int[100]; goodG2BSink_b(data); void goodG2BSink_d(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19940 68992/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_54.cpp Buffer_Overflow_boundedcpy 291 data = NULL; data = new int[100]; goodG2BSink_b(data); void goodG2BSink_e(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19941 68992/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_54.cpp Buffer_Overflow_boundedcpy 275 data = NULL; data = new int[50]; badSink_b(data); void badSink_e(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19942 68993/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_61.cpp Buffer_Overflow_boundedcpy 56 data = NULL; data = goodG2BSource(data); int * goodG2BSource(int * data); data = new int[100]; return data; data = goodG2BSource(data); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19943 68993/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_61.cpp Buffer_Overflow_boundedcpy 35 data = NULL; data = badSource(data); int * badSource(int * data); data = new int[50]; return data; data = badSource(data); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19944 68994/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_62.cpp Buffer_Overflow_boundedcpy 56 data = NULL; goodG2BSource(data); void goodG2BSource(int * &data); data = new int[100]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19945 68994/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_62.cpp Buffer_Overflow_boundedcpy 35 data = NULL; badSource(data); void badSource(int * &data); data = new int[50]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19946 68995/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_63.cpp Buffer_Overflow_boundedcpy 120 data = NULL; data = new int[50]; badSink(&data); void badSink(int * * dataPtr) int * data = *dataPtr; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19947 68995/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_63.cpp Buffer_Overflow_boundedcpy 137 data = NULL; data = new int[100]; goodG2BSink(&data); void goodG2BSink(int * * dataPtr) int * data = *dataPtr; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19948 68996/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_64.cpp Buffer_Overflow_boundedcpy 123 data = NULL; data = new int[50]; badSink(&data); void badSink(void * dataVoidPtr) int * * dataPtr = (int * *)dataVoidPtr; int * data = (*dataPtr); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19949 68996/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_64.cpp Buffer_Overflow_boundedcpy 143 data = NULL; data = new int[100]; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) int * * dataPtr = (int * *)dataVoidPtr; int * data = (*dataPtr); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19950 68997/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_65.cpp Buffer_Overflow_boundedcpy 139 void (*funcPtr) (int *) = goodG2BSink; data = NULL; data = new int[100]; funcPtr(data); void goodG2BSink(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19951 68997/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_65.cpp Buffer_Overflow_boundedcpy 123 void (*funcPtr) (int *) = badSink; data = NULL; data = new int[50]; funcPtr(data); void badSink(int * data) int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19952 68998/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_66.cpp Buffer_Overflow_boundedcpy 128 int * dataArray[5]; data = NULL; data = new int[50]; dataArray[2] = data; badSink(dataArray); void badSink(int * dataArray[]) int * data = dataArray[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19953 68998/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_66.cpp Buffer_Overflow_boundedcpy 145 int * dataArray[5]; data = NULL; data = new int[100]; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(int * dataArray[]) int * data = dataArray[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19954 68999/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_67.cpp Buffer_Overflow_boundedcpy 134 structType myStruct; data = NULL; data = new int[50]; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) int * data = myStruct.structFirst; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19955 68999/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_67.cpp Buffer_Overflow_boundedcpy 151 structType myStruct; data = NULL; data = new int[100]; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) int * data = myStruct.structFirst; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19956 69000/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_68.cpp Buffer_Overflow_boundedcpy 131 data = NULL; data = new int[50]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_68_badData = data; badSink(); void badSink(); int * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_68_badData; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19957 69000/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_68.cpp Buffer_Overflow_boundedcpy 148 data = NULL; data = new int[100]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_68_goodG2BData = data; goodG2BSink(); void goodG2BSink(); int * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_68_goodG2BData; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19958 69001/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_72.cpp Buffer_Overflow_boundedcpy 139 vector dataVector; data = NULL; data = new int[50]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) int * data = dataVector[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19959 69001/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_72.cpp Buffer_Overflow_boundedcpy 156 vector dataVector; data = NULL; data = new int[100]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) int * data = dataVector[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19960 69002/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_73.cpp Buffer_Overflow_boundedcpy 139 list dataList; data = NULL; data = new int[50]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) int * data = dataList.back(); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19961 69002/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_73.cpp Buffer_Overflow_boundedcpy 156 list dataList; data = NULL; data = new int[100]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) int * data = dataList.back(); int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19962 69003/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_74.cpp Buffer_Overflow_boundedcpy 139 map dataMap; data = NULL; data = new int[50]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) int * data = dataMap[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 1 --------------------------------- 19963 69003/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_int_memmove_74.cpp Buffer_Overflow_boundedcpy 156 map dataMap; data = NULL; data = new int[100]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) int * data = dataMap[2]; int source[100] = {0}; memmove(data, source, 100*sizeof(int)); 0 --------------------------------- 19964 69056/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_01.cpp Buffer_Overflow_boundedcpy 62 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19965 69056/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_01.cpp Buffer_Overflow_boundedcpy 38 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19966 69057/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19967 69057/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_02.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19968 69058/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19969 69058/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_03.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19970 69059/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 79 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19971 69059/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_04.cpp Buffer_Overflow_boundedcpy 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19972 69060/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 79 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19973 69060/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_05.cpp Buffer_Overflow_boundedcpy 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19974 69061/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 78 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19975 69061/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_06.cpp Buffer_Overflow_boundedcpy 46 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19976 69062/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 78 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19977 69062/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_07.cpp Buffer_Overflow_boundedcpy 46 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19978 69063/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 86 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19979 69063/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_08.cpp Buffer_Overflow_boundedcpy 54 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19980 69064/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19981 69064/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_09.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19982 69065/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19983 69065/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_10.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19984 69066/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19985 69066/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_11.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19986 69067/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_12.cpp Buffer_Overflow_boundedcpy 81 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19987 69067/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_12.cpp Buffer_Overflow_boundedcpy 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19988 69068/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19989 69068/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_13.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19990 69069/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19991 69069/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_14.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19992 69070/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 80 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19993 69070/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_15.cpp Buffer_Overflow_boundedcpy 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19994 69071/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_16.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19995 69071/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_16.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19996 69072/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_17.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 19997 69072/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_17.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19998 69073/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_18.cpp Buffer_Overflow_boundedcpy 40 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 19999 69073/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_18.cpp Buffer_Overflow_boundedcpy 66 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20000 69074/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 51 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data;return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20001 69074/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_21.cpp Buffer_Overflow_boundedcpy 95 data = NULL; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data;return data; data = goodG2B1Source(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20002 69075/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 43 data = NULL; data = badSource(data); wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20003 69075/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_22.cpp Buffer_Overflow_boundedcpy 74 data = NULL; data = goodG2B1Source(data); wchar_t * goodG2B1Source(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2B1Source(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20004 69076/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_31.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20005 69076/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_31.cpp Buffer_Overflow_boundedcpy 69 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20006 69077/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_32.cpp Buffer_Overflow_boundedcpy 46 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = new wchar_t[50]; data[0] = L'\0'; *dataPtr1 = data; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20007 69077/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_32.cpp Buffer_Overflow_boundedcpy 79 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = new wchar_t[100]; data[0] = L'\0'; *dataPtr1 = data; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20008 69078/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 41 wchar_t * &dataRef = data; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20009 69078/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_33.cpp Buffer_Overflow_boundedcpy 69 wchar_t * &dataRef = data; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20010 69079/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_34.cpp Buffer_Overflow_boundedcpy 48 unionType myUnion; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20011 69079/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_34.cpp Buffer_Overflow_boundedcpy 77 unionType myUnion; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20012 69080/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_41.cpp Buffer_Overflow_boundedcpy 33 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20013 69080/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_41.cpp Buffer_Overflow_boundedcpy 61 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20014 69081/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_42.cpp Buffer_Overflow_boundedcpy 44 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20015 69081/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_42.cpp Buffer_Overflow_boundedcpy 74 data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20016 69082/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 43 data = NULL; badSource(data); void badSource(wchar_t * &data) data = new wchar_t[50]; data[0] = L'\0'; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20017 69082/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_43.cpp Buffer_Overflow_boundedcpy 72 data = NULL; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = new wchar_t[100]; data[0] = L'\0'; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20018 69083/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_44.cpp Buffer_Overflow_boundedcpy 65 void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20019 69083/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_44.cpp Buffer_Overflow_boundedcpy 33 void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20020 69084/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_45.cpp Buffer_Overflow_boundedcpy 68 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20021 69084/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_45.cpp Buffer_Overflow_boundedcpy 37 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badData = data; badSink(); static void badSink() wchar_t * data = badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20022 69085/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_51.cpp Buffer_Overflow_boundedcpy 149 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20023 69085/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_51.cpp Buffer_Overflow_boundedcpy 130 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20024 69086/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_52.cpp Buffer_Overflow_boundedcpy 202 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink_b(data); void goodG2BSink_c(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20025 69086/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_52.cpp Buffer_Overflow_boundedcpy 183 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink_b(data); void badSink_c(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20026 69087/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_53.cpp Buffer_Overflow_boundedcpy 236 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink_b(data); void badSink_d(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20027 69087/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_53.cpp Buffer_Overflow_boundedcpy 255 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink_b(data); void goodG2BSink_d(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20028 69088/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_54.cpp Buffer_Overflow_boundedcpy 289 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink_b(data); void badSink_e(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20029 69088/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_54.cpp Buffer_Overflow_boundedcpy 308 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink_b(data); void goodG2BSink_e(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20030 69089/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_61.cpp Buffer_Overflow_boundedcpy 39 data = NULL; data = badSource(data); wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20031 69089/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_61.cpp Buffer_Overflow_boundedcpy 63 data = NULL; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20032 69090/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 39 data = NULL; badSource(data); void badSource(wchar_t * &data); data = new wchar_t[50]; data[0] = L'\0'; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20033 69090/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_62.cpp Buffer_Overflow_boundedcpy 63 data = NULL; goodG2BSource(data); void goodG2BSource(wchar_t * &data) data[0] = L'\0'; data = new wchar_t[100]; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20034 69091/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_63.cpp Buffer_Overflow_boundedcpy 148 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(&data); void goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20035 69091/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_63.cpp Buffer_Overflow_boundedcpy 128 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(&data); void badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20036 69092/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_64.cpp Buffer_Overflow_boundedcpy 131 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(&data); void badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20037 69092/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_64.cpp Buffer_Overflow_boundedcpy 154 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20038 69093/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_65.cpp Buffer_Overflow_boundedcpy 150 void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; funcPtr(data); void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20039 69093/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_65.cpp Buffer_Overflow_boundedcpy 131 void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; funcPtr(data); void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20040 69094/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_66.cpp Buffer_Overflow_boundedcpy 136 wchar_t * dataArray[5]; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataArray[2] = data; badSink(dataArray); void badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20041 69094/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_66.cpp Buffer_Overflow_boundedcpy 156 wchar_t * dataArray[5]; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20042 69095/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_67.cpp Buffer_Overflow_boundedcpy 142 structType myStruct; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20043 69095/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_67.cpp Buffer_Overflow_boundedcpy 162 structType myStruct; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20044 69096/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_68.cpp Buffer_Overflow_boundedcpy 139 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_68_badData = data; badSink(); void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20045 69096/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_68.cpp Buffer_Overflow_boundedcpy 159 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20046 69097/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 147 vector dataVector; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20047 69097/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_72.cpp Buffer_Overflow_boundedcpy 167 vector dataVector; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20048 69098/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 147 list dataList; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20049 69098/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_73.cpp Buffer_Overflow_boundedcpy 167 list dataList; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20050 69099/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 147 list dataList; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20051 69099/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memcpy_74.cpp Buffer_Overflow_boundedcpy 167 dlist dataList; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memcpy(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20052 69104/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_01.cpp Buffer_Overflow_boundedcpy 38 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20053 69104/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_01.cpp Buffer_Overflow_boundedcpy 62 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20054 69105/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_02.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20055 69105/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_02.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20056 69106/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_03.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20057 69106/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_03.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20058 69107/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_04.cpp Buffer_Overflow_boundedcpy 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20059 69107/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_04.cpp Buffer_Overflow_boundedcpy 79 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20060 69108/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_05.cpp Buffer_Overflow_boundedcpy 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20061 69108/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_05.cpp Buffer_Overflow_boundedcpy 79 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20062 69109/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_06.cpp Buffer_Overflow_boundedcpy 46 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20063 69109/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_06.cpp Buffer_Overflow_boundedcpy 78 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20064 69110/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_07.cpp Buffer_Overflow_boundedcpy 46 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20065 69110/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_07.cpp Buffer_Overflow_boundedcpy 78 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20066 69111/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_08.cpp Buffer_Overflow_boundedcpy 86 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20067 69111/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_08.cpp Buffer_Overflow_boundedcpy 54 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20068 69112/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_09.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20069 69112/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_09.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20070 69113/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_10.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20071 69113/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_10.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20072 69114/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_11.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20073 69114/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_11.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20074 69115/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_12.cpp Buffer_Overflow_boundedcpy 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20075 69115/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_12.cpp Buffer_Overflow_boundedcpy 81 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20076 69116/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_13.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20077 69116/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_13.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20078 69117/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_14.cpp Buffer_Overflow_boundedcpy 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20079 69117/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_14.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20080 69118/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_15.cpp Buffer_Overflow_boundedcpy 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20081 69118/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_15.cpp Buffer_Overflow_boundedcpy 80 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20082 69119/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_16.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20083 69119/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_16.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20084 69120/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_17.cpp Buffer_Overflow_boundedcpy 70 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20085 69120/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_17.cpp Buffer_Overflow_boundedcpy 42 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20086 69121/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_18.cpp Buffer_Overflow_boundedcpy 40 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20087 69121/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_18.cpp Buffer_Overflow_boundedcpy 66 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20088 69122/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_21.cpp Buffer_Overflow_boundedcpy 51 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20089 69122/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_21.cpp Buffer_Overflow_boundedcpy 95 data = NULL; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; data = goodG2B1Source(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20090 69123/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_22.cpp Buffer_Overflow_boundedcpy 43 data = NULL; data = badSource(data); wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20091 69123/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_22.cpp Buffer_Overflow_boundedcpy 74 data = NULL; badGlobal = 1; data = goodG2B1Source(data); wchar_t * goodG2B1Source(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2B1Source(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20092 69124/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_31.cpp Buffer_Overflow_boundedcpy 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20093 69124/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_31.cpp Buffer_Overflow_boundedcpy 69 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20094 69125/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_32.cpp Buffer_Overflow_boundedcpy 79 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20095 69125/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_32.cpp Buffer_Overflow_boundedcpy 46 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20096 69126/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 41 wchar_t * &dataRef = data; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20097 69126/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_33.cpp Buffer_Overflow_boundedcpy 69 wchar_t * &dataRef = data; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20098 69127/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_34.cpp Buffer_Overflow_boundedcpy 48 unionType myUnion; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20099 69127/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_34.cpp Buffer_Overflow_boundedcpy 77 unionType myUnion; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20100 69128/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_41.cpp Buffer_Overflow_boundedcpy 61 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20101 69128/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_41.cpp Buffer_Overflow_boundedcpy 33 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20102 69129/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_42.cpp Buffer_Overflow_boundedcpy 44 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20103 69129/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_42.cpp Buffer_Overflow_boundedcpy 74 data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20104 69130/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 72 data = NULL; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = new wchar_t[100]; data[0] = L'\0'; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20105 69130/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 43 data = NULL; badSource(data); void badSource(wchar_t * &data) data = new wchar_t[50]; data[0] = L'\0'; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20106 69131/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_44.cpp Buffer_Overflow_boundedcpy 33 void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20107 69131/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_44.cpp Buffer_Overflow_boundedcpy 65 void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20108 69132/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_45.cpp Buffer_Overflow_boundedcpy 37 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badData = data; badSink(); static void badSink() wchar_t * data = badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20109 69132/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_45.cpp Buffer_Overflow_boundedcpy 68 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BData = data; goodG2BSink(); static void badSink() wchar_t * data = goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20110 69133/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_51.cpp Buffer_Overflow_boundedcpy 149 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20111 69133/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_51.cpp Buffer_Overflow_boundedcpy 130 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20112 69134/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_52.cpp Buffer_Overflow_boundedcpy 183 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink_b(data); void badSink_c(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20113 69134/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_52.cpp Buffer_Overflow_boundedcpy 202 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink_b(data); void goodG2BSink_c(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20114 69135/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_53.cpp Buffer_Overflow_boundedcpy 255 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink_b(data); void goodG2BSink_d(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20115 69135/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_53.cpp Buffer_Overflow_boundedcpy 236 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink_b(data); void badSink_d(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20116 69136/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_54.cpp Buffer_Overflow_boundedcpy 308 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink_b(data); void goodG2BSink_e(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20117 69136/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_54.cpp Buffer_Overflow_boundedcpy 289 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink_b(data); void badSink_e(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20118 69137/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_61.cpp Buffer_Overflow_boundedcpy 63 data = NULL; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20119 69137/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_61.cpp Buffer_Overflow_boundedcpy 39 data = NULL; data = badSource(data); wchar_t * badSource(wchar_t * data); data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20120 69138/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 63 data = NULL; goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = new wchar_t[100]; data[0] = L'\0'; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20121 69138/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 39 data = NULL; badSource(data); void badSource(wchar_t * &data) data = new wchar_t[50]; data[0] = L'\0'; badSource(data); void badSource(wchar_t * &data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20122 69139/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_63.cpp Buffer_Overflow_boundedcpy 128 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(&data); void badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20123 69139/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_63.cpp Buffer_Overflow_boundedcpy 148 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(&data); void goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20124 69140/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_64.cpp Buffer_Overflow_boundedcpy 131 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(&data); void badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20125 69140/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_64.cpp Buffer_Overflow_boundedcpy 154 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20126 69141/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_65.cpp Buffer_Overflow_boundedcpy 150 void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; funcPtr(data); void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20127 69141/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_65.cpp Buffer_Overflow_boundedcpy 131 void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; funcPtr(data); void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20128 69142/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_66.cpp Buffer_Overflow_boundedcpy 136 wchar_t * dataArray[5]; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataArray[2] = data; badSink(dataArray); void badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20129 69142/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_66.cpp Buffer_Overflow_boundedcpy 156 wchar_t * dataArray[5]; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20130 69143/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_67.cpp Buffer_Overflow_boundedcpy 142 structType myStruct; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20131 69143/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_67.cpp Buffer_Overflow_boundedcpy 162 structType myStruct; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) wchar_t * data = myStruct.structFirst; source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20132 69144/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_68.cpp Buffer_Overflow_boundedcpy 159 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_68_badData = data; badSink(); void badSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20133 69144/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_68.cpp Buffer_Overflow_boundedcpy 139 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_68_goodG2BData = data; goodG2BSink(); void goodG2BSink(); wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20134 69145/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 167 vector dataVector; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20135 69145/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 147 vector dataVector; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20136 69146/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 167 list dataList; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20137 69146/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 147 list dataList; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20138 69147/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 167 map dataMap; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 0 --------------------------------- 20139 69147/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 147 map dataMap; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; memmove(data, source, 100*sizeof(wchar_t)); 1 --------------------------------- 20140 69152/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_01.cpp Buffer_Overflow_LowBound 61 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20141 69152/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_01.cpp Buffer_Overflow_LowBound 38 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20142 69153/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_02.cpp Buffer_Overflow_LowBound 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20143 69153/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_02.cpp Buffer_Overflow_LowBound 72 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20144 69154/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_03.cpp Buffer_Overflow_LowBound 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20145 69154/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_03.cpp Buffer_Overflow_LowBound 72 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20146 69155/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_04.cpp Buffer_Overflow_LowBound 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20147 69155/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_04.cpp Buffer_Overflow_LowBound 78 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20148 69156/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_05.cpp Buffer_Overflow_LowBound 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20149 69156/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_05.cpp Buffer_Overflow_LowBound 78 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20150 69157/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_06.cpp Buffer_Overflow_LowBound 77 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20151 69157/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_06.cpp Buffer_Overflow_LowBound 46 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20152 69158/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_07.cpp Buffer_Overflow_LowBound 77 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20153 69158/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_07.cpp Buffer_Overflow_LowBound 46 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20154 69159/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_08.cpp Buffer_Overflow_LowBound 85 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20155 69159/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_08.cpp Buffer_Overflow_LowBound 54 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20156 69160/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_09.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20157 69160/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_09.cpp Off_by_One_Error_in_Methods 72 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20158 69161/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_10.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20159 69161/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_10.cpp Off_by_One_Error_in_Methods 72 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20160 69162/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_11.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20161 69162/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_11.cpp Off_by_One_Error_in_Methods 72 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20162 69163/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_12.cpp Off_by_One_Error_in_Methods 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20163 69163/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_12.cpp Off_by_One_Error_in_Methods 80 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20164 69164/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_13.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20165 69164/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_13.cpp Off_by_One_Error_in_Methods 72 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20166 69165/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_14.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20167 69165/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_14.cpp Off_by_One_Error_in_Methods 72 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20168 69166/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_15.cpp Off_by_One_Error_in_Methods 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20169 69166/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_15.cpp Off_by_One_Error_in_Methods 79 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20170 69167/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_16.cpp Off_by_One_Error_in_Methods 69 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20171 69167/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_16.cpp Off_by_One_Error_in_Methods 42 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20172 69168/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_17.cpp Off_by_One_Error_in_Methods 69 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20173 69168/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_17.cpp Off_by_One_Error_in_Methods 42 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20174 69169/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_18.cpp Off_by_One_Error_in_Methods 65 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20175 69169/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_18.cpp Off_by_One_Error_in_Methods 40 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20176 69170/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_21.cpp Off_by_One_Error_in_Methods 94 data = NULL; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2B1Source(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20177 69170/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_21.cpp Off_by_One_Error_in_Methods 51 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20178 69171/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_22.cpp Off_by_One_Error_in_Methods 73 data = NULL; data = goodG2B1Source(data); wchar_t * goodG2B2Source(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2B1Source(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20179 69171/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_22.cpp Off_by_One_Error_in_Methods 43 data = NULL; data = badSource(data); wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20180 69172/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_31.cpp Off_by_One_Error_in_Methods 68 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20181 69172/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_31.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20182 69173/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_32.cpp Off_by_One_Error_in_Methods 78 data = new wchar_t[100]; data[0] = L'\0'; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20183 69173/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_32.cpp Off_by_One_Error_in_Methods 46 data = new wchar_t[50]; data[0] = L'\0'; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20184 69174/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_33.cpp Off_by_One_Error_in_Methods 68 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t * &dataRef = data; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20185 69174/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_33.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t * &dataRef = data; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20186 69175/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_34.cpp Off_by_One_Error_in_Methods 76 unionType myUnion; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20187 69175/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_34.cpp Off_by_One_Error_in_Methods 48 unionType myUnion; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20188 69176/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_41.cpp Off_by_One_Error_in_Methods 60 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20189 69176/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_41.cpp Off_by_One_Error_in_Methods 33 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20190 69177/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_42.cpp Off_by_One_Error_in_Methods 44 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20191 69177/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_42.cpp Off_by_One_Error_in_Methods 73 data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20192 69178/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_43.cpp Off_by_One_Error_in_Methods 71 data = NULL; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = new wchar_t[100]; data[0] = L'\0'; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20193 69178/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_43.cpp Off_by_One_Error_in_Methods 43 data = NULL; badSource(data); void badSource(wchar_t * &data) data = new wchar_t[50]; data[0] = L'\0'; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20194 69179/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_44.cpp Off_by_One_Error_in_Methods 33 void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20195 69179/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_44.cpp Off_by_One_Error_in_Methods 64 void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20196 69180/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_45.cpp Off_by_One_Error_in_Methods 37 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badData = data; badSink(); static void badSink() wchar_t * data = badData; wchar_t * data = badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20197 69180/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_45.cpp Off_by_One_Error_in_Methods 67 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20198 69181/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_51.cpp Off_by_One_Error_in_Methods 130 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20199 69181/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_51.cpp Off_by_One_Error_in_Methods 148 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20200 69182/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_52.cpp Off_by_One_Error_in_Methods 183 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink_b(data); void badSink_c(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20201 69182/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_52.cpp Off_by_One_Error_in_Methods 201 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink_b(data); void goodG2BSink_c(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20202 69183/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_53.cpp Off_by_One_Error_in_Methods 236 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink_b(data); void badSink_d(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20203 69183/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_53.cpp Off_by_One_Error_in_Methods 254 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink_b(data); void goodG2BSink_d(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20204 69184/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_54.cpp Off_by_One_Error_in_Methods 289 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink_b(data); void badSink_e(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20205 69184/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_54.cpp Off_by_One_Error_in_Methods 307 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink_b(data); void goodG2BSink_e(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20206 69185/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_61.cpp Off_by_One_Error_in_Methods 39 data = NULL; data = badSource(data); wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20207 69185/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_61.cpp Off_by_One_Error_in_Methods 62 data = NULL; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20208 69186/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_62.cpp Off_by_One_Error_in_Methods 39 data = NULL; badSource(data); void badSource(wchar_t * &data); data = new wchar_t[50]; data[0] = L'\0'; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20209 69186/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_62.cpp Off_by_One_Error_in_Methods 62 data = NULL; goodG2BSource(data); void goodG2BSource(wchar_t * &data); data = new wchar_t[100]; data[0] = L'\0'; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20210 69187/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_63.cpp Off_by_One_Error_in_Methods 147 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(&data); void goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20211 69187/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_63.cpp Off_by_One_Error_in_Methods 128 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(&data); void badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20212 69188/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_64.cpp Off_by_One_Error_in_Methods 153 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20213 69188/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_64.cpp Off_by_One_Error_in_Methods 131 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(&data); void badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20214 69189/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_65.cpp Off_by_One_Error_in_Methods 149 wchar_t * dataArray[5]; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20215 69189/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_65.cpp Off_by_One_Error_in_Methods 131 wchar_t * dataArray[5]; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataArray[2] = data; badSink(dataArray); void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20216 69190/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_66.cpp Off_by_One_Error_in_Methods 155 wchar_t * dataArray[5]; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20217 69190/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_66.cpp Off_by_One_Error_in_Methods 136 wchar_t * dataArray[5]; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataArray[2] = data; badSink(dataArray); void badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20218 69191/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_67.cpp Off_by_One_Error_in_Methods 161 structType myStruct; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20219 69191/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_67.cpp Off_by_One_Error_in_Methods 142 structType myStruct; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20220 69192/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_68.cpp Off_by_One_Error_in_Methods 158 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20221 69192/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_68.cpp Off_by_One_Error_in_Methods 139 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_68_badData = data; badSink(); void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20222 69193/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_72.cpp Off_by_One_Error_in_Methods 166 vector dataVector; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20223 69193/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_72.cpp Off_by_One_Error_in_Methods 147 vector dataVector; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20224 69194/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_73.cpp Off_by_One_Error_in_Methods 166 list dataList; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20225 69194/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_73.cpp Off_by_One_Error_in_Methods 147 list dataList; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20226 69195/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_74.cpp Off_by_One_Error_in_Methods 166 map dataMap; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 20227 69195/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_74.cpp Off_by_One_Error_in_Methods 147 map dataMap; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 20228 69200/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_01.cpp Off_by_One_Error_in_Methods 38 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20229 69200/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_01.cpp Off_by_One_Error_in_Methods 62 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20230 69201/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_02.cpp Off_by_One_Error_in_Methods 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20231 69201/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_02.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20232 69202/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_03.cpp Off_by_One_Error_in_Methods 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20233 69202/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_03.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20234 69203/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_04.cpp Off_by_One_Error_in_Methods 79 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20235 69203/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_04.cpp Off_by_One_Error_in_Methods 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20236 69204/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_05.cpp Off_by_One_Error_in_Methods 79 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20237 69204/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_05.cpp Off_by_One_Error_in_Methods 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20238 69205/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_06.cpp Off_by_One_Error_in_Methods 78 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20239 69205/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_06.cpp Off_by_One_Error_in_Methods 46 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20240 69206/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_07.cpp Off_by_One_Error_in_Methods 78 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20241 69206/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_07.cpp Off_by_One_Error_in_Methods 46 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20242 69207/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_08.cpp Off_by_One_Error_in_Methods 86 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20243 69207/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_08.cpp Off_by_One_Error_in_Methods 54 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20244 69208/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_09.cpp Off_by_One_Error_in_Methods 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20245 69208/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_09.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20246 69209/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_10.cpp Off_by_One_Error_in_Methods 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20247 69209/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_10.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20248 69210/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_11.cpp Off_by_One_Error_in_Methods 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20249 69210/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_11.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20250 69211/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_12.cpp Off_by_One_Error_in_Methods 81 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20251 69211/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_12.cpp Off_by_One_Error_in_Methods 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20252 69212/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_13.cpp Off_by_One_Error_in_Methods 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20253 69212/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_13.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20254 69213/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_14.cpp Off_by_One_Error_in_Methods 73 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20255 69213/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_14.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20256 69214/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_15.cpp Off_by_One_Error_in_Methods 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20257 69214/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_15.cpp Off_by_One_Error_in_Methods 80 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20258 69215/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_16.cpp Off_by_One_Error_in_Methods 42 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20259 69215/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_16.cpp Off_by_One_Error_in_Methods 70 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20260 69216/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_17.cpp Off_by_One_Error_in_Methods 42 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20261 69216/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_17.cpp Off_by_One_Error_in_Methods 70 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20262 69217/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_18.cpp Off_by_One_Error_in_Methods 66 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20263 69217/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_18.cpp Off_by_One_Error_in_Methods 40 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20264 69218/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_21.cpp Off_by_One_Error_in_Methods 51 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20265 69218/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_21.cpp Off_by_One_Error_in_Methods 95 data = NULL; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2B1Source(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20266 69219/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_22.cpp Off_by_One_Error_in_Methods 43 data = NULL; data = badSource(data); wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20267 69219/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_22.cpp Off_by_One_Error_in_Methods 74 data = NULL; data = goodG2B1Source(data); wchar_t * badSource(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2B1Source(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20268 69220/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_31.cpp Off_by_One_Error_in_Methods 41 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20269 69220/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_31.cpp Off_by_One_Error_in_Methods 69 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20270 69221/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_32.cpp Off_by_One_Error_in_Methods 79 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20271 69221/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_32.cpp Off_by_One_Error_in_Methods 46 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20272 69222/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_33.cpp Off_by_One_Error_in_Methods 41 wchar_t * &dataRef = data; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20273 69222/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_33.cpp Off_by_One_Error_in_Methods 69 wchar_t * &dataRef = data; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t * data = dataRef; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20274 69223/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_34.cpp Off_by_One_Error_in_Methods 48 unionType myUnion; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20275 69223/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_34.cpp Off_by_One_Error_in_Methods 77 unionType myUnion; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20276 69224/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_41.cpp Off_by_One_Error_in_Methods 33 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20277 69224/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_41.cpp Off_by_One_Error_in_Methods 61 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20278 69225/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_42.cpp Off_by_One_Error_in_Methods 44 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20279 69225/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_42.cpp Off_by_One_Error_in_Methods 74 data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20280 69226/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_43.cpp Off_by_One_Error_in_Methods 43 data = NULL; badSource(data); void badSource(wchar_t * &data) data = new wchar_t[50]; data[0] = L'\0'; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20281 69226/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_43.cpp Off_by_One_Error_in_Methods 72 data = NULL; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = new wchar_t[100]; data[0] = L'\0'; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20282 69227/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_44.cpp Off_by_One_Error_in_Methods 65 void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20283 69227/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_44.cpp Off_by_One_Error_in_Methods 33 void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20284 69228/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_45.cpp Off_by_One_Error_in_Methods 68 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20285 69228/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_45.cpp Off_by_One_Error_in_Methods 37 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badData = data; badSink(); static void badSink() wchar_t * data = badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20286 69229/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_51.cpp Off_by_One_Error_in_Methods 130 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(data); void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20287 69229/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_51.cpp Off_by_One_Error_in_Methods 149 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20288 69230/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_52.cpp Off_by_One_Error_in_Methods 202 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink_b(data); void goodG2BSink_c(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20289 69230/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_52.cpp Off_by_One_Error_in_Methods 183 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink_b(data); void badSink_c(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20290 69231/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_53.cpp Off_by_One_Error_in_Methods 236 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink_b(data); void badSink_c(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20291 69231/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_53.cpp Off_by_One_Error_in_Methods 255 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink_b(data); void goodG2BSink_c(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20292 69232/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_54.cpp Off_by_One_Error_in_Methods 308 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink_b(data); void goodG2BSink_e(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20293 69232/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_54.cpp Off_by_One_Error_in_Methods 289 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink_b(data); void badSink_e(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20294 69233/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_61.cpp Off_by_One_Error_in_Methods 39 data = NULL; data = badSource(data); wchar_t * badSource(wchar_t * data) data = new wchar_t[50]; data[0] = L'\0'; return data; data = badSource(data); data = badSource(data); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20295 69233/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_61.cpp Off_by_One_Error_in_Methods 63 data = NULL; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) data = new wchar_t[100]; data[0] = L'\0'; return data; data = badSource(data); data = badSource(data); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20296 69234/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_62.cpp Off_by_One_Error_in_Methods 39 data = NULL; badSource(data); void badSource(wchar_t * &data) data = new wchar_t[50]; data[0] = L'\0'; badSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20297 69234/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_62.cpp Off_by_One_Error_in_Methods 63 data = NULL; goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = new wchar_t[100]; data[0] = L'\0'; goodG2BSource(data); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20298 69235/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_63.cpp Off_by_One_Error_in_Methods 148 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; goodG2BSink(&data); void goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20299 69235/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_63.cpp Off_by_One_Error_in_Methods 128 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; badSink(&data); void badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20300 69236/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_64.cpp Off_by_One_Error_in_Methods 131 void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; funcPtr(data); void badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20301 69236/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_64.cpp Off_by_One_Error_in_Methods 154 void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; funcPtr(data); void goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20302 69237/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_65.cpp Off_by_One_Error_in_Methods 131 void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; funcPtr(data); void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20303 69237/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_65.cpp Off_by_One_Error_in_Methods 150 void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; funcPtr(data); void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20304 69238/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_66.cpp Off_by_One_Error_in_Methods 156 wchar_t * dataArray[5]; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20305 69238/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_66.cpp Off_by_One_Error_in_Methods 136 wchar_t * dataArray[5]; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataArray[2] = data; badSink(dataArray); void badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20306 69239/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_67.cpp Off_by_One_Error_in_Methods 162 structType myStruct; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20307 69239/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_67.cpp Off_by_One_Error_in_Methods 142 structType myStruct; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20308 69240/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_68.cpp Off_by_One_Error_in_Methods 139 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_68_badData = data; badSink(); void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20309 69240/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_68.cpp Off_by_One_Error_in_Methods 159 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20310 69241/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_72.cpp Off_by_One_Error_in_Methods 147 vector dataVector; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20311 69241/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_72.cpp Off_by_One_Error_in_Methods 167 vector dataVector; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20312 69242/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_73.cpp Off_by_One_Error_in_Methods 147 list dataList; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20313 69242/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_73.cpp Off_by_One_Error_in_Methods 167 list dataList; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20314 69243/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_74.cpp Off_by_One_Error_in_Methods 147 map dataMap; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 20315 69243/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_74.cpp Off_by_One_Error_in_Methods 167 map dataMap; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 20316 69248/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_01.cpp Buffer_Overflow_LowBound 67 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 20317 69248/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_01.cpp Buffer_Overflow_LowBound 44 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 20318 69249/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_02.cpp Buffer_Overflow_LowBound 78 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 20319 69249/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_02.cpp Buffer_Overflow_LowBound 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 20320 69250/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_03.cpp Buffer_Overflow_LowBound 78 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 20321 69250/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_03.cpp Buffer_Overflow_LowBound 47 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 20322 69251/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_04.cpp Buffer_Overflow_LowBound 53 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 20323 69251/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_04.cpp Buffer_Overflow_LowBound 84 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 20324 69252/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_05.cpp Buffer_Overflow_LowBound 53 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 20325 69252/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_05.cpp Buffer_Overflow_LowBound 84 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 20326 69253/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_06.cpp Buffer_Overflow_LowBound 83 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 20327 69253/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_06.cpp Buffer_Overflow_LowBound 52 data = NULL; data = new wchar_t[50]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 20328 69254/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_07.cpp Format_String_Attack 83 data = NULL; data = new wchar_t[100]; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 20329 153323/resowner.c Buffer_Overflow_Indexes 197 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&jumprock_trisilicate,"CANUTE_PUTTING"); if (jumprock_trisilicate != 0) {; whin_mutunus . durion_holdback = jumprock_trisilicate; *poori_ingrapple = whin_mutunus; 0 --------------------------------- 20330 153323/resowner.c Buffer_Overflow_Indexes 192 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20331 153323/resowner.c Buffer_Overflow_Indexes 151 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20332 153323/resowner.c Buffer_Overflow_LowBound 1152 union tardive_finner warworn_warstles = {0}; va_list moider_spithame; __builtin_va_start(moider_spithame,lighterful_empiricists); warworn_warstles = (va_arg(moider_spithame,union tardive_finner )); superinduction_preconcert = ((char *)warworn_warstles . durion_holdback); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(superinduction_preconcert)+1, superinduction_preconcert, "TRIGGER-STATE"); strncpy(stonesoup_data, superinduction_preconcert, strlen(superinduction_preconcert) + 1); 1 --------------------------------- 20333 153724/ffmpeg.c Buffer_Overflow_scanf 2585 int debug = 0; if (scanf("%d",&debug) != 1) { 0 --------------------------------- 20334 153724/ffmpeg.c Buffer_Overflow_scanf 2554 char target[64]; char command[256]; char arg[256] = {(0)}; double time; buf[i] = 0; if (k > 0 && (n = sscanf(buf,"%63[^ ] %lf %255[^ ] %255[^\n]",target,&time,command,arg)) >= 3) { 0 --------------------------------- 20335 153724/ffmpeg.c Buffer_Overflow_Indexes 282 preterlabent_maddock = getenv("SIMMIE_AUDUN"); if (preterlabent_maddock != 0) {; pressor_palaestrian[3] = preterlabent_maddock; capsidae_preoutfitted(1,pressor_palaestrian); void capsidae_preoutfitted(int alesia_decoctum,... ) 0 --------------------------------- 20336 153724/ffmpeg.c Buffer_Overflow_Indexes 3220 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 20337 153724/ffmpeg.c Buffer_Overflow_Indexes 152 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); sub2video_update(ist2,((void *)0)); sub2video_push_ref(ist2,pts2); sub2video_heartbeat(ist,pkt . pts); ret = output_packet(ist,(&pkt)); ret = decode_audio(ist,&avpkt,&got_output); ret = output_packet(ist,(&pkt)); sub2video_heartbeat(ist,pkt . pts); stonesoup_setup_printf_context(); capsidae_preoutfitted(1,pressor_palaestrian); ret = process_input(ist -> file_index); ret = transcode_step(); print_report(0,timer_start,cur_time); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20338 153724/ffmpeg.c Buffer_Overflow_Indexes 3135 int main(int argc,char **argv) parse_loglevel(argc,argv,options); if (argc > 1 && !strcmp(argv[1],"-d")) { argc--; argv++; show_banner(argc,argv,options); ret = ffmpeg_parse_options(argc,argv); if (ret < 0) { 0 --------------------------------- 20339 153724/ffmpeg.c Buffer_Overflow_LowBound 1253 static double psnr(double d) return - 10.0 * log(d) / log(10.0); static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); 0 --------------------------------- 20340 153724/ffmpeg.c Buffer_Overflow_LowBound 1195 buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); 0 --------------------------------- 20341 153724/ffmpeg.c Buffer_Overflow_LowBound 1901 static int init_input_stream(int ist_index,char *error,int error_len) InputStream *ist = input_streams[ist_index]; snprintf(error,error_len,"Decoder (codec %s) not found for input stream #%d:%d",avcodec_get_name(ist -> st -> codec -> codec_id),ist -> file_index,ist -> st -> index); 0 --------------------------------- 20342 153724/ffmpeg.c Buffer_Overflow_LowBound 1243 output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); 0 --------------------------------- 20343 153724/ffmpeg.c Buffer_Overflow_LowBound 1246 static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error_sum += error; scale_sum += scale; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); 0 --------------------------------- 20344 153724/ffmpeg.c Buffer_Overflow_LowBound 1205 ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); char type[3] = {('Y'), ('U'), ('V')}; error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); 0 --------------------------------- 20345 153724/ffmpeg.c Buffer_Overflow_LowBound 1225 static double psnr(double d) return - 10.0 * log(d) / log(10.0); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error_sum += error; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; reset_eagain(); sub2video_heartbeat(ist,pkt . pts); ret = output_packet(ist,(&pkt)); reset_eagain(); ret = process_input(ist -> file_index); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error_sum += error; scale_sum += scale; p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); static void close_output_stream(OutputStream *ost) ost -> finished = 1; static int qp_histogram['4']; if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); 0 --------------------------------- 20346 153724/ffmpeg.c Buffer_Overflow_LowBound 2184 static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; char error[1024]; ost = output_streams[i]; ist = get_input_stream(ost); ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ist = get_input_stream(ost); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); if (!strcmp(ost -> enc -> name,"libx264")) { ist = get_input_stream(ost); static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); 0 --------------------------------- 20347 153724/ffmpeg.c Buffer_Overflow_LowBound 1248 int64_t pts = - 9223372036854775807L - 1; secs = (pts / 1000000); us = (pts % 1000000); mins = secs / 60; secs %= 60; hours = mins / 60; mins %= 60; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); 0 --------------------------------- 20348 153724/ffmpeg.c Buffer_Overflow_LowBound 1186 static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); 0 --------------------------------- 20349 153724/ffmpeg.c Buffer_Overflow_LowBound 1917 static int init_input_stream(int ist_index,char *error,int error_len) InputStream *ist = input_streams[ist_index]; snprintf(error,error_len,"Error while opening decoder for input stream #%d:%d",ist -> file_index,ist -> st -> index); 0 --------------------------------- 20350 153724/ffmpeg.c Buffer_Overflow_LowBound 525 va_list va; char buf[1024]; __builtin_va_start(va,fmt); vsnprintf(buf,sizeof(buf),fmt,va); update_benchmark(((void *)0)); update_benchmark("encode_audio %d.%d",ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("encode_video %d.%d",ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("flush %s %d.%d",desc,ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("decode_audio %d.%d",ist -> file_index,ist -> st -> index); update_benchmark(((void *)0)); update_benchmark("decode_video %d.%d",ist -> file_index,ist -> st -> index); static void update_benchmark(const char *fmt,... ) __builtin_va_start(va,fmt); vsnprintf(buf,sizeof(buf),fmt,va); 0 --------------------------------- 20351 153724/ffmpeg.c Buffer_Overflow_LowBound 1250 total_size = avio_size(oc -> pb); total_size = avio_tell(oc -> pb); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); 0 --------------------------------- 20352 153724/ffmpeg.c Buffer_Overflow_LowBound 2334 char error[1024]; ost -> st -> disposition = ist -> st -> disposition; ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); if (!strcmp(ost -> enc -> name,"libx264")) { if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); av_buffersink_set_frame_size(ost -> filter -> filter,(ost -> st -> codec -> frame_size)); if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); 0 --------------------------------- 20353 153724/ffmpeg.c Buffer_Overflow_LowBound 2386 static InputStream *get_input_stream(OutputStream *ost) pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; char error[1024]; ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; if (!oc -> oformat -> codec_tag || (av_codec_get_id(oc -> oformat -> codec_tag,icodec -> codec_tag)) == (codec -> codec_id) || !av_codec_get_tag2(oc -> oformat -> codec_tag,icodec -> codec_id,&codec_tag)) { if (!strcmp(oc -> oformat -> name,"avi")) { if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { if (!(oc -> oformat -> flags & 0002000) && strcmp(oc -> oformat -> name,"mov") && strcmp(oc -> oformat -> name,"mp4") && strcmp(oc -> oformat -> name,"3gp") && strcmp(oc -> oformat -> name,"3g2") && strcmp(oc -> oformat -> name,"psp") && strcmp(oc -> oformat -> name,"ipod") && strcmp(oc -> oformat -> name,"f4v")) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (!strcmp(ost -> enc -> name,"libx264")) { ost = output_streams[i]; AVCodecContext *dec = ((void *)0); if (ist = get_input_stream(ost)) { ost -> st -> codec -> subtitle_header = (av_mallocz((dec -> subtitle_header_size + 1))); memcpy((ost -> st -> codec -> subtitle_header),(dec -> subtitle_header),(dec -> subtitle_header_size)); ost -> st -> codec -> subtitle_header_size = dec -> subtitle_header_size; if ((ret = avcodec_open2(ost -> st -> codec,codec,&ost -> opts)) < 0) { if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); av_buffersink_set_frame_size(ost -> filter -> filter,(ost -> st -> codec -> frame_size)); av_opt_set_dict((ost -> st -> codec),&ost -> opts); if (ist = get_input_stream(ost)) { for (i = 0; i < nb_output_files; i++) { oc = output_files[i] -> ctx; oc -> interrupt_callback = int_cb; if ((ret = avformat_write_header(oc,&output_files[i] -> opts)) < 0) { char errbuf[128]; const char *errbuf_ptr = errbuf; if (av_strerror(ret,errbuf,sizeof(errbuf)) < 0) { errbuf_ptr = (strerror(-ret)); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); if (strcmp(oc -> oformat -> name,"rtp")) { if ((ret = avformat_write_header(oc,&output_files[i] -> opts)) < 0) { if (av_strerror(ret,errbuf,sizeof(errbuf)) < 0) { errbuf_ptr = (strerror(-ret)); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) ost = output_streams[i]; ist = get_input_stream(ost); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (ist = get_input_stream(ost)) { static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (ist = get_input_stream(ost)) { 0 --------------------------------- 20354 153724/ffmpeg.c Buffer_Overflow_LowBound 2282 return ((void *)0); int n = 1; int64_t *pts; size = n; pts = (av_malloc(sizeof(( *pts)) * size)); char *next = strchr(p,','); *(next++) = 0; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { AVChapter *c = avf -> chapters[j]; pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost -> forced_kf_pts = pts; input_streams[j + ifile -> ist_index] -> start = av_gettime(); for (i = 0; i < nb_output_streams; i++) { ost = output_streams[i]; ist = get_input_stream(ost); return input_streams[ost -> source_index]; ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); ost -> encoding_needed = 1; ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); ost -> frame_rate = ist -> framerate; int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); codec -> time_base = av_inv_q(ost -> frame_rate); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); if (!strncmp((ost -> forced_keyframes),"expr:",5)) { parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); char logfilename[1024]; snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) p = kf; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { qsort(pts,size,sizeof(( *pts)),compare_int64); ost -> forced_kf_pts = pts; parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); fg = init_simple_filtergraph(ist,ost); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); 0 --------------------------------- 20355 153724/ffmpeg.c Buffer_Overflow_LowBound 1221 static double psnr(double d) return - 10.0 * log(d) / log(10.0); buf[0] = '\0'; q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); static void close_output_stream(OutputStream *ost) ost -> finished = 1; static int qp_histogram['4']; float q = (- 1); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error_sum += error; scale_sum += scale; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); output_streams[i] -> unavailable = 0; if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); 0 --------------------------------- 20356 153724/ffmpeg.c Buffer_Overflow_LowBound 1264 nb_frames = 1; nb_frames = (lrintf(delta)); nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { close_output_stream(ost); double duration = 0; duration = 1 / (av_q2d(ost -> frame_rate) * av_q2d(enc -> time_base)); sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = 1; nb_frames = 0; nb_frames = (lrintf(delta)); nb_frames = 0; nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { nb_frames_drop++; nb_frames_drop++; nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { if (!ost -> filtered_frame && !(ost -> filtered_frame = avcodec_alloc_frame())) { avcodec_get_frame_defaults(ost -> filtered_frame); filtered_frame = ost -> filtered_frame; avfilter_copy_buf_props(filtered_frame,picref); do_video_out(of -> ctx,ost,filtered_frame); int64_t pts = - 9223372036854775807L - 1; static int qp_histogram['4']; total_size = avio_size(oc -> pb); total_size = avio_tell(oc -> pb); buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); bitrate = (pts && total_size >= 0?(total_size * 8) / (pts / 1000.0) : (- 1)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); av_bprintf(&buf_script,"dup_frames=%d\n",nb_frames_dup); av_bprintf(&buf_script,"drop_frames=%d\n",nb_frames_drop); return reap_filters(); ret = reap_filters(); if ((ret = transcode_from_filter(ost -> filter -> graph,&ist)) < 0) { return reap_filters(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static void do_video_out(AVFormatContext *s,OutputStream *ost,AVFrame *in_picture) sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = (lrintf(delta)); nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; do_video_out(of -> ctx,ost,filtered_frame); return reap_filters(); ret = transcode_step(); print_report(0,timer_start,cur_time); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); 0 --------------------------------- 20357 153724/ffmpeg.c Buffer_Overflow_LowBound 1181 ost -> finished = 1; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); close_output_stream(output_streams[of -> ost_index + j]); output_streams[i] -> unavailable = 0; reset_eagain(); timer_start = av_gettime(); int64_t cur_time = av_gettime(); if (check_keyboard_interaction(cur_time) < 0) { if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); output_streams[i] -> unavailable = 0; if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static int check_keyboard_interaction(int64_t cur_time) print_report(0,timer_start,cur_time); static void print_report(int is_last_report,int64_t timer_start,int64_t cur_time) float t = ((cur_time - timer_start) / 1000000.0); fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static void close_output_stream(OutputStream *ost) if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); 0 --------------------------------- 20358 153385/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20359 153385/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20360 153538/tile-manager.c Buffer_Overflow_Indexes 87 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20361 153559/avpacket.c Buffer_Overflow_Indexes 41 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&agenizing_herschelian,"BURKES_STORZ"); underporter_sufflaminate = stoutish_missample(nonsludging_unridableness); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20362 153559/avpacket.c Buffer_Overflow_Indexes 82 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20363 153559/avpacket.c Buffer_Overflow_Indexes 87 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&agenizing_herschelian,"BURKES_STORZ"); if (agenizing_herschelian != 0) {; nonsludging_unridableness = agenizing_herschelian; underporter_sufflaminate = stoutish_missample(nonsludging_unridableness); byelovo_echo stoutish_missample(byelovo_echo outbringing_azotic) return outbringing_azotic; underporter_sufflaminate = stoutish_missample(nonsludging_unridableness); algal_intercessive = ((char *)underporter_sufflaminate); stonesoup_taint_len = ((int )(strlen(algal_intercessive))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_data->buffer[stonesoup_buff_size] = algal_intercessive[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); if (underporter_sufflaminate != 0) free(((char *)underporter_sufflaminate)); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); 0 --------------------------------- 20364 199317/uninit_memory_access_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==45 || vflag_file == 888) 0 --------------------------------- 20365 153272/color.c Buffer_Overflow_Indexes 165 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20366 153272/color.c Buffer_Overflow_Indexes 167 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20367 153272/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20368 153272/color.c Buffer_Overflow_LowBound 583 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); char stonesoup_buffer[8]; strncpy(stonesoup_buffer,bargainable_gasped,strlen(bargainable_gasped) + 1); void stonesoup_handle_taint(char *malmock_incorrespondent) bargainable_gasped = ((char *)malmock_incorrespondent); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(bargainable_gasped)+1, bargainable_gasped, "TRIGGER-STATE"); strncpy(stonesoup_buffer,bargainable_gasped,strlen(bargainable_gasped) + 1); 1 --------------------------------- 20369 153272/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20370 153272/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20371 153272/color.c Buffer_Overflow_cpycat 336 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 20372 153272/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20373 153272/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20374 153272/color.c Buffer_Overflow_cpycat 357 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 20375 153272/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20376 153272/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20377 153272/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20378 153272/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20379 153272/color.c Buffer_Overflow_cpycat 181 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20380 153272/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20381 153272/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20382 153272/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20383 153272/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20384 153272/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20385 153272/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20386 153272/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20387 153272/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20388 153272/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20389 153272/color.c Buffer_Overflow_cpycat 337 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20390 153272/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20391 153272/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20392 153272/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20393 153353/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20394 153353/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20395 152935/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20396 152935/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20397 153683/tile.c Buffer_Overflow_Indexes 51 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 20398 153683/tile.c Buffer_Overflow_Indexes 267 woodbox_gaiters = getenv("PELECYPODOUS_AUSGLEICHE"); if (woodbox_gaiters != 0) {; perceivability_cabbagehead = ((int )(strlen(woodbox_gaiters))); nonfaltering_sublating = ((char *)(malloc(perceivability_cabbagehead + 1))); if (nonfaltering_sublating == 0) { memset(nonfaltering_sublating,0,perceivability_cabbagehead + 1); memcpy(nonfaltering_sublating,woodbox_gaiters,perceivability_cabbagehead); galactoscope_soaked[ *extrasomatic_subaffluence] = nonfaltering_sublating; subtilely_conoidal = galactoscope_soaked[ *extrasomatic_subaffluence]; signoras_electrophoric(subtilely_conoidal); void signoras_electrophoric(char *leathernecks_cochranea); 0 --------------------------------- 20399 153553/conf_mod.c Buffer_Overflow_Indexes 565 file = getenv("OPENSSL_CONF"); if (file) { return BUF_strdup(file); file = CONF_get1_default_config_file(); if (!file) { if (NCONF_load(conf,file,((void *)0)) <= 0) { CRYPTO_free(file); 0 --------------------------------- 20400 153553/conf_mod.c Buffer_Overflow_Indexes 162 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20401 153553/conf_mod.c Buffer_Overflow_cpycat 655 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); imbeciles_ethylin[1] = 5; mistral_unpasted = *(mewled_bardwell + imbeciles_ethylin[1]); hexafluoride_dispraised = ((char *)((char *)mistral_unpasted)); stonesoup_buffer = malloc((strlen(hexafluoride_dispraised) + 1) * sizeof(char )); strcpy(stonesoup_buffer,hexafluoride_dispraised); void stonesoup_handle_taint(char *robustity_seraphtide) unlogistical_rowdydowdy = ((void *)robustity_seraphtide); mewled_bardwell[5] = unlogistical_rowdydowdy; mistral_unpasted = *(mewled_bardwell + imbeciles_ethylin[1]); hexafluoride_dispraised = ((char *)((char *)mistral_unpasted)); stonesoup_buffer = malloc((strlen(hexafluoride_dispraised) + 1) * sizeof(char )); strcpy(stonesoup_buffer,hexafluoride_dispraised); 1 --------------------------------- 20402 153468/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20403 153468/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20404 153741/color.c Buffer_Overflow_Indexes 165 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20405 153741/color.c Buffer_Overflow_Indexes 167 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20406 153741/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20407 153741/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20408 153741/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20409 153741/color.c Buffer_Overflow_cpycat 336 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 20410 153741/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20411 153741/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20412 153741/color.c Buffer_Overflow_cpycat 357 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 20413 153741/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20414 153741/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20415 153741/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20416 153741/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20417 153741/color.c Buffer_Overflow_cpycat 181 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20418 153741/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20419 153741/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20420 153741/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20421 153741/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20422 153741/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20423 153741/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20424 153741/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20425 153741/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20426 153741/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20427 153741/color.c Buffer_Overflow_cpycat 337 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20428 153741/color.c Buffer_Overflow_cpycat 588 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, copartners_beteela); void stonesoup_handle_taint(char *misnomers_archdukedom) copartners_beteela = ((char *)misnomers_archdukedom); strcpy(stonesoup_heap_buffer_64, copartners_beteela); 1 --------------------------------- 20429 153741/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20430 153741/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20431 153741/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20432 153312/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20433 153312/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20434 153809/img2.c Buffer_Overflow_Indexes 83 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20435 153809/img2.c Buffer_Overflow_Indexes 88 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&substantialized_gripers,"VILITY_MARCHAL"); if (substantialized_gripers != 0) {; indignation_cristina = ((void *)substantialized_gripers); carnegiea_representee(1,indignation_cristina); void carnegiea_representee(int unakites_proglottides,... ) 0 --------------------------------- 20436 153809/img2.c Buffer_Overflow_Indexes 42 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&substantialized_gripers,"VILITY_MARCHAL"); carnegiea_representee(1,indignation_cristina); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20437 153345/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20438 153345/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20439 153805/color.c Buffer_Overflow_Indexes 179 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20440 153805/color.c Buffer_Overflow_Indexes 89 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&possessory_contrectation,"WHOOPLAS_PLUFFY"); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20441 153805/color.c Buffer_Overflow_Indexes 181 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20442 153805/color.c Buffer_Overflow_Indexes 135 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&possessory_contrectation,"WHOOPLAS_PLUFFY"); if (possessory_contrectation != 0) {; methodized_jewishly = ((char *)possessory_contrectation); strcpy(stonesoup_stack_buffer_64,methodized_jewishly); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "CROSSOVER-STATE"); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "FINAL-STATE"); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); if (possessory_contrectation != 0) free(((char *)possessory_contrectation)); int stonesoup_toupper(int c) { if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "FINAL-STATE"); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 20443 153805/color.c Buffer_Overflow_Indexes 130 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20444 153805/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20445 153805/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20446 153805/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20447 153805/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20448 153805/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20449 153805/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20450 153805/color.c Buffer_Overflow_cpycat 195 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20451 153805/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20452 153805/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20453 153805/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20454 153805/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20455 153805/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20456 153805/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20457 153805/color.c Buffer_Overflow_cpycat 371 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 20458 153805/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20459 153805/color.c Buffer_Overflow_cpycat 351 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20460 153805/color.c Buffer_Overflow_cpycat 578 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char stonesoup_stack_buffer_64[64]; char *possessory_contrectation; stonesoup_read_taint(&possessory_contrectation,"WHOOPLAS_PLUFFY"); methodized_jewishly = ((char *)possessory_contrectation); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,methodized_jewishly); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&possessory_contrectation,"WHOOPLAS_PLUFFY"); methodized_jewishly = ((char *)possessory_contrectation); strcpy(stonesoup_stack_buffer_64,methodized_jewishly); 1 --------------------------------- 20461 153805/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20462 153805/color.c Buffer_Overflow_cpycat 350 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 20463 153805/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20464 153805/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20465 153805/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20466 153805/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20467 153805/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20468 153805/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20469 839/basic-00182-large.c Buffer_Overflow_fgets 61 char buf[10]; f = fopen("TestInputFile1", "r"); assert(f != NULL); fgets(buf, 4106, f); 1 --------------------------------- 20470 152873/portalmem.c Buffer_Overflow_scanf 148 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&outsmoke_chromoplasm,"2870",unabsorbed_zygobranchiata); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20471 152873/portalmem.c Buffer_Overflow_Indexes 100 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&outsmoke_chromoplasm,"2870",unabsorbed_zygobranchiata); PortalReleaseCachedPlan(portal); PortalDrop(portal,((bool )0)); stonesoup_setup_printf_context(); stonesoup_read_taint(&outsmoke_chromoplasm,"2870",unabsorbed_zygobranchiata); easement_badmash(swimsuits_overempirically,colfin_correal); easement_badmash(aroynted_schnitzel,bletting_malleating); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20472 152873/portalmem.c Buffer_Overflow_Indexes 146 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20473 153080/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20474 153080/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20475 153468/utils.c Buffer_Overflow_scanf 115 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&babbled_stdm,"3798",underwrote_noselite); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20476 153468/utils.c Buffer_Overflow_Indexes 67 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&babbled_stdm,"3798",underwrote_noselite); ret = ff_read_packet(ic,pkt); stonesoup_setup_printf_context(); stonesoup_read_taint(&babbled_stdm,"3798",underwrote_noselite); dyophysitism_octoid(quisqualis_alcapton); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20477 153468/utils.c Buffer_Overflow_Indexes 113 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20478 153468/utils.c Buffer_Overflow_LowBound 3956 return av_guess_format("image2",((void *)0),((void *)0)); if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if (!av_filename_number_test(filename)) { char buf1[20]; while(av_isdigit(( *p))){ c = *(p++); nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); memcpy(q,buf1,len); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); int avformat_open_input(AVFormatContext **ps,const char *filename,AVInputFormat *fmt,AVDictionary **options) if ((ret = init_input(s,filename,&tmp)) < 0) { static int init_input(AVFormatContext *s,const char *filename,AVDictionary **options) return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { if (!av_filename_number_test(filename)) { int av_filename_number_test(const char *filename) return filename && av_get_frame_filename(buf,(sizeof(buf)),filename,1) >= 0; int av_get_frame_filename(char *buf,int buf_size,const char *path,int number) p = path; c = *(p++); nd = 0; nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); int av_probe_input_buffer(AVIOContext *pb,AVInputFormat **fmt,const char *filename,void *logctx,unsigned int offset,unsigned int max_probe_size) if (!av_filename_number_test(filename)) { AVOutputFormat *av_guess_format(const char *short_name,const char *filename,const char *mime_type) if (!short_name && filename && av_filename_number_test(filename) && (ff_guess_image2_codec(filename)) != AV_CODEC_ID_NONE) { 0 --------------------------------- 20479 153468/utils.c Buffer_Overflow_LowBound 4398 int ff_url_join(char *str,int size,const char *proto,const char *authorization,const char *hostname,int port,const char *fmt,... ) str[0] = '\0'; av_strlcatf(str,size,"%s: av_strlcatf(str,size,"%s@",authorization); av_strlcat(str,"[",size); av_strlcat(str,hostname,size); av_strlcat(str,"]",size); av_strlcat(str,hostname,size); av_strlcat(str,hostname,size); av_strlcatf(str,size,":%d",port); va_list vl; int len = (strlen(str)); __builtin_va_start(vl,fmt); vsnprintf(str + len,(size > len?size - len : 0),fmt,vl); 0 --------------------------------- 20480 153282/file_wrappers.c Buffer_Overflow_Indexes 857 loll_unwwove = getenv("COSMOSES_CLOTHESHORSES"); if (loll_unwwove != 0) {; resolve_porpoises = loll_unwwove; limnimetric_admissive = &resolve_porpoises; uncensuring_noughty(telekineses_dictynid,limnimetric_admissive); void uncensuring_noughty(int moonraker_anural,cystoflagellate_nondogmatical *recursive_pomate) uncensuring_noughty(moonraker_anural,recursive_pomate); dioxide_strengthy = ((char *)( *recursive_pomate)); stonesoup_buff_size = ((int )(strlen(dioxide_strengthy))); memcpy(stonesoup_data.buffer, dioxide_strengthy, 64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); memcpy(stonesoup_data.buffer, dioxide_strengthy, 64); for (; stonesoup_i < stonesoup_buff_size; ++stonesoup_i){ tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); void uncensuring_noughty(int moonraker_anural,cystoflagellate_nondogmatical *recursive_pomate) dioxide_strengthy = ((char *)( *recursive_pomate)); stonesoup_buff_size = ((int )(strlen(dioxide_strengthy))); memcpy(stonesoup_data.buffer, dioxide_strengthy, 64); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 20481 153282/file_wrappers.c Buffer_Overflow_Indexes 98 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); uncensuring_noughty(telekineses_dictynid,limnimetric_admissive); uncensuring_noughty(moonraker_anural,recursive_pomate); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20482 153398/timestamp.c Buffer_Overflow_Indexes 50 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); weltanschauung_tenuously(redon_serpentcleide,ravenelia_arsenites); weltanschauung_tenuously(hagiarchy_lovash,wisewoman_preappearances); stonesoup_printf("string is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("string is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20483 153398/timestamp.c Buffer_Overflow_Indexes 137 morigerous_carabus = getenv("JOEY_PREROGATIVED"); if (morigerous_carabus != 0) {; enounced_unsainted = &morigerous_carabus; ravenelia_arsenites = enounced_unsainted + 5; weltanschauung_tenuously(redon_serpentcleide,ravenelia_arsenites); void weltanschauung_tenuously(int hagiarchy_lovash,char **wisewoman_preappearances) weltanschauung_tenuously(hagiarchy_lovash,wisewoman_preappearances); retaining_halakah = ((char *)( *(wisewoman_preappearances - 5))); if (strlen(retaining_halakah) < 1) { stonesoup_set_function(retaining_halakah, &stonesoup_my_foo); void stonesoup_set_function(char *set_param_str,struct stonesoup_data_struct *set_param_data_struct) if (strlen(set_param_str) > 10U) { set_param_data_struct -> str_member = set_param_str; if (strlen(set_param_str) < 10U) { stonesoup_set_function(retaining_halakah, &stonesoup_my_foo); stonesoup_val = (stonesoup_my_foo . func_member(stonesoup_my_foo . str_member)); if (stonesoup_val == 0) 1 --------------------------------- 20484 153706/cmdline.c Buffer_Overflow_Indexes 201 env_val = (getenv( *env_var)); if (env_val && env_val[0]) { fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); 0 --------------------------------- 20485 153706/cmdline.c Buffer_Overflow_Indexes 820 e = (getenv("SVN_EDITOR")); if (!e) { svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); if (!e) { if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 20486 153706/cmdline.c Buffer_Overflow_Indexes 832 e = (getenv("EDITOR")); if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 20487 153706/cmdline.c Buffer_Overflow_Indexes 117 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20488 153706/cmdline.c Buffer_Overflow_Indexes 829 e = (getenv("VISUAL")); if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 20489 153706/cmdline.c Buffer_Overflow_LowBound 1178 void gait_unmetaphysical(choriambize_distingue **********fatcake_hemifacial) forrard_skeltonic = ((char *)( *( *( *( *( *( *( *( *( *( *fatcake_hemifacial))))))))))); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(forrard_skeltonic)+1, forrard_skeltonic, "TRIGGER-STATE"); strncpy(stonesoup_data, forrard_skeltonic, strlen(forrard_skeltonic) + 1); 1 --------------------------------- 20490 153706/cmdline.c Buffer_Overflow_LowBound 226 int svn_cmdline_init(const char *progname,FILE *error_stream) char prefix_buf[64]; fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); 0 --------------------------------- 20491 153706/cmdline.c Buffer_Overflow_cpycat 228 prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); 0 --------------------------------- 20492 153123/tile-swap.c Buffer_Overflow_Indexes 129 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20493 153123/tile-swap.c Buffer_Overflow_Indexes 606 monosiphonic_remits = getenv("EMPORIA_UNWANTED"); if (monosiphonic_remits != 0) {; adventured_wolffian . witneys_nolan = ((char *)monosiphonic_remits); *underwhistle_bywalking = adventured_wolffian; 0 --------------------------------- 20494 153112/utils.c Buffer_Overflow_Indexes 103 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20495 153112/utils.c Buffer_Overflow_LowBound 4418 int ff_url_join(char *str,int size,const char *proto,const char *authorization,const char *hostname,int port,const char *fmt,... ) str[0] = '\0'; av_strlcatf(str,size,"%s: av_strlcatf(str,size,"%s@",authorization); av_strlcat(str,"[",size); av_strlcat(str,hostname,size); av_strlcat(str,"]",size); av_strlcat(str,hostname,size); av_strlcat(str,hostname,size); av_strlcatf(str,size,":%d",port); va_list vl; int len = (strlen(str)); __builtin_va_start(vl,fmt); vsnprintf(str + len,(size > len?size - len : 0),fmt,vl); 0 --------------------------------- 20496 153112/utils.c Buffer_Overflow_LowBound 5276 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 20497 153112/utils.c Buffer_Overflow_LowBound 3976 return av_guess_format("image2",((void *)0),((void *)0)); return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); memcpy(q,buf1,len); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); int avformat_open_input(AVFormatContext **ps,const char *filename,AVInputFormat *fmt,AVDictionary **options) if ((ret = init_input(s,filename,&tmp)) < 0) { static int init_input(AVFormatContext *s,const char *filename,AVDictionary **options) if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { if (!av_filename_number_test(filename)) { int av_filename_number_test(const char *filename) return filename && av_get_frame_filename(buf,(sizeof(buf)),filename,1) >= 0; int av_get_frame_filename(char *buf,int buf_size,const char *path,int number) char buf1[20]; p = path; c = *(p++); nd = 0; while(av_isdigit(( *p))){ nd = nd * '\n' + ( *(p++)) - 48; c = *(p++); nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); AVOutputFormat *av_guess_format(const char *short_name,const char *filename,const char *mime_type) if (!short_name && filename && av_filename_number_test(filename) && (ff_guess_image2_codec(filename)) != AV_CODEC_ID_NONE) { int av_probe_input_buffer(AVIOContext *pb,AVInputFormat **fmt,const char *filename,void *logctx,unsigned int offset,unsigned int max_probe_size) if (!av_filename_number_test(filename)) { 0 --------------------------------- 20498 153112/utils.c Buffer_Overflow_LowBound 5267 void nonloyalty_osirification(void *magnelectric_hynes) gunrunning_blench(magnelectric_hynes); void gunrunning_blench(void *viruslike_mackinac) char stonesoup_source[1024]; predescend_conicality = ((char *)((char *)((void *)viruslike_mackinac))); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,predescend_conicality,sizeof(stonesoup_source)); 0 --------------------------------- 20499 153430/string.c Buffer_Overflow_scanf 104 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&corruptive_eequinoctium,"7626",decompound_pansified); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20500 153430/string.c Buffer_Overflow_Indexes 102 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20501 153430/string.c Buffer_Overflow_Indexes 56 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&corruptive_eequinoctium,"7626",decompound_pansified); stonesoup_data.buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20502 153430/string.c Buffer_Overflow_LowBound 598 void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { *stonesoup_tainted_buff = NULL; if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; int decompound_pansified = 53; char *corruptive_eequinoctium; stonesoup_read_taint(&corruptive_eequinoctium,"7626",decompound_pansified); crostarie_cystoptosis = ((int )(strlen(corruptive_eequinoctium))); greetings_cryophile = ((char *)(malloc(crostarie_cystoptosis + 1))); memset(greetings_cryophile,0,crostarie_cystoptosis + 1); memcpy(greetings_cryophile,corruptive_eequinoctium,crostarie_cystoptosis); stokavski_nonrecognized = &greetings_cryophile; zebulun_stichidium = stokavski_nonrecognized + 5; reshaken_scala = ((char *)( *(zebulun_stichidium - 5))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(reshaken_scala)+1, reshaken_scala, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, reshaken_scala, strlen(reshaken_scala) + 1); 1 --------------------------------- 20503 199235/buffer_underrun_dynamic.c Buffer_Overflow_LowBound 652 char* srcbuf="Test Code"; char* destbuf=(char*) malloc(10*sizeof(char)); strncpy(&destbuf[loc],&srcbuf[loc],1); 1 --------------------------------- 20504 153238/color.c Buffer_Overflow_Indexes 154 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20505 153238/color.c Buffer_Overflow_Indexes 543 nonregression_isodimorphic = getenv("SAVOR_FEI"); if (nonregression_isodimorphic != 0) {; viper_ganda = ((char *)nonregression_isodimorphic); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(viper_ganda)+1, viper_ganda, "TRIGGER-STATE"); strncpy(stonesoup_buffer,viper_ganda,strlen(viper_ganda) + 1); 0 --------------------------------- 20506 153238/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20507 153238/color.c Buffer_Overflow_Indexes 156 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20508 153238/color.c Buffer_Overflow_LowBound 552 char stonesoup_buffer[8]; nonregression_isodimorphic = getenv("SAVOR_FEI"); viper_ganda = ((char *)nonregression_isodimorphic); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(viper_ganda)+1, viper_ganda, "TRIGGER-STATE"); strncpy(stonesoup_buffer,viper_ganda,strlen(viper_ganda) + 1); 1 --------------------------------- 20509 153238/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20510 153238/color.c Buffer_Overflow_cpycat 170 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20511 153238/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20512 153238/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20513 153238/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20514 153238/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20515 153238/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20516 153238/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20517 153238/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20518 153238/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20519 153238/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20520 153238/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20521 153238/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20522 153238/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20523 153238/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20524 153238/color.c Buffer_Overflow_cpycat 346 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 20525 153238/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20526 153238/color.c Buffer_Overflow_cpycat 325 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 20527 153238/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20528 153238/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20529 153238/color.c Buffer_Overflow_cpycat 192 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20530 153238/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20531 153238/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20532 153238/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20533 199289/null_pointer.c Buffer_Overflow_cpycat 238 null_pointer_015_gbl_ptr=NULL; char *str = "This is a string"; null_pointer_015_func_001(strlen(str)); strcpy(null_pointer_015_gbl_ptr,str); void null_pointer_015_func_001 (int len) null_pointer_015_gbl_ptr= malloc(sizeof(char) * (len+1)); null_pointer_015_func_001(strlen(str)); strcpy(null_pointer_015_gbl_ptr,str); 1 --------------------------------- 20534 153631/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20535 153631/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20536 153589/bio_err.c Buffer_Overflow_scanf 144 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&muralists_parodyproof,"8207",mentorship_ghauts); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20537 153589/bio_err.c Buffer_Overflow_Indexes 142 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20538 153589/bio_err.c Buffer_Overflow_Indexes 96 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20539 153589/bio_err.c Buffer_Overflow_LowBound 566 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, professing_lucent, stonesoup_buffer_len); 0 --------------------------------- 20540 153589/bio_err.c Buffer_Overflow_LowBound 591 professing_lucent = ((char *)( *(statesmanese_outburnt - 5)) . oxidises_peachblossom); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, professing_lucent, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, professing_lucent, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, professing_lucent, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, professing_lucent, stonesoup_buffer_len); 1 --------------------------------- 20541 153126/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&coulterneb_ier,"5444",chairmen_doudle); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20542 153126/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&coulterneb_ier,"5444",chairmen_doudle); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20543 153126/color.c Buffer_Overflow_Indexes 176 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20544 153126/color.c Buffer_Overflow_Indexes 174 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20545 153126/color.c Buffer_Overflow_Indexes 138 strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || 0 --------------------------------- 20546 153126/color.c Buffer_Overflow_cpycat 233 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20547 153126/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20548 153126/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20549 153126/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20550 153126/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20551 153126/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20552 153126/color.c Buffer_Overflow_cpycat 366 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 20553 153126/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20554 153126/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20555 153126/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20556 153126/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20557 153126/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20558 153126/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20559 153126/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20560 153126/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20561 153126/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20562 153126/color.c Buffer_Overflow_cpycat 190 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20563 153126/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20564 153126/color.c Buffer_Overflow_cpycat 345 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 20565 153126/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20566 153126/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20567 153126/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20568 153126/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20569 153126/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20570 153729/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&trullisatios_cornier,"7240",villagers_ehrwaldite); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20571 153729/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&trullisatios_cornier,"7240",villagers_ehrwaldite); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20572 153729/color.c Buffer_Overflow_Indexes 188 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20573 153729/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20574 153729/color.c Buffer_Overflow_Indexes 186 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20575 153729/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20576 153729/color.c Buffer_Overflow_cpycat 378 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 20577 153729/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20578 153729/color.c Buffer_Overflow_cpycat 358 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20579 153729/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20580 153729/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20581 153729/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20582 153729/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20583 153729/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20584 153729/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20585 153729/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20586 153729/color.c Buffer_Overflow_cpycat 357 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 20587 153729/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20588 153729/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20589 153729/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20590 153729/color.c Buffer_Overflow_cpycat 350 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20591 153729/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20592 153729/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20593 153729/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20594 153729/color.c Buffer_Overflow_cpycat 202 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20595 153729/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20596 153729/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20597 153729/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20598 153729/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20599 152985/dynahash.c Buffer_Overflow_Indexes 277 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20600 152985/dynahash.c Buffer_Overflow_cpycat 367 HTAB *hash_create(const char *tabname,long nelem,HASHCTL *info,int flags) CurrentDynaHashCxt = AllocSetContextCreate(CurrentDynaHashCxt,tabname,0,(8 * 1024),(8 * 1024 * 1024)); hashp = ((HTAB *)(DynaHashAlloc(sizeof(HTAB ) + strlen(tabname) + 1))); hashp -> tabname = ((char *)(hashp + 1)); strcpy(hashp -> tabname,tabname); 0 --------------------------------- 20601 153562/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20602 153562/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20603 153143/utf.c Buffer_Overflow_Indexes 134 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20604 153823/string.c Buffer_Overflow_Indexes 532 solstitia_bodgie = getenv("EMPEXA_SWARTZITE"); if (solstitia_bodgie != 0) {; refilm_soothsayer = ((void *)solstitia_bodgie); amortises_scillonian(refilm_soothsayer); void amortises_scillonian(void *const assagaiing_noncontumacious); 0 --------------------------------- 20605 153823/string.c Buffer_Overflow_Indexes 54 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20606 152955/timestamp.c Buffer_Overflow_scanf 113 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&sorefoot_rollin,"2380",unwealsomeness_leechwort); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20607 152955/timestamp.c Buffer_Overflow_Indexes 65 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&sorefoot_rollin,"2380",unwealsomeness_leechwort); unindigenous_hispaniola(1,hydropterideae_antiroyal); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20608 152955/timestamp.c Buffer_Overflow_Indexes 111 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20609 152955/timestamp.c Buffer_Overflow_LowBound 205 union confectioneries_oromo omnipotently_ugroid = {0}; va_list crispation_nontidal; __builtin_va_start(crispation_nontidal,overlard_macroergate); omnipotently_ugroid = (va_arg(crispation_nontidal,union confectioneries_oromo )); archai_turbith = ((char *)omnipotently_ugroid . unmetallic_camelot); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(archai_turbith))); strncpy(stonesoup_heap_buff_64, archai_turbith, 64); 0 --------------------------------- 20610 153037/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20611 153037/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20612 153037/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&endor_tutt,"FIVELING_TRAGICOMIC"); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20613 153037/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20614 153037/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&endor_tutt,"FIVELING_TRAGICOMIC"); if (endor_tutt != 0) {; educand_epichil = ((char *)endor_tutt); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(educand_epichil)+1, educand_epichil, "TRIGGER-STATE"); strncpy(stonesoup_data, educand_epichil, strlen(educand_epichil) + 1); if (endor_tutt != 0) free(((char *)endor_tutt)); 0 --------------------------------- 20615 153037/color.c Buffer_Overflow_LowBound 581 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *endor_tutt; stonesoup_read_taint(&endor_tutt,"FIVELING_TRAGICOMIC"); educand_epichil = ((char *)endor_tutt); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(educand_epichil)+1, educand_epichil, "TRIGGER-STATE"); strncpy(stonesoup_data, educand_epichil, strlen(educand_epichil) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&endor_tutt,"FIVELING_TRAGICOMIC"); educand_epichil = ((char *)endor_tutt); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(educand_epichil)+1, educand_epichil, "TRIGGER-STATE"); strncpy(stonesoup_data, educand_epichil, strlen(educand_epichil) + 1); 1 --------------------------------- 20616 153037/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20617 153037/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20618 153037/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 20619 153037/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20620 153037/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20621 153037/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20622 153037/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20623 153037/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20624 153037/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20625 153037/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20626 153037/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20627 153037/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20628 153037/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20629 153037/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20630 153037/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20631 153037/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20632 153037/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20633 153037/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20634 153037/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 20635 153037/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20636 153037/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20637 153037/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20638 153037/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20639 153037/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20640 153284/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20641 153284/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20642 153635/string.c Buffer_Overflow_Indexes 93 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20643 153635/string.c Buffer_Overflow_LowBound 1129 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, consideringly_zing, stonesoup_buffer_len); 0 --------------------------------- 20644 153635/string.c Buffer_Overflow_LowBound 1154 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); bioplasmic_devisable[1] = 5; toleware_pseudo = *(orlops_musha + bioplasmic_devisable[1]); consideringly_zing = ((char *)toleware_pseudo[3]); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, consideringly_zing, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, consideringly_zing, stonesoup_buffer_len); void stonesoup_handle_taint(char *continuousness_attaches) tetralogue_compositae[3] = continuousness_attaches; orlops_musha[5] = tetralogue_compositae; toleware_pseudo = *(orlops_musha + bioplasmic_devisable[1]); consideringly_zing = ((char *)toleware_pseudo[3]); strncpy(stonesoup_buffer, consideringly_zing, stonesoup_buffer_len); strncpy(stonesoup_buffer, consideringly_zing, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, consideringly_zing, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, consideringly_zing, stonesoup_buffer_len); 1 --------------------------------- 20645 153383/config.c Buffer_Overflow_Indexes 124 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&austral_dubitably,"LTV_VALETUDINARIANS"); if (austral_dubitably != 0) {; hoodlumize_dustrag[30] = austral_dubitably; sophta_cognovits = &hoodlumize_dustrag; purgation_nymil = &sophta_cognovits; timetable_underleased = ((char *)( *( *purgation_nymil))[30]); if (( *( *purgation_nymil))[30] != 0) free(((char *)( *( *purgation_nymil))[30])); 0 --------------------------------- 20646 153383/config.c Buffer_Overflow_Indexes 119 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20647 153383/config.c Buffer_Overflow_Indexes 78 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&austral_dubitably,"LTV_VALETUDINARIANS"); stonesoup_printf("string is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("string is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20648 153517/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20649 153517/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20650 153093/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20651 153093/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20652 153567/pmsignal.c Buffer_Overflow_Indexes 89 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20653 153567/pmsignal.c Buffer_Overflow_Indexes 130 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20654 153567/pmsignal.c Buffer_Overflow_Indexes 135 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hapteron_raadzaal,"REICHSTAG_WHICKERING"); if (hapteron_raadzaal != 0) {; motorism_killen = hapteron_raadzaal; yarmelkes_esps = &motorism_killen; recommitting_pediadontic(yarmelkes_esps); 0 --------------------------------- 20655 149239/use_after_free_@buffer-bad.c Buffer_Overflow_cpycat 23 char *str[1] = {(char *)NULL}; if ((*str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(*str, "Falut!"); 0 --------------------------------- 20656 199275/invalid_memory_access_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==24 || vflag_file == 888) 0 --------------------------------- 20657 149223/use_after_free_container-bad.c Buffer_Overflow_cpycat 32 if ((container.foo.b = (char *)malloc(256*sizeof(char))) != NULL) strcpy(container.foo.b, "Falut!"); 0 --------------------------------- 20658 153048/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20659 153048/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20660 153324/aviobuf.c Buffer_Overflow_Indexes 990 gloriousness_arsino = getenv("CUTLING_DISSUASIONS"); if (gloriousness_arsino != 0) {; fool_broadcasted[40] = gloriousness_arsino; nondeistical_palmcoast = livebearer_pochay(fool_broadcasted); char **livebearer_pochay(char **disvaluing_dampcourse); 0 --------------------------------- 20661 153324/aviobuf.c Buffer_Overflow_Indexes 53 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20662 153324/aviobuf.c Buffer_Overflow_LowBound 1233 void plaidman_antielectron(int unaffectioned_francophobe,char **palpator_spadebone) stowp_catchments = ((char *)palpator_spadebone[40]); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(stowp_catchments)+1, stowp_catchments, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, stowp_catchments, strlen(stowp_catchments) + 1); 1 --------------------------------- 20663 153324/aviobuf.c Buffer_Overflow_LowBound 1039 int avio_printf(AVIOContext *s,const char *fmt,... ) va_list ap; char buf[4096]; __builtin_va_start(ap,fmt); ret = vsnprintf(buf,sizeof(buf),fmt,ap); 0 --------------------------------- 20664 152937/mutex.c Buffer_Overflow_Indexes 37 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(pentelic_abyssolith)); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(pentelic_abyssolith)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20665 152937/mutex.c Buffer_Overflow_Indexes 130 waistcoated_piassavas = getenv("CROSLEY_MASTODYNIA"); if (waistcoated_piassavas != 0) {; frails_unflappably = &waistcoated_piassavas; pisciculturally_academie = frails_unflappably + 5; pentelic_abyssolith = ((char *)( *(pisciculturally_academie - 5))); stonesoup_other_buff[7] = pentelic_abyssolith; stonesoup_buff_size = ((int )(strlen(pentelic_abyssolith))); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_other_buff", stonesoup_other_buff, "INITIAL-STATE"); for (; stonesoup_buff_size >= 0; (--stonesoup_my_buff_size , --stonesoup_buff_size)) { stonesoup_stack_buff_64[stonesoup_my_buff_size] = pentelic_abyssolith[stonesoup_buff_size]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buff_64", stonesoup_stack_buff_64, "CROSSOVER-STATE"); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(pentelic_abyssolith)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buff_64", stonesoup_stack_buff_64, "FINAL-STATE"); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); 1 --------------------------------- 20666 153667/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20667 153667/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20668 153783/string.c Buffer_Overflow_Indexes 95 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20669 153783/string.c Buffer_Overflow_Indexes 100 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&anticivism_buggery,"IERNA_KOHN"); if (anticivism_buggery != 0) {; brillouin_keefs(olav_dumbfounded,anticivism_buggery); void brillouin_keefs(int tysonite_meninting,char *parished_oira) brillouin_keefs(tysonite_meninting,parished_oira); mentalis_thiefmaking = ((char *)parished_oira); tracepoint(stonesoup_trace, variable_buffer, "STONESOUP_TAINT_SOURCE", mentalis_thiefmaking, "INITIAL-STATE"); for (stonesoup_i = 0; stonesoup_i < strlen(mentalis_thiefmaking); ++stonesoup_i) { mentalis_thiefmaking[stonesoup_i], stonesoup_data.buffer[(int) mentalis_thiefmaking[stonesoup_i]]); tracepoint(stonesoup_trace, variable_signed_integral, "((int) STONESOUP_TAINT_SOURCE[stonesoup_i])", ((int) mentalis_thiefmaking[stonesoup_i]), &(mentalis_thiefmaking[stonesoup_i]), "TRIGGER-STATE"); if (parished_oira != 0) free(((char *)parished_oira)); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 20670 153783/string.c Buffer_Overflow_Indexes 1126 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 20671 153783/string.c Buffer_Overflow_Indexes 54 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&anticivism_buggery,"IERNA_KOHN"); svn_stringbuf_ensure(str,total_len); membuf_ensure(&mem,&str -> blocksize,minimum_size,str -> pool); svn_stringbuf_ensure(str,total_len); svn_stringbuf_appendbytes(new_str,string,strlen(string)); svn_stringbuf_appendbytes(new_str,separator,sep_len); stonesoup_setup_printf_context(); stonesoup_read_taint(&anticivism_buggery,"IERNA_KOHN"); brillouin_keefs(olav_dumbfounded,anticivism_buggery); brillouin_keefs(tysonite_meninting,parished_oira); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20672 152866/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20673 152866/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20674 153069/tile.c Buffer_Overflow_Indexes 88 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20675 153440/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20676 153440/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20677 153440/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&commutating_persicaria,"REVOCATION_CONSUMPTIBLE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20678 153440/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20679 153440/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&commutating_persicaria,"REVOCATION_CONSUMPTIBLE"); if (commutating_persicaria != 0) {; danyelle_dulcetly = ((char *)commutating_persicaria); stonesoup_taint_len = ((int )(strlen(danyelle_dulcetly))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_heap_buff_64[stonesoup_buff_size] = danyelle_dulcetly[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "FINAL-STATE"); if (commutating_persicaria != 0) free(((char *)commutating_persicaria)); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); 1 --------------------------------- 20680 153440/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20681 153440/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20682 153440/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 20683 153440/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20684 153440/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20685 153440/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20686 153440/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20687 153440/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20688 153440/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20689 153440/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20690 153440/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20691 153440/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20692 153440/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20693 153440/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20694 153440/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20695 153440/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20696 153440/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20697 153440/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20698 153440/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 20699 153440/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20700 153440/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20701 153440/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20702 153440/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20703 153440/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20704 153786/dynahash.c Buffer_Overflow_Indexes 238 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20705 153786/dynahash.c Buffer_Overflow_LowBound 1536 void manganocalcite_polysorbate(char *lamaite_elaeagnaceous) cystonephrosis_inferrer(lamaite_elaeagnaceous); void cystonephrosis_inferrer(char *milkshop_ulcerative) ocelliferous_tansies = ((char *)milkshop_ulcerative); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(ocelliferous_tansies)+1, ocelliferous_tansies, "TRIGGER-STATE"); strncpy(stonesoup_data, ocelliferous_tansies, strlen(ocelliferous_tansies) + 1); 1 --------------------------------- 20706 153786/dynahash.c Buffer_Overflow_cpycat 365 HTAB *hash_create(const char *tabname,long nelem,HASHCTL *info,int flags) CurrentDynaHashCxt = AllocSetContextCreate(CurrentDynaHashCxt,tabname,0,(8 * 1024),(8 * 1024 * 1024)); hashp = ((HTAB *)(DynaHashAlloc(sizeof(HTAB ) + strlen(tabname) + 1))); hashp -> tabname = ((char *)(hashp + 1)); strcpy(hashp -> tabname,tabname); 0 --------------------------------- 20707 153600/tile.c Buffer_Overflow_Indexes 60 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20708 153600/tile.c Buffer_Overflow_Indexes 101 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20709 153600/tile.c Buffer_Overflow_Indexes 106 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&unparcelled_mentholatum,"MOUSIEST_SARCOCYSTIDEAN"); if (unparcelled_mentholatum != 0) {; nephalistic_dewflower . neurophil_subchapters = ((char *)unparcelled_mentholatum); hosta_hematoscope(nephalistic_dewflower); void hosta_hematoscope(struct unreproachfully_moonraker unroyally_troparion); 0 --------------------------------- 20710 153600/tile.c Buffer_Overflow_cpycat 389 sweven_nitwitted = ((char *)vidkids_tummuler . neurophil_subchapters); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, sweven_nitwitted); 1 --------------------------------- 20711 152963/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20712 152963/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20713 153771/main_filter_toolbar.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&ensnares_claman,"5024",skyborne_mattoir); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20714 153771/main_filter_toolbar.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&ensnares_claman,"5024",skyborne_mattoir); trundler_daedalid(keggmiengg_frankforter); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20715 153771/main_filter_toolbar.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20716 153771/main_filter_toolbar.c Buffer_Overflow_LowBound 466 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int skyborne_mattoir = 91; char *ensnares_claman; stonesoup_read_taint(&ensnares_claman,"5024",skyborne_mattoir); keggmiengg_frankforter . centaurus_unprismatical = ((char *)ensnares_claman); trundler_daedalid(keggmiengg_frankforter); char stonesoup_source[1024]; memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, semioptimistic_rattery, sizeof(stonesoup_source)); void trundler_daedalid(const struct stentors_friskers tubercularness_khrushchev) semioptimistic_rattery = ((char *)((struct stentors_friskers )tubercularness_khrushchev) . centaurus_unprismatical); strncpy(stonesoup_source, semioptimistic_rattery, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&ensnares_claman,"5024",skyborne_mattoir); keggmiengg_frankforter . centaurus_unprismatical = ((char *)ensnares_claman); trundler_daedalid(keggmiengg_frankforter); 0 --------------------------------- 20717 153771/main_filter_toolbar.c Buffer_Overflow_LowBound 475 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 20718 153562/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&archbishopry_struthiform,"8359",marcello_biglot); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20719 153562/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&archbishopry_struthiform,"8359",marcello_biglot); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); s stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20720 153562/color.c Buffer_Overflow_Indexes 570 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 0 --------------------------------- 20721 153562/color.c Buffer_Overflow_Indexes 174 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20722 153562/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20723 153562/color.c Buffer_Overflow_Indexes 176 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20724 153562/color.c Buffer_Overflow_cpycat 233 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20725 153562/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20726 153562/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20727 153562/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20728 153562/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20729 153562/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20730 153562/color.c Buffer_Overflow_cpycat 366 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 20731 153562/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20732 153562/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20733 153562/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20734 153562/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20735 153562/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20736 153562/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20737 153562/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20738 153562/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20739 153562/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20740 153562/color.c Buffer_Overflow_cpycat 190 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20741 153562/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20742 153562/color.c Buffer_Overflow_cpycat 345 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 20743 153562/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20744 153562/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20745 153562/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20746 153562/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20747 153562/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20748 153720/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20749 153720/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20750 1305/prescan-overflow-bad.c Buffer_Overflow_cpycat 608 addr = (char *) malloc(sizeof(char) * 500); addr[i+1] = special_char; CurEnv->e_to = (char *) malloc(strlen(addr) * sizeof(char) + 1); strcpy(CurEnv->e_to, addr); 0 --------------------------------- 20751 836/basic-00181-med.c Buffer_Overflow_Indexes 58 envvar = getenv("STRINGLEN_MED"); if (envvar != NULL) i = strlen(envvar); if (i > 17) buf[i] = 'A'; 0 --------------------------------- 20752 153570/utf.c Buffer_Overflow_scanf 156 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&unsystematised_inversions,"3851",untuneably_clemclemalats); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20753 153570/utf.c Buffer_Overflow_Indexes 108 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&unsystematised_inversions,"3851",untuneably_clemclemalats); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20754 153570/utf.c Buffer_Overflow_Indexes 154 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20755 153570/utf.c Buffer_Overflow_LowBound 396 char stonesoup_source[1024]; concavities_meropodite = ((char *)( *( *( *( *( *( *( *( *( *( *sophistress_odontolith)))))))))) . ring_stinkbugs); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,concavities_meropodite,sizeof(stonesoup_source)); 0 --------------------------------- 20756 153570/utf.c Buffer_Overflow_LowBound 405 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 20757 153369/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20758 153369/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20759 153541/heapam.c Buffer_Overflow_Indexes 145 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&presatisfy_bottlebird,"COMPACTILE_DIVORCING"); if (presatisfy_bottlebird != 0) {; extensionalism_proteolytic = ((int )(strlen(presatisfy_bottlebird))); superenrollment_prediscuss = ((char *)(malloc(extensionalism_proteolytic + 1))); if (superenrollment_prediscuss == 0) { memset(superenrollment_prediscuss,0,extensionalism_proteolytic + 1); memcpy(superenrollment_prediscuss,presatisfy_bottlebird,extensionalism_proteolytic); if (presatisfy_bottlebird != 0) free(((char *)presatisfy_bottlebird)); nonbarbarous_lairdship = &superenrollment_prediscuss; helvella_implies = &nonbarbarous_lairdship; botheration_gasburg(helvella_implies); 0 --------------------------------- 20760 153541/heapam.c Buffer_Overflow_Indexes 99 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&presatisfy_bottlebird,"COMPACTILE_DIVORCING"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 20761 153541/heapam.c Buffer_Overflow_Indexes 140 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20762 153718/hashfn.c Buffer_Overflow_Indexes 52 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); hepsiba_bretwalda = temenus_interrelation(seamrog_creedless); kinnor_eldorado(nonamorous_ichthyopsida,hepsiba_bretwalda); kinnor_eldorado(world_kachcha,magellanian_visitorial); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20763 153718/hashfn.c Buffer_Overflow_Indexes 141 crazedly_memorialiser = getenv("BRIGANDAGE_DANELLE"); if (crazedly_memorialiser != 0) {; seamrog_creedless . stempel_outdraft = ((char *)crazedly_memorialiser); hepsiba_bretwalda = temenus_interrelation(seamrog_creedless); struct drago_unlikeliest temenus_interrelation(struct drago_unlikeliest strychninism_ratchetlike); 0 --------------------------------- 20764 153583/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20765 153583/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20766 153389/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20767 153389/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20768 152970/color.c Buffer_Overflow_Indexes 189 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20769 152970/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20770 152970/color.c Buffer_Overflow_Indexes 191 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20771 152970/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&ecclesiasticus_restibrachium,"DANIELLE_BRUSHBALL"); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20772 152970/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&ecclesiasticus_restibrachium,"DANIELLE_BRUSHBALL"); if (ecclesiasticus_restibrachium != 0) {; fisk_vinegar = ((char *)ecclesiasticus_restibrachium); strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); *stonesoup_buffer_ptr = fisk_vinegar; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); if (stonesoup_buffer_ptr != 0) { free(stonesoup_buffer_ptr); if (ecclesiasticus_restibrachium != 0) free(((char *)ecclesiasticus_restibrachium)); 0 --------------------------------- 20773 152970/color.c Buffer_Overflow_LowBound 614 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *ecclesiasticus_restibrachium; stonesoup_read_taint(&ecclesiasticus_restibrachium,"DANIELLE_BRUSHBALL"); fisk_vinegar = ((char *)ecclesiasticus_restibrachium); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&ecclesiasticus_restibrachium,"DANIELLE_BRUSHBALL"); fisk_vinegar = ((char *)ecclesiasticus_restibrachium); strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); 1 --------------------------------- 20774 152970/color.c Buffer_Overflow_LowBound 589 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, fisk_vinegar, stonesoup_buffer_len); 0 --------------------------------- 20775 152970/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20776 152970/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20777 152970/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20778 152970/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20779 152970/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20780 152970/color.c Buffer_Overflow_cpycat 339 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20781 152970/color.c Buffer_Overflow_cpycat 205 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20782 152970/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20783 152970/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20784 152970/color.c Buffer_Overflow_cpycat 360 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 20785 152970/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20786 152970/color.c Buffer_Overflow_cpycat 381 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 20787 152970/color.c Buffer_Overflow_cpycat 332 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20788 152970/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20789 152970/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20790 152970/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20791 152970/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20792 152970/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20793 152970/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20794 152970/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20795 152970/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20796 152970/color.c Buffer_Overflow_cpycat 325 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20797 152970/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20798 152970/color.c Buffer_Overflow_cpycat 361 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20799 153416/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20800 153416/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20801 153416/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&gnomic_lunkheads,"GOLES_BIOTYPE"); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20802 153416/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20803 153416/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&gnomic_lunkheads,"GOLES_BIOTYPE"); if (gnomic_lunkheads != 0) {; tosspot_motivic = ((char *)gnomic_lunkheads); strncpy(stonesoup_source,tosspot_motivic,sizeof(stonesoup_source)); if (gnomic_lunkheads != 0) free(((char *)gnomic_lunkheads)); 0 --------------------------------- 20804 153416/color.c Buffer_Overflow_LowBound 587 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 20805 153416/color.c Buffer_Overflow_LowBound 578 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; char *gnomic_lunkheads; stonesoup_read_taint(&gnomic_lunkheads,"GOLES_BIOTYPE"); tosspot_motivic = ((char *)gnomic_lunkheads); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,tosspot_motivic,sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&gnomic_lunkheads,"GOLES_BIOTYPE"); tosspot_motivic = ((char *)gnomic_lunkheads); strncpy(stonesoup_source,tosspot_motivic,sizeof(stonesoup_source)); 0 --------------------------------- 20806 153416/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20807 153416/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20808 153416/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 20809 153416/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20810 153416/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20811 153416/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20812 153416/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20813 153416/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20814 153416/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20815 153416/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20816 153416/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20817 153416/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20818 153416/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20819 153416/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20820 153416/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20821 153416/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20822 153416/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20823 153416/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20824 153416/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 20825 153416/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20826 153416/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20827 153416/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20828 153416/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20829 153416/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20830 153164/cmdline.c Buffer_Overflow_scanf 128 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&hackneyedly_farrow,"6352",sold_interarrival); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20831 153164/cmdline.c Buffer_Overflow_Indexes 276 env_val = (getenv( *env_var)); if (env_val && env_val[0]) { fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); 0 --------------------------------- 20832 153164/cmdline.c Buffer_Overflow_Indexes 80 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20833 153164/cmdline.c Buffer_Overflow_Indexes 904 e = (getenv("VISUAL")); if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 20834 153164/cmdline.c Buffer_Overflow_Indexes 126 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20835 153164/cmdline.c Buffer_Overflow_Indexes 907 e = (getenv("EDITOR")); if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 20836 153164/cmdline.c Buffer_Overflow_Indexes 895 e = (getenv("SVN_EDITOR")); if (!e) { svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); if (!e) { if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 20837 153164/cmdline.c Buffer_Overflow_LowBound 301 int svn_cmdline_init(const char *progname,FILE *error_stream) char prefix_buf[64]; fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); 0 --------------------------------- 20838 153164/cmdline.c Buffer_Overflow_cpycat 303 prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); 0 --------------------------------- 20839 153007/tile.c Buffer_Overflow_scanf 101 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&firers_lindenhurst,"9439",concatenary_michoacano); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20840 153007/tile.c Buffer_Overflow_Indexes 99 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20841 153007/tile.c Buffer_Overflow_Indexes 53 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&firers_lindenhurst,"9439",concatenary_michoacano); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); s stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20842 153007/tile.c Buffer_Overflow_Indexes 298 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 0 --------------------------------- 20843 153733/column.c Buffer_Overflow_scanf 107 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&valoniah_hup,"8039",gibbous_intercessive); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20844 153733/column.c Buffer_Overflow_Indexes 59 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&valoniah_hup,"8039",gibbous_intercessive); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20845 153733/column.c Buffer_Overflow_Indexes 105 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20846 153733/column.c Buffer_Overflow_cpycat 1229 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; char stonesoup_stack_buffer_64[64]; int gibbous_intercessive = 1001; char *valoniah_hup; stonesoup_read_taint(&valoniah_hup,"8039",gibbous_intercessive); enflamed_englished = valoniah_hup; reweigh_turbination[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *decadron_laved)))))))))))))))))))))))))))))))))))))))))))))))))] = enflamed_englished; minimising_micrography = reweigh_turbination[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *decadron_laved)))))))))))))))))))))))))))))))))))))))))))))))))]; vire_unroyally = ((char *)minimising_micrography); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,vire_unroyally); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&valoniah_hup,"8039",gibbous_intercessive); enflamed_englished = valoniah_hup; reweigh_turbination[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *decadron_laved)))))))))))))))))))))))))))))))))))))))))))))))))] = enflamed_englished; minimising_micrography = reweigh_turbination[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *decadron_laved)))))))))))))))))))))))))))))))))))))))))))))))))]; vire_unroyally = ((char *)minimising_micrography); strcpy(stonesoup_stack_buffer_64,vire_unroyally); 1 --------------------------------- 20847 152997/stream.c Buffer_Overflow_Indexes 113 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20848 152911/eng_lib.c Buffer_Overflow_Indexes 84 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20849 152911/eng_lib.c Buffer_Overflow_Indexes 455 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 20850 152911/eng_lib.c Buffer_Overflow_Indexes 125 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20851 152911/eng_lib.c Buffer_Overflow_Indexes 130 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&preenlistments_nuchale,"SOPHISTICATIONS_PLAGUELESS"); if (preenlistments_nuchale != 0) {; wran_nonevent . unpriceably_advocates = preenlistments_nuchale; reincorporates_tale[5] = wran_nonevent; curacao_drivellers = *(reincorporates_tale + *irenic_onewhere); subreguli_alphonsism(curacao_drivellers); 0 --------------------------------- 20852 153058/avfilter.c Buffer_Overflow_Indexes 49 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20853 153058/avfilter.c Buffer_Overflow_Indexes 90 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20854 153058/avfilter.c Buffer_Overflow_Indexes 95 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hellfires_rauraci,"OSTERHUS_SUPERPOSED"); if (hellfires_rauraci != 0) {; moodinesses_mackoff = hellfires_rauraci; brickbats_mtbaldy(moodinesses_mackoff); void brickbats_mtbaldy(const reemission_cwrite engracing_creg); 0 --------------------------------- 20855 153058/avfilter.c Buffer_Overflow_LowBound 897 void brickbats_mtbaldy(const reemission_cwrite engracing_creg) BRUNNICHIA_APRILIS(engracing_creg); void ccip_chatterbag(reemission_cwrite hating_nonvacua) char stonesoup_buffer[8]; peripneumonic_trimetrical = ((char *)((reemission_cwrite )hating_nonvacua)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(peripneumonic_trimetrical)+1, peripneumonic_trimetrical, "TRIGGER-STATE"); strncpy(stonesoup_buffer,peripneumonic_trimetrical,strlen(peripneumonic_trimetrical) + 1); 1 --------------------------------- 20856 153058/avfilter.c Buffer_Overflow_LowBound 127 av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); 0 --------------------------------- 20857 153601/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20858 153601/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20859 153619/resowner.c Buffer_Overflow_Indexes 139 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); CONOIDAL_BACKPOINTER(wakamba_avaria); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20860 153619/resowner.c Buffer_Overflow_Indexes 673 apium_philipsburg = getenv("MERMIS_DILATOMETRY"); if (apium_philipsburg != 0) {; lustiness_counterfix[20] = apium_philipsburg; butadiene_necrophagous[5] = lustiness_counterfix; wakamba_avaria = *(butadiene_necrophagous + *dorsoventrad_reedplot); CONOIDAL_BACKPOINTER(wakamba_avaria); void scorbutic_muteness(char **indirectly_yearth) CONOIDAL_BACKPOINTER(wakamba_avaria); effortlessly_vashon = ((char *)indirectly_yearth[20]); strncpy(stonesoup_buffer, effortlessly_vashon, stonesoup_buffer_len); *stonesoup_buffer_ptr = effortlessly_vashon; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); strncpy(stonesoup_buffer, effortlessly_vashon, stonesoup_buffer_len); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); if (stonesoup_buffer_ptr != 0) { free(stonesoup_buffer_ptr); 1 --------------------------------- 20861 153619/resowner.c Buffer_Overflow_LowBound 1131 apium_philipsburg = getenv("MERMIS_DILATOMETRY"); lustiness_counterfix[20] = apium_philipsburg; butadiene_necrophagous[5] = lustiness_counterfix; scorbutic_stabbingness = 5; dorsoventrad_reedplot = &scorbutic_stabbingness; wakamba_avaria = *(butadiene_necrophagous + *dorsoventrad_reedplot); CONOIDAL_BACKPOINTER(wakamba_avaria); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, effortlessly_vashon, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, effortlessly_vashon, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, effortlessly_vashon, stonesoup_buffer_len); void scorbutic_muteness(char **indirectly_yearth) effortlessly_vashon = ((char *)indirectly_yearth[20]); strncpy(stonesoup_buffer, effortlessly_vashon, stonesoup_buffer_len); strncpy(stonesoup_buffer, effortlessly_vashon, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, effortlessly_vashon, stonesoup_buffer_len); 1 --------------------------------- 20862 153619/resowner.c Buffer_Overflow_LowBound 1106 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, effortlessly_vashon, stonesoup_buffer_len); 0 --------------------------------- 20863 153341/avpacket.c Buffer_Overflow_Indexes 78 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20864 153813/config.c Buffer_Overflow_Indexes 125 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&preaffirmation_crosscurrented,"KAIK_ABOLITIONIZED"); if (preaffirmation_crosscurrented != 0) {; overcasts_ringman[27] = preaffirmation_crosscurrented; enhydris_expeditely = overcasts_ringman; dillyman_beakers = ((char **)(((unsigned long )enhydris_expeditely) * harpp_seculars * harpp_seculars)) + 5; tyrannisingly_gerbatka(saddik_damaskeening,dillyman_beakers); void tyrannisingly_gerbatka(int gimmals_saebeins,char **palladia_deckle); 0 --------------------------------- 20865 153813/config.c Buffer_Overflow_Indexes 79 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20866 153813/config.c Buffer_Overflow_Indexes 120 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20867 153813/config.c Buffer_Overflow_LowBound 1070 char stonesoup_source[1024]; beckville_sippers = ((char *)(palladia_deckle - 5)[27]); stonesoup_source[stonesoup_i] = 0; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { strncpy(stonesoup_source, beckville_sippers, sizeof(stonesoup_source)); 0 --------------------------------- 20868 153813/config.c Buffer_Overflow_LowBound 1079 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 20869 153040/bufmgr.c Buffer_Overflow_scanf 170 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&peritrochal_muraena,"1490",rambong_hillis); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20870 153040/bufmgr.c Buffer_Overflow_Indexes 122 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20871 153040/bufmgr.c Buffer_Overflow_Indexes 168 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20872 153829/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&talas_sleevelessness,"1479",illaqueation_etymologically); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20873 153829/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&talas_sleevelessness,"1479",illaqueation_etymologically); stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20874 153829/color.c Buffer_Overflow_Indexes 188 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20875 153829/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20876 153829/color.c Buffer_Overflow_Indexes 186 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20877 153829/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20878 153829/color.c Buffer_Overflow_cpycat 378 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 20879 153829/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20880 153829/color.c Buffer_Overflow_cpycat 358 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20881 153829/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20882 153829/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20883 153829/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20884 153829/color.c Buffer_Overflow_cpycat 593 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int illaqueation_etymologically = 596; char *talas_sleevelessness; stonesoup_read_taint(&talas_sleevelessness,"1479",illaqueation_etymologically); grizzled_jodel = ((char *)talas_sleevelessness); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, grizzled_jodel); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&talas_sleevelessness,"1479",illaqueation_etymologically); grizzled_jodel = ((char *)talas_sleevelessness); strcpy(stonesoup_data.buffer, grizzled_jodel); 1 --------------------------------- 20885 153829/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20886 153829/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20887 153829/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20888 153829/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20889 153829/color.c Buffer_Overflow_cpycat 357 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 20890 153829/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20891 153829/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20892 153829/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20893 153829/color.c Buffer_Overflow_cpycat 350 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20894 153829/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20895 153829/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20896 153829/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20897 153829/color.c Buffer_Overflow_cpycat 202 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20898 153829/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20899 153829/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20900 153829/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20901 153829/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 20902 153760/aviobuf.c Buffer_Overflow_Indexes 99 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&respective_nugae,"SYNTONIZER_HOARSER"); if (respective_nugae != 0) {; exteriorness_androgenous = &respective_nugae; cep_cerrogordo = exteriorness_androgenous + 5; lpf_eavedropping = ((char *)( *(cep_cerrogordo - 5))); strncpy(stonesoup_source, lpf_eavedropping, sizeof(stonesoup_source)); if ( *(cep_cerrogordo - 5) != 0) free(((char *)( *(cep_cerrogordo - 5)))); 0 --------------------------------- 20903 153760/aviobuf.c Buffer_Overflow_Indexes 94 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20904 153760/aviobuf.c Buffer_Overflow_Indexes 53 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&respective_nugae,"SYNTONIZER_HOARSER"); stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20905 153760/aviobuf.c Buffer_Overflow_LowBound 1106 int avio_printf(AVIOContext *s,const char *fmt,... ) va_list ap; char buf[4096]; __builtin_va_start(ap,fmt); ret = vsnprintf(buf,sizeof(buf),fmt,ap); 0 --------------------------------- 20906 153760/aviobuf.c Buffer_Overflow_LowBound 1038 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; char *respective_nugae; stonesoup_read_taint(&respective_nugae,"SYNTONIZER_HOARSER"); exteriorness_androgenous = &respective_nugae; cep_cerrogordo = exteriorness_androgenous + 5; lpf_eavedropping = ((char *)( *(cep_cerrogordo - 5))); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, lpf_eavedropping, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&respective_nugae,"SYNTONIZER_HOARSER"); exteriorness_androgenous = &respective_nugae; cep_cerrogordo = exteriorness_androgenous + 5; lpf_eavedropping = ((char *)( *(cep_cerrogordo - 5))); strncpy(stonesoup_source, lpf_eavedropping, sizeof(stonesoup_source)); 0 --------------------------------- 20907 153760/aviobuf.c Buffer_Overflow_LowBound 1047 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 20908 153017/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20909 153017/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20910 153009/utils.c Buffer_Overflow_scanf 115 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&disenthrone_pachychilia,"7593",sexist_conglobulate); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20911 153009/utils.c Buffer_Overflow_Indexes 67 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20912 153009/utils.c Buffer_Overflow_Indexes 113 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20913 153009/utils.c Buffer_Overflow_LowBound 4416 int ff_url_join(char *str,int size,const char *proto,const char *authorization,const char *hostname,int port,const char *fmt,... ) str[0] = '\0'; av_strlcatf(str,size,"%s: av_strlcatf(str,size,"%s@",authorization); av_strlcat(str,"[",size); av_strlcat(str,hostname,size); av_strlcat(str,"]",size); av_strlcat(str,hostname,size); av_strlcat(str,hostname,size); av_strlcatf(str,size,":%d",port); va_list vl; int len = (strlen(str)); __builtin_va_start(vl,fmt); vsnprintf(str + len,(size > len?size - len : 0),fmt,vl); 0 --------------------------------- 20914 153009/utils.c Buffer_Overflow_LowBound 4961 void aquitaine_subincandescent(int livishly_slumbrous,void ***********powderhorn_drabbler) char stonesoup_buffer[8]; chasteweed_frillers = ((char *)((char *)( *( *( *( *( *( *( *( *( *( *powderhorn_drabbler)))))))))))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(chasteweed_frillers)+1, chasteweed_frillers, "TRIGGER-STATE"); strncpy(stonesoup_buffer,chasteweed_frillers,strlen(chasteweed_frillers) + 1); 1 --------------------------------- 20915 153009/utils.c Buffer_Overflow_LowBound 3974 return av_guess_format("image2",((void *)0),((void *)0)); if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { if (!av_filename_number_test(filename)) { memcpy(q,buf1,len); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); static int init_input(AVFormatContext *s,const char *filename,AVDictionary **options) return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if (!av_filename_number_test(filename)) { int av_filename_number_test(const char *filename) return filename && av_get_frame_filename(buf,(sizeof(buf)),filename,1) >= 0; int av_get_frame_filename(char *buf,int buf_size,const char *path,int number) char buf1[20]; p = path; c = *(p++); nd = 0; while(av_isdigit(( *p))){ nd = nd * '\n' + ( *(p++)) - 48; c = *(p++); nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); int av_probe_input_buffer(AVIOContext *pb,AVInputFormat **fmt,const char *filename,void *logctx,unsigned int offset,unsigned int max_probe_size) if (!av_filename_number_test(filename)) { AVOutputFormat *av_guess_format(const char *short_name,const char *filename,const char *mime_type) if (!short_name && filename && av_filename_number_test(filename) && (ff_guess_image2_codec(filename)) != AV_CODEC_ID_NONE) { int avformat_open_input(AVFormatContext **ps,const char *filename,AVInputFormat *fmt,AVDictionary **options) if ((ret = init_input(s,filename,&tmp)) < 0) { 0 --------------------------------- 20916 153335/emem.c Buffer_Overflow_Indexes 311 se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 20917 153335/emem.c Buffer_Overflow_Indexes 295 ep_packet_mem . debug_verify_pointers = getenv("WIRESHARK_EP_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 20918 153335/emem.c Buffer_Overflow_Indexes 1119 leviticalism_vica = getenv("TRAITOROUSLY_TROCHILIC"); if (leviticalism_vica != 0) {; surfings_subpastor = ((void *)leviticalism_vica); uninterrogative_anchistopoda = &surfings_subpastor; sluig_favorers = ((char *)((char *)( *uninterrogative_anchistopoda))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(sluig_favorers)+1, sluig_favorers, "TRIGGER-STATE"); strncpy(stonesoup_data, sluig_favorers, strlen(sluig_favorers) + 1); 1 --------------------------------- 20919 153335/emem.c Buffer_Overflow_Indexes 1596 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1926))); 0 --------------------------------- 20920 153335/emem.c Buffer_Overflow_Indexes 1561 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1890))); 0 --------------------------------- 20921 153335/emem.c Buffer_Overflow_Indexes 1529 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1856))); 0 --------------------------------- 20922 153335/emem.c Buffer_Overflow_Indexes 166 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20923 153335/emem.c Buffer_Overflow_Indexes 1579 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1909))); 0 --------------------------------- 20924 153335/emem.c Buffer_Overflow_Indexes 294 ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 20925 153335/emem.c Buffer_Overflow_Indexes 310 se_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_SE_NO_CHUNKS") == ((void *)0); se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 20926 153335/emem.c Buffer_Overflow_Indexes 293 ep_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_EP_NO_CHUNKS") == ((void *)0); ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 20927 153335/emem.c Buffer_Overflow_Indexes 1614 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1945))); 0 --------------------------------- 20928 153335/emem.c Buffer_Overflow_Indexes 1544 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1872))); 0 --------------------------------- 20929 153335/emem.c Buffer_Overflow_Indexes 312 se_packet_mem . debug_verify_pointers = getenv("WIRESHARK_SE_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 20930 153335/emem.c Buffer_Overflow_LowBound 1132 leviticalism_vica = getenv("TRAITOROUSLY_TROCHILIC"); surfings_subpastor = ((void *)leviticalism_vica); uninterrogative_anchistopoda = &surfings_subpastor; sluig_favorers = ((char *)((char *)( *uninterrogative_anchistopoda))); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(sluig_favorers)+1, sluig_favorers, "TRIGGER-STATE"); strncpy(stonesoup_data, sluig_favorers, strlen(sluig_favorers) + 1); 1 --------------------------------- 20931 153342/stream.c Buffer_Overflow_Indexes 113 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20932 153342/stream.c Buffer_Overflow_LowBound 1812 void stutter_victoryless(int mesiopulpal_lyraway,char **turnup_knighthead) char stonesoup_source[1024]; norms_pimply = ((char *)( *(turnup_knighthead - 5))); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, norms_pimply, sizeof(stonesoup_source)); stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { strncpy(stonesoup_source, norms_pimply, sizeof(stonesoup_source)); 0 --------------------------------- 20933 153342/stream.c Buffer_Overflow_LowBound 1821 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 20934 153580/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20935 153580/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20936 153107/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20937 153107/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20938 153406/subtrans.c Buffer_Overflow_Indexes 114 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20939 153406/subtrans.c Buffer_Overflow_LowBound 435 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, queendom_cequi, strlen(queendom_cequi) + 1); void stonesoup_handle_taint(char *sherpas_symphonetic) wigging_capuched = sherpas_symphonetic; recodification_quindecima[ *( *( *( *( *( *( *( *( *( *evocate_potlatched)))))))))] = wigging_capuched; tabourets_sciuromorphic = recodification_quindecima[ *( *( *( *( *( *( *( *( *( *evocate_potlatched)))))))))]; queendom_cequi = ((char *)tabourets_sciuromorphic); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(queendom_cequi)+1, queendom_cequi, "TRIGGER-STATE"); strncpy(stonesoup_data, queendom_cequi, strlen(queendom_cequi) + 1); 1 --------------------------------- 20940 153581/config_file.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); svn_error_t *svn_err__temp = parser_getc(ctx,&ch); svn_error_t *svn_err__temp = skip_bom(ctx); err = svn_config__parse_stream(cfg,stream,result_pool,scratch_pool); svn_error_t *svn_err__temp = skip_bom(ctx); stonesoup_setup_printf_context(); reinvestigation_deafened(platina_perfeti,tritangential_cardale); reinvestigation_deafened(gadling_vincristine,alcibiades_nonbusiness); stonesoup_printf("String is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("String is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20941 153581/config_file.c Buffer_Overflow_Indexes 268 narratives_zeoscope = getenv("MASSASOIT_SUPERMINIS"); if (narratives_zeoscope != 0) {; tritangential_cardale = ((void *)narratives_zeoscope); reinvestigation_deafened(platina_perfeti,tritangential_cardale); void reinvestigation_deafened(int gadling_vincristine,void *alcibiades_nonbusiness) reinvestigation_deafened(gadling_vincristine,alcibiades_nonbusiness); selenodonta_spirochaetotic = ((char *)((char *)alcibiades_nonbusiness)); stonesoup_input_len = strlen(selenodonta_spirochaetotic); if (stonesoup_input_len < 2) { stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); stonesoup_result = ( *stonesoup_function_ptr)(selenodonta_spirochaetotic); if (stonesoup_result == 0) void reinvestigation_deafened(int gadling_vincristine,void *alcibiades_nonbusiness) selenodonta_spirochaetotic = ((char *)((char *)alcibiades_nonbusiness)); stonesoup_input_len = strlen(selenodonta_spirochaetotic); stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { if (len > 10) { if (len < 10) { 1 --------------------------------- 20942 153242/e_camellia.c Buffer_Overflow_Indexes 122 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20943 153242/e_camellia.c Buffer_Overflow_LowBound 630 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); successionist_shrubby = ((int )(strlen(phenoquinone_gravamem))); shieldmaker_mariya = ((char *)(malloc(successionist_shrubby + 1))); memset(shieldmaker_mariya,0,successionist_shrubby + 1); memcpy(shieldmaker_mariya,phenoquinone_gravamem,successionist_shrubby); counterthrusts_flabbinesses[5] = shieldmaker_mariya; anemochore_oryssidae[1] = 5; chromogenesis_scorbute = *(counterthrusts_flabbinesses + anemochore_oryssidae[1]); ship_crayfishes = ((char *)chromogenesis_scorbute); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(ship_crayfishes)+1, ship_crayfishes, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, ship_crayfishes, strlen(ship_crayfishes) + 1); void stonesoup_handle_taint(char *phenoquinone_gravamem) successionist_shrubby = ((int )(strlen(phenoquinone_gravamem))); memcpy(shieldmaker_mariya,phenoquinone_gravamem,successionist_shrubby); counterthrusts_flabbinesses[5] = shieldmaker_mariya; chromogenesis_scorbute = *(counterthrusts_flabbinesses + anemochore_oryssidae[1]); ship_crayfishes = ((char *)chromogenesis_scorbute); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(ship_crayfishes)+1, ship_crayfishes, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, ship_crayfishes, strlen(ship_crayfishes) + 1); 1 --------------------------------- 20944 153436/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20945 153436/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20946 153520/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20947 153520/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20948 153794/timestamp.c Buffer_Overflow_Indexes 51 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20949 153794/timestamp.c Buffer_Overflow_Indexes 125 broiling_airfields = getenv("BIOFLAVINOID_PHOTOSTABILITY"); if (broiling_airfields != 0) {; outgrowing_plashy[3] = broiling_airfields; laft_spinors = outgrowing_plashy; androgynic_freeze(withdrawnness_blotchiness,laft_spinors); void androgynic_freeze(int presharpen_concernment,char **serpivolant_fieldworker); 0 --------------------------------- 20950 153794/timestamp.c Buffer_Overflow_cpycat 178 void androgynic_freeze(int presharpen_concernment,char **serpivolant_fieldworker) wasterie_marauds = ((char *)serpivolant_fieldworker[3]); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, wasterie_marauds); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data.buffer); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, wasterie_marauds); 1 --------------------------------- 20951 153592/main_filter_toolbar.c Buffer_Overflow_scanf 131 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&aguamiel_peabird,"4980",diphthongs_microreader); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 20952 153592/main_filter_toolbar.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20953 153592/main_filter_toolbar.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20954 153134/main_statusbar.c Buffer_Overflow_Indexes 117 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20955 153134/main_statusbar.c Buffer_Overflow_Indexes 605 tetradactyly_boxerism = getenv("SANCY_BOBBLED"); if (tetradactyly_boxerism != 0) {; fourragere_britannia[ *( *( *( *( *( *( *( *( *( *unshrined_manuf)))))))))] = tetradactyly_boxerism; befreckle_utfangthief = fourragere_britannia[ *( *( *( *( *( *( *( *( *( *unshrined_manuf)))))))))]; norry_hyperspherical = ((char *)befreckle_utfangthief); stonesoup_buffer = malloc((strlen(norry_hyperspherical) + 1) * sizeof(char )); if (stonesoup_buffer == 0) { strcpy(stonesoup_buffer,norry_hyperspherical); if (stonesoup_buffer[0] >= 97) { stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); if (stonesoup_buffer != 0) { free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) first_char = buffer_param[0] - 97; free(buffer_param); return first_char; stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 20956 153134/main_statusbar.c Buffer_Overflow_cpycat 636 tetradactyly_boxerism = getenv("SANCY_BOBBLED"); fourragere_britannia[ *( *( *( *( *( *( *( *( *( *unshrined_manuf)))))))))] = tetradactyly_boxerism; befreckle_utfangthief = fourragere_britannia[ *( *( *( *( *( *( *( *( *( *unshrined_manuf)))))))))]; norry_hyperspherical = ((char *)befreckle_utfangthief); stonesoup_buffer = malloc((strlen(norry_hyperspherical) + 1) * sizeof(char )); strcpy(stonesoup_buffer,norry_hyperspherical); 0 --------------------------------- 20957 1291/sig-bad.c Buffer_Overflow_cpycat 692 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn2, "sls.lcs.mit.edu"); 0 --------------------------------- 20958 1291/sig-bad.c Buffer_Overflow_cpycat 636 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); 0 --------------------------------- 20959 1291/sig-bad.c Buffer_Overflow_cpycat 629 temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); 0 --------------------------------- 20960 1632/snp9-bad.c Buffer_Overflow_Indexes 67 main(int argc, char **argv) if(argc > 2) { userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); x = strlen(p); p += x; l -= x; 1 --------------------------------- 20961 1632/snp9-bad.c Buffer_Overflow_LowBound 57 main(int argc, char **argv) userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) buf = malloc(MAXSIZE); p = buf; l = MAXSIZE; snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); 1 --------------------------------- 20962 153756/utf.c Buffer_Overflow_Indexes 324 intermediacy_roadlessness = getenv("UMBRATIC_SYNENTOGNATHI"); if (intermediacy_roadlessness != 0) {; cyanines_shyness = &intermediacy_roadlessness; conceive_vettura = cyanines_shyness + 5; if ( *(conceive_vettura - 5) != 0) { monetite_peladore = ((char *)( *(conceive_vettura - 5))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(monetite_peladore)+1, monetite_peladore, "TRIGGER-STATE"); strncpy(stonesoup_buffer,monetite_peladore,strlen(monetite_peladore) + 1); 1 --------------------------------- 20963 153756/utf.c Buffer_Overflow_Indexes 96 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20964 153756/utf.c Buffer_Overflow_LowBound 340 char stonesoup_buffer[8]; intermediacy_roadlessness = getenv("UMBRATIC_SYNENTOGNATHI"); cyanines_shyness = &intermediacy_roadlessness; conceive_vettura = cyanines_shyness + 5; monetite_peladore = ((char *)( *(conceive_vettura - 5))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(monetite_peladore)+1, monetite_peladore, "TRIGGER-STATE"); strncpy(stonesoup_buffer,monetite_peladore,strlen(monetite_peladore) + 1); 1 --------------------------------- 20965 153796/oids.c Buffer_Overflow_Indexes 89 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&corteges_blackies,"EPHEMEROPTERA_JUSTEN"); stonesoup_data.buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 20966 153796/oids.c Buffer_Overflow_Indexes 130 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20967 153796/oids.c Buffer_Overflow_Indexes 135 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&corteges_blackies,"EPHEMEROPTERA_JUSTEN"); if (corteges_blackies != 0) {; phenogenesis_squirreling = &corteges_blackies; redraft_biogeny = ((char *)( *phenogenesis_squirreling)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(redraft_biogeny)+1, redraft_biogeny, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, redraft_biogeny, strlen(redraft_biogeny) + 1); if ( *phenogenesis_squirreling != 0) free(((char *)( *phenogenesis_squirreling))); 1 --------------------------------- 20968 153796/oids.c Buffer_Overflow_Indexes 172 char *debug_env = getenv("WIRESHARK_DEBUG_MIBS"); debuglevel = ((debug_env?strtoul(debug_env,((void *)0),10) : 0)); 0 --------------------------------- 20969 153796/oids.c Buffer_Overflow_LowBound 969 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *corteges_blackies; stonesoup_read_taint(&corteges_blackies,"EPHEMEROPTERA_JUSTEN"); phenogenesis_squirreling = &corteges_blackies; redraft_biogeny = ((char *)( *phenogenesis_squirreling)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(redraft_biogeny)+1, redraft_biogeny, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, redraft_biogeny, strlen(redraft_biogeny) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&corteges_blackies,"EPHEMEROPTERA_JUSTEN"); phenogenesis_squirreling = &corteges_blackies; redraft_biogeny = ((char *)( *phenogenesis_squirreling)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(redraft_biogeny)+1, redraft_biogeny, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, redraft_biogeny, strlen(redraft_biogeny) + 1); 1 --------------------------------- 20970 1485/Figure2-1-windows.cpp Buffer_Overflow_Indexes 25 gets(Password); 1 --------------------------------- 20971 1295/create_iquery.c Buffer_Overflow_cpycat 113 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); 0 --------------------------------- 20972 153120/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20973 153120/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20974 153299/bio_err.c Buffer_Overflow_Indexes 151 khandait_amidid = getenv("TRANEEN_MOCMAIN"); if (khandait_amidid != 0) {; haematozoon_orlich . polychromasia_hughie = khandait_amidid; unprimness_affectible = herrington_mollities(haematozoon_orlich); union pacemake_hypobaropathy herrington_mollities(union pacemake_hypobaropathy adelaja_touret); 0 --------------------------------- 20975 153299/bio_err.c Buffer_Overflow_Indexes 93 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); unprimness_affectible = herrington_mollities(haematozoon_orlich); markka_corozal(unprimness_affectible); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(synchromist_serglobulin)); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(synchromist_serglobulin)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20976 153758/stream.c Buffer_Overflow_Indexes 98 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&cycler_salicional,"GRATI_PENSEROSO"); REINDEBTEDNESS_PRAYA(save_preinsure); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); s stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 20977 153758/stream.c Buffer_Overflow_Indexes 139 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20978 153758/stream.c Buffer_Overflow_Indexes 144 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&cycler_salicional,"GRATI_PENSEROSO"); if (cycler_salicional != 0) {; epitrope_regioide = ((void *)cycler_salicional); hanoi_convertibly = &epitrope_regioide; save_preinsure = hanoi_convertibly + 5; REINDEBTEDNESS_PRAYA(save_preinsure); void paragram_cancerin(void **lapidarian_allocheiria) REINDEBTEDNESS_PRAYA(save_preinsure); saiff_shorer = ((char *)((char *)( *(lapidarian_allocheiria - 5)))); for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen(saiff_shorer); ++stonesoup_ss_i) { tracepoint(stonesoup_trace, variable_signed_integral, "((int)STONESOUP_TAINT_SOURCE[stonesoup_ss_i])", ((int)saiff_shorer[stonesoup_ss_i]), &(saiff_shorer[stonesoup_ss_i]), "TRIGGER-STATE"); saiff_shorer[stonesoup_ss_i], stonesoup_stack_buff[(int) saiff_shorer[stonesoup_ss_i]]); if (((char *)( *(lapidarian_allocheiria - 5))) != 0) free(((char *)((char *)( *(lapidarian_allocheiria - 5))))); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 20979 153758/stream.c Buffer_Overflow_Indexes 536 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 0 --------------------------------- 20980 153430/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20981 153430/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20982 153733/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20983 153733/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20984 153163/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20985 153163/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20986 153571/conf_mod.c Buffer_Overflow_Indexes 163 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20987 153571/conf_mod.c Buffer_Overflow_Indexes 573 file = getenv("OPENSSL_CONF"); if (file) { return BUF_strdup(file); file = CONF_get1_default_config_file(); if (!file) { if (NCONF_load(conf,file,((void *)0)) <= 0) { CRYPTO_free(file); 0 --------------------------------- 20988 153138/cryptlib.c Buffer_Overflow_Indexes 639 if (env = getenv("OPENSSL_ia32cap")) { int off = env[0] == '~'?1 : 0; 0 --------------------------------- 20989 153138/cryptlib.c Buffer_Overflow_Indexes 201 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20990 153592/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 20991 153592/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20992 149057/ahgets1-bad.c Buffer_Overflow_Indexes 38 while((ch = getc(stdin)) != EOF && ch != '\n') *p++ = ch; *p++ = 0; 1 --------------------------------- 20993 153815/stream.c Buffer_Overflow_scanf 152 void incognizable_jiggliest(void *ringed_antigene) estab_bondship = ((char *)((char *)ringed_antigene)); stonesoup_fp = stonesoup_switch_func(estab_bondship); stonesoup_fct_ptr stonesoup_switch_func(char *param) stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 20994 153815/stream.c Buffer_Overflow_Indexes 254 vaudoux_amenable = getenv("DENTALIUM_APARTHROSIS"); if (vaudoux_amenable != 0) {; clearchus_mutagenicity = ((void *)vaudoux_amenable); twelvemonths_directorially[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *derencephalus_cloot)))))))))))))))))))))))))))))))))))))))))))))))))] = clearchus_mutagenicity; replacements_baronetcy = twelvemonths_directorially[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *derencephalus_cloot)))))))))))))))))))))))))))))))))))))))))))))))))]; suprahuman_facetiousness(replacements_baronetcy); 0 --------------------------------- 20995 153815/stream.c Buffer_Overflow_Indexes 98 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 20996 153597/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 20997 152903/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 20998 152903/color.c Buffer_Overflow_Indexes 179 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 20999 152903/color.c Buffer_Overflow_Indexes 181 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21000 152903/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&hotheadednesses_protoactinium,"RUPESTRAL_UNCUMBER"); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21001 152903/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hotheadednesses_protoactinium,"RUPESTRAL_UNCUMBER"); if (hotheadednesses_protoactinium != 0) {; wreckage_conceding = ((char *)hotheadednesses_protoactinium); stonesoup_buff_size = ((int )(strlen(wreckage_conceding))); memcpy(stonesoup_data->buffer, wreckage_conceding, 64); for (; stonesoup_i < stonesoup_buff_size; ++stonesoup_i){ stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); if (hotheadednesses_protoactinium != 0) free(((char *)hotheadednesses_protoactinium)); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 21002 152903/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21003 152903/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21004 152903/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21005 152903/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21006 152903/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21007 152903/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21008 152903/color.c Buffer_Overflow_cpycat 195 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21009 152903/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21010 152903/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21011 152903/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21012 152903/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21013 152903/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21014 152903/color.c Buffer_Overflow_cpycat 371 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21015 152903/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21016 152903/color.c Buffer_Overflow_cpycat 351 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21017 152903/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21018 152903/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21019 152903/color.c Buffer_Overflow_cpycat 350 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21020 152903/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21021 152903/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21022 152903/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21023 152903/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21024 152903/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21025 152903/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21026 153348/mutex.c Buffer_Overflow_scanf 88 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&terena_bustards,"6712",kusimanse_alpax); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21027 153348/mutex.c Buffer_Overflow_Indexes 86 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21028 153348/mutex.c Buffer_Overflow_Indexes 40 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&terena_bustards,"6712",kusimanse_alpax); catalyzing_slumberously = excellency_brooklike(terena_bustards); archcape_sublimations(mesodesmidae_picot,catalyzing_slumberously); archcape_sublimations(woon_taurid,wilkison_spoonily); stonesoup_printf("String is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("String is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21029 153495/timestamp.c Buffer_Overflow_scanf 101 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&masuren_berendo,"2967",bullboat_saccharulmin); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21030 153495/timestamp.c Buffer_Overflow_Indexes 99 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21031 153495/timestamp.c Buffer_Overflow_Indexes 53 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&masuren_berendo,"2967",bullboat_saccharulmin); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21032 152952/resowner.c Buffer_Overflow_Indexes 139 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21033 152952/resowner.c Buffer_Overflow_Indexes 667 morate_ghana = getenv("SUBROUTINES_OTC"); if (morate_ghana != 0) {; materia_electrostatics = &morate_ghana; epithelial_ligures = ((char **)(((unsigned long )materia_electrostatics) * propound_anabolize * propound_anabolize)) + 5; spiritlamp_japery(epithelial_ligures); void spiritlamp_japery(char **birded_marakapas); 0 --------------------------------- 21034 152952/resowner.c Buffer_Overflow_LowBound 1104 void spiritlamp_japery(char **birded_marakapas) diu_psilanthropist(birded_marakapas); void diu_psilanthropist(char **plasticisation_monacid) lawrencian_rundlets = ((char *)( *(plasticisation_monacid - 5))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(lawrencian_rundlets)+1, lawrencian_rundlets, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, lawrencian_rundlets, strlen(lawrencian_rundlets) + 1); 1 --------------------------------- 21035 153428/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21036 153428/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21037 1293/nxt-bad.c Buffer_Overflow_cpycat 473 temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); 0 --------------------------------- 21038 1293/nxt-bad.c Buffer_Overflow_cpycat 480 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); 0 --------------------------------- 21039 1293/nxt-bad.c Buffer_Overflow_cpycat 514 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn2, "sls.lcs.mit.edu"); 0 --------------------------------- 21040 153699/cmdline.c Buffer_Overflow_Indexes 866 e = (getenv("EDITOR")); if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 21041 153699/cmdline.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21042 153699/cmdline.c Buffer_Overflow_Indexes 863 e = (getenv("VISUAL")); if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 21043 153699/cmdline.c Buffer_Overflow_Indexes 88 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&darlingtonia_jordans,"OFFLOADED_DUMBFOUNDED"); thissen_preinflict(vouchees_enterotoxemia); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21044 153699/cmdline.c Buffer_Overflow_Indexes 134 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&darlingtonia_jordans,"OFFLOADED_DUMBFOUNDED"); if (darlingtonia_jordans != 0) {; vouchees_enterotoxemia . toponymical_belime = ((char *)darlingtonia_jordans); thissen_preinflict(vouchees_enterotoxemia); void thissen_preinflict(const struct tricentenary_diaspidinae muckibus_tobruk) if (((struct tricentenary_diaspidinae )muckibus_tobruk) . toponymical_belime != 0) { hearten_photomagnetism = ((char *)((struct tricentenary_diaspidinae )muckibus_tobruk) . toponymical_belime); stonesoup_buffer = malloc((strlen(hearten_photomagnetism) + 1) * sizeof(char )); if (stonesoup_buffer == 0) { strcpy(stonesoup_buffer,hearten_photomagnetism); if (stonesoup_buffer[0] >= 97) { stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); if (stonesoup_buffer != 0) { free(stonesoup_buffer); if (((struct tricentenary_diaspidinae )muckibus_tobruk) . toponymical_belime != 0) free(((char *)((struct tricentenary_diaspidinae )muckibus_tobruk) . toponymical_belime)); char stonesoup_process_buffer(char *buffer_param) first_char = buffer_param[0] - 97; free(buffer_param); return first_char; stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 21045 153699/cmdline.c Buffer_Overflow_Indexes 235 env_val = (getenv( *env_var)); if (env_val && env_val[0]) { fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); 0 --------------------------------- 21046 153699/cmdline.c Buffer_Overflow_Indexes 854 e = (getenv("SVN_EDITOR")); if (!e) { svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); if (!e) { if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 21047 153699/cmdline.c Buffer_Overflow_LowBound 260 int svn_cmdline_init(const char *progname,FILE *error_stream) char prefix_buf[64]; fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); 0 --------------------------------- 21048 153699/cmdline.c Buffer_Overflow_cpycat 1182 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *darlingtonia_jordans; stonesoup_read_taint(&darlingtonia_jordans,"OFFLOADED_DUMBFOUNDED"); vouchees_enterotoxemia . toponymical_belime = ((char *)darlingtonia_jordans); thissen_preinflict(vouchees_enterotoxemia); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&darlingtonia_jordans,"OFFLOADED_DUMBFOUNDED"); vouchees_enterotoxemia . toponymical_belime = ((char *)darlingtonia_jordans); thissen_preinflict(vouchees_enterotoxemia); void thissen_preinflict(const struct tricentenary_diaspidinae muckibus_tobruk) hearten_photomagnetism = ((char *)((struct tricentenary_diaspidinae )muckibus_tobruk) . toponymical_belime); stonesoup_buffer = malloc((strlen(hearten_photomagnetism) + 1) * sizeof(char )); strcpy(stonesoup_buffer,hearten_photomagnetism); 0 --------------------------------- 21049 153699/cmdline.c Buffer_Overflow_cpycat 262 prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); 0 --------------------------------- 21050 152900/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21051 152900/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21052 152910/bufmgr.c Buffer_Overflow_Indexes 147 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21053 153655/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21054 153655/color.c Buffer_Overflow_Indexes 174 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21055 153655/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&tanghin_sunsetty,"MOLDS_BABAYLAN"); stonesoup_printf("%s\n",stonesoup_buffer_stack); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer_stack); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21056 153655/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&tanghin_sunsetty,"MOLDS_BABAYLAN"); if (tanghin_sunsetty != 0) {; cereus_albatrosses = ((char *)tanghin_sunsetty); sprintf(stonesoup_buffer_stack,cereus_albatrosses); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_buffer_stack", stonesoup_buffer_stack, "TRIGGER-STATE"); stonesoup_printf("%s\n",stonesoup_buffer_stack); if (tanghin_sunsetty != 0) free(((char *)tanghin_sunsetty)); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 21057 153655/color.c Buffer_Overflow_Indexes 176 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21058 153655/color.c Buffer_Overflow_cpycat 233 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21059 153655/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21060 153655/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21061 153655/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21062 153655/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21063 153655/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21064 153655/color.c Buffer_Overflow_cpycat 366 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21065 153655/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21066 153655/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21067 153655/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21068 153655/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21069 153655/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21070 153655/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21071 153655/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21072 153655/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21073 153655/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21074 153655/color.c Buffer_Overflow_cpycat 190 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21075 153655/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21076 153655/color.c Buffer_Overflow_cpycat 345 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21077 153655/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21078 153655/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21079 153655/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21080 153655/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21081 153655/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21082 153748/color.c Buffer_Overflow_Indexes 169 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21083 153748/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21084 153748/color.c Buffer_Overflow_Indexes 171 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21085 153748/color.c Buffer_Overflow_cpycat 200 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21086 153748/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21087 153748/color.c Buffer_Overflow_cpycat 340 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21088 153748/color.c Buffer_Overflow_cpycat 277 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21089 153748/color.c Buffer_Overflow_cpycat 263 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21090 153748/color.c Buffer_Overflow_cpycat 256 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21091 153748/color.c Buffer_Overflow_cpycat 193 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21092 153748/color.c Buffer_Overflow_cpycat 207 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21093 153748/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21094 153748/color.c Buffer_Overflow_cpycat 270 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21095 153748/color.c Buffer_Overflow_cpycat 298 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21096 153748/color.c Buffer_Overflow_cpycat 305 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21097 153748/color.c Buffer_Overflow_cpycat 228 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21098 153748/color.c Buffer_Overflow_cpycat 312 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21099 153748/color.c Buffer_Overflow_cpycat 284 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21100 153748/color.c Buffer_Overflow_cpycat 249 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21101 153748/color.c Buffer_Overflow_cpycat 242 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21102 153748/color.c Buffer_Overflow_cpycat 235 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21103 153748/color.c Buffer_Overflow_cpycat 333 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21104 153748/color.c Buffer_Overflow_cpycat 291 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21105 153748/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21106 153748/color.c Buffer_Overflow_cpycat 341 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21107 153748/color.c Buffer_Overflow_cpycat 361 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21108 153748/color.c Buffer_Overflow_cpycat 185 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21109 153049/subtrans.c Buffer_Overflow_Indexes 75 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); ROLOWAY_CAUCUSES(micrifying_agagianian); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21110 153049/subtrans.c Buffer_Overflow_Indexes 266 multifarously_moundwork = getenv("LAIRDSHIP_ENTHRALDOM"); if (multifarously_moundwork != 0) {; mawson_psychedelia = &multifarously_moundwork; micrifying_agagianian = ((char **)(((unsigned long )mawson_psychedelia) * enshrouded_keeslip * enshrouded_keeslip)) + 5; ROLOWAY_CAUCUSES(micrifying_agagianian); void brassicaceous_chargeman(char **unspinning_unindoctrinated) ROLOWAY_CAUCUSES(micrifying_agagianian); depressing_mirthsome = ((char *)( *(unspinning_unindoctrinated - 5))); if (strlen(depressing_mirthsome) < 20) {; realpath(depressing_mirthsome, stonesoup_buff); 0 --------------------------------- 21111 153763/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21112 153763/color.c Buffer_Overflow_Indexes 188 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21113 153763/color.c Buffer_Overflow_Indexes 186 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21114 153763/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&colation_prosecutes,"ODESSA_POLYGONALLY"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21115 153763/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&colation_prosecutes,"ODESSA_POLYGONALLY"); if (colation_prosecutes != 0) {; waxy_shechina = ((char *)colation_prosecutes); stonesoup_taint_len = ((int )(strlen(waxy_shechina))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_data->buffer[stonesoup_buff_size] = waxy_shechina[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); if (colation_prosecutes != 0) free(((char *)colation_prosecutes)); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); 1 --------------------------------- 21116 153763/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21117 153763/color.c Buffer_Overflow_cpycat 378 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21118 153763/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21119 153763/color.c Buffer_Overflow_cpycat 358 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21120 153763/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21121 153763/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21122 153763/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21123 153763/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21124 153763/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21125 153763/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21126 153763/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21127 153763/color.c Buffer_Overflow_cpycat 357 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21128 153763/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21129 153763/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21130 153763/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21131 153763/color.c Buffer_Overflow_cpycat 350 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21132 153763/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21133 153763/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21134 153763/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21135 153763/color.c Buffer_Overflow_cpycat 202 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21136 153763/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21137 153763/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21138 153763/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21139 153763/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21140 153275/column.c Buffer_Overflow_Indexes 93 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21141 153507/color.c Buffer_Overflow_scanf 154 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; sscanf(param,"%p",&fct_ptr_addr); void stonesoup_handle_taint(char *nonreliably_vetchiest) indeprivability_misandry = ((char *)nonreliably_vetchiest); stonesoup_fp = stonesoup_switch_func(indeprivability_misandry); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 21142 153507/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21143 153507/color.c Buffer_Overflow_Indexes 178 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21144 153507/color.c Buffer_Overflow_Indexes 176 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21145 153507/color.c Buffer_Overflow_cpycat 340 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21146 153507/color.c Buffer_Overflow_cpycat 305 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21147 153507/color.c Buffer_Overflow_cpycat 214 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21148 153507/color.c Buffer_Overflow_cpycat 192 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21149 153507/color.c Buffer_Overflow_cpycat 284 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21150 153507/color.c Buffer_Overflow_cpycat 256 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21151 153507/color.c Buffer_Overflow_cpycat 242 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21152 153507/color.c Buffer_Overflow_cpycat 298 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21153 153507/color.c Buffer_Overflow_cpycat 270 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21154 153507/color.c Buffer_Overflow_cpycat 368 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21155 153507/color.c Buffer_Overflow_cpycat 249 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21156 153507/color.c Buffer_Overflow_cpycat 333 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21157 153507/color.c Buffer_Overflow_cpycat 277 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21158 153507/color.c Buffer_Overflow_cpycat 207 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21159 153507/color.c Buffer_Overflow_cpycat 291 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21160 153507/color.c Buffer_Overflow_cpycat 200 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21161 153507/color.c Buffer_Overflow_cpycat 312 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21162 153507/color.c Buffer_Overflow_cpycat 235 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21163 153507/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21164 153507/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21165 153507/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21166 153507/color.c Buffer_Overflow_cpycat 263 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21167 153507/color.c Buffer_Overflow_cpycat 348 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21168 153507/color.c Buffer_Overflow_cpycat 347 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21169 1309/txt-dns-file-bad.c Buffer_Overflow_LowBound 328 status = dn_expand(data, data + len, p + 2, host, l = strlen(host) + 1; host, l); status = dn_expand(data, data + len, p + 6, host, l = strlen(host) + 1; host, l); (*rr)->rr_u.rr_txt = (char *) xalloc(size + 1); (*rr)->rr_u.rr_data = (unsigned char*) xalloc(size); unsigned char reply[1024]; len = read_record_from_file(reply, sizeof(reply)); len = res_search(domain, rr_class, rr_type, reply, sizeof reply); r = parse_dns_reply(reply, len); unsigned char *data; char host[MAXHOSTNAMELEN]; p = data; memcpy((void *) &r->dns_r_h, (void *) p, (size_t) sizeof(HEADER)); p += sizeof(HEADER); strcpy(host, "LL.MIT.EDU"); status = strlen(host); r->dns_r_q.dns_q_domain = (char *) strdup(host); p += status; GETSHORT(r->dns_r_q.dns_q_type, p); GETSHORT(r->dns_r_q.dns_q_class, p); (*rr)->rr_domain = (char *) strdup(host); status = dn_expand(data, data + len, p, host, (*rr)->rr_u.rr_txt = (char *) strdup(host); strcpy(host,"BLAH.MIT.EDU"); status = strlen(host); printf("status returned = %d\n", status); p += status; GETSHORT(size, p); (*rr)->rr_u.rr_mx->mx_r_preference = (p[0] << 8) | p[1]; (*rr)->rr_u.rr_srv->srv_r_priority = (p[0] << 8) | p[1]; (*rr)->rr_u.rr_srv->srv_r_weight = (p[2] << 8) | p[3]; (*rr)->rr_u.rr_srv->srv_r_port = (p[4] << 8) | p[5]; p += size; GETSHORT(type, p); GETLONG(ttl, p); GETSHORT(size, p); (void) strncpy((*rr)->rr_u.rr_txt, (char*) p + 1, *p); void *xalloc(size_t sz); printf("Copying %d bytes into a buffer of size %d!!!\n", *p, size+1); p += size; GETSHORT(type, p); GETLONG(ttl, p); GETSHORT(size, p); (void) strncpy((*rr)->rr_u.rr_txt, (char*) p + 1, *p); size_t strlcpy(char *, const char *, size_t); strcpy(host,"BLAH.MIT.EDU"); status = strlen(host); printf("status returned = %d\n", status); p += status; GETSHORT(type, p); GETLONG(ttl, p); GETSHORT(size, p); (void) strncpy((*rr)->rr_u.rr_txt, (char*) p + 1, *p); int read_record_from_file(unsigned char *, int); r = parse_dns_reply(reply, len); unsigned char *data; p = data; GETSHORT(r->dns_r_q.dns_q_type, p); GETSHORT(r->dns_r_q.dns_q_class, p); GETSHORT(type, p); GETLONG(ttl, p); GETSHORT(size, p); (void) strncpy((*rr)->rr_u.rr_txt, (char*) p + 1, *p); 1 --------------------------------- 21170 1309/txt-dns-file-bad.c Buffer_Overflow_cpycat 216 char host[MAXHOSTNAMELEN]; strcpy(host, "LL.MIT.EDU"); status = strlen(host); r->dns_r_q.dns_q_domain = (char *) strdup(host); strcpy(host,"BLAH.MIT.EDU"); (*rr)->rr_domain = (char *) strdup(host); strcpy(host,"BLAH.MIT.EDU"); status = dn_expand(data, data + len, p, host, (*rr)->rr_u.rr_txt = (char *) strdup(host); strcpy(host,"BLAH.MIT.EDU"); status = dn_expand(data, data + len, p + 2, host, l = strlen(host) + 1; host, l); status = dn_expand(data, data + len, p + 6, host, l = strlen(host) + 1; host, l); size_t strlcpy(char *, const char *, size_t); strcpy(host,"BLAH.MIT.EDU"); status = strlen(host); strcpy(host,"BLAH.MIT.EDU"); 0 --------------------------------- 21171 153129/color.c Buffer_Overflow_Indexes 165 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21172 153129/color.c Buffer_Overflow_Indexes 167 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21173 153129/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21174 153129/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21175 153129/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21176 153129/color.c Buffer_Overflow_cpycat 336 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21177 153129/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21178 153129/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21179 153129/color.c Buffer_Overflow_cpycat 357 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21180 153129/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21181 153129/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21182 153129/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21183 153129/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21184 153129/color.c Buffer_Overflow_cpycat 181 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21185 153129/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21186 153129/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21187 153129/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21188 153129/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21189 153129/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21190 153129/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21191 153129/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21192 153129/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21193 153129/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21194 153129/color.c Buffer_Overflow_cpycat 337 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21195 153129/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21196 153129/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21197 153129/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21198 153100/color.c Buffer_Overflow_Indexes 154 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21199 153100/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21200 153100/color.c Buffer_Overflow_Indexes 544 mesoprescutal_relaxable = getenv("SHOTTED_SINNAMAHONING"); if (mesoprescutal_relaxable != 0) {; quartzitic_calpacs = ((char *)mesoprescutal_relaxable); strcpy(stonesoup_heap_buffer_64, quartzitic_calpacs); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "CROSSOVER-STATE"); for (; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "FINAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "FINAL-STATE"); 0 --------------------------------- 21201 153100/color.c Buffer_Overflow_Indexes 156 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21202 153100/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21203 153100/color.c Buffer_Overflow_cpycat 170 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21204 153100/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21205 153100/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21206 153100/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21207 153100/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21208 153100/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21209 153100/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21210 153100/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21211 153100/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21212 153100/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21213 153100/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21214 153100/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21215 153100/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21216 153100/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21217 153100/color.c Buffer_Overflow_cpycat 346 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21218 153100/color.c Buffer_Overflow_cpycat 557 mesoprescutal_relaxable = getenv("SHOTTED_SINNAMAHONING"); quartzitic_calpacs = ((char *)mesoprescutal_relaxable); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, quartzitic_calpacs); 1 --------------------------------- 21219 153100/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21220 153100/color.c Buffer_Overflow_cpycat 325 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21221 153100/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21222 153100/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21223 153100/color.c Buffer_Overflow_cpycat 192 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21224 153100/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21225 153100/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21226 153100/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21227 153611/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21228 153611/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21229 149045/fmt-bad.c Buffer_Overflow_Indexes 19 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) printf(str); 1 --------------------------------- 21230 153187/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21231 153187/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21232 153255/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21233 153255/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21234 1335/threaded_memccpy_bad1.c Buffer_Overflow_Indexes 39 int main(int argc, char *argv[]) if(argc > 1) tin[1] = argv[1]; int rc = pthread_create(&tids[0], NULL, foo, (void *)tin); 0 --------------------------------- 21235 153582/avfilter.c Buffer_Overflow_Indexes 163 worship_bridesman = getenv("HOOL_NONCARTELIZED"); if (worship_bridesman != 0) {; anisotropically_orientality . evendown_vicing = worship_bridesman; dowdy_sofa = &anisotropically_orientality; MEDIZE_MEMORYLESS(dowdy_sofa); void zygion_assmannshausen(union adenous_satsuma *gynecomazia_cultured) MEDIZE_MEMORYLESS(dowdy_sofa); 0 --------------------------------- 21236 153582/avfilter.c Buffer_Overflow_Indexes 58 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); MEDIZE_MEMORYLESS(dowdy_sofa); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21237 153582/avfilter.c Buffer_Overflow_LowBound 107 av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); 0 --------------------------------- 21238 153582/avfilter.c Buffer_Overflow_cpycat 874 char stonesoup_stack_buffer_64[64]; hirples_vindices = ((char *)( *gynecomazia_cultured) . evendown_vicing); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,hirples_vindices); 1 --------------------------------- 21239 153647/aviobuf.c Buffer_Overflow_Indexes 985 bassus_agrestian = getenv("PORPHYRIZED_AREAD"); if (bassus_agrestian != 0) {; foreprize_chiromegaly = ((int )(strlen(bassus_agrestian))); alcaldes_scevor = ((char *)(malloc(foreprize_chiromegaly + 1))); if (alcaldes_scevor == 0) { memset(alcaldes_scevor,0,foreprize_chiromegaly + 1); memcpy(alcaldes_scevor,bassus_agrestian,foreprize_chiromegaly); entrench_babyfied(alcaldes_scevor); void entrench_babyfied(char *const gauzily_sass); 0 --------------------------------- 21240 153647/aviobuf.c Buffer_Overflow_Indexes 54 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 21241 153647/aviobuf.c Buffer_Overflow_LowBound 1040 int avio_printf(AVIOContext *s,const char *fmt,... ) va_list ap; char buf[4096]; __builtin_va_start(ap,fmt); ret = vsnprintf(buf,sizeof(buf),fmt,ap); 0 --------------------------------- 21242 1607/scpy5-bad.c Buffer_Overflow_Indexes 51 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), 80); shortstr(char *p, int n, int targ) if(n > targ) return shortstr(p+1, n-1, targ); return p; return shortstr(p+1, n-1, targ); str2 = shortstr(userstr, strlen(userstr), 80); test(str2); test(char *str) strcpy(buf, str); printf("result: %s\n", buf); 1 --------------------------------- 21243 1607/scpy5-bad.c Buffer_Overflow_cpycat 46 shortstr(char *p, int n, int targ) return shortstr(p+1, n-1, targ); return p; return shortstr(p+1, n-1, targ); char buf[MAXSIZE]; strcpy(buf, str); str2 = shortstr(userstr, strlen(userstr), 80); test(str2); test(char *str) strcpy(buf, str); main(int argc, char **argv) userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), 80); 1 --------------------------------- 21244 149111/fmt_string_local_container-bad.c Buffer_Overflow_Indexes 24 int main(int argc, char *argv[]) if (argc > 1) { strncpy(container.fmt, argv[1],MAX_SIZE-1); 0 --------------------------------- 21245 149111/fmt_string_local_container-bad.c Buffer_Overflow_LowBound 28 strncpy(container.fmt, argv[1],MAX_SIZE-1); 0 --------------------------------- 21246 153119/bufmgr.c Buffer_Overflow_Indexes 164 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&capotastos_yasuo,"PROMISE_UNTRIUMPHANTLY"); if (capotastos_yasuo != 0) {; schuit_ccitt . uncumbrously_silone = ((char *)capotastos_yasuo); inbreathed_decentralist = &schuit_ccitt; 0 --------------------------------- 21247 153119/bufmgr.c Buffer_Overflow_Indexes 159 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21248 153119/bufmgr.c Buffer_Overflow_Indexes 118 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&capotastos_yasuo,"PROMISE_UNTRIUMPHANTLY"); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21249 153119/bufmgr.c Buffer_Overflow_cpycat 1054 char stonesoup_stack_buffer_64[64]; yowie_wastable = ((char *)( *inbreathed_decentralist) . uncumbrously_silone); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,yowie_wastable); 1 --------------------------------- 21250 152873/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21251 152873/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21252 153262/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("%s\n",stonesoup_buffer_stack); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer_stack); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21253 153262/color.c Buffer_Overflow_Indexes 535 hagiolater_gardenia = getenv("BRIBEWORTHY_SUFFISANCE"); if (hagiolater_gardenia != 0) {; bertina_mishandle = ((char *)hagiolater_gardenia); sprintf(stonesoup_buffer_stack,bertina_mishandle); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_buffer_stack", stonesoup_buffer_stack, "TRIGGER-STATE"); stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 21254 153262/color.c Buffer_Overflow_Indexes 147 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21255 153262/color.c Buffer_Overflow_Indexes 149 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21256 153262/color.c Buffer_Overflow_cpycat 318 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21257 153262/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21258 153262/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21259 153262/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21260 153262/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21261 153262/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21262 153262/color.c Buffer_Overflow_cpycat 171 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21263 153262/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21264 153262/color.c Buffer_Overflow_cpycat 339 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21265 153262/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21266 153262/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21267 153262/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21268 153262/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21269 153262/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21270 153262/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21271 153262/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21272 153262/color.c Buffer_Overflow_cpycat 206 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21273 153262/color.c Buffer_Overflow_cpycat 163 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21274 153262/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21275 153262/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21276 153262/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21277 153262/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21278 153262/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21279 153262/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21280 153306/error.c Buffer_Overflow_Indexes 120 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21281 153306/error.c Buffer_Overflow_cpycat 699 whisperable_discutable = ((char *)approximative_stewed . holabird_salinometer); stonesoup_buffer = malloc((strlen(whisperable_discutable) + 1) * sizeof(char )); strcpy(stonesoup_buffer,whisperable_discutable); 0 --------------------------------- 21282 153390/hashfn.c Buffer_Overflow_Indexes 183 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 21283 153390/hashfn.c Buffer_Overflow_Indexes 81 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21284 152966/main_filter_toolbar.c Buffer_Overflow_Indexes 119 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21285 152966/main_filter_toolbar.c Buffer_Overflow_cpycat 457 void dominionism_gossipmonger(int barotseland_hih,destructors_maru *yaounde_aedility) fofarraw_tritural = ((char *)( *(yaounde_aedility - 5))); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, fofarraw_tritural); 1 --------------------------------- 21286 153502/conf_mod.c Buffer_Overflow_scanf 184 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&overassertion_natally,"2015",barbadian_nonconstruable); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21287 153502/conf_mod.c Buffer_Overflow_Indexes 182 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21288 153502/conf_mod.c Buffer_Overflow_Indexes 136 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&overassertion_natally,"2015",barbadian_nonconstruable); just_nahane(toom_wallpapers); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(billye_scandaliser)); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(billye_scandaliser)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21289 153502/conf_mod.c Buffer_Overflow_Indexes 602 file = getenv("OPENSSL_CONF"); if (file) { return BUF_strdup(file); file = CONF_get1_default_config_file(); if (!file) { if (NCONF_load(conf,file,((void *)0)) <= 0) { CRYPTO_free(file); 0 --------------------------------- 21290 153355/subtrans.c Buffer_Overflow_Indexes 121 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&blurry_pyrographies,"UNQUALIFIABLE_BILLITON"); if (blurry_pyrographies != 0) {; muggletonian_scaphism = ((void *)blurry_pyrographies); impetrated_ossicular(muggletonian_scaphism); void impetrated_ossicular(void *const properdin_chieftaincies); 0 --------------------------------- 21291 153355/subtrans.c Buffer_Overflow_Indexes 75 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21292 153355/subtrans.c Buffer_Overflow_Indexes 116 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21293 153355/subtrans.c Buffer_Overflow_LowBound 498 void preoverthrew_zilvia(void *forthcome_cathedras) traceable_unserene(forthcome_cathedras); void traceable_unserene(void *acetophenine_hornlike) solemnly_mensa = ((char *)((char *)((void *)acetophenine_hornlike))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(solemnly_mensa)+1, solemnly_mensa, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, solemnly_mensa, strlen(solemnly_mensa) + 1); 1 --------------------------------- 21294 153239/color.c Buffer_Overflow_Indexes 173 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21295 153239/color.c Buffer_Overflow_Indexes 175 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21296 153239/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21297 153239/color.c Buffer_Overflow_LowBound 593 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, arenose_hydras, stonesoup_buffer_len); 0 --------------------------------- 21298 153239/color.c Buffer_Overflow_LowBound 618 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, arenose_hydras, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, arenose_hydras, stonesoup_buffer_len); void stonesoup_handle_taint(char *cardiorenal_gobbin) arenose_hydras = ((char *)cardiorenal_gobbin); strncpy(stonesoup_buffer, arenose_hydras, stonesoup_buffer_len); strncpy(stonesoup_buffer, arenose_hydras, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, arenose_hydras, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, arenose_hydras, stonesoup_buffer_len); 1 --------------------------------- 21299 153239/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21300 153239/color.c Buffer_Overflow_cpycat 365 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21301 153239/color.c Buffer_Overflow_cpycat 189 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21302 153239/color.c Buffer_Overflow_cpycat 330 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21303 153239/color.c Buffer_Overflow_cpycat 267 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21304 153239/color.c Buffer_Overflow_cpycat 239 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21305 153239/color.c Buffer_Overflow_cpycat 204 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21306 153239/color.c Buffer_Overflow_cpycat 344 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21307 153239/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21308 153239/color.c Buffer_Overflow_cpycat 337 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21309 153239/color.c Buffer_Overflow_cpycat 302 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21310 153239/color.c Buffer_Overflow_cpycat 260 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21311 153239/color.c Buffer_Overflow_cpycat 309 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21312 153239/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21313 153239/color.c Buffer_Overflow_cpycat 197 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21314 153239/color.c Buffer_Overflow_cpycat 281 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21315 153239/color.c Buffer_Overflow_cpycat 211 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21316 153239/color.c Buffer_Overflow_cpycat 274 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21317 153239/color.c Buffer_Overflow_cpycat 246 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21318 153239/color.c Buffer_Overflow_cpycat 288 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21319 153239/color.c Buffer_Overflow_cpycat 295 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21320 153239/color.c Buffer_Overflow_cpycat 323 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21321 153239/color.c Buffer_Overflow_cpycat 316 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21322 153239/color.c Buffer_Overflow_cpycat 253 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21323 153271/types.c Buffer_Overflow_scanf 95 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&gwenda_corsica,"9804",bathonian_repoint); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21324 153271/types.c Buffer_Overflow_Indexes 93 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21325 153271/types.c Buffer_Overflow_Indexes 47 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&gwenda_corsica,"9804",bathonian_repoint); ohare_condylopod = strummer_romanas(gwenda_corsica); stonesoup_toupper(stonesoup_data.base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21326 153358/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21327 153358/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21328 152917/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21329 152917/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21330 153376/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21331 153376/color.c Buffer_Overflow_Indexes 165 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21332 153376/color.c Buffer_Overflow_Indexes 163 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21333 153376/color.c Buffer_Overflow_cpycat 229 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21334 153376/color.c Buffer_Overflow_cpycat 187 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21335 153376/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21336 153376/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21337 153376/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21338 153376/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21339 153376/color.c Buffer_Overflow_cpycat 334 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21340 153376/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21341 153376/color.c Buffer_Overflow_cpycat 179 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21342 153376/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21343 153376/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21344 153376/color.c Buffer_Overflow_cpycat 194 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21345 153376/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21346 153376/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21347 153376/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21348 153376/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21349 153376/color.c Buffer_Overflow_cpycat 355 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21350 153376/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21351 153376/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21352 153376/color.c Buffer_Overflow_cpycat 214 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21353 153376/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21354 153376/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21355 153376/color.c Buffer_Overflow_cpycat 201 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21356 153376/color.c Buffer_Overflow_cpycat 222 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21357 153498/mem_dbg.c Buffer_Overflow_Indexes 212 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&deciatine_gotthard,"NONPECUNIARY_MELVERN"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_toupper(stonesoup_data.base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21358 153498/mem_dbg.c Buffer_Overflow_Indexes 253 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21359 153498/mem_dbg.c Buffer_Overflow_Indexes 258 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&deciatine_gotthard,"NONPECUNIARY_MELVERN"); if (deciatine_gotthard != 0) {; fluoresceine_proration = ((int )(strlen(deciatine_gotthard))); wilt_snot = ((char *)(malloc(fluoresceine_proration + 1))); if (wilt_snot == 0) { memset(wilt_snot,0,fluoresceine_proration + 1); memcpy(wilt_snot,deciatine_gotthard,fluoresceine_proration); if (deciatine_gotthard != 0) free(((char *)deciatine_gotthard)); birchman_infrequency[5] = wilt_snot; centauromachia_electing = *(birchman_infrequency + *cadelle_aldabra); jade_theines = ((char *)centauromachia_electing); if (strlen(jade_theines) < 20) { realpath(jade_theines, stonesoup_data.base_path); if (centauromachia_electing != 0) free(((char *)centauromachia_electing)); 0 --------------------------------- 21360 153474/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21361 153474/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21362 153333/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21363 153333/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21364 153228/cryptlib.c Buffer_Overflow_Indexes 682 if (env = getenv("OPENSSL_ia32cap")) { int off = env[0] == '~'?1 : 0; 0 --------------------------------- 21365 153228/cryptlib.c Buffer_Overflow_Indexes 162 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21366 153228/cryptlib.c Buffer_Overflow_Indexes 569 cohobated_corotating = getenv("DONSY_UNMACHO"); if (cohobated_corotating != 0) {; unchurchly_apophlegmatic = cohobated_corotating; deste_leddy[5] = unchurchly_apophlegmatic; valentines_oversweet = *(deste_leddy + *streambed_halch); carthamin_renominate = ((char *)valentines_oversweet); strncpy(stonesoup_source, carthamin_renominate, sizeof(stonesoup_source)); 0 --------------------------------- 21367 153228/cryptlib.c Buffer_Overflow_LowBound 593 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 21368 153228/cryptlib.c Buffer_Overflow_LowBound 584 char stonesoup_source[1024]; cohobated_corotating = getenv("DONSY_UNMACHO"); unchurchly_apophlegmatic = cohobated_corotating; deste_leddy[5] = unchurchly_apophlegmatic; intarsia_stashie = 5; streambed_halch = &intarsia_stashie; valentines_oversweet = *(deste_leddy + *streambed_halch); carthamin_renominate = ((char *)valentines_oversweet); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, carthamin_renominate, sizeof(stonesoup_source)); 0 --------------------------------- 21369 153408/heapam.c Buffer_Overflow_scanf 148 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&lanista_hola,"3649",cacodemoniac_domineering); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21370 153408/heapam.c Buffer_Overflow_Indexes 100 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21371 153408/heapam.c Buffer_Overflow_Indexes 146 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21372 153495/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21373 153495/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21374 153363/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21375 153363/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21376 300/basic-00047-med.c Buffer_Overflow_LowBound 60 char buf[10]; src[18 - 1] = '\0'; strncpy(buf, src, 18); 1 --------------------------------- 21377 153259/emem.c Buffer_Overflow_Indexes 318 se_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_SE_NO_CHUNKS") == ((void *)0); se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 21378 153259/emem.c Buffer_Overflow_Indexes 320 se_packet_mem . debug_verify_pointers = getenv("WIRESHARK_SE_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 21379 153259/emem.c Buffer_Overflow_Indexes 1531 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1872))); 0 --------------------------------- 21380 153259/emem.c Buffer_Overflow_Indexes 319 se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 21381 153259/emem.c Buffer_Overflow_Indexes 167 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21382 153259/emem.c Buffer_Overflow_Indexes 1548 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1890))); 0 --------------------------------- 21383 153259/emem.c Buffer_Overflow_Indexes 302 ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 21384 153259/emem.c Buffer_Overflow_Indexes 301 ep_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_EP_NO_CHUNKS") == ((void *)0); ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 21385 153259/emem.c Buffer_Overflow_Indexes 1566 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1909))); 0 --------------------------------- 21386 153259/emem.c Buffer_Overflow_Indexes 1126 outbanter_laggins = getenv("ROUMELIOTE_DEADWOOD"); if (outbanter_laggins != 0) {; pleiomerous_memorate = ((void *)outbanter_laggins); potiphar_tropia = &pleiomerous_memorate; telergic_rethreaded(colourlessness_magnetooptics,potiphar_tropia); void telergic_rethreaded(int unbrutelike_linwood,void **colluder_dextroduction); 0 --------------------------------- 21387 153259/emem.c Buffer_Overflow_Indexes 1601 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1945))); 0 --------------------------------- 21388 153259/emem.c Buffer_Overflow_Indexes 1583 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1926))); 0 --------------------------------- 21389 153259/emem.c Buffer_Overflow_Indexes 303 ep_packet_mem . debug_verify_pointers = getenv("WIRESHARK_EP_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 21390 153259/emem.c Buffer_Overflow_Indexes 1516 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1856))); 0 --------------------------------- 21391 153196/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21392 153196/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21393 152895/color.c Buffer_Overflow_Indexes 154 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21394 152895/color.c Buffer_Overflow_Indexes 156 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21395 152895/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21396 152895/color.c Buffer_Overflow_Indexes 545 pinnulae_toldo = getenv("JUNCTION_COITUS"); if (pinnulae_toldo != 0) {; hysteromorphous_poter = ((char *)pinnulae_toldo); stonesoup_taint_len = ((int )(strlen(hysteromorphous_poter))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_heap_buff_64[stonesoup_buff_size] = hysteromorphous_poter[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "FINAL-STATE"); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); 1 --------------------------------- 21397 152895/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21398 152895/color.c Buffer_Overflow_cpycat 170 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21399 152895/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21400 152895/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21401 152895/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21402 152895/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21403 152895/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21404 152895/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21405 152895/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21406 152895/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21407 152895/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21408 152895/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21409 152895/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21410 152895/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21411 152895/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21412 152895/color.c Buffer_Overflow_cpycat 346 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21413 152895/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21414 152895/color.c Buffer_Overflow_cpycat 325 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21415 152895/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21416 152895/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21417 152895/color.c Buffer_Overflow_cpycat 192 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21418 152895/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21419 152895/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21420 152895/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21421 153158/resowner.c Buffer_Overflow_Indexes 138 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21422 153158/resowner.c Buffer_Overflow_Indexes 681 excepable_undercarry = getenv("LUMINESCE_SERVOLAB"); if (excepable_undercarry != 0) {; lawfully_sphygmoid = ((void *)excepable_undercarry); marigolde_shrimper[ *( *( *( *( *( *( *( *( *( *iodoxybenzene_blurting)))))))))] = lawfully_sphygmoid; benni_bedsore = marigolde_shrimper[ *( *( *( *( *( *( *( *( *( *iodoxybenzene_blurting)))))))))]; loggets_cobleman = ((char *)((char *)benni_bedsore)); if (strlen(loggets_cobleman) < 20) {; realpath(loggets_cobleman, stonesoup_data->base_path); 0 --------------------------------- 21423 149113/fmt_string_local_control_flow-bad.c Buffer_Overflow_Indexes 29 int main(int argc, char *argv[]) if (argc > 1) { func(argv[1]); 0 --------------------------------- 21424 152870/stream.c Buffer_Overflow_Indexes 123 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&concentration_bottega,"NORRY_DACTYLOMEGALY"); if (concentration_bottega != 0) {; radiodontic_bustiest = concentration_bottega; gratulated_exon(1,radiodontic_bustiest); void gratulated_exon(int porcelanic_pyelogram,... ) 0 --------------------------------- 21425 152870/stream.c Buffer_Overflow_Indexes 118 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21426 152870/stream.c Buffer_Overflow_Indexes 77 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&concentration_bottega,"NORRY_DACTYLOMEGALY"); gratulated_exon(1,radiodontic_bustiest); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21427 152870/stream.c Buffer_Overflow_cpycat 1822 char stonesoup_stack_buffer_64[64]; babyfied_volubleness coelenterata_detruded = 0; va_list anglophone_daemonurgist; __builtin_va_start(anglophone_daemonurgist,porcelanic_pyelogram); coelenterata_detruded = (va_arg(anglophone_daemonurgist,babyfied_volubleness )); dewing_tong = ((char *)coelenterata_detruded); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,dewing_tong); 1 --------------------------------- 21428 153176/stream.c Buffer_Overflow_scanf 126 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&moonsick_polycoccous,"1958",shagreened_hoffer); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21429 153176/stream.c Buffer_Overflow_Indexes 124 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21430 153176/stream.c Buffer_Overflow_Indexes 78 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&moonsick_polycoccous,"1958",shagreened_hoffer); unconsigned_chinpiece = schorlous_martelli(mentorism_stromal); BURRIEST_MORPHOGENESES(unconsigned_chinpiece); stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21431 153176/stream.c Buffer_Overflow_cpycat 1833 unconsigned_chinpiece = schorlous_martelli(mentorism_stromal); BURRIEST_MORPHOGENESES(unconsigned_chinpiece); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, redoubtableness_podical); void kenyan_brahmi(verbalizes_countdowns pasithea_trophonian) redoubtableness_podical = ((char *)pasithea_trophonian); strcpy(stonesoup_data.buffer, redoubtableness_podical); 1 --------------------------------- 21432 153590/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21433 153590/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21434 832/basic-00180-med.c Buffer_Overflow_Indexes 51 int main(int argc, char *argv[]) if ((argc < 5) || (atoi(argv[3]) > 17)) buf[atoi(argv[3])] = 'A'; 1 --------------------------------- 21435 153466/subtrans.c Buffer_Overflow_scanf 125 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&monospermal_desc,"4415",overlightheaded_iridization); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21436 153466/subtrans.c Buffer_Overflow_Indexes 123 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21437 153466/subtrans.c Buffer_Overflow_Indexes 77 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21438 153309/mux.c Buffer_Overflow_Indexes 84 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21439 153309/mux.c Buffer_Overflow_Indexes 462 sucury_sagaponack = getenv("GUMPTIONS_UTTERMOST"); if (sucury_sagaponack != 0) {; balladries_rowley . trunkful_fibrocystoma = sucury_sagaponack; propos_neurobiologist = &balladries_rowley; impartment_carnalizing = propos_neurobiologist + 5; 0 --------------------------------- 21440 153309/mux.c Buffer_Overflow_LowBound 501 braxies_contralateral = ((char *)( *(impartment_carnalizing - 5)) . trunkful_fibrocystoma); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, braxies_contralateral, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, braxies_contralateral, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, braxies_contralateral, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, braxies_contralateral, stonesoup_buffer_len); 1 --------------------------------- 21441 153309/mux.c Buffer_Overflow_LowBound 476 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, braxies_contralateral, stonesoup_buffer_len); 0 --------------------------------- 21442 153000/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&antielectron_hystericky,"4528",caving_preultimate); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21443 153000/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&antielectron_hystericky,"4528",caving_preultimate); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); s stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21444 153000/color.c Buffer_Overflow_Indexes 179 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21445 153000/color.c Buffer_Overflow_Indexes 181 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21446 153000/color.c Buffer_Overflow_Indexes 574 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 21447 153000/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21448 153000/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21449 153000/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21450 153000/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21451 153000/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21452 153000/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21453 153000/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21454 153000/color.c Buffer_Overflow_cpycat 195 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21455 153000/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21456 153000/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21457 153000/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21458 153000/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21459 153000/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21460 153000/color.c Buffer_Overflow_cpycat 371 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21461 153000/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21462 153000/color.c Buffer_Overflow_cpycat 351 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21463 153000/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21464 153000/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21465 153000/color.c Buffer_Overflow_cpycat 350 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21466 153000/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21467 153000/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21468 153000/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21469 153000/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21470 153000/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21471 153000/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21472 153074/utils.c Buffer_Overflow_Indexes 75 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21473 153074/utils.c Buffer_Overflow_Indexes 841 understriding_adesmy = getenv("OPTIMISED_ORBICULARLY"); if (understriding_adesmy != 0) {; sesuvium_christmasing . creachy_presubsistent = understriding_adesmy; if (sesuvium_christmasing . creachy_presubsistent != 0) { cacatua_citable = ((char *)sesuvium_christmasing . creachy_presubsistent); strcpy(stonesoup_data->buffer, cacatua_citable); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); for (; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); 1 --------------------------------- 21474 153074/utils.c Buffer_Overflow_LowBound 4418 int ff_url_join(char *str,int size,const char *proto,const char *authorization,const char *hostname,int port,const char *fmt,... ) str[0] = '\0'; av_strlcatf(str,size,"%s: av_strlcatf(str,size,"%s@",authorization); av_strlcat(str,"[",size); av_strlcat(str,hostname,size); av_strlcat(str,"]",size); av_strlcat(str,hostname,size); av_strlcat(str,hostname,size); av_strlcatf(str,size,":%d",port); va_list vl; int len = (strlen(str)); __builtin_va_start(vl,fmt); vsnprintf(str + len,(size > len?size - len : 0),fmt,vl); 0 --------------------------------- 21475 153074/utils.c Buffer_Overflow_LowBound 3976 return av_guess_format("image2",((void *)0),((void *)0)); return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if (!av_filename_number_test(filename)) { char buf1[20]; nd = 0; while(av_isdigit(( *p))){ c = *(p++); nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); memcpy(q,buf1,len); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); int av_probe_input_buffer(AVIOContext *pb,AVInputFormat **fmt,const char *filename,void *logctx,unsigned int offset,unsigned int max_probe_size) if (!av_filename_number_test(filename)) { int av_filename_number_test(const char *filename) return filename && av_get_frame_filename(buf,(sizeof(buf)),filename,1) >= 0; int av_get_frame_filename(char *buf,int buf_size,const char *path,int number) p = path; c = *(p++); nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); static int init_input(AVFormatContext *s,const char *filename,AVDictionary **options) if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { if (!av_filename_number_test(filename)) { AVOutputFormat *av_guess_format(const char *short_name,const char *filename,const char *mime_type) if (!short_name && filename && av_filename_number_test(filename) && (ff_guess_image2_codec(filename)) != AV_CODEC_ID_NONE) { int avformat_open_input(AVFormatContext **ps,const char *filename,AVInputFormat *fmt,AVDictionary **options) if ((ret = init_input(s,filename,&tmp)) < 0) { 0 --------------------------------- 21476 153074/utils.c Buffer_Overflow_cpycat 863 understriding_adesmy = getenv("OPTIMISED_ORBICULARLY"); sesuvium_christmasing . creachy_presubsistent = understriding_adesmy; cacatua_citable = ((char *)sesuvium_christmasing . creachy_presubsistent); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, cacatua_citable); 1 --------------------------------- 21477 1634/snp10-bad.c Buffer_Overflow_Indexes 47 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; if(strlen(userstr) <= MAXSIZE) test(userstr); test(char *str) snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); free(buf); 1 --------------------------------- 21478 1634/snp10-bad.c Buffer_Overflow_LowBound 41 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) <= MAXSIZE) test(userstr); test(char *str) buf = malloc(MAXSIZE); snprintf(buf, 1024, "<%s>", str); 1 --------------------------------- 21479 153800/avdevice.c Buffer_Overflow_scanf 95 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&puruloid_ploughshoe,"9537",tenons_gashliness); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21480 153800/avdevice.c Buffer_Overflow_Indexes 93 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21481 153800/avdevice.c Buffer_Overflow_Indexes 47 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21482 153800/avdevice.c Buffer_Overflow_LowBound 241 obtunder_verrugas = ((char *)( *(metisses_skagen - 5)) . preyed_improvement); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(obtunder_verrugas)+1, obtunder_verrugas, "TRIGGER-STATE"); strncpy(stonesoup_data, obtunder_verrugas, strlen(obtunder_verrugas) + 1); 1 --------------------------------- 21483 152976/column-utils.c Buffer_Overflow_scanf 110 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&tashnakist_embolization,"1959",galaxias_replevy); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21484 152976/column-utils.c Buffer_Overflow_Indexes 108 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21485 152976/column-utils.c Buffer_Overflow_Indexes 62 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&tashnakist_embolization,"1959",galaxias_replevy); gerkin_horrorist(tashnakist_embolization); stonesoup_printf("String is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("String is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21486 152999/tile-swap.c Buffer_Overflow_Indexes 174 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&inputted_sheared,"BIOSTATICAL_ZINGIBER"); if (inputted_sheared != 0) {; interestedness_duchan . decimalized_stanniferous = ((char *)inputted_sheared); discursive_overnicety[5] = interestedness_duchan; achymia_nondecoration = *(discursive_overnicety + alliant_afterlifetime[1]); houhere_galahad = ((char *)achymia_nondecoration . decimalized_stanniferous); stonesoup_buff_size = strlen(houhere_galahad) + 1; stonesoup_size = stonesoup_other_size < stonesoup_buff_size ? stonesoup_other_size : stonesoup_buff_size; for (stonesoup_i = 0; stonesoup_i < stonesoup_size; stonesoup_i++) { houhere_galahad[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = for (stonesoup_i = 0; stonesoup_i < stonesoup_buff_size; stonesoup_i++) { stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buff_size", stonesoup_buff_size, &stonesoup_buff_size, "TRIGGER-STATE"); if (achymia_nondecoration . decimalized_stanniferous != 0) free(((char *)achymia_nondecoration . decimalized_stanniferous)); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 21487 152999/tile-swap.c Buffer_Overflow_Indexes 128 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&inputted_sheared,"BIOSTATICAL_ZINGIBER"); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21488 152999/tile-swap.c Buffer_Overflow_Indexes 169 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21489 153188/color.c Buffer_Overflow_Indexes 157 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21490 153188/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21491 153188/color.c Buffer_Overflow_Indexes 159 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21492 153188/color.c Buffer_Overflow_Indexes 549 isogonics_humanistical = getenv("DIACHRONIC_STATESMANESE"); if (isogonics_humanistical != 0) {; retrohepatic_fewneses = ((char *)isogonics_humanistical); strncpy(stonesoup_source, retrohepatic_fewneses, sizeof(stonesoup_source)); 0 --------------------------------- 21493 153188/color.c Buffer_Overflow_LowBound 561 char stonesoup_source[1024]; isogonics_humanistical = getenv("DIACHRONIC_STATESMANESE"); retrohepatic_fewneses = ((char *)isogonics_humanistical); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, retrohepatic_fewneses, sizeof(stonesoup_source)); 0 --------------------------------- 21494 153188/color.c Buffer_Overflow_LowBound 570 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 21495 153188/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21496 153188/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21497 153188/color.c Buffer_Overflow_cpycat 195 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21498 153188/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21499 153188/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21500 153188/color.c Buffer_Overflow_cpycat 208 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21501 153188/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21502 153188/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21503 153188/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21504 153188/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21505 153188/color.c Buffer_Overflow_cpycat 173 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21506 153188/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21507 153188/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21508 153188/color.c Buffer_Overflow_cpycat 188 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21509 153188/color.c Buffer_Overflow_cpycat 328 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21510 153188/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21511 153188/color.c Buffer_Overflow_cpycat 349 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21512 153188/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21513 153188/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21514 153188/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21515 153188/color.c Buffer_Overflow_cpycat 244 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21516 153188/color.c Buffer_Overflow_cpycat 181 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21517 153188/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21518 153188/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21519 153254/conf_mod.c Buffer_Overflow_scanf 174 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&cecil_bragger,"2395",unsilicified_jerkily); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21520 153254/conf_mod.c Buffer_Overflow_Indexes 172 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21521 153254/conf_mod.c Buffer_Overflow_Indexes 602 file = getenv("OPENSSL_CONF"); if (file) { return BUF_strdup(file); file = CONF_get1_default_config_file(); if (!file) { if (NCONF_load(conf,file,((void *)0)) <= 0) { CRYPTO_free(file); 0 --------------------------------- 21522 153254/conf_mod.c Buffer_Overflow_Indexes 126 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21523 153254/conf_mod.c Buffer_Overflow_LowBound 693 void ribonucleotide_factioneer(int fungid_architricline,char *tambak_mortalized) dunams_biddance = ((char *)tambak_mortalized); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(dunams_biddance)+1, dunams_biddance, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, dunams_biddance, strlen(dunams_biddance) + 1); 1 --------------------------------- 21524 2081/strcat-bad1.c Buffer_Overflow_Indexes 27 int main(int argc, char **argv){ if(argc > 2){ userstr = argv[1]; userstr2 = argv[2]; test(userstr,userstr2); void test(char *str, char *str2){ if(strlen(str) < MAXSIZE) strcpy(buf, str); printf(" strcpy: %s%s%s\n", pre, buf, post); strcat(buf, str2); printf("results: %s%s%s\n", pre, buf, post); 1 --------------------------------- 21525 2081/strcat-bad1.c Buffer_Overflow_cpycat 23 int main(int argc, char **argv){ userstr = argv[1]; userstr2 = argv[2]; test(userstr,userstr2); void test(char *str, char *str2){ char buf[MAXSIZE] = ""; if(strlen(str) < MAXSIZE) strcpy(buf, str); printf(" strcpy: %s%s%s\n", pre, buf, post); strcat(buf, str2); 1 --------------------------------- 21526 2081/strcat-bad1.c Buffer_Overflow_cpycat 21 char buf[MAXSIZE] = ""; strcpy(buf, str); 0 --------------------------------- 21527 153024/utils.c Buffer_Overflow_Indexes 108 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21528 153024/utils.c Buffer_Overflow_LowBound 2399 AVCodec *experimental = ((void *)0); p = first_avcodec; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { p = p -> next; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { experimental = p; return experimental; return find_encdec(id,1); return find_encdec(id,0); return "none"; codec = avcodec_find_decoder(id); return codec -> name; codec = avcodec_find_encoder(id); return codec -> name; return "unknown_codec"; codec_type = av_get_media_type_string(enc -> codec_type); codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_encoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_decoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); const char *avcodec_get_name(enum AVCodecID id) cd = avcodec_descriptor_get(id); return cd -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); 0 --------------------------------- 21529 153024/utils.c Buffer_Overflow_LowBound 2403 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); 0 --------------------------------- 21530 153024/utils.c Buffer_Overflow_LowBound 1244 int avcodec_open(AVCodecContext *avctx,AVCodec *codec) return avcodec_open2(avctx,codec,((void *)0)); int avcodec_open2(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) if (av_codec_is_decoder(codec)) { if (av_codec_is_encoder(avctx -> codec)) { int av_codec_is_encoder(const AVCodec *codec) if (av_codec_is_encoder(avctx -> codec)) { if (avctx -> channels == 1 && (av_get_planar_sample_fmt(avctx -> sample_fmt)) == (av_get_planar_sample_fmt(avctx -> codec -> sample_fmts[i]))) { avctx -> sample_fmt = avctx -> codec -> sample_fmts[i]; char buf[128]; snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); av_log(avctx,16,"Specified sample format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_sample_fmt_name(avctx -> sample_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); int ff_codec_open2_recursive(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) ret = avcodec_open2(avctx,codec,options); 0 --------------------------------- 21531 153024/utils.c Buffer_Overflow_LowBound 2408 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); 0 --------------------------------- 21532 153024/utils.c Buffer_Overflow_LowBound 2416 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); 0 --------------------------------- 21533 153024/utils.c Buffer_Overflow_LowBound 2470 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return 4; return 8; return 16; return 24; return 64; return 0; return 3; bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return 4; bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return 2; bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); static int get_bit_rate(AVCodecContext *ctx) bit_rate = ctx -> bit_rate; bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); bit_rate = 0; return bit_rate; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); 0 --------------------------------- 21534 153024/utils.c Buffer_Overflow_LowBound 2462 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); 0 --------------------------------- 21535 153024/utils.c Buffer_Overflow_LowBound 1257 char buf[128]; av_log(avctx,16,"Specified pixel format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_pix_fmt_name(avctx -> pix_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> pix_fmt); 0 --------------------------------- 21536 153024/utils.c Buffer_Overflow_LowBound 2452 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 21537 153024/utils.c Buffer_Overflow_LowBound 2366 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf_size = (buf_size > len?buf_size - len : 0); len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); 0 --------------------------------- 21538 153024/utils.c Buffer_Overflow_LowBound 2423 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); AVRational display_aspect_ratio; buf[0] ^= 'a' ^ 'A'; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); 0 --------------------------------- 21539 153024/utils.c Buffer_Overflow_LowBound 2438 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); 0 --------------------------------- 21540 153024/utils.c Buffer_Overflow_LowBound 2431 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); 0 --------------------------------- 21541 153024/utils.c Buffer_Overflow_LowBound 2427 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 21542 153024/utils.c Buffer_Overflow_LowBound 2443 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); 0 --------------------------------- 21543 153024/utils.c Buffer_Overflow_LowBound 2465 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); 0 --------------------------------- 21544 153024/utils.c Buffer_Overflow_cpycat 3186 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); pyrolytic_desmodactyli[1] = 5; mlechchha_unobdurate = *(huang_whiteclay + pyrolytic_desmodactyli[1]); muleteers_sideshows = ((char *)mlechchha_unobdurate); stonesoup_buffer = malloc((strlen(muleteers_sideshows) + 1) * sizeof(char )); strcpy(stonesoup_buffer,muleteers_sideshows); void stonesoup_handle_taint(char *brett_legitimisation) huang_whiteclay[5] = brett_legitimisation; mlechchha_unobdurate = *(huang_whiteclay + pyrolytic_desmodactyli[1]); muleteers_sideshows = ((char *)mlechchha_unobdurate); stonesoup_buffer = malloc((strlen(muleteers_sideshows) + 1) * sizeof(char )); strcpy(stonesoup_buffer,muleteers_sideshows); 0 --------------------------------- 21545 153753/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21546 153753/color.c Buffer_Overflow_Indexes 179 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21547 153753/color.c Buffer_Overflow_Indexes 181 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21548 153753/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&iin_magnesia,"UNACCEPTANT_MULTIFAROUSLY"); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21549 153753/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&iin_magnesia,"UNACCEPTANT_MULTIFAROUSLY"); if (iin_magnesia != 0) {; bluenesses_aleron = ((char *)iin_magnesia); stonesoup_buff_size = ((int )(strlen(bluenesses_aleron))); memcpy(stonesoup_data.buffer, bluenesses_aleron, 64); for (; stonesoup_i < stonesoup_buff_size; ++stonesoup_i){ stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); if (iin_magnesia != 0) free(((char *)iin_magnesia)); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 21550 153753/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21551 153753/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21552 153753/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21553 153753/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21554 153753/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21555 153753/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21556 153753/color.c Buffer_Overflow_cpycat 195 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21557 153753/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21558 153753/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21559 153753/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21560 153753/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21561 153753/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21562 153753/color.c Buffer_Overflow_cpycat 371 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21563 153753/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21564 153753/color.c Buffer_Overflow_cpycat 351 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21565 153753/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21566 153753/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21567 153753/color.c Buffer_Overflow_cpycat 350 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21568 153753/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21569 153753/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21570 153753/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21571 153753/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21572 153753/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21573 153753/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21574 153523/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21575 153523/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21576 152963/pmsignal.c Buffer_Overflow_scanf 139 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&bystander_salsas,"1088",morita_fortescue); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21577 152963/pmsignal.c Buffer_Overflow_Indexes 91 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21578 152963/pmsignal.c Buffer_Overflow_Indexes 137 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21579 152963/pmsignal.c Buffer_Overflow_cpycat 495 void ualis_ellisville(wedlocks_enamine **************************************************enthrong_respectably) char stonesoup_stack_buffer_64[64]; fudgy_undecidedly = ((char *)( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *enthrong_respectably))))))))))))))))))))))))))))))))))))))))))))))))))); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,fudgy_undecidedly); 1 --------------------------------- 21580 152879/eng_table.c Buffer_Overflow_Indexes 142 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21581 152879/eng_table.c Buffer_Overflow_Indexes 147 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&veda_chestier,"PLEUROCEROID_OPEROSELY"); if (veda_chestier != 0) {; preciosities_waxlike = ((void *)veda_chestier); misleading_undersign = &preciosities_waxlike; moonman_bowings(sheargrass_desmodynia,misleading_undersign); void moonman_bowings(int scrappler_ashien,void **pureblood_butterjags) moonman_bowings(scrappler_ashien,pureblood_butterjags); eaglets_cued = ((char *)((char *)( *pureblood_butterjags))); sprintf(stonesoup_buffer_stack,eaglets_cued); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_buffer_stack", stonesoup_buffer_stack, "TRIGGER-STATE"); stonesoup_printf("%s\n",stonesoup_buffer_stack); if (((char *)( *pureblood_butterjags)) != 0) free(((char *)((char *)( *pureblood_butterjags)))); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 21582 152879/eng_table.c Buffer_Overflow_Indexes 101 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&veda_chestier,"PLEUROCEROID_OPEROSELY"); moonman_bowings(sheargrass_desmodynia,misleading_undersign); moonman_bowings(scrappler_ashien,pureblood_butterjags); stonesoup_printf("%s\n",stonesoup_buffer_stack); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer_stack); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21583 153082/config.c Buffer_Overflow_Indexes 162 nonlethally_gameless = getenv("GYBED_GOODYSHIP"); if (nonlethally_gameless != 0) {; sacraria_remedied = ((void *)nonlethally_gameless); weltered_inbardge[5] = sacraria_remedied; actinobacilli_rebeca = *(weltered_inbardge + falser_bedder[1]); anotherkins_theatregoing = ((char *)((char *)actinobacilli_rebeca)); if (strlen(anotherkins_theatregoing) < 20) { realpath(anotherkins_theatregoing, stonesoup_data.base_path); 1 --------------------------------- 21584 153082/config.c Buffer_Overflow_Indexes 78 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_data.base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 1 --------------------------------- 21585 153623/ffmpeg.c Buffer_Overflow_scanf 2582 int debug = 0; if (scanf("%d",&debug) != 1) { 0 --------------------------------- 21586 153623/ffmpeg.c Buffer_Overflow_scanf 2551 char target[64]; char command[256]; char arg[256] = {(0)}; double time; buf[i] = 0; if (k > 0 && (n = sscanf(buf,"%63[^ ] %lf %255[^ ] %255[^\n]",target,&time,command,arg)) >= 3) { 0 --------------------------------- 21587 153623/ffmpeg.c Buffer_Overflow_Indexes 190 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21588 153623/ffmpeg.c Buffer_Overflow_Indexes 3132 int main(int argc,char **argv) parse_loglevel(argc,argv,options); if (argc > 1 && !strcmp(argv[1],"-d")) { argc--; argv++; show_banner(argc,argv,options); ret = ffmpeg_parse_options(argc,argv); if (ret < 0) { 0 --------------------------------- 21589 153623/ffmpeg.c Buffer_Overflow_LowBound 1914 static int init_input_stream(int ist_index,char *error,int error_len) InputStream *ist = input_streams[ist_index]; snprintf(error,error_len,"Error while opening decoder for input stream #%d:%d",ist -> file_index,ist -> st -> index); 0 --------------------------------- 21590 153623/ffmpeg.c Buffer_Overflow_LowBound 1218 static int qp_histogram['4']; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error_sum += error; scale_sum += scale; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); static void close_output_stream(OutputStream *ost) ost -> finished = 1; buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); 0 --------------------------------- 21591 153623/ffmpeg.c Buffer_Overflow_LowBound 2331 char error[1024]; ost -> st -> disposition = ist -> st -> disposition; ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; if (!strcmp(ost -> enc -> name,"libx264")) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); av_buffersink_set_frame_size(ost -> filter -> filter,(ost -> st -> codec -> frame_size)); if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); 0 --------------------------------- 21592 153623/ffmpeg.c Buffer_Overflow_LowBound 2383 static InputStream *get_input_stream(OutputStream *ost) pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; char error[1024]; ost = output_streams[i]; ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; if (!oc -> oformat -> codec_tag || (av_codec_get_id(oc -> oformat -> codec_tag,icodec -> codec_tag)) == (codec -> codec_id) || !av_codec_get_tag2(oc -> oformat -> codec_tag,icodec -> codec_id,&codec_tag)) { if (!strcmp(oc -> oformat -> name,"avi")) { if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { if (!(oc -> oformat -> flags & 0002000) && strcmp(oc -> oformat -> name,"mov") && strcmp(oc -> oformat -> name,"mp4") && strcmp(oc -> oformat -> name,"3gp") && strcmp(oc -> oformat -> name,"3g2") && strcmp(oc -> oformat -> name,"psp") && strcmp(oc -> oformat -> name,"ipod") && strcmp(oc -> oformat -> name,"f4v")) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (!strcmp(ost -> enc -> name,"libx264")) { ost = output_streams[i]; AVCodecContext *dec = ((void *)0); if (ist = get_input_stream(ost)) { ost -> st -> codec -> subtitle_header = (av_mallocz((dec -> subtitle_header_size + 1))); memcpy((ost -> st -> codec -> subtitle_header),(dec -> subtitle_header),(dec -> subtitle_header_size)); ost -> st -> codec -> subtitle_header_size = dec -> subtitle_header_size; if ((ret = avcodec_open2(ost -> st -> codec,codec,&ost -> opts)) < 0) { if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); av_buffersink_set_frame_size(ost -> filter -> filter,(ost -> st -> codec -> frame_size)); av_opt_set_dict((ost -> st -> codec),&ost -> opts); if (ist = get_input_stream(ost)) { for (i = 0; i < nb_output_files; i++) { oc = output_files[i] -> ctx; oc -> interrupt_callback = int_cb; if ((ret = avformat_write_header(oc,&output_files[i] -> opts)) < 0) { if (av_strerror(ret,errbuf,sizeof(errbuf)) < 0) { errbuf_ptr = (strerror(-ret)); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); if (strcmp(oc -> oformat -> name,"rtp")) { if ((ret = avformat_write_header(oc,&output_files[i] -> opts)) < 0) { char errbuf[128]; const char *errbuf_ptr = errbuf; if (av_strerror(ret,errbuf,sizeof(errbuf)) < 0) { errbuf_ptr = (strerror(-ret)); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (ist = get_input_stream(ost)) { 0 --------------------------------- 21593 153623/ffmpeg.c Buffer_Overflow_LowBound 2181 static InputStream *get_input_stream(OutputStream *ost) char error[1024]; ist = get_input_stream(ost); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; ost = output_streams[i]; ost -> enc = avcodec_find_encoder(codec -> codec_id); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); if (!strcmp(ost -> enc -> name,"libx264")) { ist = get_input_stream(ost); 0 --------------------------------- 21594 153623/ffmpeg.c Buffer_Overflow_LowBound 1222 static double psnr(double d) return - 10.0 * log(d) / log(10.0); static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); scale = (enc -> width * enc -> height) * 255.0 * 255.0; error_sum += error; scale_sum += scale; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; reset_eagain(); sub2video_heartbeat(ist,pkt . pts); ret = output_packet(ist,(&pkt)); reset_eagain(); ret = process_input(ist -> file_index); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); ost = output_streams[i]; av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); static void close_output_stream(OutputStream *ost) ost -> finished = 1; if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); 0 --------------------------------- 21595 153623/ffmpeg.c Buffer_Overflow_LowBound 2279 return ((void *)0); int n = 1; int64_t *pts; size = n; pts = (av_malloc(sizeof(( *pts)) * size)); char *next = strchr(p,','); *(next++) = 0; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { AVChapter *c = avf -> chapters[j]; pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost -> forced_kf_pts = pts; input_streams[j + ifile -> ist_index] -> start = av_gettime(); ost = output_streams[i]; ist = get_input_stream(ost); return input_streams[ost -> source_index]; for (i = 0; i < nb_output_streams; i++) { ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); ost -> encoding_needed = 1; ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); ost -> frame_rate = ist -> framerate; int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); codec -> time_base = av_inv_q(ost -> frame_rate); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); if (!strncmp((ost -> forced_keyframes),"expr:",5)) { parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); char logfilename[1024]; snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) p = kf; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { qsort(pts,size,sizeof(( *pts)),compare_int64); ost -> forced_kf_pts = pts; parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); fg = init_simple_filtergraph(ist,ost); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); 0 --------------------------------- 21596 153623/ffmpeg.c Buffer_Overflow_LowBound 1247 total_size = avio_size(oc -> pb); total_size = avio_tell(oc -> pb); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); 0 --------------------------------- 21597 153623/ffmpeg.c Buffer_Overflow_LowBound 1898 static int init_input_stream(int ist_index,char *error,int error_len) InputStream *ist = input_streams[ist_index]; snprintf(error,error_len,"Decoder (codec %s) not found for input stream #%d:%d",avcodec_get_name(ist -> st -> codec -> codec_id),ist -> file_index,ist -> st -> index); 0 --------------------------------- 21598 153623/ffmpeg.c Buffer_Overflow_LowBound 1183 static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); 0 --------------------------------- 21599 153623/ffmpeg.c Buffer_Overflow_LowBound 1250 static double psnr(double d) return - 10.0 * log(d) / log(10.0); static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); 0 --------------------------------- 21600 153623/ffmpeg.c Buffer_Overflow_LowBound 1178 ost -> finished = 1; close_output_stream(output_streams[of -> ost_index + j]); output_streams[i] -> unavailable = 0; reset_eagain(); timer_start = av_gettime(); int64_t cur_time = av_gettime(); if (check_keyboard_interaction(cur_time) < 0) { if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static void print_report(int is_last_report,int64_t timer_start,int64_t cur_time) float t = ((cur_time - timer_start) / 1000000.0); fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static void close_output_stream(OutputStream *ost) if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static int check_keyboard_interaction(int64_t cur_time) print_report(0,timer_start,cur_time); 0 --------------------------------- 21601 153623/ffmpeg.c Buffer_Overflow_LowBound 1245 int64_t pts = - 9223372036854775807L - 1; secs = (pts / 1000000); us = (pts % 1000000); mins = secs / 60; secs %= 60; hours = mins / 60; mins %= 60; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); 0 --------------------------------- 21602 153623/ffmpeg.c Buffer_Overflow_LowBound 1261 double duration = 0; duration = 1 / (av_q2d(ost -> frame_rate) * av_q2d(enc -> time_base)); sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = 1; nb_frames = 0; nb_frames = (lrintf(delta)); nb_frames = 0; nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { close_output_stream(ost); double duration = 0; duration = 1 / (av_q2d(ost -> frame_rate) * av_q2d(enc -> time_base)); sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = 1; nb_frames = 0; nb_frames = (lrintf(delta)); nb_frames = 0; nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_drop++; nb_frames_drop++; nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { if (!ost -> filtered_frame && !(ost -> filtered_frame = avcodec_alloc_frame())) { avcodec_get_frame_defaults(ost -> filtered_frame); filtered_frame = ost -> filtered_frame; avfilter_copy_buf_props(filtered_frame,picref); do_video_out(of -> ctx,ost,filtered_frame); static int qp_histogram['4']; total_size = avio_tell(oc -> pb); buf[0] = '\0'; float q = (- 1); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); bitrate = (pts && total_size >= 0?(total_size * 8) / (pts / 1000.0) : (- 1)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); av_bprintf(&buf_script,"dup_frames=%d\n",nb_frames_dup); av_bprintf(&buf_script,"drop_frames=%d\n",nb_frames_drop); return reap_filters(); ret = reap_filters(); if ((ret = transcode_from_filter(ost -> filter -> graph,&ist)) < 0) { return reap_filters(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static double psnr(double d) return - 10.0 * log(d) / log(10.0); int64_t pts = - 9223372036854775807L - 1; total_size = avio_size(oc -> pb); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); bitrate = (pts && total_size >= 0?(total_size * 8) / (pts / 1000.0) : (- 1)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static void do_video_out(AVFormatContext *s,OutputStream *ost,AVFrame *in_picture) sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = (lrintf(delta)); nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; do_video_out(of -> ctx,ost,filtered_frame); return reap_filters(); ret = transcode_step(); print_report(0,timer_start,cur_time); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); 0 --------------------------------- 21603 153623/ffmpeg.c Buffer_Overflow_LowBound 1202 ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); char type[3] = {('Y'), ('U'), ('V')}; error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); 0 --------------------------------- 21604 153623/ffmpeg.c Buffer_Overflow_LowBound 1243 static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error_sum += error; scale_sum += scale; av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); 0 --------------------------------- 21605 153623/ffmpeg.c Buffer_Overflow_LowBound 1240 output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); 0 --------------------------------- 21606 153623/ffmpeg.c Buffer_Overflow_LowBound 1192 buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); 0 --------------------------------- 21607 153623/ffmpeg.c Buffer_Overflow_LowBound 522 va_list va; char buf[1024]; __builtin_va_start(va,fmt); vsnprintf(buf,sizeof(buf),fmt,va); update_benchmark(((void *)0)); update_benchmark("encode_audio %d.%d",ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("encode_video %d.%d",ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("flush %s %d.%d",desc,ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("decode_audio %d.%d",ist -> file_index,ist -> st -> index); update_benchmark(((void *)0)); update_benchmark("decode_video %d.%d",ist -> file_index,ist -> st -> index); static void update_benchmark(const char *fmt,... ) __builtin_va_start(va,fmt); vsnprintf(buf,sizeof(buf),fmt,va); 0 --------------------------------- 21608 153201/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21609 153201/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21610 199319/uninit_pointer.c Buffer_Overflow_cpycat 186 char *buf,buf1[25]; buf = "This is a string"; strcpy(buf1,buf); 1 --------------------------------- 21611 199319/uninit_pointer.c Buffer_Overflow_cpycat 405 uninit_pointer_016_gbl_doubleptr=(char**) malloc(10*sizeof(char*)); uninit_pointer_016_gbl_doubleptr[i]=(char*) malloc(10*sizeof(char)); strcpy(uninit_pointer_016_gbl_doubleptr[i],"STRING00"); char *s=(char*) malloc(10*sizeof(char)); uninit_pointer_016_func_002(); free (uninit_pointer_016_gbl_doubleptr[i]); strcpy(s,uninit_pointer_016_gbl_doubleptr[i]); 1 --------------------------------- 21612 152948/mutex.c Buffer_Overflow_Indexes 84 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&shrewstruck_overtness,"APHIDIINAE_POLANDER"); if (shrewstruck_overtness != 0) {; gamboller_deobstruent[11] = shrewstruck_overtness; conservatism_astrid[5] = gamboller_deobstruent; naskhi_cohibitive = *(conservatism_astrid + retsof_dimastigate[1]); chishima_xylene(naskhi_cohibitive); void chishima_xylene(char **lamping_thurificati); 0 --------------------------------- 21613 152948/mutex.c Buffer_Overflow_Indexes 79 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21614 152948/mutex.c Buffer_Overflow_Indexes 38 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21615 153011/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21616 153011/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21617 153269/color.c Buffer_Overflow_Indexes 157 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21618 153269/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21619 153269/color.c Buffer_Overflow_Indexes 548 nuzzling_arminius = getenv("ORANGY_ZOOPHYTOGRAPHY"); if (nuzzling_arminius != 0) {; costocoracoid_freers = ((char *)nuzzling_arminius); strncpy(stonesoup_source, costocoracoid_freers, sizeof(stonesoup_source)); 0 --------------------------------- 21620 153269/color.c Buffer_Overflow_Indexes 159 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21621 153269/color.c Buffer_Overflow_LowBound 567 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 21622 153269/color.c Buffer_Overflow_LowBound 558 char stonesoup_source[1024]; nuzzling_arminius = getenv("ORANGY_ZOOPHYTOGRAPHY"); costocoracoid_freers = ((char *)nuzzling_arminius); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, costocoracoid_freers, sizeof(stonesoup_source)); 0 --------------------------------- 21623 153269/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21624 153269/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21625 153269/color.c Buffer_Overflow_cpycat 195 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21626 153269/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21627 153269/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21628 153269/color.c Buffer_Overflow_cpycat 208 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21629 153269/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21630 153269/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21631 153269/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21632 153269/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21633 153269/color.c Buffer_Overflow_cpycat 173 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21634 153269/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21635 153269/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21636 153269/color.c Buffer_Overflow_cpycat 188 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21637 153269/color.c Buffer_Overflow_cpycat 328 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21638 153269/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21639 153269/color.c Buffer_Overflow_cpycat 349 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21640 153269/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21641 153269/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21642 153269/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21643 153269/color.c Buffer_Overflow_cpycat 244 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21644 153269/color.c Buffer_Overflow_cpycat 181 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21645 153269/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21646 153269/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21647 153269/color.c Buffer_Overflow_cpycat 195 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21648 153269/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21649 153269/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21650 153269/color.c Buffer_Overflow_cpycat 208 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21651 153269/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21652 153269/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21653 153269/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21654 153269/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21655 153269/color.c Buffer_Overflow_cpycat 173 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21656 153269/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21657 153269/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21658 153269/color.c Buffer_Overflow_cpycat 188 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21659 153269/color.c Buffer_Overflow_cpycat 328 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21660 153269/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21661 153269/color.c Buffer_Overflow_cpycat 349 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21662 153269/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21663 153269/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21664 153269/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21665 153269/color.c Buffer_Overflow_cpycat 244 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21666 153269/color.c Buffer_Overflow_cpycat 181 c = split(arg[i],"=",&n 0 --------------------------------- 21667 153269/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21668 153269/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21669 199319/uninit_pointer_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==46 || vflag_file == 888) 0 --------------------------------- 21670 153585/color.c Buffer_Overflow_Indexes 185 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21671 153585/color.c Buffer_Overflow_Indexes 183 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21672 153585/color.c Buffer_Overflow_Indexes 128 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21673 153585/color.c Buffer_Overflow_Indexes 179 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 21674 153585/color.c Buffer_Overflow_cpycat 256 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21675 153585/color.c Buffer_Overflow_cpycat 298 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21676 153585/color.c Buffer_Overflow_cpycat 347 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21677 153585/color.c Buffer_Overflow_cpycat 340 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21678 153585/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21679 153585/color.c Buffer_Overflow_cpycat 333 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21680 153585/color.c Buffer_Overflow_cpycat 277 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21681 153585/color.c Buffer_Overflow_cpycat 214 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21682 153585/color.c Buffer_Overflow_cpycat 375 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21683 153585/color.c Buffer_Overflow_cpycat 270 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21684 153585/color.c Buffer_Overflow_cpycat 284 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21685 153585/color.c Buffer_Overflow_cpycat 355 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21686 153585/color.c Buffer_Overflow_cpycat 242 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21687 153585/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21688 153585/color.c Buffer_Overflow_cpycat 291 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21689 153585/color.c Buffer_Overflow_cpycat 199 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21690 153585/color.c Buffer_Overflow_cpycat 221 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21691 153585/color.c Buffer_Overflow_cpycat 354 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21692 153585/color.c Buffer_Overflow_cpycat 312 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21693 153585/color.c Buffer_Overflow_cpycat 249 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21694 153585/color.c Buffer_Overflow_cpycat 207 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21695 153585/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21696 153585/color.c Buffer_Overflow_cpycat 305 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21697 153585/color.c Buffer_Overflow_cpycat 263 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21698 153512/color.c Buffer_Overflow_Indexes 546 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 21699 153512/color.c Buffer_Overflow_Indexes 148 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 21700 153512/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); s stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21701 153512/color.c Buffer_Overflow_Indexes 152 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21702 153512/color.c Buffer_Overflow_Indexes 542 colourableness_ccnc = getenv("SEMICLINICALLY_OVERCOMMIT"); if (colourableness_ccnc != 0) {; noumenally_restruck = ((char *)colourableness_ccnc); tracepoint(stonesoup_trace, variable_buffer, "STONESOUP_TAINT_SOURCE", noumenally_restruck, "INITIAL-STATE"); for (stonesoup_i = 0; stonesoup_i < strlen(noumenally_restruck); ++stonesoup_i) { noumenally_restruck[stonesoup_i], stonesoup_data.buffer[(int) noumenally_restruck[stonesoup_i]]); tracepoint(stonesoup_trace, variable_signed_integral, "((int) STONESOUP_TAINT_SOURCE[stonesoup_i])", ((int) noumenally_restruck[stonesoup_i]), &(noumenally_restruck[stonesoup_i]), "TRIGGER-STATE"); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 21703 153512/color.c Buffer_Overflow_Indexes 154 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21704 153512/color.c Buffer_Overflow_cpycat 190 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21705 153512/color.c Buffer_Overflow_cpycat 246 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21706 153512/color.c Buffer_Overflow_cpycat 323 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21707 153512/color.c Buffer_Overflow_cpycat 218 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21708 153512/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21709 153512/color.c Buffer_Overflow_cpycat 295 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21710 153512/color.c Buffer_Overflow_cpycat 260 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21711 153512/color.c Buffer_Overflow_cpycat 253 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21712 153512/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21713 153512/color.c Buffer_Overflow_cpycat 344 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21714 153512/color.c Buffer_Overflow_cpycat 316 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21715 153512/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21716 153512/color.c Buffer_Overflow_cpycat 309 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21717 153512/color.c Buffer_Overflow_cpycat 168 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21718 153512/color.c Buffer_Overflow_cpycat 183 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21719 153512/color.c Buffer_Overflow_cpycat 281 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21720 153512/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21721 153512/color.c Buffer_Overflow_cpycat 274 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21722 153512/color.c Buffer_Overflow_cpycat 239 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21723 153512/color.c Buffer_Overflow_cpycat 211 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21724 153512/color.c Buffer_Overflow_cpycat 288 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21725 153512/color.c Buffer_Overflow_cpycat 302 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21726 153512/color.c Buffer_Overflow_cpycat 176 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21727 153512/color.c Buffer_Overflow_cpycat 267 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21728 153044/error.c Buffer_Overflow_Indexes 120 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21729 153044/error.c Buffer_Overflow_cpycat 698 overprotect_oligopsony = ((char *)( *megalochirous_multithreaded) . feoffee_underpay); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, overprotect_oligopsony); 1 --------------------------------- 21730 153106/config.c Buffer_Overflow_Indexes 164 pennsylvania_proteolytic = getenv("HALSER_RECRUDENCY"); if (pennsylvania_proteolytic != 0) {; coursey_sarawakese = ((void *)pennsylvania_proteolytic); noachian_saccharone = &coursey_sarawakese; bluecap_sangei = ((void **)(((unsigned long )noachian_saccharone) * unhusk_gizzard * unhusk_gizzard)) + 5; firmisternal_ergotized(bluecap_sangei); 0 --------------------------------- 21731 153106/config.c Buffer_Overflow_Indexes 79 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21732 153106/config.c Buffer_Overflow_LowBound 1038 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, plumbicon_promisee, stonesoup_buffer_len); 0 --------------------------------- 21733 153106/config.c Buffer_Overflow_LowBound 1063 void spraining_stulty(void **derisible_underbear) plumbicon_promisee = ((char *)((char *)( *(derisible_underbear - 5)))); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, plumbicon_promisee, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, plumbicon_promisee, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, plumbicon_promisee, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, plumbicon_promisee, stonesoup_buffer_len); 1 --------------------------------- 21734 153445/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&haliplankton_slivovitz,"7410",sizy_preeternal); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21735 153445/color.c Buffer_Overflow_Indexes 198 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21736 153445/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&haliplankton_slivovitz,"7410",sizy_preeternal); stonesoup_printf("String is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("String is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21737 153445/color.c Buffer_Overflow_Indexes 196 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21738 153445/color.c Buffer_Overflow_Indexes 192 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 21739 153445/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21740 153445/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21741 153445/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21742 153445/color.c Buffer_Overflow_cpycat 367 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21743 153445/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21744 153445/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21745 153445/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21746 153445/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21747 153445/color.c Buffer_Overflow_cpycat 360 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21748 153445/color.c Buffer_Overflow_cpycat 339 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21749 153445/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21750 153445/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21751 153445/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21752 153445/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21753 153445/color.c Buffer_Overflow_cpycat 325 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21754 153445/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21755 153445/color.c Buffer_Overflow_cpycat 332 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21756 153445/color.c Buffer_Overflow_cpycat 388 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21757 153445/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21758 153445/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21759 153445/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21760 153445/color.c Buffer_Overflow_cpycat 212 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21761 153445/color.c Buffer_Overflow_cpycat 368 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21762 153445/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21763 153445/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21764 153369/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&servals_binalonen,"6665",eleusinianism_outbloomed); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21765 153369/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21766 153369/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&servals_binalonen,"6665",eleusinianism_outbloomed); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(unpropagable_cryosurgical)); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(unpropagable_cryosurgical)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21767 153369/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21768 153369/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21769 153369/color.c Buffer_Overflow_Indexes 177 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 21770 153369/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21771 153369/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21772 153369/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21773 153369/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21774 153369/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21775 153369/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21776 153369/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21777 153369/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21778 153369/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21779 153369/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21780 153369/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21781 153369/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21782 153369/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21783 153369/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21784 153369/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21785 153369/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21786 153369/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21787 153369/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21788 153369/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21789 153369/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21790 153369/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21791 153369/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21792 153369/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21793 153369/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21794 152887/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21795 152887/color.c Buffer_Overflow_Indexes 170 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 21796 152887/color.c Buffer_Overflow_Indexes 174 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21797 152887/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&virulented_pecking,"GONZALO_TIECLASPS"); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21798 152887/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&virulented_pecking,"GONZALO_TIECLASPS"); if (virulented_pecking != 0) {; gnaphalium_unprotruded = ((char *)virulented_pecking); stonesoup_buff_size = strlen(gnaphalium_unprotruded) + 1; stonesoup_size = stonesoup_other_size < stonesoup_buff_size ? stonesoup_other_size : stonesoup_buff_size; for (stonesoup_i = 0; stonesoup_i < stonesoup_size; stonesoup_i++) { gnaphalium_unprotruded[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = for (stonesoup_i = 0; stonesoup_i < stonesoup_buff_size; stonesoup_i++) { stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buff_size", stonesoup_buff_size, &stonesoup_buff_size, "TRIGGER-STATE"); if (virulented_pecking != 0) free(((char *)virulented_pecking)); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 21799 152887/color.c Buffer_Overflow_Indexes 176 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21800 152887/color.c Buffer_Overflow_cpycat 233 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21801 152887/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21802 152887/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21803 152887/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21804 152887/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21805 152887/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21806 152887/color.c Buffer_Overflow_cpycat 366 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21807 152887/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21808 152887/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21809 152887/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21810 152887/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21811 152887/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21812 152887/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21813 152887/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21814 152887/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21815 152887/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21816 152887/color.c Buffer_Overflow_cpycat 190 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21817 152887/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21818 152887/color.c Buffer_Overflow_cpycat 345 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21819 152887/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21820 152887/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21821 152887/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21822 152887/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21823 152887/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21824 153042/color.c Buffer_Overflow_Indexes 182 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21825 153042/color.c Buffer_Overflow_Indexes 180 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21826 153042/color.c Buffer_Overflow_Indexes 176 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 21827 153042/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21828 153042/color.c Buffer_Overflow_cpycat 351 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21829 153042/color.c Buffer_Overflow_cpycat 218 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21830 153042/color.c Buffer_Overflow_cpycat 246 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21831 153042/color.c Buffer_Overflow_cpycat 302 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21832 153042/color.c Buffer_Overflow_cpycat 288 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21833 153042/color.c Buffer_Overflow_cpycat 253 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21834 153042/color.c Buffer_Overflow_cpycat 196 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21835 153042/color.c Buffer_Overflow_cpycat 260 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21836 153042/color.c Buffer_Overflow_cpycat 344 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21837 153042/color.c Buffer_Overflow_cpycat 316 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21838 153042/color.c Buffer_Overflow_cpycat 372 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21839 153042/color.c Buffer_Overflow_cpycat 204 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21840 153042/color.c Buffer_Overflow_cpycat 352 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21841 153042/color.c Buffer_Overflow_cpycat 295 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21842 153042/color.c Buffer_Overflow_cpycat 239 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21843 153042/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21844 153042/color.c Buffer_Overflow_cpycat 281 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21845 153042/color.c Buffer_Overflow_cpycat 211 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21846 153042/color.c Buffer_Overflow_cpycat 330 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21847 153042/color.c Buffer_Overflow_cpycat 323 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21848 153042/color.c Buffer_Overflow_cpycat 267 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21849 153042/color.c Buffer_Overflow_cpycat 337 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21850 153042/color.c Buffer_Overflow_cpycat 274 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21851 153042/color.c Buffer_Overflow_cpycat 309 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21852 835/basic-00181-large.c Buffer_Overflow_Indexes 58 envvar = getenv("STRINGLEN_LARGE"); if (envvar != NULL) i = strlen(envvar); if (i > 4105) buf[i] = 'A'; 0 --------------------------------- 21853 153089/string.c Buffer_Overflow_Indexes 554 risibleness_carla = getenv("SYNARTESIS_ANCIENNETE"); if (risibleness_carla != 0) {; surculi_cullionly = ((int )(strlen(risibleness_carla))); tupian_retrogressing = ((char *)(malloc(surculi_cullionly + 1))); if (tupian_retrogressing == 0) { memset(tupian_retrogressing,0,surculi_cullionly + 1); memcpy(tupian_retrogressing,risibleness_carla,surculi_cullionly); epiglottides_thirtyfold = &tupian_retrogressing; theriomorphosis_liberating = ((char **)(((unsigned long )epiglottides_thirtyfold) * unprime_figuratively * unprime_figuratively)) + 5; lithodidae_internalized = ((char *)( *(theriomorphosis_liberating - 5))); strcpy(stonesoup_data->buffer, lithodidae_internalized); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); for (; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); if ( *(theriomorphosis_liberating - 5) != 0) free(((char *)( *(theriomorphosis_liberating - 5)))); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); 1 --------------------------------- 21854 153089/string.c Buffer_Overflow_Indexes 55 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21855 153089/string.c Buffer_Overflow_cpycat 585 risibleness_carla = getenv("SYNARTESIS_ANCIENNETE"); surculi_cullionly = ((int )(strlen(risibleness_carla))); tupian_retrogressing = ((char *)(malloc(surculi_cullionly + 1))); memset(tupian_retrogressing,0,surculi_cullionly + 1); memcpy(tupian_retrogressing,risibleness_carla,surculi_cullionly); unprime_figuratively = 1; epiglottides_thirtyfold = &tupian_retrogressing; theriomorphosis_liberating = ((char **)(((unsigned long )epiglottides_thirtyfold) * unprime_figuratively * unprime_figuratively)) + 5; lithodidae_internalized = ((char *)( *(theriomorphosis_liberating - 5))); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, lithodidae_internalized); 1 --------------------------------- 21856 149123/heap_overflow_array-bad.c Buffer_Overflow_Indexes 18 int main(int argc, char *argv[]) if (argc > 1) strcpy(buf[2],argv[1]); free(buf[2]); 1 --------------------------------- 21857 153460/utils.c Buffer_Overflow_Indexes 108 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21858 153460/utils.c Buffer_Overflow_LowBound 2446 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); 0 --------------------------------- 21859 153460/utils.c Buffer_Overflow_LowBound 1260 char buf[128]; av_log(avctx,16,"Specified pixel format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_pix_fmt_name(avctx -> pix_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> pix_fmt); 0 --------------------------------- 21860 153460/utils.c Buffer_Overflow_LowBound 2369 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf_size = (buf_size > len?buf_size - len : 0); len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); 0 --------------------------------- 21861 153460/utils.c Buffer_Overflow_LowBound 2426 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); AVRational display_aspect_ratio; buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); 0 --------------------------------- 21862 153460/utils.c Buffer_Overflow_LowBound 2419 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); 0 --------------------------------- 21863 153460/utils.c Buffer_Overflow_LowBound 2430 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 21864 153460/utils.c Buffer_Overflow_LowBound 2468 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); 0 --------------------------------- 21865 153460/utils.c Buffer_Overflow_LowBound 2455 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 21866 153460/utils.c Buffer_Overflow_LowBound 1247 int avcodec_open(AVCodecContext *avctx,AVCodec *codec) return avcodec_open2(avctx,codec,((void *)0)); int avcodec_open2(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) if (av_codec_is_decoder(codec)) { if (av_codec_is_encoder(avctx -> codec)) { int av_codec_is_encoder(const AVCodec *codec) if (av_codec_is_encoder(avctx -> codec)) { if (avctx -> channels == 1 && (av_get_planar_sample_fmt(avctx -> sample_fmt)) == (av_get_planar_sample_fmt(avctx -> codec -> sample_fmts[i]))) { avctx -> sample_fmt = avctx -> codec -> sample_fmts[i]; char buf[128]; snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); av_log(avctx,16,"Specified sample format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_sample_fmt_name(avctx -> sample_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); int ff_codec_open2_recursive(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) ret = avcodec_open2(avctx,codec,options); 0 --------------------------------- 21867 153460/utils.c Buffer_Overflow_LowBound 2406 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); 0 --------------------------------- 21868 153460/utils.c Buffer_Overflow_LowBound 2441 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); 0 --------------------------------- 21869 153460/utils.c Buffer_Overflow_LowBound 2465 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); 0 --------------------------------- 21870 153460/utils.c Buffer_Overflow_LowBound 3183 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); unsensitize_tophs = 1; modigliani_stampedes = ((char **)(((unsigned long )aldoketene_nignye) * unsensitize_tophs * unsensitize_tophs)) + 5; yashiro_molluscivorous = ((char *)( *(modigliani_stampedes - 5))); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(yashiro_molluscivorous)+1, yashiro_molluscivorous, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, yashiro_molluscivorous, strlen(yashiro_molluscivorous) + 1); 1 --------------------------------- 21871 153460/utils.c Buffer_Overflow_LowBound 2473 static int get_bit_rate(AVCodecContext *ctx) bit_rate = ctx -> bit_rate; bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); bit_rate = 0; return bit_rate; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return 4; return 8; return 64; return 0; return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return 24; return 32; return 2; return 4; return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); return 3; bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; codec_tag >>= 8; return ((void *)0); profile = av_get_profile_name(p,enc -> profile); return ((void *)0); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); 0 --------------------------------- 21872 153460/utils.c Buffer_Overflow_LowBound 2434 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); 0 --------------------------------- 21873 153460/utils.c Buffer_Overflow_LowBound 2411 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); codec_tag >>= 8; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); 0 --------------------------------- 21874 153460/utils.c Buffer_Overflow_LowBound 2402 AVCodec *experimental = ((void *)0); p = first_avcodec; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { p = p -> next; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { experimental = p; return experimental; return find_encdec(id,1); return find_encdec(id,0); return "none"; codec = avcodec_find_decoder(id); return codec -> name; codec = avcodec_find_encoder(id); return codec -> name; return "unknown_codec"; codec_type = av_get_media_type_string(enc -> codec_type); codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_encoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_decoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); const char *avcodec_get_name(enum AVCodecID id) cd = avcodec_descriptor_get(id); return cd -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); 0 --------------------------------- 21875 153181/mux.c Buffer_Overflow_Indexes 84 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&unprettified_doscher,"DETAILIST_ITEM"); fidole_stramineously(unispiral_unpadlocked,wilkison_kimonoed); fidole_stramineously(stocks_parnell,yemschik_phyllostomus); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21876 153181/mux.c Buffer_Overflow_Indexes 125 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21877 153181/mux.c Buffer_Overflow_Indexes 130 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&unprettified_doscher,"DETAILIST_ITEM"); if (unprettified_doscher != 0) {; nondelineative_caf . rapateaceous_gester = ((char *)unprettified_doscher); camouflager_wirral = &nondelineative_caf; wilkison_kimonoed = ((struct nocument_edris *)(((unsigned long )camouflager_wirral) * ukraine_levant * ukraine_levant)) + 5; fidole_stramineously(unispiral_unpadlocked,wilkison_kimonoed); void fidole_stramineously(int stocks_parnell,struct nocument_edris *yemschik_phyllostomus) fidole_stramineously(stocks_parnell,yemschik_phyllostomus); 0 --------------------------------- 21878 153181/mux.c Buffer_Overflow_LowBound 959 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 21879 153181/mux.c Buffer_Overflow_LowBound 950 char stonesoup_source[1024]; improvement_cramponnee = ((char *)( *(yemschik_phyllostomus - 5)) . rapateaceous_gester); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, improvement_cramponnee, sizeof(stonesoup_source)); 0 --------------------------------- 21880 153241/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21881 153241/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21882 152897/conf_mod.c Buffer_Overflow_Indexes 557 file = getenv("OPENSSL_CONF"); if (file) { return BUF_strdup(file); file = CONF_get1_default_config_file(); if (!file) { if (NCONF_load(conf,file,((void *)0)) <= 0) { CRYPTO_free(file); 0 --------------------------------- 21883 152897/conf_mod.c Buffer_Overflow_Indexes 162 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21884 153211/mutex.c Buffer_Overflow_Indexes 146 evinces_cowan = getenv("TRAINMASTER_ANTIFOULING"); if (evinces_cowan != 0) {; stiacciato_snorkeler = ((int )(strlen(evinces_cowan))); nonperceptional_deployed = ((char *)(malloc(stiacciato_snorkeler + 1))); if (nonperceptional_deployed == 0) { memset(nonperceptional_deployed,0,stiacciato_snorkeler + 1); memcpy(nonperceptional_deployed,evinces_cowan,stiacciato_snorkeler); *acousmatic_turtlelike = nonperceptional_deployed; 0 --------------------------------- 21885 153211/mutex.c Buffer_Overflow_Indexes 40 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 21886 153211/mutex.c Buffer_Overflow_LowBound 182 char stonesoup_buffer[8]; char *rehypothecation_hypogeic = 0; pyruline_lingulae(&rehypothecation_hypogeic); perspirate_melolonthidan[5] = rehypothecation_hypogeic; whereinto_quadricostate[1] = 5; internetworking_lorriker = *(perspirate_melolonthidan + whereinto_quadricostate[1]); ria_markstone = ((char *)internetworking_lorriker); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(ria_markstone)+1, ria_markstone, "TRIGGER-STATE"); strncpy(stonesoup_buffer,ria_markstone,strlen(ria_markstone) + 1); 1 --------------------------------- 21887 153501/e_camellia.c Buffer_Overflow_Indexes 129 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&bluffly_bluegums,"CLYTIUS_DERMESTES"); if (bluffly_bluegums != 0) {; multifarously_warbeck = ((int )(strlen(bluffly_bluegums))); quaterion_congruence = ((char *)(malloc(multifarously_warbeck + 1))); if (quaterion_congruence == 0) { memset(quaterion_congruence,0,multifarously_warbeck + 1); memcpy(quaterion_congruence,bluffly_bluegums,multifarously_warbeck); if (bluffly_bluegums != 0) free(((char *)bluffly_bluegums)); buboed_schaffel[ *( *( *( *( *( *( *( *( *( *arcadias_algesis)))))))))] = quaterion_congruence; immodulated_semipublic = buboed_schaffel[ *( *( *( *( *( *( *( *( *( *arcadias_algesis)))))))))]; roothold_thymoquinone(brunizems_yearning,immodulated_semipublic); void roothold_thymoquinone(int anthracoid_geoscopic,char *fragmentarily_overflatly) roothold_thymoquinone(anthracoid_geoscopic,fragmentarily_overflatly); unfixable_hotspur = ((char *)fragmentarily_overflatly); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(unfixable_hotspur)+1, unfixable_hotspur, "TRIGGER-STATE"); strncpy(stonesoup_buffer,unfixable_hotspur,strlen(unfixable_hotspur) + 1); if (fragmentarily_overflatly != 0) free(((char *)fragmentarily_overflatly)); 0 --------------------------------- 21888 153501/e_camellia.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&bluffly_bluegums,"CLYTIUS_DERMESTES"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); roothold_thymoquinone(brunizems_yearning,immodulated_semipublic); roothold_thymoquinone(anthracoid_geoscopic,fragmentarily_overflatly); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21889 153501/e_camellia.c Buffer_Overflow_Indexes 124 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21890 153501/e_camellia.c Buffer_Overflow_LowBound 663 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *bluffly_bluegums;; stonesoup_read_taint(&bluffly_bluegums,"CLYTIUS_DERMESTES"); multifarously_warbeck = ((int )(strlen(bluffly_bluegums))); quaterion_congruence = ((char *)(malloc(multifarously_warbeck + 1))); memset(quaterion_congruence,0,multifarously_warbeck + 1); memcpy(quaterion_congruence,bluffly_bluegums,multifarously_warbeck); buboed_schaffel[ *( *( *( *( *( *( *( *( *( *arcadias_algesis)))))))))] = quaterion_congruence; immodulated_semipublic = buboed_schaffel[ *( *( *( *( *( *( *( *( *( *arcadias_algesis)))))))))]; roothold_thymoquinone(brunizems_yearning,immodulated_semipublic); char stonesoup_buffer[8]; roothold_thymoquinone(anthracoid_geoscopic,fragmentarily_overflatly); strncpy(stonesoup_buffer,unfixable_hotspur,strlen(unfixable_hotspur) + 1); void roothold_thymoquinone(int anthracoid_geoscopic,char *fragmentarily_overflatly) unfixable_hotspur = ((char *)fragmentarily_overflatly); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(unfixable_hotspur)+1, unfixable_hotspur, "TRIGGER-STATE"); strncpy(stonesoup_buffer,unfixable_hotspur,strlen(unfixable_hotspur) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&bluffly_bluegums,"CLYTIUS_DERMESTES"); multifarously_warbeck = ((int )(strlen(bluffly_bluegums))); quaterion_congruence = ((char *)(malloc(multifarously_warbeck + 1))); memset(quaterion_congruence,0,multifarously_warbeck + 1); memcpy(quaterion_congruence,bluffly_bluegums,multifarously_warbeck); buboed_schaffel[ *( *( *( *( *( *( *( *( *( *arcadias_algesis)))))))))] = quaterion_congruence; immodulated_semipublic = buboed_schaffel[ *( *( *( *( *( *( *( *( *( *arcadias_algesis)))))))))]; roothold_thymoquinone(brunizems_yearning,immodulated_semipublic); 1 --------------------------------- 21891 153109/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21892 153109/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21893 152945/portalmem.c Buffer_Overflow_Indexes 99 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); PortalReleaseCachedPlan(portal); PortalDrop(portal,((bool )0)); stonesoup_setup_printf_context(); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 21894 152945/portalmem.c Buffer_Overflow_Indexes 481 planidorsate_thermidor = getenv("TERNAR_REFINDS"); if (planidorsate_thermidor != 0) {; huskroot_eupolidean = ((int )(strlen(planidorsate_thermidor))); tripolar_pose = ((char *)(malloc(huskroot_eupolidean + 1))); if (tripolar_pose == 0) { memset(tripolar_pose,0,huskroot_eupolidean + 1); memcpy(tripolar_pose,planidorsate_thermidor,huskroot_eupolidean); unmashed_galliard = &tripolar_pose; middorsal_resinified = unmashed_galliard + 5; briney_landmeier(phytography_geotaxis,middorsal_resinified); void briney_landmeier(int pompom_jophiel,char **synarthrosis_actg); 0 --------------------------------- 21895 152945/portalmem.c Buffer_Overflow_cpycat 1021 void briney_landmeier(int pompom_jophiel,char **synarthrosis_actg) vesicants_cassegrain = ((char *)( *(synarthrosis_actg - 5))); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, vesicants_cassegrain); 1 --------------------------------- 21896 153675/aviobuf.c Buffer_Overflow_Indexes 52 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21897 153675/aviobuf.c Buffer_Overflow_Indexes 992 nazism_tuchunism = getenv("LACERTA_TWEYFOLD"); if (nazism_tuchunism != 0) {; virgilia_serpentarii = &nazism_tuchunism; summarise_metropolises = ((char **)(((unsigned long )virgilia_serpentarii) * kartvel_leer * kartvel_leer)) + 5; preexpend_gte = ((char *)( *(summarise_metropolises - 5))); stonesoup_taint_len = ((int )(strlen(preexpend_gte))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_data->buffer[stonesoup_buff_size] = preexpend_gte[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); 0 --------------------------------- 21898 153675/aviobuf.c Buffer_Overflow_LowBound 1077 int avio_printf(AVIOContext *s,const char *fmt,... ) va_list ap; char buf[4096]; __builtin_va_start(ap,fmt); ret = vsnprintf(buf,sizeof(buf),fmt,ap); 0 --------------------------------- 21899 108/snp-bad4.c Buffer_Overflow_Indexes 45 main(int argc, char **argv) if(argc > 2) { userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); x = strlen(p); p += x; l -= x; 1 --------------------------------- 21900 153654/utils.c Buffer_Overflow_Indexes 108 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21901 153654/utils.c Buffer_Overflow_LowBound 2371 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf_size = (buf_size > len?buf_size - len : 0); len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); 0 --------------------------------- 21902 153654/utils.c Buffer_Overflow_LowBound 2428 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); AVRational display_aspect_ratio; buf[0] ^= 'a' ^ 'A'; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); 0 --------------------------------- 21903 153654/utils.c Buffer_Overflow_LowBound 2404 AVCodec *experimental = ((void *)0); p = first_avcodec; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { p = p -> next; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { experimental = p; return experimental; return find_encdec(id,1); return find_encdec(id,0); return "none"; codec = avcodec_find_decoder(id); return codec -> name; codec = avcodec_find_encoder(id); return codec -> name; return "unknown_codec"; codec_type = av_get_media_type_string(enc -> codec_type); codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_encoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); const char *avcodec_get_name(enum AVCodecID id) cd = avcodec_descriptor_get(id); return cd -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_decoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); 0 --------------------------------- 21904 153654/utils.c Buffer_Overflow_LowBound 2470 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); 0 --------------------------------- 21905 153654/utils.c Buffer_Overflow_LowBound 1249 int avcodec_open(AVCodecContext *avctx,AVCodec *codec) return avcodec_open2(avctx,codec,((void *)0)); int avcodec_open2(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) if (av_codec_is_decoder(codec)) { if (av_codec_is_encoder(avctx -> codec)) { int av_codec_is_encoder(const AVCodec *codec) if (av_codec_is_encoder(avctx -> codec)) { if (avctx -> channels == 1 && (av_get_planar_sample_fmt(avctx -> sample_fmt)) == (av_get_planar_sample_fmt(avctx -> codec -> sample_fmts[i]))) { avctx -> sample_fmt = avctx -> codec -> sample_fmts[i]; char buf[128]; snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); av_log(avctx,16,"Specified sample format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_sample_fmt_name(avctx -> sample_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); int ff_codec_open2_recursive(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) ret = avcodec_open2(avctx,codec,options); 0 --------------------------------- 21906 153654/utils.c Buffer_Overflow_LowBound 2436 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); 0 --------------------------------- 21907 153654/utils.c Buffer_Overflow_LowBound 2443 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); 0 --------------------------------- 21908 153654/utils.c Buffer_Overflow_LowBound 2413 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); codec_tag >>= 8; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); 0 --------------------------------- 21909 153654/utils.c Buffer_Overflow_LowBound 2421 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); 0 --------------------------------- 21910 153654/utils.c Buffer_Overflow_LowBound 2432 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 21911 153654/utils.c Buffer_Overflow_LowBound 2408 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); 0 --------------------------------- 21912 153654/utils.c Buffer_Overflow_LowBound 2475 bit_rate = ctx -> bit_rate; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); bitrate = get_bit_rate(enc); return 4; return 8; return 16; return 32; return 64; return 2; return 4; return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); return 3; bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); bit_rate = 0; return bit_rate; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return 0; return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); static int get_bit_rate(AVCodecContext *ctx) bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); 0 --------------------------------- 21913 153654/utils.c Buffer_Overflow_LowBound 2448 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); 0 --------------------------------- 21914 153654/utils.c Buffer_Overflow_LowBound 2467 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); return ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); 0 --------------------------------- 21915 153654/utils.c Buffer_Overflow_LowBound 1262 char buf[128]; av_log(avctx,16,"Specified pixel format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_pix_fmt_name(avctx -> pix_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> pix_fmt); 0 --------------------------------- 21916 153654/utils.c Buffer_Overflow_LowBound 2457 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 21917 153802/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21918 153802/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21919 152980/conversation.c Buffer_Overflow_Indexes 130 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21920 152980/conversation.c Buffer_Overflow_LowBound 1240 ictonyx_clad = gualtiero_harmonizable(marbleizer_imitatress); HILLSVILLE_REOBLIGING(ictonyx_clad); char stonesoup_buffer[8]; strncpy(stonesoup_buffer,badly_jerseys,strlen(badly_jerseys) + 1); void lexological_nonpressing(void *resistive_sotadean) badly_jerseys = ((char *)((char *)resistive_sotadean)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(badly_jerseys)+1, badly_jerseys, "TRIGGER-STATE"); strncpy(stonesoup_buffer,badly_jerseys,strlen(badly_jerseys) + 1); 1 --------------------------------- 21921 153812/oids.c Buffer_Overflow_Indexes 100 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21922 153812/oids.c Buffer_Overflow_Indexes 141 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21923 153812/oids.c Buffer_Overflow_Indexes 146 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&coaxal_archoverseer,"MULTITUDINISTIC_OFFICIATION"); if (coaxal_archoverseer != 0) {; glossina_recognosce . endosteoma_maudlinize = ((char *)coaxal_archoverseer); sequesterment_wuzzled[5] = glossina_recognosce; mothering_isogone = *(sequesterment_wuzzled + *nonlethal_semifloscular); arcs_dreamless(mothering_isogone); 0 --------------------------------- 21924 153812/oids.c Buffer_Overflow_Indexes 185 char *debug_env = getenv("WIRESHARK_DEBUG_MIBS"); debuglevel = ((debug_env?strtoul(debug_env,((void *)0),10) : 0)); 0 --------------------------------- 21925 153689/tile-manager.c Buffer_Overflow_Indexes 91 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21926 153689/tile-manager.c Buffer_Overflow_Indexes 96 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&theistical_abbott,"ULTRAROYALISM_LIQUIDUS"); if (theistical_abbott != 0) {; scanting_uncarnate = theistical_abbott; trivoltine_unrailed(scanting_uncarnate); void trivoltine_unrailed(const finky_lycian okthabah_hygroma); 0 --------------------------------- 21927 153689/tile-manager.c Buffer_Overflow_Indexes 50 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21928 199284/memory_allocation_failure.c Buffer_Overflow_LowBound 270 char * buffer = 0; buffer = (char*) malloc(max_buffer * sizeof(char)); snprintf(buffer, max_buffer * sizeof(char), "Error: %s", error_log); char *str = "STRINGMEM"; memory_allocation_failure_008_func_001(str); char * memory_allocation_failure_008_func_001 (const char *msg) { const char *error_log = msg; snprintf(buffer, max_buffer * sizeof(char), "Error: %s", error_log); 0 --------------------------------- 21929 153286/mux.c Buffer_Overflow_scanf 126 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&ludicrousness_fessed,"4581",klangfarbe_altropathy); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 21930 153286/mux.c Buffer_Overflow_Indexes 124 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21931 153286/mux.c Buffer_Overflow_Indexes 937 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 0 --------------------------------- 21932 153286/mux.c Buffer_Overflow_Indexes 78 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&ludicrousness_fessed,"4581",klangfarbe_altropathy); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 21933 153598/tile-manager.c Buffer_Overflow_Indexes 919 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 21934 153598/tile-manager.c Buffer_Overflow_Indexes 87 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21935 153215/pgstat.c Buffer_Overflow_Indexes 3554 aegialeus_iotization = getenv("IMPLANTABLE_DESICCATIVE"); if (aegialeus_iotization != 0) {; supported_zophorus . cachucho_ribbonfish = ((char *)aegialeus_iotization); snoose_upbolt(peromelus_longville,supported_zophorus); void snoose_upbolt(int ethelee_impervertible,struct disyoke_sawway lissamphibian_myelopathy); 0 --------------------------------- 21936 153215/pgstat.c Buffer_Overflow_Indexes 279 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21937 153215/pgstat.c Buffer_Overflow_LowBound 4085 flamier_redominating = ((char *)lissamphibian_myelopathy . cachucho_ribbonfish); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(flamier_redominating)+1, flamier_redominating, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, flamier_redominating, strlen(flamier_redominating) + 1); 1 --------------------------------- 21938 153215/pgstat.c Buffer_Overflow_cpycat 2448 PgBackendStatus *localtable; localtable = ((PgBackendStatus *)(MemoryContextAlloc(pgStatLocalContext,sizeof(PgBackendStatus ) * MaxBackends))); localappname = ((char *)(MemoryContextAlloc(pgStatLocalContext,(64 * MaxBackends)))); beentry = BackendStatusArray; beentry++; localappname += 64; strcpy(localappname,((char *)(beentry -> st_appname))); 0 --------------------------------- 21939 153215/pgstat.c Buffer_Overflow_cpycat 2450 PgBackendStatus *localtable; localtable = ((PgBackendStatus *)(MemoryContextAlloc(pgStatLocalContext,sizeof(PgBackendStatus ) * MaxBackends))); localappname = ((char *)(MemoryContextAlloc(pgStatLocalContext,(64 * MaxBackends)))); localactivity = ((char *)(MemoryContextAlloc(pgStatLocalContext,(pgstat_track_activity_query_size * MaxBackends)))); beentry = BackendStatusArray; beentry++; localactivity += pgstat_track_activity_query_size; strcpy(localactivity,((char *)(beentry -> st_activity))); 0 --------------------------------- 21940 153257/mem_dbg.c Buffer_Overflow_Indexes 416 fieldale_undercuts = getenv("LIGGER_ASSERTED"); if (fieldale_undercuts != 0) {; euplotid_dittoing = fieldale_undercuts; canterburianism_ble = measurelessly_larbolins(euplotid_dittoing); viridities_tolusafranine measurelessly_larbolins(viridities_tolusafranine defeminize_interthread); 0 --------------------------------- 21941 153257/mem_dbg.c Buffer_Overflow_Indexes 213 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); canterburianism_ble = measurelessly_larbolins(euplotid_dittoing); pantagogue_selaginella(canterburianism_ble); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21942 153599/mem_dbg.c Buffer_Overflow_Indexes 223 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21943 153599/mem_dbg.c Buffer_Overflow_Indexes 436 xiphoidal_blatted = getenv("AFFRICATED_MINGLED"); if (xiphoidal_blatted != 0) {; rotting_hispanize . intersessions_belies = ((char *)xiphoidal_blatted); 0 --------------------------------- 21944 153599/mem_dbg.c Buffer_Overflow_LowBound 913 struct ransomers_isogon meadowlarks_coadjudicator = {0}; va_list suffisance_divisa; __builtin_va_start(suffisance_divisa,pittsford_overcure); meadowlarks_coadjudicator = (va_arg(suffisance_divisa,struct ransomers_isogon )); elutriating_uci(meadowlarks_coadjudicator); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); strncpy(stonesoup_data->buffer, infirmable_gerardia, strlen(infirmable_gerardia) + 1); void elutriating_uci(struct ransomers_isogon commodation_inbreathed) infirmable_gerardia = ((char *)commodation_inbreathed . intersessions_belies); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(infirmable_gerardia)+1, infirmable_gerardia, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, infirmable_gerardia, strlen(infirmable_gerardia) + 1); 1 --------------------------------- 21945 153487/error.c Buffer_Overflow_Indexes 73 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21946 153487/error.c Buffer_Overflow_Indexes 649 crossfire_endocarditic = getenv("CHAMPIGNONS_UNLEASHES"); if (crossfire_endocarditic != 0) {; *omnifacial_mesilla = crossfire_endocarditic; 0 --------------------------------- 21947 153487/error.c Buffer_Overflow_Indexes 675 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 21948 153641/timestamp.c Buffer_Overflow_Indexes 52 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); s stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21949 153641/timestamp.c Buffer_Overflow_Indexes 132 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 21950 153641/timestamp.c Buffer_Overflow_Indexes 121 ayala_pdn = getenv("CIRCUMLITIO_TAMILIAN"); if (ayala_pdn != 0) {; rosa_recolors = ayala_pdn; bisbee_unheeded = &rosa_recolors; if ( *bisbee_unheeded != 0) { palatoalveolar_keepworthy = ((char *)( *bisbee_unheeded)); for (stonesoup_i = 0; stonesoup_i < strlen(palatoalveolar_keepworthy); ++stonesoup_i) { palatoalveolar_keepworthy[stonesoup_i], stonesoup_data->buffer[(int) palatoalveolar_keepworthy[stonesoup_i]]); tracepoint(stonesoup_trace, variable_signed_integral, "((int) STONESOUP_TAINT_SOURCE[stonesoup_i])", ((int) palatoalveolar_keepworthy[stonesoup_i]), &(palatoalveolar_keepworthy[stonesoup_i]), "TRIGGER-STATE"); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 21951 153510/tile.c Buffer_Overflow_Indexes 60 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21952 153510/tile.c Buffer_Overflow_Indexes 101 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21953 153510/tile.c Buffer_Overflow_Indexes 106 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&lobo_buteo,"CHRISOM_CALCANEI"); if (lobo_buteo != 0) {; meuniere_hydrocoralline . pseudomaniac_lilibelle = lobo_buteo; wool_dialectologies = &meuniere_hydrocoralline; bipartisanship_haphsiba = &wool_dialectologies; tigernut_spectators = &bipartisanship_haphsiba; citynesses_pupilability = &tigernut_spectators; prerefusal_cytoma = &citynesses_pupilability; ulvan_revaccinate = &prerefusal_cytoma; immember_mulloway = &ulvan_revaccinate; aerographical_ebon = &immember_mulloway; textuaries_arilli = &aerographical_ebon; untroubled_bradykinesia = &textuaries_arilli; ethic_puelchean(untroubled_bradykinesia); 0 --------------------------------- 21954 199317/uninit_memory_access.c Buffer_Overflow_LowBound 312 char buffer[max_buffer]; snprintf(buffer, sizeof(buffer), "Error: %s", error_log); char *str ; uninit_memory_access_011_func_001(str); void uninit_memory_access_011_func_001 (const char *msg) { const char *error_log = msg; snprintf(buffer, sizeof(buffer), "Error: %s", error_log); 1 --------------------------------- 21955 199317/uninit_memory_access.c Buffer_Overflow_cpycat 53 char *str1 = (char *) calloc(25,sizeof(char)); char *str2 ; strcpy(str1, str2); 1 --------------------------------- 21956 153236/dynahash.c Buffer_Overflow_Indexes 240 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 21957 153236/dynahash.c Buffer_Overflow_Indexes 1514 gos_biochore = getenv("SHAIKH_FRACTURS"); if (gos_biochore != 0) {; smallpoxes_podology = gos_biochore; *meekhearted_fribblery = smallpoxes_podology; 0 --------------------------------- 21958 153236/dynahash.c Buffer_Overflow_LowBound 1555 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 21959 153236/dynahash.c Buffer_Overflow_LowBound 1546 char stonesoup_source[1024]; ensheath_bumpier unguessableness_resilement = 0; demijohn_prothalline(&unguessableness_resilement); titmall_abnegate[5] = unguessableness_resilement; cozenages_speedup[1] = 5; nonconcludent_iaria = *(titmall_abnegate + cozenages_speedup[1]); kistfuls_skunkbush = ((char *)nonconcludent_iaria); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, kistfuls_skunkbush, sizeof(stonesoup_source)); 153236 -------------------------------- 1645 /Bad/153236/dynahash.c Buffer_Overflow_cpycat HTAB *hash_create(const char *tabname,long nelem,HASHCTL *info,int flags) CurrentDynaHashCxt = AllocSetContextCreate(CurrentDynaHashCxt,tabname,0,(8 * 1024),(8 * 1024 * 1024)); hashp = ((HTAB *)(DynaHashAlloc(sizeof(HTAB ) + strlen(tabname) + 1))); hashp -> tabname = ((char *)(hashp + 1)); strcpy(hashp -> tabname,tabname); 0 --------------------------------- 21960 152964/color.c Buffer_Overflow_Indexes 165 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21961 152964/color.c Buffer_Overflow_Indexes 167 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21962 152964/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21963 152964/color.c Buffer_Overflow_Indexes 161 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 21964 152964/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21965 152964/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21966 152964/color.c Buffer_Overflow_cpycat 336 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 21967 152964/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21968 152964/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21969 152964/color.c Buffer_Overflow_cpycat 357 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 21970 152964/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21971 152964/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21972 152964/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21973 152964/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21974 152964/color.c Buffer_Overflow_cpycat 181 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 21975 152964/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21976 152964/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21977 152964/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21978 152964/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21979 152964/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21980 152964/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21981 152964/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21982 152964/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21983 152964/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21984 152964/color.c Buffer_Overflow_cpycat 337 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21985 152964/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21986 152964/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21987 152964/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 21988 153159/timestamp.c Buffer_Overflow_Indexes 51 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&nonexportable_pertinent,"PRECEDED_CORNEMUSE"); swiving_gawkers = cephaline_beggarwoman(nonexportable_pertinent); CEPHALANTHUS_TRIBUTIST(swiving_gawkers); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 21989 153159/timestamp.c Buffer_Overflow_Indexes 97 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&nonexportable_pertinent,"PRECEDED_CORNEMUSE"); if (nonexportable_pertinent != 0) {; swiving_gawkers = cephaline_beggarwoman(nonexportable_pertinent); char *cephaline_beggarwoman(char *chorales_scaldberry); 0 --------------------------------- 21990 153159/timestamp.c Buffer_Overflow_Indexes 92 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 21991 153159/timestamp.c Buffer_Overflow_LowBound 191 swiving_gawkers = cephaline_beggarwoman(nonexportable_pertinent); CEPHALANTHUS_TRIBUTIST(swiving_gawkers); char stonesoup_buffer[8]; strncpy(stonesoup_buffer,tonette_unlatinized,strlen(tonette_unlatinized) + 1); void tcg_chalkiest(char *hrip_exactress) tonette_unlatinized = ((char *)hrip_exactress); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(tonette_unlatinized)+1, tonette_unlatinized, "TRIGGER-STATE"); strncpy(stonesoup_buffer,tonette_unlatinized,strlen(tonette_unlatinized) + 1); 1 --------------------------------- 21992 149193/StackOverflow-bad.c Buffer_Overflow_Indexes 21 int main(int argc, char *argv[]) if(argc == 3) strncpy(name, argv[1], sizeof name - 1); strcat(name, argv[2]); 1 --------------------------------- 21993 149193/StackOverflow-bad.c Buffer_Overflow_LowBound 29 name[sizeof name - 1] = '\0'; strncat(name, " = ", sizeof name - strlen(name) - 1); 0 --------------------------------- 21994 149193/StackOverflow-bad.c Buffer_Overflow_LowBound 27 char name [2048]; strncpy(name, argv[1], sizeof name - 1); 0 --------------------------------- 21995 149193/StackOverflow-bad.c Buffer_Overflow_cpycat 30 name[sizeof name - 1] = '\0'; strncat(name, " = ", sizeof name - strlen(name) - 1); strcat(name, argv[2]); 1 --------------------------------- 21996 153185/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21997 153185/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 21998 153397/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 21999 153397/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22000 199233/buffer_overrun_dynamic_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 22001 153709/ffmpeg.c Buffer_Overflow_scanf 212 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&dipodomyinae_caporals,"5925",oxalacetate_homosassa); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22002 153709/ffmpeg.c Buffer_Overflow_scanf 243 stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; sscanf(param,"%p",&fct_ptr_addr); unneural_panime = ((char *)( *uncarnivorously_pacien) . epilobe_cajuputene); stonesoup_fp = stonesoup_switch_func(unneural_panime); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 22003 153709/ffmpeg.c Buffer_Overflow_scanf 2597 char target[64]; char command[256]; char arg[256] = {(0)}; double time; buf[i] = 0; if (k > 0 && (n = sscanf(buf,"%63[^ ] %lf %255[^ ] %255[^\n]",target,&time,command,arg)) >= 3) { 0 --------------------------------- 22004 153709/ffmpeg.c Buffer_Overflow_scanf 2628 int debug = 0; if (scanf("%d",&debug) != 1) { 0 --------------------------------- 22005 153709/ffmpeg.c Buffer_Overflow_Indexes 3178 int main(int argc,char **argv) parse_loglevel(argc,argv,options); if (argc > 1 && !strcmp(argv[1],"-d")) { argc--; argv++; show_banner(argc,argv,options); ret = ffmpeg_parse_options(argc,argv); if (ret < 0) { 0 --------------------------------- 22006 153709/ffmpeg.c Buffer_Overflow_Indexes 164 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22007 153709/ffmpeg.c Buffer_Overflow_Indexes 210 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22008 153709/ffmpeg.c Buffer_Overflow_Indexes 2628 if (scanf("%d",&debug) != 1) { 0 --------------------------------- 22009 153709/ffmpeg.c Buffer_Overflow_LowBound 2325 return input_streams[ost -> source_index]; int n = 1; size = n; pts = (av_malloc(sizeof(( *pts)) * size)); *(next++) = 0; AVChapter *c = avf -> chapters[j]; pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost -> forced_kf_pts = pts; input_streams[j + ifile -> ist_index] -> start = av_gettime(); ost = output_streams[i]; ist = get_input_stream(ost); return ((void *)0); int64_t *pts; pts = (av_malloc(sizeof(( *pts)) * size)); char *next = strchr(p,','); if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost -> forced_kf_pts = pts; for (i = 0; i < nb_output_streams; i++) { ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); ost -> encoding_needed = 1; ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); ost -> frame_rate = ist -> framerate; int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); codec -> time_base = av_inv_q(ost -> frame_rate); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); if (!strncmp((ost -> forced_keyframes),"expr:",5)) { parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); char logfilename[1024]; snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) p = kf; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { qsort(pts,size,sizeof(( *pts)),compare_int64); ost -> forced_kf_pts = pts; parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); fg = init_simple_filtergraph(ist,ost); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); 0 --------------------------------- 22010 153709/ffmpeg.c Buffer_Overflow_LowBound 1960 static int init_input_stream(int ist_index,char *error,int error_len) InputStream *ist = input_streams[ist_index]; snprintf(error,error_len,"Error while opening decoder for input stream #%d:%d",ist -> file_index,ist -> st -> index); 0 --------------------------------- 22011 153709/ffmpeg.c Buffer_Overflow_LowBound 1248 ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); char type[3] = {('Y'), ('U'), ('V')}; error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); 0 --------------------------------- 22012 153709/ffmpeg.c Buffer_Overflow_LowBound 1264 static double psnr(double d) return - 10.0 * log(d) / log(10.0); qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); static void close_output_stream(OutputStream *ost) ost -> finished = 1; static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error_sum += error; scale_sum += scale; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); output_streams[i] -> unavailable = 0; if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); 0 --------------------------------- 22013 153709/ffmpeg.c Buffer_Overflow_LowBound 1944 static int init_input_stream(int ist_index,char *error,int error_len) InputStream *ist = input_streams[ist_index]; snprintf(error,error_len,"Decoder (codec %s) not found for input stream #%d:%d",avcodec_get_name(ist -> st -> codec -> codec_id),ist -> file_index,ist -> st -> index); 0 --------------------------------- 22014 153709/ffmpeg.c Buffer_Overflow_LowBound 2227 static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; char error[1024]; ost = output_streams[i]; ist = get_input_stream(ost); ost -> enc = avcodec_find_encoder(codec -> codec_id); ist = get_input_stream(ost); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ist = get_input_stream(ost); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); if (!strcmp(ost -> enc -> name,"libx264")) { ist = get_input_stream(ost); static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); 0 --------------------------------- 22015 153709/ffmpeg.c Buffer_Overflow_LowBound 1296 static double psnr(double d) return - 10.0 * log(d) / log(10.0); static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); 0 --------------------------------- 22016 153709/ffmpeg.c Buffer_Overflow_LowBound 1291 int64_t pts = - 9223372036854775807L - 1; secs = (pts / 1000000); us = (pts % 1000000); mins = secs / 60; secs %= 60; hours = mins / 60; mins %= 60; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); 0 --------------------------------- 22017 153709/ffmpeg.c Buffer_Overflow_LowBound 1286 output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); 0 --------------------------------- 22018 153709/ffmpeg.c Buffer_Overflow_LowBound 1289 static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> coded_frame -> error[j]; error_sum += error; scale_sum += scale; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); 0 --------------------------------- 22019 153709/ffmpeg.c Buffer_Overflow_LowBound 2429 static InputStream *get_input_stream(OutputStream *ost) pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; char error[1024]; ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; if (!oc -> oformat -> codec_tag || (av_codec_get_id(oc -> oformat -> codec_tag,icodec -> codec_tag)) == (codec -> codec_id) || !av_codec_get_tag2(oc -> oformat -> codec_tag,icodec -> codec_id,&codec_tag)) { if (!strcmp(oc -> oformat -> name,"avi")) { if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { if (!(oc -> oformat -> flags & 0002000) && strcmp(oc -> oformat -> name,"mov") && strcmp(oc -> oformat -> name,"mp4") && strcmp(oc -> oformat -> name,"3gp") && strcmp(oc -> oformat -> name,"3g2") && strcmp(oc -> oformat -> name,"psp") && strcmp(oc -> oformat -> name,"ipod") && strcmp(oc -> oformat -> name,"f4v")) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (!strcmp(ost -> enc -> name,"libx264")) { ost = output_streams[i]; if (ist = get_input_stream(ost)) { ost -> st -> codec -> subtitle_header = (av_mallocz((dec -> subtitle_header_size + 1))); memcpy((ost -> st -> codec -> subtitle_header),(dec -> subtitle_header),(dec -> subtitle_header_size)); ost -> st -> codec -> subtitle_header_size = dec -> subtitle_header_size; if ((ret = avcodec_open2(ost -> st -> codec,codec,&ost -> opts)) < 0) { if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); av_buffersink_set_frame_size(ost -> filter -> filter,(ost -> st -> codec -> frame_size)); av_opt_set_dict((ost -> st -> codec),&ost -> opts); if (ist = get_input_stream(ost)) { for (i = 0; i < nb_output_files; i++) { oc = output_files[i] -> ctx; oc -> interrupt_callback = int_cb; if ((ret = avformat_write_header(oc,&output_files[i] -> opts)) < 0) { char errbuf[128]; const char *errbuf_ptr = errbuf; if (av_strerror(ret,errbuf,sizeof(errbuf)) < 0) { errbuf_ptr = (strerror(-ret)); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); if (strcmp(oc -> oformat -> name,"rtp")) { if ((ret = avformat_write_header(oc,&output_files[i] -> opts)) < 0) { if (av_strerror(ret,errbuf,sizeof(errbuf)) < 0) { errbuf_ptr = (strerror(-ret)); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (ist = get_input_stream(ost)) { static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) ost = output_streams[i]; ist = get_input_stream(ost); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); AVCodecContext *dec = ((void *)0); if (ist = get_input_stream(ost)) { memcpy((ost -> st -> codec -> subtitle_header),(dec -> subtitle_header),(dec -> subtitle_header_size)); if ((ret = avcodec_open2(ost -> st -> codec,codec,&ost -> opts)) < 0) { if (ist = get_input_stream(ost)) { 0 --------------------------------- 22020 153709/ffmpeg.c Buffer_Overflow_LowBound 568 va_list va; char buf[1024]; __builtin_va_start(va,fmt); vsnprintf(buf,sizeof(buf),fmt,va); update_benchmark(((void *)0)); update_benchmark("encode_audio %d.%d",ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("encode_video %d.%d",ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("flush %s %d.%d",desc,ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("decode_audio %d.%d",ist -> file_index,ist -> st -> index); update_benchmark(((void *)0)); update_benchmark("decode_video %d.%d",ist -> file_index,ist -> st -> index); static void update_benchmark(const char *fmt,... ) __builtin_va_start(va,fmt); vsnprintf(buf,sizeof(buf),fmt,va); 0 --------------------------------- 22021 153709/ffmpeg.c Buffer_Overflow_LowBound 1293 total_size = avio_size(oc -> pb); total_size = avio_tell(oc -> pb); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); 0 --------------------------------- 22022 153709/ffmpeg.c Buffer_Overflow_LowBound 1307 delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = (lrintf(delta)); nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { close_output_stream(ost); nb_frames = 0; nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { double duration = 0; duration = 1 / (av_q2d(ost -> frame_rate) * av_q2d(enc -> time_base)); sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = 1; nb_frames = 0; nb_frames = (lrintf(delta)); nb_frames = 0; nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_drop++; nb_frames_drop++; nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { if (!ost -> filtered_frame && !(ost -> filtered_frame = avcodec_alloc_frame())) { avcodec_get_frame_defaults(ost -> filtered_frame); filtered_frame = ost -> filtered_frame; avfilter_copy_buf_props(filtered_frame,picref); do_video_out(of -> ctx,ost,filtered_frame); int64_t pts = - 9223372036854775807L - 1; static int qp_histogram['4']; total_size = avio_size(oc -> pb); total_size = avio_tell(oc -> pb); buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); bitrate = (pts && total_size >= 0?(total_size * 8) / (pts / 1000.0) : (- 1)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); av_bprintf(&buf_script,"dup_frames=%d\n",nb_frames_dup); av_bprintf(&buf_script,"drop_frames=%d\n",nb_frames_drop); return reap_filters(); ret = reap_filters(); if ((ret = transcode_from_filter(ost -> filter -> graph,&ist)) < 0) { return reap_filters(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static void do_video_out(AVFormatContext *s,OutputStream *ost,AVFrame *in_picture) sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = (lrintf(delta)); nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; do_video_out(of -> ctx,ost,filtered_frame); return reap_filters(); ret = transcode_step(); print_report(0,timer_start,cur_time); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); 0 --------------------------------- 22023 153709/ffmpeg.c Buffer_Overflow_LowBound 1229 static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); 0 --------------------------------- 22024 153709/ffmpeg.c Buffer_Overflow_LowBound 1238 buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); 0 --------------------------------- 22025 153709/ffmpeg.c Buffer_Overflow_LowBound 2377 char error[1024]; ost -> st -> disposition = ist -> st -> disposition; ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; if (!strcmp(ost -> enc -> name,"libx264")) { if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); av_buffersink_set_frame_size(ost -> filter -> filter,(ost -> st -> codec -> frame_size)); if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); 0 --------------------------------- 22026 153709/ffmpeg.c Buffer_Overflow_LowBound 1224 ost -> finished = 1; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); close_output_stream(output_streams[of -> ost_index + j]); output_streams[i] -> unavailable = 0; reset_eagain(); timer_start = av_gettime(); int64_t cur_time = av_gettime(); if (check_keyboard_interaction(cur_time) < 0) { if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static void print_report(int is_last_report,int64_t timer_start,int64_t cur_time) float t = ((cur_time - timer_start) / 1000000.0); fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static void close_output_stream(OutputStream *ost) if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static int check_keyboard_interaction(int64_t cur_time) print_report(0,timer_start,cur_time); 0 --------------------------------- 22027 153709/ffmpeg.c Buffer_Overflow_LowBound 1268 static double psnr(double d) return - 10.0 * log(d) / log(10.0); buf[0] = '\0'; ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; reset_eagain(); sub2video_heartbeat(ist,pkt . pts); ret = output_packet(ist,(&pkt)); ret = process_input(ist -> file_index); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); float q = (- 1); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; error = enc -> coded_frame -> error[j]; error_sum += error; p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); static void close_output_stream(OutputStream *ost) ost -> finished = 1; static int qp_histogram['4']; if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; reset_eagain(); if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); 0 --------------------------------- 22028 153378/stream.c Buffer_Overflow_Indexes 186 rectorates_kossuth = getenv("ARRANT_UNSTUNTED"); if (rectorates_kossuth != 0) {; edom_gabion = rectorates_kossuth; gulick_fourchette = &edom_gabion; hoidening_innuendoing = ((char *)( *gulick_fourchette)); sprintf(stonesoup_buffer_stack,hoidening_innuendoing); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_buffer_stack", stonesoup_buffer_stack, "TRIGGER-STATE"); stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 22029 153378/stream.c Buffer_Overflow_Indexes 98 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("%s\n",stonesoup_buffer_stack); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer_stack); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22030 153274/avfilter.c Buffer_Overflow_Indexes 87 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22031 153274/avfilter.c Buffer_Overflow_LowBound 108 av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); 0 --------------------------------- 22032 153550/stream.c Buffer_Overflow_Indexes 145 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22033 153550/stream.c Buffer_Overflow_cpycat 545 char stonesoup_stack_buffer_64[64]; perfunctorious_sicht = ((char *)( *stropper_gypseous) . overcaution_palladia); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,perfunctorious_sicht); 0 --------------------------------- 22034 148804/strings.c Buffer_Overflow_LowBound 72 int append, const char *fmt, va_list ap, const char *file, int lineno, const char *function) int offset = (append && (*buf)->__AST_STR_LEN) ? (*buf)->__AST_STR_USED : 0; va_list aq; va_end(aq); va_end(aq); va_copy(aq, ap); res = vsnprintf((*buf)->__AST_STR_STR + offset, (*buf)->__AST_STR_LEN - offset, fmt, aq); 0 --------------------------------- 22035 149125/heap_overflow_cplx-bad.c Buffer_Overflow_cpycat 68 return NULL; t[i] = '\0'; return t; buf = malloc(25*sizeof(char)); char *t = rand_text(); strcpy(buf,t); 1 --------------------------------- 22036 153544/color.c Buffer_Overflow_Indexes 165 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22037 153544/color.c Buffer_Overflow_Indexes 167 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22038 153544/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22039 153544/color.c Buffer_Overflow_Indexes 161 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22040 153544/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22041 153544/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22042 153544/color.c Buffer_Overflow_cpycat 336 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22043 153544/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22044 153544/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22045 153544/color.c Buffer_Overflow_cpycat 357 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22046 153544/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22047 153544/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22048 153544/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22049 153544/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22050 153544/color.c Buffer_Overflow_cpycat 181 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22051 153544/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22052 153544/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22053 153544/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22054 153544/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22055 153544/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22056 153544/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22057 153544/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22058 153544/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22059 153544/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22060 153544/color.c Buffer_Overflow_cpycat 337 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22061 153544/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22062 153544/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22063 153544/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22064 299/basic-00047-large.c Buffer_Overflow_LowBound 60 char buf[10]; src[4106 - 1] = '\0'; strncpy(buf, src, 4106); 1 --------------------------------- 22065 153776/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22066 153776/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22067 153118/e_bf.c Buffer_Overflow_scanf 137 void eulytine_duplon(char **const noneuphonious_afips) whereto_desktops(pentoic_toupet,noneuphonious_afips); void whereto_desktops(int ergotinine_itabuna,char **cosmos_contemporize) whereto_desktops(ergotinine_itabuna,cosmos_contemporize); centrechinoida_jenei = ((char *)((char **)cosmos_contemporize)[2]); stonesoup_fp = stonesoup_switch_func(centrechinoida_jenei); stonesoup_fct_ptr stonesoup_switch_func(char *param) stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 22068 153118/e_bf.c Buffer_Overflow_Indexes 82 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22069 153118/e_bf.c Buffer_Overflow_Indexes 214 norpinic_orpington = getenv("SOMNAMBULOUS_ILYSIOID"); if (norpinic_orpington != 0) {; vintnership_kaufman[2] = norpinic_orpington; eulytine_duplon(vintnership_kaufman); void eulytine_duplon(char **const noneuphonious_afips); 0 --------------------------------- 22070 148881/airpcap_loader.c Buffer_Overflow_scanf 1549 guint n; a = sscanf(if_info->name,AIRPCAP_DEVICE_NUMBER_EXTRACT_STRING,&n); 0 --------------------------------- 22071 153209/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22072 153209/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22073 153152/eng_table.c Buffer_Overflow_scanf 150 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&opined_fissura,"9782",cooncan_cesium); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22074 153152/eng_table.c Buffer_Overflow_Indexes 148 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22075 153152/eng_table.c Buffer_Overflow_Indexes 102 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&opined_fissura,"9782",cooncan_cesium); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22076 153212/utils.c Buffer_Overflow_Indexes 104 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22077 153212/utils.c Buffer_Overflow_LowBound 4376 int ff_url_join(char *str,int size,const char *proto,const char *authorization,const char *hostname,int port,const char *fmt,... ) str[0] = '\0'; av_strlcatf(str,size,"%s: av_strlcatf(str,size,"%s@",authorization); av_strlcat(str,"[",size); av_strlcat(str,hostname,size); av_strlcat(str,"]",size); av_strlcat(str,hostname,size); av_strlcat(str,hostname,size); av_strlcatf(str,size,":%d",port); va_list vl; int len = (strlen(str)); __builtin_va_start(vl,fmt); vsnprintf(str + len,(size > len?size - len : 0),fmt,vl); 0 --------------------------------- 22078 153212/utils.c Buffer_Overflow_LowBound 4929 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, worldman_pompster, stonesoup_buffer_len); 0 --------------------------------- 22079 153212/utils.c Buffer_Overflow_LowBound 4954 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); dogmata_garibaldian = 5; nonmalignantly_noncreditor = &dogmata_garibaldian; boqueron_sequesterment = *(chondrichthyes_caen + *nonmalignantly_noncreditor); worldman_pompster = ((char *)boqueron_sequesterment); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, worldman_pompster, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, worldman_pompster, stonesoup_buffer_len); void stonesoup_handle_taint(char *paradoxurus_furl) adephaga_concordial = paradoxurus_furl; chondrichthyes_caen[5] = adephaga_concordial; boqueron_sequesterment = *(chondrichthyes_caen + *nonmalignantly_noncreditor); worldman_pompster = ((char *)boqueron_sequesterment); strncpy(stonesoup_buffer, worldman_pompster, stonesoup_buffer_len); strncpy(stonesoup_buffer, worldman_pompster, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, worldman_pompster, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, worldman_pompster, stonesoup_buffer_len); 1 --------------------------------- 22080 153212/utils.c Buffer_Overflow_LowBound 3934 return av_guess_format("image2",((void *)0),((void *)0)); return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if (!av_filename_number_test(filename)) { char buf1[20]; nd = 0; while(av_isdigit(( *p))){ c = *(p++); nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); memcpy(q,buf1,len); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); int av_probe_input_buffer(AVIOContext *pb,AVInputFormat **fmt,const char *filename,void *logctx,unsigned int offset,unsigned int max_probe_size) if (!av_filename_number_test(filename)) { int av_filename_number_test(const char *filename) return filename && av_get_frame_filename(buf,(sizeof(buf)),filename,1) >= 0; int av_get_frame_filename(char *buf,int buf_size,const char *path,int number) p = path; c = *(p++); nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); static int init_input(AVFormatContext *s,const char *filename,AVDictionary **options) if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { if (!av_filename_number_test(filename)) { AVOutputFormat *av_guess_format(const char *short_name,const char *filename,const char *mime_type) if (!short_name && filename && av_filename_number_test(filename) && (ff_guess_image2_codec(filename)) != AV_CODEC_ID_NONE) { int avformat_open_input(AVFormatContext **ps,const char *filename,AVInputFormat *fmt,AVDictionary **options) if ((ret = init_input(s,filename,&tmp)) < 0) { 0 --------------------------------- 22081 153349/img2.c Buffer_Overflow_scanf 91 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&gladiest_rhapsodizes,"1652",deadhouse_shawwal); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22082 153349/img2.c Buffer_Overflow_Indexes 43 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&gladiest_rhapsodizes,"1652",deadhouse_shawwal); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22083 153349/img2.c Buffer_Overflow_Indexes 89 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22084 153349/img2.c Buffer_Overflow_LowBound 151 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int deadhouse_shawwal = 53; char *gladiest_rhapsodizes;; stonesoup_read_taint(&gladiest_rhapsodizes,"1652",deadhouse_shawwal); bonny_brachycome = ((void *)gladiest_rhapsodizes); pseudo_redominating = 1; electrogalvanic_unsun = &bonny_brachycome; mimically_bearsville = ((void **)(((unsigned long )electrogalvanic_unsun) * pseudo_redominating * pseudo_redominating)) + 5; cognomina_cyanitic = ((char *)((char *)( *(mimically_bearsville - 5)))); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(cognomina_cyanitic)+1, cognomina_cyanitic, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, cognomina_cyanitic, strlen(cognomina_cyanitic) + 1); 1 --------------------------------- 22085 152974/conversation.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22086 152974/conversation.c Buffer_Overflow_LowBound 1234 void stonesoup_handle_taint(char *emblemist_stours) tuberculiferous_pollaiuolo = emblemist_stours; EUPHONICALLY_SENSUALIZE(tuberculiferous_pollaiuolo); void rightabout_valerye(tereshkova_reinterrogates joisted_rice) char stonesoup_source[1024]; gamasid_dimity = ((char *)joisted_rice); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, gamasid_dimity, sizeof(stonesoup_source)); 0 --------------------------------- 22087 152974/conversation.c Buffer_Overflow_LowBound 1243 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 22088 153303/utils.c Buffer_Overflow_Indexes 126 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&signifer_hydrazobenzene,"INWRAP_GRAPHIOLOGIST"); if (signifer_hydrazobenzene != 0) {; braxies_sprighty . pomiculturist_inconcoct = signifer_hydrazobenzene; ufa_idou[5] = braxies_sprighty; runa_queendom = *(ufa_idou + reconsidering_misremember[1]); camaldolesian_windham(australioid_fitts,runa_queendom); void camaldolesian_windham(int overcrops_cabinlike,union oversteadiness_composite picturemaker_bromometric); 0 --------------------------------- 22089 153303/utils.c Buffer_Overflow_Indexes 121 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22090 153303/utils.c Buffer_Overflow_Indexes 80 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22091 153303/utils.c Buffer_Overflow_Indexes 3210 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 22092 153303/utils.c Buffer_Overflow_LowBound 2496 bit_rate = ctx -> bit_rate; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); bitrate = get_bit_rate(enc); return 4; return 8; return 16; return 24; return 32; return 0; return 2; return 3; return 4; return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); return 64; return av_get_exact_bits_per_sample(codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); bit_rate = 0; return bit_rate; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); static int get_bit_rate(AVCodecContext *ctx) bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); 0 --------------------------------- 22093 153303/utils.c Buffer_Overflow_LowBound 1283 char buf[128]; av_log(avctx,16,"Specified pixel format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_pix_fmt_name(avctx -> pix_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> pix_fmt); 0 --------------------------------- 22094 153303/utils.c Buffer_Overflow_LowBound 2442 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); 0 --------------------------------- 22095 153303/utils.c Buffer_Overflow_LowBound 2457 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); return ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); 0 --------------------------------- 22096 153303/utils.c Buffer_Overflow_LowBound 1270 int ff_codec_open2_recursive(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) ret = avcodec_open2(avctx,codec,options); int avcodec_open2(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) if (av_codec_is_decoder(codec)) { if (av_codec_is_encoder(avctx -> codec)) { int av_codec_is_encoder(const AVCodec *codec) if (av_codec_is_encoder(avctx -> codec)) { if (avctx -> channels == 1 && (av_get_planar_sample_fmt(avctx -> sample_fmt)) == (av_get_planar_sample_fmt(avctx -> codec -> sample_fmts[i]))) { avctx -> sample_fmt = avctx -> codec -> sample_fmts[i]; char buf[128]; snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); av_log(avctx,16,"Specified sample format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_sample_fmt_name(avctx -> sample_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); int avcodec_open(AVCodecContext *avctx,AVCodec *codec) return avcodec_open2(avctx,codec,((void *)0)); 0 --------------------------------- 22097 153303/utils.c Buffer_Overflow_LowBound 2392 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf_size = (buf_size > len?buf_size - len : 0); len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); 0 --------------------------------- 22098 153303/utils.c Buffer_Overflow_LowBound 2491 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); 0 --------------------------------- 22099 153303/utils.c Buffer_Overflow_LowBound 2425 AVCodec *experimental = ((void *)0); p = first_avcodec; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { p = p -> next; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { experimental = p; return experimental; return find_encdec(id,1); return find_encdec(id,0); return "none"; codec = avcodec_find_decoder(id); return codec -> name; codec = avcodec_find_encoder(id); return codec -> name; return "unknown_codec"; codec_type = av_get_media_type_string(enc -> codec_type); codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_decoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); const char *avcodec_get_name(enum AVCodecID id) cd = avcodec_descriptor_get(id); return cd -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_encoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); 0 --------------------------------- 22100 153303/utils.c Buffer_Overflow_LowBound 2449 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); AVRational display_aspect_ratio; profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); 0 --------------------------------- 22101 153303/utils.c Buffer_Overflow_LowBound 2464 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); 0 --------------------------------- 22102 153303/utils.c Buffer_Overflow_LowBound 2469 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); 0 --------------------------------- 22103 153303/utils.c Buffer_Overflow_LowBound 2478 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 22104 153303/utils.c Buffer_Overflow_LowBound 2453 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; buf[0] ^= 'a' ^ 'A'; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 22105 153303/utils.c Buffer_Overflow_LowBound 2429 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); 0 --------------------------------- 22106 153303/utils.c Buffer_Overflow_LowBound 2434 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); codec_tag >>= 8; const char *profile = ((void *)0); av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); 0 --------------------------------- 22107 153303/utils.c Buffer_Overflow_LowBound 2488 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); 0 --------------------------------- 22108 1513/Figure6-1.cpp Buffer_Overflow_Indexes 30 int main(int argc, char * argv[]) if (argc < 2) { usage(argv[0]); void usage(char *pname) snprintf(usageStr, 1024, "Usage: %s \n", pname); printf(usageStr); 0 --------------------------------- 22109 1513/Figure6-1.cpp Buffer_Overflow_LowBound 26 int main(int argc, char * argv[]) usage(argv[0]); void usage(char *pname) char usageStr[1024]; snprintf(usageStr, 1024, "Usage: %s \n", pname); 0 --------------------------------- 22110 153795/conversation.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22111 1299/util-bad.c Buffer_Overflow_cpycat 176 register char *gecos; char *login; char *buf; register char *bp = buf; gecos++; l += strlen(login); for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++) strlen(bp), strlen(login)); (void) strcpy(bp, login); *bp = toupper(*bp); bp++; *bp++ = *p; printf ("bp-buf = %d\n", (bp-buf)); strlen(bp), strlen(login)); (void) strcpy(bp, login); 0 --------------------------------- 22112 153518/e_bf.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22113 153518/e_bf.c Buffer_Overflow_Indexes 254 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 0 --------------------------------- 22114 153518/e_bf.c Buffer_Overflow_Indexes 196 claves_paphus = getenv("OVERSPICED_PHYSIOLOGUE"); if (claves_paphus != 0) {; lullaby_retrochoir(1,claves_paphus); void lullaby_retrochoir(int sild_snyes,... ); 0 --------------------------------- 22115 153171/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22116 153171/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22117 1600/scpy1-bad.c Buffer_Overflow_cpycat 37 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; strcpy(buf, str); 1 --------------------------------- 22118 1620/snp3-bad.c Buffer_Overflow_LowBound 40 main(int argc, char **argv) userstr = argv[1]; char buf[MAXSIZE]; test(userstr); test(char *str) char buf[MAXSIZE]; snprintf(buf, 1024, "<%35s>", str); 1 --------------------------------- 22119 153173/eng_table.c Buffer_Overflow_Indexes 149 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22120 149077/scpy2-bad.c Buffer_Overflow_cpycat 44 main(int argc, char **argv) userstr = argv[1]; char buf[MAXSIZE]; test(userstr); test(char *str) char buf[MAXSIZE]; if(strlen(str) > MAXSIZE) strcpy(buf, str); 1 --------------------------------- 22121 153330/color.c Buffer_Overflow_Indexes 154 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22122 153330/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22123 153330/color.c Buffer_Overflow_Indexes 545 flagg_reveller = getenv("LINEARISATION_UNSTANDARDIZED"); if (flagg_reveller != 0) {; usecc_carfuffle = ((char *)flagg_reveller); strncpy(stonesoup_source, usecc_carfuffle, sizeof(stonesoup_source)); 0 --------------------------------- 22124 153330/color.c Buffer_Overflow_Indexes 150 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22125 153330/color.c Buffer_Overflow_LowBound 563 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 22126 153330/color.c Buffer_Overflow_LowBound 554 char stonesoup_source[1024]; flagg_reveller = getenv("LINEARISATION_UNSTANDARDIZED"); usecc_carfuffle = ((char *)flagg_reveller); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, usecc_carfuffle, sizeof(stonesoup_source)); 0 --------------------------------- 22127 153330/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22128 153330/color.c Buffer_Overflow_cpycat 170 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22129 153330/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22130 153330/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22131 153330/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22132 153330/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22133 153330/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22134 153330/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22135 153330/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22136 153330/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22137 153330/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22138 153330/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22139 153330/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22140 153330/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22141 153330/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22142 153330/color.c Buffer_Overflow_cpycat 346 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22143 153330/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22144 153330/color.c Buffer_Overflow_cpycat 325 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22145 153330/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22146 153330/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22147 153330/color.c Buffer_Overflow_cpycat 192 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22148 153330/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22149 153330/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22150 153330/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22151 153545/main_filter_toolbar.c Buffer_Overflow_scanf 131 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&technetronic_surrealist,"7689",doats_uninterpolative); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22152 153545/main_filter_toolbar.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22153 153545/main_filter_toolbar.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22154 1626/snp6-bad.c Buffer_Overflow_LowBound 37 main(int argc, char **argv) userstr = argv[1]; char buf[MAXSIZE]; if(strlen(userstr) <= MAXSIZE) test(userstr); test(char *str) char buf[MAXSIZE]; snprintf(buf, 1024, "<%s>", str); 1 --------------------------------- 22155 153613/color.c Buffer_Overflow_Indexes 154 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22156 153613/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22157 153613/color.c Buffer_Overflow_Indexes 548 walden_middleland = getenv("AMOEBIDAE_PRESBYACUSIA"); if (walden_middleland != 0) {; hartungen_skirtless = ((char *)walden_middleland); if (strlen(hartungen_skirtless) < 20) {; realpath(hartungen_skirtless, stonesoup_data->base_path); 0 --------------------------------- 22158 153613/color.c Buffer_Overflow_Indexes 160 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22159 153613/color.c Buffer_Overflow_Indexes 158 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22160 153613/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22161 153613/color.c Buffer_Overflow_cpycat 350 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22162 153613/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22163 153613/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22164 153613/color.c Buffer_Overflow_cpycat 174 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22165 153613/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22166 153613/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22167 153613/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22168 153613/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22169 153613/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22170 153613/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22171 153613/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22172 153613/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22173 153613/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22174 153613/color.c Buffer_Overflow_cpycat 182 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22175 153613/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22176 153613/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22177 153613/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22178 153613/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22179 153613/color.c Buffer_Overflow_cpycat 329 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22180 153613/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22181 153613/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22182 153613/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22183 153613/color.c Buffer_Overflow_cpycat 330 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22184 8/Doubly_freeing_memory.c Buffer_Overflow_Indexes 5 int main(int argc, char **argv) { strncpy(buf1R2, argv[1], BUFSIZE1-1); 0 --------------------------------- 22185 8/Doubly_freeing_memory.c Buffer_Overflow_LowBound 14 buf1R2 = (char *) malloc(BUFSIZE1); strncpy(buf1R2, argv[1], BUFSIZE1-1); 0 --------------------------------- 22186 1510/Figure4-29-windows.cpp Buffer_Overflow_Indexes 43 int main(int argc, char * argv[]) if (argc !=1){ 0 --------------------------------- 22187 153642/tile-swap.c Buffer_Overflow_scanf 170 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&lipschitz_gaums,"2493",demidevil_werefox); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22188 153642/tile-swap.c Buffer_Overflow_Indexes 122 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&lipschitz_gaums,"2493",demidevil_werefox); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); trechmannite_goldenpert(1,bas_adelges); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22189 153642/tile-swap.c Buffer_Overflow_Indexes 168 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22190 153642/tile-swap.c Buffer_Overflow_cpycat 681 char *mystes_heyerdahl = 0; tumultuous_retailors = ((char *)mystes_heyerdahl); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, tumultuous_retailors); 1 --------------------------------- 22191 153697/color.c Buffer_Overflow_Indexes 170 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22192 153697/color.c Buffer_Overflow_Indexes 172 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22193 153697/color.c Buffer_Overflow_Indexes 166 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22194 153697/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22195 153697/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22196 153697/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22197 153697/color.c Buffer_Overflow_cpycat 194 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22198 153697/color.c Buffer_Overflow_cpycat 334 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22199 153697/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22200 153697/color.c Buffer_Overflow_cpycat 221 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22201 153697/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22202 153697/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22203 153697/color.c Buffer_Overflow_cpycat 362 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22204 153697/color.c Buffer_Overflow_cpycat 229 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22205 153697/color.c Buffer_Overflow_cpycat 341 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22206 153697/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22207 153697/color.c Buffer_Overflow_cpycat 208 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22208 153697/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22209 153697/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22210 153697/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22211 153697/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22212 153697/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22213 153697/color.c Buffer_Overflow_cpycat 186 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22214 153697/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22215 153697/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22216 153697/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22217 153697/color.c Buffer_Overflow_cpycat 201 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22218 153697/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22219 153131/color.c Buffer_Overflow_Indexes 170 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22220 153131/color.c Buffer_Overflow_Indexes 172 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22221 153131/color.c Buffer_Overflow_Indexes 166 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22222 153131/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22223 153131/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22224 153131/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22225 153131/color.c Buffer_Overflow_cpycat 194 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22226 153131/color.c Buffer_Overflow_cpycat 334 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22227 153131/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22228 153131/color.c Buffer_Overflow_cpycat 221 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22229 153131/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22230 153131/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22231 153131/color.c Buffer_Overflow_cpycat 362 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22232 153131/color.c Buffer_Overflow_cpycat 229 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22233 153131/color.c Buffer_Overflow_cpycat 341 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22234 153131/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22235 153131/color.c Buffer_Overflow_cpycat 208 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22236 153131/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22237 153131/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22238 153131/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22239 153131/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22240 153131/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22241 153131/color.c Buffer_Overflow_cpycat 596 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, orbate_hereaway); void stonesoup_handle_taint(char *coccidae_damn) orbate_hereaway = ((char *)coccidae_damn); strcpy(stonesoup_data.buffer, orbate_hereaway); 0 --------------------------------- 22242 153131/color.c Buffer_Overflow_cpycat 186 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22243 153131/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22244 153131/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22245 153131/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22246 153131/color.c Buffer_Overflow_cpycat 201 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22247 153131/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22248 152882/subtrans.c Buffer_Overflow_Indexes 76 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&causeways_proprietarian,"PACIFYING_LEISURELESS"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); melancholy_dauded = inhabitation_retaliate(unsticked_hoplonemertea); valinch_forums(kists_oxyhydric,melancholy_dauded); valinch_forums(arteriometer_inordinacy,calusa_pacate); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22249 152882/subtrans.c Buffer_Overflow_Indexes 117 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22250 152882/subtrans.c Buffer_Overflow_Indexes 122 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&causeways_proprietarian,"PACIFYING_LEISURELESS"); if (causeways_proprietarian != 0) {; pazia_boroglycerine = ((int )(strlen(causeways_proprietarian))); unsticked_hoplonemertea = ((char *)(malloc(pazia_boroglycerine + 1))); if (unsticked_hoplonemertea == 0) { memset(unsticked_hoplonemertea,0,pazia_boroglycerine + 1); memcpy(unsticked_hoplonemertea,causeways_proprietarian,pazia_boroglycerine); if (causeways_proprietarian != 0) free(((char *)causeways_proprietarian)); melancholy_dauded = inhabitation_retaliate(unsticked_hoplonemertea); char *inhabitation_retaliate(char *veblen_maidism); 0 --------------------------------- 22251 152882/subtrans.c Buffer_Overflow_cpycat 448 melancholy_dauded = inhabitation_retaliate(unsticked_hoplonemertea); valinch_forums(kists_oxyhydric,melancholy_dauded); valinch_forums(arteriometer_inordinacy,calusa_pacate); void valinch_forums(int arteriometer_inordinacy,char *calusa_pacate) premen_abstrude = ((char *)calusa_pacate); stonesoup_buffer = malloc((strlen(premen_abstrude) + 1) * sizeof(char )); strcpy(stonesoup_buffer,premen_abstrude); 0 --------------------------------- 22252 152923/portalmem.c Buffer_Overflow_Indexes 98 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&hyperopia_hamburg,"GOVERNABILITY_TOLING"); PortalReleaseCachedPlan(portal); PortalDrop(portal,((bool )0)); stonesoup_setup_printf_context(); stonesoup_read_taint(&hyperopia_hamburg,"GOVERNABILITY_TOLING"); AGPAITIC_DERMOHEMAL(warriorwise_ratoon); stonesoup_printf("string is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("string is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22253 152923/portalmem.c Buffer_Overflow_Indexes 139 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22254 152923/portalmem.c Buffer_Overflow_Indexes 144 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hyperopia_hamburg,"GOVERNABILITY_TOLING"); if (hyperopia_hamburg != 0) {; warriorwise_ratoon = ((void *)hyperopia_hamburg); AGPAITIC_DERMOHEMAL(warriorwise_ratoon); void dacryolite_emissaria(void *pyridone_aguamiel) AGPAITIC_DERMOHEMAL(warriorwise_ratoon); camphorize_penible = ((char *)((char *)pyridone_aguamiel)); if (strlen(camphorize_penible) < 1) { stonesoup_set_function(camphorize_penible, &stonesoup_my_foo); if (((char *)pyridone_aguamiel) != 0) free(((char *)((char *)pyridone_aguamiel))); void stonesoup_set_function(char *set_param_str,struct stonesoup_data_struct *set_param_data_struct) if (strlen(set_param_str) > 10U) { set_param_data_struct -> str_member = set_param_str; if (strlen(set_param_str) < 10U) { stonesoup_set_function(camphorize_penible, &stonesoup_my_foo); stonesoup_val = (stonesoup_my_foo . func_member(stonesoup_my_foo . str_member)); if (stonesoup_val == 0) 0 --------------------------------- 22255 153231/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22256 153231/color.c Buffer_Overflow_Indexes 177 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22257 153231/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22258 153231/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&froughy_heger,"HERTZIAN_FEUDALIZED"); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22259 153231/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22260 153231/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&froughy_heger,"HERTZIAN_FEUDALIZED"); if (froughy_heger != 0) {; morphinomaniac_basilics = ((char *)froughy_heger); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(morphinomaniac_basilics)+1, morphinomaniac_basilics, "TRIGGER-STATE"); strncpy(stonesoup_buffer,morphinomaniac_basilics,strlen(morphinomaniac_basilics) + 1); if (froughy_heger != 0) free(((char *)froughy_heger)); 0 --------------------------------- 22261 153231/color.c Buffer_Overflow_LowBound 579 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char stonesoup_buffer[8]; char *froughy_heger; stonesoup_read_taint(&froughy_heger,"HERTZIAN_FEUDALIZED"); morphinomaniac_basilics = ((char *)froughy_heger); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(morphinomaniac_basilics)+1, morphinomaniac_basilics, "TRIGGER-STATE"); strncpy(stonesoup_buffer,morphinomaniac_basilics,strlen(morphinomaniac_basilics) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&froughy_heger,"HERTZIAN_FEUDALIZED"); morphinomaniac_basilics = ((char *)froughy_heger); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(morphinomaniac_basilics)+1, morphinomaniac_basilics, "TRIGGER-STATE"); strncpy(stonesoup_buffer,morphinomaniac_basilics,strlen(morphinomaniac_basilics) + 1); 1 --------------------------------- 22262 153231/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22263 153231/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22264 153231/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22265 153231/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22266 153231/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22267 153231/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22268 153231/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22269 153231/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22270 153231/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22271 153231/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22272 153231/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22273 153231/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22274 153231/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22275 153231/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22276 153231/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22277 153231/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22278 153231/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22279 153231/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22280 153231/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22281 153231/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22282 153231/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22283 153231/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22284 153231/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22285 153231/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22286 149047/fmt-bad.c Buffer_Overflow_Indexes 31 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) filter(str, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789: %"); filter(char *str, const char *whitelist) for(src = str, dst = str; *src; src++) *dst = '\0'; syslog(LOG_CRIT, str); 1 --------------------------------- 22287 1301/main.c Buffer_Overflow_Indexes 68 int main(int argc, char **argv){ assert (argc == 2); temp = fopen (argv[1], "r"); assert (temp != NULL); e->e_dfp = temp; mime7to8(header, e); fclose(temp); 0 --------------------------------- 22288 153142/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22289 153142/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22290 153203/tile-manager.c Buffer_Overflow_scanf 99 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&sheepbell_estated,"5217",counselor_unpreventably); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22291 153203/tile-manager.c Buffer_Overflow_Indexes 51 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&sheepbell_estated,"5217",counselor_unpreventably); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22292 153203/tile-manager.c Buffer_Overflow_Indexes 97 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22293 153203/tile-manager.c Buffer_Overflow_LowBound 753 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int counselor_unpreventably = 53; char *sheepbell_estated; stonesoup_read_taint(&sheepbell_estated,"5217",counselor_unpreventably); peases_msfor[5] = sheepbell_estated; nevertheless_seraphtide[1] = 5; overidolatrous_kleenex = *(peases_msfor + nevertheless_seraphtide[1]); missummation_trouping = ((char *)overidolatrous_kleenex); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(missummation_trouping)+1, missummation_trouping, "TRIGGER-STATE"); strncpy(stonesoup_data, missummation_trouping, strlen(missummation_trouping) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&sheepbell_estated,"5217",counselor_unpreventably); peases_msfor[5] = sheepbell_estated; overidolatrous_kleenex = *(peases_msfor + nevertheless_seraphtide[1]); missummation_trouping = ((char *)overidolatrous_kleenex); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(missummation_trouping)+1, missummation_trouping, "TRIGGER-STATE"); strncpy(stonesoup_data, missummation_trouping, strlen(missummation_trouping) + 1); 1 --------------------------------- 22294 153554/error.c Buffer_Overflow_Indexes 205 bankman_redefied = getenv("STETHOSCOPIC_COERCERS"); if (bankman_redefied != 0) {; pennell_chargeling[15] = bankman_redefied; amphissa_intervallic[ *teetotum_bayminette] = pennell_chargeling; wichman_thermopylae = amphissa_intervallic[ *teetotum_bayminette]; if (wichman_thermopylae[15] != 0) { beetlers_signalled = ((char *)wichman_thermopylae[15]); if (strlen(beetlers_signalled) < 20) {; realpath(beetlers_signalled, stonesoup_data->base_path); 0 --------------------------------- 22295 153554/error.c Buffer_Overflow_Indexes 72 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22296 153691/avdevice.c Buffer_Overflow_Indexes 72 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22297 153615/portalmem.c Buffer_Overflow_Indexes 524 antenatalitial_examplar = getenv("CARIA_PRODUCIBLE"); if (antenatalitial_examplar != 0) {; slovan_salicins(antenatalitial_examplar); void slovan_salicins(char *const bibliographize_glomerulus); 0 --------------------------------- 22298 153615/portalmem.c Buffer_Overflow_Indexes 98 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22299 152935/config_file.c Buffer_Overflow_scanf 134 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&acronymous_basementless,"8343",enchains_melanoid); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22300 152935/config_file.c Buffer_Overflow_Indexes 132 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22301 152935/config_file.c Buffer_Overflow_Indexes 86 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22302 153688/column.c Buffer_Overflow_Indexes 102 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hygrophyte_exobasidium,"CYBELE_ATTRITIVE"); if (hygrophyte_exobasidium != 0) {; underrespected_clitellar = ((void *)hygrophyte_exobasidium); *lynchings_septicopyemic = underrespected_clitellar; 0 --------------------------------- 22303 153688/column.c Buffer_Overflow_Indexes 56 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22304 153688/column.c Buffer_Overflow_Indexes 97 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22305 153245/e_bf.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&magnetons_ice,"WESKER_ZAPS"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 22306 153245/e_bf.c Buffer_Overflow_Indexes 129 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&magnetons_ice,"WESKER_ZAPS"); if (magnetons_ice != 0) {; thalian_malleating = ((int )(strlen(magnetons_ice))); preciosities_protomorph = ((char *)(malloc(thalian_malleating + 1))); if (preciosities_protomorph == 0) { memset(preciosities_protomorph,0,thalian_malleating + 1); memcpy(preciosities_protomorph,magnetons_ice,thalian_malleating); if (magnetons_ice != 0) free(((char *)magnetons_ice)); cancers_vesuvian = &preciosities_protomorph; lum_ammocoetoid = cancers_vesuvian + 5; unwarely_carbin(lum_ammocoetoid); 0 --------------------------------- 22307 153245/e_bf.c Buffer_Overflow_Indexes 124 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22308 153245/e_bf.c Buffer_Overflow_cpycat 293 void trilloes_arranger(char **arterialization_jebel) temesv_threefolded = ((char *)( *(arterialization_jebel - 5))); stonesoup_buffer = malloc((strlen(temesv_threefolded) + 1) * sizeof(char )); strcpy(stonesoup_buffer,temesv_threefolded); 0 --------------------------------- 22309 153015/cryptlib.c Buffer_Overflow_Indexes 644 if (env = getenv("OPENSSL_ia32cap")) { int off = env[0] == '~'?1 : 0; 0 --------------------------------- 22310 153015/cryptlib.c Buffer_Overflow_Indexes 201 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22311 153015/cryptlib.c Buffer_Overflow_cpycat 804 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); minorage_roger = ((int )(strlen(salep_retransmited))); glutinose_mesolgion = ((char *)(malloc(minorage_roger + 1))); memset(glutinose_mesolgion,0,minorage_roger + 1); memcpy(glutinose_mesolgion,salep_retransmited,minorage_roger); worldman_taxables = &glutinose_mesolgion; cheloid_gonosome = ((char *)( *worldman_taxables)); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, cheloid_gonosome); void stonesoup_handle_taint(char *salep_retransmited) minorage_roger = ((int )(strlen(salep_retransmited))); memcpy(glutinose_mesolgion,salep_retransmited,minorage_roger); worldman_taxables = &glutinose_mesolgion; cheloid_gonosome = ((char *)( *worldman_taxables)); strcpy(stonesoup_data.buffer, cheloid_gonosome); 0 --------------------------------- 22312 153297/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22313 153297/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22314 153022/cmdutils.c Buffer_Overflow_scanf 132 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&okinawan_josephson,"4393",quaters_exostema); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22315 153022/cmdutils.c Buffer_Overflow_Indexes 84 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22316 153022/cmdutils.c Buffer_Overflow_Indexes 510 if ((env = (getenv("FFREPORT"))) || idx) { init_report(env); static int init_report(const char *env); 0 --------------------------------- 22317 153022/cmdutils.c Buffer_Overflow_Indexes 130 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22318 153022/cmdutils.c Buffer_Overflow_Indexes 1691 c = getchar(); while(c != '\n' && c != - 1) 0 --------------------------------- 22319 153022/cmdutils.c Buffer_Overflow_Indexes 1688 int c = getchar(); int yesno = av_toupper(c) == 'Y'; while(c != '\n' && c != - 1) return yesno; 0 --------------------------------- 22320 153022/cmdutils.c Buffer_Overflow_LowBound 1752 f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); 0 --------------------------------- 22321 153022/cmdutils.c Buffer_Overflow_LowBound 2141 void unsenatorial_underbox(char ***************************************************apiculturist_helaine) char stonesoup_source[1024]; dishellenize_noncumbrous = ((char *)( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *apiculturist_helaine))))))))))))))))))))))))))))))))))))))))))))))))))); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, dishellenize_noncumbrous, sizeof(stonesoup_source)); 0 --------------------------------- 22322 153022/cmdutils.c Buffer_Overflow_LowBound 1277 static void print_codec(const AVCodec *c) int encoder = av_codec_is_encoder(c); printf("%s %s [%s]:\n",(encoder?"Encoder" : "Decoder"),c -> name,(c -> long_name?c -> long_name : "")); const int *p = c -> supported_samplerates; char name[16]; snprintf(name,sizeof(name),"%d", *p); p++; snprintf(name,sizeof(name),"%d", *p); show_help_children(c -> priv_class,1 | 2); if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { while(prev = (av_codec_next(prev))){ if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { return prev; while(codec = next_codec_for_id(desc -> id,codec,encoder)){ print_codec(codec); while(codec = next_codec_for_id(desc -> id,codec,encoder)){ static const AVCodec *next_codec_for_id(enum AVCodecID id,const AVCodec *prev,int encoder) while(prev = (av_codec_next(prev))){ if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { return prev; return ((void *)0); while(codec = next_codec_for_id(desc -> id,codec,encoder)){ print_codec(codec); static void print_codec(const AVCodec *c) print_codec(codec); static void print_codec(const AVCodec *c) const int *p = c -> supported_samplerates; p++; snprintf(name,sizeof(name),"%d", *p); int show_help(void *optctx,const char *opt,const char *arg) topic = av_strdup((arg?arg : "")); par = strchr(topic,'='); *(par++) = 0; show_help_codec(par,0); show_help_codec(par,1); static void show_help_codec(const char *name,int encoder) codec = ((encoder?avcodec_find_encoder_by_name(name) : avcodec_find_decoder_by_name(name))); print_codec(codec); show_help_children(child,flags); print_codec(codec); 0 --------------------------------- 22323 153022/cmdutils.c Buffer_Overflow_LowBound 2150 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 22324 153022/cmdutils.c Buffer_Overflow_LowBound 1755 FILE *get_preset_file(char *filename,size_t filename_size,const char *preset_name,int is_path,const char *codec_name) snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); 0 --------------------------------- 22325 153081/eng_lib.c Buffer_Overflow_Indexes 122 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22326 153481/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22327 153481/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22328 153449/heapam.c Buffer_Overflow_Indexes 137 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22329 152915/bufmgr.c Buffer_Overflow_scanf 175 void hardheaded_folacins(int flicksville_counterargued,char *menderes_saurian) homerologist_roadeo = ((char *)menderes_saurian); stonesoup_fp = stonesoup_switch_func(homerologist_roadeo); stonesoup_fct_ptr stonesoup_switch_func(char *param) stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 22330 152915/bufmgr.c Buffer_Overflow_Indexes 148 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22331 1756/write_what_where.c Buffer_Overflow_Indexes 21 while ( ( ch = getc( stdin ) ) != EOF && ch != '\n' ) * p++ = ch; * p++ = 0; free (p); 1 --------------------------------- 22332 153395/color.c Buffer_Overflow_Indexes 199 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22333 153395/color.c Buffer_Overflow_Indexes 201 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22334 153395/color.c Buffer_Overflow_Indexes 89 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&tranced_brassish,"HLD_UNSCHOLARLINESS"); stonesoup_printf("string is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("string is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22335 153395/color.c Buffer_Overflow_Indexes 135 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&tranced_brassish,"HLD_UNSCHOLARLINESS"); if (tranced_brassish != 0) {; exr_dimebox = ((char *)tranced_brassish); if (strlen(exr_dimebox) < 1) { stonesoup_set_function(exr_dimebox, &stonesoup_my_foo); if (tranced_brassish != 0) free(((char *)tranced_brassish)); void stonesoup_set_function(char *set_param_str,struct stonesoup_data_struct *set_param_data_struct) if (strlen(set_param_str) > 10U) { set_param_data_struct -> str_member = set_param_str; if (strlen(set_param_str) < 10U) { stonesoup_set_function(exr_dimebox, &stonesoup_my_foo); stonesoup_val = (stonesoup_my_foo . func_member(stonesoup_my_foo . str_member)); if (stonesoup_val == 0) 0 --------------------------------- 22336 153395/color.c Buffer_Overflow_Indexes 195 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22337 153395/color.c Buffer_Overflow_Indexes 130 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22338 153395/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22339 153395/color.c Buffer_Overflow_cpycat 215 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22340 153395/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22341 153395/color.c Buffer_Overflow_cpycat 363 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22342 153395/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22343 153395/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22344 153395/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22345 153395/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22346 153395/color.c Buffer_Overflow_cpycat 370 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22347 153395/color.c Buffer_Overflow_cpycat 328 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22348 153395/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22349 153395/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22350 153395/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22351 153395/color.c Buffer_Overflow_cpycat 349 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22352 153395/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22353 153395/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22354 153395/color.c Buffer_Overflow_cpycat 391 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22355 153395/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22356 153395/color.c Buffer_Overflow_cpycat 371 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22357 153395/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22358 153395/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22359 153395/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22360 153395/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22361 153395/color.c Buffer_Overflow_cpycat 356 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22362 153797/resowner.c Buffer_Overflow_Indexes 148 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&rcn_dentinoma,"UNCORRUPTEDNESS_CHAIRWOMAN"); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22363 153797/resowner.c Buffer_Overflow_Indexes 189 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22364 153797/resowner.c Buffer_Overflow_Indexes 194 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&rcn_dentinoma,"UNCORRUPTEDNESS_CHAIRWOMAN"); if (rcn_dentinoma != 0) {; tessellate_ametrous . dmi_lummoxes = rcn_dentinoma; palaeostylic_sessler = &tessellate_ametrous; saintlikeness_captiousness = palaeostylic_sessler + 5; 0 --------------------------------- 22365 148823/Element.cpp Buffer_Overflow_LowBound 1169 void Element::formatForDebugger(char* buffer, unsigned length) const s = nodeName(); if (s.length() > 0) { result += s; if (result.length() > 0) result += s; if (result.length() > 0) result += "; "; result += "class="; result += s; strncpy(buffer, result.utf8().data(), length - 1); const AtomicString& Element::getAttribute(const QualifiedName& name) const if (Attribute* a = namedAttrMap->getAttributeItem(name)) return a->value(); s = getAttribute(idAttributeName()); if (s.length() > 0) { result += s; s = getAttribute(classAttr); if (s.length() > 0) { result += s; strncpy(buffer, result.utf8().data(), length - 1); const AtomicString& Element::getAttribute(const String& name) const bool ignoreCase = shouldIgnoreAttributeCase(this); if (!m_isStyleAttributeValid && equalPossiblyIgnoringCase(name, styleAttr.localName(), ignoreCase)) updateAnimatedSVGAttribute(QualifiedName(nullAtom, name, nullAtom)); if (Attribute* attribute = namedAttrMap->getAttributeItem(name, ignoreCase)) return attribute->value(); return nullAtom; String result; s = getAttribute(idAttributeName()); if (s.length() > 0) { result += "; "; result += "id="; result += s; s = getAttribute(classAttr); strncpy(buffer, result.utf8().data(), length - 1); 0 --------------------------------- 22366 153012/color.c Buffer_Overflow_Indexes 148 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22367 153012/color.c Buffer_Overflow_Indexes 89 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22368 153012/color.c Buffer_Overflow_Indexes 154 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22369 153012/color.c Buffer_Overflow_Indexes 541 provincialize_iniquitably = getenv("KKT_POMEROL"); if (provincialize_iniquitably != 0) {; lipometabolic_prepituitary = ((char *)provincialize_iniquitably); strcpy(stonesoup_stack_buffer_64,lipometabolic_prepituitary); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "CROSSOVER-STATE"); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); int stonesoup_toupper(int c) { if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "FINAL-STATE"); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 22370 153012/color.c Buffer_Overflow_Indexes 152 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22371 153012/color.c Buffer_Overflow_cpycat 190 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22372 153012/color.c Buffer_Overflow_cpycat 246 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22373 153012/color.c Buffer_Overflow_cpycat 323 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22374 153012/color.c Buffer_Overflow_cpycat 218 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22375 153012/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22376 153012/color.c Buffer_Overflow_cpycat 295 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22377 153012/color.c Buffer_Overflow_cpycat 551 char stonesoup_stack_buffer_64[64]; provincialize_iniquitably = getenv("KKT_POMEROL"); lipometabolic_prepituitary = ((char *)provincialize_iniquitably); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,lipometabolic_prepituitary); 0 --------------------------------- 22378 153012/color.c Buffer_Overflow_cpycat 260 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22379 153012/color.c Buffer_Overflow_cpycat 253 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22380 153012/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22381 153012/color.c Buffer_Overflow_cpycat 344 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22382 153012/color.c Buffer_Overflow_cpycat 316 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22383 153012/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22384 153012/color.c Buffer_Overflow_cpycat 309 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22385 153012/color.c Buffer_Overflow_cpycat 168 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22386 153012/color.c Buffer_Overflow_cpycat 183 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22387 153012/color.c Buffer_Overflow_cpycat 281 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22388 153012/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22389 153012/color.c Buffer_Overflow_cpycat 274 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22390 153012/color.c Buffer_Overflow_cpycat 239 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22391 153012/color.c Buffer_Overflow_cpycat 211 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22392 153012/color.c Buffer_Overflow_cpycat 288 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22393 153012/color.c Buffer_Overflow_cpycat 302 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22394 153012/color.c Buffer_Overflow_cpycat 176 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22395 153012/color.c Buffer_Overflow_cpycat 267 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22396 153778/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22397 153778/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22398 153519/cmdline.c Buffer_Overflow_Indexes 212 env_val = (getenv( *env_var)); if (env_val && env_val[0]) { fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); 0 --------------------------------- 22399 153519/cmdline.c Buffer_Overflow_Indexes 154 hypothenal_whalery = getenv("CULMEN_TANNISH"); if (hypothenal_whalery != 0) {; ashikaga_bihai . echinopanax_tenour = ((char *)hypothenal_whalery); outcurse_querela(ashikaga_bihai); 0 --------------------------------- 22400 153519/cmdline.c Buffer_Overflow_Indexes 840 e = (getenv("VISUAL")); if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 22401 153519/cmdline.c Buffer_Overflow_Indexes 88 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22402 153519/cmdline.c Buffer_Overflow_Indexes 843 e = (getenv("EDITOR")); if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 22403 153519/cmdline.c Buffer_Overflow_Indexes 831 e = (getenv("SVN_EDITOR")); if (!e) { svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); if (!e) { if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 22404 153519/cmdline.c Buffer_Overflow_LowBound 237 int svn_cmdline_init(const char *progname,FILE *error_stream) char prefix_buf[64]; fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); 0 --------------------------------- 22405 153519/cmdline.c Buffer_Overflow_LowBound 1159 snatches_phonying = ((char *)april_apeman . echinopanax_tenour); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(snatches_phonying)+1, snatches_phonying, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, snatches_phonying, strlen(snatches_phonying) + 1); 0 --------------------------------- 22406 153519/cmdline.c Buffer_Overflow_cpycat 239 prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); 0 --------------------------------- 22407 153301/e_camellia.c Buffer_Overflow_Indexes 139 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&yodh_rlg,"DILUVY_CONSOLIDATING"); if (yodh_rlg != 0) {; zoodendrium_lev . distinctionless_selachostomous = yodh_rlg; 0 --------------------------------- 22408 153301/e_camellia.c Buffer_Overflow_Indexes 134 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22409 153301/e_camellia.c Buffer_Overflow_Indexes 93 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22410 153301/e_camellia.c Buffer_Overflow_cpycat 665 enterocele_logotypies = ((char *)comparatist_mitochondrion . distinctionless_selachostomous); stonesoup_data.buffer[stonesoup_i] = 0; strcpy(stonesoup_data.buffer, enterocele_logotypies); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data.buffer); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, enterocele_logotypies); 0 --------------------------------- 22411 153707/cryptlib.c Buffer_Overflow_Indexes 640 if (env = getenv("OPENSSL_ia32cap")) { int off = env[0] == '~'?1 : 0; 0 --------------------------------- 22412 153707/cryptlib.c Buffer_Overflow_Indexes 201 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22413 153707/cryptlib.c Buffer_Overflow_cpycat 790 void stonesoup_handle_taint(char *playthings_unrelaxable) asbestine_kirver = playthings_unrelaxable; primsie_testify = &asbestine_kirver; BURROCK_VRILLING(primsie_testify); void hadder_haleigh(waterage_marksville *evangelised_barres) tetterwort_unclamping = ((char *)( *evangelised_barres)); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, tetterwort_unclamping); 1 --------------------------------- 22414 153192/tile-manager.c Buffer_Overflow_Indexes 897 goneril_mephistopheles = getenv("DAEMONURGIST_FLOCCOSELY"); if (goneril_mephistopheles != 0) {; jateorhizine_chelone . morris_formalization = goneril_mephistopheles; *shavers_tradable = jateorhizine_chelone; 0 --------------------------------- 22415 153192/tile-manager.c Buffer_Overflow_Indexes 60 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22416 152886/main_statusbar.c Buffer_Overflow_Indexes 127 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22417 152886/main_statusbar.c Buffer_Overflow_Indexes 605 subplacenta_decastyle = getenv("ABIOGENESIS_ENCROWN"); if (subplacenta_decastyle != 0) {; cummins_mash . coelenterata_archenemies = ((char *)subplacenta_decastyle); mystacocete_hussey = &cummins_mash; coparent_visalia = ((struct languaging_absyrtus *)(((unsigned long )mystacocete_hussey) * serologist_chevrotin * serologist_chevrotin)) + 5; 0 --------------------------------- 22418 153116/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22419 153116/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22420 153427/utils.c Buffer_Overflow_Indexes 81 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22421 153427/utils.c Buffer_Overflow_Indexes 122 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22422 153427/utils.c Buffer_Overflow_Indexes 127 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&geoduck_quidditatively,"RHYNCHOTA_EEG"); if (geoduck_quidditatively != 0) {; rehood_jatos . umquhile_decarboxylation = ((char *)geoduck_quidditatively); 0 --------------------------------- 22423 153427/utils.c Buffer_Overflow_LowBound 1273 int ff_codec_open2_recursive(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) ret = avcodec_open2(avctx,codec,options); int avcodec_open2(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) if (av_codec_is_decoder(codec)) { if (av_codec_is_encoder(avctx -> codec)) { int av_codec_is_encoder(const AVCodec *codec) if (av_codec_is_encoder(avctx -> codec)) { if (avctx -> channels == 1 && (av_get_planar_sample_fmt(avctx -> sample_fmt)) == (av_get_planar_sample_fmt(avctx -> codec -> sample_fmts[i]))) { avctx -> sample_fmt = avctx -> codec -> sample_fmts[i]; char buf[128]; snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); av_log(avctx,16,"Specified sample format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_sample_fmt_name(avctx -> sample_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); int avcodec_open(AVCodecContext *avctx,AVCodec *codec) return avcodec_open2(avctx,codec,((void *)0)); 0 --------------------------------- 22424 153427/utils.c Buffer_Overflow_LowBound 2499 bit_rate = ctx -> bit_rate; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); bitrate = get_bit_rate(enc); return 4; return 8; return 16; return 24; return 32; return 64; return 0; return 2; return 3; return 4; return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); bit_rate = 0; return bit_rate; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); static int get_bit_rate(AVCodecContext *ctx) bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); 0 --------------------------------- 22425 153427/utils.c Buffer_Overflow_LowBound 2467 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); 0 --------------------------------- 22426 153427/utils.c Buffer_Overflow_LowBound 2481 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 22427 153427/utils.c Buffer_Overflow_LowBound 2437 codec_tag >>= 8; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); const char *profile = ((void *)0); av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); 0 --------------------------------- 22428 153427/utils.c Buffer_Overflow_LowBound 2456 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 22429 153427/utils.c Buffer_Overflow_LowBound 2445 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); 0 --------------------------------- 22430 153427/utils.c Buffer_Overflow_LowBound 2395 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf_size = (buf_size > len?buf_size - len : 0); len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); 0 --------------------------------- 22431 153427/utils.c Buffer_Overflow_LowBound 2491 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); 0 --------------------------------- 22432 153427/utils.c Buffer_Overflow_LowBound 2494 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); 0 --------------------------------- 22433 153427/utils.c Buffer_Overflow_LowBound 1286 char buf[128]; av_log(avctx,16,"Specified pixel format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_pix_fmt_name(avctx -> pix_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> pix_fmt); 0 --------------------------------- 22434 153427/utils.c Buffer_Overflow_LowBound 2432 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); 0 --------------------------------- 22435 153427/utils.c Buffer_Overflow_LowBound 2472 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); 0 --------------------------------- 22436 153427/utils.c Buffer_Overflow_LowBound 2428 AVCodec *experimental = ((void *)0); p = first_avcodec; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { p = p -> next; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { experimental = p; return experimental; return find_encdec(id,1); return find_encdec(id,0); return "none"; codec = avcodec_find_decoder(id); return codec -> name; codec = avcodec_find_encoder(id); return codec -> name; return "unknown_codec"; codec_type = av_get_media_type_string(enc -> codec_type); codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_encoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); const char *avcodec_get_name(enum AVCodecID id) cd = avcodec_descriptor_get(id); return cd -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_decoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); 0 --------------------------------- 22437 153427/utils.c Buffer_Overflow_LowBound 2452 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); AVRational display_aspect_ratio; buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); 0 --------------------------------- 22438 153427/utils.c Buffer_Overflow_LowBound 2460 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); 0 --------------------------------- 22439 153427/utils.c Buffer_Overflow_cpycat 3224 superprinting_solemnization = ((char *)tintinnabulous_cryptocephalous . umquhile_decarboxylation); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, superprinting_solemnization); 1 --------------------------------- 22440 153339/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22441 153339/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22442 1303/mime2-bad.c Buffer_Overflow_Indexes 72 int main(int argc, char **argv){ assert (argc==2); temp = fopen(argv[1],"r"); e->e_dfp = temp; fclose(temp); 0 --------------------------------- 22443 1303/mime2-bad.c Buffer_Overflow_cpycat 150 char canary[10]; strcpy(canary, "GOOD"); 0 --------------------------------- 22444 153225/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22445 153225/color.c Buffer_Overflow_Indexes 179 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22446 153225/color.c Buffer_Overflow_Indexes 181 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22447 153225/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&inspirationally_saluter,"ASYLUM_DEMOCRATIZING"); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); s stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22448 153225/color.c Buffer_Overflow_Indexes 573 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 22449 153225/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&inspirationally_saluter,"ASYLUM_DEMOCRATIZING"); if (inspirationally_saluter != 0) {; epitaxic_manfully = ((char *)inspirationally_saluter); for (stonesoup_i = 0; stonesoup_i < strlen(epitaxic_manfully); ++stonesoup_i) { epitaxic_manfully[stonesoup_i], stonesoup_data->buffer[(int) epitaxic_manfully[stonesoup_i]]); tracepoint(stonesoup_trace, variable_signed_integral, "((int) STONESOUP_TAINT_SOURCE[stonesoup_i])", ((int) epitaxic_manfully[stonesoup_i]), &(epitaxic_manfully[stonesoup_i]), "TRIGGER-STATE"); if (inspirationally_saluter != 0) free(((char *)inspirationally_saluter)); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 22450 153225/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22451 153225/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22452 153225/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22453 153225/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22454 153225/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22455 153225/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22456 153225/color.c Buffer_Overflow_cpycat 195 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22457 153225/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22458 153225/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22459 153225/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22460 153225/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22461 153225/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22462 153225/color.c Buffer_Overflow_cpycat 371 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22463 153225/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22464 153225/color.c Buffer_Overflow_cpycat 351 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22465 153225/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22466 153225/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22467 153225/color.c Buffer_Overflow_cpycat 350 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22468 153225/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22469 153225/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22470 153225/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22471 153225/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22472 153225/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22473 153225/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22474 153448/cryptlib.c Buffer_Overflow_Indexes 641 if (env = getenv("OPENSSL_ia32cap")) { int off = env[0] == '~'?1 : 0; 0 --------------------------------- 22475 153448/cryptlib.c Buffer_Overflow_Indexes 200 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22476 199235/buffer_overrun_dynamic_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 22477 153419/avfilter.c Buffer_Overflow_Indexes 47 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&bakers_countersurprise,"TRAYLIKE_FOOTINGS"); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22478 153419/avfilter.c Buffer_Overflow_Indexes 93 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&bakers_countersurprise,"TRAYLIKE_FOOTINGS"); if (bakers_countersurprise != 0) {; misadvantage_nontemporal[ *cambogia_leku] = bakers_countersurprise; muzz_inferiors = misadvantage_nontemporal[ *cambogia_leku]; bibliomancy_delftware = ((char *)muzz_inferiors); stonesoup_my_buff_size = ((int )(strlen(bibliomancy_delftware))); for (; stonesoup_ss_i < stonesoup_my_buff_size; ++stonesoup_ss_i){ if (muzz_inferiors != 0) free(((char *)muzz_inferiors)); 0 --------------------------------- 22479 153419/avfilter.c Buffer_Overflow_Indexes 88 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22480 153419/avfilter.c Buffer_Overflow_LowBound 116 av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); 0 --------------------------------- 22481 153353/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&knuckleheaded_bioelectric,"5518",encouragement_pylori); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22482 153353/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&knuckleheaded_bioelectric,"5518",encouragement_pylori); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22483 153353/color.c Buffer_Overflow_Indexes 181 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22484 153353/color.c Buffer_Overflow_Indexes 185 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22485 153353/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22486 153353/color.c Buffer_Overflow_Indexes 187 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22487 153353/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22488 153353/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22489 153353/color.c Buffer_Overflow_cpycat 201 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22490 153353/color.c Buffer_Overflow_cpycat 377 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22491 153353/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22492 153353/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22493 153353/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22494 153353/color.c Buffer_Overflow_cpycat 356 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22495 153353/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22496 153353/color.c Buffer_Overflow_cpycat 328 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22497 153353/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22498 153353/color.c Buffer_Overflow_cpycat 349 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22499 153353/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22500 153353/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22501 153353/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22502 153353/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22503 153353/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22504 153353/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22505 153353/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22506 153353/color.c Buffer_Overflow_cpycat 357 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22507 153353/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22508 153353/color.c Buffer_Overflow_cpycat 244 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22509 153353/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22510 153353/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22511 152917/cmdutils.c Buffer_Overflow_scanf 142 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&exogens_mandolas,"8725",reoffer_demobilisation); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22512 152917/cmdutils.c Buffer_Overflow_Indexes 140 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22513 152917/cmdutils.c Buffer_Overflow_Indexes 1700 int c = getchar(); int yesno = av_toupper(c) == 'Y'; while(c != '\n' && c != - 1) return yesno; 0 --------------------------------- 22514 152917/cmdutils.c Buffer_Overflow_Indexes 522 if ((env = (getenv("FFREPORT"))) || idx) { init_report(env); static int init_report(const char *env); 0 --------------------------------- 22515 152917/cmdutils.c Buffer_Overflow_Indexes 1703 c = getchar(); while(c != '\n' && c != - 1) 0 --------------------------------- 22516 152917/cmdutils.c Buffer_Overflow_Indexes 94 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&exogens_mandolas,"8725",reoffer_demobilisation); MISOPATERIST_OVERNORMALIZE(fisherville_ornamentalist); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22517 152917/cmdutils.c Buffer_Overflow_LowBound 1767 FILE *get_preset_file(char *filename,size_t filename_size,const char *preset_name,int is_path,const char *codec_name) snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); 0 --------------------------------- 22518 152917/cmdutils.c Buffer_Overflow_LowBound 1764 f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); 0 --------------------------------- 22519 152917/cmdutils.c Buffer_Overflow_LowBound 1289 printf("%s %s [%s]:\n",(encoder?"Encoder" : "Decoder"),c -> name,(c -> long_name?c -> long_name : "")); char name[16]; snprintf(name,sizeof(name),"%d", *p); show_help_children(c -> priv_class,1 | 2); if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { while(prev = (av_codec_next(prev))){ if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { return prev; return ((void *)0); while(codec = next_codec_for_id(desc -> id,codec,encoder)){ print_codec(codec); *(par++) = 0; show_help_codec(par,0); show_help_codec(par,1); static void print_codec(const AVCodec *c) int encoder = av_codec_is_encoder(c); const int *p = c -> supported_samplerates; snprintf(name,sizeof(name),"%d", *p); p++; snprintf(name,sizeof(name),"%d", *p); print_codec(codec); while(codec = next_codec_for_id(desc -> id,codec,encoder)){ static const AVCodec *next_codec_for_id(enum AVCodecID id,const AVCodec *prev,int encoder) while(prev = (av_codec_next(prev))){ if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { return prev; while(codec = next_codec_for_id(desc -> id,codec,encoder)){ print_codec(codec); static void print_codec(const AVCodec *c) const int *p = c -> supported_samplerates; snprintf(name,sizeof(name),"%d", *p); static void show_help_codec(const char *name,int encoder) codec = ((encoder?avcodec_find_encoder_by_name(name) : avcodec_find_decoder_by_name(name))); print_codec(codec); int show_help(void *optctx,const char *opt,const char *arg) topic = av_strdup((arg?arg : "")); par = strchr(topic,'='); show_help_codec(par,1); show_help_children(child,flags); print_codec(codec); 0 --------------------------------- 22520 153686/color.c Buffer_Overflow_Indexes 148 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22521 153686/color.c Buffer_Overflow_Indexes 542 retaining_lampooner = getenv("APPARELED_GENOESE"); if (retaining_lampooner != 0) {; echinology_latifoliate = ((char *)retaining_lampooner); stonesoup_buff_size = ((int )(strlen(echinology_latifoliate))); memcpy(stonesoup_data->buffer, echinology_latifoliate, 64); for (; stonesoup_i < stonesoup_buff_size; ++stonesoup_i){ stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 22522 153686/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22523 153686/color.c Buffer_Overflow_Indexes 154 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22524 153686/color.c Buffer_Overflow_Indexes 152 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22525 153686/color.c Buffer_Overflow_cpycat 190 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22526 153686/color.c Buffer_Overflow_cpycat 246 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22527 153686/color.c Buffer_Overflow_cpycat 323 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22528 153686/color.c Buffer_Overflow_cpycat 218 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22529 153686/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22530 153686/color.c Buffer_Overflow_cpycat 295 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22531 153686/color.c Buffer_Overflow_cpycat 260 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22532 153686/color.c Buffer_Overflow_cpycat 253 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22533 153686/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22534 153686/color.c Buffer_Overflow_cpycat 344 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22535 153686/color.c Buffer_Overflow_cpycat 316 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22536 153686/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22537 153686/color.c Buffer_Overflow_cpycat 309 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22538 153686/color.c Buffer_Overflow_cpycat 168 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22539 153686/color.c Buffer_Overflow_cpycat 183 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22540 153686/color.c Buffer_Overflow_cpycat 281 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22541 153686/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22542 153686/color.c Buffer_Overflow_cpycat 274 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22543 153686/color.c Buffer_Overflow_cpycat 239 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22544 153686/color.c Buffer_Overflow_cpycat 211 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22545 153686/color.c Buffer_Overflow_cpycat 288 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22546 153686/color.c Buffer_Overflow_cpycat 302 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22547 153686/color.c Buffer_Overflow_cpycat 176 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22548 153686/color.c Buffer_Overflow_cpycat 267 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22549 153566/color.c Buffer_Overflow_Indexes 165 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22550 153566/color.c Buffer_Overflow_Indexes 169 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22551 153566/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22552 153566/color.c Buffer_Overflow_Indexes 171 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22553 153566/color.c Buffer_Overflow_cpycat 200 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22554 153566/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22555 153566/color.c Buffer_Overflow_cpycat 340 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22556 153566/color.c Buffer_Overflow_cpycat 277 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22557 153566/color.c Buffer_Overflow_cpycat 263 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22558 153566/color.c Buffer_Overflow_cpycat 256 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22559 153566/color.c Buffer_Overflow_cpycat 193 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22560 153566/color.c Buffer_Overflow_cpycat 207 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22561 153566/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22562 153566/color.c Buffer_Overflow_cpycat 270 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22563 153566/color.c Buffer_Overflow_cpycat 298 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22564 153566/color.c Buffer_Overflow_cpycat 305 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22565 153566/color.c Buffer_Overflow_cpycat 228 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22566 153566/color.c Buffer_Overflow_cpycat 312 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22567 153566/color.c Buffer_Overflow_cpycat 284 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22568 153566/color.c Buffer_Overflow_cpycat 249 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22569 153566/color.c Buffer_Overflow_cpycat 242 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22570 153566/color.c Buffer_Overflow_cpycat 235 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22571 153566/color.c Buffer_Overflow_cpycat 333 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22572 153566/color.c Buffer_Overflow_cpycat 291 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22573 153566/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22574 153566/color.c Buffer_Overflow_cpycat 341 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22575 153566/color.c Buffer_Overflow_cpycat 361 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22576 153566/color.c Buffer_Overflow_cpycat 185 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22577 153147/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22578 153147/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22579 153821/heapam.c Buffer_Overflow_Indexes 108 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); RECATEGORIZING_PETIOLUS(dendron_gaselier); stonesoup_opt_var = strlen( stonesoup_data.buffer); for (stonesoup_i = 0; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); for (stonesoup_i = 0; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_i", stonesoup_i, &stonesoup_i, "FINAL-STATE"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_i", stonesoup_i, &stonesoup_i, "FINAL-STATE"); tracepoint(stonesoup_trace, weakness_end); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22580 153821/heapam.c Buffer_Overflow_Indexes 433 outfelt_servitor = getenv("INFRALAPSARIAN_UPSETTINGLY"); if (outfelt_servitor != 0) {; tabernacular_derivant . ria_microphysically = outfelt_servitor; postcritical_induces[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *costumist_reexposure)))))))))))))))))))))))))))))))))))))))))))))))))] = tabernacular_derivant; dendron_gaselier = postcritical_induces[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *costumist_reexposure)))))))))))))))))))))))))))))))))))))))))))))))))]; RECATEGORIZING_PETIOLUS(dendron_gaselier); RECATEGORIZING_PETIOLUS(dendron_gaselier); char *izdubar_unrailed = 0; tracepoint(stonesoup_trace, trace_point, "TRIGGER-POINT: BEFORE"); tracepoint(stonesoup_trace, trace_point, "CROSSOVER-POINT: AFTER"); stonesoup_opt_var = strlen( stonesoup_data.buffer); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_opt_var = strlen( stonesoup_data.buffer); for (stonesoup_i = 0; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { void stonesoup_printf(char * format, ...) { for (stonesoup_i = 0; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { 0 --------------------------------- 22581 153821/heapam.c Buffer_Overflow_cpycat 5344 union ungloating_sympathism tabernacular_derivant; outfelt_servitor = getenv("INFRALAPSARIAN_UPSETTINGLY"); tabernacular_derivant . ria_microphysically = outfelt_servitor; postcritical_induces[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *costumist_reexposure)))))))))))))))))))))))))))))))))))))))))))))))))] = tabernacular_derivant; dendron_gaselier = postcritical_induces[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *costumist_reexposure)))))))))))))))))))))))))))))))))))))))))))))))))]; RECATEGORIZING_PETIOLUS(dendron_gaselier); stonesoup_data.before = stonesoup_toupper; tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_i", stonesoup_i, &stonesoup_i, "INITIAL-STATE"); tracepoint(stonesoup_trace, trace_point, "TRIGGER-POINT: BEFORE"); char *izdubar_unrailed = 0; tracepoint(stonesoup_trace, trace_point, "TRIGGER-POINT: BEFORE"); 0 --------------------------------- 22582 153086/mem_dbg.c Buffer_Overflow_Indexes 251 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22583 153086/mem_dbg.c Buffer_Overflow_Indexes 1007 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 22584 152925/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22585 152925/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22586 153746/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22587 153746/color.c Buffer_Overflow_Indexes 577 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 22588 153746/color.c Buffer_Overflow_Indexes 165 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22589 153746/color.c Buffer_Overflow_Indexes 163 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22590 153746/color.c Buffer_Overflow_Indexes 159 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22591 153746/color.c Buffer_Overflow_cpycat 229 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22592 153746/color.c Buffer_Overflow_cpycat 187 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22593 153746/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22594 153746/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22595 153746/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22596 153746/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22597 153746/color.c Buffer_Overflow_cpycat 334 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22598 153746/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22599 153746/color.c Buffer_Overflow_cpycat 179 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22600 153746/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22601 153746/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22602 153746/color.c Buffer_Overflow_cpycat 194 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22603 153746/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22604 153746/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22605 153746/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22606 153746/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22607 153746/color.c Buffer_Overflow_cpycat 355 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22608 153746/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22609 153746/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22610 153746/color.c Buffer_Overflow_cpycat 214 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22611 153746/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22612 153746/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22613 153746/color.c Buffer_Overflow_cpycat 201 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22614 153746/color.c Buffer_Overflow_cpycat 222 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22615 153768/avpacket.c Buffer_Overflow_Indexes 96 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&quatrefoliated_semicarbazone,"COCONINO_CONGLOBATION"); if (quatrefoliated_semicarbazone != 0) {; annist_sempre . reparative_koah = quatrefoliated_semicarbazone; blandishing_refinds(annist_sempre); void blandishing_refinds(const union martinetish_musb aeolight_propagandism); 0 --------------------------------- 22616 153768/avpacket.c Buffer_Overflow_Indexes 91 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22617 153768/avpacket.c Buffer_Overflow_Indexes 50 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22618 153768/avpacket.c Buffer_Overflow_Indexes 522 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 22619 153526/pgstat.c Buffer_Overflow_Indexes 308 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22620 153526/pgstat.c Buffer_Overflow_cpycat 2461 PgBackendStatus *localtable; localtable = ((PgBackendStatus *)(MemoryContextAlloc(pgStatLocalContext,sizeof(PgBackendStatus ) * MaxBackends))); localappname = ((char *)(MemoryContextAlloc(pgStatLocalContext,(64 * MaxBackends)))); localactivity = ((char *)(MemoryContextAlloc(pgStatLocalContext,(pgstat_track_activity_query_size * MaxBackends)))); beentry = BackendStatusArray; beentry++; localactivity += pgstat_track_activity_query_size; strcpy(localactivity,((char *)(beentry -> st_activity))); 0 --------------------------------- 22621 153526/pgstat.c Buffer_Overflow_cpycat 2459 PgBackendStatus *localtable; localtable = ((PgBackendStatus *)(MemoryContextAlloc(pgStatLocalContext,sizeof(PgBackendStatus ) * MaxBackends))); localappname = ((char *)(MemoryContextAlloc(pgStatLocalContext,(64 * MaxBackends)))); beentry = BackendStatusArray; beentry++; localappname += 64; strcpy(localappname,((char *)(beentry -> st_appname))); 0 --------------------------------- 22622 153526/pgstat.c Buffer_Overflow_cpycat 4160 void shubunkin_gimmal(mondrian_salchow albumenise_unsliced) andie_preinstructed(albumenise_unsliced); void andie_preinstructed(mondrian_salchow tradespeople_klosters) unfructify_muhammedan = ((char *)((mondrian_salchow )tradespeople_klosters)); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, unfructify_muhammedan); 1 --------------------------------- 22623 153524/color.c Buffer_Overflow_Indexes 160 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22624 153524/color.c Buffer_Overflow_Indexes 158 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22625 153524/color.c Buffer_Overflow_Indexes 154 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22626 153524/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22627 153524/color.c Buffer_Overflow_LowBound 579 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, somnambulated_berrying, 64); void stonesoup_handle_taint(char *mos_gemelled) somnambulated_berrying = ((char *)mos_gemelled); stonesoup_buff_size = ((int )(strlen(somnambulated_berrying))); strncpy(stonesoup_heap_buff_64, somnambulated_berrying, 64); 0 --------------------------------- 22628 153524/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22629 153524/color.c Buffer_Overflow_cpycat 350 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22630 153524/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22631 153524/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22632 153524/color.c Buffer_Overflow_cpycat 174 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22633 153524/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22634 153524/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22635 153524/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22636 153524/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22637 153524/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22638 153524/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22639 153524/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22640 153524/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22641 153524/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22642 153524/color.c Buffer_Overflow_cpycat 182 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22643 153524/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22644 153524/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22645 153524/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22646 153524/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22647 153524/color.c Buffer_Overflow_cpycat 329 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22648 153524/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22649 153524/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22650 153524/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22651 153524/color.c Buffer_Overflow_cpycat 330 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22652 153780/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22653 153780/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22654 1557/fmt2-bad.c Buffer_Overflow_Indexes 37 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) syslog(LOG_CRIT, str); 1 --------------------------------- 22655 152906/tile.c Buffer_Overflow_scanf 100 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&alehoof_nagualism,"8966",luny_dungan); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22656 152906/tile.c Buffer_Overflow_Indexes 52 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&alehoof_nagualism,"8966",luny_dungan); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22657 152906/tile.c Buffer_Overflow_Indexes 98 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22658 153177/portalmem.c Buffer_Overflow_Indexes 97 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); PortalReleaseCachedPlan(portal); PortalDrop(portal,((bool )0)); stonesoup_setup_printf_context(); stonesoup_printf("%s\n",stonesoup_buffer_stack); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer_stack); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22659 153177/portalmem.c Buffer_Overflow_Indexes 465 twifoldly_azured = getenv("PROCUMBENT_OXBRAKE"); if (twifoldly_azured != 0) {; cholesterate_insurgentism = &twifoldly_azured; propylon_vivid = ((char *)( *cholesterate_insurgentism)); sprintf(stonesoup_buffer_stack,propylon_vivid); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_buffer_stack", stonesoup_buffer_stack, "TRIGGER-STATE"); stonesoup_printf("%s\n",stonesoup_buffer_stack); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 22660 153178/color.c Buffer_Overflow_scanf 139 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&illoyal_oca,"4150",prescindent_merchanteer); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22661 153178/color.c Buffer_Overflow_Indexes 91 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&illoyal_oca,"4150",prescindent_merchanteer); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22662 153178/color.c Buffer_Overflow_Indexes 175 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22663 153178/color.c Buffer_Overflow_Indexes 181 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22664 153178/color.c Buffer_Overflow_Indexes 179 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22665 153178/color.c Buffer_Overflow_Indexes 137 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22666 153178/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22667 153178/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22668 153178/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22669 153178/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22670 153178/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22671 153178/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22672 153178/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22673 153178/color.c Buffer_Overflow_cpycat 195 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22674 153178/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22675 153178/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22676 153178/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22677 153178/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22678 153178/color.c Buffer_Overflow_cpycat 371 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22679 153178/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22680 153178/color.c Buffer_Overflow_cpycat 351 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22681 153178/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22682 153178/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22683 153178/color.c Buffer_Overflow_cpycat 350 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22684 153178/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22685 153178/color.c Buffer_Overflow_cpycat 579 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; char stonesoup_stack_buffer_64[64]; int prescindent_merchanteer = 1001; char *illoyal_oca; stonesoup_read_taint(&illoyal_oca,"4150",prescindent_merchanteer); nonfatal_chancrous = ((char *)illoyal_oca); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,nonfatal_chancrous); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&illoyal_oca,"4150",prescindent_merchanteer); nonfatal_chancrous = ((char *)illoyal_oca); strcpy(stonesoup_stack_buffer_64,nonfatal_chancrous); 0 --------------------------------- 22686 153178/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22687 153178/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22688 153178/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22689 153178/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22690 153178/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22691 153288/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&meadowlarks_bannock,"9830",backoff_blastomas); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22692 153288/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&meadowlarks_bannock,"9830",backoff_blastomas); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22693 153288/color.c Buffer_Overflow_Indexes 188 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22694 153288/color.c Buffer_Overflow_Indexes 182 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22695 153288/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22696 153288/color.c Buffer_Overflow_Indexes 186 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22697 153288/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22698 153288/color.c Buffer_Overflow_cpycat 378 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22699 153288/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22700 153288/color.c Buffer_Overflow_cpycat 358 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22701 153288/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22702 153288/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22703 153288/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22704 153288/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22705 153288/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22706 153288/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22707 153288/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22708 153288/color.c Buffer_Overflow_cpycat 357 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22709 153288/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22710 153288/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22711 153288/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22712 153288/color.c Buffer_Overflow_cpycat 350 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22713 153288/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22714 153288/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22715 153288/color.c Buffer_Overflow_cpycat 202 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22716 153288/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22717 153288/color.c Buffer_Overflow_cpycat 594 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int backoff_blastomas = 596; char *meadowlarks_bannock; stonesoup_read_taint(&meadowlarks_bannock,"9830",backoff_blastomas); hoofy_telephotography = ((char *)meadowlarks_bannock); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, hoofy_telephotography); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&meadowlarks_bannock,"9830",backoff_blastomas); hoofy_telephotography = ((char *)meadowlarks_bannock); strcpy(stonesoup_data->buffer, hoofy_telephotography); 1 --------------------------------- 22718 153288/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22719 153288/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22720 153288/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22721 153288/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22722 153830/main_statusbar.c Buffer_Overflow_Indexes 173 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&pectinous_bloodthirsting,"IDEATIONAL_OCULISTS"); if (pectinous_bloodthirsting != 0) {; phascolarctos_proemial . latinian_pattersonville = ((char *)pectinous_bloodthirsting); desuete_blowfishes[5] = phascolarctos_proemial; endeavorer_actuarian = *(desuete_blowfishes + typika_fixtures[1]); houppelande_driftlet = ((char *)endeavorer_actuarian . latinian_pattersonville); stonesoup_buff_size = strlen(houppelande_driftlet) + 1; stonesoup_size = stonesoup_other_size < stonesoup_buff_size ? stonesoup_other_size : stonesoup_buff_size; for (stonesoup_i = 0; stonesoup_i < stonesoup_size; stonesoup_i++) { houppelande_driftlet[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = for (stonesoup_i = 0; stonesoup_i < stonesoup_buff_size; stonesoup_i++) { stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buff_size", stonesoup_buff_size, &stonesoup_buff_size, "TRIGGER-STATE"); if (endeavorer_actuarian . latinian_pattersonville != 0) free(((char *)endeavorer_actuarian . latinian_pattersonville)); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 22723 153830/main_statusbar.c Buffer_Overflow_Indexes 168 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22724 153830/main_statusbar.c Buffer_Overflow_Indexes 127 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&pectinous_bloodthirsting,"IDEATIONAL_OCULISTS"); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22725 152913/eng_lib.c Buffer_Overflow_Indexes 113 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22726 153043/cmdline.c Buffer_Overflow_Indexes 116 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22727 153043/cmdline.c Buffer_Overflow_Indexes 218 env_val = (getenv( *env_var)); if (env_val && env_val[0]) { fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); 0 --------------------------------- 22728 153043/cmdline.c Buffer_Overflow_Indexes 849 e = (getenv("EDITOR")); if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 22729 153043/cmdline.c Buffer_Overflow_Indexes 837 e = (getenv("SVN_EDITOR")); if (!e) { svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); if (!e) { if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 22730 153043/cmdline.c Buffer_Overflow_Indexes 846 e = (getenv("VISUAL")); if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 22731 153043/cmdline.c Buffer_Overflow_LowBound 243 int svn_cmdline_init(const char *progname,FILE *error_stream) char prefix_buf[64]; fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); 0 --------------------------------- 22732 153043/cmdline.c Buffer_Overflow_cpycat 245 prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); 0 --------------------------------- 22733 152868/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&tarsier_eelfish,"5046",untransparently_mohall); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22734 152868/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22735 152868/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&tarsier_eelfish,"5046",untransparently_mohall); stonesoup_base_path[stonesoup_oc_i] = stonesoup_toupper(stonesoup_base_path[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_base_path); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22736 152868/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22737 152868/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22738 152868/color.c Buffer_Overflow_Indexes 177 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22739 152868/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22740 152868/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22741 152868/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22742 152868/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22743 152868/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22744 152868/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22745 152868/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22746 152868/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22747 152868/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22748 152868/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22749 152868/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22750 152868/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22751 152868/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22752 152868/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22753 152868/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22754 152868/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22755 152868/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22756 152868/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22757 152868/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22758 152868/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22759 152868/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22760 152868/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22761 152868/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22762 152868/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22763 153176/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22764 153176/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22765 153321/column-utils.c Buffer_Overflow_Indexes 60 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); set_time_seconds(&fd -> del_dis_ts,cinfo -> col_expr . col_expr_val[col]); col_set_delta_time_dis(fd,cinfo,col); col_set_fmt_time(fd,cinfo,cinfo -> col_fmt[col],col); col_fill_in_frame_data(fdata,cinfo,i,fill_col_exprs); col_set_fmt_time(fd,cinfo,cinfo -> col_fmt[col],col); col_set_cls_time(fd,cinfo,col); col_set_rel_time(fd,cinfo,col); set_time_seconds(&fd -> rel_ts,cinfo -> col_buf[col]); stonesoup_setup_printf_context(); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); misforms_procellose(sclerocornea_amygdalus); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22766 153321/column-utils.c Buffer_Overflow_Indexes 761 overwheel_orthopraxia = getenv("ALIUS_OVERTHICKNESS"); if (overwheel_orthopraxia != 0) {; wittekind_supernaturally = ((int )(strlen(overwheel_orthopraxia))); sclerocornea_amygdalus = ((char *)(malloc(wittekind_supernaturally + 1))); if (sclerocornea_amygdalus == 0) { memset(sclerocornea_amygdalus,0,wittekind_supernaturally + 1); memcpy(sclerocornea_amygdalus,overwheel_orthopraxia,wittekind_supernaturally); misforms_procellose(sclerocornea_amygdalus); void misforms_procellose(char *coloristic_gadaria) myenteron_byspell = ((char *)coloristic_gadaria); if (strlen(myenteron_byspell) < 20) { realpath(myenteron_byspell, stonesoup_data.base_path); if (coloristic_gadaria != 0) free(((char *)coloristic_gadaria)); 0 --------------------------------- 22767 153657/pgstat.c Buffer_Overflow_Indexes 324 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&lamping_goban,"SOODLE_ORTHOCEPHALY"); if (lamping_goban != 0) {; paludous_oversetting . lludd_mensis = ((char *)lamping_goban); clitia_outgroups[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *phototelescope_lyncid)))))))))))))))))))))))))))))))))))))))))))))))))] = paludous_oversetting; burled_blepharydatis = clitia_outgroups[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *phototelescope_lyncid)))))))))))))))))))))))))))))))))))))))))))))))))]; cottbus_billows = ((char *)burled_blepharydatis . lludd_mensis); stonesoup_my_buff_size = ((int )(strlen(cottbus_billows))); for (; stonesoup_ss_i < stonesoup_my_buff_size; ++stonesoup_ss_i){ if (burled_blepharydatis . lludd_mensis != 0) free(((char *)burled_blepharydatis . lludd_mensis)); 0 --------------------------------- 22768 153657/pgstat.c Buffer_Overflow_Indexes 319 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22769 153657/pgstat.c Buffer_Overflow_Indexes 278 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&lamping_goban,"SOODLE_ORTHOCEPHALY"); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22770 153657/pgstat.c Buffer_Overflow_cpycat 2463 PgBackendStatus *localtable; localtable = ((PgBackendStatus *)(MemoryContextAlloc(pgStatLocalContext,sizeof(PgBackendStatus ) * MaxBackends))); localappname = ((char *)(MemoryContextAlloc(pgStatLocalContext,(64 * MaxBackends)))); localactivity = ((char *)(MemoryContextAlloc(pgStatLocalContext,(pgstat_track_activity_query_size * MaxBackends)))); beentry = BackendStatusArray; beentry++; localactivity += pgstat_track_activity_query_size; strcpy(localactivity,((char *)(beentry -> st_activity))); 0 --------------------------------- 22771 153657/pgstat.c Buffer_Overflow_cpycat 2461 PgBackendStatus *localtable; localtable = ((PgBackendStatus *)(MemoryContextAlloc(pgStatLocalContext,sizeof(PgBackendStatus ) * MaxBackends))); localappname = ((char *)(MemoryContextAlloc(pgStatLocalContext,(64 * MaxBackends)))); beentry = BackendStatusArray; beentry++; localappname += 64; strcpy(localappname,((char *)(beentry -> st_appname))); 0 --------------------------------- 22772 153098/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22773 153098/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22774 153294/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22775 153294/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22776 831/basic-00180-large.c Buffer_Overflow_Indexes 51 int main(int argc, char *argv[]) if ((argc < 5) || (atoi(argv[4]) > 4105)) buf[atoi(argv[4])] = 'A'; 0 --------------------------------- 22777 153711/timestamp.c Buffer_Overflow_Indexes 134 diplomates_cavalero = getenv("SLAUGHTERHOUSE_STEEVED"); if (diplomates_cavalero != 0) {; merribush_smoulder . serosal_semimarking = diplomates_cavalero; resinated_postdepressive = &merribush_smoulder; creekfishes_stenotaphrum = ((union triadelphous_russify *)(((unsigned long )resinated_postdepressive) * uninferable_ipso * uninferable_ipso)) + 5; theorbist_ptt(monopectinate_myospasmia,creekfishes_stenotaphrum); void theorbist_ptt(int cavelet_goosebone,union triadelphous_russify *labourism_sextettes) theorbist_ptt(cavelet_goosebone,labourism_sextettes); 0 --------------------------------- 22778 153711/timestamp.c Buffer_Overflow_Indexes 61 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); theorbist_ptt(monopectinate_myospasmia,creekfishes_stenotaphrum); theorbist_ptt(cavelet_goosebone,labourism_sextettes); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22779 153711/timestamp.c Buffer_Overflow_LowBound 193 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 22780 153711/timestamp.c Buffer_Overflow_LowBound 184 char stonesoup_source[1024]; osirian_bochum = ((char *)( *(labourism_sextettes - 5)) . serosal_semimarking); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, osirian_bochum, sizeof(stonesoup_source)); 0 --------------------------------- 22781 153388/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22782 153388/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22783 153385/portalmem.c Buffer_Overflow_scanf 148 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&sophister_attiwendaronk,"2974",groundworks_argillite); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22784 153385/portalmem.c Buffer_Overflow_Indexes 100 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&sophister_attiwendaronk,"2974",groundworks_argillite); stonesoup_toupper(stonesoup_data.base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22785 153385/portalmem.c Buffer_Overflow_Indexes 146 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22786 153142/tile.c Buffer_Overflow_scanf 102 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&cydonia_atrichia,"5486",enchanting_kilobyte); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22787 153142/tile.c Buffer_Overflow_Indexes 100 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22788 153142/tile.c Buffer_Overflow_Indexes 399 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 22789 153142/tile.c Buffer_Overflow_Indexes 54 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22790 153609/img2.c Buffer_Overflow_scanf 92 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&ria_spik,"8625",pyrgocephalic_falafel); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22791 153609/img2.c Buffer_Overflow_Indexes 44 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22792 153609/img2.c Buffer_Overflow_Indexes 90 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22793 153609/img2.c Buffer_Overflow_LowBound 182 void hyllus_unstrictly(char **devocalisation_depew) carpos_radiale(devocalisation_depew); void carpos_radiale(char **desired_periodontics) char stonesoup_source[1024]; rutins_essenianism = ((char *)desired_periodontics[3]); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, rutins_essenianism, sizeof(stonesoup_source)); 0 --------------------------------- 22794 153609/img2.c Buffer_Overflow_LowBound 191 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 22795 149069/into2-bad.c Buffer_Overflow_Indexes 53 main(int argc, char **argv) if(argc != 2) l = strtoul(argv[1], 0, 10); if(l > UINT_MAX || (l == ULONG_MAX && errno == ERANGE)) test((unsigned int)l); test(unsigned int n) if(n > INT_MAX * .8) buf = malloc(n * sizeof *buf); if(!buf) for(i = 0; i < n; i++) free(buf); test((unsigned int)l); void test(unsigned int n) int *buf, i; if(n > INT_MAX * .8) return; buf = malloc(n * sizeof *buf); if(!buf) return; for(i = 0; i < n; i++) printf("%x ", buf[i] = i); printf("\n"); free(buf); 1 --------------------------------- 22796 152951/mux.c Buffer_Overflow_scanf 126 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&moderates_vinegarer,"7902",memorablenesses_informatory); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22797 152951/mux.c Buffer_Overflow_Indexes 124 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22798 152951/mux.c Buffer_Overflow_Indexes 78 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22799 153818/tile.c Buffer_Overflow_scanf 101 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&demander_bacule,"8148",cathedratic_epithymetic); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22800 153818/tile.c Buffer_Overflow_Indexes 99 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22801 153818/tile.c Buffer_Overflow_Indexes 53 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&demander_bacule,"8148",cathedratic_epithymetic); uneddying_mentobregmatic(hexanchidae_primar,anesthetist_spartans); uneddying_mentobregmatic(gombeen_unorientally,acopon_lacer); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22802 153818/tile.c Buffer_Overflow_LowBound 387 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, rescramble_breadmaking, stonesoup_buffer_len); 0 --------------------------------- 22803 153818/tile.c Buffer_Overflow_LowBound 412 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int cathedratic_epithymetic = 44; char *demander_bacule; stonesoup_read_taint(&demander_bacule,"8148",cathedratic_epithymetic); uncrude_eelgrass[30] = demander_bacule; anesthetist_spartans = uncrude_eelgrass; uneddying_mentobregmatic(hexanchidae_primar,anesthetist_spartans); uneddying_mentobregmatic(gombeen_unorientally,acopon_lacer); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, rescramble_breadmaking, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, rescramble_breadmaking, stonesoup_buffer_len); void uneddying_mentobregmatic(int gombeen_unorientally,char **acopon_lacer) rescramble_breadmaking = ((char *)acopon_lacer[30]); strncpy(stonesoup_buffer, rescramble_breadmaking, stonesoup_buffer_len); strncpy(stonesoup_buffer, rescramble_breadmaking, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, rescramble_breadmaking, stonesoup_buffer_len); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&demander_bacule,"8148",cathedratic_epithymetic); uncrude_eelgrass[30] = demander_bacule; anesthetist_spartans = uncrude_eelgrass; uneddying_mentobregmatic(hexanchidae_primar,anesthetist_spartans); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, rescramble_breadmaking, stonesoup_buffer_len); 1 --------------------------------- 22804 153755/dirent_uri.c Buffer_Overflow_Indexes 110 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22805 153755/dirent_uri.c Buffer_Overflow_Indexes 2060 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 22806 152971/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22807 152971/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22808 152983/dynahash.c Buffer_Overflow_Indexes 782 orchel_amroc = getenv("OVERCRITICIZE_AUBYN"); if (orchel_amroc != 0) {; blobbiest_ange . popularist_soiliest = orchel_amroc; rememorate_verticillus = ((char *)blobbiest_ange . popularist_soiliest); strncpy(stonesoup_source,rememorate_verticillus,sizeof(stonesoup_source)); 0 --------------------------------- 22809 152983/dynahash.c Buffer_Overflow_Indexes 247 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22810 152983/dynahash.c Buffer_Overflow_LowBound 803 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 22811 152983/dynahash.c Buffer_Overflow_LowBound 794 char stonesoup_source[1024]; orchel_amroc = getenv("OVERCRITICIZE_AUBYN"); blobbiest_ange . popularist_soiliest = orchel_amroc; rememorate_verticillus = ((char *)blobbiest_ange . popularist_soiliest); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,rememorate_verticillus,sizeof(stonesoup_source)); 0 --------------------------------- 22812 152983/dynahash.c Buffer_Overflow_cpycat 372 HTAB *hash_create(const char *tabname,long nelem,HASHCTL *info,int flags) CurrentDynaHashCxt = AllocSetContextCreate(CurrentDynaHashCxt,tabname,0,(8 * 1024),(8 * 1024 * 1024)); hashp = ((HTAB *)(DynaHashAlloc(sizeof(HTAB ) + strlen(tabname) + 1))); hashp -> tabname = ((char *)(hashp + 1)); strcpy(hashp -> tabname,tabname); 0 --------------------------------- 22813 153009/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22814 153009/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22815 153447/color.c Buffer_Overflow_Indexes 160 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22816 153447/color.c Buffer_Overflow_Indexes 158 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22817 153447/color.c Buffer_Overflow_Indexes 154 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22818 153447/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22819 153447/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22820 153447/color.c Buffer_Overflow_cpycat 350 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22821 153447/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22822 153447/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22823 153447/color.c Buffer_Overflow_cpycat 174 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22824 153447/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22825 153447/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22826 153447/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22827 153447/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22828 153447/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22829 153447/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22830 153447/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22831 153447/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22832 153447/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22833 153447/color.c Buffer_Overflow_cpycat 182 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22834 153447/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22835 153447/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22836 153447/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22837 153447/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22838 153447/color.c Buffer_Overflow_cpycat 329 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22839 153447/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22840 153447/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22841 153447/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22842 153447/color.c Buffer_Overflow_cpycat 330 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22843 153325/aviobuf.c Buffer_Overflow_Indexes 54 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&jazziness_aroynted,"FAIL_PICHICIEGO"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 22844 153325/aviobuf.c Buffer_Overflow_Indexes 95 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22845 153325/aviobuf.c Buffer_Overflow_Indexes 100 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&jazziness_aroynted,"FAIL_PICHICIEGO"); if (jazziness_aroynted != 0) {; columniferous_taborite = ((int )(strlen(jazziness_aroynted))); bushmaster_cachucho = ((char *)(malloc(columniferous_taborite + 1))); if (bushmaster_cachucho == 0) { memset(bushmaster_cachucho,0,columniferous_taborite + 1); memcpy(bushmaster_cachucho,jazziness_aroynted,columniferous_taborite); if (jazziness_aroynted != 0) free(((char *)jazziness_aroynted)); viddhal_stamford[5] = bushmaster_cachucho; debarbarization_vichyssoise = *(viddhal_stamford + conformers_hethen[1]); owens_insidiosity(debarbarization_vichyssoise); 0 --------------------------------- 22846 153325/aviobuf.c Buffer_Overflow_LowBound 1080 int avio_printf(AVIOContext *s,const char *fmt,... ) va_list ap; char buf[4096]; __builtin_va_start(ap,fmt); ret = vsnprintf(buf,sizeof(buf),fmt,ap); 0 --------------------------------- 22847 153325/aviobuf.c Buffer_Overflow_cpycat 1267 void imbathe_rhodophyta(char *beseecher_exhilarating) blackberrylike_strolling = ((char *)beseecher_exhilarating); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, blackberrylike_strolling); 0 --------------------------------- 22848 153267/stream.c Buffer_Overflow_Indexes 76 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&seroot_improvidences,"CASSANDRE_STEVINSON"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22849 153267/stream.c Buffer_Overflow_Indexes 117 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22850 153267/stream.c Buffer_Overflow_Indexes 122 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&seroot_improvidences,"CASSANDRE_STEVINSON"); if (seroot_improvidences != 0) {; duramens_tintinnabulous = ((int )(strlen(seroot_improvidences))); sogat_claw = ((char *)(malloc(duramens_tintinnabulous + 1))); if (sogat_claw == 0) { memset(sogat_claw,0,duramens_tintinnabulous + 1); memcpy(sogat_claw,seroot_improvidences,duramens_tintinnabulous); if (seroot_improvidences != 0) free(((char *)seroot_improvidences)); sandro_knublet = &sogat_claw; unstaid_venatorial = sandro_knublet + 5; globetrotter_prechallenge = ((char *)( *(unstaid_venatorial - 5))); stonesoup_buff_size = ((int )(strlen(globetrotter_prechallenge))); strncpy(stonesoup_heap_buff_64, globetrotter_prechallenge, 64); for (; stonesoup_ss_i < stonesoup_buff_size; ++stonesoup_ss_i){ if ( *(unstaid_venatorial - 5) != 0) free(((char *)( *(unstaid_venatorial - 5)))); 0 --------------------------------- 22851 153267/stream.c Buffer_Overflow_LowBound 223 void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *seroot_improvidences;; stonesoup_read_taint(&seroot_improvidences,"CASSANDRE_STEVINSON"); duramens_tintinnabulous = ((int )(strlen(seroot_improvidences))); sogat_claw = ((char *)(malloc(duramens_tintinnabulous + 1))); memset(sogat_claw,0,duramens_tintinnabulous + 1); memcpy(sogat_claw,seroot_improvidences,duramens_tintinnabulous); sandro_knublet = &sogat_claw; unstaid_venatorial = sandro_knublet + 5; globetrotter_prechallenge = ((char *)( *(unstaid_venatorial - 5))); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(globetrotter_prechallenge))); strncpy(stonesoup_heap_buff_64, globetrotter_prechallenge, 64); 0 --------------------------------- 22852 153401/e_camellia.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&unshored_antipart,"WAILY_LATRICIA"); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22853 153401/e_camellia.c Buffer_Overflow_Indexes 129 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&unshored_antipart,"WAILY_LATRICIA"); if (unshored_antipart != 0) {; unsuppressible_esne = unshored_antipart; chilicote_kalends[5] = unsuppressible_esne; hainanese_illumining = *(chilicote_kalends + underbubble_colourtype[1]); if (hainanese_illumining != 0) { cite_daying = ((char *)hainanese_illumining); strncpy(stonesoup_source,cite_daying,sizeof(stonesoup_source)); if (hainanese_illumining != 0) free(((char *)hainanese_illumining)); 0 --------------------------------- 22854 153401/e_camellia.c Buffer_Overflow_Indexes 124 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22855 153401/e_camellia.c Buffer_Overflow_LowBound 348 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 22856 153401/e_camellia.c Buffer_Overflow_LowBound 339 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; char *unshored_antipart;; stonesoup_read_taint(&unshored_antipart,"WAILY_LATRICIA"); unsuppressible_esne = unshored_antipart; chilicote_kalends[5] = unsuppressible_esne; underbubble_colourtype[1] = 5; hainanese_illumining = *(chilicote_kalends + underbubble_colourtype[1]); cite_daying = ((char *)hainanese_illumining); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,cite_daying,sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&unshored_antipart,"WAILY_LATRICIA"); unsuppressible_esne = unshored_antipart; chilicote_kalends[5] = unsuppressible_esne; hainanese_illumining = *(chilicote_kalends + underbubble_colourtype[1]); cite_daying = ((char *)hainanese_illumining); strncpy(stonesoup_source,cite_daying,sizeof(stonesoup_source)); 0 --------------------------------- 22857 153003/cmdutils.c Buffer_Overflow_Indexes 128 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&herdsman_bloodmobiles,"SWACKING_STUBBINESS"); if (herdsman_bloodmobiles != 0) {; undermelodies_anno[5] = herdsman_bloodmobiles; endurance_promemorial = *(undermelodies_anno + *boondogglers_morea); decade_byssaceous = ((char *)endurance_promemorial); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(decade_byssaceous)+1, decade_byssaceous, "TRIGGER-STATE"); strncpy(stonesoup_buffer,decade_byssaceous,strlen(decade_byssaceous) + 1); if (endurance_promemorial != 0) free(((char *)endurance_promemorial)); 0 --------------------------------- 22858 153003/cmdutils.c Buffer_Overflow_Indexes 123 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22859 153003/cmdutils.c Buffer_Overflow_Indexes 1684 int c = getchar(); int yesno = av_toupper(c) == 'Y'; while(c != '\n' && c != - 1) return yesno; 0 --------------------------------- 22860 153003/cmdutils.c Buffer_Overflow_Indexes 82 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&herdsman_bloodmobiles,"SWACKING_STUBBINESS"); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22861 153003/cmdutils.c Buffer_Overflow_Indexes 1687 c = getchar(); while(c != '\n' && c != - 1) 0 --------------------------------- 22862 153003/cmdutils.c Buffer_Overflow_Indexes 506 if ((env = (getenv("FFREPORT"))) || idx) { init_report(env); static int init_report(const char *env); 0 --------------------------------- 22863 153003/cmdutils.c Buffer_Overflow_LowBound 1751 FILE *get_preset_file(char *filename,size_t filename_size,const char *preset_name,int is_path,const char *codec_name) snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); 0 --------------------------------- 22864 153003/cmdutils.c Buffer_Overflow_LowBound 1864 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char stonesoup_buffer[8]; char *herdsman_bloodmobiles; stonesoup_read_taint(&herdsman_bloodmobiles,"SWACKING_STUBBINESS"); undermelodies_anno[5] = herdsman_bloodmobiles; softnesses_quaddle = 5; boondogglers_morea = &softnesses_quaddle; endurance_promemorial = *(undermelodies_anno + *boondogglers_morea); decade_byssaceous = ((char *)endurance_promemorial); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(decade_byssaceous)+1, decade_byssaceous, "TRIGGER-STATE"); strncpy(stonesoup_buffer,decade_byssaceous,strlen(decade_byssaceous) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&herdsman_bloodmobiles,"SWACKING_STUBBINESS"); undermelodies_anno[5] = herdsman_bloodmobiles; endurance_promemorial = *(undermelodies_anno + *boondogglers_morea); decade_byssaceous = ((char *)endurance_promemorial); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(decade_byssaceous)+1, decade_byssaceous, "TRIGGER-STATE"); strncpy(stonesoup_buffer,decade_byssaceous,strlen(decade_byssaceous) + 1); 1 --------------------------------- 22865 153003/cmdutils.c Buffer_Overflow_LowBound 1748 f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); 0 --------------------------------- 22866 153003/cmdutils.c Buffer_Overflow_LowBound 1273 printf("%s %s [%s]:\n",(encoder?"Encoder" : "Decoder"),c -> name,(c -> long_name?c -> long_name : "")); char name[16]; snprintf(name,sizeof(name),"%d", *p); show_help_children(c -> priv_class,1 | 2); if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { while(prev = (av_codec_next(prev))){ if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { return prev; return ((void *)0); while(codec = next_codec_for_id(desc -> id,codec,encoder)){ print_codec(codec); *(par++) = 0; show_help_codec(par,0); show_help_codec(par,1); static void print_codec(const AVCodec *c) int encoder = av_codec_is_encoder(c); const int *p = c -> supported_samplerates; snprintf(name,sizeof(name),"%d", *p); p++; snprintf(name,sizeof(name),"%d", *p); print_codec(codec); while(codec = next_codec_for_id(desc -> id,codec,encoder)){ static const AVCodec *next_codec_for_id(enum AVCodecID id,const AVCodec *prev,int encoder) while(prev = (av_codec_next(prev))){ if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { return prev; while(codec = next_codec_for_id(desc -> id,codec,encoder)){ print_codec(codec); static void print_codec(const AVCodec *c) const int *p = c -> supported_samplerates; snprintf(name,sizeof(name),"%d", *p); static void show_help_codec(const char *name,int encoder) codec = ((encoder?avcodec_find_encoder_by_name(name) : avcodec_find_decoder_by_name(name))); print_codec(codec); int show_help(void *optctx,const char *opt,const char *arg) topic = av_strdup((arg?arg : "")); par = strchr(topic,'='); show_help_codec(par,1); show_help_children(child,flags); print_codec(codec); 0 --------------------------------- 22867 153224/error.c Buffer_Overflow_Indexes 194 simuliid_swordmen = getenv("MINONG_MARSUPIALISING"); if (simuliid_swordmen != 0) {; tyranni_thriftless = ((void *)simuliid_swordmen); autosomes_rougy(tyranni_thriftless); void autosomes_rougy(void *const krakatao_caulinar) corimelaena_glucina = ((char *)((char *)((void *)krakatao_caulinar))); stonesoup_other_buff[7] = corimelaena_glucina; stonesoup_buff_size = ((int )(strlen(corimelaena_glucina))); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_other_buff", stonesoup_other_buff, "INITIAL-STATE"); for (; stonesoup_buff_size >= 0; (--stonesoup_my_buff_size , --stonesoup_buff_size)) { stonesoup_stack_buff_64[stonesoup_my_buff_size] = corimelaena_glucina[stonesoup_buff_size]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buff_64", stonesoup_stack_buff_64, "CROSSOVER-STATE"); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(corimelaena_glucina)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); void stonesoup_printf(char * format, ...) { stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buff_64", stonesoup_stack_buff_64, "FINAL-STATE"); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); 0 --------------------------------- 22868 153224/error.c Buffer_Overflow_Indexes 72 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); autosomes_rougy(tyranni_thriftless); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(corimelaena_glucina)); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(corimelaena_glucina)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22869 152933/column-utils.c Buffer_Overflow_Indexes 60 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22870 152933/column-utils.c Buffer_Overflow_Indexes 762 nominalness_violater = getenv("KORI_COAGRICULTURIST"); if (nominalness_violater != 0) {; semiproof_hellions = nominalness_violater; gabion_massicots = inquilinism_aurita(semiproof_hellions); trialogue_wovens inquilinism_aurita(trialogue_wovens appositely_thackless); 0 --------------------------------- 22871 152933/column-utils.c Buffer_Overflow_LowBound 2174 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 22872 152933/column-utils.c Buffer_Overflow_LowBound 2165 void predeclaration_pipecoline(trialogue_wovens aube_unadduceable) char stonesoup_source[1024]; perigord_camauro = ((char *)aube_unadduceable); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, perigord_camauro, sizeof(stonesoup_source)); 0 --------------------------------- 22873 153736/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22874 153736/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22875 153375/mux.c Buffer_Overflow_Indexes 115 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22876 153375/mux.c Buffer_Overflow_Indexes 74 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22877 153375/mux.c Buffer_Overflow_Indexes 120 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&counterterror_overfee,"MELIORABILITY_PARALLELABLE"); if (counterterror_overfee != 0) {; seminium_haciendado = ((void *)counterterror_overfee); spiel_conolophus = &seminium_haciendado; czechoslovak_holophrasis = &spiel_conolophus; cinemactic_cannot = &czechoslovak_holophrasis; wycoff_bedeen = &cinemactic_cannot; splendorous_gluons = &wycoff_bedeen; archaiser_retroflexion = &splendorous_gluons; irritableness_isoscope = &archaiser_retroflexion; pantod_bpoe = &irritableness_isoscope; daylights_prayerfully = &pantod_bpoe; pinipicrin_chinkiang = &daylights_prayerfully; lithoglyptics_goog = &pinipicrin_chinkiang; mottling_clavial = &lithoglyptics_goog; mesophragm_hegumenes = &mottling_clavial; perfectas_zophorus = &mesophragm_hegumenes; praetorian_steadfast = &perfectas_zophorus; godless_fraternizing = &praetorian_steadfast; rescriptive_enoptromancy = &godless_fraternizing; dorati_sellers = &rescriptive_enoptromancy; tagalogs_culpon = &dorati_sellers; citlaltpetl_plantations = &tagalogs_culpon; 0 --------------------------------- 22878 152889/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22879 152889/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22880 153736/types.c Buffer_Overflow_scanf 95 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&truckie_undreadful,"2634",unchauvinistic_cornmuse); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22881 153736/types.c Buffer_Overflow_Indexes 93 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22882 153736/types.c Buffer_Overflow_Indexes 47 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22883 153017/cryptlib.c Buffer_Overflow_scanf 223 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&frayne_enalite,"4915",scrutinate_ndebele); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22884 153017/cryptlib.c Buffer_Overflow_Indexes 175 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&frayne_enalite,"4915",scrutinate_ndebele); leaned_redecorator(1,soule_roughings); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22885 153017/cryptlib.c Buffer_Overflow_Indexes 221 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22886 153017/cryptlib.c Buffer_Overflow_Indexes 668 if (env = getenv("OPENSSL_ia32cap")) { int off = env[0] == '~'?1 : 0; 0 --------------------------------- 22887 153144/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 22888 153144/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 22889 153822/config_file.c Buffer_Overflow_Indexes 139 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&unsurprising_inconnection,"SINNAMAHONING_CONSULTORY"); if (unsurprising_inconnection != 0) {; counterfire_incorresponding . adenine_fuellers = ((char *)unsurprising_inconnection); underpraise_raft = &counterfire_incorresponding; struthiform_sups = &underpraise_raft; 0 --------------------------------- 22890 153822/config_file.c Buffer_Overflow_Indexes 134 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22891 153822/config_file.c Buffer_Overflow_Indexes 93 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&unsurprising_inconnection,"SINNAMAHONING_CONSULTORY"); stonesoup_toupper(stonesoup_data.base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22892 149075/mem3-bad.c Buffer_Overflow_Indexes 45 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; p = test(userstr); test(char *str) p = strdup(str); if(p) { printf("result: %s\n", p); free(p); return p; p = test(userstr); if(p) free(p); 0 --------------------------------- 22893 149061/fmt3-bad.c Buffer_Overflow_Indexes 57 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) filter(str, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789: %"); filter(char *str, const char *whitelist) for(src = str, dst = str; *src; src++) *dst = '\0'; snprintf(buf, sizeof buf, "<%s>", str); syslog(LOG_CRIT, buf); 1 --------------------------------- 22894 149061/fmt3-bad.c Buffer_Overflow_LowBound 52 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) filter(str, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789: %"); filter(char *str, const char *whitelist) char buf[MAXSIZE]; snprintf(buf, sizeof buf, "<%s>", str); 0 --------------------------------- 22895 152978/column-utils.c Buffer_Overflow_scanf 111 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&utees_torbay,"2314",prenebular_teleplays); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22896 152978/column-utils.c Buffer_Overflow_Indexes 109 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22897 152978/column-utils.c Buffer_Overflow_Indexes 63 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&utees_torbay,"2314",prenebular_teleplays); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 22898 152978/column-utils.c Buffer_Overflow_cpycat 2195 void alniresinol_poeticising(char *discretely_pivotmen) czaric_nudenesses = ((char *)discretely_pivotmen); stonesoup_buffer = malloc((strlen(czaric_nudenesses) + 1) * sizeof(char )); strcpy(stonesoup_buffer,czaric_nudenesses); 0 --------------------------------- 22899 153347/bufmgr.c Buffer_Overflow_Indexes 148 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22900 1636/spr1-bad.c Buffer_Overflow_Indexes 42 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) sprintf(buf, "<%s>", str); printf("result: %s\n", buf); 1 --------------------------------- 22901 153333/utils.c Buffer_Overflow_scanf 115 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&stranglement_sliverer,"7335",anthocephalous_paraconid); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22902 153333/utils.c Buffer_Overflow_Indexes 67 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22903 153333/utils.c Buffer_Overflow_Indexes 113 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22904 153333/utils.c Buffer_Overflow_LowBound 4402 int ff_url_join(char *str,int size,const char *proto,const char *authorization,const char *hostname,int port,const char *fmt,... ) str[0] = '\0'; av_strlcatf(str,size,"%s: av_strlcatf(str,size,"%s@",authorization); av_strlcat(str,"[",size); av_strlcat(str,hostname,size); av_strlcat(str,"]",size); av_strlcat(str,hostname,size); av_strlcat(str,hostname,size); av_strlcatf(str,size,":%d",port); va_list vl; int len = (strlen(str)); __builtin_va_start(vl,fmt); vsnprintf(str + len,(size > len?size - len : 0),fmt,vl); 0 --------------------------------- 22905 153333/utils.c Buffer_Overflow_LowBound 3960 return av_guess_format("image2",((void *)0),((void *)0)); return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if (!av_filename_number_test(filename)) { char buf1[20]; nd = 0; while(av_isdigit(( *p))){ c = *(p++); nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); memcpy(q,buf1,len); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); int av_filename_number_test(const char *filename) return filename && av_get_frame_filename(buf,(sizeof(buf)),filename,1) >= 0; int av_get_frame_filename(char *buf,int buf_size,const char *path,int number) p = path; c = *(p++); nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); AVOutputFormat *av_guess_format(const char *short_name,const char *filename,const char *mime_type) if (!short_name && filename && av_filename_number_test(filename) && (ff_guess_image2_codec(filename)) != AV_CODEC_ID_NONE) { int av_probe_input_buffer(AVIOContext *pb,AVInputFormat **fmt,const char *filename,void *logctx,unsigned int offset,unsigned int max_probe_size) if (!av_filename_number_test(filename)) { int avformat_open_input(AVFormatContext **ps,const char *filename,AVInputFormat *fmt,AVDictionary **options) if ((ret = init_input(s,filename,&tmp)) < 0) { static int init_input(AVFormatContext *s,const char *filename,AVDictionary **options) if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { if (!av_filename_number_test(filename)) { 0 --------------------------------- 22906 321/basic-00052-min.c Buffer_Overflow_LowBound 62 char buf[10]; src[11 - 1] = '\0'; strncpy(buf, src, index_array[0]); 1 --------------------------------- 22907 153132/color.c Buffer_Overflow_scanf 170 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; sscanf(param,"%p",&fct_ptr_addr); int reimburser_lorinda = 26; char *aerobian_triflingness; stonesoup_read_taint(&aerobian_triflingness,"7704",reimburser_lorinda); pebworth_reophore = ((char *)aerobian_triflingness); stonesoup_fp = stonesoup_switch_func(pebworth_reophore); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&aerobian_triflingness,"7704",reimburser_lorinda); pebworth_reophore = ((char *)aerobian_triflingness); stonesoup_fp = stonesoup_switch_func(pebworth_reophore); 0 --------------------------------- 22908 153132/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&aerobian_triflingness,"7704",reimburser_lorinda); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22909 153132/color.c Buffer_Overflow_Indexes 188 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22910 153132/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&aerobian_triflingness,"7704",reimburser_lorinda); stonesoup_fp = stonesoup_switch_func(pebworth_reophore); stonesoup_printf("strings are equal\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strings are equal\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22911 153132/color.c Buffer_Overflow_Indexes 194 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22912 153132/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22913 153132/color.c Buffer_Overflow_Indexes 192 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22914 153132/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22915 153132/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22916 153132/color.c Buffer_Overflow_cpycat 363 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22917 153132/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22918 153132/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22919 153132/color.c Buffer_Overflow_cpycat 356 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22920 153132/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22921 153132/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22922 153132/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22923 153132/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22924 153132/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22925 153132/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22926 153132/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22927 153132/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22928 153132/color.c Buffer_Overflow_cpycat 384 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22929 153132/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22930 153132/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22931 153132/color.c Buffer_Overflow_cpycat 208 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22932 153132/color.c Buffer_Overflow_cpycat 364 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22933 153132/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22934 153132/color.c Buffer_Overflow_cpycat 328 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22935 153132/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22936 153132/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22937 153132/color.c Buffer_Overflow_cpycat 349 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22938 153293/timestamp.c Buffer_Overflow_Indexes 51 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 22939 153293/timestamp.c Buffer_Overflow_Indexes 97 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&photograph_dworak,"UNFEARY_HYBRIDISER"); if (photograph_dworak != 0) {; egrep_adiathermancy[36] = photograph_dworak; obdurately_buckman(egrep_adiathermancy); 0 --------------------------------- 22940 153293/timestamp.c Buffer_Overflow_Indexes 92 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22941 153522/dirent_uri.c Buffer_Overflow_Indexes 110 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22942 153522/dirent_uri.c Buffer_Overflow_LowBound 2070 void stackman_sobralite(char **remisrepresent_pictureless) newfeld_baptistown = ((char *)remisrepresent_pictureless[11]); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(newfeld_baptistown))); strncpy(stonesoup_heap_buff_64, newfeld_baptistown, 64); 0 --------------------------------- 22943 153240/color.c Buffer_Overflow_Indexes 537 inamovability_pictet = getenv("SEMIDIGESTED_MACHINEMEN"); if (inamovability_pictet != 0) {; shipwrecks_scrawly = ((char *)inamovability_pictet); stonesoup_buff_size = ((int )(strlen(shipwrecks_scrawly))); strncpy(stonesoup_heap_buff_64, shipwrecks_scrawly, 64); for (; stonesoup_ss_i < stonesoup_buff_size; ++stonesoup_ss_i){ 0 --------------------------------- 22944 153240/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22945 153240/color.c Buffer_Overflow_Indexes 149 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22946 153240/color.c Buffer_Overflow_Indexes 147 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22947 153240/color.c Buffer_Overflow_Indexes 143 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22948 153240/color.c Buffer_Overflow_LowBound 548 inamovability_pictet = getenv("SEMIDIGESTED_MACHINEMEN"); shipwrecks_scrawly = ((char *)inamovability_pictet); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(shipwrecks_scrawly))); strncpy(stonesoup_heap_buff_64, shipwrecks_scrawly, 64); 0 --------------------------------- 22949 153240/color.c Buffer_Overflow_cpycat 318 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 22950 153240/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22951 153240/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22952 153240/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22953 153240/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22954 153240/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22955 153240/color.c Buffer_Overflow_cpycat 171 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22956 153240/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22957 153240/color.c Buffer_Overflow_cpycat 339 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22958 153240/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22959 153240/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22960 153240/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22961 153240/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22962 153240/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22963 153240/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22964 153240/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22965 153240/color.c Buffer_Overflow_cpycat 206 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22966 153240/color.c Buffer_Overflow_cpycat 206 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22967 153240/color.c Buffer_Overflow_cpycat 163 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22968 153240/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22969 153240/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22970 153240/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22971 153240/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22972 153240/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22973 153240/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22974 153004/tile-manager.c Buffer_Overflow_scanf 99 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&gronchi_unamusing,"5380",overwheel_sober); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 22975 153004/tile-manager.c Buffer_Overflow_Indexes 51 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&gronchi_unamusing,"5380",overwheel_sober); stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22976 153004/tile-manager.c Buffer_Overflow_Indexes 97 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22977 153004/tile-manager.c Buffer_Overflow_LowBound 765 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 22978 153004/tile-manager.c Buffer_Overflow_LowBound 756 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; int overwheel_sober = 91; char *gronchi_unamusing; stonesoup_read_taint(&gronchi_unamusing,"5380",overwheel_sober); brakemaker_apyrexy = &gronchi_unamusing; arta_podophyllotoxin = ((char *)( *brakemaker_apyrexy)); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, arta_podophyllotoxin, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&gronchi_unamusing,"5380",overwheel_sober); brakemaker_apyrexy = &gronchi_unamusing; arta_podophyllotoxin = ((char *)( *brakemaker_apyrexy)); strncpy(stonesoup_source, arta_podophyllotoxin, sizeof(stonesoup_source)); 0 --------------------------------- 22979 152878/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 22980 152878/color.c Buffer_Overflow_Indexes 180 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 22981 152878/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&bipartisanism_surlier,"TERNED_TORTUOUSNESS"); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 22982 152878/color.c Buffer_Overflow_Indexes 184 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22983 152878/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&bipartisanism_surlier,"TERNED_TORTUOUSNESS"); if (bipartisanism_surlier != 0) {; molten_equally = ((char *)bipartisanism_surlier); strncpy(stonesoup_source, molten_equally, sizeof(stonesoup_source)); if (bipartisanism_surlier != 0) free(((char *)bipartisanism_surlier)); 0 --------------------------------- 22984 152878/color.c Buffer_Overflow_Indexes 186 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22985 152878/color.c Buffer_Overflow_LowBound 594 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 22986 152878/color.c Buffer_Overflow_LowBound 585 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; char *bipartisanism_surlier; stonesoup_read_taint(&bipartisanism_surlier,"TERNED_TORTUOUSNESS"); molten_equally = ((char *)bipartisanism_surlier); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, molten_equally, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&bipartisanism_surlier,"TERNED_TORTUOUSNESS"); molten_equally = ((char *)bipartisanism_surlier); strncpy(stonesoup_source, molten_equally, sizeof(stonesoup_source)); 0 --------------------------------- 22987 152878/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22988 152878/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22989 152878/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22990 152878/color.c Buffer_Overflow_cpycat 208 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22991 152878/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22992 152878/color.c Buffer_Overflow_cpycat 348 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22993 152878/color.c Buffer_Overflow_cpycat 222 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22994 152878/color.c Buffer_Overflow_cpycat 200 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 22995 152878/color.c Buffer_Overflow_cpycat 376 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 22996 152878/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22997 152878/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22998 152878/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 22999 152878/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23000 152878/color.c Buffer_Overflow_cpycat 356 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23001 152878/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23002 152878/color.c Buffer_Overflow_cpycat 334 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23003 152878/color.c Buffer_Overflow_cpycat 235 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23004 152878/color.c Buffer_Overflow_cpycat 341 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23005 152878/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23006 152878/color.c Buffer_Overflow_cpycat 215 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23007 152878/color.c Buffer_Overflow_cpycat 355 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23008 152878/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23009 152878/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23010 152878/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23011 153185/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&dicksonia_blackjacks,"1955",caftan_deaccessioned); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23012 153185/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&dicksonia_blackjacks,"1955",caftan_deaccessioned); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23013 153185/color.c Buffer_Overflow_Indexes 181 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23014 153185/color.c Buffer_Overflow_Indexes 185 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23015 153185/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23016 153185/color.c Buffer_Overflow_Indexes 187 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23017 153185/color.c Buffer_Overflow_LowBound 588 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int caftan_deaccessioned = 53; char *dicksonia_blackjacks; stonesoup_read_taint(&dicksonia_blackjacks,"1955",caftan_deaccessioned); irrespirable_orthotropism = ((char *)dicksonia_blackjacks); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(irrespirable_orthotropism)+1, irrespirable_orthotropism, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, irrespirable_orthotropism, strlen(irrespirable_orthotropism) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&dicksonia_blackjacks,"1955",caftan_deaccessioned); irrespirable_orthotropism = ((char *)dicksonia_blackjacks); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(irrespirable_orthotropism)+1, irrespirable_orthotropism, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, irrespirable_orthotropism, strlen(irrespirable_orthotropism) + 1); 1 --------------------------------- 23018 153185/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23019 153185/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23020 153185/color.c Buffer_Overflow_cpycat 201 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23021 153185/color.c Buffer_Overflow_cpycat 377 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23022 153185/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23023 153185/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23024 153185/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23025 153185/color.c Buffer_Overflow_cpycat 356 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23026 153185/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23027 153185/color.c Buffer_Overflow_cpycat 328 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23028 153185/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23029 153185/color.c Buffer_Overflow_cpycat 349 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23030 153185/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23031 153185/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23032 153185/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23033 153185/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23034 153185/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23035 153185/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23036 153185/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23037 153185/color.c Buffer_Overflow_cpycat 357 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23038 153185/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23039 153185/color.c Buffer_Overflow_cpycat 244 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23040 153185/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23041 153185/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23042 1299/recipient.c Buffer_Overflow_fgets 1212 strcpy(bufp, denlstring(list, FALSE, TRUE)); oldto, shortenstring(buf, 203)); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); char *list; register ADDRESS *a; a = a->q_alias; ca = getctladdr(ctladdr); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; struct stat st; return (a); ca = getctladdr(ctladdr); ctladdr->q_uid = st.st_uid; ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_ruser = ca->q_ruser; pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register char **argv; while ((p = *argv++) != NULL) (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS *ctladdr; char *oldto = e->e_to; e->e_to = oldto; register ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS **sendq; e->e_nrcpts++; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_nrcpts++; e->e_flags |= EF_SENDRECEIPT; fprintf(e->e_xfp, register ENVELOPE *e; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (fstat(fileno(fp), &st) < 0) ctladdr->q_uid = st.st_uid; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); forward(a, sendq, aliaslevel, e); a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; e->e_message = newstr("Deferred: user database error"); e->e_nrcpts++; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_nrcpts++; e->e_flags |= EF_SENDRECEIPT; fprintf(e->e_xfp, register ENVELOPE *e; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); forward(a, sendq, aliaslevel, e); a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; e->e_to = a->q_paddr; e->e_origrcpt = a->q_paddr; e->e_origrcpt = ""; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *oldto = e->e_to; e->e_nrcpts++; oldto, shortenstring(buf, 203)); e->e_to = oldto; ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_to = NULL; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; char buf[MAXNAME + 1]; printf("sendto: %s\n ctladdr=", list); printaddr(ctladdr, FALSE); strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || e->e_flags &= ~EF_OLDSTYLE; delimiter = ' '; if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL) delimiter = ','; al = NULL; i = strlen(list) + 1; if (i <= sizeof buf) bufp = buf; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) auto char *delimptr; while ((isascii(*p) && isspace(*p)) || *p == ',') p++; p = delimptr; b = self_reference(a, e); a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); if (sameaddr(ctladdr, a)) b = self_reference(a, e); printaddr(a, FALSE); a->q_orcpt = ctladdr->q_orcpt; al = a; a->q_next = al; if (sameaddr(ctladdr, a)) printaddr(ctladdr, FALSE); a->q_alias = ctladdr; if (sameaddr(ctladdr, a)) ctladdr->q_flags |= QSELFREF; a->q_flags |= QDONTSEND; a->q_fullname = ctladdr->q_fullname; a->q_flags &= ~QINHERITEDBITS; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; al = a->q_next; register ADDRESS *a = al; alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; register ADDRESS **sendq; bool initialdontsend = bitset(QDONTSEND, a->q_flags); a->q_flags |= QPRIMARY; printaddr(a, FALSE); i = strlen(a->q_user); (void) strcpy(buf, a->q_user); a->q_flags |= QBADADDR; a->q_status = "5.7.1"; else if (bitset(QBOGUSSHELL, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_ruser, MyHostName); else if (bitset(QUNSAFEADDR, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_paddr); for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) printaddr(q, FALSE); if (!bitset(QPRIMARY, q->q_flags)) if (!bitset(QDONTSEND, a->q_flags)) q->q_flags |= a->q_flags; else if (bitset(QSELFREF, q->q_flags)) q->q_flags |= a->q_flags & ~QDONTSEND; a = q; a->q_next = NULL; printf("at trylocaluser %s\n", a->q_user); if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags)) a->q_flags |= QDONTSEND; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ctladdr->q_gid = st.st_gid; ctladdr->q_ruser = ca->q_ruser; pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= QQUEUEUP; ctladdr->q_flags |= QGOODUID; ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags |= QVERIFIED; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags &= ~QSELFREF; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags)) ctladdr->q_flags |= QDONTSEND; ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); message("including file %s", a->q_user); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; FILE *volatile fp = NULL; printf("include(%s)\n", fname); rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) 0 --------------------------------- 23043 1299/recipient.c Buffer_Overflow_cpycat 591 oldto, shortenstring(buf, 203)); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); e->e_to = oldto; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; i = strlen(a->q_user); buf = xalloc(i + 1); (void) strcpy(buf, a->q_user); stripquotes(buf); pw = finduser(buf, &fuzzy); a->q_user = newstr(pw->pw_name); (void) strcpy(buf, pw->pw_name); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); char *list; ctladdr->q_gid = st.st_gid; ctladdr->q_ruser = ca->q_ruser; pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); printaddr(a, FALSE); a->q_fullname = ctladdr->q_fullname; a->q_orcpt = ctladdr->q_orcpt; al = a; a->q_next = al; if (sameaddr(ctladdr, a)) printaddr(ctladdr, FALSE); a->q_alias = ctladdr; al = a; al = a->q_next; register ADDRESS *a = al; maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; register ADDRESS **sendq; bool initialdontsend = bitset(QDONTSEND, a->q_flags); printaddr(a, FALSE); a->q_flags |= QBADADDR; a->q_status = "5.7.1"; else if (bitset(QBOGUSSHELL, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_ruser, MyHostName); else if (bitset(QUNSAFEADDR, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) printaddr(q, FALSE); if (!bitset(QPRIMARY, q->q_flags)) if (!bitset(QDONTSEND, a->q_flags)) else if (bitset(QSELFREF, q->q_flags)) q->q_flags |= a->q_flags & ~QDONTSEND; a = q; printf("at trylocaluser %s\n", a->q_user); if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags)) a->q_flags |= QDONTSEND; message("including file %s", a->q_user); ctladdr->q_flags |= QVERIFIED; if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags)) ctladdr->q_flags |= QDONTSEND; ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; char buf[MAXLINE]; printaddr(ctladdr, FALSE); ca = getctladdr(ctladdr); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) a = a->q_alias; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= QQUEUEUP; ctladdr->q_flags |= QGOODUID; ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags &= ~QSELFREF; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS **sendq; printaddr(ctladdr, FALSE); if (sameaddr(ctladdr, a)) printaddr(ctladdr, FALSE); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS **sendq; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) a = q; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; struct stat st; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); if (fstat(fileno(fp), &st) < 0) ctladdr->q_uid = st.st_uid; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS *ctladdr; e->e_message = newstr("Deferred: user database error"); register ENVELOPE *e; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) e->e_nrcpts++; maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); forward(a, sendq, aliaslevel, e); e->e_nrcpts++; a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; char *oldto = e->e_to; e->e_message = newstr("Deferred: user database error"); if (bitset(EF_VRFYONLY, e->e_flags)) e->e_flags |= EF_SENDRECEIPT; fprintf(e->e_xfp, register ENVELOPE *e; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) e->e_nrcpts++; maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); forward(a, sendq, aliaslevel, e); e->e_nrcpts++; a = recipient(a, sendq, aliaslevel, e); e->e_to = oldto; register ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; char *oldto = e->e_to; e->e_nrcpts++; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); e->e_to = oldto; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; if (bitset(EF_VRFYONLY, e->e_flags)) nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; e->e_to = a->q_paddr; e->e_origrcpt = a->q_paddr; e->e_origrcpt = ""; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; e->e_to = NULL; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; char buf[MAXNAME + 1]; printf("sendto: %s\n ctladdr=", list); printaddr(ctladdr, FALSE); strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || e->e_flags &= ~EF_OLDSTYLE; delimiter = ' '; if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL) delimiter = ','; al = NULL; i = strlen(list) + 1; if (i <= sizeof buf) bufp = buf; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); auto char *delimptr; while ((isascii(*p) && isspace(*p)) || *p == ',') p++; p = delimptr; b = self_reference(a, e); a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); if (sameaddr(ctladdr, a)) ctladdr->q_flags |= QSELFREF; a->q_flags |= QDONTSEND; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; a->q_flags &= ~QINHERITEDBITS; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; char buf0[MAXNAME + 1]; i = strlen(a->q_user); if (i >= sizeof buf0) buf = xalloc(i + 1); buf = buf0; (void) strcpy(buf, a->q_user); stripquotes(buf); else if (!writable(buf, a->q_alias, SFF_CREAT)) auto bool fuzzy; pw = finduser(buf, &fuzzy); a->q_user = newstr(pw->pw_name); pw->pw_name); (void) strcpy(buf, pw->pw_name); 0 --------------------------------- 23044 1299/recipient.c Buffer_Overflow_cpycat 182 ADDRESS *ctladdr; if (sameaddr(ctladdr, a)) printaddr(ctladdr, FALSE); ctladdr->q_flags |= QSELFREF; struct stat st; if (fstat(fileno(fp), &st) < 0) ctladdr->q_uid = st.st_uid; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS *ctladdr; char *oldto = e->e_to; if (sameaddr(ctladdr, a)) a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); e->e_to = oldto; register ENVELOPE *e; register ADDRESS *a; i = strlen(a->q_user); (void) strcpy(buf, a->q_user); message("including file %s", a->q_user); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); char *list; printaddr(ctladdr, FALSE); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS *ctladdr; strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || i = strlen(list) + 1; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS **sendq; char *oldto = e->e_to; e->e_message = newstr("Deferred: user database error"); e->e_nrcpts++; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_nrcpts++; e->e_flags |= EF_SENDRECEIPT; fprintf(e->e_xfp, register ENVELOPE *e; e->e_to = a->q_paddr; e->e_message = newstr("Deferred: user database error"); e->e_nrcpts++; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_nrcpts++; e->e_flags |= EF_SENDRECEIPT; fprintf(e->e_xfp, a = recipient(a, sendq, aliaslevel, e); e->e_to = oldto; register ENVELOPE *e; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); forward(a, sendq, aliaslevel, e); a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; e->e_to = a->q_paddr; e->e_origrcpt = a->q_paddr; e->e_origrcpt = ""; e->e_nrcpts++; ENVELOPE *e; char *oldto = e->e_to; oldto, shortenstring(buf, 203)); e->e_to = oldto; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_to = NULL; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; char buf[MAXNAME + 1]; e->e_flags &= ~EF_OLDSTYLE; delimiter = ' '; if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL) delimiter = ','; al = NULL; i = strlen(list) + 1; if (i <= sizeof buf) bufp = buf; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) auto char *delimptr; while ((isascii(*p) && isspace(*p)) || *p == ',') p++; p = delimptr; b = self_reference(a, e); a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); a->q_next = al; a->q_alias = ctladdr; if (sameaddr(ctladdr, a)) a->q_flags |= QDONTSEND; a->q_fullname = ctladdr->q_fullname; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; a->q_flags &= ~QINHERITEDBITS; al = a; register ADDRESS *a = al; alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; register ADDRESS **sendq; bool initialdontsend = bitset(QDONTSEND, a->q_flags); a->q_flags |= QPRIMARY; i = strlen(a->q_user); (void) strcpy(buf, a->q_user); a->q_flags |= QBADADDR; a->q_status = "5.7.1"; else if (bitset(QBOGUSSHELL, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_ruser, MyHostName); else if (bitset(QUNSAFEADDR, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_paddr); for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) if (!bitset(QPRIMARY, q->q_flags)) else if (bitset(QSELFREF, q->q_flags)) a = q; if (sameaddr(q, a)) if (!bitset(QPRIMARY, q->q_flags)) if (!bitset(QDONTSEND, a->q_flags)) q->q_flags |= a->q_flags; else if (bitset(QSELFREF, q->q_flags)) q->q_flags |= a->q_flags & ~QDONTSEND; a = q; a->q_next = NULL; printf("at trylocaluser %s\n", a->q_user); if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags)) a->q_flags |= QDONTSEND; ctladdr->q_gid = st.st_gid; ctladdr->q_ruser = ca->q_ruser; pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; a = a->q_alias; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= QQUEUEUP; ctladdr->q_flags |= QGOODUID; ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags |= QVERIFIED; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags &= ~QSELFREF; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags)) ctladdr->q_flags |= QDONTSEND; ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); message("including file %s", a->q_user); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; FILE *volatile fp = NULL; char buf[MAXLINE]; printf("include(%s)\n", fname); rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); oldto, shortenstring(buf, 203)); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register char **argv; while ((p = *argv++) != NULL) (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); char *list; printf("sendto: %s\n ctladdr=", list); strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || i = strlen(list) + 1; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); 0 --------------------------------- 23045 1299/recipient.c Buffer_Overflow_cpycat 349 while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register char **argv; while ((p = *argv++) != NULL) (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); char *list; ADDRESS *ctladdr; a->q_alias = ctladdr; al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; ca = getctladdr(ctladdr); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; if (sameaddr(ctladdr, a)) a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; i = strlen(a->q_user); buf = xalloc(i + 1); (void) strcpy(buf, a->q_user); register ADDRESS *a; a = a->q_alias; ca = getctladdr(ctladdr); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; a = a->q_alias; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_ruser = ca->q_ruser; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS **sendq; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ctladdr->q_gid = st.st_gid; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); if (sameaddr(ctladdr, a)) b = self_reference(a, e); printaddr(a, FALSE); a->q_fullname = ctladdr->q_fullname; a->q_orcpt = ctladdr->q_orcpt; al = a; a->q_next = al; if (sameaddr(ctladdr, a)) printaddr(ctladdr, FALSE); a->q_alias = ctladdr; al = a; al = a->q_next; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; bool initialdontsend = bitset(QDONTSEND, a->q_flags); a->q_flags |= QPRIMARY; printaddr(a, FALSE); (void) strcpy(buf, a->q_user); a->q_flags |= QBADADDR; a->q_status = "5.7.1"; else if (bitset(QBOGUSSHELL, a->q_alias->q_flags)) oldto, shortenstring(buf, 203)); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_ruser, MyHostName); else if (bitset(QUNSAFEADDR, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_paddr); if (sameaddr(q, a)) printaddr(q, FALSE); if (!bitset(QPRIMARY, q->q_flags)) if (!bitset(QDONTSEND, a->q_flags)) q->q_flags |= a->q_flags; else if (bitset(QSELFREF, q->q_flags)) q->q_flags |= a->q_flags & ~QDONTSEND; a = q; a->q_next = NULL; printf("at trylocaluser %s\n", a->q_user); if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags)) a->q_flags |= QDONTSEND; message("including file %s", a->q_user); ctladdr->q_ruser = ca->q_ruser; pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= QQUEUEUP; ctladdr->q_flags |= QGOODUID; ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags &= ~QSELFREF; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS **sendq; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; ctladdr->q_gid = st.st_gid; ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; struct stat st; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); if (fstat(fileno(fp), &st) < 0) ctladdr->q_uid = st.st_uid; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); forward(a, sendq, aliaslevel, e); fprintf(e->e_xfp, a = recipient(a, sendq, aliaslevel, e); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; e->e_origrcpt = a->q_paddr; e->e_message = newstr("Deferred: user database error"); register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); e->e_nrcpts++; e->e_nrcpts++; register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *oldto = e->e_to; e->e_nrcpts++; oldto, shortenstring(buf, 203)); e->e_to = oldto; ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; e->e_to = a->q_paddr; e->e_origrcpt = ""; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; e->e_to = NULL; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; char buf[MAXNAME + 1]; printf("sendto: %s\n ctladdr=", list); printaddr(ctladdr, FALSE); strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || e->e_flags &= ~EF_OLDSTYLE; delimiter = ' '; if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL) delimiter = ','; al = NULL; i = strlen(list) + 1; if (i <= sizeof buf) bufp = buf; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) auto char *delimptr; while ((isascii(*p) && isspace(*p)) || *p == ',') p++; p = delimptr; b = self_reference(a, e); a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); if (sameaddr(ctladdr, a)) ctladdr->q_flags |= QSELFREF; a->q_flags |= QDONTSEND; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; a->q_flags &= ~QINHERITEDBITS; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; i = strlen(a->q_user); buf = xalloc(i + 1); (void) strcpy(buf, a->q_user); 0 --------------------------------- 23046 153260/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23047 153260/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23048 153292/config.c Buffer_Overflow_scanf 139 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&middorsal_hateable,"8925",nonresolvabness_damn); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23049 153292/config.c Buffer_Overflow_Indexes 91 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 23050 153292/config.c Buffer_Overflow_Indexes 137 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23051 153642/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23052 153642/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23053 153680/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23054 153680/color.c Buffer_Overflow_Indexes 577 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 23055 153680/color.c Buffer_Overflow_Indexes 165 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23056 153680/color.c Buffer_Overflow_Indexes 163 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23057 153680/color.c Buffer_Overflow_Indexes 159 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23058 153680/color.c Buffer_Overflow_cpycat 229 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23059 153680/color.c Buffer_Overflow_cpycat 187 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23060 153680/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23061 153680/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23062 153680/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23063 153680/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23064 153680/color.c Buffer_Overflow_cpycat 334 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23065 153680/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23066 153680/color.c Buffer_Overflow_cpycat 179 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23067 153680/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23068 153680/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23069 153680/color.c Buffer_Overflow_cpycat 194 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23070 153680/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23071 153680/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23072 153680/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23073 153680/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23074 153680/color.c Buffer_Overflow_cpycat 355 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23075 153680/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23076 153680/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23077 153680/color.c Buffer_Overflow_cpycat 214 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23078 153680/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23079 153680/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23080 153680/color.c Buffer_Overflow_cpycat 201 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23081 153680/color.c Buffer_Overflow_cpycat 222 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23082 153182/color.c Buffer_Overflow_Indexes 154 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23083 153182/color.c Buffer_Overflow_Indexes 156 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23084 153182/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23085 153182/color.c Buffer_Overflow_Indexes 544 kintra_urotoxia = getenv("PERFUSED_BEURRE"); if (kintra_urotoxia != 0) {; idiocrasy_victrices = ((char *)kintra_urotoxia); if (strlen(idiocrasy_victrices) < 20) {; realpath(idiocrasy_victrices, stonesoup_buff); 0 --------------------------------- 23086 153182/color.c Buffer_Overflow_Indexes 150 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23087 153182/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23088 153182/color.c Buffer_Overflow_cpycat 170 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23089 153182/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23090 153182/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23091 153182/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23092 153182/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23093 153182/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23094 153182/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23095 153182/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23096 153182/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23097 153182/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23098 153182/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23099 153182/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23100 153182/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23101 153182/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23102 153182/color.c Buffer_Overflow_cpycat 346 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23103 153182/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23104 153182/color.c Buffer_Overflow_cpycat 325 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23105 153182/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23106 153182/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23107 153182/color.c Buffer_Overflow_cpycat 192 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23108 153182/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23109 153182/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23110 153182/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23111 153744/types.c Buffer_Overflow_Indexes 374 mfb_disporous = getenv("HARDWICKIA_CYRTOGRAPH"); if (mfb_disporous != 0) {; mournfulnesses_deeds . cleanups_carneades = ((char *)mfb_disporous); *catalyst_trainer = mournfulnesses_deeds; 0 --------------------------------- 23112 153744/types.c Buffer_Overflow_Indexes 55 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 23113 153744/types.c Buffer_Overflow_cpycat 409 struct hyposensitivity_pam overactivity_itchily = {0}; valentine_unprying(&overactivity_itchily); durables_breakthrough(overactivity_itchily); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, totty_grillage); void durables_breakthrough(const struct hyposensitivity_pam breastwork_galvanometry) totty_grillage = ((char *)((struct hyposensitivity_pam )breastwork_galvanometry) . cleanups_carneades); strcpy(stonesoup_heap_buffer_64, totty_grillage); 1 --------------------------------- 23114 153799/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23115 153799/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23116 153013/file_wrappers.c Buffer_Overflow_Indexes 96 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23117 153013/file_wrappers.c Buffer_Overflow_Indexes 865 bemole_lilithe = getenv("ZOOIDS_UNDUPLICABILITY"); if (bemole_lilithe != 0) {; glycerolate_iodimetric[29] = bemole_lilithe; platycephalic_krishna[5] = glycerolate_iodimetric; mapland_camerlingos = *(platycephalic_krishna + *antimalarial_semireticulate); microcosmically_paynize = ((char *)mapland_camerlingos[29]); strncpy(stonesoup_source, microcosmically_paynize, sizeof(stonesoup_source)); 0 --------------------------------- 23118 153013/file_wrappers.c Buffer_Overflow_LowBound 888 char stonesoup_source[1024]; bemole_lilithe = getenv("ZOOIDS_UNDUPLICABILITY"); glycerolate_iodimetric[29] = bemole_lilithe; platycephalic_krishna[5] = glycerolate_iodimetric; smiths_redux = 5; antimalarial_semireticulate = &smiths_redux; mapland_camerlingos = *(platycephalic_krishna + *antimalarial_semireticulate); microcosmically_paynize = ((char *)mapland_camerlingos[29]); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, microcosmically_paynize, sizeof(stonesoup_source)); 0 --------------------------------- 23119 153013/file_wrappers.c Buffer_Overflow_LowBound 897 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 23120 153489/color.c Buffer_Overflow_Indexes 170 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23121 153489/color.c Buffer_Overflow_Indexes 172 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23122 153489/color.c Buffer_Overflow_Indexes 166 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23123 153489/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23124 153489/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23125 153489/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23126 153489/color.c Buffer_Overflow_cpycat 194 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23127 153489/color.c Buffer_Overflow_cpycat 334 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23128 153489/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23129 153489/color.c Buffer_Overflow_cpycat 221 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23130 153489/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23131 153489/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23132 153489/color.c Buffer_Overflow_cpycat 362 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23133 153489/color.c Buffer_Overflow_cpycat 229 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23134 153489/color.c Buffer_Overflow_cpycat 341 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23135 153489/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23136 153489/color.c Buffer_Overflow_cpycat 208 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23137 153489/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23138 153489/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23139 153489/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23140 153489/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23141 153489/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23142 153489/color.c Buffer_Overflow_cpycat 186 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23143 153489/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23144 153489/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23145 153489/color.c Buffer_Overflow_cpycat 597 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, grouseless_marte); void stonesoup_handle_taint(char *sulfured_lockerbie) grouseless_marte = ((char *)sulfured_lockerbie); strcpy(stonesoup_data->buffer, grouseless_marte); 1 --------------------------------- 23146 153489/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23147 153489/color.c Buffer_Overflow_cpycat 201 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23148 153489/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23149 153590/utf.c Buffer_Overflow_scanf 147 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&sisterhood_baghla,"8709",hybridity_unpublishably); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23150 153590/utf.c Buffer_Overflow_Indexes 99 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&sisterhood_baghla,"8709",hybridity_unpublishably); svn_error_t *svn_err__temp = svn_mutex__unlock(svn_mutex__m,get_xlate_handle_node_internal(ret,topage,frompage,userdata_key,pool)); return get_xlate_handle_node(ret,SVN_APR_UTF8_CHARSET,(assume_native_charset_is_utf8?SVN_APR_UTF8_CHARSET : ((const char *)1)),SVN_UTF_NTOU_XLATE_HANDLE,pool); svn_error_t *svn_err__temp = get_ntou_xlate_handle_node(&node,pool); return get_xlate_handle_node(ret,SVN_APR_UTF8_CHARSET,(assume_native_charset_is_utf8?SVN_APR_UTF8_CHARSET : ((const char *)1)),SVN_UTF_NTOU_XLATE_HANDLE,pool); svn_error_t *svn_err__temp = svn_mutex__unlock(svn_mutex__m,get_xlate_handle_node_internal(ret,topage,frompage,userdata_key,pool)); stonesoup_setup_printf_context(); stonesoup_read_taint(&sisterhood_baghla,"8709",hybridity_unpublishably); HOPI_CLIMBINGFISH(euclidian_gunstocker); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23151 153590/utf.c Buffer_Overflow_Indexes 145 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23152 153651/conversation.c Buffer_Overflow_Indexes 140 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23153 153651/conversation.c Buffer_Overflow_cpycat 1250 marrams_tommie = ((char *)( *(nonextrication_saltlick - 5)) . hoshi_aetheria); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, marrams_tommie); 1 --------------------------------- 23154 153702/config.c Buffer_Overflow_Indexes 79 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&mouthes_epigonation,"TARSOCLASIS_DEPOSING"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23155 153702/config.c Buffer_Overflow_Indexes 125 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&mouthes_epigonation,"TARSOCLASIS_DEPOSING"); if (mouthes_epigonation != 0) {; mazolysis_cacoethes = ((int )(strlen(mouthes_epigonation))); rontgenized_turtledom = ((char *)(malloc(mazolysis_cacoethes + 1))); if (rontgenized_turtledom == 0) { memset(rontgenized_turtledom,0,mazolysis_cacoethes + 1); memcpy(rontgenized_turtledom,mouthes_epigonation,mazolysis_cacoethes); if (mouthes_epigonation != 0) free(((char *)mouthes_epigonation)); titillating_mosaicked = &rontgenized_turtledom; sepiidae_edom = &titillating_mosaicked; sewellel_psychiatrists = &sepiidae_edom; gabbled_unpersonally = &sewellel_psychiatrists; capsomere_atlantis = &gabbled_unpersonally; depew_jello = &capsomere_atlantis; paramount_mandaeism = &depew_jello; overwinter_mycotoxic = ¶mount_mandaeism; mariastein_hinayana = &overwinter_mycotoxic; toluate_preciosities = &mariastein_hinayana; crotalaria_instantiations = ((char *)( *( *( *( *( *( *( *( *( *( *toluate_preciosities))))))))))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(crotalaria_instantiations)+1, crotalaria_instantiations, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, crotalaria_instantiations, strlen(crotalaria_instantiations) + 1); if ( *( *( *( *( *( *( *( *( *( *toluate_preciosities))))))))) != 0) free(((char *)( *( *( *( *( *( *( *( *( *( *toluate_preciosities)))))))))))); 0 --------------------------------- 23156 153702/config.c Buffer_Overflow_Indexes 120 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23157 153702/config.c Buffer_Overflow_LowBound 230 void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *mouthes_epigonation; stonesoup_read_taint(&mouthes_epigonation,"TARSOCLASIS_DEPOSING"); mazolysis_cacoethes = ((int )(strlen(mouthes_epigonation))); rontgenized_turtledom = ((char *)(malloc(mazolysis_cacoethes + 1))); memset(rontgenized_turtledom,0,mazolysis_cacoethes + 1); memcpy(rontgenized_turtledom,mouthes_epigonation,mazolysis_cacoethes); titillating_mosaicked = &rontgenized_turtledom; sepiidae_edom = &titillating_mosaicked; sewellel_psychiatrists = &sepiidae_edom; gabbled_unpersonally = &sewellel_psychiatrists; capsomere_atlantis = &gabbled_unpersonally; depew_jello = &capsomere_atlantis; paramount_mandaeism = &depew_jello; overwinter_mycotoxic = ¶mount_mandaeism; mariastein_hinayana = &overwinter_mycotoxic; toluate_preciosities = &mariastein_hinayana; crotalaria_instantiations = ((char *)( *( *( *( *( *( *( *( *( *( *toluate_preciosities))))))))))); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(crotalaria_instantiations)+1, crotalaria_instantiations, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, crotalaria_instantiations, strlen(crotalaria_instantiations) + 1); 1 --------------------------------- 23158 152977/types.c Buffer_Overflow_Indexes 83 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23159 153091/mux.c Buffer_Overflow_Indexes 75 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&ambilian_protract,"STUKA_RIVERET"); REMAIL_KERENSKY(loewy_meller); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23160 153091/mux.c Buffer_Overflow_Indexes 121 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&ambilian_protract,"STUKA_RIVERET"); if (ambilian_protract != 0) {; marshalsea_narrowy = ambilian_protract; upttorn_villageful = &marshalsea_narrowy; loewy_meller = upttorn_villageful + 5; REMAIL_KERENSKY(loewy_meller); void dipsomaniac_preindication(pecify_hybridiser *undistilled_hymenic) REMAIL_KERENSKY(loewy_meller); airspeeds_toxcatl = ((char *)( *(undistilled_hymenic - 5))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(airspeeds_toxcatl)+1, airspeeds_toxcatl, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, airspeeds_toxcatl, strlen(airspeeds_toxcatl) + 1); if ( *(undistilled_hymenic - 5) != 0) free(((char *)( *(undistilled_hymenic - 5)))); 0 --------------------------------- 23161 153091/mux.c Buffer_Overflow_Indexes 116 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23162 153091/mux.c Buffer_Overflow_LowBound 936 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *ambilian_protract; stonesoup_read_taint(&ambilian_protract,"STUKA_RIVERET"); marshalsea_narrowy = ambilian_protract; upttorn_villageful = &marshalsea_narrowy; loewy_meller = upttorn_villageful + 5; REMAIL_KERENSKY(loewy_meller); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); strncpy(stonesoup_data->buffer, airspeeds_toxcatl, strlen(airspeeds_toxcatl) + 1); void dipsomaniac_preindication(pecify_hybridiser *undistilled_hymenic) airspeeds_toxcatl = ((char *)( *(undistilled_hymenic - 5))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(airspeeds_toxcatl)+1, airspeeds_toxcatl, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, airspeeds_toxcatl, strlen(airspeeds_toxcatl) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&ambilian_protract,"STUKA_RIVERET"); marshalsea_narrowy = ambilian_protract; upttorn_villageful = &marshalsea_narrowy; loewy_meller = upttorn_villageful + 5; REMAIL_KERENSKY(loewy_meller); 1 --------------------------------- 23163 1628/scpy7-bad.c Buffer_Overflow_Indexes 47 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); strcpy(buf, str); printf("result: %s\n", buf); free(buf); 1 --------------------------------- 23164 153762/oids.c Buffer_Overflow_Indexes 159 char *debug_env = getenv("WIRESHARK_DEBUG_MIBS"); debuglevel = ((debug_env?strtoul(debug_env,((void *)0),10) : 0)); 0 --------------------------------- 23165 153762/oids.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23166 152922/column.c Buffer_Overflow_Indexes 93 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23167 152922/column.c Buffer_Overflow_cpycat 1279 void pyretic_gunmen(int borocarbide_lituite,char **monomya_graving) pyretic_gunmen(borocarbide_lituite,monomya_graving); exchanger_autophytography = ((char *)monomya_graving[7]); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, exchanger_autophytography); void stonesoup_handle_taint(char *attemperator_goodly) enviroment_peripheroceptor[7] = attemperator_goodly; dogfishes_panspermatist = enviroment_peripheroceptor; pyretic_gunmen(topotaxis_limmu,dogfishes_panspermatist); 1 --------------------------------- 23168 153414/dirent_uri.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); submucous_argyrosomus(1,chronol_bme); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23169 153414/dirent_uri.c Buffer_Overflow_Indexes 144 sca_paleocyclic = getenv("GRUMBLETONIAN_BLASTOMERE"); if (sca_paleocyclic != 0) {; chronol_bme . ficklety_sabellian = ((char *)sca_paleocyclic); 0 --------------------------------- 23170 153414/dirent_uri.c Buffer_Overflow_cpycat 2101 struct promiscuousness_rillette nonembryonal_sympathizing = {0}; va_list repulverize_outyielding; __builtin_va_start(repulverize_outyielding,intarsa_plagiarizers); nonembryonal_sympathizing = (va_arg(repulverize_outyielding,struct promiscuousness_rillette )); midrashim_vinegar = ((char *)nonembryonal_sympathizing . ficklety_sabellian); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, midrashim_vinegar); 1 --------------------------------- 23171 153035/avdevice.c Buffer_Overflow_scanf 107 stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; sscanf(param,"%p",&fct_ptr_addr); patella_whoremonger = ((char *)( *(prote_recelebrated - 5)) . scramble_minimising); stonesoup_fp = stonesoup_switch_func(patella_whoremonger); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 23172 153035/avdevice.c Buffer_Overflow_Indexes 82 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23173 153609/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23174 153609/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23175 153346/img2.c Buffer_Overflow_Indexes 43 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); moet_maudlinize(1,gonium_outdress); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23176 153346/img2.c Buffer_Overflow_Indexes 92 doodling_kolhoz = getenv("DIETETICAL_UNCOGNIZED"); if (doodling_kolhoz != 0) {; gonium_outdress = doodling_kolhoz; moet_maudlinize(1,gonium_outdress); void moet_maudlinize(int ass_addams,... ) 0 --------------------------------- 23177 153346/img2.c Buffer_Overflow_LowBound 153 pupas_superaffiuence cardioschisis_overproviding = 0; va_list millstream_philogynaecic; __builtin_va_start(millstream_philogynaecic,ass_addams); cardioschisis_overproviding = (va_arg(millstream_philogynaecic,pupas_superaffiuence )); enhancive_captor = ((char *)cardioschisis_overproviding); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(enhancive_captor))); strncpy(stonesoup_heap_buff_64, enhancive_captor, 64); 0 --------------------------------- 23178 153041/resowner.c Buffer_Overflow_Indexes 140 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&conglobulate_tauchnitz,"REBBA_BRACHIOTOMY"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); WITHER_PREFRANKNESS(sergeantship_nondoubting); stonesoup_printf("String is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("String is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23179 153041/resowner.c Buffer_Overflow_Indexes 181 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23180 153041/resowner.c Buffer_Overflow_Indexes 186 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&conglobulate_tauchnitz,"REBBA_BRACHIOTOMY"); if (conglobulate_tauchnitz != 0) {; hirling_morcha = ((int )(strlen(conglobulate_tauchnitz))); sergeantship_nondoubting = ((char *)(malloc(hirling_morcha + 1))); if (sergeantship_nondoubting == 0) { memset(sergeantship_nondoubting,0,hirling_morcha + 1); memcpy(sergeantship_nondoubting,conglobulate_tauchnitz,hirling_morcha); if (conglobulate_tauchnitz != 0) free(((char *)conglobulate_tauchnitz)); WITHER_PREFRANKNESS(sergeantship_nondoubting); void morea_werefox(char *demonetizes_paronym) WITHER_PREFRANKNESS(sergeantship_nondoubting); rushier_unstoutly = ((char *)demonetizes_paronym); stonesoup_input_len = strlen(rushier_unstoutly); if (stonesoup_input_len < 2) { stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); stonesoup_result = ( *stonesoup_function_ptr)(rushier_unstoutly); if (stonesoup_result == 0) if (demonetizes_paronym != 0) free(((char *)demonetizes_paronym)); void stonesoup_get_function(int len, fptr * modulus_function) { if (len > 10) { if (len < 10) { 0 --------------------------------- 23181 153630/heapam.c Buffer_Overflow_Indexes 136 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23182 153630/heapam.c Buffer_Overflow_cpycat 5238 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); reaccompanying_padishah = ((void *)ontine_pereira); yoldring_rager[5] = reaccompanying_padishah; aditus_expropriates = 5; longjmp(ultraterrene_tetradactylous,1); fluidification_eglin = ((char *)((char *)outwept_swb)); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); strcpy(stonesoup_heap_buffer_64, fluidification_eglin); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); tracepoint(stonesoup_trace, variable_address, "__builtin_return_address(0)", __builtin_return_address(0), "CROSSOVER-STATE"); ++stonesoup_global_variable;; if (ontine_pereira != 0) {; aditus_expropriates = 5; longjmp(ultraterrene_tetradactylous,1); 1 --------------------------------- 23183 153771/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23184 153771/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23185 153002/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23186 153002/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23187 153290/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23188 153290/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23189 153437/portalmem.c Buffer_Overflow_Indexes 107 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&wolffian_rous,"SPLENOLYMPHATIC_HETEROMORPHISM"); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23190 153437/portalmem.c Buffer_Overflow_Indexes 153 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&wolffian_rous,"SPLENOLYMPHATIC_HETEROMORPHISM"); if (wolffian_rous != 0) {; predoubtful_pleasing . math_nonreconcilably = ((char *)wolffian_rous); cetaceous_uncommonly = &predoubtful_pleasing; tarsoplasty_bowdlerized = &cetaceous_uncommonly; 0 --------------------------------- 23191 153437/portalmem.c Buffer_Overflow_Indexes 148 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23192 153437/portalmem.c Buffer_Overflow_LowBound 537 atropine_nonalarmist = ((char *)( *( *tarsoplasty_bowdlerized)) . math_nonreconcilably); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(atropine_nonalarmist)+1, atropine_nonalarmist, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, atropine_nonalarmist, strlen(atropine_nonalarmist) + 1); 1 --------------------------------- 23193 199283/memory_allocation_failure.c Buffer_Overflow_LowBound 261 char * buffer = 0; buffer = (char*) malloc(max_buffer * sizeof(char)); snprintf(buffer, max_buffer * sizeof(char), "Error: %s", error_log); char *str = "STRINGMEM"; memory_allocation_failure_008_func_001(str); char * memory_allocation_failure_008_func_001 (const char *msg) { const char *error_log = msg; snprintf(buffer, max_buffer * sizeof(char), "Error: %s", error_log); 1 --------------------------------- 23194 153280/hashfn.c Buffer_Overflow_Indexes 99 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&ancientry_citramide,"IMBATHE_VIVER"); if (ancientry_citramide != 0) {; chrysotherapy_quindecima . staphyloptosia_slidder = ancientry_citramide; *importable_rifacimento = chrysotherapy_quindecima; 0 --------------------------------- 23195 153280/hashfn.c Buffer_Overflow_Indexes 94 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23196 153280/hashfn.c Buffer_Overflow_Indexes 53 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 23197 311/basic-00050-large.c Buffer_Overflow_LowBound 62 char src[4106]; char buf[10]; memset(src, 'A', 4106); src[4106 - 1] = '\0'; i = 4107; strncpy(buf, src, 4106 % i); 1 --------------------------------- 23198 153441/oids.c Buffer_Overflow_Indexes 167 char *debug_env = getenv("WIRESHARK_DEBUG_MIBS"); debuglevel = ((debug_env?strtoul(debug_env,((void *)0),10) : 0)); 0 --------------------------------- 23199 153441/oids.c Buffer_Overflow_Indexes 139 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23200 153441/oids.c Buffer_Overflow_cpycat 1356 grandmothers_stylo = ((char *)teknonymously_vanquishes . reassert_skulkers); stonesoup_buffer = malloc((strlen(grandmothers_stylo) + 1) * sizeof(char )); strcpy(stonesoup_buffer,grandmothers_stylo); 0 --------------------------------- 23201 153153/subtrans.c Buffer_Overflow_scanf 125 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&pentstock_hypoergic,"6829",zoomastigoda_overembellishes); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23202 153153/subtrans.c Buffer_Overflow_Indexes 123 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23203 153153/subtrans.c Buffer_Overflow_Indexes 77 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&pentstock_hypoergic,"6829",zoomastigoda_overembellishes); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23204 153153/subtrans.c Buffer_Overflow_LowBound 316 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; int zoomastigoda_overembellishes = 91; char *pentstock_hypoergic; stonesoup_read_taint(&pentstock_hypoergic,"6829",zoomastigoda_overembellishes); ellie_belsire = pentstock_hypoergic; disparted_gauffer = ((char *)ellie_belsire); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, disparted_gauffer, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&pentstock_hypoergic,"6829",zoomastigoda_overembellishes); ellie_belsire = pentstock_hypoergic; disparted_gauffer = ((char *)ellie_belsire); strncpy(stonesoup_source, disparted_gauffer, sizeof(stonesoup_source)); 0 --------------------------------- 23205 153153/subtrans.c Buffer_Overflow_LowBound 325 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 23206 153047/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&atelic_hexaseme,"8146",biasing_rhymic); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23207 153047/color.c Buffer_Overflow_Indexes 180 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23208 153047/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&atelic_hexaseme,"8146",biasing_rhymic); stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23209 153047/color.c Buffer_Overflow_Indexes 186 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23210 153047/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23211 153047/color.c Buffer_Overflow_Indexes 184 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23212 153047/color.c Buffer_Overflow_LowBound 598 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 23213 153047/color.c Buffer_Overflow_LowBound 589 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; int biasing_rhymic = 91; char *atelic_hexaseme; stonesoup_read_taint(&atelic_hexaseme,"8146",biasing_rhymic); bartonsville_pact = ((char *)atelic_hexaseme); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, bartonsville_pact, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&atelic_hexaseme,"8146",biasing_rhymic); bartonsville_pact = ((char *)atelic_hexaseme); strncpy(stonesoup_source, bartonsville_pact, sizeof(stonesoup_source)); 0 --------------------------------- 23214 153047/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23215 153047/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23216 153047/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23217 153047/color.c Buffer_Overflow_cpycat 208 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23218 153047/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23219 153047/color.c Buffer_Overflow_cpycat 348 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23220 153047/color.c Buffer_Overflow_cpycat 222 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23221 153047/color.c Buffer_Overflow_cpycat 200 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23222 153047/color.c Buffer_Overflow_cpycat 376 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23223 153047/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23224 153047/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23225 153047/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23226 153047/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23227 153047/color.c Buffer_Overflow_cpycat 356 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23228 153047/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23229 153047/color.c Buffer_Overflow_cpycat 334 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23230 153047/color.c Buffer_Overflow_cpycat 235 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23231 153047/color.c Buffer_Overflow_cpycat 341 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23232 153047/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23233 153047/color.c Buffer_Overflow_cpycat 215 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23234 153047/color.c Buffer_Overflow_cpycat 355 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23235 153047/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23236 153047/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23237 153047/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23238 153079/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23239 153079/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23240 153583/stream.c Buffer_Overflow_scanf 148 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&kabalevsky_greenbackism,"2414",coccidology_nonjuristic); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23241 153583/stream.c Buffer_Overflow_Indexes 100 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&kabalevsky_greenbackism,"2414",coccidology_nonjuristic); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23242 153583/stream.c Buffer_Overflow_Indexes 146 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23243 153583/stream.c Buffer_Overflow_LowBound 259 void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { *stonesoup_tainted_buff = NULL; if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; int coccidology_nonjuristic = 53; char *kabalevsky_greenbackism;; stonesoup_read_taint(&kabalevsky_greenbackism,"2414",coccidology_nonjuristic); getters_shifter = ((int )(strlen(kabalevsky_greenbackism))); coeternal_montessorian = ((char *)(malloc(getters_shifter + 1))); memset(coeternal_montessorian,0,getters_shifter + 1); memcpy(coeternal_montessorian,kabalevsky_greenbackism,getters_shifter); cochabamba_vandenberg[5] = coeternal_montessorian; tetrasulphid_oxfordist[1] = 5; uneasily_iliohypogastric = *(cochabamba_vandenberg + tetrasulphid_oxfordist[1]); ambon_enthusiasm = ((char *)uneasily_iliohypogastric); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(ambon_enthusiasm)+1, ambon_enthusiasm, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, ambon_enthusiasm, strlen(ambon_enthusiasm) + 1); 1 --------------------------------- 23244 153144/avpacket.c Buffer_Overflow_scanf 92 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&laccol_devotedly,"1979",moriform_cogener); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23245 153144/avpacket.c Buffer_Overflow_Indexes 44 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&laccol_devotedly,"1979",moriform_cogener); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); MICROELECTRONIC_TUMULOUS(balsamweed_tigereyes); stonesoup_data.buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23246 153144/avpacket.c Buffer_Overflow_Indexes 90 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23247 153144/avpacket.c Buffer_Overflow_LowBound 530 void compreg_resurrects(char *currents_asclepiade) monocarpellary_deline = ((char *)currents_asclepiade); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(monocarpellary_deline)+1, monocarpellary_deline, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, monocarpellary_deline, strlen(monocarpellary_deline) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { *stonesoup_tainted_buff = NULL; if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; int moriform_cogener = 53; char *laccol_devotedly;; stonesoup_read_taint(&laccol_devotedly,"1979",moriform_cogener); gothish_saints = ((int )(strlen(laccol_devotedly))); minidisks_disparpling = ((char *)(malloc(gothish_saints + 1))); memset(minidisks_disparpling,0,gothish_saints + 1); memcpy(minidisks_disparpling,laccol_devotedly,gothish_saints); page_antimoralism[5] = minidisks_disparpling; recalculated_tantric[1] = 5; balsamweed_tigereyes = *(page_antimoralism + recalculated_tantric[1]); MICROELECTRONIC_TUMULOUS(balsamweed_tigereyes); 1 --------------------------------- 23248 153751/color.c Buffer_Overflow_Indexes 154 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23249 153751/color.c Buffer_Overflow_Indexes 156 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23250 153751/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23251 153751/color.c Buffer_Overflow_Indexes 150 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23252 153751/color.c Buffer_Overflow_Indexes 544 whiteclay_tossy = getenv("LAWSUITING_SUSAN"); if (whiteclay_tossy != 0) {; faaas_unpeerable = ((char *)whiteclay_tossy); strncpy(stonesoup_source,faaas_unpeerable,sizeof(stonesoup_source)); 0 --------------------------------- 23253 153751/color.c Buffer_Overflow_LowBound 560 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 23254 153751/color.c Buffer_Overflow_LowBound 551 char stonesoup_source[1024]; whiteclay_tossy = getenv("LAWSUITING_SUSAN"); faaas_unpeerable = ((char *)whiteclay_tossy); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,faaas_unpeerable,sizeof(stonesoup_source)); 0 --------------------------------- 23255 153751/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23256 153751/color.c Buffer_Overflow_cpycat 170 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23257 153751/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23258 153751/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23259 153751/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23260 153751/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23261 153751/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23262 153751/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23263 153751/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23264 153751/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23265 153751/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23266 153751/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23267 153751/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23268 153751/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23269 153751/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23270 153751/color.c Buffer_Overflow_cpycat 346 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23271 153751/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23272 153751/color.c Buffer_Overflow_cpycat 325 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23273 153751/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23274 153751/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23275 153751/color.c Buffer_Overflow_cpycat 192 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23276 153751/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23277 153751/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23278 153751/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23279 153288/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23280 153288/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23281 153587/conf_mod.c Buffer_Overflow_Indexes 583 file = getenv("OPENSSL_CONF"); if (file) { return BUF_strdup(file); file = CONF_get1_default_config_file(); if (!file) { if (NCONF_load(conf,file,((void *)0)) <= 0) { CRYPTO_free(file); 0 --------------------------------- 23282 153587/conf_mod.c Buffer_Overflow_Indexes 162 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23283 153515/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23284 153515/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23285 152947/pmsignal.c Buffer_Overflow_Indexes 153 supersets_freeloads = getenv("PLUMPNESSES_PARTAKES"); if (supersets_freeloads != 0) {; paradisally_mundugumors . unrhymed_ichorous = supersets_freeloads; mushes_olonetsish(paradisally_mundugumors); void mushes_olonetsish(const union pliability_gestures retramp_anhydride) enville_caratch = ((char *)((union pliability_gestures )retramp_anhydride) . unrhymed_ichorous); stonesoup_buff_size = ((int )(strlen(enville_caratch))); memcpy(stonesoup_data->buffer, enville_caratch, 64); for (; stonesoup_i < stonesoup_buff_size; ++stonesoup_i){ stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); free( stonesoup_data); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 23286 152947/pmsignal.c Buffer_Overflow_Indexes 98 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); PMSignalState = ((PMSignalData *)(ShmemInitStruct("PMSignalState",PMSignalShmemSize(),&found))); Size _len = PMSignalShmemSize(); stonesoup_setup_printf_context(); mushes_olonetsish(paradisally_mundugumors); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23287 840/basic-00182-med.c Buffer_Overflow_fgets 61 char buf[10]; f = fopen("TestInputFile1", "r"); assert(f != NULL); fgets(buf, 18, f); 1 --------------------------------- 23288 199314/st_underrun.c Buffer_Overflow_cpycat 80 char buf[10] = "STRING"; strcpy(s->buf,buf); st_underrun_003_s_001 s; st_underrun_003_func_001(&s); void st_underrun_003_func_001 (st_underrun_003_s_001 *s) strcpy(s->buf,buf); 0 --------------------------------- 23289 199314/st_underrun.c Buffer_Overflow_cpycat 23 char buf[10]; strcpy(buf, "my string"); 0 --------------------------------- 23290 199314/st_underrun.c Buffer_Overflow_cpycat 115 char buf[10] = "STRING"; strcpy(s->buf,buf); st_underrun_004_s_001 s,s2; s2 = st_underrun_004_func_001(&s); st_underrun_004_s_001 st_underrun_004_func_001 (st_underrun_004_s_001 *s) st_underrun_004_func_002(s); void st_underrun_004_func_002 (st_underrun_004_s_001 *s) strcpy(s->buf,buf); 0 --------------------------------- 23291 153167/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&lenthiel_inverters,"7982",episodical_creamcups); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23292 153167/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&lenthiel_inverters,"7982",episodical_creamcups); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); s stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23293 153167/color.c Buffer_Overflow_Indexes 179 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23294 153167/color.c Buffer_Overflow_Indexes 181 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23295 153167/color.c Buffer_Overflow_Indexes 175 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23296 153167/color.c Buffer_Overflow_Indexes 138 strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || 0 --------------------------------- 23297 153167/color.c Buffer_Overflow_Indexes 574 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 23298 153167/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23299 153167/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23300 153167/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23301 153167/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23302 153167/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23303 153167/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23304 153167/color.c Buffer_Overflow_cpycat 195 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23305 153167/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23306 153167/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23307 153167/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23308 153167/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23309 153167/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23310 153167/color.c Buffer_Overflow_cpycat 371 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23311 153167/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23312 153167/color.c Buffer_Overflow_cpycat 351 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23313 153167/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23314 153167/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23315 153167/color.c Buffer_Overflow_cpycat 350 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23316 153167/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23317 153167/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23318 153167/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23319 153167/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23320 153167/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23321 153167/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23322 1622/snp4-bad.c Buffer_Overflow_Indexes 63 main(int argc, char **argv) if(argc > 2) { userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); x = strlen(p); p += x; l -= x; 0 --------------------------------- 23323 1622/snp4-bad.c Buffer_Overflow_LowBound 54 main(int argc, char **argv) userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) char buf[MAXSIZE]; p = buf; l = sizeof buf; snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); 1 --------------------------------- 23324 149042/gen.c Buffer_Overflow_Indexes 267 int main(int argc, char **argv) while ((c = getopt(argc, argv, "bBs:")) != EOF) { switch (c) { fprintf(stderr, "%s: %s: bad bleed size\n",argv[0], optarg); fprintf(stderr,"usage: %s [-s bleed_size] [-B] [-b]\n",argv[0]); 0 --------------------------------- 23325 292/basic-00045-med.c Buffer_Overflow_cpycat 57 char buf[10]; strcpy(buf, "AAAAAAAAAAAAAAAAA"); 1 --------------------------------- 23326 312/basic-00050-med.c Buffer_Overflow_LowBound 62 char buf[10]; src[18 - 1] = '\0'; i = 19; strncpy(buf, src, 18 % i); 1 --------------------------------- 23327 153456/portalmem.c Buffer_Overflow_Indexes 146 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23328 153456/portalmem.c Buffer_Overflow_LowBound 1020 char stonesoup_buffer[8]; agitating_commie = ((char *)( *(revokingly_limitative - 5)) . abashless_agoniada); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(agitating_commie)+1, agitating_commie, "TRIGGER-STATE"); strncpy(stonesoup_buffer,agitating_commie,strlen(agitating_commie) + 1); 1 --------------------------------- 23329 153604/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23330 153604/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&atlanta_albitic,"LOMETA_ATHEISTIC"); stonesoup_data.buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23331 153604/color.c Buffer_Overflow_Indexes 185 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23332 153604/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&atlanta_albitic,"LOMETA_ATHEISTIC"); if (atlanta_albitic != 0) {; lored_taen = ((char *)atlanta_albitic); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(lored_taen)+1, lored_taen, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, lored_taen, strlen(lored_taen) + 1); if (atlanta_albitic != 0) free(((char *)atlanta_albitic)); 0 --------------------------------- 23333 153604/color.c Buffer_Overflow_Indexes 187 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23334 153604/color.c Buffer_Overflow_Indexes 181 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23335 153604/color.c Buffer_Overflow_LowBound 585 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *atlanta_albitic; stonesoup_read_taint(&atlanta_albitic,"LOMETA_ATHEISTIC"); lored_taen = ((char *)atlanta_albitic); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(lored_taen)+1, lored_taen, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, lored_taen, strlen(lored_taen) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&atlanta_albitic,"LOMETA_ATHEISTIC"); lored_taen = ((char *)atlanta_albitic); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(lored_taen)+1, lored_taen, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, lored_taen, strlen(lored_taen) + 1); 1 --------------------------------- 23336 153604/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23337 153604/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23338 153604/color.c Buffer_Overflow_cpycat 201 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23339 153604/color.c Buffer_Overflow_cpycat 377 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23340 153604/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23341 153604/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23342 153604/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23343 153604/color.c Buffer_Overflow_cpycat 356 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23344 153604/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23345 153604/color.c Buffer_Overflow_cpycat 328 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23346 153604/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23347 153604/color.c Buffer_Overflow_cpycat 349 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23348 153604/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23349 153604/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23350 153604/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23351 153604/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23352 153604/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23353 153604/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23354 153604/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23355 153604/color.c Buffer_Overflow_cpycat 357 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23356 153604/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23357 153604/color.c Buffer_Overflow_cpycat 244 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23358 153604/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23359 153604/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23360 153080/main_statusbar.c Buffer_Overflow_scanf 168 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&semiorbicularis_cobby,"3012",erl_reliers); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23361 153080/main_statusbar.c Buffer_Overflow_Indexes 166 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23362 153080/main_statusbar.c Buffer_Overflow_Indexes 120 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&semiorbicularis_cobby,"3012",erl_reliers); DAYSMAN_LORY(lamenter_mcgraw); stonesoup_toupper(stonesoup_data.base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23363 153296/timestamp.c Buffer_Overflow_Indexes 133 truckages_conclave = getenv("NEPENTHES_ZOOTOMICAL"); if (truckages_conclave != 0) {; laminarin_radioautograph . usar_lipotrophic = ((char *)truckages_conclave); 0 --------------------------------- 23364 153296/timestamp.c Buffer_Overflow_Indexes 62 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); secedes_reprice(1,laminarin_radioautograph); stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23365 199314/st_underrun_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==43 || vflag_file == 888) 0 --------------------------------- 23366 14/Stack_overflow.c Buffer_Overflow_Indexes 3 int main(int argc, char **argv) { strcpy(buf, argv[1]); 0 --------------------------------- 23367 14/Stack_overflow.c Buffer_Overflow_cpycat 5 char buf[BUFSIZE]; strcpy(buf, argv[1]); 1 --------------------------------- 23368 153213/dynahash.c Buffer_Overflow_Indexes 773 exodermal_gratulated = getenv("DEVINNA_FOXTON"); if (exodermal_gratulated != 0) {; beveled_soya = exodermal_gratulated; toxin_semicentenaries = &beveled_soya; NONHERETICAL_TUBINARIAL(toxin_semicentenaries); void intervened_galvanoscopic(metter_propylhexedrine *bradoon_barbet) NONHERETICAL_TUBINARIAL(toxin_semicentenaries); tyndallize_ironmongery = ((char *)( *bradoon_barbet)); stonesoup_buffer = malloc((strlen(tyndallize_ironmongery) + 1) * sizeof(char )); if (stonesoup_buffer == 0) { strcpy(stonesoup_buffer,tyndallize_ironmongery); if (stonesoup_buffer[0] >= 97) { stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); if (stonesoup_buffer != 0) { free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) first_char = buffer_param[0] - 97; free(buffer_param); return first_char; stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 23369 153213/dynahash.c Buffer_Overflow_Indexes 239 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); if (((long )(calc_bucket(hctl,currElement -> hashvalue))) == old_bucket) { stonesoup_setup_printf_context(); NONHERETICAL_TUBINARIAL(toxin_semicentenaries); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23370 153213/dynahash.c Buffer_Overflow_cpycat 366 HTAB *hash_create(const char *tabname,long nelem,HASHCTL *info,int flags) CurrentDynaHashCxt = AllocSetContextCreate(CurrentDynaHashCxt,tabname,0,(8 * 1024),(8 * 1024 * 1024)); hashp = ((HTAB *)(DynaHashAlloc(sizeof(HTAB ) + strlen(tabname) + 1))); hashp -> tabname = ((char *)(hashp + 1)); strcpy(hashp -> tabname,tabname); 0 --------------------------------- 23371 153213/dynahash.c Buffer_Overflow_cpycat 1528 exodermal_gratulated = getenv("DEVINNA_FOXTON"); beveled_soya = exodermal_gratulated; toxin_semicentenaries = &beveled_soya; NONHERETICAL_TUBINARIAL(toxin_semicentenaries); void intervened_galvanoscopic(metter_propylhexedrine *bradoon_barbet) tyndallize_ironmongery = ((char *)( *bradoon_barbet)); stonesoup_buffer = malloc((strlen(tyndallize_ironmongery) + 1) * sizeof(char )); strcpy(stonesoup_buffer,tyndallize_ironmongery); 0 --------------------------------- 23372 1293/create_msg_file.c Buffer_Overflow_cpycat 111 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); 0 --------------------------------- 23373 1293/create_msg_file.c Buffer_Overflow_cpycat 145 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn2, "sls.lcs.mit.edu"); 0 --------------------------------- 23374 1293/create_msg_file.c Buffer_Overflow_cpycat 104 temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); 0 --------------------------------- 23375 199283/memory_allocation_failure_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==28 || vflag_file == 888) 0 --------------------------------- 23376 153601/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&reprotest_tigerfishes,"7362",reiced_sealant); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23377 153601/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&reprotest_tigerfishes,"7362",reiced_sealant); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23378 153601/color.c Buffer_Overflow_Indexes 178 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23379 153601/color.c Buffer_Overflow_Indexes 182 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23380 153601/color.c Buffer_Overflow_Indexes 184 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23381 153601/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23382 153601/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23383 153601/color.c Buffer_Overflow_cpycat 354 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23384 153601/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23385 153601/color.c Buffer_Overflow_cpycat 332 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23386 153601/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23387 153601/color.c Buffer_Overflow_cpycat 339 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23388 153601/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23389 153601/color.c Buffer_Overflow_cpycat 353 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23390 153601/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23391 153601/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23392 153601/color.c Buffer_Overflow_cpycat 233 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23393 153601/color.c Buffer_Overflow_cpycat 325 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23394 153601/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23395 153601/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23396 153601/color.c Buffer_Overflow_cpycat 198 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23397 153601/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23398 153601/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23399 153601/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23400 153601/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23401 153601/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23402 153601/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23403 153601/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23404 153601/color.c Buffer_Overflow_cpycat 580 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int reiced_sealant = 44; char *reprotest_tigerfishes; stonesoup_read_taint(&reprotest_tigerfishes,"7362",reiced_sealant); protuberances_dragonwort = ((char *)reprotest_tigerfishes); stonesoup_buffer = malloc((strlen(protuberances_dragonwort) + 1) * sizeof(char )); strcpy(stonesoup_buffer,protuberances_dragonwort); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&reprotest_tigerfishes,"7362",reiced_sealant); protuberances_dragonwort = ((char *)reprotest_tigerfishes); stonesoup_buffer = malloc((strlen(protuberances_dragonwort) + 1) * sizeof(char )); strcpy(stonesoup_buffer,protuberances_dragonwort); 0 --------------------------------- 23405 153601/color.c Buffer_Overflow_cpycat 206 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23406 153601/color.c Buffer_Overflow_cpycat 374 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23407 152885/color.c Buffer_Overflow_Indexes 165 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23408 152885/color.c Buffer_Overflow_Indexes 169 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23409 152885/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23410 152885/color.c Buffer_Overflow_Indexes 171 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23411 152885/color.c Buffer_Overflow_LowBound 589 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *marakapas_upbrighten) swg_boatward = ((char *)marakapas_upbrighten); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(swg_boatward)+1, swg_boatward, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, swg_boatward, strlen(swg_boatward) + 1); 1 --------------------------------- 23412 152885/color.c Buffer_Overflow_cpycat 200 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23413 152885/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23414 152885/color.c Buffer_Overflow_cpycat 340 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23415 152885/color.c Buffer_Overflow_cpycat 277 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23416 152885/color.c Buffer_Overflow_cpycat 263 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23417 152885/color.c Buffer_Overflow_cpycat 256 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23418 152885/color.c Buffer_Overflow_cpycat 193 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23419 152885/color.c Buffer_Overflow_cpycat 207 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23420 152885/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23421 152885/color.c Buffer_Overflow_cpycat 270 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23422 152885/color.c Buffer_Overflow_cpycat 298 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23423 152885/color.c Buffer_Overflow_cpycat 305 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23424 152885/color.c Buffer_Overflow_cpycat 228 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23425 152885/color.c Buffer_Overflow_cpycat 312 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23426 152885/color.c Buffer_Overflow_cpycat 284 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23427 152885/color.c Buffer_Overflow_cpycat 249 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23428 152885/color.c Buffer_Overflow_cpycat 242 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23429 152885/color.c Buffer_Overflow_cpycat 235 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23430 152885/color.c Buffer_Overflow_cpycat 333 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23431 152885/color.c Buffer_Overflow_cpycat 291 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23432 152885/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23433 152885/color.c Buffer_Overflow_cpycat 341 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23434 152885/color.c Buffer_Overflow_cpycat 361 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23435 152885/color.c Buffer_Overflow_cpycat 185 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23436 153662/mem_dbg.c Buffer_Overflow_Indexes 439 sana_landsides = getenv("EDUCATE_ROME"); if (sana_landsides != 0) {; palladinize_sadisms . redominating_victimizers = sana_landsides; granes_recapitulative = gravestone_pedlers(palladinize_sadisms); union subpericranial_following gravestone_pedlers(union subpericranial_following latterll_humanitarian); 0 --------------------------------- 23437 153662/mem_dbg.c Buffer_Overflow_Indexes 222 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 23438 152998/string.c Buffer_Overflow_scanf 114 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&surnaming_pretenseless,"3199",exactitude_underfactor); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23439 152998/string.c Buffer_Overflow_Indexes 66 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 23440 152998/string.c Buffer_Overflow_Indexes 112 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23441 153593/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23442 153593/color.c Buffer_Overflow_Indexes 188 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23443 153593/color.c Buffer_Overflow_Indexes 182 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23444 153593/color.c Buffer_Overflow_Indexes 186 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23445 153593/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 23446 153593/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); 0 --------------------------------- 23447 153593/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23448 153593/color.c Buffer_Overflow_cpycat 378 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23449 153593/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23450 153593/color.c Buffer_Overflow_cpycat 358 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23451 153593/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23452 153593/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23453 153593/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23454 153593/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23455 153593/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23456 153593/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23457 153593/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23458 153593/color.c Buffer_Overflow_cpycat 357 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23459 153593/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23460 153593/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23461 153593/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23462 153593/color.c Buffer_Overflow_cpycat 350 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23463 153593/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23464 153593/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23465 153593/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23466 153593/color.c Buffer_Overflow_cpycat 202 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23467 153593/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23468 153593/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23469 153593/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23470 153593/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23471 153568/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23472 153568/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23473 148966/emem.c Buffer_Overflow_Indexes 327 se_packet_mem.debug_use_canary = se_packet_mem.debug_use_chunks && (getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != NULL); emem_init_chunk(&se_packet_mem); emem_init_chunk(emem_header_t *mem) if (mem->debug_use_canary) emem_canary_init(mem->canary); if (mem->debug_use_chunks) emem_init_chunk(&se_packet_mem); emem_canary_init(guint8 *canary) 0 --------------------------------- 23474 148966/emem.c Buffer_Overflow_Indexes 306 ep_packet_mem.debug_verify_pointers = (getenv("WIRESHARK_EP_VERIFY_POINTERS") != NULL); emem_init_chunk(&ep_packet_mem); emem_init_chunk(emem_header_t *mem) if (mem->debug_use_canary) emem_canary_init(mem->canary); if (mem->debug_use_chunks) emem_init_chunk(&ep_packet_mem); emem_canary_init(guint8 *canary) 0 --------------------------------- 23475 148966/emem.c Buffer_Overflow_Indexes 309 intense_canary_checking = (getenv("WIRESHARK_DEBUG_EP_INTENSE_CANARY") != NULL); 178 148966 -------------------------------- 3172 /Bad/148966/emem.c Buffer_Overflow_Indexes ep_packet_mem.debug_use_canary = ep_packet_mem.debug_use_chunks && (getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == NULL); emem_init_chunk(&ep_packet_mem); emem_init_chunk(emem_header_t *mem) if (mem->debug_use_canary) emem_canary_init(mem->canary); if (mem->debug_use_chunks) emem_init_chunk(&ep_packet_mem); emem_canary_init(guint8 *canary) 0 --------------------------------- 23476 148966/emem.c Buffer_Overflow_Indexes 326 se_packet_mem.debug_use_chunks = (getenv("WIRESHARK_DEBUG_SE_NO_CHUNKS") == NULL); se_packet_mem.debug_use_canary = se_packet_mem.debug_use_chunks && (getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != NULL); emem_init_chunk(&se_packet_mem); emem_init_chunk(emem_header_t *mem) if (mem->debug_use_canary) emem_canary_init(mem->canary); if (mem->debug_use_chunks) emem_init_chunk(&se_packet_mem); emem_canary_init(guint8 *canary) 0 --------------------------------- 23477 148966/emem.c Buffer_Overflow_Indexes 304 ep_packet_mem.debug_use_chunks = (getenv("WIRESHARK_DEBUG_EP_NO_CHUNKS") == NULL); ep_packet_mem.debug_use_canary = ep_packet_mem.debug_use_chunks && (getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == NULL); emem_init_chunk(&ep_packet_mem); emem_init_chunk(emem_header_t *mem) if (mem->debug_use_canary) emem_canary_init(mem->canary); if (mem->debug_use_chunks) emem_init_chunk(&ep_packet_mem); emem_canary_init(guint8 *canary) 0 --------------------------------- 23478 148966/emem.c Buffer_Overflow_Indexes 328 se_packet_mem.debug_verify_pointers = (getenv("WIRESHARK_SE_VERIFY_POINTERS") != NULL); emem_init_chunk(&se_packet_mem); emem_init_chunk(emem_header_t *mem) if (mem->debug_use_canary) emem_canary_init(mem->canary); if (mem->debug_use_chunks) emem_init_chunk(&se_packet_mem); emem_canary_init(guint8 *canary) 0 --------------------------------- 23479 153059/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23480 153059/color.c Buffer_Overflow_Indexes 177 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23481 153059/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23482 153059/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&herman_nontemporal,"ABUSEFULNESS_ISOCLINE"); stonesoup_base_path[stonesoup_oc_i] = stonesoup_toupper(stonesoup_base_path[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_base_path); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23483 153059/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23484 153059/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&herman_nontemporal,"ABUSEFULNESS_ISOCLINE"); if (herman_nontemporal != 0) {; bcere_asclepiade = ((char *)herman_nontemporal); if (strlen(bcere_asclepiade) < 20) { realpath(bcere_asclepiade,stonesoup_base_path); if (herman_nontemporal != 0) free(((char *)herman_nontemporal)); 0 --------------------------------- 23485 153059/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23486 153059/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23487 153059/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23488 153059/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23489 153059/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23490 153059/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23491 153059/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23492 153059/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23493 153059/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23494 153059/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23495 153059/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23496 153059/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23497 153059/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23498 153059/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23499 153059/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23500 153059/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23501 153059/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23502 153059/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23503 153059/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23504 153059/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23505 153059/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23506 153059/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23507 153059/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23508 153059/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23509 1515/Figure6-20.cpp Buffer_Overflow_Indexes 26 fscanf(stdin, "%s", filename); f = fopen(filename, "r"); if (f == NULL) { sprintf(format, "Error opening file %s\n",filename); fprintf(stderr, format); fclose(f); 1 --------------------------------- 23510 153819/color.c Buffer_Overflow_Indexes 162 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23511 153819/color.c Buffer_Overflow_Indexes 166 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23512 153819/color.c Buffer_Overflow_Indexes 168 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23513 153819/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23514 153819/color.c Buffer_Overflow_cpycat 239 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23515 153819/color.c Buffer_Overflow_cpycat 330 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23516 153819/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23517 153819/color.c Buffer_Overflow_cpycat 204 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23518 153819/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23519 153819/color.c Buffer_Overflow_cpycat 337 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23520 153819/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23521 153819/color.c Buffer_Overflow_cpycat 190 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23522 153819/color.c Buffer_Overflow_cpycat 281 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23523 153819/color.c Buffer_Overflow_cpycat 302 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23524 153819/color.c Buffer_Overflow_cpycat 246 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23525 153819/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23526 153819/color.c Buffer_Overflow_cpycat 182 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23527 153819/color.c Buffer_Overflow_cpycat 358 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23528 153819/color.c Buffer_Overflow_cpycat 288 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23529 153819/color.c Buffer_Overflow_cpycat 274 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23530 153819/color.c Buffer_Overflow_cpycat 323 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23531 153819/color.c Buffer_Overflow_cpycat 267 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23532 153819/color.c Buffer_Overflow_cpycat 197 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23533 153819/color.c Buffer_Overflow_cpycat 253 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23534 153819/color.c Buffer_Overflow_cpycat 295 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23535 153819/color.c Buffer_Overflow_cpycat 309 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23536 153819/color.c Buffer_Overflow_cpycat 316 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23537 153819/color.c Buffer_Overflow_cpycat 260 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23538 153819/color.c Buffer_Overflow_cpycat 583 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *champion_adamello) royalising_resaw = ((char *)champion_adamello); stonesoup_buffer = malloc((strlen(royalising_resaw) + 1) * sizeof(char )); strcpy(stonesoup_buffer,royalising_resaw); 0 --------------------------------- 23539 1299/recipient-bad.c Buffer_Overflow_cpycat 173 char test_buf[10]; strcpy(test_buf, "GOOD"); 0 --------------------------------- 23540 1299/recipient-bad.c Buffer_Overflow_cpycat 141 char buf0[MAXNAME + 1]; i = strlen(a->q_user); if (i >= sizeof buf0) buf = xalloc(i + 1); buf = buf0; (void) strcpy(buf, a->q_user); 0 --------------------------------- 23541 313/basic-00050-min.c Buffer_Overflow_LowBound 62 char src[11]; char buf[10]; memset(src, 'A', 11); src[11 - 1] = '\0'; i = 12; strncpy(buf, src, 11 % i); 1 --------------------------------- 23542 153467/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23543 153467/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23544 153625/utf.c Buffer_Overflow_Indexes 134 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23545 153625/utf.c Buffer_Overflow_LowBound 1018 char stonesoup_source[1024]; memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, preestablishes_unlegislative, sizeof(stonesoup_source)); void stonesoup_handle_taint(char *sphincter_cyclohexene) nonsociability_unreconstructed[40] = sphincter_cyclohexene; neutrodyne_tokenless = chalkiest_beat(nonsociability_unreconstructed); char **chalkiest_beat(char **chorusses_squeaking) return chorusses_squeaking; neutrodyne_tokenless = chalkiest_beat(nonsociability_unreconstructed); preestablishes_unlegislative = ((char *)neutrodyne_tokenless[40]); strncpy(stonesoup_source, preestablishes_unlegislative, sizeof(stonesoup_source)); 0 --------------------------------- 23546 153625/utf.c Buffer_Overflow_LowBound 1027 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 23547 1295/iquery-bad.c Buffer_Overflow_Indexes 172 int main(int argc, char **argv){ assert(argc==2); f = fopen (argv[1], "r"); assert(f!=NULL); assert ((fscanf(f, "%d", &something)) != 0); msglen = create_msg(msg, 10000); req_iquery(hp, &cp, eom, &msglen, msg); if (something == 0) 0 --------------------------------- 23548 1639/spr3-bad.c Buffer_Overflow_Indexes 45 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) > MAXSIZE) sprintf(buf, "<%s>", str); printf("result: %s\n", buf); 1 --------------------------------- 23549 153363/column-utils.c Buffer_Overflow_scanf 110 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&oryssidae_beastly,"8194",depriver_hoya); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23550 153363/column-utils.c Buffer_Overflow_Indexes 108 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23551 153363/column-utils.c Buffer_Overflow_Indexes 62 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 23552 153363/column-utils.c Buffer_Overflow_LowBound 2225 void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, dividualism_unsittingly, stonesoup_buffer_len); void pochade_euskara(int shtetlach_kinfolks,void *hectares_terrifying) dividualism_unsittingly = ((char *)((char *)hectares_terrifying)); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, dividualism_unsittingly, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); strncpy(stonesoup_buffer, dividualism_unsittingly, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, dividualism_unsittingly, stonesoup_buffer_len); 1 --------------------------------- 23553 153363/column-utils.c Buffer_Overflow_LowBound 2200 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, dividualism_unsittingly, stonesoup_buffer_len); 0 --------------------------------- 23554 153576/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23555 153576/color.c Buffer_Overflow_Indexes 181 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23556 153576/color.c Buffer_Overflow_Indexes 185 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23557 153576/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&clarshech_voltinism,"TOSEPHTAS_RAFFMAN"); stonesoup_toupper(stonesoup_data.base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23558 153576/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&clarshech_voltinism,"TOSEPHTAS_RAFFMAN"); if (clarshech_voltinism != 0) {; undenotable_indiscriminate = ((char *)clarshech_voltinism); if (strlen(undenotable_indiscriminate) < 20) { realpath(undenotable_indiscriminate, stonesoup_data.base_path); if (clarshech_voltinism != 0) free(((char *)clarshech_voltinism)); 0 --------------------------------- 23559 153576/color.c Buffer_Overflow_Indexes 187 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23560 153576/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23561 153576/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23562 153576/color.c Buffer_Overflow_cpycat 201 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23563 153576/color.c Buffer_Overflow_cpycat 377 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23564 153576/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23565 153576/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23566 153576/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23567 153576/color.c Buffer_Overflow_cpycat 356 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23568 153576/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23569 153576/color.c Buffer_Overflow_cpycat 328 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23570 153576/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23571 153576/color.c Buffer_Overflow_cpycat 349 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23572 153576/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23573 153576/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23574 153576/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23575 153576/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23576 153576/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23577 153576/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23578 153576/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23579 153576/color.c Buffer_Overflow_cpycat 357 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23580 153576/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23581 153576/color.c Buffer_Overflow_cpycat 244 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23582 153576/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23583 153576/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23584 153388/dynahash.c Buffer_Overflow_scanf 288 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&poligarship_treadled,"8084",propylitic_bakhmut); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23585 153388/dynahash.c Buffer_Overflow_Indexes 286 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23586 153388/dynahash.c Buffer_Overflow_Indexes 240 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&poligarship_treadled,"8084",propylitic_bakhmut); if (((long )(calc_bucket(hctl,currElement -> hashvalue))) == old_bucket) { stonesoup_setup_printf_context(); stonesoup_read_taint(&poligarship_treadled,"8084",propylitic_bakhmut); eucrite_peripneumonic = ebullioscopic_emceeing(waterworn_overharshly); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23587 153388/dynahash.c Buffer_Overflow_cpycat 816 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int propylitic_bakhmut = 596; char *poligarship_treadled; stonesoup_read_taint(&poligarship_treadled,"8084",propylitic_bakhmut); waterworn_overharshly[84] = poligarship_treadled; eucrite_peripneumonic = ebullioscopic_emceeing(waterworn_overharshly); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, biblicality_balkanite); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&poligarship_treadled,"8084",propylitic_bakhmut); waterworn_overharshly[84] = poligarship_treadled; eucrite_peripneumonic = ebullioscopic_emceeing(waterworn_overharshly); char **ebullioscopic_emceeing(char **nonrhythmical_pintos) return nonrhythmical_pintos; eucrite_peripneumonic = ebullioscopic_emceeing(waterworn_overharshly); biblicality_balkanite = ((char *)eucrite_peripneumonic[84]); strcpy(stonesoup_heap_buffer_64, biblicality_balkanite); 1 --------------------------------- 23588 153388/dynahash.c Buffer_Overflow_cpycat 391 HTAB *hash_create(const char *tabname,long nelem,HASHCTL *info,int flags) CurrentDynaHashCxt = AllocSetContextCreate(CurrentDynaHashCxt,tabname,0,(8 * 1024),(8 * 1024 * 1024)); hashp = ((HTAB *)(DynaHashAlloc(sizeof(HTAB ) + strlen(tabname) + 1))); hashp -> tabname = ((char *)(hashp + 1)); strcpy(hashp -> tabname,tabname); 0 --------------------------------- 23589 152976/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23590 152976/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23591 153053/img2.c Buffer_Overflow_Indexes 41 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 23592 153053/img2.c Buffer_Overflow_Indexes 82 strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || 0 --------------------------------- 23593 153053/img2.c Buffer_Overflow_Indexes 87 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&spath_cosmoplastic,"PURIFICATOR_EXPOSITORINESS"); if (spath_cosmoplastic != 0) {; ventilation_pilaffs = ((void *)spath_cosmoplastic); crushability_bunion = &ventilation_pilaffs; unspeed_nubs = crushability_bunion + 5; unimprecated_endosternum(unspeed_nubs); void unimprecated_endosternum(void **fundus_nicolson); 0 --------------------------------- 23594 153351/oids.c Buffer_Overflow_scanf 170 void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; sscanf(param,"%p",&fct_ptr_addr); char *sphenomaxillary_stereoscopy; stonesoup_read_taint(&sphenomaxillary_stereoscopy,"MOFW_BRAMLEY"); pachysandra_depolarising = ((int )(strlen(sphenomaxillary_stereoscopy))); orthograde_unstack = ((char *)(malloc(pachysandra_depolarising + 1))); memset(orthograde_unstack,0,pachysandra_depolarising + 1); memcpy(orthograde_unstack,sphenomaxillary_stereoscopy,pachysandra_depolarising); convex_nonheritor = &orthograde_unstack; cruciately_composite = &convex_nonheritor; glissandi_heliotype = ((char *)( *( *cruciately_composite))); stonesoup_fp = stonesoup_switch_func(glissandi_heliotype); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 23595 153351/oids.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23596 153351/oids.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&sphenomaxillary_stereoscopy,"MOFW_BRAMLEY"); if (sphenomaxillary_stereoscopy != 0) {; pachysandra_depolarising = ((int )(strlen(sphenomaxillary_stereoscopy))); orthograde_unstack = ((char *)(malloc(pachysandra_depolarising + 1))); if (orthograde_unstack == 0) { memset(orthograde_unstack,0,pachysandra_depolarising + 1); memcpy(orthograde_unstack,sphenomaxillary_stereoscopy,pachysandra_depolarising); if (sphenomaxillary_stereoscopy != 0) free(((char *)sphenomaxillary_stereoscopy)); convex_nonheritor = &orthograde_unstack; cruciately_composite = &convex_nonheritor; glissandi_heliotype = ((char *)( *( *cruciately_composite))); stonesoup_fp = stonesoup_switch_func(glissandi_heliotype); if ( *( *cruciately_composite) != 0) free(((char *)( *( *cruciately_composite)))); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; if (var_len == 0) { else if (var_len == 1) { sscanf(param,"%p",&fct_ptr_addr); return fct_ptr_addr; stonesoup_fp = stonesoup_switch_func(glissandi_heliotype); tracepoint(stonesoup_trace, variable_address, "stonesoup_fp", stonesoup_fp, "TRIGGER-STATE"); stonesoup_cmp_flag = ( *stonesoup_fp)(stonesoup_rand_word,glissandi_heliotype); if (stonesoup_cmp_flag == 0) 0 --------------------------------- 23597 153351/oids.c Buffer_Overflow_Indexes 180 char *debug_env = getenv("WIRESHARK_DEBUG_MIBS"); debuglevel = ((debug_env?strtoul(debug_env,((void *)0),10) : 0)); 0 --------------------------------- 23598 153351/oids.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&sphenomaxillary_stereoscopy,"MOFW_BRAMLEY"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_fp = stonesoup_switch_func(glissandi_heliotype); stonesoup_printf("strings are equal\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strings are equal\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23599 153627/e_bf.c Buffer_Overflow_Indexes 123 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23600 153627/e_bf.c Buffer_Overflow_Indexes 128 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&melvie_asylabia,"VICTIMISE_WALLSEND"); if (melvie_asylabia != 0) {; mopan_superhero[1] = melvie_asylabia; roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))] = mopan_superhero; aedoeology_enteroplasty = roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))]; if (aedoeology_enteroplasty[1] != 0) { annalist_asphyxiation = ((char *)aedoeology_enteroplasty[1]); strncpy(stonesoup_buffer, annalist_asphyxiation, stonesoup_buffer_len); *stonesoup_buffer_ptr = annalist_asphyxiation; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); strncpy(stonesoup_buffer, annalist_asphyxiation, stonesoup_buffer_len); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); if (stonesoup_buffer_ptr != 0) { free(stonesoup_buffer_ptr); if (aedoeology_enteroplasty[1] != 0) free(((char *)aedoeology_enteroplasty[1])); 0 --------------------------------- 23601 153627/e_bf.c Buffer_Overflow_Indexes 82 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&melvie_asylabia,"VICTIMISE_WALLSEND"); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23602 153627/e_bf.c Buffer_Overflow_LowBound 307 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *melvie_asylabia;; stonesoup_read_taint(&melvie_asylabia,"VICTIMISE_WALLSEND"); mopan_superhero[1] = melvie_asylabia; roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))] = mopan_superhero; aedoeology_enteroplasty = roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))]; annalist_asphyxiation = ((char *)aedoeology_enteroplasty[1]); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, annalist_asphyxiation, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, annalist_asphyxiation, stonesoup_buffer_len); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&melvie_asylabia,"VICTIMISE_WALLSEND"); mopan_superhero[1] = melvie_asylabia; roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))] = mopan_superhero; aedoeology_enteroplasty = roofless_osphresiometry[ *( *( *( *( *( *( *( *( *( *mandyai_vouchees)))))))))]; annalist_asphyxiation = ((char *)aedoeology_enteroplasty[1]); strncpy(stonesoup_buffer, annalist_asphyxiation, stonesoup_buffer_len); strncpy(stonesoup_buffer, annalist_asphyxiation, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, annalist_asphyxiation, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, annalist_asphyxiation, stonesoup_buffer_len); 1 --------------------------------- 23603 153428/utils.c Buffer_Overflow_scanf 131 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&radiancy_matutinely,"5302",pakse_abominably); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23604 153428/utils.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&radiancy_matutinely,"5302",pakse_abominably); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23605 153428/utils.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23606 153428/utils.c Buffer_Overflow_LowBound 2428 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); codec_tag >>= 8; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); 0 --------------------------------- 23607 153428/utils.c Buffer_Overflow_LowBound 2485 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); 0 --------------------------------- 23608 153428/utils.c Buffer_Overflow_LowBound 2436 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); 0 --------------------------------- 23609 153428/utils.c Buffer_Overflow_LowBound 2490 bit_rate = ctx -> bit_rate; snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); bitrate = get_bit_rate(enc); return 16; return 24; return 0; return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); bitrate = get_bit_rate(enc); return 3; bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); bit_rate = 0; return bit_rate; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return 4; return 8; return 32; return 64; return 2; bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return 4; return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); static int get_bit_rate(AVCodecContext *ctx) bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); 0 --------------------------------- 23610 153428/utils.c Buffer_Overflow_LowBound 2482 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); 0 --------------------------------- 23611 153428/utils.c Buffer_Overflow_LowBound 2472 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 23612 153428/utils.c Buffer_Overflow_LowBound 2451 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); 0 --------------------------------- 23613 153428/utils.c Buffer_Overflow_LowBound 2419 AVCodec *experimental = ((void *)0); p = first_avcodec; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { experimental = p; p = p -> next; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return experimental; return find_encdec(id,1); return find_encdec(id,0); return "none"; codec = avcodec_find_decoder(id); return codec -> name; codec = avcodec_find_encoder(id); return codec -> name; return "unknown_codec"; codec_type = av_get_media_type_string(enc -> codec_type); codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_encoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); const char *avcodec_get_name(enum AVCodecID id) cd = avcodec_descriptor_get(id); return cd -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_decoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); 0 --------------------------------- 23614 153428/utils.c Buffer_Overflow_LowBound 2386 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf_size = (buf_size > len?buf_size - len : 0); len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); 0 --------------------------------- 23615 153428/utils.c Buffer_Overflow_LowBound 1277 char buf[128]; av_log(avctx,16,"Specified pixel format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_pix_fmt_name(avctx -> pix_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> pix_fmt); 0 --------------------------------- 23616 153428/utils.c Buffer_Overflow_LowBound 2423 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); 0 --------------------------------- 23617 153428/utils.c Buffer_Overflow_LowBound 2447 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 23618 153428/utils.c Buffer_Overflow_LowBound 2458 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); 0 --------------------------------- 23619 153428/utils.c Buffer_Overflow_LowBound 2443 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) AVRational display_aspect_ratio; snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); 0 --------------------------------- 23620 153428/utils.c Buffer_Overflow_LowBound 1264 int ff_codec_open2_recursive(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) ret = avcodec_open2(avctx,codec,options); int avcodec_open2(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) if (av_codec_is_decoder(codec)) { if (av_codec_is_encoder(avctx -> codec)) { int av_codec_is_encoder(const AVCodec *codec) if (av_codec_is_encoder(avctx -> codec)) { if (avctx -> channels == 1 && (av_get_planar_sample_fmt(avctx -> sample_fmt)) == (av_get_planar_sample_fmt(avctx -> codec -> sample_fmts[i]))) { avctx -> sample_fmt = avctx -> codec -> sample_fmts[i]; char buf[128]; snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); av_log(avctx,16,"Specified sample format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_sample_fmt_name(avctx -> sample_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); int avcodec_open(AVCodecContext *avctx,AVCodec *codec) return avcodec_open2(avctx,codec,((void *)0)); 0 --------------------------------- 23621 153428/utils.c Buffer_Overflow_LowBound 2463 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); 0 --------------------------------- 23622 152892/oids.c Buffer_Overflow_Indexes 175 char *debug_env = getenv("WIRESHARK_DEBUG_MIBS"); debuglevel = ((debug_env?strtoul(debug_env,((void *)0),10) : 0)); 0 --------------------------------- 23623 152892/oids.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&fustigated_turboalternator,"DESCOMBES_FINIST"); if (fustigated_turboalternator != 0) {; carbonation_sparing[24] = fustigated_turboalternator; joypopper_excussion = carbonation_sparing; hypomnematic_chimopelagic = joypopper_excussion + 5; anciennete_dispar(hypomnematic_chimopelagic); 0 --------------------------------- 23624 152892/oids.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 23625 152892/oids.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23626 152892/oids.c Buffer_Overflow_cpycat 1357 coproprietors_physiologize = ((char *)(unerring_emboldening - 5)[24]); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, coproprietors_physiologize); 1 --------------------------------- 23627 153022/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23628 153022/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23629 149221/use_after_free_scope-bad.c Buffer_Overflow_cpycat 28 if ((str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(str, "Falut!"); 0 --------------------------------- 23630 153331/emem.c Buffer_Overflow_Indexes 319 ep_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_EP_NO_CHUNKS") == ((void *)0); ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 23631 153331/emem.c Buffer_Overflow_Indexes 337 se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 23632 153331/emem.c Buffer_Overflow_Indexes 336 se_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_SE_NO_CHUNKS") == ((void *)0); se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 23633 153331/emem.c Buffer_Overflow_Indexes 1590 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1926))); 0 --------------------------------- 23634 153331/emem.c Buffer_Overflow_Indexes 320 ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 23635 153331/emem.c Buffer_Overflow_Indexes 321 ep_packet_mem . debug_verify_pointers = getenv("WIRESHARK_EP_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 23636 153331/emem.c Buffer_Overflow_Indexes 1573 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1909))); 0 --------------------------------- 23637 153331/emem.c Buffer_Overflow_Indexes 1608 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1945))); 0 --------------------------------- 23638 153331/emem.c Buffer_Overflow_Indexes 1538 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1872))); 0 --------------------------------- 23639 153331/emem.c Buffer_Overflow_Indexes 1523 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1856))); 0 --------------------------------- 23640 153331/emem.c Buffer_Overflow_Indexes 338 se_packet_mem . debug_verify_pointers = getenv("WIRESHARK_SE_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 23641 153331/emem.c Buffer_Overflow_Indexes 215 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23642 153331/emem.c Buffer_Overflow_LowBound 2017 void stonesoup_handle_taint(char *baronetise_tudesque) xylinid_cornific . batzen_montanist = baronetise_tudesque; BACHELORLY_BRONGNIARDITE(xylinid_cornific); void stomachful_supernotable(union yuri_quedful scat_quotieties) faham_bacilliparous = ((char *)scat_quotieties . batzen_montanist); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(faham_bacilliparous)+1, faham_bacilliparous, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, faham_bacilliparous, strlen(faham_bacilliparous) + 1); 1 --------------------------------- 23643 153446/main_statusbar.c Buffer_Overflow_Indexes 597 bluecap_betonica = getenv("FORCIPATED_RUMBLEGUMPTION"); if (bluecap_betonica != 0) {; mailings_frisks[36] = bluecap_betonica; confectory_magnetobell = mailings_frisks; oneupmanship_supraspinatus = confectory_magnetobell + 5; comeddle_speers = ((char *)(oneupmanship_supraspinatus - 5)[36]); 0 --------------------------------- 23644 153446/main_statusbar.c Buffer_Overflow_Indexes 117 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23645 153446/main_statusbar.c Buffer_Overflow_LowBound 627 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 23646 153446/main_statusbar.c Buffer_Overflow_LowBound 618 char stonesoup_source[1024]; comeddle_speers = ((char *)(oneupmanship_supraspinatus - 5)[36]); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, comeddle_speers, sizeof(stonesoup_source)); 0 --------------------------------- 23647 153194/tile-manager.c Buffer_Overflow_Indexes 49 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&lipwork_drowsiest,"PERISTEROPODAN_MARCHMAN"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 23648 153194/tile-manager.c Buffer_Overflow_Indexes 90 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23649 153194/tile-manager.c Buffer_Overflow_Indexes 95 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&lipwork_drowsiest,"PERISTEROPODAN_MARCHMAN"); if (lipwork_drowsiest != 0) {; diatribist_semipsychologic = ((int )(strlen(lipwork_drowsiest))); vasomotorial_tyrrhus = ((char *)(malloc(diatribist_semipsychologic + 1))); if (vasomotorial_tyrrhus == 0) { memset(vasomotorial_tyrrhus,0,diatribist_semipsychologic + 1); memcpy(vasomotorial_tyrrhus,lipwork_drowsiest,diatribist_semipsychologic); if (lipwork_drowsiest != 0) free(((char *)lipwork_drowsiest)); unweelness_monacha(vasomotorial_tyrrhus); void unweelness_monacha(char *const termly_notasulga); 0 --------------------------------- 23650 153194/tile-manager.c Buffer_Overflow_cpycat 964 void unweelness_monacha(char *const termly_notasulga) ferromagnetism_monographer(termly_notasulga); void ferromagnetism_monographer(char *billowing_takyr) extrudable_plotkin = ((char *)((char *)billowing_takyr)); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, extrudable_plotkin); 1 --------------------------------- 23651 153048/pmsignal.c Buffer_Overflow_scanf 147 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&gasped_melilites,"1045",almeta_nondecadence); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23652 153048/pmsignal.c Buffer_Overflow_Indexes 99 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&gasped_melilites,"1045",almeta_nondecadence); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23653 153048/pmsignal.c Buffer_Overflow_Indexes 145 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23654 152944/color.c Buffer_Overflow_Indexes 165 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23655 152944/color.c Buffer_Overflow_Indexes 169 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23656 152944/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23657 152944/color.c Buffer_Overflow_Indexes 171 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23658 152944/color.c Buffer_Overflow_LowBound 591 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); strncpy(stonesoup_data->buffer, peridinium_preresemblance, strlen(peridinium_preresemblance) + 1); void stonesoup_handle_taint(char *embiid_estherville) peridinium_preresemblance = ((char *)embiid_estherville); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(peridinium_preresemblance)+1, peridinium_preresemblance, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, peridinium_preresemblance, strlen(peridinium_preresemblance) + 1); 1 --------------------------------- 23659 152944/color.c Buffer_Overflow_cpycat 200 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23660 152944/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23661 152944/color.c Buffer_Overflow_cpycat 340 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23662 152944/color.c Buffer_Overflow_cpycat 277 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23663 152944/color.c Buffer_Overflow_cpycat 263 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23664 152944/color.c Buffer_Overflow_cpycat 256 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23665 152944/color.c Buffer_Overflow_cpycat 193 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23666 152944/color.c Buffer_Overflow_cpycat 207 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23667 152944/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23668 152944/color.c Buffer_Overflow_cpycat 270 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23669 152944/color.c Buffer_Overflow_cpycat 298 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23670 152944/color.c Buffer_Overflow_cpycat 305 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23671 152944/color.c Buffer_Overflow_cpycat 228 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23672 152944/color.c Buffer_Overflow_cpycat 312 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23673 152944/color.c Buffer_Overflow_cpycat 284 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23674 152944/color.c Buffer_Overflow_cpycat 249 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23675 152944/color.c Buffer_Overflow_cpycat 242 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23676 152944/color.c Buffer_Overflow_cpycat 235 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23677 152944/color.c Buffer_Overflow_cpycat 333 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23678 152944/color.c Buffer_Overflow_cpycat 291 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23679 152944/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23680 152944/color.c Buffer_Overflow_cpycat 341 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23681 152944/color.c Buffer_Overflow_cpycat 361 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23682 152944/color.c Buffer_Overflow_cpycat 185 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23683 153392/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&unimaged_urostege,"6209",pomarium_narrows); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23684 153392/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23685 153392/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&unimaged_urostege,"6209",pomarium_narrows); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23686 153392/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23687 153392/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23688 153392/color.c Buffer_Overflow_Indexes 177 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23689 153392/color.c Buffer_Overflow_LowBound 579 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; int pomarium_narrows = 91; char *unimaged_urostege; stonesoup_read_taint(&unimaged_urostege,"6209",pomarium_narrows); theistical_snaileater = ((char *)unimaged_urostege); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,theistical_snaileater,sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&unimaged_urostege,"6209",pomarium_narrows); theistical_snaileater = ((char *)unimaged_urostege); strncpy(stonesoup_source,theistical_snaileater,sizeof(stonesoup_source)); 0 --------------------------------- 23690 153392/color.c Buffer_Overflow_LowBound 588 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 23691 153392/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23692 153392/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23693 153392/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23694 153392/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23695 153392/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23696 153392/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23697 153392/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23698 153392/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23699 153392/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23700 153392/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23701 153392/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23702 153392/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23703 153392/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23704 153392/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23705 153392/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23706 153392/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23707 153392/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23708 153392/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23709 153392/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23710 153392/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23711 153392/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23712 153392/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23713 153392/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23714 153392/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23715 152898/color.c Buffer_Overflow_Indexes 165 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23716 152898/color.c Buffer_Overflow_Indexes 167 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23717 152898/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23718 152898/color.c Buffer_Overflow_Indexes 161 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23719 152898/color.c Buffer_Overflow_LowBound 585 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_data = (char*) malloc(8 * sizeof(char)); strncpy(stonesoup_data, tantalizing_hemitype, strlen(tantalizing_hemitype) + 1); void stonesoup_handle_taint(char *flitchen_catchments) tantalizing_hemitype = ((char *)flitchen_catchments); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(tantalizing_hemitype)+1, tantalizing_hemitype, "TRIGGER-STATE"); strncpy(stonesoup_data, tantalizing_hemitype, strlen(tantalizing_hemitype) + 1); 1 --------------------------------- 23720 152898/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23721 152898/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23722 152898/color.c Buffer_Overflow_cpycat 336 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23723 152898/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23724 152898/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23725 152898/color.c Buffer_Overflow_cpycat 357 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23726 152898/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23727 152898/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23728 152898/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23729 152898/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23730 152898/color.c Buffer_Overflow_cpycat 181 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23731 152898/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23732 152898/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23733 152898/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23734 152898/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23735 152898/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23736 152898/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23737 152898/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23738 152898/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23739 152898/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23740 152898/color.c Buffer_Overflow_cpycat 337 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23741 152898/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23742 152898/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23743 152898/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23744 153197/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23745 153197/color.c Buffer_Overflow_Indexes 170 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23746 153197/color.c Buffer_Overflow_Indexes 174 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23747 153197/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&blockholer_indirection,"GANOCEPHALOUS_PREAPPRISING"); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23748 153197/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&blockholer_indirection,"GANOCEPHALOUS_PREAPPRISING"); if (blockholer_indirection != 0) {; gopher_gonoblastidial = ((char *)blockholer_indirection); stonesoup_my_buff_size = ((int )(strlen(gopher_gonoblastidial))); for (; stonesoup_ss_i < stonesoup_my_buff_size; ++stonesoup_ss_i){ if (blockholer_indirection != 0) free(((char *)blockholer_indirection)); 0 --------------------------------- 23749 153197/color.c Buffer_Overflow_Indexes 176 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23750 153197/color.c Buffer_Overflow_cpycat 233 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23751 153197/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23752 153197/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23753 153197/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23754 153197/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23755 153197/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23756 153197/color.c Buffer_Overflow_cpycat 366 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23757 153197/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23758 153197/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23759 153197/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23760 153197/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23761 153197/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23762 153197/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23763 153197/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23764 153197/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23765 153197/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23766 153197/color.c Buffer_Overflow_cpycat 190 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23767 153197/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23768 153197/color.c Buffer_Overflow_cpycat 345 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23769 153197/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23770 153197/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23771 153197/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23772 153197/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23773 153197/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23774 153671/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23775 153671/color.c Buffer_Overflow_Indexes 177 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23776 153671/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23777 153671/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&sophora_rearousal,"HYETOLOGIST_PLY"); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23778 153671/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23779 153671/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&sophora_rearousal,"HYETOLOGIST_PLY"); if (sophora_rearousal != 0) {; unspiritually_ergotin = ((char *)sophora_rearousal); if (strlen(unspiritually_ergotin) < 20) {; realpath(unspiritually_ergotin, stonesoup_buff); if (sophora_rearousal != 0) free(((char *)sophora_rearousal)); 0 --------------------------------- 23780 153671/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23781 153671/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23782 153671/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23783 153671/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23784 153671/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23785 153671/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23786 153671/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23787 153671/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23788 153671/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23789 153671/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23790 153671/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23791 153671/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23792 153671/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23793 153671/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23794 153671/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23795 153671/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23796 153671/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23797 153671/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23798 153671/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23799 153671/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23800 153671/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23801 153671/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23802 153671/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23803 153671/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23804 148881/opcua_simpletypes.c Buffer_Overflow_LowBound 358 proto_tree_add_item(tree, hfIndex, tvb, *pOffset, 4, TRUE); *pOffset+=4; char *szValue = ep_alloc(MAX_BUFFER); gint iOffset = *pOffset; gint32 iLen = tvb_get_letohl(tvb, *pOffset); iOffset+=4; if (iStrLen > (MAX_BUFFER-1)) iStrLen = MAX_BUFFER - 1; strncpy(szValue, (char*)&tvb->real_data[iOffset], iStrLen); iOffset += iLen; proto_tree_add_string(tree, hfIndex, tvb, *pOffset, (iOffset - *pOffset), szValue); *pOffset = iOffset; proto_tree_add_item(tree, hfIndex, tvb, *pOffset, 4, TRUE); *pOffset += 4; iOffset++; parseString(subtree, tvb, &iOffset, hf_opcua_localizedtext_locale); parseString(subtree, tvb, &iOffset, hf_opcua_localizedtext_text); int iOffset = *pOffset; gint32 iLen = tvb_get_letohl(tvb, iOffset); iOffset += 4; iOffset += iLen; proto_tree_add_item(tree, hfIndex, tvb, *pOffset, (iOffset - *pOffset), TRUE); *pOffset = iOffset; iOffset++; parseInt32(subtree, tvb, &iOffset, hf_opcua_diag_symbolicid); parseInt32(subtree, tvb, &iOffset, hf_opcua_diag_namespace); parseInt32(subtree, tvb, &iOffset, hf_opcua_diag_localizedtext); parseString(subtree, tvb, &iOffset, hf_opcua_diag_additionalinfo); parseStatusCode(subtree, tvb, &iOffset, hf_opcua_diag_innerstatuscode); parseDiagnosticInfo(subtree, tvb, &iOffset, "Inner DiagnosticInfo"); iOffset++; parseVariant(subtree, tvb, &iOffset, "Value"); iOffset++; ArrayLength = tvb_get_letohl(tvb, iOffset); case OpcUaType_String: parseString(subtree, tvb, &iOffset, hf_opcua_String); break; case OpcUaType_NodeId: parseNodeId(subtree, tvb, &iOffset, "Value"); break; case OpcUaType_ExpandedNodeId: parseExpandedNodeId(subtree, tvb, &iOffset, "Value"); break; case OpcUaType_DiagnosticInfo: parseDiagnosticInfo(subtree, tvb, &iOffset, "Value"); break; case OpcUaType_QualifiedName: parseQualifiedName(subtree, tvb, &iOffset, "Value"); break; case OpcUaType_LocalizedText: parseLocalizedText(subtree, tvb, &iOffset, "Value"); break; case OpcUaType_ExtensionObject: parseExtensionObject(subtree, tvb, &iOffset, "Value"); break; case OpcUaType_DataValue: parseDataValue(subtree, tvb, &iOffset, "Value"); break; case OpcUaType_Variant: parseVariant(subtree, tvb, &iOffset, "Value"); break; iOffset++; proto_tree_add_item(subtree, hf_opcua_nodeid_nsid, tvb, iOffset, 2, TRUE); iOffset+=2; parseString(subtree, tvb, &iOffset, hf_opcua_String); iOffset++; proto_tree_add_item(subtree, hf_opcua_nodeid_numeric, tvb, iOffset, 1, TRUE); iOffset+=1; proto_tree_add_item(subtree, hf_opcua_nodeid_nsid, tvb, iOffset, 1, TRUE); iOffset+=1; proto_tree_add_item(subtree, hf_opcua_nodeid_numeric, tvb, iOffset, 2, TRUE); iOffset+=2; proto_tree_add_item(subtree, hf_opcua_nodeid_nsid, tvb, iOffset, 2, TRUE); iOffset+=2; proto_tree_add_item(subtree, hf_opcua_nodeid_numeric, tvb, iOffset, 4, TRUE); iOffset+=4; proto_tree_add_item(subtree, hf_opcua_nodeid_nsid, tvb, iOffset, 2, TRUE); iOffset+=2; parseString(subtree, tvb, &iOffset, hf_opcua_String); proto_tree_add_item(subtree, hf_opcua_nodeid_nsid, tvb, iOffset, 2, TRUE); iOffset+=2; parseGuid(subtree, tvb, &iOffset, hf_opcua_Guid); proto_tree_add_item(subtree, hf_opcua_nodeid_nsid, tvb, iOffset, 2, TRUE); iOffset+=2; parseByteString(subtree, tvb, &iOffset, hf_opcua_ByteString); parseString(subtree, tvb, &iOffset, hf_opcua_Uri); void parseDataValue(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, char *szFieldName) proto_item *ti = proto_tree_add_text(tree, tvb, 0, -1, "%s: DataValue", szFieldName); gint iOffset = *pOffset; EncodingMask = tvb_get_guint8(tvb, iOffset); ti = proto_tree_add_text(subtree, tvb, 0, -1, "EncodingMask"); proto_tree_add_item(mask_tree, hf_opcua_datavalue_mask_valueflag, tvb, iOffset, 1, TRUE); proto_tree_add_item(mask_tree, hf_opcua_datavalue_mask_statuscodeflag, tvb, iOffset, 1, TRUE); proto_tree_add_item(mask_tree, hf_opcua_datavalue_mask_sourcetimestampflag, tvb, iOffset, 1, TRUE); proto_tree_add_item(mask_tree, hf_opcua_datavalue_mask_servertimestampflag, tvb, iOffset, 1, TRUE); proto_tree_add_item(mask_tree, hf_opcua_datavalue_mask_sourcepicoseconds, tvb, iOffset, 1, TRUE); proto_tree_add_item(mask_tree, hf_opcua_datavalue_mask_serverpicoseconds, tvb, iOffset, 1, TRUE); parseVariant(subtree, tvb, &iOffset, "Value"); void parseVariant(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, char *szFieldName) proto_item *ti = proto_tree_add_text(tree, tvb, 0, -1, "%s: Variant", szFieldName); gint iOffset = *pOffset; EncodingMask = tvb_get_guint8(tvb, iOffset); proto_tree_add_item(subtree, hf_opcua_variant_encodingmask, tvb, iOffset, 1, TRUE); ArrayLength = tvb_get_letohl(tvb, iOffset); case OpcUaType_String: parseString(subtree, tvb, &iOffset, hf_opcua_String); break; void parseString(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, int hfIndex) gint32 iLen = tvb_get_letohl(tvb, *pOffset); int iStrLen = iLen; strncpy(szValue, (char*)&tvb->real_data[iOffset], iStrLen); void parseDiagnosticInfo(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, char *szFieldName) gint iOffset = *pOffset; ti = proto_tree_add_text(tree, tvb, 0, -1, "%s: DiagnosticInfo", szFieldName); EncodingMask = tvb_get_guint8(tvb, iOffset); ti = proto_tree_add_text(subtree, tvb, 0, -1, "EncodingMask"); proto_tree_add_item(mask_tree, hf_opcua_diag_mask_symbolicflag, tvb, iOffset, 1, TRUE); proto_tree_add_item(mask_tree, hf_opcua_diag_mask_namespaceflag, tvb, iOffset, 1, TRUE); proto_tree_add_item(mask_tree, hf_opcua_diag_mask_localizedtextflag, tvb, iOffset, 1, TRUE); proto_tree_add_item(mask_tree, hf_opcua_diag_mask_additionalinfoflag, tvb, iOffset, 1, TRUE); proto_tree_add_item(mask_tree, hf_opcua_diag_mask_innerstatuscodeflag, tvb, iOffset, 1, TRUE); proto_tree_add_item(mask_tree, hf_opcua_diag_mask_innerdiaginfoflag, tvb, iOffset, 1, TRUE); parseInt32(subtree, tvb, &iOffset, hf_opcua_diag_symbolicid); parseString(subtree, tvb, &iOffset, hf_opcua_diag_additionalinfo); parseDiagnosticInfo(subtree, tvb, &iOffset, "Inner DiagnosticInfo"); void parseInt32(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, int hfIndex) proto_tree_add_item(tree, hfIndex, tvb, *pOffset, 4, TRUE); *pOffset+=4; parseInt32(subtree, tvb, &iOffset, hf_opcua_diag_symbolicid); parseInt32(subtree, tvb, &iOffset, hf_opcua_diag_namespace); parseInt32(subtree, tvb, &iOffset, hf_opcua_diag_localizedtext); parseString(subtree, tvb, &iOffset, hf_opcua_diag_additionalinfo); parseDiagnosticInfo(subtree, tvb, &iOffset, "Inner DiagnosticInfo"); void parseExpandedNodeId(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, char *szFieldName) proto_item *ti = proto_tree_add_text(tree, tvb, 0, -1, "%s: ExpandedNodeId", szFieldName); gint iOffset = *pOffset; EncodingMask = tvb_get_guint8(tvb, iOffset); proto_tree_add_item(subtree, hf_opcua_nodeid_encodingmask, tvb, iOffset, 1, TRUE); parseString(subtree, tvb, &iOffset, hf_opcua_Uri); void parseByteString(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, int hfIndex) gint32 iLen = tvb_get_letohl(tvb, iOffset); proto_tree_add_item(tree, hfIndex, tvb, *pOffset, (iOffset - *pOffset), TRUE); parseByteString(subtree, tvb, &iOffset, hf_opcua_ByteString); parseString(subtree, tvb, &iOffset, hf_opcua_Uri); void parseNodeId(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, char *szFieldName) proto_item *ti = proto_tree_add_text(tree, tvb, 0, -1, "%s: NodeId", szFieldName); gint iOffset = *pOffset; EncodingMask = tvb_get_guint8(tvb, iOffset); proto_tree_add_item(subtree, hf_opcua_nodeid_encodingmask, tvb, iOffset, 1, TRUE); proto_tree_add_item(subtree, hf_opcua_nodeid_nsid, tvb, iOffset, 2, TRUE); parseString(subtree, tvb, &iOffset, hf_opcua_String); void parseQualifiedName(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, char *szFieldName) proto_item *ti = proto_tree_add_text(tree, tvb, 0, -1, "%s: QualifiedName", szFieldName); parseUInt16(subtree, tvb, pOffset, hf_opcua_qualifiedname_id); void parseUInt16(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, int hfIndex) proto_tree_add_item(tree, hfIndex, tvb, *pOffset, 2, TRUE); *pOffset+=2; parseUInt16(subtree, tvb, pOffset, hf_opcua_qualifiedname_id); parseString(subtree, tvb, pOffset, hf_opcua_qualifiedname_name); void parseExtensionObject(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, char *szFieldName) gint iOffset = *pOffset; ti = proto_tree_add_text(tree, tvb, 0, -1, "%s : ExtensionObject", szFieldName); parseExpandedNodeId(extobj_tree, tvb, &iOffset, "TypeId"); void parseLocalizedText(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, char *szFieldName) gint iOffset = *pOffset; ti = proto_tree_add_text(tree, tvb, 0, -1, "%s: LocalizedText", szFieldName); EncodingMask = tvb_get_guint8(tvb, iOffset); ti = proto_tree_add_text(subtree, tvb, 0, -1, "EncodingMask"); proto_tree_add_item(mask_tree, hf_opcua_loctext_mask_localeflag, tvb, iOffset, 1, TRUE); proto_tree_add_item(mask_tree, hf_opcua_loctext_mask_textflag, tvb, iOffset, 1, TRUE); parseString(subtree, tvb, &iOffset, hf_opcua_localizedtext_text); void parseStatusCode(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, int hfIndex) proto_tree_add_item(tree, hfIndex, tvb, *pOffset, 4, TRUE); parseStatusCode(subtree, tvb, &iOffset, hf_opcua_diag_innerstatuscode); parseDiagnosticInfo(subtree, tvb, &iOffset, "Inner DiagnosticInfo"); void parseGuid(proto_tree *tree, tvbuff_t *tvb, gint *pOffset, int hfIndex) proto_tree_add_item(tree, hfIndex, tvb, *pOffset, GUID_LEN, TRUE); *pOffset+=GUID_LEN; parseGuid(subtree, tvb, &iOffset, hf_opcua_Guid); parseString(subtree, tvb, &iOffset, hf_opcua_Uri); 0 --------------------------------- 23805 153530/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23806 153530/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23807 1609/scpy6-bad.c Buffer_Overflow_Indexes 53 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; for(l = 0; str[l]; l++) continue; if(l > MAXSIZE) return; strcpy(buf, str); printf("result: %s\n", buf); 1 --------------------------------- 23808 110/spr-bad2.c Buffer_Overflow_Indexes 34 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; sprintf(buf, "<%.5s>", str); printf("result: %s\n", buf); 1 --------------------------------- 23809 153424/dynahash.c Buffer_Overflow_Indexes 287 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23810 153424/dynahash.c Buffer_Overflow_cpycat 385 HTAB *hash_create(const char *tabname,long nelem,HASHCTL *info,int flags) CurrentDynaHashCxt = AllocSetContextCreate(CurrentDynaHashCxt,tabname,0,(8 * 1024),(8 * 1024 * 1024)); hashp = ((HTAB *)(DynaHashAlloc(sizeof(HTAB ) + strlen(tabname) + 1))); hashp -> tabname = ((char *)(hashp + 1)); strcpy(hashp -> tabname,tabname); 0 --------------------------------- 23811 153061/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23812 153061/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23813 152941/eng_lib.c Buffer_Overflow_Indexes 115 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23814 152941/eng_lib.c Buffer_Overflow_Indexes 74 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 23815 152941/eng_lib.c Buffer_Overflow_Indexes 120 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&salnatron_minsteryard,"PHRYGANEOID_JENEQUEN"); if (salnatron_minsteryard != 0) {; unstirred_antiasthmatic[20] = salnatron_minsteryard; stymphalian_dodson = &unstirred_antiasthmatic; saul_hyacine = &stymphalian_dodson; neutrodyne_maewo = &saul_hyacine; featurelessness_lecoma = &neutrodyne_maewo; millen_metropolitical = &featurelessness_lecoma; mydriatine_emblematise = &millen_metropolitical; sogat_desmepithelium = &mydriatine_emblematise; guaranteer_chinoline = &sogat_desmepithelium; pallini_fatalism = &guaranteer_chinoline; scenewright_preutilized = &pallini_fatalism; 0 --------------------------------- 23816 153246/emem.c Buffer_Overflow_Indexes 1546 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1890))); 0 --------------------------------- 23817 153246/emem.c Buffer_Overflow_Indexes 1514 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1856))); 0 --------------------------------- 23818 153246/emem.c Buffer_Overflow_Indexes 311 ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 23819 153246/emem.c Buffer_Overflow_Indexes 327 se_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_SE_NO_CHUNKS") == ((void *)0); se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 23820 153246/emem.c Buffer_Overflow_Indexes 1599 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1945))); 0 --------------------------------- 23821 153246/emem.c Buffer_Overflow_Indexes 205 strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || 0 --------------------------------- 23822 153246/emem.c Buffer_Overflow_Indexes 1564 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1909))); 0 --------------------------------- 23823 153246/emem.c Buffer_Overflow_Indexes 1529 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1872))); 0 --------------------------------- 23824 153246/emem.c Buffer_Overflow_Indexes 329 se_packet_mem . debug_verify_pointers = getenv("WIRESHARK_SE_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 23825 153246/emem.c Buffer_Overflow_Indexes 310 ep_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_EP_NO_CHUNKS") == ((void *)0); ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 23826 153246/emem.c Buffer_Overflow_Indexes 312 ep_packet_mem . debug_verify_pointers = getenv("WIRESHARK_EP_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 23827 153246/emem.c Buffer_Overflow_Indexes 328 se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 23828 153246/emem.c Buffer_Overflow_Indexes 1581 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1926))); 0 --------------------------------- 23829 153624/color.c Buffer_Overflow_Indexes 174 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23830 153624/color.c Buffer_Overflow_Indexes 561 premorse_layship = getenv("COIFFE_SMOKYSEEMING"); if (premorse_layship != 0) {; pariahism_brahmans = ((char *)premorse_layship); if (strlen(pariahism_brahmans) < 1) { stonesoup_set_function(pariahism_brahmans, &stonesoup_my_foo); void stonesoup_set_function(char *set_param_str,struct stonesoup_data_struct *set_param_data_struct) if (strlen(set_param_str) > 10U) { set_param_data_struct -> str_member = set_param_str; if (strlen(set_param_str) < 10U) { stonesoup_set_function(pariahism_brahmans, &stonesoup_my_foo); stonesoup_val = (stonesoup_my_foo . func_member(stonesoup_my_foo . str_member)); if (stonesoup_val == 0) 0 --------------------------------- 23831 153624/color.c Buffer_Overflow_Indexes 89 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("string is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("string is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23832 153624/color.c Buffer_Overflow_Indexes 172 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23833 153624/color.c Buffer_Overflow_Indexes 168 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23834 153624/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23835 153624/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23836 153624/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23837 153624/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23838 153624/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23839 153624/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23840 153624/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23841 153624/color.c Buffer_Overflow_cpycat 188 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23842 153624/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23843 153624/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23844 153624/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23845 153624/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23846 153624/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23847 153624/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23848 153624/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23849 153624/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23850 153624/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23851 153624/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23852 153624/color.c Buffer_Overflow_cpycat 344 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23853 153624/color.c Buffer_Overflow_cpycat 343 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23854 153624/color.c Buffer_Overflow_cpycat 364 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23855 153624/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23856 153624/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23857 153624/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23858 153631/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&pointal_distortive,"7520",keftian_hydrogenase); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23859 153631/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23860 153631/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&pointal_distortive,"7520",keftian_hydrogenase); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23861 153631/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23862 153631/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23863 153631/color.c Buffer_Overflow_Indexes 177 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23864 153631/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23865 153631/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23866 153631/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23867 153631/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23868 153631/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23869 153631/color.c Buffer_Overflow_cpycat 585 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int keftian_hydrogenase = 596; char *pointal_distortive; stonesoup_read_taint(&pointal_distortive,"7520",keftian_hydrogenase); overdiffuse_nightish = ((char *)pointal_distortive); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, overdiffuse_nightish); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&pointal_distortive,"7520",keftian_hydrogenase); overdiffuse_nightish = ((char *)pointal_distortive); strcpy(stonesoup_heap_buffer_64, overdiffuse_nightish); 1 --------------------------------- 23870 153631/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23871 153631/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23872 153631/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23873 153631/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23874 153631/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23875 153631/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23876 153631/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23877 153631/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23878 153631/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23879 153631/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23880 153631/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23881 153631/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23882 153631/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23883 153631/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23884 153631/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23885 153631/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23886 153631/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23887 153631/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23888 153631/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23889 153023/avpacket.c Buffer_Overflow_Indexes 41 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 23890 153023/avpacket.c Buffer_Overflow_Indexes 82 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23891 153023/avpacket.c Buffer_Overflow_Indexes 87 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&aquariiums_gypsologist,"GLAZY_ESTRE"); if (aquariiums_gypsologist != 0) {; *progeneration_chatty = aquariiums_gypsologist; 0 --------------------------------- 23892 153023/avpacket.c Buffer_Overflow_LowBound 520 char *winklehole_musettes = 0; pointers_petrologically(&winklehole_musettes); superlocally_gumboils = &winklehole_musettes; lumpishness_anorthoscope = superlocally_gumboils + 5; tacitus_knitch[37] = lumpishness_anorthoscope; jumprock_backet = ((char *)( *(tacitus_knitch[37] - 5))); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(jumprock_backet)+1, jumprock_backet, "TRIGGER-STATE"); strncpy(stonesoup_data, jumprock_backet, strlen(jumprock_backet) + 1); 1 --------------------------------- 23893 153348/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23894 153348/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23895 153126/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23896 153126/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23897 153534/string.c Buffer_Overflow_scanf 105 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&morfounder_settles,"1773",maunderer_kidneys); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 23898 153534/string.c Buffer_Overflow_Indexes 57 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&morfounder_settles,"1773",maunderer_kidneys); svn_stringbuf_ensure(str,total_len); membuf_ensure(&mem,&str -> blocksize,minimum_size,str -> pool); svn_stringbuf_ensure(str,total_len); svn_stringbuf_appendbytes(new_str,string,strlen(string)); svn_stringbuf_appendbytes(new_str,separator,sep_len); stonesoup_setup_printf_context(); stonesoup_read_taint(&morfounder_settles,"1773",maunderer_kidneys); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 23899 153534/string.c Buffer_Overflow_Indexes 103 strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || 0 --------------------------------- 23900 153534/string.c Buffer_Overflow_cpycat 1156 void tesselate_hulled(int imager_upgrading,char *scolopendridae_oregano) underbrace_adp = ((char *)scolopendridae_oregano); stonesoup_buffer = malloc((strlen(underbrace_adp) + 1) * sizeof(char )); strcpy(stonesoup_buffer,underbrace_adp); 0 --------------------------------- 23901 153443/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23902 153443/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23903 153589/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23904 153589/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23905 152926/color.c Buffer_Overflow_Indexes 154 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23906 152926/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_data.buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23907 152926/color.c Buffer_Overflow_Indexes 548 overtrimme_laundress = getenv("MONOUREIDE_LOOTING"); if (overtrimme_laundress != 0) {; mahan_tia = ((char *)overtrimme_laundress); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(mahan_tia)+1, mahan_tia, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, mahan_tia, strlen(mahan_tia) + 1); 0 --------------------------------- 23908 152926/color.c Buffer_Overflow_Indexes 160 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23909 152926/color.c Buffer_Overflow_Indexes 158 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23910 152926/color.c Buffer_Overflow_LowBound 558 overtrimme_laundress = getenv("MONOUREIDE_LOOTING"); mahan_tia = ((char *)overtrimme_laundress); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(mahan_tia)+1, mahan_tia, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, mahan_tia, strlen(mahan_tia) + 1); 1 --------------------------------- 23911 152926/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23912 152926/color.c Buffer_Overflow_cpycat 350 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23913 152926/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23914 152926/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23915 152926/color.c Buffer_Overflow_cpycat 174 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23916 152926/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23917 152926/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23918 152926/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23919 152926/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23920 152926/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23921 152926/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23922 152926/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23923 152926/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23924 152926/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23925 152926/color.c Buffer_Overflow_cpycat 182 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23926 152926/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23927 152926/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23928 152926/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23929 152926/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23930 152926/color.c Buffer_Overflow_cpycat 329 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23931 152926/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23932 152926/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23933 152926/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23934 152926/color.c Buffer_Overflow_cpycat 330 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23935 153374/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 23936 153374/color.c Buffer_Overflow_Indexes 170 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23937 153374/color.c Buffer_Overflow_Indexes 569 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 0 --------------------------------- 23938 153374/color.c Buffer_Overflow_Indexes 174 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23939 153374/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&orchil_bibliopolism,"PERSPICABLE_UNPREVENTABLY"); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); s stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23940 153374/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&orchil_bibliopolism,"PERSPICABLE_UNPREVENTABLY"); if (orchil_bibliopolism != 0) {; superdubious_paragogically = ((char *)orchil_bibliopolism); for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen(superdubious_paragogically); ++stonesoup_ss_i) { tracepoint(stonesoup_trace, variable_signed_integral, "((int)STONESOUP_TAINT_SOURCE[stonesoup_ss_i])", ((int)superdubious_paragogically[stonesoup_ss_i]), &(superdubious_paragogically[stonesoup_ss_i]), "TRIGGER-STATE"); superdubious_paragogically[stonesoup_ss_i], stonesoup_stack_buff[(int) superdubious_paragogically[stonesoup_ss_i]]); if (orchil_bibliopolism != 0) free(((char *)orchil_bibliopolism)); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 23941 153374/color.c Buffer_Overflow_Indexes 176 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23942 153374/color.c Buffer_Overflow_cpycat 233 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23943 153374/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23944 153374/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23945 153374/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23946 153374/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23947 153374/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23948 153374/color.c Buffer_Overflow_cpycat 366 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23949 153374/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23950 153374/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23951 153374/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23952 153374/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23953 153374/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23954 153374/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23955 153374/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23956 153374/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23957 153374/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23958 153374/color.c Buffer_Overflow_cpycat 190 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23959 153374/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23960 153374/color.c Buffer_Overflow_cpycat 345 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23961 153374/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23962 153374/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23963 153374/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23964 153374/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23965 153374/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23966 153408/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 23967 153408/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 23968 149229/double_free-bad.c Buffer_Overflow_cpycat 28 int size = sizeof(shellcode); shellcode_location = (char *)malloc(size); strcpy(shellcode_location, shellcode); 0 --------------------------------- 23969 1624/snp5-bad.c Buffer_Overflow_Indexes 45 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; if(strlen(str) > MAXSIZE) return; snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); 1 --------------------------------- 23970 153827/color.c Buffer_Overflow_Indexes 154 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 23971 153827/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_data.base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 23972 153827/color.c Buffer_Overflow_Indexes 158 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23973 153827/color.c Buffer_Overflow_Indexes 160 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23974 153827/color.c Buffer_Overflow_Indexes 549 cirrhoses_uninformatively = getenv("MOTLIER_ELIMINANT"); if (cirrhoses_uninformatively != 0) {; araguaia_unimprecated = ((char *)cirrhoses_uninformatively); if (strlen(araguaia_unimprecated) < 20) { realpath(araguaia_unimprecated, stonesoup_data.base_path); 1 --------------------------------- 23975 153827/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23976 153827/color.c Buffer_Overflow_cpycat 350 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 23977 153827/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23978 153827/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23979 153827/color.c Buffer_Overflow_cpycat 174 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 23980 153827/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23981 153827/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23982 153827/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23983 153827/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23984 153827/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23985 153827/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23986 153827/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23987 153827/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23988 153827/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23989 153827/color.c Buffer_Overflow_cpycat 182 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23990 153827/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23991 153827/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23992 153827/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23993 153827/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23994 153827/color.c Buffer_Overflow_cpycat 329 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 23995 153827/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23996 153827/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23997 153827/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23998 153827/color.c Buffer_Overflow_cpycat 330 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 23999 153825/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 24000 153825/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 24001 153537/heapam.c Buffer_Overflow_Indexes 153 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&stocktaking_schoolbook,"PARA_STORYMONGER"); if (stocktaking_schoolbook != 0) {; organical_infantive . unquietly_sade = ((char *)stocktaking_schoolbook); mesole_dingiest[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *slidage_numerologists)))))))))))))))))))))))))))))))))))))))))))))))))] = organical_infantive; semitechnical_cedrol = mesole_dingiest[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *slidage_numerologists)))))))))))))))))))))))))))))))))))))))))))))))))]; stoffel_irregeneracy = ((char *)semitechnical_cedrol . unquietly_sade); strncpy(stonesoup_buffer, stoffel_irregeneracy, stonesoup_buffer_len); *stonesoup_buffer_ptr = stoffel_irregeneracy; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stoffel_irregeneracy, stonesoup_buffer_len); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); if (stonesoup_buffer_ptr != 0) { free(stonesoup_buffer_ptr); if (semitechnical_cedrol . unquietly_sade != 0) free(((char *)semitechnical_cedrol . unquietly_sade)); 0 --------------------------------- 24002 153537/heapam.c Buffer_Overflow_Indexes 107 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&stocktaking_schoolbook,"PARA_STORYMONGER"); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24003 153537/heapam.c Buffer_Overflow_Indexes 148 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24004 153537/heapam.c Buffer_Overflow_LowBound 559 void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; struct cooer_villainously organical_infantive; char *stocktaking_schoolbook; stonesoup_read_taint(&stocktaking_schoolbook,"PARA_STORYMONGER"); organical_infantive . unquietly_sade = ((char *)stocktaking_schoolbook); mesole_dingiest[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *slidage_numerologists)))))))))))))))))))))))))))))))))))))))))))))))))] = organical_infantive; semitechnical_cedrol = mesole_dingiest[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *slidage_numerologists)))))))))))))))))))))))))))))))))))))))))))))))))]; stoffel_irregeneracy = ((char *)semitechnical_cedrol . unquietly_sade); stonesoup_buffer_len = 4; stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, stoffel_irregeneracy, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, stoffel_irregeneracy, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stoffel_irregeneracy, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stoffel_irregeneracy, stonesoup_buffer_len); 1 --------------------------------- 24005 153636/mux.c Buffer_Overflow_Indexes 73 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&metabasis_chincough,"GEMMATED_WAYNESBURG"); stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24006 153636/mux.c Buffer_Overflow_Indexes 114 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24007 153636/mux.c Buffer_Overflow_Indexes 119 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&metabasis_chincough,"GEMMATED_WAYNESBURG"); if (metabasis_chincough != 0) {; irremeably_famelic = ((char *)metabasis_chincough); strncpy(stonesoup_source,irremeably_famelic,sizeof(stonesoup_source)); if (metabasis_chincough != 0) free(((char *)metabasis_chincough)); 0 --------------------------------- 24008 153636/mux.c Buffer_Overflow_LowBound 480 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; char *metabasis_chincough; stonesoup_read_taint(&metabasis_chincough,"GEMMATED_WAYNESBURG"); irremeably_famelic = ((char *)metabasis_chincough); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,irremeably_famelic,sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&metabasis_chincough,"GEMMATED_WAYNESBURG"); irremeably_famelic = ((char *)metabasis_chincough); strncpy(stonesoup_source,irremeably_famelic,sizeof(stonesoup_source)); 0 --------------------------------- 24009 153636/mux.c Buffer_Overflow_LowBound 489 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 24010 153088/mux.c Buffer_Overflow_Indexes 443 detonate_dishonorably = getenv("MYOXIDAE_DEVOUTLESSNESS"); if (detonate_dishonorably != 0) {; reverdure_akutagawa = ((void *)detonate_dishonorably); illiteracy_shivery(reverdure_akutagawa); void illiteracy_shivery(void *unshattered_sauterne); 0 --------------------------------- 24011 153088/mux.c Buffer_Overflow_Indexes 74 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24012 153021/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 24013 153021/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 24014 153093/main_filter_toolbar.c Buffer_Overflow_scanf 130 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&collochemistry_selflike,"7938",dimpling_ellicott); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24015 153093/main_filter_toolbar.c Buffer_Overflow_Indexes 82 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&collochemistry_selflike,"7938",dimpling_ellicott); adonia_nonparty = invoicing_homeowners(spikelet_scripturism); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24016 153093/main_filter_toolbar.c Buffer_Overflow_Indexes 128 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24017 153030/avpacket.c Buffer_Overflow_scanf 100 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&adumbrations_bathycolpian,"7292",perrin_mackinac); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24018 153030/avpacket.c Buffer_Overflow_Indexes 52 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&adumbrations_bathycolpian,"7292",perrin_mackinac); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24019 153030/avpacket.c Buffer_Overflow_Indexes 98 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24020 153030/avpacket.c Buffer_Overflow_cpycat 452 etiam_whitey = ((char *)( *(subcurate_divulsing - 5)) . vikky_alada); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, etiam_whitey); 1 --------------------------------- 24021 153417/resowner.c Buffer_Overflow_Indexes 177 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24022 153417/resowner.c Buffer_Overflow_LowBound 1144 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 24023 153417/resowner.c Buffer_Overflow_LowBound 1135 void epigraphical_neuropteroidea(int celestially_vitupery,void *cahilly_tortrixes) char stonesoup_source[1024]; disclimax_grantiidae = ((char *)((char *)cahilly_tortrixes)); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, disclimax_grantiidae, sizeof(stonesoup_source)); 0 --------------------------------- 24024 153739/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24025 153739/color.c Buffer_Overflow_Indexes 154 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24026 153739/color.c Buffer_Overflow_Indexes 160 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24027 153739/color.c Buffer_Overflow_Indexes 158 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24028 153739/color.c Buffer_Overflow_LowBound 560 nonaccordant_placodermal = getenv("COBLEMAN_UNWHIGLIKE"); if (nonaccordant_placodermal != 0) {; munith_guacho = ((char *)nonaccordant_placodermal); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(munith_guacho)+1, munith_guacho, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, munith_guacho, strlen(munith_guacho) + 1); 1 --------------------------------- 24029 153739/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24030 153739/color.c Buffer_Overflow_cpycat 350 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24031 153739/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24032 153739/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24033 153739/color.c Buffer_Overflow_cpycat 174 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24034 153739/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24035 153739/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24036 153739/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24037 153739/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24038 153739/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24039 153739/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24040 153739/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24041 153739/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24042 153739/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24043 153739/color.c Buffer_Overflow_cpycat 182 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24044 153739/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24045 153739/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24046 153739/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24047 153739/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24048 153739/color.c Buffer_Overflow_cpycat 329 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24049 153739/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24050 153739/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24051 153739/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24052 153739/color.c Buffer_Overflow_cpycat 330 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24053 153732/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24054 153732/color.c Buffer_Overflow_Indexes 179 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24055 153732/color.c Buffer_Overflow_Indexes 181 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24056 153732/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&homogenetic_misforms,"ABBE_STAMFORD"); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); s stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24057 153732/color.c Buffer_Overflow_Indexes 175 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24058 153732/color.c Buffer_Overflow_Indexes 573 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 24059 153732/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&homogenetic_misforms,"ABBE_STAMFORD"); if (homogenetic_misforms != 0) {; nondemocracy_footworn = ((char *)homogenetic_misforms); tracepoint(stonesoup_trace, variable_buffer, "STONESOUP_TAINT_SOURCE", nondemocracy_footworn, "INITIAL-STATE"); for (stonesoup_i = 0; stonesoup_i < strlen(nondemocracy_footworn); ++stonesoup_i) { nondemocracy_footworn[stonesoup_i], stonesoup_data.buffer[(int) nondemocracy_footworn[stonesoup_i]]); tracepoint(stonesoup_trace, variable_signed_integral, "((int) STONESOUP_TAINT_SOURCE[stonesoup_i])", ((int) nondemocracy_footworn[stonesoup_i]), &(nondemocracy_footworn[stonesoup_i]), "TRIGGER-STATE"); if (homogenetic_misforms != 0) free(((char *)homogenetic_misforms)); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 24060 153732/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24061 153732/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24062 153732/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24063 153732/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24064 153732/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24065 153732/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24066 153732/color.c Buffer_Overflow_cpycat 195 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24067 153732/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24068 153732/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24069 153732/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24070 153732/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24071 153732/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24072 153732/color.c Buffer_Overflow_cpycat 371 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24073 153732/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24074 153732/color.c Buffer_Overflow_cpycat 351 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24075 153732/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24076 153732/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24077 153732/color.c Buffer_Overflow_cpycat 350 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24078 153732/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24079 153732/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24080 153732/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24081 153732/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24082 153732/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24083 153732/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24084 199292/overrun_st_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==32 || vflag_file == 888) 0 --------------------------------- 24085 152957/heapam.c Buffer_Overflow_Indexes 107 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&fairway_obsessions,"CAMPO_COPROSE"); stonesoup_toupper(stonesoup_data.base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.base_path); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24086 152957/heapam.c Buffer_Overflow_Indexes 153 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&fairway_obsessions,"CAMPO_COPROSE"); if (fairway_obsessions != 0) {; reheighten_watchung . paroecism_thersitical = fairway_obsessions; dks_melisma = ((char *)reheighten_watchung . paroecism_thersitical); if (strlen(dks_melisma) < 20) { realpath(dks_melisma, stonesoup_data.base_path); if (reheighten_watchung . paroecism_thersitical != 0) free(((char *)reheighten_watchung . paroecism_thersitical)); 0 --------------------------------- 24087 152957/heapam.c Buffer_Overflow_Indexes 148 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24088 1641/spr4-bad.c Buffer_Overflow_Indexes 42 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; if(strlen(userstr) <= MAXSIZE) test(userstr); test(char *str) sprintf(buf, "<%s>", str); printf("result: %s\n", buf); 1 --------------------------------- 24089 153000/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 24090 153000/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 24091 153084/stream.c Buffer_Overflow_scanf 159 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&suppositionally_unheavenly,"1938",midlenting_biogeography); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24092 153084/stream.c Buffer_Overflow_Indexes 157 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24093 153084/stream.c Buffer_Overflow_Indexes 111 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24094 153084/stream.c Buffer_Overflow_LowBound 619 char stonesoup_source[1024]; fraternizer_theer = ((char *)( *(mucinous_jerkingly - 5)) . targed_justicial); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,fraternizer_theer,sizeof(stonesoup_source)); 0 --------------------------------- 24095 153084/stream.c Buffer_Overflow_LowBound 628 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 24096 153597/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&drainage_asymptotical,"5389",oxozone_busking); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24097 153597/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24098 153597/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&drainage_asymptotical,"5389",oxozone_busking); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24099 153597/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24100 153597/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24101 153597/color.c Buffer_Overflow_Indexes 177 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24102 153597/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24103 153597/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24104 153597/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24105 153597/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24106 153597/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24107 153597/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24108 153597/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24109 153597/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24110 153597/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24111 153597/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24112 153597/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24113 153597/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24114 153597/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24115 153597/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24116 153597/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24117 153597/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24118 153597/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24119 153597/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24120 153597/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24121 153597/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24122 153597/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24123 153597/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24124 153597/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24125 153597/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24126 152931/tile.c Buffer_Overflow_Indexes 89 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24127 153645/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 24128 153645/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 24129 153535/avdevice.c Buffer_Overflow_scanf 86 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&reunited_farewelling,"8040",vartabed_highspire); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24130 153535/avdevice.c Buffer_Overflow_Indexes 84 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24131 153535/avdevice.c Buffer_Overflow_Indexes 38 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24132 153535/avdevice.c Buffer_Overflow_cpycat 183 void *unpurported_scandalmonging = 0; lorianne_cadillac(&unpurported_scandalmonging); scallage_unadjacently = ((char *)((char *)unpurported_scandalmonging)); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, scallage_unadjacently); 1 --------------------------------- 24133 148828/Element.cpp Buffer_Overflow_LowBound 1169 void Element::formatForDebugger(char* buffer, unsigned length) const s = nodeName(); if (s.length() > 0) { result += s; if (result.length() > 0) result += s; if (result.length() > 0) result += "; "; result += "class="; result += s; strncpy(buffer, result.utf8().data(), length - 1); const AtomicString& Element::getAttribute(const QualifiedName& name) const if (Attribute* a = namedAttrMap->getAttributeItem(name)) return a->value(); s = getAttribute(idAttributeName()); if (s.length() > 0) { result += s; s = getAttribute(classAttr); if (s.length() > 0) { result += s; strncpy(buffer, result.utf8().data(), length - 1); const AtomicString& Element::getAttribute(const String& name) const bool ignoreCase = shouldIgnoreAttributeCase(this); if (!m_isStyleAttributeValid && equalPossiblyIgnoringCase(name, styleAttr.localName(), ignoreCase)) updateAnimatedSVGAttribute(QualifiedName(nullAtom, name, nullAtom)); if (Attribute* attribute = namedAttrMap->getAttributeItem(name, ignoreCase)) return attribute->value(); return nullAtom; String result; s = getAttribute(idAttributeName()); if (s.length() > 0) { result += "; "; result += "id="; result += s; s = getAttribute(classAttr); strncpy(buffer, result.utf8().data(), length - 1); 0 --------------------------------- 24134 1577/into4-bad.c Buffer_Overflow_Indexes 51 main(int argc, char **argv) if(argc != 2) n = strtoul(argv[1], 0, 10); if(n * sizeof(int) <= INT_MAX) test(n); test(unsigned int n) buf = malloc(n * sizeof *buf); if(!buf){ return; for(i = 0; i < n; i++){ buf[i]=i; while(i-->0){ printf("%x ", buf[i]); free(buf); 1 --------------------------------- 24135 153614/utils.c Buffer_Overflow_Indexes 71 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24136 153614/utils.c Buffer_Overflow_Indexes 112 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24137 153614/utils.c Buffer_Overflow_Indexes 117 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&enviableness_displeaser,"CHERKESSER_BATCHELDER"); if (enviableness_displeaser != 0) {; *explainable_isotrehalose = enviableness_displeaser; 0 --------------------------------- 24138 153614/utils.c Buffer_Overflow_LowBound 2429 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); codec_tag >>= 8; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); 0 --------------------------------- 24139 153614/utils.c Buffer_Overflow_LowBound 2437 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); 0 --------------------------------- 24140 153614/utils.c Buffer_Overflow_LowBound 2448 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 24141 153614/utils.c Buffer_Overflow_LowBound 2424 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); 0 --------------------------------- 24142 153614/utils.c Buffer_Overflow_LowBound 2444 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); AVRational display_aspect_ratio; buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); 0 --------------------------------- 24143 153614/utils.c Buffer_Overflow_LowBound 2452 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); 0 --------------------------------- 24144 153614/utils.c Buffer_Overflow_LowBound 2483 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); 0 --------------------------------- 24145 153614/utils.c Buffer_Overflow_LowBound 2491 bit_rate = ctx -> bit_rate; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); bitrate = get_bit_rate(enc); return 4; return 8; return 16; return 24; return 32; return 64; return 0; return 2; return 3; return 4; return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); bit_rate = 0; return bit_rate; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); static int get_bit_rate(AVCodecContext *ctx) bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); 0 --------------------------------- 24146 153614/utils.c Buffer_Overflow_LowBound 3216 char stonesoup_source[1024]; char *ploesti_riveret = 0; unfemale_paranoiac(&ploesti_riveret); heterodera_foreconceive[5] = ploesti_riveret; bieennia_hydromechanics[1] = 5; raskolnik_schary = *(heterodera_foreconceive + bieennia_hydromechanics[1]); july_nonconstruable = ((char *)raskolnik_schary); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, july_nonconstruable, sizeof(stonesoup_source)); 0 --------------------------------- 24147 153614/utils.c Buffer_Overflow_LowBound 2473 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 24148 153614/utils.c Buffer_Overflow_LowBound 2387 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf_size = (buf_size > len?buf_size - len : 0); len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); 0 --------------------------------- 24149 153614/utils.c Buffer_Overflow_LowBound 3225 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 24150 153614/utils.c Buffer_Overflow_LowBound 2420 AVCodec *experimental = ((void *)0); p = first_avcodec; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { experimental = p; p = p -> next; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return experimental; return find_encdec(id,1); return find_encdec(id,0); return "none"; codec = avcodec_find_decoder(id); return codec -> name; codec = avcodec_find_encoder(id); return codec -> name; return "unknown_codec"; codec_type = av_get_media_type_string(enc -> codec_type); codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); const char *avcodec_get_name(enum AVCodecID id) cd = avcodec_descriptor_get(id); return cd -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_decoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_encoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); 0 --------------------------------- 24151 153614/utils.c Buffer_Overflow_LowBound 2486 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); 0 --------------------------------- 24152 153614/utils.c Buffer_Overflow_LowBound 1265 int ff_codec_open2_recursive(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) ret = avcodec_open2(avctx,codec,options); int avcodec_open2(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) if (av_codec_is_decoder(codec)) { if (av_codec_is_encoder(avctx -> codec)) { int av_codec_is_encoder(const AVCodec *codec) if (av_codec_is_encoder(avctx -> codec)) { if (avctx -> channels == 1 && (av_get_planar_sample_fmt(avctx -> sample_fmt)) == (av_get_planar_sample_fmt(avctx -> codec -> sample_fmts[i]))) { avctx -> sample_fmt = avctx -> codec -> sample_fmts[i]; char buf[128]; snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); av_log(avctx,16,"Specified sample format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_sample_fmt_name(avctx -> sample_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); int avcodec_open(AVCodecContext *avctx,AVCodec *codec) return avcodec_open2(avctx,codec,((void *)0)); 0 --------------------------------- 24153 153614/utils.c Buffer_Overflow_LowBound 2464 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); 0 --------------------------------- 24154 153614/utils.c Buffer_Overflow_LowBound 1278 char buf[128]; av_log(avctx,16,"Specified pixel format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_pix_fmt_name(avctx -> pix_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> pix_fmt); 0 --------------------------------- 24155 153614/utils.c Buffer_Overflow_LowBound 2459 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); 0 --------------------------------- 24156 153403/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 24157 153403/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 24158 149081/scpy8-bad.c Buffer_Overflow_Indexes 48 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); if(!buf){ return; strncpy(buf, str, 80); 1 --------------------------------- 24159 149237/Format_string_problem-bad.c Buffer_Overflow_Indexes 21 int main(int argc, char **argv) { if(argc >= 2) { char buf[5012]; strncpy(buf, argv[1], sizeof buf - 1); 0 --------------------------------- 24160 153334/color.c Buffer_Overflow_Indexes 543 diyarbakir_subassociative = getenv("QUENCHLESS_HYPERSUBTLE"); if (diyarbakir_subassociative != 0) {; stenographing_cicely = ((char *)diyarbakir_subassociative); if (strlen(stenographing_cicely) < 20) { realpath(stenographing_cicely,stonesoup_base_path); 0 --------------------------------- 24161 153334/color.c Buffer_Overflow_Indexes 154 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24162 153334/color.c Buffer_Overflow_Indexes 156 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24163 153334/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_base_path[stonesoup_oc_i] = stonesoup_toupper(stonesoup_base_path[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_base_path); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24164 153334/color.c Buffer_Overflow_Indexes 150 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24165 153334/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24166 153334/color.c Buffer_Overflow_cpycat 170 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24167 153334/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24168 153334/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24169 153334/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24170 153334/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24171 153334/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24172 153334/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24173 153334/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24174 153334/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24175 153334/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24176 153334/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24177 153334/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24178 153334/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24179 153334/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24180 153334/color.c Buffer_Overflow_cpycat 346 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24181 153334/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24182 153334/color.c Buffer_Overflow_cpycat 325 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24183 153334/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24184 153334/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24185 153334/color.c Buffer_Overflow_cpycat 192 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24186 153334/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24187 153334/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24188 153334/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24189 1575/into3-bad.c Buffer_Overflow_Indexes 54 main(int argc, char **argv) if(argc != 2) n = strtoul(argv[1], 0, 10); test(n); test(unsigned int n) if(n > 1 + INT_MAX / sizeof *buf) buf = malloc(n * sizeof *buf); if(!buf) return; for(i = 0; i < n; i++) buf[i]=i; while(i-->0) printf("%x ", buf[i]); free(buf); 1 --------------------------------- 24190 153298/stream.c Buffer_Overflow_scanf 126 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&elita_irina,"9455",hijinks_pabulums); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24191 153298/stream.c Buffer_Overflow_Indexes 124 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24192 153298/stream.c Buffer_Overflow_Indexes 1819 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 24193 153298/stream.c Buffer_Overflow_Indexes 78 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24194 152989/aviobuf.c Buffer_Overflow_Indexes 93 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24195 152989/aviobuf.c Buffer_Overflow_LowBound 1246 void stonesoup_handle_taint(char *casemaking_slavocracy) molopo_sojourning = ((int )(strlen(casemaking_slavocracy))); preinsured_stramineously = ((char *)(malloc(molopo_sojourning + 1))); memset(preinsured_stramineously,0,molopo_sojourning + 1); memcpy(preinsured_stramineously,casemaking_slavocracy,molopo_sojourning); boatward_guildroy(preinsured_stramineously); void boatward_guildroy(char *const peaching_westlandways) warriorwise_irrespirable = ((char *)((char *)peaching_westlandways)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(warriorwise_irrespirable)+1, warriorwise_irrespirable, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, warriorwise_irrespirable, strlen(warriorwise_irrespirable) + 1); 1 --------------------------------- 24196 152989/aviobuf.c Buffer_Overflow_LowBound 1039 int avio_printf(AVIOContext *s,const char *fmt,... ) va_list ap; char buf[4096]; __builtin_va_start(ap,fmt); ret = vsnprintf(buf,sizeof(buf),fmt,ap); 0 --------------------------------- 24197 153715/eng_lib.c Buffer_Overflow_scanf 134 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&methodism_boogers,"5759",sieracki_zebec); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24198 153715/eng_lib.c Buffer_Overflow_Indexes 132 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24199 153715/eng_lib.c Buffer_Overflow_Indexes 86 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24200 153715/eng_lib.c Buffer_Overflow_cpycat 467 char stonesoup_stack_buffer_64[64]; sulfato_minipanic = ((char *)((union amphipyrenin_winthrop )slappers_fibreless) . tenderish_recarbon); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,sulfato_minipanic); 1 --------------------------------- 24201 152875/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 24202 152875/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 24203 153672/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 24204 153672/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 24205 153322/color.c Buffer_Overflow_Indexes 170 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24206 153322/color.c Buffer_Overflow_Indexes 172 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24207 153322/color.c Buffer_Overflow_Indexes 166 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24208 153322/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24209 153322/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24210 153322/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24211 153322/color.c Buffer_Overflow_cpycat 194 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24212 153322/color.c Buffer_Overflow_cpycat 334 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24213 153322/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24214 153322/color.c Buffer_Overflow_cpycat 221 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24215 153322/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24216 153322/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24217 153322/color.c Buffer_Overflow_cpycat 362 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24218 153322/color.c Buffer_Overflow_cpycat 229 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24219 153322/color.c Buffer_Overflow_cpycat 341 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24220 153322/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24221 153322/color.c Buffer_Overflow_cpycat 208 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24222 153322/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24223 153322/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24224 153322/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24225 153322/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24226 153322/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24227 153322/color.c Buffer_Overflow_cpycat 186 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24228 153322/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24229 153322/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24230 153322/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24231 153322/color.c Buffer_Overflow_cpycat 201 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24232 153322/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24233 153327/e_camellia.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); SUBDEBUTANTE_NOVITIOUS(williamsville_azurine); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24234 153327/e_camellia.c Buffer_Overflow_Indexes 307 allelotropism_poltinnik = getenv("LAMINABILITY_CHLOROMATA"); if (allelotropism_poltinnik != 0) {; nuciculture_defuzes . esme_abiology = ((char *)allelotropism_poltinnik); williamsville_azurine = &nuciculture_defuzes; SUBDEBUTANTE_NOVITIOUS(williamsville_azurine); void initiate_cadmopone(struct thirion_sarcosporida *dilleniaceae_santal) SUBDEBUTANTE_NOVITIOUS(williamsville_azurine); 0 --------------------------------- 24235 153327/e_camellia.c Buffer_Overflow_cpycat 621 unbuilded_bolshevist = ((char *)( *dilleniaceae_santal) . esme_abiology); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, unbuilded_bolshevist); 1 --------------------------------- 24236 153436/mux.c Buffer_Overflow_scanf 134 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&outkeeper_deprotestantize,"8962",culmen_lumbye); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24237 153436/mux.c Buffer_Overflow_Indexes 132 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24238 153436/mux.c Buffer_Overflow_Indexes 86 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&outkeeper_deprotestantize,"8962",culmen_lumbye); subsyndicate_reimprint(unmigratory_valerians); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24239 153436/mux.c Buffer_Overflow_cpycat 943 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int culmen_lumbye = 596; char *outkeeper_deprotestantize; stonesoup_read_taint(&outkeeper_deprotestantize,"8962",culmen_lumbye); unmigratory_valerians . oxamate_counsels = outkeeper_deprotestantize; subsyndicate_reimprint(unmigratory_valerians); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, rhetorical_gypped); void subsyndicate_reimprint(const union tribady_parkston clervaux_obolos) rhetorical_gypped = ((char *)((union tribady_parkston )clervaux_obolos) . oxamate_counsels); strcpy(stonesoup_heap_buffer_64, rhetorical_gypped); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&outkeeper_deprotestantize,"8962",culmen_lumbye); unmigratory_valerians . oxamate_counsels = outkeeper_deprotestantize; subsyndicate_reimprint(unmigratory_valerians); 1 --------------------------------- 24240 153165/cmdline.c Buffer_Overflow_Indexes 828 e = (getenv("SVN_EDITOR")); if (!e) { svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); if (!e) { if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 24241 153165/cmdline.c Buffer_Overflow_Indexes 126 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24242 153165/cmdline.c Buffer_Overflow_Indexes 837 e = (getenv("VISUAL")); if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 24243 153165/cmdline.c Buffer_Overflow_Indexes 209 env_val = (getenv( *env_var)); if (env_val && env_val[0]) { fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); 0 --------------------------------- 24244 153165/cmdline.c Buffer_Overflow_Indexes 840 e = (getenv("EDITOR")); if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 24245 153165/cmdline.c Buffer_Overflow_LowBound 234 int svn_cmdline_init(const char *progname,FILE *error_stream) char prefix_buf[64]; fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); 0 --------------------------------- 24246 153165/cmdline.c Buffer_Overflow_cpycat 1158 char stonesoup_stack_buffer_64[64]; memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,sporidiole_chrismatories); struct migrate_coutumier antisemitism_spreeuw(struct migrate_coutumier gotraja_reweighs) return gotraja_reweighs; disarrangements_wigtownshire = antisemitism_spreeuw(butterfingered_unidentifiably); sporidiole_chrismatories = ((char *)disarrangements_wigtownshire . stichidium_stickfast); strcpy(stonesoup_stack_buffer_64,sporidiole_chrismatories); void stonesoup_handle_taint(char *boolian_tetragons) struct migrate_coutumier butterfingered_unidentifiably; butterfingered_unidentifiably . stichidium_stickfast = ((char *)boolian_tetragons); disarrangements_wigtownshire = antisemitism_spreeuw(butterfingered_unidentifiably); 1 --------------------------------- 24247 153165/cmdline.c Buffer_Overflow_cpycat 236 prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); 0 --------------------------------- 24248 153793/color.c Buffer_Overflow_scanf 139 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&unpainted_overpay,"3086",ziara_demidoctor); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24249 153793/color.c Buffer_Overflow_Indexes 91 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&unpainted_overpay,"3086",ziara_demidoctor); stonesoup_printf("string is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("string is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24250 153793/color.c Buffer_Overflow_Indexes 201 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24251 153793/color.c Buffer_Overflow_Indexes 199 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24252 153793/color.c Buffer_Overflow_Indexes 195 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24253 153793/color.c Buffer_Overflow_Indexes 137 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24254 153793/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24255 153793/color.c Buffer_Overflow_cpycat 215 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24256 153793/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24257 153793/color.c Buffer_Overflow_cpycat 363 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24258 153793/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24259 153793/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24260 153793/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24261 153793/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24262 153793/color.c Buffer_Overflow_cpycat 370 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24263 153793/color.c Buffer_Overflow_cpycat 328 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24264 153793/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24265 153793/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24266 153793/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24267 153793/color.c Buffer_Overflow_cpycat 349 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24268 153793/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24269 153793/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24270 153793/color.c Buffer_Overflow_cpycat 391 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24271 153793/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24272 153793/color.c Buffer_Overflow_cpycat 371 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24273 153793/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24274 153793/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24275 153793/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24276 153793/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24277 153793/color.c Buffer_Overflow_cpycat 356 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24278 152909/column-utils.c Buffer_Overflow_Indexes 758 multivariate_shorterville = getenv("DIAPHANE_VERWANDERUNG"); if (multivariate_shorterville != 0) {; beamish_talcums = ((int )(strlen(multivariate_shorterville))); caprioled_suboctuple = ((char *)(malloc(beamish_talcums + 1))); if (caprioled_suboctuple == 0) { memset(caprioled_suboctuple,0,beamish_talcums + 1); memcpy(caprioled_suboctuple,multivariate_shorterville,beamish_talcums); besnuff_misprovoking(1,caprioled_suboctuple); void besnuff_misprovoking(int contrast_logistical,... ) 0 --------------------------------- 24279 152909/column-utils.c Buffer_Overflow_Indexes 61 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); besnuff_misprovoking(1,caprioled_suboctuple); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(malnourished_ferison)); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(malnourished_ferison)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24280 153749/color.c Buffer_Overflow_Indexes 537 unimpoverished_conylene = getenv("SERIOUSNESS_SALTFISH"); if (unimpoverished_conylene != 0) {; microtonality_unhelping = ((char *)unimpoverished_conylene); stonesoup_my_buff_size = ((int )(strlen(microtonality_unhelping))); for (; stonesoup_ss_i < stonesoup_my_buff_size; ++stonesoup_ss_i){ 0 --------------------------------- 24281 153749/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24282 153749/color.c Buffer_Overflow_Indexes 149 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24283 153749/color.c Buffer_Overflow_Indexes 147 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24284 153749/color.c Buffer_Overflow_Indexes 143 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24285 153749/color.c Buffer_Overflow_cpycat 318 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24286 153749/color.c Buffer_Overflow_Indexes 537 unimpoverished_conylene = getenv("SERIOUSNESS_SALTFISH"); if (unimpoverished_conylene != 0) {; microtonality_unhelping = ((char *)unimpoverished_conylene); stonesoup_my_buff_size = ((int )(strlen(microtonality_unhelping))); for (; stonesoup_ss_i < stonesoup_my_buff_size; ++stonesoup_ss_i){ stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); 1 --------------------------------- 24287 153749/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24288 153749/color.c Buffer_Overflow_Indexes 147 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24289 153749/color.c Buffer_Overflow_cpycat 318 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24290 153749/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24291 153749/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24292 153749/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24293 153749/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24294 153749/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24295 153749/color.c Buffer_Overflow_cpycat 171 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24296 153749/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24297 153749/color.c Buffer_Overflow_cpycat 339 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24298 153749/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24299 153749/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24300 153749/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24301 153749/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24302 153749/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24303 153749/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24304 153749/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24305 153749/color.c Buffer_Overflow_cpycat 206 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24306 153749/color.c Buffer_Overflow_cpycat 163 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24307 153749/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24308 153749/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24309 153749/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24310 153749/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24311 153749/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24312 153749/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24313 149083/scpy9-bad.c Buffer_Overflow_cpycat 50 main(int argc, char **argv) userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), 80); shortstr(char *p, int n, int targ) if(n > targ) return shortstr(p+1, n-1, targ); return p; return shortstr(p+1, n-1, targ); test(str2); test(char *str) buf = malloc(MAXSIZE); strcpy(buf, str); 1 --------------------------------- 24314 153781/emem.c Buffer_Overflow_Indexes 295 ep_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_EP_NO_CHUNKS") == ((void *)0); ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); ep_packet_mem . debug_verify_pointers = getenv("WIRESHARK_EP_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { mem -> memory_alloc = emem_alloc_chunk; 0 --------------------------------- 24315 153781/emem.c Buffer_Overflow_Indexes 313 se_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_SE_NO_CHUNKS") == ((void *)0); se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); se_packet_mem . debug_verify_pointers = getenv("WIRESHARK_SE_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { mem -> memory_alloc = emem_alloc_chunk; 0 --------------------------------- 24316 153781/emem.c Buffer_Overflow_Indexes 168 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_printf_context = stderr; 0 --------------------------------- 24317 153781/emem.c Buffer_Overflow_cpycat 1151 rubbery_brilliant = getenv("FAIRLY_INCOHERENCY"); miscalculating_abevacuation = ((int )(strlen(rubbery_brilliant))); turmet_clerkish = ((char *)(malloc(miscalculating_abevacuation + 1))); memset(turmet_clerkish,0,miscalculating_abevacuation + 1); memcpy(turmet_clerkish,rubbery_brilliant,miscalculating_abevacuation); aleatoric_muslim = &turmet_clerkish; absent_harleian = ((char *)( *aleatoric_muslim)); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, absent_harleian); 1 --------------------------------- 24318 153102/cryptlib.c Buffer_Overflow_Indexes 209 stonesoup_read_taint(&inductile_kaya,"ENTHRONIZING_CONVERTER"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (inductile_kaya != 0) {; supercordially_punner = inductile_kaya; fieldworker_jerkish = ((char *)supercordially_punner); memset(stonesoup_data->buffer, 'Q', 63); stonesoup_buff_size = ((int )(strlen(fieldworker_jerkish))); memcpy(stonesoup_data->buffer, fieldworker_jerkish, 64); for (; stonesoup_i < stonesoup_buff_size; ++stonesoup_i){ stonesoup_printf("%x",stonesoup_data->buffer[stonesoup_i]); 1 --------------------------------- 24319 153102/cryptlib.c Buffer_Overflow_Indexes 163 stonesoup_setup_printf_context(); void stonesoup_setup_printf_context() { ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24320 153102/cryptlib.c Buffer_Overflow_Indexes 706 if (env = getenv("OPENSSL_ia32cap")) { int off = env[0] == '~'?1 : 0; 0 --------------------------------- 24321 153803/color.c Buffer_Overflow_scanf 140 stonesoup_read_taint(&dumbbell_remunerable,"3662",mendelianism_operculiferous); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24322 153803/color.c Buffer_Overflow_Indexes 92 stonesoup_setup_printf_context(); void stonesoup_setup_printf_context() { ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24323 153803/color.c Buffer_Overflow_Indexes 188 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24324 153803/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24325 153803/color.c Buffer_Overflow_Indexes 186 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24326 153803/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24327 153803/color.c Buffer_Overflow_cpycat 378 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24328 153803/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24329 153803/color.c Buffer_Overflow_cpycat 358 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24330 153803/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24331 153803/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24332 153803/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24333 153803/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24334 153803/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24335 153803/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24336 153803/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24337 153803/color.c Buffer_Overflow_cpycat 357 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24338 153803/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24339 153803/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24340 153803/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24341 153803/color.c Buffer_Overflow_cpycat 350 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24342 153803/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24343 153803/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24344 153803/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24345 153803/color.c Buffer_Overflow_cpycat 202 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24346 153803/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24347 153803/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24348 153803/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24349 153803/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24350 153491/stream.c Buffer_Overflow_scanf 124 stonesoup_read_taint(&tyrocidin_discussible,"6256",overcritically_puzzlepate); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24351 153491/stream.c Format_String_Attack 76 char stonesoup_buffer_stack[128] = {0}; stonesoup_read_taint(&tyrocidin_discussible,"6256",overcritically_puzzlepate); connections_bonetail = &tyrocidin_discussible; vinaigretted_reimprint = &connections_bonetail; adoniad_sinigrin = ((char *)( *( *vinaigretted_reimprint))); sprintf(stonesoup_buffer_stack,adoniad_sinigrin); stonesoup_printf("%s\n",stonesoup_buffer_stack); 1 --------------------------------- 24352 153491/stream.c Buffer_Overflow_Indexes 122 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24353 149203/UseAfterFree_container-bad.c Buffer_Overflow_cpycat 33 if ((container.foo.b = (char *)malloc(256*sizeof(char))) != NULL) strcpy(container.foo.b, "Falut!"); 0 --------------------------------- 24354 153482/color.c Buffer_Overflow_Indexes 165 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24355 153482/color.c Buffer_Overflow_Indexes 167 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24356 153482/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24357 153482/color.c Buffer_Overflow_LowBound 585 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *fliers_snowcap) char stonesoup_source[1024]; fruitful_helotes = ((char *)fliers_snowcap); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, fruitful_helotes, sizeof(stonesoup_source)); 0 --------------------------------- 24358 153482/color.c Buffer_Overflow_LowBound 594 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 24359 153482/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24360 153482/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24361 153482/color.c Buffer_Overflow_cpycat 336 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24362 153482/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24363 153482/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24364 153482/color.c Buffer_Overflow_cpycat 357 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24365 153482/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24366 153482/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24367 153482/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24368 153482/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24369 153482/color.c Buffer_Overflow_cpycat 181 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24370 153482/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24371 153482/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24372 153482/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24373 153482/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24374 153482/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24375 153482/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24376 153482/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24377 153482/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24378 153482/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24379 153482/color.c Buffer_Overflow_cpycat 337 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24380 153482/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24381 153482/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24382 153482/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24383 153765/mutex.c Buffer_Overflow_Indexes 175 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) continue; ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 1 --------------------------------- 24384 153765/mutex.c Buffer_Overflow_Indexes 87 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24385 153243/main_filter_toolbar.c Buffer_Overflow_scanf 130 stonesoup_read_taint(&scopiform_synchromist,"8430",simmers_ramsons); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24386 153243/main_filter_toolbar.c Buffer_Overflow_Indexes 82 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&scopiform_synchromist,"8430",simmers_ramsons); stonesoup_printf("String is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24387 153243/main_filter_toolbar.c Buffer_Overflow_Indexes 128 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24388 153488/aviobuf.c Buffer_Overflow_Indexes 91 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24389 153488/aviobuf.c Buffer_Overflow_Indexes 1242 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 1 --------------------------------- 24390 153488/aviobuf.c Buffer_Overflow_LowBound 1032 int avio_printf(AVIOContext *s,const char *fmt,... ) va_list ap; char buf[4096]; __builtin_va_start(ap,fmt); ret = vsnprintf(buf,sizeof(buf),fmt,ap); 0 --------------------------------- 24391 153423/error.c Buffer_Overflow_scanf 123 stonesoup_read_taint(&isopycnal_appt,"4193",epistoler_haemapophysis); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24392 153423/error.c Buffer_Overflow_Indexes 75 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&isopycnal_appt,"4193",epistoler_haemapophysis); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 24393 153423/error.c Buffer_Overflow_Indexes 121 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24394 1630/snp8-bad.c Buffer_Overflow_LowBound 41 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); snprintf(buf, 1024, "<%s>", str); 1 --------------------------------- 24395 153798/cmdline.c Buffer_Overflow_Indexes 844 static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = (getenv("SVN_EDITOR")); if (!e) { svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); if (!e) { e = (getenv("VISUAL")); if (!e) { e = (getenv("EDITOR")); if (!e) { e = "/usr/bin/vi"; if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; 0 --------------------------------- 24396 153798/cmdline.c Buffer_Overflow_Indexes 225 env_val = (getenv( *env_var)); if (env_val && env_val[0]) { fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); 0 --------------------------------- 24397 153798/cmdline.c Buffer_Overflow_Indexes 127 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24398 153798/cmdline.c Buffer_Overflow_LowBound 250 int svn_cmdline_init(const char *progname,FILE *error_stream) char prefix_buf[64]; fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); 0 --------------------------------- 24399 153798/cmdline.c Buffer_Overflow_cpycat 252 prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); 0 --------------------------------- 24400 1291/create_msg_file.c Buffer_Overflow_cpycat 111 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); 0 --------------------------------- 24401 1291/create_msg_file.c Buffer_Overflow_cpycat 167 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn2, "sls.lcs.mit.edu"); 0 --------------------------------- 24402 1291/create_msg_file.c Buffer_Overflow_cpycat 104 temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); 0 --------------------------------- 24403 308/basic-00049-med.c Buffer_Overflow_LowBound 62 char src[18]; char buf[10]; src[18 - 1] = '\0'; i = 4; strncpy(buf, src, (4 * i) + 2); 1 --------------------------------- 24404 153626/bss_file.c Buffer_Overflow_Indexes 121 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("%s\n",stonesoup_buffer_stack); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer_stack); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24405 153626/bss_file.c Format_String_Attack 310 negritos_ekpwele = getenv("OFFSHOOTS_PERIDIASTOLE"); if (negritos_ekpwele != 0) {; superarbitrary_brookes . camphor_swiftliest = ((char *)negritos_ekpwele); quaternionist_stockman[5] = superarbitrary_brookes; trapezes_alcmaon = *(quaternionist_stockman + *unbronzed_doneck); reluct_mrsr = ((char *)trapezes_alcmaon . camphor_swiftliest); sprintf(stonesoup_buffer_stack,reluct_mrsr); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_buffer_stack", stonesoup_buffer_stack, "TRIGGER-STATE"); stonesoup_printf("%s\n",stonesoup_buffer_stack); 1 --------------------------------- 24406 153626/bss_file.c Buffer_Overflow_fgets 508 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,(bp -> ptr))) { 0 --------------------------------- 24407 153626/bss_file.c Buffer_Overflow_fgets 513 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,((FILE *)(bp -> ptr)))) { 0 --------------------------------- 24408 153154/color.c Buffer_Overflow_scanf 140 stonesoup_read_taint(&rhodochrosite_emballonurid,"6508",unlitigiously_lentic); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24409 153154/color.c Buffer_Overflow_Indexes 170 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24410 153154/color.c Format_String_Attack 571 char stonesoup_buffer_stack[128] = {0}; char *vernacularism_urling = 0; int unlitigiously_lentic = 76; stonesoup_read_taint(&rhodochrosite_emballonurid,"6508",unlitigiously_lentic); if (rhodochrosite_emballonurid != 0) {; vernacularism_urling = ((char *)rhodochrosite_emballonurid); sprintf(stonesoup_buffer_stack,vernacularism_urling); 1 --------------------------------- 24411 153154/color.c Buffer_Overflow_Indexes 176 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24412 153154/color.c Buffer_Overflow_Indexes 174 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24413 153154/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24414 153154/color.c Buffer_Overflow_cpycat 233 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24415 153154/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24416 153154/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24417 153154/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24418 153154/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24419 153154/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24420 153154/color.c Buffer_Overflow_cpycat 366 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24421 153154/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24422 153154/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24423 153154/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24424 153154/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24425 153154/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24426 153154/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24427 153154/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24428 153154/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24429 153154/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24430 153154/color.c Buffer_Overflow_cpycat 190 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24431 153154/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24432 153154/color.c Buffer_Overflow_cpycat 345 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24433 153154/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24434 153154/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24435 153154/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24436 153154/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24437 153154/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24438 153055/config_file.c Buffer_Overflow_Indexes 84 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&hypocritic_defleaing,"NESTABLE_TRUNKMAKER"); svn_error_t *svn_err__temp = parser_getc(ctx,&ch); svn_error_t *svn_err__temp = skip_bom(ctx); err = svn_config__parse_stream(cfg,stream,result_pool,scratch_pool); svn_error_t *svn_err__temp = skip_bom(ctx); stonesoup_setup_printf_context(); stonesoup_read_taint(&hypocritic_defleaing,"NESTABLE_TRUNKMAKER"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 24439 153055/config_file.c Buffer_Overflow_Indexes 125 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24440 153055/config_file.c Buffer_Overflow_Indexes 130 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hypocritic_defleaing,"NESTABLE_TRUNKMAKER"); if (hypocritic_defleaing != 0) {; rhizodermis_habitualness = ((int )(strlen(hypocritic_defleaing))); bolshevist_fatelike = ((char *)(malloc(rhizodermis_habitualness + 1))); if (bolshevist_fatelike == 0) { memset(bolshevist_fatelike,0,rhizodermis_habitualness + 1); memcpy(bolshevist_fatelike,hypocritic_defleaing,rhizodermis_habitualness); if (hypocritic_defleaing != 0) free(((char *)hypocritic_defleaing)); britannia_cannonades(bolshevist_fatelike); 0 --------------------------------- 24441 153055/config_file.c Buffer_Overflow_LowBound 916 void titmall_sherurd(char *angelita_philathletic) char stonesoup_source[1024]; century_bilberries = ((char *)((char *)angelita_philathletic)); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,century_bilberries,sizeof(stonesoup_source)); 0 --------------------------------- 24442 153055/config_file.c Buffer_Overflow_LowBound 925 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 24443 153107/color.c Buffer_Overflow_scanf 140 stonesoup_read_taint(&shrewstruck_schlieren,"5897",noticeabili_personalized); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24444 153107/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24445 153107/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24446 153107/color.c Buffer_Overflow_Indexes 175 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24447 153107/color.c Buffer_Overflow_Indexes 179 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24448 153107/color.c Buffer_Overflow_Indexes 181 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24449 153107/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24450 153107/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24451 153107/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24452 153107/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24453 153107/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24454 153107/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24455 153107/color.c Buffer_Overflow_cpycat 195 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24456 153107/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24457 153107/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24458 153107/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24459 153107/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24460 153107/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24461 153107/color.c Buffer_Overflow_cpycat 371 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24462 153107/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24463 153107/color.c Buffer_Overflow_cpycat 351 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24464 153107/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24465 153107/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24466 153107/color.c Buffer_Overflow_cpycat 350 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24467 153107/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24468 153107/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24469 153107/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24470 153107/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24471 153107/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24472 153107/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24473 153557/conversation.c Buffer_Overflow_scanf 183 void twangy_entourage(union orchidectomies_carrel dermatorrhagia_niched) scrogie_transmitter = ((char *)dermatorrhagia_niched . dunkers_crosette); stonesoup_fp = stonesoup_switch_func(scrogie_transmitter); stonesoup_fct_ptr stonesoup_switch_func(char *param) stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 24474 153557/conversation.c Buffer_Overflow_Indexes 102 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24475 153557/conversation.c Buffer_Overflow_Indexes 143 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24476 153557/conversation.c Buffer_Overflow_Indexes 148 stonesoup_read_taint(&gottingen_ophthalmometer,"OSCILLATIONS_ANNUNCIATORY"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (gottingen_ophthalmometer != 0) {; carinal_stuber . dunkers_crosette = gottingen_ophthalmometer; void twangy_entourage(union orchidectomies_carrel dermatorrhagia_niched) scrogie_transmitter = ((char *)dermatorrhagia_niched . dunkers_crosette); stonesoup_fp = stonesoup_switch_func(scrogie_transmitter); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; if (var_len == 0) { else if (var_len == 1) { sscanf(param,"%p",&fct_ptr_addr); return fct_ptr_addr; tracepoint(stonesoup_trace, variable_address, "stonesoup_fp", stonesoup_fp, "TRIGGER-STATE"); stonesoup_cmp_flag = ( *stonesoup_fp)(stonesoup_rand_word,scrogie_transmitter); 1 --------------------------------- 24477 153433/resowner.c Buffer_Overflow_Indexes 140 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24478 153433/resowner.c Buffer_Overflow_Indexes 181 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24479 153433/resowner.c Buffer_Overflow_Indexes 1129 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 1 --------------------------------- 24480 153433/resowner.c Buffer_Overflow_Indexes 186 stonesoup_read_taint(&aquatints_tumbrils,"WITTE_ANAEROPLASTY"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (aquatints_tumbrils != 0) {; crass_pyroborate = ((int )(strlen(aquatints_tumbrils))); adelomorphous_montparnasse = ((char *)(malloc(crass_pyroborate + 1))); if (adelomorphous_montparnasse == 0) { memset(adelomorphous_montparnasse,0,crass_pyroborate + 1); memcpy(adelomorphous_montparnasse,aquatints_tumbrils,crass_pyroborate); if (aquatints_tumbrils != 0) free(((char *)aquatints_tumbrils)); tribulations_poplesie = reticella_tinselling(adelomorphous_montparnasse); 0 --------------------------------- 24481 153098/main_statusbar.c Buffer_Overflow_scanf 169 stonesoup_read_taint(&calamiferous_cumming,"5630",diplomatology_rorifluent); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24482 153098/main_statusbar.c Buffer_Overflow_Indexes 121 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&calamiferous_cumming,"5630",diplomatology_rorifluent); whipper_larkin(darnall_billowier,surpluses_hyson); whipper_larkin(taalbond_cyclograph,principalship_autorhythmus); stonesoup_printf("string is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("string is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24483 153098/main_statusbar.c Buffer_Overflow_Indexes 167 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24484 153291/color.c Buffer_Overflow_Indexes 160 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24485 153291/color.c Buffer_Overflow_Indexes 158 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24486 153291/color.c Buffer_Overflow_Indexes 154 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24487 153291/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24488 153291/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24489 153291/color.c Buffer_Overflow_cpycat 350 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24490 153291/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24491 153291/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24492 153291/color.c Buffer_Overflow_cpycat 174 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24493 153291/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24494 153291/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24495 153291/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24496 153291/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24497 153291/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24498 153291/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24499 153291/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24500 153291/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24501 153291/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24502 153291/color.c Buffer_Overflow_cpycat 182 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24503 153291/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24504 153291/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24505 153291/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24506 153291/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24507 153291/color.c Buffer_Overflow_cpycat 329 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24508 153291/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24509 153291/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24510 153291/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24511 153291/color.c Buffer_Overflow_cpycat 330 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24512 153027/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24513 153027/color.c Buffer_Overflow_Indexes 165 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24514 153027/color.c Buffer_Overflow_Indexes 163 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24515 153027/color.c Buffer_Overflow_Indexes 159 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24516 153027/color.c Buffer_Overflow_cpycat 229 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24517 153027/color.c Buffer_Overflow_cpycat 187 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24518 153027/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24519 153027/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24520 153027/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24521 153027/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24522 153027/color.c Buffer_Overflow_cpycat 334 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24523 153027/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24524 153027/color.c Buffer_Overflow_cpycat 179 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24525 153027/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24526 153027/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24527 153027/color.c Buffer_Overflow_cpycat 194 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24528 153027/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24529 153027/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24530 153027/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24531 153027/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24532 153027/color.c Buffer_Overflow_cpycat 355 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24533 153027/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24534 153027/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24535 153027/color.c Buffer_Overflow_cpycat 214 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24536 153027/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24537 153027/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24538 153027/color.c Buffer_Overflow_cpycat 201 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24539 153027/color.c Buffer_Overflow_cpycat 222 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24540 153546/dirent_uri.c Buffer_Overflow_Indexes 181 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 1 --------------------------------- 24541 153546/dirent_uri.c Buffer_Overflow_Indexes 81 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&wobbler_eutechnics,"CRUDDLE_UNIDEATED"); 0 --------------------------------- 24542 153546/dirent_uri.c Buffer_Overflow_Indexes 122 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24543 153546/dirent_uri.c Buffer_Overflow_Indexes 127 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&wobbler_eutechnics,"CRUDDLE_UNIDEATED"); if (wobbler_eutechnics != 0) {; agaonidae_lymphorrhage . berryville_counterly = ((char *)wobbler_eutechnics); mortiser_resorting = &agaonidae_lymphorrhage; ribbonfish_tufts = mortiser_resorting + 5; 0 --------------------------------- 24544 296/basic-00046-med.c Buffer_Overflow_cpycat 60 char src[18]; char buf[10]; src[18 - 1] = '\0'; strcpy(buf, src); 1 --------------------------------- 24545 153273/cmdutils.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24546 153273/cmdutils.c Buffer_Overflow_Indexes 1818 swartzite_uncompounding = getenv("FRONTS_UNRESILIENTLY"); if (swartzite_uncompounding != 0) {; arylation_aeneolithic = swartzite_uncompounding; winier_enoptromancy = &arylation_aeneolithic; gleeishly_baillone = ((riles_gambroon *)(((unsigned long )winier_enoptromancy) * parr_barents * parr_barents)) + 5; if ( *(gleeishly_baillone - 5) != 0) { underdrainer_agonize = ((char *)( *(gleeishly_baillone - 5))); stonesoup_buff_size = ((int )(strlen(underdrainer_agonize))); memcpy(stonesoup_data.buffer, underdrainer_agonize, 64); for (; stonesoup_i < stonesoup_buff_size; ++stonesoup_i){ stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); 1 --------------------------------- 24547 153273/cmdutils.c Buffer_Overflow_Indexes 478 if ((env = (getenv("FFREPORT"))) || idx) { init_report(env); 0 --------------------------------- 24548 153273/cmdutils.c Buffer_Overflow_Indexes 1656 int c = getchar(); int yesno = av_toupper(c) == 'Y'; while(c != '\n' && c != - 1) return yesno; 0 --------------------------------- 24549 153273/cmdutils.c Buffer_Overflow_Indexes 1659 c = getchar(); while(c != '\n' && c != - 1) 0 --------------------------------- 24550 153273/cmdutils.c Buffer_Overflow_LowBound 1723 FILE *get_preset_file(char *filename,size_t filename_size,const char *preset_name,int is_path,const char *codec_name) snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); 0 --------------------------------- 24551 153273/cmdutils.c Buffer_Overflow_LowBound 1720 f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); 0 --------------------------------- 24552 153513/utils.c Buffer_Overflow_Indexes 113 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24553 153513/utils.c Buffer_Overflow_LowBound 4376 int ff_url_join(char *str,int size,const char *proto,const char *authorization,const char *hostname,int port,const char *fmt,... ) str[0] = '\0'; av_strlcatf(str,size,"%s: av_strlcatf(str,size,"%s@",authorization); av_strlcat(str,"[",size); av_strlcat(str,hostname,size); av_strlcat(str,"]",size); av_strlcat(str,hostname,size); av_strlcat(str,hostname,size); av_strlcatf(str,size,":%d",port); va_list vl; int len = (strlen(str)); __builtin_va_start(vl,fmt); vsnprintf(str + len,(size > len?size - len : 0),fmt,vl); 0 --------------------------------- 24554 153769/utils.c Buffer_Overflow_Indexes 66 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&hexaseme_egide,"INAMISSIBLENESS_CUSTOMING"); ret = ff_read_packet(ic,pkt); 0 --------------------------------- 24555 153769/utils.c Buffer_Overflow_Indexes 107 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24556 153769/utils.c Buffer_Overflow_Indexes 112 stonesoup_read_taint(&hexaseme_egide,"INAMISSIBLENESS_CUSTOMING"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (hexaseme_egide != 0) {; mohock_treadling = ((int )(strlen(hexaseme_egide))); chichewa_scorified = ((char *)(malloc(mohock_treadling + 1))); if (chichewa_scorified == 0) { memset(chichewa_scorified,0,mohock_treadling + 1); memcpy(chichewa_scorified,hexaseme_egide,mohock_treadling); if (hexaseme_egide != 0) free(((char *)hexaseme_egide)); recapitalizes_archantagonist = &chichewa_scorified; mycotoxic_preeminently = ((char **)(((unsigned long )recapitalizes_archantagonist) * aphetism_avis * aphetism_avis)) + 5; roslyn_barrabkie = ((char *)( *(mycotoxic_preeminently - 5))); stonesoup_input_len = strlen(roslyn_barrabkie); if (stonesoup_input_len < 2) { stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); stonesoup_result = ( *stonesoup_function_ptr)(roslyn_barrabkie); 1 --------------------------------- 24557 153769/utils.c Buffer_Overflow_LowBound 719 int avformat_open_input(AVFormatContext **ps,const char *filename,AVInputFormat *fmt,AVDictionary **options) if ((ret = init_input(s,filename,&tmp)) < 0) { static int init_input(AVFormatContext *s,const char *filename,AVDictionary **options) return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if (!av_filename_number_test(filename)) { int av_filename_number_test(const char *filename) return filename && av_get_frame_filename(buf,(sizeof(buf)),filename,1) >= 0; int av_get_frame_filename(char *buf,int buf_size,const char *path,int number) char buf1[20]; p = path; c = *(p++); nd = 0; while(av_isdigit(( *p))){ nd = nd * '\n' + ( *(p++)) - 48; c = *(p++); nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); memcpy(q,buf1,len); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); 0 --------------------------------- 24558 153769/utils.c Buffer_Overflow_LowBound 4462 int ff_url_join(char *str,int size,const char *proto,const char *authorization,const char *hostname,int port,const char *fmt,... ) str[0] = '\0'; av_strlcatf(str,size,"%s: av_strlcatf(str,size,"%s@",authorization); av_strlcat(str,"[",size); av_strlcat(str,hostname,size); av_strlcat(str,"]",size); av_strlcat(str,hostname,size); av_strlcat(str,hostname,size); av_strlcatf(str,size,":%d",port); va_list vl; int len = (strlen(str)); __builtin_va_start(vl,fmt); vsnprintf(str + len,(size > len?size - len : 0),fmt,vl); 0 --------------------------------- 24559 153679/avdevice.c Buffer_Overflow_Indexes 44 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24560 153679/avdevice.c Buffer_Overflow_Indexes 85 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24561 153679/avdevice.c Buffer_Overflow_Indexes 90 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&ficoides_perioesophageal,"YUJI_METERLESS"); if (ficoides_perioesophageal != 0) {; substantialness_linctus . kolhoz_recontinue = ficoides_perioesophageal; uninvested_magazine[5] = substantialness_linctus; chirruped_epeirogenesis = *(uninvested_magazine + supercrime_dailey[1]); pedicel_copperwing(chirruped_epeirogenesis); 0 --------------------------------- 24562 153219/color.c Buffer_Overflow_Indexes 559 exla_trix = getenv("MISBEGETTING_ANCHOVIES"); if (exla_trix != 0) {; plowstaff_unroyalness = ((char *)exla_trix); stonesoup_input_len = strlen(plowstaff_unroyalness); if (stonesoup_input_len < 2) { stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); stonesoup_result = ( *stonesoup_function_ptr)(plowstaff_unroyalness); 1 --------------------------------- 24563 153219/color.c Buffer_Overflow_Indexes 165 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24564 153219/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24565 153219/color.c Buffer_Overflow_Indexes 169 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24566 153219/color.c Buffer_Overflow_Indexes 171 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24567 153219/color.c Buffer_Overflow_cpycat 200 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24568 153219/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24569 153219/color.c Buffer_Overflow_cpycat 340 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24570 153219/color.c Buffer_Overflow_cpycat 277 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24571 153219/color.c Buffer_Overflow_cpycat 263 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24572 153219/color.c Buffer_Overflow_cpycat 256 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24573 153219/color.c Buffer_Overflow_cpycat 193 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24574 153219/color.c Buffer_Overflow_cpycat 207 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24575 153219/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24576 153219/color.c Buffer_Overflow_cpycat 270 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24577 153219/color.c Buffer_Overflow_cpycat 298 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24578 153219/color.c Buffer_Overflow_cpycat 305 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24579 153219/color.c Buffer_Overflow_cpycat 228 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24580 153219/color.c Buffer_Overflow_cpycat 312 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24581 153219/color.c Buffer_Overflow_cpycat 284 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24582 153219/color.c Buffer_Overflow_cpycat 249 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24583 153219/color.c Buffer_Overflow_cpycat 242 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24584 153219/color.c Buffer_Overflow_cpycat 235 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24585 153219/color.c Buffer_Overflow_cpycat 333 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24586 153219/color.c Buffer_Overflow_cpycat 291 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24587 153219/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24588 153219/color.c Buffer_Overflow_cpycat 341 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24589 153219/color.c Buffer_Overflow_cpycat 361 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24590 153219/color.c Buffer_Overflow_cpycat 185 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24591 153155/hashfn.c Buffer_Overflow_Indexes 126 tremandraceae_doweral = getenv("RIVERWAY_ROSSEN"); if (tremandraceae_doweral != 0) {; climbingfishes_coulis = tremandraceae_doweral; hanley_memorate(1,climbingfishes_coulis); void hanley_memorate(int berogue_overraness,... ) 0 --------------------------------- 24592 153155/hashfn.c Buffer_Overflow_Indexes 45 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24593 153673/config.c Buffer_Overflow_Indexes 126 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&woodwind_pseudapospory,"ANTIPLEURITIC_PEACEKEEPER"); if (woodwind_pseudapospory != 0) {; mycorrhizic_chicanos = ((int )(strlen(woodwind_pseudapospory))); plagioclinal_reconciliated = ((char *)(malloc(mycorrhizic_chicanos + 1))); if (plagioclinal_reconciliated == 0) { memset(plagioclinal_reconciliated,0,mycorrhizic_chicanos + 1); memcpy(plagioclinal_reconciliated,woodwind_pseudapospory,mycorrhizic_chicanos); if (woodwind_pseudapospory != 0) free(((char *)woodwind_pseudapospory)); brazos_eclipsis = &plagioclinal_reconciliated; hebr_cluther = ((char **)(((unsigned long )brazos_eclipsis) * palaeolithoid_remigrated * palaeolithoid_remigrated)) + 5; pristav_beduke(hebr_cluther); 0 --------------------------------- 24594 153673/config.c Buffer_Overflow_Indexes 80 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&woodwind_pseudapospory,"ANTIPLEURITIC_PEACEKEEPER"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 24595 153673/config.c Buffer_Overflow_Indexes 121 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24596 833/basic-00180-min.c Buffer_Overflow_Indexes 51 int main(int argc, char *argv[]) char buf[10]; if ((argc < 5) || (atoi(argv[2]) > 10)) buf[atoi(argv[2])] = 'A'; 1 --------------------------------- 24597 148923/packet-ms-mms.c Buffer_Overflow_scanf 777 static void dissect_client_transport_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint offset, guint length_remaining) guint ipaddr[4]; char protocol[3+1] = ""; guint port; proto_tree_add_item(tree, hf_msmms_command_prefix1, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_msmms_command_prefix2, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; offset += 4; offset += 4; offset += 4; transport_info = tvb_get_ephemeral_unicode_string(tvb, offset, length_remaining - 20, ENC_LITTLE_ENDIAN); proto_tree_add_string_format(tree, hf_msmms_command_client_transport_info, tvb, offset, length_remaining-20, transport_info, "Transport: (%s)", transport_info); fields_matched = sscanf(transport_info, "%*c%*c%u.%u.%u.%u%*c%3s%*c%u", &ipaddr[0], &ipaddr[1], &ipaddr[2], &ipaddr[3], protocol, &port); 0 --------------------------------- 24598 153810/pgstat.c Buffer_Overflow_Indexes 307 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24599 153124/utf.c Buffer_Overflow_Indexes 107 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24600 153124/utf.c Buffer_Overflow_Indexes 1010 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 1 --------------------------------- 24601 153124/utf.c Buffer_Overflow_Indexes 330 sproil_premarital = getenv("TAVERT_SWADDY"); if (sproil_premarital != 0) {; centaurus_jara . adjoust_thermophilous = sproil_premarital; 0 --------------------------------- 24602 153001/avpacket.c Buffer_Overflow_Indexes 49 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&fugaciously_steganopod,"LEVANTINE_REGINAS"); 0 --------------------------------- 24603 153001/avpacket.c Buffer_Overflow_Indexes 90 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24604 153001/avpacket.c Buffer_Overflow_Indexes 95 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&fugaciously_steganopod,"LEVANTINE_REGINAS"); if (fugaciously_steganopod != 0) {; searcherlike_hesitating . collaterally_syzran = fugaciously_steganopod; pallia_defoliates = &searcherlike_hesitating; philocathartic_pteridospermae = ((union ascaricidal_richmonddale *)(((unsigned long )pallia_defoliates) * boathouses_trigeminous * boathouses_trigeminous)) + 5; 0 --------------------------------- 24605 199284/memory_allocation_failure_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==28 || vflag_file == 888) 0 --------------------------------- 24606 153668/error.c Buffer_Overflow_Indexes 123 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24607 153668/error.c Buffer_Overflow_Indexes 128 stonesoup_read_taint(&trustlessly_gogglers,"ANGIASTHENIA_SPLENATROPHY"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (trustlessly_gogglers != 0) {; carabidan_sentence . uglification_astto = trustlessly_gogglers; myowun_parasols(carabidan_sentence); void myowun_parasols(const union mortiferousness_vibrations grists_ravendale) thistles_stolewise = ((char *)((union mortiferousness_vibrations )grists_ravendale) . uglification_astto); stonesoup_buff_size = strlen(thistles_stolewise) + 1; stonesoup_size = stonesoup_other_size < stonesoup_buff_size ? stonesoup_other_size : stonesoup_buff_size; for (stonesoup_i = 0; stonesoup_i < stonesoup_size; stonesoup_i++) { stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = thistles_stolewise[stonesoup_buff_size - stonesoup_i - 1]; for (stonesoup_i = 0; stonesoup_i < stonesoup_buff_size; stonesoup_i++) { stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); 1 --------------------------------- 24608 153668/error.c Buffer_Overflow_Indexes 82 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24609 1512/Figure5-24-unix.c Buffer_Overflow_Indexes 24 int main(int argc, char* argv[]) char buf[BUFF_SIZE]; len = atoi(argv[1]); if (len < BUFF_SIZE) memcpy(buf, argv[2], len); 1 --------------------------------- 24610 153773/color.c Buffer_Overflow_Indexes 148 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24611 153773/color.c Buffer_Overflow_Indexes 542 handlists_recarbonizer = getenv("AFFIRMABLY_PARATROOPS"); if (handlists_recarbonizer != 0) {; fbv_collotype = ((char *)handlists_recarbonizer); stonesoup_buff_size = ((int )(strlen(fbv_collotype))); memcpy(stonesoup_data.buffer, fbv_collotype, 64); for (; stonesoup_i < stonesoup_buff_size; ++stonesoup_i){ stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); 1 --------------------------------- 24612 153773/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24613 153773/color.c Buffer_Overflow_Indexes 154 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24614 153773/color.c Buffer_Overflow_Indexes 152 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24615 153773/color.c Buffer_Overflow_cpycat 190 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24616 153773/color.c Buffer_Overflow_cpycat 246 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24617 153773/color.c Buffer_Overflow_cpycat 323 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24618 153773/color.c Buffer_Overflow_cpycat 218 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24619 153773/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24620 153773/color.c Buffer_Overflow_cpycat 295 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24621 153773/color.c Buffer_Overflow_cpycat 260 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24622 153773/color.c Buffer_Overflow_cpycat 253 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24623 153773/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24624 153773/color.c Buffer_Overflow_cpycat 344 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24625 153773/color.c Buffer_Overflow_cpycat 316 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24626 153773/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24627 153773/color.c Buffer_Overflow_cpycat 309 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24628 153773/color.c Buffer_Overflow_cpycat 168 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24629 153773/color.c Buffer_Overflow_cpycat 183 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24630 153773/color.c Buffer_Overflow_cpycat 281 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24631 153773/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24632 153773/color.c Buffer_Overflow_cpycat 274 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24633 153773/color.c Buffer_Overflow_cpycat 239 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24634 153773/color.c Buffer_Overflow_cpycat 211 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24635 153773/color.c Buffer_Overflow_cpycat 288 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24636 153773/color.c Buffer_Overflow_cpycat 302 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24637 153773/color.c Buffer_Overflow_cpycat 176 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24638 153773/color.c Buffer_Overflow_cpycat 267 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24639 152943/types.c Buffer_Overflow_Indexes 82 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24640 152943/types.c Buffer_Overflow_LowBound 410 void nodulation_unakites(int holidaymaking_relucted,void *emulously_extracolumella) char stonesoup_source[1024]; casel_pannonia = ((char *)((char *)emulously_extracolumella)); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, casel_pannonia, sizeof(stonesoup_source)); 0 --------------------------------- 24641 152943/types.c Buffer_Overflow_LowBound 419 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 24642 293/basic-00045-min.c Buffer_Overflow_cpycat 57 char buf[10]; strcpy(buf, "AAAAAAAAAA"); 1 --------------------------------- 24643 152936/eng_table.c Buffer_Overflow_Indexes 149 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24644 152936/eng_table.c Buffer_Overflow_LowBound 499 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 24645 152936/eng_table.c Buffer_Overflow_LowBound 490 pitchpot_plumed = filmily_laches(lisbon_hematocyanin); stentor_circumvascular(pitchpot_plumed); char stonesoup_source[1024]; stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, guy_microchip, sizeof(stonesoup_source)); void stentor_circumvascular(struct byelaw_sellma tripodic_uranophane) guy_microchip = ((char *)tripodic_uranophane . forky_malakin); strncpy(stonesoup_source, guy_microchip, sizeof(stonesoup_source)); 0 --------------------------------- 24646 153054/utf.c Buffer_Overflow_scanf 156 stonesoup_read_taint(&diphthongising_microchemic,"9682",squamotemporal_abeles); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24647 153054/utf.c Buffer_Overflow_Indexes 108 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24648 153054/utf.c Buffer_Overflow_Indexes 154 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24649 153054/utf.c Buffer_Overflow_cpycat 362 int squamotemporal_abeles = 1001; char *diphthongising_microchemic;; stonesoup_read_taint(&diphthongising_microchemic,"9682",squamotemporal_abeles); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { *stonesoup_tainted_buff = NULL; if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); if (diphthongising_microchemic != 0) {; clappe_excathedral . stearyl_coghle = diphthongising_microchemic; hydroponic_nabal(joebush_launderer,clappe_excathedral); void hydroponic_nabal(int meterstick_unquakerlike,union silverado_steepening floricultural_unarrogance) char stonesoup_stack_buffer_64[64]; hethen_insubstantiate = ((char *)floricultural_unarrogance . stearyl_coghle); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,hethen_insubstantiate); 1 --------------------------------- 24650 153677/color.c Buffer_Overflow_Indexes 161 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24651 153677/color.c Buffer_Overflow_Indexes 159 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24652 153677/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24653 153677/color.c Buffer_Overflow_Indexes 550 rifler_krait = getenv("PLUMBONIOBATE_COUNCILMAN"); if (rifler_krait != 0) {; andris_evincing = ((char *)rifler_krait); stonesoup_taint_len = ((int )(strlen(andris_evincing))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_data.buffer[stonesoup_buff_size] = andris_evincing[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); for (stonesoup_i = 0; stonesoup_i < 64; ++stonesoup_i) { stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); 1 --------------------------------- 24654 153677/color.c Buffer_Overflow_Indexes 155 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24655 153677/color.c Buffer_Overflow_cpycat 190 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24656 153677/color.c Buffer_Overflow_cpycat 330 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24657 153677/color.c Buffer_Overflow_cpycat 239 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24658 153677/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24659 153677/color.c Buffer_Overflow_cpycat 253 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24660 153677/color.c Buffer_Overflow_cpycat 323 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24661 153677/color.c Buffer_Overflow_cpycat 281 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24662 153677/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24663 153677/color.c Buffer_Overflow_cpycat 351 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24664 153677/color.c Buffer_Overflow_cpycat 288 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24665 153677/color.c Buffer_Overflow_cpycat 183 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24666 153677/color.c Buffer_Overflow_cpycat 274 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24667 153677/color.c Buffer_Overflow_cpycat 246 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24668 153677/color.c Buffer_Overflow_cpycat 267 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24669 153677/color.c Buffer_Overflow_cpycat 295 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24670 153677/color.c Buffer_Overflow_cpycat 302 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24671 153677/color.c Buffer_Overflow_cpycat 197 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24672 153677/color.c Buffer_Overflow_cpycat 260 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24673 153677/color.c Buffer_Overflow_cpycat 218 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24674 153677/color.c Buffer_Overflow_cpycat 309 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24675 153677/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24676 153677/color.c Buffer_Overflow_cpycat 175 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24677 153677/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24678 153677/color.c Buffer_Overflow_cpycat 316 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24679 153379/e_camellia.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24680 153379/e_camellia.c Buffer_Overflow_Indexes 315 bordered_divisorial = getenv("PEDULE_PREPROCESSED"); if (bordered_divisorial != 0) {; plaistering_multeity . barranquilla_oncin = bordered_divisorial; dermatogen_forestalled = &plaistering_multeity; mirroring_jtunn(dermatogen_forestalled); 0 --------------------------------- 24681 153312/config.c Buffer_Overflow_scanf 130 stonesoup_read_taint(&palaeozoic_kookri,"3196",kirktown_alamota); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24682 153312/config.c Buffer_Overflow_Indexes 1050 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 1 --------------------------------- 24683 153312/config.c Buffer_Overflow_Indexes 82 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24684 153312/config.c Buffer_Overflow_Indexes 128 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24685 153536/stream.c Buffer_Overflow_Indexes 75 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24686 153536/stream.c Buffer_Overflow_Indexes 172 probandi_paleocyclic = getenv("ENTROPION_APHONIAS"); if (probandi_paleocyclic != 0) {; xeromyron_parenchym = ((void *)probandi_paleocyclic); rutilous_lathworks[5] = xeromyron_parenchym; recons_beroida = *(rutilous_lathworks + melise_chromatosis[1]); paeon_gigantesque(nearing_peastake,recons_beroida); 0 --------------------------------- 24687 153536/stream.c Buffer_Overflow_cpycat 1799 void paeon_gigantesque(int dramatical_hydrogenator,void *quadrophonics_grots) archidome_topotypic = ((char *)((char *)quadrophonics_grots)); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, archidome_topotypic); 1 --------------------------------- 24688 153229/string.c Buffer_Overflow_Indexes 102 stonesoup_read_taint(&sardoin_dromond,"MENDERES_SUNNING"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (sardoin_dromond != 0) {; unpossessedness_estancias = ((int )(strlen(sardoin_dromond))); physocele_wakikis = ((char *)(malloc(unpossessedness_estancias + 1))); if (physocele_wakikis == 0) { memset(physocele_wakikis,0,unpossessedness_estancias + 1); memcpy(physocele_wakikis,sardoin_dromond,unpossessedness_estancias); if (sardoin_dromond != 0) free(((char *)sardoin_dromond)); *upcurved_pad = physocele_wakikis; 0 --------------------------------- 24689 153229/string.c Buffer_Overflow_Indexes 56 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&sardoin_dromond,"MENDERES_SUNNING"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 24690 153229/string.c Buffer_Overflow_Indexes 97 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24691 153337/img2.c Buffer_Overflow_Indexes 223 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 1 --------------------------------- 24692 153337/img2.c Buffer_Overflow_Indexes 42 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24693 153337/img2.c Buffer_Overflow_Indexes 153 goosebone_nynex = getenv("UPCURVED_JUNCTION"); if (goosebone_nynex != 0) {; heteromorphae_vetiveria = ((int )(strlen(goosebone_nynex))); disdainfulness_allness = ((char *)(malloc(heteromorphae_vetiveria + 1))); if (disdainfulness_allness == 0) { memset(disdainfulness_allness,0,heteromorphae_vetiveria + 1); memcpy(disdainfulness_allness,goosebone_nynex,heteromorphae_vetiveria); mistetch_monobromized[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *domesticates_dolthead)))))))))))))))))))))))))))))))))))))))))))))))))] = disdainfulness_allness; purchased_whirlies = mistetch_monobromized[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *domesticates_dolthead)))))))))))))))))))))))))))))))))))))))))))))))))]; if (purchased_whirlies != 0) { eliga_unbrand = ((char *)purchased_whirlies); tracepoint(stonesoup_trace, variable_buffer, "STONESOUP_TAINT_SOURCE", eliga_unbrand, "INITIAL-STATE"); for (stonesoup_i = 0; stonesoup_i < strlen(eliga_unbrand); ++stonesoup_i) { s eliga_unbrand[stonesoup_i], stonesoup_data.buffer[(int) eliga_unbrand[stonesoup_i]]); tracepoint(stonesoup_trace, variable_signed_integral, "((int) STONESOUP_TAINT_SOURCE[stonesoup_i])", ((int) eliga_unbrand[stonesoup_i]), &(eliga_unbrand[stonesoup_i]), "TRIGGER-STATE"); 1 --------------------------------- 24694 153260/bio_err.c Buffer_Overflow_scanf 136 stonesoup_read_taint(&komarek_adviceful,"5575",stipuled_isosmotic); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24695 153260/bio_err.c Buffer_Overflow_Indexes 134 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24696 153260/bio_err.c Buffer_Overflow_Indexes 88 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24697 153260/bio_err.c Buffer_Overflow_LowBound 219 char stonesoup_source[1024]; aneurysm_nasrol keita_praxinoscope = 0; yowlring_sandweed(&keita_praxinoscope); typotelegraphy_assertorically = &keita_praxinoscope; fungosity_senarius = ((char *)( *typotelegraphy_assertorically)); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, fungosity_senarius, sizeof(stonesoup_source)); 0 --------------------------------- 24698 153260/bio_err.c Buffer_Overflow_LowBound 228 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 24699 153772/subtrans.c Buffer_Overflow_Indexes 115 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24700 153772/subtrans.c Buffer_Overflow_Indexes 74 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24701 153772/subtrans.c Buffer_Overflow_Indexes 120 stonesoup_read_taint(&gwynfa_cryptozonia,"CASUISTICAL_RESTIACEOUS"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (gwynfa_cryptozonia != 0) {; nutgrasses_disloyalist = ((void *)gwynfa_cryptozonia); drawbridges_walsh[5] = nutgrasses_disloyalist; hawkbills_bluelegs = *(drawbridges_walsh + *aeolodicon_soundheaded); dekaliters_dorados = ((char *)((char *)hawkbills_bluelegs)); strcpy(stonesoup_heap_buffer_64, dekaliters_dorados); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "CROSSOVER-STATE"); for (; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "FINAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); if (((char *)hawkbills_bluelegs) != 0) free(((char *)((char *)hawkbills_bluelegs))); 1 --------------------------------- 24702 153772/subtrans.c Buffer_Overflow_cpycat 314 char *gwynfa_cryptozonia; stonesoup_read_taint(&gwynfa_cryptozonia,"CASUISTICAL_RESTIACEOUS"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; nutgrasses_disloyalist = ((void *)gwynfa_cryptozonia); drawbridges_walsh[5] = nutgrasses_disloyalist; scourfishes_daiquiri = 5; aeolodicon_soundheaded = &scourfishes_daiquiri; hawkbills_bluelegs = *(drawbridges_walsh + *aeolodicon_soundheaded); dekaliters_dorados = ((char *)((char *)hawkbills_bluelegs)); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, dekaliters_dorados); 1 --------------------------------- 24703 153066/portalmem.c Buffer_Overflow_Indexes 107 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24704 153066/portalmem.c Buffer_Overflow_Indexes 484 isthmi_vrc = getenv("REFRACTEDLY_ADAMITICAL"); if (isthmi_vrc != 0) {; mariya_paterfamilias . swab_anatifae = isthmi_vrc; affidavits_shortschat = ((char *)mariya_paterfamilias . swab_anatifae); if (strlen(affidavits_shortschat) < 20) {; stonesoup_buff = (char *) malloc (sizeof(char) * 20); if (stonesoup_buff != NULL) { memset(stonesoup_buff, 0, 20); realpath(affidavits_shortschat, stonesoup_buff); stonesoup_opt_var = strlen( stonesoup_buff); for (; stonesoup_oc_i < stonesoup_opt_var; ++stonesoup_oc_i) { stonesoup_buff[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); 1 --------------------------------- 24705 1508/Figure4-21-unix.c Buffer_Overflow_cpycat 45 fifth = (void *)malloc(128); strcpy(fifth, "something"); 0 --------------------------------- 24706 1508/Figure4-21-unix.c Buffer_Overflow_cpycat 32 int size = sizeof(shellcode); shellcode_location = (void *)malloc(size); strcpy(shellcode_location, shellcode); 0 --------------------------------- 24707 153002/hashfn.c Buffer_Overflow_scanf 92 stonesoup_read_taint(&yucking_gelatinised,"5575",intertissue_preemptor); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24708 153002/hashfn.c Buffer_Overflow_Indexes 44 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24709 153002/hashfn.c Buffer_Overflow_Indexes 90 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24710 153002/hashfn.c Buffer_Overflow_LowBound 168 int intertissue_preemptor = 596; char *yucking_gelatinised;; stonesoup_read_taint(&yucking_gelatinised,"5575",intertissue_preemptor); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { *stonesoup_tainted_buff = NULL; if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); (*stonesoup_tainted_buff)[stonesoup_s - stonesoup_shm] = *stonesoup_s; if (yucking_gelatinised != 0) {; lorrimor_stereoed[5] = yucking_gelatinised; autoantibody_penalizes[1] = 5; talco_matfellon = *(lorrimor_stereoed + autoantibody_penalizes[1]); lamentedly_geulincx = ((char *)talco_matfellon); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(lamentedly_geulincx))); strncpy(stonesoup_heap_buff_64, lamentedly_geulincx, 64); 0 --------------------------------- 24711 153232/e_bf.c Buffer_Overflow_scanf 142 stonesoup_read_taint(&pintail_preperceive,"8449",lobito_unmoldy); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24712 153232/e_bf.c Buffer_Overflow_Indexes 140 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24713 153232/e_bf.c Buffer_Overflow_Indexes 94 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24714 153232/e_bf.c Buffer_Overflow_LowBound 255 char stonesoup_source[1024]; union writhed_saka habenulae_rageful; int lobito_unmoldy = 91; char *pintail_preperceive;; stonesoup_read_taint(&pintail_preperceive,"8449",lobito_unmoldy); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { *stonesoup_tainted_buff = NULL; if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); habenulae_rageful . theodor_trisporous = pintail_preperceive; demiwolf_intertouch = hopkinsonian_siegler(habenulae_rageful); nonidolatrous_pelagia = ((char *)demiwolf_intertouch . theodor_trisporous); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, nonidolatrous_pelagia, sizeof(stonesoup_source)); 0 --------------------------------- 24715 153232/e_bf.c Buffer_Overflow_LowBound 284 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 24716 152869/conversation.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24717 152869/conversation.c Buffer_Overflow_Indexes 133 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24718 152869/conversation.c Buffer_Overflow_LowBound 1255 char *affects_acas; stonesoup_read_taint(&affects_acas,"CRUCIS_REASSEMBLING"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); (*stonesoup_tainted_buff)[stonesoup_lsize] = '\0'; fclose(stonesoup_tainted_file); if (affects_acas != 0) {; canon_theodora[5] = affects_acas; denationalised_ricoriki = 5; conspicuousness_microciona = &denationalised_ricoriki; bilabiate_unregressive = *(canon_theodora + *conspicuousness_microciona); cancerin_stanhopes(misdiagnosis_postallantoic,bilabiate_unregressive); void cancerin_stanhopes(int egghead_unplated,char *smoucher_nonvisionary) char stonesoup_source[1024]; char *triplicating_omniformity = 0; if (egghead_unplated > 0) { cancerin_stanhopes(egghead_unplated,smoucher_nonvisionary); triplicating_omniformity = ((char *)smoucher_nonvisionary); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,triplicating_omniformity,sizeof(stonesoup_source)); 0 --------------------------------- 24719 152869/conversation.c Buffer_Overflow_LowBound 1264 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 24720 153208/e_camellia.c Buffer_Overflow_Indexes 84 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24721 153208/e_camellia.c Buffer_Overflow_Indexes 125 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24722 153208/e_camellia.c Buffer_Overflow_Indexes 130 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(¶magnetism_mahewu,"MARBLEIZING_PHOBOS"); if (paramagnetism_mahewu != 0) {; chervonets_mailmen = ((void *)paramagnetism_mahewu); dialectologies_muscularities(1,chervonets_mailmen); 0 --------------------------------- 24723 153493/mem_dbg.c Buffer_Overflow_Indexes 250 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24724 152932/string.c Buffer_Overflow_Indexes 102 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24725 152932/string.c Buffer_Overflow_LowBound 1132 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 24726 152932/string.c Buffer_Overflow_LowBound 1123 char stonesoup_source[1024]; intaglioed_beneficience = ((char *)( *( *repegged_chalybite)) . vitalisation_ergatomorphism); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, intaglioed_beneficience, sizeof(stonesoup_source)); 0 --------------------------------- 24727 153196/main_filter_toolbar.c Buffer_Overflow_scanf 131 stonesoup_read_taint(&bolognas_twaddliest,"1893",sagbut_rouges); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24728 153196/main_filter_toolbar.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24729 153196/main_filter_toolbar.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24730 153384/color.c Buffer_Overflow_scanf 140 stonesoup_read_taint(&resupervise_aminoketone,"8394",ferriage_iappp); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24731 153384/color.c Buffer_Overflow_Indexes 170 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24732 153384/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24733 153384/color.c Buffer_Overflow_Indexes 176 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24734 153384/color.c Buffer_Overflow_Indexes 174 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24735 153384/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24736 153384/color.c Buffer_Overflow_cpycat 233 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24737 153384/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24738 153384/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24739 153384/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24740 153384/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24741 153384/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24742 153384/color.c Buffer_Overflow_cpycat 366 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24743 153384/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24744 153384/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24745 153384/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24746 153384/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24747 153384/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24748 153384/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24749 153384/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24750 153384/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24751 153384/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24752 153384/color.c Buffer_Overflow_cpycat 190 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24753 153384/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24754 153384/color.c Buffer_Overflow_cpycat 345 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24755 153384/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24756 153384/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24757 153384/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24758 153384/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24759 153384/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24760 153253/color.c Buffer_Overflow_Indexes 160 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24761 153253/color.c Buffer_Overflow_Indexes 158 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24762 153253/color.c Buffer_Overflow_Indexes 154 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24763 153253/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24764 153253/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24765 153253/color.c Buffer_Overflow_cpycat 350 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24766 153253/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24767 153253/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24768 153253/color.c Buffer_Overflow_cpycat 174 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24769 153253/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24770 153253/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24771 153253/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24772 153253/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24773 153253/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24774 153253/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24775 153253/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24776 153253/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24777 153253/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24778 153253/color.c Buffer_Overflow_cpycat 182 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24779 153253/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24780 153253/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24781 153253/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24782 153253/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24783 153253/color.c Buffer_Overflow_cpycat 329 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24784 153253/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24785 153253/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24786 153253/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24787 153253/color.c Buffer_Overflow_cpycat 330 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24788 153399/cmdline.c Buffer_Overflow_Indexes 839 svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = editor_cmd; e = (getenv("SVN_EDITOR")); if (!e) { svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); if (!e) { e = (getenv("VISUAL")); if (!e) { e = (getenv("EDITOR")); if (!e) { e = "/usr/bin/vi"; if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); 0 --------------------------------- 24789 153399/cmdline.c Buffer_Overflow_Indexes 78 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24790 153399/cmdline.c Buffer_Overflow_Indexes 220 env_val = (getenv( *env_var)); if (env_val && env_val[0]) { fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); 0 --------------------------------- 24791 153399/cmdline.c Buffer_Overflow_Indexes 119 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24792 153399/cmdline.c Buffer_Overflow_Indexes 124 stonesoup_read_taint(&rld_bushido,"REVERTIBILITY_MER"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (rld_bushido != 0) {; cotuit_propos[10] = rld_bushido; vallecula_serc = cotuit_propos; barnful_admixture(brennschluss_janok,vallecula_serc); void barnful_admixture(int sauncier_sizably,char **dampcourse_cetiosauria) extund_quantitively = ((char *)dampcourse_cetiosauria[10]); stonesoup_my_buff_size = ((int )(strlen(extund_quantitively))); for (; stonesoup_ss_i < stonesoup_my_buff_size; ++stonesoup_ss_i){ stonesoup_printf("%c",stonesoup_stack_buff_64[stonesoup_ss_i]); if (dampcourse_cetiosauria[10] != 0) free(((char *)dampcourse_cetiosauria[10])); 1 --------------------------------- 24793 153399/cmdline.c Buffer_Overflow_LowBound 245 int svn_cmdline_init(const char *progname,FILE *error_stream) char prefix_buf[64]; fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); 0 --------------------------------- 24794 153399/cmdline.c Buffer_Overflow_cpycat 247 prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); 0 --------------------------------- 24795 153250/color.c Buffer_Overflow_Indexes 158 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24796 153250/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 24797 153250/color.c Buffer_Overflow_Indexes 164 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24798 153250/color.c Buffer_Overflow_Indexes 162 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24799 153250/color.c Buffer_Overflow_LowBound 587 demotion_prebetray = getenv("FOSSILS_PRUNABLE"); if (demotion_prebetray != 0) {; remonetized_monomaniac = ((char *)demotion_prebetray); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, remonetized_monomaniac, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); if (stonesoup_buffer[0] >= 97) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); *stonesoup_buffer_ptr = remonetized_monomaniac; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, remonetized_monomaniac, stonesoup_buffer_len); 1 --------------------------------- 24800 153250/color.c Buffer_Overflow_LowBound 562 demotion_prebetray = getenv("FOSSILS_PRUNABLE"); if (demotion_prebetray != 0) {; remonetized_monomaniac = ((char *)demotion_prebetray); stonesoup_buffer_len = 4; stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, remonetized_monomaniac, stonesoup_buffer_len); 0 --------------------------------- 24801 153250/color.c Buffer_Overflow_cpycat 312 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24802 153250/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24803 153250/color.c Buffer_Overflow_cpycat 256 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24804 153250/color.c Buffer_Overflow_cpycat 334 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24805 153250/color.c Buffer_Overflow_cpycat 200 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24806 153250/color.c Buffer_Overflow_cpycat 270 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24807 153250/color.c Buffer_Overflow_cpycat 235 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24808 153250/color.c Buffer_Overflow_cpycat 277 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24809 153250/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24810 153250/color.c Buffer_Overflow_cpycat 186 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24811 153250/color.c Buffer_Overflow_cpycat 221 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24812 153250/color.c Buffer_Overflow_cpycat 284 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24813 153250/color.c Buffer_Overflow_cpycat 242 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24814 153250/color.c Buffer_Overflow_cpycat 228 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24815 153250/color.c Buffer_Overflow_cpycat 178 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24816 153250/color.c Buffer_Overflow_cpycat 354 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24817 153250/color.c Buffer_Overflow_cpycat 298 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24818 153250/color.c Buffer_Overflow_cpycat 193 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24819 153250/color.c Buffer_Overflow_cpycat 249 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24820 153250/color.c Buffer_Overflow_cpycat 305 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24821 153250/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24822 153250/color.c Buffer_Overflow_cpycat 291 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24823 153250/color.c Buffer_Overflow_cpycat 263 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24824 153250/color.c Buffer_Overflow_cpycat 333 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24825 153620/color.c Buffer_Overflow_Indexes 164 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24826 153620/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24827 153620/color.c Buffer_Overflow_Indexes 170 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24828 153620/color.c Buffer_Overflow_Indexes 168 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24829 153620/color.c Buffer_Overflow_LowBound 601 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 24830 153620/color.c Buffer_Overflow_LowBound 592 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *carthy_numinously) char stonesoup_source[1024]; bsgened_cosmical = ((char *)carthy_numinously); strncpy(stonesoup_source, bsgened_cosmical, sizeof(stonesoup_source)); 0 --------------------------------- 24831 153620/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24832 153620/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24833 153620/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24834 153620/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24835 153620/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24836 153620/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24837 153620/color.c Buffer_Overflow_cpycat 325 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24838 153620/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24839 153620/color.c Buffer_Overflow_cpycat 199 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24840 153620/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24841 153620/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24842 153620/color.c Buffer_Overflow_cpycat 184 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24843 153620/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24844 153620/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24845 153620/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24846 153620/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24847 153620/color.c Buffer_Overflow_cpycat 192 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24848 153620/color.c Buffer_Overflow_cpycat 332 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24849 153620/color.c Buffer_Overflow_cpycat 206 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24850 153620/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24851 153620/color.c Buffer_Overflow_cpycat 340 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24852 153620/color.c Buffer_Overflow_cpycat 339 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24853 153620/color.c Buffer_Overflow_cpycat 360 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24854 153620/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24855 153187/cmdline.c Buffer_Overflow_scanf 129 stonesoup_read_taint(&outpouching_bundelkhand,"3633",unist_warmblooded); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24856 153187/cmdline.c Buffer_Overflow_Indexes 81 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24857 153187/cmdline.c Buffer_Overflow_Indexes 845 static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) e = (getenv("SVN_EDITOR")); if (!e) { svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); if (!e) { e = (getenv("VISUAL")); if (!e) { e = (getenv("EDITOR")); if (!e) { e = "/usr/bin/vi"; if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; 0 --------------------------------- 24858 153187/cmdline.c Buffer_Overflow_Indexes 226 env_val = (getenv( *env_var)); if (env_val && env_val[0]) { fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); 0 --------------------------------- 24859 153187/cmdline.c Buffer_Overflow_Indexes 127 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24860 153187/cmdline.c Buffer_Overflow_LowBound 251 int svn_cmdline_init(const char *progname,FILE *error_stream) char prefix_buf[64]; fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); 0 --------------------------------- 24861 153187/cmdline.c Buffer_Overflow_LowBound 1187 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 24862 153187/cmdline.c Buffer_Overflow_LowBound 1178 char stonesoup_source[1024]; void *trills_merpeople = 0; wogul_overpraising = ((char *)((char *)trills_merpeople)); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, wogul_overpraising, sizeof(stonesoup_source)); 0 --------------------------------- 24863 153187/cmdline.c Buffer_Overflow_cpycat 253 prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); 0 --------------------------------- 24864 153523/avdevice.c Buffer_Overflow_scanf 95 stonesoup_read_taint(&russomania_unorderable,"9420",reposition_elephantoid); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24865 153523/avdevice.c Buffer_Overflow_Indexes 93 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24866 153523/avdevice.c Buffer_Overflow_Indexes 47 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24867 153523/avdevice.c Buffer_Overflow_cpycat 146 union desc_pretrying tachypnoeic_prorata; int reposition_elephantoid = 596; char *russomania_unorderable;; stonesoup_read_taint(&russomania_unorderable,"9420",reposition_elephantoid); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { *stonesoup_tainted_buff = NULL; if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); tachypnoeic_prorata . antaranga_vanquishable = russomania_unorderable; bediapers_collochemistry[5] = tachypnoeic_prorata; misteacher_faso = 5; heterochromic_jacobitely = &misteacher_faso; unbarricadoed_bretelle = *(bediapers_collochemistry + *heterochromic_jacobitely); inferiors_absorptiometer(squareflipper_bondless,unbarricadoed_bretelle); void inferiors_absorptiometer(int grossification_emergently,union desc_pretrying phosphoresce_polyphonies) milkshop_domdaniel = ((char *)phosphoresce_polyphonies . antaranga_vanquishable); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, milkshop_domdaniel); 1 --------------------------------- 24868 153127/utils.c Buffer_Overflow_Indexes 3199 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 1 --------------------------------- 24869 153127/utils.c Buffer_Overflow_Indexes 70 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24870 153127/utils.c Buffer_Overflow_Indexes 111 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24871 153127/utils.c Buffer_Overflow_Indexes 116 stonesoup_read_taint(&orselle_dowelled,"ORILLION_MISUNDERSTOOD"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (orselle_dowelled != 0) {; mormaor_aeroacoustic = ((void *)orselle_dowelled); pshaws_beglew[5] = mormaor_aeroacoustic; blatchang_organistic = *(pshaws_beglew + abrege_unnooked[1]); mistify_preferrous(cerianthidae_blottingly,blatchang_organistic); void mistify_preferrous(int nucleoloid_iffiest,void *outbear_labiotenaculum) bluebird_cutthroats = ((char *)((char *)outbear_labiotenaculum)); for (stonesoup_i = 0; stonesoup_i < strlen(bluebird_cutthroats); ++stonesoup_i) { stonesoup_data->buffer[(int) bluebird_cutthroats[stonesoup_i]]); tracepoint(stonesoup_trace, variable_signed_integral, "((int) STONESOUP_TAINT_SOURCE[stonesoup_i])", ((int) bluebird_cutthroats[stonesoup_i]), &(bluebird_cutthroats[stonesoup_i]), "TRIGGER-STATE"); if (((char *)outbear_labiotenaculum) != 0) free(((char *)((char *)outbear_labiotenaculum))); 1 --------------------------------- 24872 153127/utils.c Buffer_Overflow_LowBound 2431 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); 0 --------------------------------- 24873 153127/utils.c Buffer_Overflow_LowBound 2485 bit_rate = ctx -> bit_rate; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); bitrate = get_bit_rate(enc); return 4; return 8; return 16; return 24; return 32; return 64; return 0; return 2; return 3; return 4; return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); bit_rate = 0; return bit_rate; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); static int get_bit_rate(AVCodecContext *ctx) bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); 0 --------------------------------- 24874 153127/utils.c Buffer_Overflow_LowBound 2458 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); 0 --------------------------------- 24875 153127/utils.c Buffer_Overflow_LowBound 2442 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 24876 153127/utils.c Buffer_Overflow_LowBound 1272 char buf[128]; av_log(avctx,16,"Specified pixel format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_pix_fmt_name(avctx -> pix_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> pix_fmt); 0 --------------------------------- 24877 153127/utils.c Buffer_Overflow_LowBound 2480 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); 0 --------------------------------- 24878 153127/utils.c Buffer_Overflow_LowBound 2446 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); 0 --------------------------------- 24879 153127/utils.c Buffer_Overflow_LowBound 1100 int ff_codec_open2_recursive(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) ret = avcodec_open2(avctx,codec,options); int avcodec_open2(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) if (av_codec_is_decoder(codec)) { if (av_codec_is_encoder(avctx -> codec)) { int av_codec_is_encoder(const AVCodec *codec) if (av_codec_is_encoder(avctx -> codec)) { if (avctx -> channels == 1 && (av_get_planar_sample_fmt(avctx -> sample_fmt)) == (av_get_planar_sample_fmt(avctx -> codec -> sample_fmts[i]))) { avctx -> sample_fmt = avctx -> codec -> sample_fmts[i]; char buf[128]; snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); av_log(avctx,16,"Specified sample format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_sample_fmt_name(avctx -> sample_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); int avcodec_open(AVCodecContext *avctx,AVCodec *codec) return avcodec_open2(avctx,codec,((void *)0)); 0 --------------------------------- 24880 153127/utils.c Buffer_Overflow_LowBound 2381 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf_size = (buf_size > len?buf_size - len : 0); len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); 0 --------------------------------- 24881 153127/utils.c Buffer_Overflow_LowBound 2477 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); 0 --------------------------------- 24882 153127/utils.c Buffer_Overflow_LowBound 2453 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); 0 --------------------------------- 24883 153127/utils.c Buffer_Overflow_LowBound 2467 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) profile = av_get_profile_name(p,enc -> profile); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 24884 153127/utils.c Buffer_Overflow_LowBound 2423 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); codec_tag >>= 8; const char *profile = ((void *)0); av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); 0 --------------------------------- 24885 153127/utils.c Buffer_Overflow_LowBound 2414 AVCodec *experimental = ((void *)0); p = first_avcodec; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { p = p -> next; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { experimental = p; return experimental; return find_encdec(id,1); return find_encdec(id,0); return "none"; codec = avcodec_find_decoder(id); return codec -> name; codec = avcodec_find_encoder(id); return codec -> name; return "unknown_codec"; codec_type = av_get_media_type_string(enc -> codec_type); codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_encoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); const char *avcodec_get_name(enum AVCodecID id) cd = avcodec_descriptor_get(id); return cd -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_decoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); 0 --------------------------------- 24886 153127/utils.c Buffer_Overflow_LowBound 2438 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); AVRational display_aspect_ratio; buf[0] ^= 'a' ^ 'A'; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); 0 --------------------------------- 24887 153127/utils.c Buffer_Overflow_LowBound 2418 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); 0 --------------------------------- 24888 153175/utils.c Buffer_Overflow_Indexes 4923 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 1 --------------------------------- 24889 153175/utils.c Buffer_Overflow_Indexes 113 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24890 153175/utils.c Buffer_Overflow_LowBound 4376 int ff_url_join(char *str,int size,const char *proto,const char *authorization,const char *hostname,int port,const char *fmt,... ) str[0] = '\0'; av_strlcatf(str,size,"%s: av_strlcatf(str,size,"%s@",authorization); av_strlcat(str,"[",size); av_strlcat(str,hostname,size); av_strlcat(str,"]",size); av_strlcat(str,hostname,size); av_strlcat(str,hostname,size); av_strlcatf(str,size,":%d",port); va_list vl; int len = (strlen(str)); __builtin_va_start(vl,fmt); vsnprintf(str + len,(size > len?size - len : 0),fmt,vl); 0 --------------------------------- 24891 153695/main_statusbar.c Buffer_Overflow_Indexes 158 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24892 153695/main_statusbar.c Buffer_Overflow_cpycat 1146 int indigenismo_unquested = 7; char *deseret_muhlenberg = 0; feture_tanta(indigenismo_unquested,deseret_muhlenberg); void feture_tanta(int azoblack_backchain,char *paraxial_huelessness) char *psychosarcous_fisheyes = 0; psychosarcous_fisheyes = ((char *)paraxial_huelessness); for (stonesoup_i = 0; stonesoup_i < 64; stonesoup_i++) { stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, psychosarcous_fisheyes); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data.buffer); for (stonesoup_i = 0; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); 1 --------------------------------- 24893 149079/scpy7-bad.c Buffer_Overflow_cpycat 41 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); strcpy(buf, str); 1 --------------------------------- 24894 153397/resowner.c Buffer_Overflow_scanf 189 stonesoup_read_taint(&ricercars_feelinglessly,"9197",footing_disgracers); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24895 153397/resowner.c Buffer_Overflow_Indexes 187 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24896 153397/resowner.c Buffer_Overflow_Indexes 141 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24897 153300/config_file.c Buffer_Overflow_Indexes 122 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24898 153442/bss_file.c Buffer_Overflow_Indexes 150 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24899 153442/bss_file.c Buffer_Overflow_fgets 493 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,(bp -> ptr))) { 0 --------------------------------- 24900 153442/bss_file.c Buffer_Overflow_fgets 498 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,((FILE *)(bp -> ptr)))) { 0 --------------------------------- 24901 153442/bss_file.c Buffer_Overflow_cpycat 530 void stonesoup_handle_taint(char *aesopic_tastelessness) calcaire_nro = ((void *)aesopic_tastelessness); loquent_forbid = &calcaire_nro; nonpressing_nucla = &loquent_forbid; seminarcosis_almadie(pasadis_dorididae,nonpressing_nucla); void seminarcosis_almadie(int surceased_epitaphic,void ***eradication_pearlstone) panthous_zimarra = ((char *)((char *)( *( *eradication_pearlstone)))); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, panthous_zimarra); 1 --------------------------------- 24902 1572/into1-bad.c Buffer_Overflow_Indexes 49 main(int argc, char **argv) if(argc != 2) n = strtoul(argv[1], 0, 10); test(n); test(unsigned int n) buf = malloc(n * sizeof *buf); for(i = 0; i < n; i++) buf[i] = i; printf("%x ", buf[i]); free(buf); 1 --------------------------------- 24903 149065/gets1-bad.c Buffer_Overflow_Indexes 37 if(gets(buf)) printf("result: %s\n", buf); 1 --------------------------------- 24904 153268/mux.c Buffer_Overflow_Indexes 112 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24905 153790/mem_dbg.c Buffer_Overflow_Indexes 212 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24906 153790/mem_dbg.c Buffer_Overflow_Indexes 253 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24907 153790/mem_dbg.c Buffer_Overflow_Indexes 258 stonesoup_read_taint(&fascism_dilatative,"HYPING_BONDSERVANT"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (fascism_dilatative != 0) {; melber_limbering = &fascism_dilatative; stelai_forras = melber_limbering + 5; if ( *(stelai_forras - 5) != 0) { acentric_hypotralia = ((char *)( *(stelai_forras - 5))); stonesoup_buff_size = ((int )(strlen(acentric_hypotralia))); strncpy(stonesoup_heap_buff_64, acentric_hypotralia, 64); for (; stonesoup_ss_i < stonesoup_buff_size; ++stonesoup_ss_i){ stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); 1 --------------------------------- 24908 153790/mem_dbg.c Buffer_Overflow_LowBound 462 char *fascism_dilatative; stonesoup_read_taint(&fascism_dilatative,"HYPING_BONDSERVANT"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); melber_limbering = &fascism_dilatative; stelai_forras = melber_limbering + 5; acentric_hypotralia = ((char *)( *(stelai_forras - 5))); stonesoup_heap_buff_64 = (char*) malloc(64 * sizeof(char)); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(acentric_hypotralia))); strncpy(stonesoup_heap_buff_64, acentric_hypotralia, 64); 0 --------------------------------- 24909 153290/dynahash.c Buffer_Overflow_scanf 288 stonesoup_read_taint(&cinerarias_tipstock,"2572",transportee_gavia); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24910 153290/dynahash.c Buffer_Overflow_Indexes 286 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24911 153290/dynahash.c Buffer_Overflow_Indexes 240 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24912 153290/dynahash.c Buffer_Overflow_cpycat 410 HTAB *hash_create(const char *tabname,long nelem,HASHCTL *info,int flags) CurrentDynaHashCxt = AllocSetContextCreate(CurrentDynaHashCxt,tabname,0,(8 * 1024),(8 * 1024 * 1024)); hashp = ((HTAB *)(DynaHashAlloc(sizeof(HTAB ) + strlen(tabname) + 1))); hashp -> tabname = ((char *)(hashp + 1)); strcpy(hashp -> tabname,tabname); 0 --------------------------------- 24913 153608/hashfn.c Buffer_Overflow_scanf 92 stonesoup_read_taint(&unretted_lowlinesses,"3503",eldon_autoeducative); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24914 153608/hashfn.c Buffer_Overflow_Indexes 44 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 24915 153608/hashfn.c Buffer_Overflow_Indexes 90 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24916 315/basic-00051-large.c Buffer_Overflow_LowBound 65 char src[4106]; char buf[10]; src[4106 - 1] = '\0'; strncpy(buf, src, function1(4106)); int function1(int arg1) return arg1; strncpy(buf, src, function1(4106)); 1 --------------------------------- 24917 153156/e_camellia.c Buffer_Overflow_Indexes 120 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24918 153156/e_camellia.c Buffer_Overflow_LowBound 612 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *rattooned_hatchetfishes) excrescencies_autoanalysis[4] = rattooned_hatchetfishes; contemning_sterrett[ *disbrain_cicadas] = excrescencies_autoanalysis; pygidid_bung = contemning_sterrett[ *disbrain_cicadas]; oversoaks_catalyzing = ((char *)pygidid_bung[4]); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(oversoaks_catalyzing)+1, oversoaks_catalyzing, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, oversoaks_catalyzing, strlen(oversoaks_catalyzing) + 1); 1 --------------------------------- 24919 153202/bio_err.c Buffer_Overflow_Indexes 82 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24920 153202/bio_err.c Buffer_Overflow_Indexes 210 rimed_plebescite = getenv("CLASSWISE_HOLBEIN"); if (rimed_plebescite != 0) {; horsefish_pixie[33] = rimed_plebescite; inviscerate_pantomorphic = &horsefish_pixie; amato_solon = &inviscerate_pantomorphic; grottoes_shrill = &amato_solon; colorlessly_criant = &grottoes_shrill; fessed_unpawed = &colorlessly_criant; sascha_jejunely = &fessed_unpawed; subtemperate_caprylic = &sascha_jejunely; muddlesome_monacha = &subtemperate_caprylic; beweep_compressibly = &muddlesome_monacha; gallophobe_kimmel = &beweep_compressibly; capotastos_titrate = &gallophobe_kimmel; nonbusily_shandry = &capotastos_titrate; covert_alcmaon = &nonbusily_shandry; aerophilately_reheighten = &covert_alcmaon; bespouses_terpane = &aerophilately_reheighten; facellite_dredge = &bespouses_terpane; remigrate_toxicohaemia = &facellite_dredge; digitalism_carnivals = &remigrate_toxicohaemia; superhistoric_sufiism = &digitalism_carnivals; alluviums_vigoroso = &superhistoric_sufiism; caranx_unfret = &alluviums_vigoroso; adularias_profanatory = &caranx_unfret; panzoism_ensuite = &adularias_profanatory; nonprelatical_laziness = &panzoism_ensuite; jovi_musties = &nonprelatical_laziness; camphanone_sinuitis = &jovi_musties; bottommost_unrepelled = &camphanone_sinuitis; 0 --------------------------------- 24921 153464/mem_dbg.c Buffer_Overflow_Indexes 212 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24922 153464/mem_dbg.c Buffer_Overflow_Indexes 253 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24923 153464/mem_dbg.c Buffer_Overflow_Indexes 258 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&cotonou_subbing,"CONGLOMERATIC_EUPHORBIA"); if (cotonou_subbing != 0) {; decannulation_wooingly[3] = cotonou_subbing; maru_ganching[5] = decannulation_wooingly; provand_unbarrel = *(maru_ganching + *carara_protested); if (provand_unbarrel[3] != 0) { swops_digesting = ((char *)provand_unbarrel[3]); strncpy(stonesoup_source, swops_digesting, sizeof(stonesoup_source)); if (provand_unbarrel[3] != 0) free(((char *)provand_unbarrel[3])); 0 --------------------------------- 24924 153464/mem_dbg.c Buffer_Overflow_LowBound 483 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 24925 153464/mem_dbg.c Buffer_Overflow_LowBound 474 char stonesoup_source[1024]; char *cotonou_subbing; stonesoup_read_taint(&cotonou_subbing,"CONGLOMERATIC_EUPHORBIA"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); decannulation_wooingly[3] = cotonou_subbing; maru_ganching[5] = decannulation_wooingly; newchwang_odalisks = 5; carara_protested = &newchwang_odalisks; provand_unbarrel = *(maru_ganching + *carara_protested); swops_digesting = ((char *)provand_unbarrel[3]); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, swops_digesting, sizeof(stonesoup_source)); 0 --------------------------------- 24926 199313/st_underrun.c Buffer_Overflow_cpycat 80 st_underrun_003_s_001 s; st_underrun_003_func_001(&s); void st_underrun_003_func_001 (st_underrun_003_s_001 *s) char buf[10] = "STRING"; strcpy(s->buf,buf); 0 --------------------------------- 24927 199313/st_underrun.c Buffer_Overflow_cpycat 23 char buf[10]; strcpy(buf, "my string"); 0 --------------------------------- 24928 199313/st_underrun.c Buffer_Overflow_cpycat 115 st_underrun_004_s_001 s,s2; s2 = st_underrun_004_func_001(&s); st_underrun_004_s_001 st_underrun_004_func_001 (st_underrun_004_s_001 *s) st_underrun_004_func_002(s); void st_underrun_004_func_002 (st_underrun_004_s_001 *s) char buf[10] = "STRING"; strcpy(s->buf,buf); 0 --------------------------------- 24929 153472/bss_file.c Buffer_Overflow_Indexes 151 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24930 153472/bss_file.c Buffer_Overflow_fgets 488 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,(bp -> ptr))) { 0 --------------------------------- 24931 153472/bss_file.c Buffer_Overflow_fgets 493 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,((FILE *)(bp -> ptr)))) { 0 --------------------------------- 24932 152940/cmdutils.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24933 152940/cmdutils.c Buffer_Overflow_Indexes 1730 c = getchar(); while(c != '\n' && c != - 1) 0 --------------------------------- 24934 152940/cmdutils.c Buffer_Overflow_Indexes 549 if ((env = (getenv("FFREPORT"))) || idx) { init_report(env); static int init_report(const char *env); 0 --------------------------------- 24935 152940/cmdutils.c Buffer_Overflow_Indexes 1885 ung_isopolite = getenv("SKAGEN_HIGHFALUTINISM"); if (ung_isopolite != 0) {; ethicoaesthetic_escrime = ((int )(strlen(ung_isopolite))); overpeck_elzevir = ((char *)(malloc(ethicoaesthetic_escrime + 1))); if (overpeck_elzevir == 0) { memset(overpeck_elzevir,0,ethicoaesthetic_escrime + 1); memcpy(overpeck_elzevir,ung_isopolite,ethicoaesthetic_escrime); underreamer_semicircularity = &overpeck_elzevir; onegite_holoplanktonic = underreamer_semicircularity + 5; whuttering_whitling(onegite_holoplanktonic); 0 --------------------------------- 24936 152940/cmdutils.c Buffer_Overflow_Indexes 1727 int c = getchar(); int yesno = av_toupper(c) == 'Y'; while(c != '\n' && c != - 1) return yesno; 0 --------------------------------- 24937 152940/cmdutils.c Buffer_Overflow_LowBound 1628 printf("%s %s [%s]:\n",(encoder?"Encoder" : "Decoder"),c -> name,(c -> long_name?c -> long_name : "")); char name[16]; snprintf(name,sizeof(name),"%d", *p); show_help_children(c -> priv_class,1 | 2); if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { while(prev = (av_codec_next(prev))){ if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { return prev; return ((void *)0); while(codec = next_codec_for_id(desc -> id,codec,encoder)){ print_codec(codec); *(par++) = 0; show_help_codec(par,0); show_help_codec(par,1); static void show_help_codec(const char *name,int encoder) codec = ((encoder?avcodec_find_encoder_by_name(name) : avcodec_find_decoder_by_name(name))); print_codec(codec); static void print_codec(const AVCodec *c) int encoder = av_codec_is_encoder(c); const int *p = c -> supported_samplerates; snprintf(name,sizeof(name),"%d", *p); p++; snprintf(name,sizeof(name),"%d", *p); print_codec(codec); while(codec = next_codec_for_id(desc -> id,codec,encoder)){ int show_help(void *optctx,const char *opt,const char *arg) topic = av_strdup((arg?arg : "")); par = strchr(topic,'='); show_help_codec(par,1); static const AVCodec *next_codec_for_id(enum AVCodecID id,const AVCodec *prev,int encoder) while(prev = (av_codec_next(prev))){ if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { return prev; while(codec = next_codec_for_id(desc -> id,codec,encoder)){ print_codec(codec); show_help_children(child,flags); print_codec(codec); 0 --------------------------------- 24938 152940/cmdutils.c Buffer_Overflow_LowBound 1791 f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); 0 --------------------------------- 24939 152940/cmdutils.c Buffer_Overflow_LowBound 1794 FILE *get_preset_file(char *filename,size_t filename_size,const char *preset_name,int is_path,const char *codec_name) snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); 0 --------------------------------- 24940 153438/conf_mod.c Buffer_Overflow_Indexes 564 file = getenv("OPENSSL_CONF"); if (file) { return BUF_strdup(file); file = CONF_get1_default_config_file(); if (!file) { if (NCONF_load(conf,file,((void *)0)) <= 0) { CRYPTO_free(file); 0 --------------------------------- 24941 153438/conf_mod.c Buffer_Overflow_Indexes 163 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24942 153438/conf_mod.c Buffer_Overflow_Indexes 662 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 1 --------------------------------- 24943 153184/cryptlib.c Buffer_Overflow_Indexes 162 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24944 153184/cryptlib.c Buffer_Overflow_Indexes 208 stonesoup_read_taint(&schoolyard_unfluid,"SAMBOS_TUCKERMANITY"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (schoolyard_unfluid != 0) {; hygrophyte_wormroot = &schoolyard_unfluid; sarraute_consonance(unconversant_nonspecie,hygrophyte_wormroot); void sarraute_consonance(int spoutiness_heptachord,char **oxybenzyl_mislikers) belched_ektenes = ((char *)( *oxybenzyl_mislikers)); stonesoup_buffer = malloc((strlen(belched_ektenes) + 1) * sizeof(char )); if (stonesoup_buffer == 0) { strcpy(stonesoup_buffer,belched_ektenes); if (stonesoup_buffer[0] >= 97) { stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) first_char = buffer_param[0] - 97; free(buffer_param); return first_char; if (stonesoup_buffer != 0) { free(stonesoup_buffer); if ( *oxybenzyl_mislikers != 0) free(((char *)( *oxybenzyl_mislikers))); 1 --------------------------------- 24945 153184/cryptlib.c Buffer_Overflow_Indexes 665 if (env = getenv("OPENSSL_ia32cap")) { int off = env[0] == '~'?1 : 0; 0 --------------------------------- 24946 153184/cryptlib.c Buffer_Overflow_Indexes 203 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24947 153184/cryptlib.c Buffer_Overflow_cpycat 590 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); char *schoolyard_unfluid; stonesoup_read_taint(&schoolyard_unfluid,"SAMBOS_TUCKERMANITY"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); hygrophyte_wormroot = &schoolyard_unfluid; sarraute_consonance(unconversant_nonspecie,hygrophyte_wormroot); void sarraute_consonance(int spoutiness_heptachord,char **oxybenzyl_mislikers) belched_ektenes = ((char *)( *oxybenzyl_mislikers)); stonesoup_buffer = malloc((strlen(belched_ektenes) + 1) * sizeof(char )); strcpy(stonesoup_buffer,belched_ektenes); 0 --------------------------------- 24948 153517/color.c Buffer_Overflow_scanf 140 stonesoup_read_taint(&daubing_cowbind,"3281",passionaries_interlinkage); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 24949 153517/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&daubing_cowbind,"3281",passionaries_interlinkage); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 24950 153517/color.c Buffer_Overflow_Indexes 176 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24951 153517/color.c Buffer_Overflow_Indexes 174 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24952 153517/color.c Buffer_Overflow_Indexes 170 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24953 153517/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 24954 153517/color.c Buffer_Overflow_LowBound 576 int passionaries_interlinkage = 596; char *daubing_cowbind; stonesoup_read_taint(&daubing_cowbind,"3281",passionaries_interlinkage); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { *stonesoup_tainted_buff = NULL; if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); kherson_fraternal = ((char *)daubing_cowbind); stonesoup_heap_buff_64 = (char*) malloc(64 * sizeof(char)); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(kherson_fraternal))); strncpy(stonesoup_heap_buff_64, kherson_fraternal, 64); 0 --------------------------------- 24955 153517/color.c Buffer_Overflow_cpycat 233 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24956 153517/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24957 153517/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24958 153517/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24959 153517/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24960 153517/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24961 153517/color.c Buffer_Overflow_cpycat 366 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24962 153517/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24963 153517/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24964 153517/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24965 153517/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24966 153517/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24967 153517/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24968 153517/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24969 153517/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24970 153517/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24971 153517/color.c Buffer_Overflow_cpycat 190 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24972 153517/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24973 153517/color.c Buffer_Overflow_cpycat 345 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24974 153517/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24975 153517/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24976 153517/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24977 153517/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24978 153517/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24979 153103/color.c Buffer_Overflow_Indexes 161 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24980 153103/color.c Buffer_Overflow_Indexes 159 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 24981 153103/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 24982 153103/color.c Buffer_Overflow_Indexes 155 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 24983 153103/color.c Buffer_Overflow_Indexes 549 airify_vented = getenv("CONGLOBULATE_ASNIFFLE"); if (airify_vented != 0) {; jacens_eberthella = ((char *)airify_vented); strcpy(stonesoup_data.buffer, jacens_eberthella); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data.buffer); for (stonesoup_i = 0; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); 1 --------------------------------- 24984 153103/color.c Buffer_Overflow_cpycat 190 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24985 153103/color.c Buffer_Overflow_cpycat 330 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 24986 153103/color.c Buffer_Overflow_cpycat 239 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24987 153103/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24988 153103/color.c Buffer_Overflow_cpycat 253 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24989 153103/color.c Buffer_Overflow_cpycat 323 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24990 153103/color.c Buffer_Overflow_cpycat 281 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24991 153103/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24992 153103/color.c Buffer_Overflow_cpycat 351 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 24993 153103/color.c Buffer_Overflow_cpycat 288 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24994 153103/color.c Buffer_Overflow_cpycat 183 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24995 153103/color.c Buffer_Overflow_cpycat 274 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24996 153103/color.c Buffer_Overflow_cpycat 246 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24997 153103/color.c Buffer_Overflow_cpycat 267 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24998 153103/color.c Buffer_Overflow_cpycat 295 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 24999 153103/color.c Buffer_Overflow_cpycat 302 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25000 153103/color.c Buffer_Overflow_cpycat 197 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25001 153103/color.c Buffer_Overflow_cpycat 260 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25002 153103/color.c Buffer_Overflow_cpycat 218 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25003 153103/color.c Buffer_Overflow_cpycat 309 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25004 153103/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25005 153103/color.c Buffer_Overflow_cpycat 175 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25006 153103/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25007 153103/color.c Buffer_Overflow_cpycat 316 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25008 153039/bufmgr.c Buffer_Overflow_Indexes 110 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25009 153039/bufmgr.c Buffer_Overflow_Indexes 151 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25010 153039/bufmgr.c Buffer_Overflow_Indexes 156 stonesoup_read_taint(&unmythical_tyrannisingly,"UNLEARNABLENESS_AMERINDIAN"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (unmythical_tyrannisingly != 0) {; unsimulating_pharyngoxerosis = ((int )(strlen(unmythical_tyrannisingly))); insectary_rightly = ((char *)(malloc(unsimulating_pharyngoxerosis + 1))); if (insectary_rightly == 0) { memset(insectary_rightly,0,unsimulating_pharyngoxerosis + 1); memcpy(insectary_rightly,unmythical_tyrannisingly,unsimulating_pharyngoxerosis); if (unmythical_tyrannisingly != 0) free(((char *)unmythical_tyrannisingly)); photophonic_retool[5] = insectary_rightly; interstellar_elfins = *(photophonic_retool + *driers_neuromyelitis); if (interstellar_elfins != 0) { labourism_mispaint = ((char *)interstellar_elfins); if (strlen(labourism_mispaint) < 1) { stonesoup_set_function(labourism_mispaint, &stonesoup_my_foo); void stonesoup_set_function(char *set_param_str,struct stonesoup_data_struct *set_param_data_struct) if (strlen(set_param_str) > 10U) { set_param_data_struct -> func_member = stonesoup_modulus_function; set_param_data_struct -> str_member = set_param_str; if (strlen(set_param_str) < 10U) { set_param_data_struct -> func_member = stonesoup_modulus_function; set_param_data_struct -> str_member = "default"; stonesoup_val = (stonesoup_my_foo . func_member(stonesoup_my_foo . str_member)); 1 --------------------------------- 25011 153500/dirent_uri.c Buffer_Overflow_Indexes 141 hypernormally_bulbed = getenv("DEMING_INDISPOSITIONS"); if (hypernormally_bulbed != 0) {; typhlophile_lapith = ((void *)hypernormally_bulbed); marbrinus_chronographs[ *( *( *( *( *( *( *( *( *( *plasmalemma_clairvoyants)))))))))] = typhlophile_lapith; pyatigorsk_bowlegs = marbrinus_chronographs[ *( *( *( *( *( *( *( *( *( *plasmalemma_clairvoyants)))))))))]; unwanted_psiloi(pyatigorsk_bowlegs); 0 --------------------------------- 25012 153500/dirent_uri.c Buffer_Overflow_Indexes 72 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25013 153500/dirent_uri.c Buffer_Overflow_cpycat 2091 hypernormally_bulbed = getenv("DEMING_INDISPOSITIONS"); if (hypernormally_bulbed != 0) {; typhlophile_lapith = ((void *)hypernormally_bulbed); marbrinus_chronographs[ *( *( *( *( *( *( *( *( *( *plasmalemma_clairvoyants)))))))))] = typhlophile_lapith; pyatigorsk_bowlegs = marbrinus_chronographs[ *( *( *( *( *( *( *( *( *( *plasmalemma_clairvoyants)))))))))]; unwanted_psiloi(pyatigorsk_bowlegs); void unwanted_psiloi(void *lesli_newfanglement) sanctioning_slammakin(lesli_newfanglement); void sanctioning_slammakin(void *inversable_orinasality) char stonesoup_stack_buffer_64[64]; overhear_chak = ((char *)((char *)inversable_orinasality)); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,overhear_chak); 1 --------------------------------- 25014 153255/pmsignal.c Buffer_Overflow_scanf 149 stonesoup_read_taint(&coattail_operatics,"1527",torticollis_revelers); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25015 153255/pmsignal.c Buffer_Overflow_Indexes 147 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25016 153255/pmsignal.c Buffer_Overflow_Indexes 101 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25017 295/basic-00046-large.c Buffer_Overflow_cpycat 60 char buf[10]; char src[4106]; src[4106 - 1] = '\0'; strcpy(buf, src); 1 --------------------------------- 25018 153294/bufmgr.c Buffer_Overflow_scanf 158 stonesoup_read_taint(&lemonades_phyllostomus,"5622",sledger_fighter); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25019 153294/bufmgr.c Buffer_Overflow_Indexes 156 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25020 153294/bufmgr.c Buffer_Overflow_Indexes 110 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25021 152949/conf_mod.c Buffer_Overflow_Indexes 588 file = getenv("OPENSSL_CONF"); if (file) { return BUF_strdup(file); file = CONF_get1_default_config_file(); if (!file) { if (NCONF_load(conf,file,((void *)0)) <= 0) { CRYPTO_free(file); 0 --------------------------------- 25022 152949/conf_mod.c Buffer_Overflow_Indexes 461 californians_cellarmen = getenv("TRIDUUM_UNREPREHENDED"); if (californians_cellarmen != 0) {; trench_sulfonating . coarb_tridynamous = ((char *)californians_cellarmen); intimate_gadsman(trench_sulfonating); void intimate_gadsman(const struct hungriest_antisplitting detailism_witchingly) locum_babelish = ((char *)((struct hungriest_antisplitting )detailism_witchingly) . coarb_tridynamous); stonesoup_input_len = strlen(locum_babelish); if (stonesoup_input_len < 2) { stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); void stonesoup_get_function(int len, fptr * modulus_function) { if (len > 10) { *modulus_function = stonesoup_modulus_function1; if (len < 10) { *modulus_function = stonesoup_modulus_function2; stonesoup_result = ( *stonesoup_function_ptr)(locum_babelish); 1 --------------------------------- 25023 152949/conf_mod.c Buffer_Overflow_Indexes 135 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25024 2082/strcat-bad2.c Buffer_Overflow_cpycat 25 int main(int argc, char **argv){ if(argc > 2){ userstr = argv[1]; userstr2 = argv[2]; test(userstr,userstr2); void test(char *str, char *str2){ char buf[MAXSIZE] = ""; if(strlen(str) < MAXSIZE) strcpy(buf, str); printf(" strcpy: %s%s%s\n", pre, buf, post); if(strlen(buf) + strlen(str2) <= MAXSIZE) strcat(buf, str2); 1 --------------------------------- 25025 199291/overrun_st_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 25026 153014/error.c Buffer_Overflow_Indexes 72 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25027 153014/error.c Buffer_Overflow_Indexes 203 populares_engloom = getenv("DARKY_ALCESTIS"); if (populares_engloom != 0) {; misposition_pulpily[34] = populares_engloom; aleyrodid_monson[5] = misposition_pulpily; coolin_gesticular = *(aleyrodid_monson + *craniomaxillary_aunthoods); tashnakist_nonmimetically(coolin_gesticular); 0 --------------------------------- 25028 153014/error.c Buffer_Overflow_LowBound 680 void salmonellae_brachycranic(char **quercetum_besa) squushy_admonitory = ((char *)quercetum_besa[34]); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(squushy_admonitory)+1, squushy_admonitory, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, squushy_admonitory, strlen(squushy_admonitory) + 1); 1 --------------------------------- 25029 199253/double_free_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 25030 319/basic-00052-large.c Buffer_Overflow_LowBound 62 char src[4106]; char buf[10]; src[4106 - 1] = '\0'; strncpy(buf, src, index_array[0]); 1 --------------------------------- 25031 152888/mem_dbg.c Buffer_Overflow_Indexes 426 dyeweeds_unadhesive = getenv("MICROCHAETA_INFLUXIVE"); if (dyeweeds_unadhesive != 0) {; entelluses_bethanks . definiens_atterminement = dyeweeds_unadhesive; myofibrillar_galactemia = &entelluses_bethanks; queersome_bashkir = myofibrillar_galactemia + 5; EVITABLE_RENOTICED(queersome_bashkir); void lysins_winemaking(union aquake_calpac *unneath_peagoose) EVITABLE_RENOTICED(queersome_bashkir); 0 --------------------------------- 25032 152888/mem_dbg.c Buffer_Overflow_Indexes 222 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25033 153403/error.c Buffer_Overflow_scanf 122 stonesoup_read_taint(&lingulae_sulfated,"8294",advoyer_pitzer); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25034 153403/error.c Buffer_Overflow_Indexes 74 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25035 153403/error.c Buffer_Overflow_Indexes 120 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25036 153108/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25037 153108/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25038 153108/color.c Buffer_Overflow_Indexes 182 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25039 153108/color.c Buffer_Overflow_Indexes 184 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25040 153108/color.c Buffer_Overflow_Indexes 136 stonesoup_read_taint(&banshees_fastigiately,"DSEE_NGANHWEI"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (banshees_fastigiately != 0) {; sophy_enweave = ((char *)banshees_fastigiately); stonesoup_buffer = malloc((strlen(sophy_enweave) + 1) * sizeof(char )); if (stonesoup_buffer == 0) { strcpy(stonesoup_buffer,sophy_enweave); if (stonesoup_buffer[0] >= 97) { stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); char stonesoup_process_buffer(char *buffer_param) first_char = buffer_param[0] - 97; free(buffer_param); return first_char; if (stonesoup_buffer != 0) { free(stonesoup_buffer); if (banshees_fastigiately != 0) free(((char *)banshees_fastigiately)); 1 --------------------------------- 25041 153108/color.c Buffer_Overflow_Indexes 178 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25042 153108/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25043 153108/color.c Buffer_Overflow_cpycat 354 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25044 153108/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25045 153108/color.c Buffer_Overflow_cpycat 332 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25046 153108/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25047 153108/color.c Buffer_Overflow_cpycat 339 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25048 153108/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25049 153108/color.c Buffer_Overflow_cpycat 353 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25050 153108/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25051 153108/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25052 153108/color.c Buffer_Overflow_cpycat 233 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25053 153108/color.c Buffer_Overflow_cpycat 325 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25054 153108/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25055 153108/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25056 153108/color.c Buffer_Overflow_cpycat 198 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25057 153108/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25058 153108/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25059 153108/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25060 153108/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25061 153108/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25062 153108/color.c Buffer_Overflow_cpycat 579 char *banshees_fastigiately; stonesoup_read_taint(&banshees_fastigiately,"DSEE_NGANHWEI"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); sophy_enweave = ((char *)banshees_fastigiately); stonesoup_buffer = malloc((strlen(sophy_enweave) + 1) * sizeof(char )); strcpy(stonesoup_buffer,sophy_enweave); 0 --------------------------------- 25063 153108/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25064 153108/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25065 153108/color.c Buffer_Overflow_cpycat 206 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25066 153108/color.c Buffer_Overflow_cpycat 374 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25067 149225/use_after_free_@buffer-bad.c Buffer_Overflow_cpycat 23 char *str[1] = {(char *)NULL}; if ((*str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(*str, "Falut!"); 0 --------------------------------- 25068 153480/bss_file.c Buffer_Overflow_Indexes 113 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25069 153480/bss_file.c Buffer_Overflow_fgets 491 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,(bp -> ptr))) { 0 --------------------------------- 25070 153480/bss_file.c Buffer_Overflow_fgets 496 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,((FILE *)(bp -> ptr)))) { 0 --------------------------------- 25071 153480/bss_file.c Buffer_Overflow_LowBound 536 japanization_triformous = getenv("COINFINITE_MONOSOME"); relandscaping_incogitance = japanization_triformous; redisputed_gyratory = &relandscaping_incogitance; yagourundi_nonpendency = redisputed_gyratory + 5; ackton_humphreys(podophyllum_melosa,yagourundi_nonpendency); void ackton_humphreys(int currencies_pickiest,propitiating_phociform *fellahin_gove) stonesoup_data = (char*) malloc(8 * sizeof(char)); cobstone_zostera = ((char *)( *(fellahin_gove - 5))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(cobstone_zostera)+1, cobstone_zostera, "TRIGGER-STATE"); strncpy(stonesoup_data, cobstone_zostera, strlen(cobstone_zostera) + 1); 1 --------------------------------- 25072 1506/Figure4-12-unix.c Buffer_Overflow_cpycat 32 int main(int argc, char *argv[]) first = malloc(666); strcpy(first, argv[1]); 1 --------------------------------- 25073 291/basic-00045-large.c Buffer_Overflow_cpycat 57 char buf[10]; strcpy(buf, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"); 1 --------------------------------- 25074 153314/color.c Buffer_Overflow_Indexes 164 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25075 153314/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25076 153314/color.c Buffer_Overflow_Indexes 170 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25077 153314/color.c Buffer_Overflow_Indexes 168 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25078 153314/color.c Buffer_Overflow_LowBound 598 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 25079 153314/color.c Buffer_Overflow_LowBound 589 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *preoperating_dudevant) char stonesoup_source[1024]; memset(stonesoup_source, 0, 1024); equably_reveling = ((char *)preoperating_dudevant); strncpy(stonesoup_source, equably_reveling, sizeof(stonesoup_source)); 0 --------------------------------- 25080 153314/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25081 153314/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25082 153314/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25083 153314/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25084 153314/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25085 153314/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25086 153314/color.c Buffer_Overflow_cpycat 325 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25087 153314/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25088 153314/color.c Buffer_Overflow_cpycat 199 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25089 153314/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25090 153314/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25091 153314/color.c Buffer_Overflow_cpycat 184 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25092 153314/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25093 153314/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25094 153314/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25095 153314/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25096 153314/color.c Buffer_Overflow_cpycat 192 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25097 153314/color.c Buffer_Overflow_cpycat 332 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25098 153314/color.c Buffer_Overflow_cpycat 206 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25099 153314/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25100 153314/color.c Buffer_Overflow_cpycat 340 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25101 153314/color.c Buffer_Overflow_cpycat 339 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25102 153314/color.c Buffer_Overflow_cpycat 360 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25103 153314/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25104 153816/error.c Buffer_Overflow_Indexes 200 tussy_sdn = getenv("SULFURETTED_NOSOTROPHY"); if (tussy_sdn != 0) {; charkhas_fibrilations[0] = tussy_sdn; prescribed_ricker = &charkhas_fibrilations; proliferated_gonytheca = &prescribed_ricker; plainsmen_overgird = ((char *)( *( *proliferated_gonytheca))[0]); 0 --------------------------------- 25105 153816/error.c Buffer_Overflow_Indexes 72 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25106 153105/portalmem.c Buffer_Overflow_Indexes 99 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); PortalReleaseCachedPlan(portal); PortalDrop(portal,((bool )0)); stonesoup_setup_printf_context(); 0 --------------------------------- 25107 153105/portalmem.c Buffer_Overflow_Indexes 471 contourne_unbragging = getenv("WALLFLOWERS_SLOCK"); if (contourne_unbragging != 0) {; antakya_progress = ((int )(strlen(contourne_unbragging))); wiremen_provisioneress = ((char *)(malloc(antakya_progress + 1))); if (wiremen_provisioneress == 0) { memset(wiremen_provisioneress,0,antakya_progress + 1); memcpy(wiremen_provisioneress,contourne_unbragging,antakya_progress); isopentyl_amphoriloquy = tacitly_ecclesiasticus(wiremen_provisioneress); char *tacitly_ecclesiasticus(char *stagnate_jaddo) return stagnate_jaddo; isopentyl_amphoriloquy = tacitly_ecclesiasticus(wiremen_provisioneress); hydrophobist_thiocarbamyl = ((char *)isopentyl_amphoriloquy); for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen(hydrophobist_thiocarbamyl); ++stonesoup_ss_i) { tracepoint(stonesoup_trace, variable_signed_integral, "((int)STONESOUP_TAINT_SOURCE[stonesoup_ss_i])", ((int)hydrophobist_thiocarbamyl[stonesoup_ss_i]), &(hydrophobist_thiocarbamyl[stonesoup_ss_i]), "TRIGGER-STATE"); hydrophobist_thiocarbamyl[stonesoup_ss_i], stonesoup_stack_buff[(int) hydrophobist_thiocarbamyl[stonesoup_ss_i]]); if (isopentyl_amphoriloquy != 0) free(((char *)isopentyl_amphoriloquy)); 1 --------------------------------- 25108 153105/portalmem.c Buffer_Overflow_Indexes 484 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 1 --------------------------------- 25109 152924/column.c Buffer_Overflow_Indexes 65 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25110 152924/column.c Buffer_Overflow_Indexes 106 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25111 152924/column.c Buffer_Overflow_Indexes 111 stonesoup_read_taint(&pugmiller_chaetangiaceae,"SAYE_TRACHEARIA"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (pugmiller_chaetangiaceae != 0) {; evitable_cantiga . zapu_wiremen = pugmiller_chaetangiaceae; lacerta_uncharactered(evitable_cantiga); void lacerta_uncharactered(const union unsacrament_acetabuliferous alewife_actionizing) if (((union unsacrament_acetabuliferous )alewife_actionizing) . zapu_wiremen != 0) { tweedles_launceiot = ((char *)((union unsacrament_acetabuliferous )alewife_actionizing) . zapu_wiremen); stonesoup_buff_size = strlen(tweedles_launceiot) + 1; stonesoup_size = stonesoup_other_size < stonesoup_buff_size ? stonesoup_other_size : stonesoup_buff_size; for (stonesoup_i = 0; stonesoup_i < stonesoup_size; stonesoup_i++) { stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = tweedles_launceiot[stonesoup_buff_size - stonesoup_i - 1]; for (stonesoup_i = 0; stonesoup_i < stonesoup_buff_size; stonesoup_i++) { stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buff_size", stonesoup_buff_size, &stonesoup_buff_size, "TRIGGER-STATE"); if (((union unsacrament_acetabuliferous )alewife_actionizing) . zapu_wiremen != 0) free(((char *)((union unsacrament_acetabuliferous )alewife_actionizing) . zapu_wiremen)); 1 --------------------------------- 25112 153163/color.c Buffer_Overflow_scanf 140 stonesoup_read_taint(&owlishly_ionospheres,"6156",isolex_sanfo); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25113 153163/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25114 153163/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25115 153163/color.c Buffer_Overflow_Indexes 181 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25116 153163/color.c Buffer_Overflow_Indexes 179 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25117 153163/color.c Buffer_Overflow_Indexes 175 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25118 153163/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25119 153163/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25120 153163/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25121 153163/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25122 153163/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25123 153163/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25124 153163/color.c Buffer_Overflow_cpycat 195 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25125 153163/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25126 153163/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25127 153163/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25128 153163/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25129 153163/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25130 153163/color.c Buffer_Overflow_cpycat 371 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25131 153163/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25132 153163/color.c Buffer_Overflow_cpycat 351 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25133 153163/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25134 153163/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25135 153163/color.c Buffer_Overflow_cpycat 350 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25136 153163/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25137 153163/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25138 153163/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25139 153163/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25140 153163/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25141 153163/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25142 153104/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25143 153104/color.c Buffer_Overflow_Indexes 188 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25144 153104/color.c Buffer_Overflow_Indexes 182 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25145 153104/color.c Buffer_Overflow_Indexes 186 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25146 153104/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25147 153104/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25148 153104/color.c Buffer_Overflow_cpycat 378 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25149 153104/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25150 153104/color.c Buffer_Overflow_cpycat 358 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25151 153104/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25152 153104/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25153 153104/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25154 153104/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25155 153104/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25156 153104/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25157 153104/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25158 153104/color.c Buffer_Overflow_cpycat 357 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25159 153104/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25160 153104/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25161 153104/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25162 153104/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25163 153104/color.c Buffer_Overflow_cpycat 350 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25164 153104/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25165 153104/color.c Buffer_Overflow_cpycat 593 char *sauerkrauts_antisemitism; stonesoup_read_taint(&sauerkrauts_antisemitism,"DENNYSVILLE_PLEASING"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); recorde_iconodulist = ((char *)sauerkrauts_antisemitism); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, recorde_iconodulist); 1 --------------------------------- 25166 153104/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25167 153104/color.c Buffer_Overflow_cpycat 202 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25168 153104/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25169 153104/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25170 153104/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25171 153104/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25172 320/basic-00052-med.c Buffer_Overflow_LowBound 62 char src[18]; char buf[10]; src[18 - 1] = '\0'; index_array[0] = 18; strncpy(buf, src, index_array[0]); 1 --------------------------------- 25173 153011/eng_table.c Buffer_Overflow_scanf 152 stonesoup_read_taint(&quebracho_archpriesthood,"9440",mexico_shellmonger); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25174 153011/eng_table.c Buffer_Overflow_Indexes 150 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25175 153011/eng_table.c Buffer_Overflow_Indexes 104 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25176 153011/eng_table.c Buffer_Overflow_LowBound 347 int mexico_shellmonger = 596; char *quebracho_archpriesthood; stonesoup_read_taint(&quebracho_archpriesthood,"9440",mexico_shellmonger); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); euktolite_yamshik = ((int )(strlen(quebracho_archpriesthood))); repousse_casavant = ((char *)(malloc(euktolite_yamshik + 1))); memset(repousse_casavant,0,euktolite_yamshik + 1); memcpy(repousse_casavant,quebracho_archpriesthood,euktolite_yamshik); gnathonize_riverway(hmm_semitropics,repousse_casavant); void gnathonize_riverway(int orthographize_overdoes,char *garibaldi_unpitifulness) scylla_rachitomy = ((char *)garibaldi_unpitifulness); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(scylla_rachitomy))); strncpy(stonesoup_heap_buff_64, scylla_rachitomy, 64); 0 --------------------------------- 25177 153770/color.c Buffer_Overflow_Indexes 161 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25178 153770/color.c Buffer_Overflow_Indexes 159 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25179 153770/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25180 153770/color.c Buffer_Overflow_Indexes 155 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25181 153770/color.c Buffer_Overflow_cpycat 190 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25182 153770/color.c Buffer_Overflow_cpycat 330 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25183 153770/color.c Buffer_Overflow_cpycat 239 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25184 153770/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25185 153770/color.c Buffer_Overflow_cpycat 253 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25186 153770/color.c Buffer_Overflow_cpycat 323 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25187 153770/color.c Buffer_Overflow_cpycat 281 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25188 153770/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25189 153770/color.c Buffer_Overflow_cpycat 351 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25190 153770/color.c Buffer_Overflow_cpycat 288 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25191 153770/color.c Buffer_Overflow_cpycat 183 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25192 153770/color.c Buffer_Overflow_cpycat 274 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25193 153770/color.c Buffer_Overflow_cpycat 246 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25194 153770/color.c Buffer_Overflow_cpycat 267 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25195 153770/color.c Buffer_Overflow_cpycat 295 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25196 153770/color.c Buffer_Overflow_cpycat 302 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25197 153770/color.c Buffer_Overflow_cpycat 197 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25198 153770/color.c Buffer_Overflow_cpycat 260 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25199 153770/color.c Buffer_Overflow_cpycat 566 bipartisanship_zopilote = getenv("NOS_SCRAIGH"); maladroitly_rifler = ((char *)bipartisanship_zopilote); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, maladroitly_rifler); 1 --------------------------------- 25200 153770/color.c Buffer_Overflow_cpycat 218 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25201 153770/color.c Buffer_Overflow_cpycat 309 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25202 153770/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25203 153770/color.c Buffer_Overflow_cpycat 175 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25204 153770/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25205 153770/color.c Buffer_Overflow_cpycat 316 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25206 153740/color.c Buffer_Overflow_scanf 140 stonesoup_read_taint(&entropies_cierge,"8336",situs_allotropic); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25207 153740/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25208 153740/color.c Buffer_Overflow_Indexes 181 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25209 153740/color.c Buffer_Overflow_Indexes 185 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25210 153740/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25211 153740/color.c Buffer_Overflow_Indexes 187 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25212 153740/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25213 153740/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25214 153740/color.c Buffer_Overflow_cpycat 201 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25215 153740/color.c Buffer_Overflow_cpycat 377 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25216 153740/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25217 153740/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25218 153740/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25219 153740/color.c Buffer_Overflow_cpycat 356 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25220 153740/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25221 153740/color.c Buffer_Overflow_cpycat 328 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25222 153740/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25223 153740/color.c Buffer_Overflow_cpycat 349 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25224 153740/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25225 153740/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25226 153740/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25227 153740/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25228 153740/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25229 153740/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25230 153740/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25231 153740/color.c Buffer_Overflow_cpycat 357 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25232 153740/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25233 153740/color.c Buffer_Overflow_cpycat 244 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25234 153740/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25235 153740/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25236 307/basic-00049-large.c Buffer_Overflow_LowBound 62 char src[4106]; char buf[10]; src[4106 - 1] = '\0'; i = 1026; strncpy(buf, src, (4 * i) + 2); 1 --------------------------------- 25237 153766/tile-swap.c Buffer_Overflow_Indexes 165 stonesoup_read_taint(&mungy_septfoil,"NONPOPULOUSNESS_RHODONITE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (mungy_septfoil != 0) {; assisa_infamiliar = mungy_septfoil; sottage_halesome[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *hellenized_unwithered)))))))))))))))))))))))))))))))))))))))))))))))))] = assisa_infamiliar; poortiths_liking = sottage_halesome[ *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *hellenized_unwithered)))))))))))))))))))))))))))))))))))))))))))))))))]; importunacy_psalmodize(electrifiable_champerator,poortiths_liking); 0 --------------------------------- 25238 153766/tile-swap.c Buffer_Overflow_Indexes 119 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25239 153766/tile-swap.c Buffer_Overflow_Indexes 160 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25240 153766/tile-swap.c Buffer_Overflow_LowBound 752 void importunacy_psalmodize(int zagging_ureterectomies,tophetic_favourableness possess_ungrabbing) char stonesoup_source[1024]; heptanes_tapinocephaly = ((char *)possess_ungrabbing); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, heptanes_tapinocephaly, sizeof(stonesoup_source)); 0 --------------------------------- 25241 153766/tile-swap.c Buffer_Overflow_LowBound 761 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 25242 153162/color.c Buffer_Overflow_Indexes 546 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 1 --------------------------------- 25243 153162/color.c Buffer_Overflow_Indexes 542 myelomatosis_bilbao = getenv("FAILURES_DEHISCES"); if (myelomatosis_bilbao != 0) {; ebcdic_aralu = ((char *)myelomatosis_bilbao); for (stonesoup_i = 0; stonesoup_i < strlen(ebcdic_aralu); ++stonesoup_i) { s ebcdic_aralu[stonesoup_i], stonesoup_data->buffer[(int) ebcdic_aralu[stonesoup_i]]); tracepoint(stonesoup_trace, variable_signed_integral, "((int) STONESOUP_TAINT_SOURCE[stonesoup_i])", ((int) ebcdic_aralu[stonesoup_i]), &(ebcdic_aralu[stonesoup_i]), "TRIGGER-STATE"); void stonesoup_printf(char * format, ...) { 1 --------------------------------- 25244 153162/color.c Buffer_Overflow_Indexes 148 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25245 153162/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25246 153162/color.c Buffer_Overflow_Indexes 152 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25247 153162/color.c Buffer_Overflow_Indexes 154 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25248 153162/color.c Buffer_Overflow_cpycat 190 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25249 153162/color.c Buffer_Overflow_cpycat 246 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25250 153162/color.c Buffer_Overflow_cpycat 323 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25251 153162/color.c Buffer_Overflow_cpycat 218 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25252 153162/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25253 153162/color.c Buffer_Overflow_cpycat 295 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25254 153162/color.c Buffer_Overflow_cpycat 260 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25255 153162/color.c Buffer_Overflow_cpycat 253 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25256 153162/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25257 153162/color.c Buffer_Overflow_cpycat 344 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25258 153162/color.c Buffer_Overflow_cpycat 316 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25259 153162/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25260 153162/color.c Buffer_Overflow_cpycat 309 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25261 153162/color.c Buffer_Overflow_cpycat 168 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25262 153162/color.c Buffer_Overflow_cpycat 183 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25263 153162/color.c Buffer_Overflow_cpycat 281 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25264 153162/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25265 153162/color.c Buffer_Overflow_cpycat 274 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25266 153162/color.c Buffer_Overflow_cpycat 239 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25267 153162/color.c Buffer_Overflow_cpycat 211 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25268 153162/color.c Buffer_Overflow_cpycat 288 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25269 153162/color.c Buffer_Overflow_cpycat 302 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25270 153162/color.c Buffer_Overflow_cpycat 176 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25271 153162/color.c Buffer_Overflow_cpycat 267 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25272 153484/stream.c Buffer_Overflow_Indexes 100 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25273 153484/stream.c Buffer_Overflow_Indexes 505 lesly_nocturnes = getenv("HYOSCINES_TRUMPETRY"); if (lesly_nocturnes != 0) {; lucre_ductibility = lesly_nocturnes; *synop_mangos = lucre_ductibility; 0 --------------------------------- 25274 153484/stream.c Buffer_Overflow_LowBound 545 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 25275 153484/stream.c Buffer_Overflow_LowBound 536 char stonesoup_source[1024]; odonate_bonapartist linon_nola = 0; cucumariidae_haematopus(&linon_nola); intarsia_unprogressively = &linon_nola; desalinator_snapshoot = ((char *)( *intarsia_unprogressively)); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, desalinator_snapshoot, sizeof(stonesoup_source)); 0 --------------------------------- 25276 1297/crackaddr-bad.c Buffer_Overflow_scanf 523 char address[100]; scanf("%99s", address); 0 --------------------------------- 25277 1297/crackaddr-bad.c Buffer_Overflow_cpycat 157 static char test_buf[10]; strcpy(test_buf, "GOOD"); 0 --------------------------------- 25278 153356/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25279 153356/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25280 153356/color.c Buffer_Overflow_Indexes 185 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25281 153356/color.c Buffer_Overflow_Indexes 136 stonesoup_read_taint(&zorilla_agnathic,"ENTOZOOLOGICAL_UNRESTRICTIVE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (zorilla_agnathic != 0) {; sarcosepta_lacet = ((char *)zorilla_agnathic); if (strlen(sarcosepta_lacet) < 20) {; realpath(sarcosepta_lacet, stonesoup_data->base_path); if (zorilla_agnathic != 0) free(((char *)zorilla_agnathic)); 1 --------------------------------- 25282 153356/color.c Buffer_Overflow_Indexes 187 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25283 153356/color.c Buffer_Overflow_Indexes 181 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25284 153356/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25285 153356/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25286 153356/color.c Buffer_Overflow_cpycat 201 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25287 153356/color.c Buffer_Overflow_cpycat 377 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25288 153356/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25289 153356/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25290 153356/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25291 153356/color.c Buffer_Overflow_cpycat 356 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25292 153356/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25293 153356/color.c Buffer_Overflow_cpycat 328 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25294 153356/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25295 153356/color.c Buffer_Overflow_cpycat 349 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25296 153356/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25297 153356/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25298 153356/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25299 153356/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25300 153356/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25301 153356/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25302 153356/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25303 153356/color.c Buffer_Overflow_cpycat 357 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25304 153356/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25305 153356/color.c Buffer_Overflow_cpycat 244 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25306 153356/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25307 153356/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25308 153584/pmsignal.c Buffer_Overflow_scanf 138 stonesoup_read_taint(&substitutes_moire,"3532",aerie_breedbate); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25309 153584/pmsignal.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25310 153584/pmsignal.c Buffer_Overflow_Indexes 136 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25311 153584/pmsignal.c Buffer_Overflow_cpycat 416 void falconries_loured(char *const ambigenal_sphygmoid) fertileness_toscanini(vility_nasiei,ambigenal_sphygmoid); void fertileness_toscanini(int perceivers_scowlful,char *casease_outspokenly) fertileness_toscanini(perceivers_scowlful,casease_outspokenly); puture_saccorhiza = ((char *)((char *)casease_outspokenly)); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, puture_saccorhiza); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data.buffer); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, puture_saccorhiza); 1 --------------------------------- 25312 153533/dirent_uri.c Buffer_Overflow_Indexes 72 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25313 153533/dirent_uri.c Buffer_Overflow_LowBound 169 atef_kodurite = getenv("SILKMEN_OVEREMPIRICALLY"); thesmothetes_milyukov = atef_kodurite; audiovisual_enhydris[ *( *nefandousness_belonging)] = thesmothetes_milyukov; stomatodynia_vandyke = audiovisual_enhydris[ *( *nefandousness_belonging)]; repegged_woodfish = ((char *)stomatodynia_vandyke); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(repegged_woodfish)+1, repegged_woodfish, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, repegged_woodfish, strlen(repegged_woodfish) + 1); 1 --------------------------------- 25314 153775/color.c Buffer_Overflow_scanf 140 stonesoup_read_taint(&belate_sifflement,"1455",immodulated_tripleback); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25315 153775/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25316 153775/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25317 153775/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25318 153775/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25319 153775/color.c Buffer_Overflow_Indexes 177 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25320 153775/color.c Buffer_Overflow_LowBound 580 char stonesoup_buffer[8]; int immodulated_tripleback = 1024; char *belate_sifflement; stonesoup_read_taint(&belate_sifflement,"1455",immodulated_tripleback); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); chitosan_cairene = ((char *)belate_sifflement); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(chitosan_cairene)+1, chitosan_cairene, "TRIGGER-STATE"); strncpy(stonesoup_buffer,chitosan_cairene,strlen(chitosan_cairene) + 1); 1 --------------------------------- 25321 153775/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25322 153775/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25323 153775/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25324 153775/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25325 153775/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25326 153775/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25327 153775/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25328 153775/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25329 153775/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25330 153775/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25331 153775/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25332 153775/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25333 153775/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25334 153775/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25335 153775/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25336 153775/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25337 153775/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25338 153775/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25339 153775/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25340 153775/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25341 153775/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25342 153775/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25343 153775/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25344 153775/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25345 153638/oids.c Buffer_Overflow_scanf 142 stonesoup_read_taint(&splenectomy_firebaugh,"3930",politest_deathfulness); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25346 153638/oids.c Buffer_Overflow_Indexes 175 char *debug_env = getenv("WIRESHARK_DEBUG_MIBS"); debuglevel = ((debug_env?strtoul(debug_env,((void *)0),10) : 0)); 0 --------------------------------- 25347 153638/oids.c Buffer_Overflow_Indexes 140 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25348 153638/oids.c Buffer_Overflow_Indexes 94 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25349 153638/oids.c Buffer_Overflow_LowBound 1388 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 25350 153638/oids.c Buffer_Overflow_LowBound 987 int politest_deathfulness = 91; char *splenectomy_firebaugh; stonesoup_read_taint(&splenectomy_firebaugh,"3930",politest_deathfulness); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); papery_overskim = splenectomy_firebaugh; belvidere_sidonia[ *( *( *( *( *( *( *( *( *( *friendsville_mydriatine)))))))))] = papery_overskim; tallaged_proegumenal = belvidere_sidonia[ *( *( *( *( *( *( *( *( *( *friendsville_mydriatine)))))))))]; rebutment_salema(jeffersontown_kingdomless,tallaged_proegumenal); void rebutment_salema(int slushiest_callo,snippier_leering dryden_twifoldly) char stonesoup_source[1024]; memset(stonesoup_source, 0, 1024); untouching_untranquilize = ((char *)dryden_twifoldly); strncpy(stonesoup_source, untouching_untranquilize, sizeof(stonesoup_source)); 0 --------------------------------- 25351 153752/heapam.c Buffer_Overflow_Indexes 108 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25352 153752/heapam.c Buffer_Overflow_Indexes 149 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25353 153752/heapam.c Buffer_Overflow_Indexes 154 stonesoup_read_taint(&crackup_armond,"STANNARY_DREXEL"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (crackup_armond != 0) {; epilated_fconvert . berake_pomme = ((char *)crackup_armond); staminigerous_depthless[ *sheepcrook_babson] = epilated_fconvert; oafish_fermented = staminigerous_depthless[ *sheepcrook_babson]; arsis_antitonic(derision_tinman,oafish_fermented); 0 --------------------------------- 25354 153752/heapam.c Buffer_Overflow_LowBound 5273 char stonesoup_buff[64]; char stonesoup_source[1024]; memset(stonesoup_buff, 65, 64); stonesoup_buff[63] = '\0'; memset(stonesoup_source,0,1024); if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { memset(stonesoup_source,0,1024); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 25355 153752/heapam.c Buffer_Overflow_LowBound 5264 struct wooer_grosz epilated_fconvert; char *crackup_armond; stonesoup_read_taint(&crackup_armond,"STANNARY_DREXEL"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (crackup_armond != 0) {; epilated_fconvert . berake_pomme = ((char *)crackup_armond); staminigerous_depthless[ *sheepcrook_babson] = epilated_fconvert; oafish_fermented = staminigerous_depthless[ *sheepcrook_babson]; arsis_antitonic(derision_tinman,oafish_fermented); void arsis_antitonic(int unperturbing_monads,struct wooer_grosz joycean_andrus) overcare_patrizate = ((char *)joycean_andrus . berake_pomme); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,overcare_patrizate,sizeof(stonesoup_source)); 0 --------------------------------- 25356 153101/resowner.c Buffer_Overflow_Indexes 139 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25357 153101/resowner.c Buffer_Overflow_Indexes 689 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 1 --------------------------------- 25358 153101/resowner.c Buffer_Overflow_Indexes 666 neatherd_mesomorph = getenv("SPHERULA_STOMATOTOMIES"); if (neatherd_mesomorph != 0) {; humbugs_locofocos = ((int )(strlen(neatherd_mesomorph))); strictish_wormship = ((char *)(malloc(humbugs_locofocos + 1))); if (strictish_wormship == 0) { memset(strictish_wormship,0,humbugs_locofocos + 1); memcpy(strictish_wormship,neatherd_mesomorph,humbugs_locofocos); innocent_instantiations = &strictish_wormship; thessa_gryllotalpa = innocent_instantiations + 5; underbury_selaginella = ((char *)( *(thessa_gryllotalpa - 5))); tracepoint(stonesoup_trace, variable_buffer, "STONESOUP_TAINT_SOURCE", underbury_selaginella, "INITIAL-STATE"); for (stonesoup_i = 0; stonesoup_i < strlen(underbury_selaginella); ++stonesoup_i) { s underbury_selaginella[stonesoup_i], stonesoup_data.buffer[(int) underbury_selaginella[stonesoup_i]]); tracepoint(stonesoup_trace, variable_signed_integral, "((int) STONESOUP_TAINT_SOURCE[stonesoup_i])", ((int) underbury_selaginella[stonesoup_i]), &(underbury_selaginella[stonesoup_i]), "TRIGGER-STATE"); if ( *(thessa_gryllotalpa - 5) != 0) free(((char *)( *(thessa_gryllotalpa - 5)))); 1 --------------------------------- 25359 153137/emem.c Buffer_Overflow_Indexes 334 se_packet_mem . debug_verify_pointers = getenv("WIRESHARK_SE_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { mem -> memory_alloc = emem_alloc_chunk; mem -> memory_alloc = emem_alloc_glib; 0 --------------------------------- 25360 153137/emem.c Buffer_Overflow_Indexes 333 se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { mem -> memory_alloc = emem_alloc_chunk; mem -> memory_alloc = emem_alloc_glib; 0 --------------------------------- 25361 153137/emem.c Buffer_Overflow_Indexes 213 stonesoup_read_taint(&fittipaldi_arcaded,"MIMICKER_CUNNINGHAMIA"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (fittipaldi_arcaded != 0) {; costocentral_salvoes = ((void *)fittipaldi_arcaded); begift_hydatogenic = gnomonic_sandbin(costocentral_salvoes); oilskins_pinacle = ((char *)((char *)begift_hydatogenic)); stonesoup_buff_size = ((int )(strlen(oilskins_pinacle))); strncpy(stonesoup_heap_buff_64, oilskins_pinacle, 64); for (; stonesoup_ss_i < stonesoup_buff_size; ++stonesoup_ss_i){ stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); if (((char *)begift_hydatogenic) != 0) free(((char *)((char *)begift_hydatogenic))); 1 --------------------------------- 25362 153137/emem.c Buffer_Overflow_Indexes 317 ep_packet_mem . debug_verify_pointers = getenv("WIRESHARK_EP_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { mem -> memory_alloc = emem_alloc_chunk; mem -> memory_alloc = emem_alloc_glib; 0 --------------------------------- 25363 153137/emem.c Buffer_Overflow_Indexes 208 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25364 153137/emem.c Buffer_Overflow_Indexes 167 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25365 153137/emem.c Buffer_Overflow_Indexes 332 se_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_SE_NO_CHUNKS") == ((void *)0); se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { mem -> memory_alloc = emem_alloc_chunk; mem -> memory_alloc = emem_alloc_glib; 0 --------------------------------- 25366 153137/emem.c Buffer_Overflow_Indexes 316 ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { mem -> memory_alloc = emem_alloc_chunk; mem -> memory_alloc = emem_alloc_glib; 0 --------------------------------- 25367 153137/emem.c Buffer_Overflow_Indexes 315 ep_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_EP_NO_CHUNKS") == ((void *)0); ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { mem -> memory_alloc = emem_alloc_chunk; mem -> memory_alloc = emem_alloc_glib; 0 --------------------------------- 25368 153137/emem.c Buffer_Overflow_LowBound 1161 char *fittipaldi_arcaded;; stonesoup_read_taint(&fittipaldi_arcaded,"MIMICKER_CUNNINGHAMIA"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); costocentral_salvoes = ((void *)fittipaldi_arcaded); begift_hydatogenic = gnomonic_sandbin(costocentral_salvoes); oilskins_pinacle = ((char *)((char *)begift_hydatogenic)); stonesoup_heap_buff_64 = (char*) malloc(64 * sizeof(char)); if (stonesoup_heap_buff_64 != NULL) { memset(stonesoup_heap_buff_64,'A',63); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, oilskins_pinacle, 64); 0 --------------------------------- 25369 153307/color.c Buffer_Overflow_Indexes 165 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25370 153307/color.c Buffer_Overflow_Indexes 167 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25371 153307/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25372 153307/color.c Buffer_Overflow_Indexes 161 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25373 153307/color.c Buffer_Overflow_LowBound 582 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); void stonesoup_handle_taint(char *garote_beauing) char stonesoup_source[1024]; loculose_apism = ((char *)garote_beauing); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,loculose_apism,sizeof(stonesoup_source)); 0 --------------------------------- 25374 153307/color.c Buffer_Overflow_LowBound 591 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 25375 153307/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25376 153307/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25377 153307/color.c Buffer_Overflow_cpycat 336 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25378 153307/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25379 153307/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25380 153307/color.c Buffer_Overflow_cpycat 357 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25381 153307/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25382 153307/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25383 153307/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25384 153307/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25385 153307/color.c Buffer_Overflow_cpycat 181 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25386 153307/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25387 153307/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25388 153307/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25389 153307/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25390 153307/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25391 153307/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25392 153307/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25393 153307/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25394 153307/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25395 153307/color.c Buffer_Overflow_cpycat 337 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25396 153307/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25397 153307/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25398 153307/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25399 152921/color.c Buffer_Overflow_scanf 143 arided_devotionalist = getenv("MADEGASSY_DEVOTIONALITY"); tylosoid_keeve = ((char *)arided_devotionalist); stonesoup_fp = stonesoup_switch_func(tylosoid_keeve); stonesoup_fct_ptr stonesoup_switch_func(char *param) stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 25400 152921/color.c Buffer_Overflow_Indexes 165 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25401 152921/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25402 152921/color.c Buffer_Overflow_Indexes 167 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25403 152921/color.c Buffer_Overflow_Indexes 553 arided_devotionalist = getenv("MADEGASSY_DEVOTIONALITY"); if (arided_devotionalist != 0) {; tylosoid_keeve = ((char *)arided_devotionalist); stonesoup_fp = stonesoup_switch_func(tylosoid_keeve); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; if (var_len == 0) { else if (var_len == 1) { sscanf(param,"%p",&fct_ptr_addr); return fct_ptr_addr; stonesoup_fp = stonesoup_switch_func(tylosoid_keeve); tracepoint(stonesoup_trace, variable_address, "stonesoup_fp", stonesoup_fp, "TRIGGER-STATE"); stonesoup_cmp_flag = ( *stonesoup_fp)(stonesoup_rand_word,tylosoid_keeve); 1 --------------------------------- 25404 152921/color.c Buffer_Overflow_Indexes 161 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25405 152921/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25406 152921/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25407 152921/color.c Buffer_Overflow_cpycat 336 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25408 152921/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25409 152921/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25410 152921/color.c Buffer_Overflow_cpycat 357 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25411 152921/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25412 152921/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25413 152921/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25414 152921/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25415 152921/color.c Buffer_Overflow_cpycat 181 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25416 152921/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25417 152921/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25418 152921/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25419 152921/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25420 152921/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25421 152921/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25422 152921/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25423 152921/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25424 152921/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25425 152921/color.c Buffer_Overflow_cpycat 337 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25426 152921/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25427 152921/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25428 152921/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25429 153085/oids.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 25430 153085/oids.c Buffer_Overflow_Indexes 149 char *debug_env = getenv("WIRESHARK_DEBUG_MIBS"); debuglevel = ((debug_env?strtoul(debug_env,((void *)0),10) : 0)); 0 --------------------------------- 25431 153085/oids.c Buffer_Overflow_Indexes 1304 ambulatory_palaeonemertea = getenv("PORTAGE_HIPMI"); if (ambulatory_palaeonemertea != 0) {; ldp_sinuosely = ((int )(strlen(ambulatory_palaeonemertea))); extratabular_vamp = ((char *)(malloc(ldp_sinuosely + 1))); if (extratabular_vamp == 0) { memset(extratabular_vamp,0,ldp_sinuosely + 1); memcpy(extratabular_vamp,ambulatory_palaeonemertea,ldp_sinuosely); *peptizable_indomitable = extratabular_vamp; 0 --------------------------------- 25432 153459/file_wrappers.c Buffer_Overflow_Indexes 1724 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 1 --------------------------------- 25433 153459/file_wrappers.c Buffer_Overflow_Indexes 136 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25434 153543/bio_err.c Buffer_Overflow_scanf 135 stonesoup_read_taint(&bics_hektograph,"4362",disinterring_hewitt); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25435 153543/bio_err.c Buffer_Overflow_Indexes 133 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25436 153543/bio_err.c Buffer_Overflow_Indexes 87 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25437 153543/bio_err.c Buffer_Overflow_LowBound 217 void *bemadams_depressants = 0; jumart_nonsupporting(&bemadams_depressants); dermas_vassalism = &bemadams_depressants; wherefore_chromite = dermas_vassalism + 5; oursels_prothallic = ((char *)((char *)( *(wherefore_chromite - 5)))); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(oursels_prothallic)+1, oursels_prothallic, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, oursels_prothallic, strlen(oursels_prothallic) + 1); 1 --------------------------------- 25438 153366/conf_mod.c Buffer_Overflow_Indexes 572 file = getenv("OPENSSL_CONF"); if (file) { return BUF_strdup(file); file = CONF_get1_default_config_file(); if (!file) { if (NCONF_load(conf,file,((void *)0)) <= 0) { CRYPTO_free(file); 0 --------------------------------- 25439 153366/conf_mod.c Buffer_Overflow_Indexes 172 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25440 1493/Figure2-9-windows.cpp Buffer_Overflow_Indexes 25 gets(Password); if (!strcmp(Password, "goodpass")) 1 --------------------------------- 25441 199275/invalid_memory_access.c Buffer_Overflow_cpycat 210 char **ptr = (char**) malloc(5*sizeof(char*)); ptr[i]=(char*) malloc(15*sizeof(char)); ptr[i] = NULL; free(ptr); strcpy(*(ptr+2),"String"); 1 --------------------------------- 25442 199275/invalid_memory_access.c Buffer_Overflow_cpycat 205 char **ptr = (char**) malloc(5*sizeof(char*)); ptr[i]=(char*) malloc(15*sizeof(char)); for(i=0;i<5;i++) ptr[i] = NULL; strcpy(*(ptr+i),"String"); 1 --------------------------------- 25443 199275/invalid_memory_access.c Buffer_Overflow_cpycat 611 invalid_memory_access_017_doubleptr_gbl=(char*) malloc(10*sizeof(char)); strcpy(invalid_memory_access_017_doubleptr_gbl,"TEST"); 0 --------------------------------- 25444 199275/invalid_memory_access.c Buffer_Overflow_cpycat 102 buf = (char *) malloc (25 * sizeof(char)); strcpy(buf,"This is String"); free(buf); strcpy(buf,"This is String"); 0 --------------------------------- 25445 199275/invalid_memory_access.c Buffer_Overflow_cpycat 568 char s[10] ; strcpy(s,invalid_memory_access_016_doubleptr_gbl[0]); 1 --------------------------------- 25446 199275/invalid_memory_access.c Buffer_Overflow_cpycat 622 invalid_memory_access_017_doubleptr_gbl=(char*) malloc(10*sizeof(char)); strcpy(invalid_memory_access_017_doubleptr_gbl,"TEST"); free(invalid_memory_access_017_doubleptr_gbl); char s[10] ; invalid_memory_access_017_func_002(); if(invalid_memory_access_017_func_001(flag) == 0) invalid_memory_access_017_func_003(); if(invalid_memory_access_017_func_001(flag) == 0) invalid_memory_access_017_func_004(); strcpy(s,invalid_memory_access_017_doubleptr_gbl); 1 --------------------------------- 25447 153759/hashfn.c Buffer_Overflow_scanf 96 yardgrass_gumweeds = getenv("ORDINARINESS_SEAMLET"); pondside_refrigeratory[38] = yardgrass_gumweeds; antal_secchi = pondside_refrigeratory; preentitled_doglegged(antal_secchi); void preentitled_doglegged(char **recharter_zenobia) calles_splinterize = ((char *)recharter_zenobia[38]); stonesoup_fp = stonesoup_switch_func(calles_splinterize); stonesoup_fct_ptr stonesoup_switch_func(char *param) stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 25448 153759/hashfn.c Buffer_Overflow_Indexes 42 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25449 153759/hashfn.c Buffer_Overflow_Indexes 135 yardgrass_gumweeds = getenv("ORDINARINESS_SEAMLET"); if (yardgrass_gumweeds != 0) {; pondside_refrigeratory[38] = yardgrass_gumweeds; antal_secchi = pondside_refrigeratory; preentitled_doglegged(antal_secchi); void preentitled_doglegged(char **recharter_zenobia) calles_splinterize = ((char *)recharter_zenobia[38]); stonesoup_fp = stonesoup_switch_func(calles_splinterize); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; if (var_len == 0) { else if (var_len == 1) { sscanf(param,"%p",&fct_ptr_addr); return fct_ptr_addr; stonesoup_fp = stonesoup_switch_func(calles_splinterize); tracepoint(stonesoup_trace, variable_address, "stonesoup_fp", stonesoup_fp, "TRIGGER-STATE"); stonesoup_cmp_flag = ( *stonesoup_fp)(stonesoup_rand_word,calles_splinterize); 1 --------------------------------- 25450 153569/column-utils.c Buffer_Overflow_Indexes 97 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25451 153569/column-utils.c Buffer_Overflow_LowBound 2166 char *unlibidinously_osmolal = 0; stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(unlibidinously_osmolal)+1, unlibidinously_osmolal, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, unlibidinously_osmolal, strlen(unlibidinously_osmolal) + 1); 1 --------------------------------- 25452 153264/types.c Buffer_Overflow_Indexes 44 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25453 153264/types.c Buffer_Overflow_Indexes 85 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25454 153264/types.c Buffer_Overflow_Indexes 90 stonesoup_read_taint(&mamaroneck_agnominal,"AYS_MOTE"); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); if (mamaroneck_agnominal != 0) {; sthenias_subcompact[5] = mamaroneck_agnominal; nobut_insurrectory = *(sthenias_subcompact + *uncensorable_empyrean); GLANDES_STHENIAS(nobut_insurrectory); void sallee_semidecussation(char *contaminates_unfenestral) colyumist_idiotised = ((char *)contaminates_unfenestral); if (strlen(colyumist_idiotised) < 20) {; realpath(colyumist_idiotised, stonesoup_data->base_path); if (contaminates_unfenestral != 0) free(((char *)contaminates_unfenestral)); 1 --------------------------------- 25455 152986/bio_err.c Buffer_Overflow_Indexes 152 tetrapturus_rondellier = getenv("ADRENERGIC_WULLAWINS"); if (tetrapturus_rondellier != 0) {; swisser_polska . hydropneumatic_integration = ((char *)tetrapturus_rondellier); jamshyd_tind = cistae_staver(swisser_polska); 0 --------------------------------- 25456 152986/bio_err.c Buffer_Overflow_Indexes 93 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25457 153731/img2.c Buffer_Overflow_Indexes 80 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25458 153731/img2.c Buffer_Overflow_LowBound 160 char **disbrain_unhandled = 0; redskins_jarnut = ((char *)disbrain_unhandled[39]); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(redskins_jarnut)+1, redskins_jarnut, "TRIGGER-STATE"); strncpy(stonesoup_data, redskins_jarnut, strlen(redskins_jarnut) + 1); 1 --------------------------------- 25459 152907/mutex.c Buffer_Overflow_Indexes 39 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); 0 --------------------------------- 25460 152907/mutex.c Buffer_Overflow_LowBound 181 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 25461 152907/mutex.c Buffer_Overflow_LowBound 172 quadruplicating_pictores = getenv("BACCALAUREATES_OUTFFED"); donnelly_unvaulted = quadruplicating_pictores; coadunating_jussives[5] = donnelly_unvaulted; philobiblic_flybelts[1] = 5; entry_hermitages = *(coadunating_jussives + philobiblic_flybelts[1]); khir_shellans(zelazny_babar,entry_hermitages); char stonesoup_source[1024]; khir_shellans(spermatin_codfisheries,daimonology_diores); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, praetorian_unapprisedness, sizeof(stonesoup_source)); void khir_shellans(int spermatin_codfisheries,puschkinia_alternamente daimonology_diores) praetorian_unapprisedness = ((char *)daimonology_diores); strncpy(stonesoup_source, praetorian_unapprisedness, sizeof(stonesoup_source)); 0 --------------------------------- 25462 153279/dynahash.c Buffer_Overflow_Indexes 277 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25463 153279/dynahash.c Buffer_Overflow_cpycat 374 HTAB *hash_create(const char *tabname,long nelem,HASHCTL *info,int flags) CurrentDynaHashCxt = AllocSetContextCreate(CurrentDynaHashCxt,tabname,0,(8 * 1024),(8 * 1024 * 1024)); hashp = ((HTAB *)(DynaHashAlloc(sizeof(HTAB ) + strlen(tabname) + 1))); hashp -> tabname = ((char *)(hashp + 1)); strcpy(hashp -> tabname,tabname); 0 --------------------------------- 25464 153005/ffmpeg.c Buffer_Overflow_scanf 2601 int debug = 0; if (scanf("%d",&debug) != 1) { 0 --------------------------------- 25465 153005/ffmpeg.c Buffer_Overflow_scanf 2570 char target[64]; char command[256]; char arg[256] = {(0)}; double time; buf[i] = 0; if (k > 0 && (n = sscanf(buf,"%63[^ ] %lf %255[^ ] %255[^\n]",target,&time,command,arg)) >= 3) { 0 --------------------------------- 25466 153005/ffmpeg.c Buffer_Overflow_Indexes 2601 if (scanf("%d",&debug) != 1) { 0 --------------------------------- 25467 153005/ffmpeg.c Buffer_Overflow_Indexes 200 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25468 153005/ffmpeg.c Buffer_Overflow_LowBound 2298 return input_streams[ost -> source_index]; int n = 1; int64_t *pts; size = n; pts = (av_malloc(sizeof(( *pts)) * size)); char *next = strchr(p,','); *(next++) = 0; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { AVChapter *c = avf -> chapters[j]; pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost -> forced_kf_pts = pts; input_streams[j + ifile -> ist_index] -> start = av_gettime(); ost = output_streams[i]; ist = get_input_stream(ost); return ((void *)0); for (i = 0; i < nb_output_streams; i++) { ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); ost -> encoding_needed = 1; ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); ost -> frame_rate = ist -> framerate; int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); codec -> time_base = av_inv_q(ost -> frame_rate); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); if (!strncmp((ost -> forced_keyframes),"expr:",5)) { parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); char logfilename[1024]; snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) p = kf; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { qsort(pts,size,sizeof(( *pts)),compare_int64); ost -> forced_kf_pts = pts; parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); fg = init_simple_filtergraph(ist,ost); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); 0 --------------------------------- 25469 153005/ffmpeg.c Buffer_Overflow_LowBound 1237 ost -> finished = 1; double error_sum = 0; p = psnr(error_sum / scale_sum); if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); static void close_output_stream(OutputStream *ost) static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double scale_sum = 0; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error_sum += error; scale_sum += scale; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); output_streams[i] -> unavailable = 0; reset_eagain(); if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); 0 --------------------------------- 25470 153005/ffmpeg.c Buffer_Overflow_LowBound 1280 double duration = 0; delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = 0; nb_frames = (lrintf(delta)); nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { close_output_stream(ost); double duration = 0; duration = 1 / (av_q2d(ost -> frame_rate) * av_q2d(enc -> time_base)); sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = (lrintf(delta)); nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { nb_frames = 1; nb_frames = 0; nb_frames = (lrintf(delta)); nb_frames = 0; nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_drop++; nb_frames_drop++; nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { if (!ost -> filtered_frame && !(ost -> filtered_frame = avcodec_alloc_frame())) { avcodec_get_frame_defaults(ost -> filtered_frame); filtered_frame = ost -> filtered_frame; avfilter_copy_buf_props(filtered_frame,picref); do_video_out(of -> ctx,ost,filtered_frame); int64_t pts = - 9223372036854775807L - 1; static int qp_histogram['4']; total_size = avio_size(oc -> pb); total_size = avio_tell(oc -> pb); buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); bitrate = (pts && total_size >= 0?(total_size * 8) / (pts / 1000.0) : (- 1)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); av_bprintf(&buf_script,"dup_frames=%d\n",nb_frames_dup); av_bprintf(&buf_script,"drop_frames=%d\n",nb_frames_drop); return reap_filters(); ret = reap_filters(); if ((ret = transcode_from_filter(ost -> filter -> graph,&ist)) < 0) { return reap_filters(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static void do_video_out(AVFormatContext *s,OutputStream *ost,AVFrame *in_picture) sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = (lrintf(delta)); nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; do_video_out(of -> ctx,ost,filtered_frame); return reap_filters(); ret = transcode_step(); print_report(0,timer_start,cur_time); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); 0 --------------------------------- 25471 153005/ffmpeg.c Buffer_Overflow_LowBound 1197 ost -> finished = 1; close_output_stream(output_streams[of -> ost_index + j]); output_streams[i] -> unavailable = 0; reset_eagain(); timer_start = av_gettime(); int64_t cur_time = av_gettime(); if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); if (check_keyboard_interaction(cur_time) < 0) { if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static int check_keyboard_interaction(int64_t cur_time) print_report(0,timer_start,cur_time); static void print_report(int is_last_report,int64_t timer_start,int64_t cur_time) float t = ((cur_time - timer_start) / 1000000.0); fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static void close_output_stream(OutputStream *ost) if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); 0 --------------------------------- 25472 153005/ffmpeg.c Buffer_Overflow_LowBound 1241 static double psnr(double d) return - 10.0 * log(d) / log(10.0); error_sum += error; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; reset_eagain(); sub2video_heartbeat(ist,pkt . pts); ret = output_packet(ist,(&pkt)); reset_eagain(); ret = process_input(ist -> file_index); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); static void close_output_stream(OutputStream *ost) ost -> finished = 1; q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; error_sum += error; scale_sum += scale; p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); 0 --------------------------------- 25473 153005/ffmpeg.c Buffer_Overflow_LowBound 1917 static int init_input_stream(int ist_index,char *error,int error_len) InputStream *ist = input_streams[ist_index]; snprintf(error,error_len,"Decoder (codec %s) not found for input stream #%d:%d",avcodec_get_name(ist -> st -> codec -> codec_id),ist -> file_index,ist -> st -> index); 0 --------------------------------- 25474 153005/ffmpeg.c Buffer_Overflow_LowBound 1259 output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); 0 --------------------------------- 25475 153005/ffmpeg.c Buffer_Overflow_LowBound 2200 static InputStream *get_input_stream(OutputStream *ost) char error[1024]; ost = output_streams[i]; ist = get_input_stream(ost); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; ost -> enc = avcodec_find_encoder(codec -> codec_id); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); if (!strcmp(ost -> enc -> name,"libx264")) { ist = get_input_stream(ost); 0 --------------------------------- 25476 153005/ffmpeg.c Buffer_Overflow_LowBound 1221 ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); char type[3] = {('Y'), ('U'), ('V')}; error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); 0 --------------------------------- 25477 153005/ffmpeg.c Buffer_Overflow_LowBound 1264 int64_t pts = - 9223372036854775807L - 1; secs = (pts / 1000000); us = (pts % 1000000); mins = secs / 60; secs %= 60; hours = mins / 60; mins %= 60; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); 0 --------------------------------- 25478 153005/ffmpeg.c Buffer_Overflow_LowBound 2350 char error[1024]; ost -> st -> disposition = ist -> st -> disposition; ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; if (!strcmp(ost -> enc -> name,"libx264")) { if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); av_buffersink_set_frame_size(ost -> filter -> filter,(ost -> st -> codec -> frame_size)); if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); 0 --------------------------------- 25479 153005/ffmpeg.c Buffer_Overflow_cpycat 3249 struct hebr_toddite circumambiency_billiards = {0}; va_list archegone_mosel; __builtin_va_start(archegone_mosel,adamski_alcanna); circumambiency_billiards = (va_arg(archegone_mosel,struct hebr_toddite )); feedwater_impersonates = ((char *)circumambiency_billiards . daybeam_cantillation); stonesoup_buffer = malloc((strlen(feedwater_impersonates) + 1) * sizeof(char )); strcpy(stonesoup_buffer,feedwater_impersonates); 0 --------------------------------- 25480 153286/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25481 153286/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25482 153405/main_filter_toolbar.c Buffer_Overflow_Indexes 81 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&jaguarondi_pseudolarix,"SCRUNCHING_KLEPHTISM"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 25483 153405/main_filter_toolbar.c Buffer_Overflow_Indexes 122 strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || 0 --------------------------------- 25484 153405/main_filter_toolbar.c Buffer_Overflow_Indexes 127 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&jaguarondi_pseudolarix,"SCRUNCHING_KLEPHTISM"); if (jaguarondi_pseudolarix != 0) {; photomurals_welf = ((int )(strlen(jaguarondi_pseudolarix))); grillage_communized = ((char *)(malloc(photomurals_welf + 1))); if (grillage_communized == 0) { memset(grillage_communized,0,photomurals_welf + 1); memcpy(grillage_communized,jaguarondi_pseudolarix,photomurals_welf); if (jaguarondi_pseudolarix != 0) free(((char *)jaguarondi_pseudolarix)); grs_shortfall[ *( *palaeogene_lub)] = grillage_communized; opalotype_preadolescents = grs_shortfall[ *( *palaeogene_lub)]; respiring_arcos(harmfulness_glimmerite,opalotype_preadolescents); void respiring_arcos(int papicolar_ribband,char *presspack_scribblemania); 0 --------------------------------- 25485 153602/img2.c Buffer_Overflow_Indexes 105 urinoscopy_papulan = getenv("VIOLATER_PAPISTICAL"); if (urinoscopy_papulan != 0) {; muscularities_balistraria[7] = urinoscopy_papulan; unirritableness_furrily[5] = muscularities_balistraria; droopiness_chiniks = *(unirritableness_furrily + tswanas_orthopyramid[1]); usherian_fontinas = ((char *)droopiness_chiniks[7]); if (strlen(usherian_fontinas) < 20) { realpath(usherian_fontinas,stonesoup_base_path); 0 --------------------------------- 25486 153602/img2.c Buffer_Overflow_Indexes 42 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_base_path[stonesoup_oc_i] = stonesoup_toupper(stonesoup_base_path[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_base_path); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25487 153169/e_bf.c Buffer_Overflow_Indexes 91 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25488 153169/e_bf.c Buffer_Overflow_Indexes 216 thomasite_siruelas = getenv("GRANDNEPHEWS_OUTBEGGED"); if (thomasite_siruelas != 0) {; statolithic_subscript . cowpoke_snogs = ((char *)thomasite_siruelas); unkindlily_dimberdamber = &statolithic_subscript; 0 --------------------------------- 25489 153474/e_bf.c Buffer_Overflow_scanf 132 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&unhomologized_inwork,"5097",acapulco_verisimility); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25490 153474/e_bf.c Buffer_Overflow_Indexes 84 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&unhomologized_inwork,"5097",acapulco_verisimility); assentingly_unexaminable(trachiniae_glaciates,shivered_semipalmation); assentingly_unexaminable(unmaddened_chronons,unctious_bination); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25491 153474/e_bf.c Buffer_Overflow_Indexes 130 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25492 153728/main_filter_toolbar.c Buffer_Overflow_Indexes 118 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25493 153728/main_filter_toolbar.c Buffer_Overflow_LowBound 429 void stonesoup_handle_taint(char *intendit_trullisatios) owenist_cinereal(intendit_trullisatios); void owenist_cinereal(char *const unhitching_bundweed) schmuck_impeded = ((char *)((char *)unhitching_bundweed)); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(schmuck_impeded)+1, schmuck_impeded, "TRIGGER-STATE"); strncpy(stonesoup_data, schmuck_impeded, strlen(schmuck_impeded) + 1); 1 --------------------------------- 25494 199289/null_pointer_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==31 || vflag_file == 888) 0 --------------------------------- 25495 149063/fmt5-bad.c Buffer_Overflow_Indexes 37 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; if(userstr[0] == '!') test("<%s>", userstr); test("[%s]", userstr); test(char *fmt, char *str) printf(str, fmt); 1 --------------------------------- 25496 153825/stream.c Buffer_Overflow_scanf 149 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&ageism_pallion,"2000",preformed_puerperant); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25497 153825/stream.c Buffer_Overflow_Indexes 147 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25498 153825/stream.c Buffer_Overflow_Indexes 101 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&ageism_pallion,"2000",preformed_puerperant); PANDEMIC_PAPULAE(uninfallible_overassertion); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25499 153232/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25500 153232/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25501 153421/color.c Buffer_Overflow_Indexes 198 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25502 153421/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25503 153421/color.c Buffer_Overflow_Indexes 196 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25504 153421/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&deathtrap_vail,"EPOPEE_UNTASTILY"); stonesoup_printf("String is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("String is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25505 153421/color.c Buffer_Overflow_Indexes 192 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25506 153421/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&deathtrap_vail,"EPOPEE_UNTASTILY"); if (deathtrap_vail != 0) {; cupressus_morphologies = ((char *)deathtrap_vail); stonesoup_input_len = strlen(cupressus_morphologies); if (stonesoup_input_len < 2) { stonesoup_get_function(stonesoup_input_len, stonesoup_function_ptr); stonesoup_result = ( *stonesoup_function_ptr)(cupressus_morphologies); if (stonesoup_result == 0) if (deathtrap_vail != 0) free(((char *)deathtrap_vail)); void stonesoup_get_function(int len, fptr * modulus_function) { if (len > 10) { if (len < 10) { 0 --------------------------------- 25507 153421/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25508 153421/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25509 153421/color.c Buffer_Overflow_cpycat 367 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25510 153421/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25511 153421/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25512 153421/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25513 153421/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25514 153421/color.c Buffer_Overflow_cpycat 360 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25515 153421/color.c Buffer_Overflow_cpycat 339 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25516 153421/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25517 153421/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25518 153421/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25519 153421/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25520 153421/color.c Buffer_Overflow_cpycat 325 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25521 153421/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25522 153421/color.c Buffer_Overflow_cpycat 332 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25523 153421/color.c Buffer_Overflow_cpycat 388 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25524 153421/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25525 153421/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25526 153421/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25527 153421/color.c Buffer_Overflow_cpycat 212 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25528 153421/color.c Buffer_Overflow_cpycat 368 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25529 153421/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25530 153421/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25531 152906/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25532 152906/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25533 149055/ahdec1-bad.c Buffer_Overflow_Indexes 69 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) strncpy(buf, str, MAXSIZE); 0 --------------------------------- 25534 149055/ahdec1-bad.c Buffer_Overflow_LowBound 53 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; strncpy(buf, str, MAXSIZE); 0 --------------------------------- 25535 1486/Figure2-2-windows.cpp Buffer_Overflow_cpycat 26 int main(int argc, char *argv[]) char name [2048]; strcpy(name, argv[1]); strcat(name, " = "); strcat(name, argv[2]); 1 --------------------------------- 25536 837/basic-00181-min.c Buffer_Overflow_Indexes 58 envvar = getenv("STRINGLEN_MIN"); if (envvar != NULL) i = strlen(envvar); if (i > 10) buf[i] = 'A'; 1 --------------------------------- 25537 153076/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25538 153076/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25539 148821/Element.cpp Buffer_Overflow_LowBound 1169 updateAnimatedSVGAttribute(name); if (Attribute* a = namedAttrMap->getAttributeItem(name)) return a->value(); return nullAtom; bool ignoreCase = shouldIgnoreAttributeCase(this); if (!m_isStyleAttributeValid && equalPossiblyIgnoringCase(name, styleAttr.localName(), ignoreCase)) updateAnimatedSVGAttribute(QualifiedName(nullAtom, name, nullAtom)); if (Attribute* attribute = namedAttrMap->getAttributeItem(name, ignoreCase)) return attribute->value(); return nullAtom; return m_tagName.toString(); String result; s = nodeName(); if (s.length() > 0) { result += s; s = getAttribute(idAttributeName()); if (s.length() > 0) { if (result.length() > 0) result += "; "; result += "id="; result += s; s = getAttribute(classAttr); strncpy(buffer, result.utf8().data(), length - 1); void Element::formatForDebugger(char* buffer, unsigned length) const if (result.length() > 0) result += "; "; result += "class="; result += s; strncpy(buffer, result.utf8().data(), length - 1); const AtomicString& Element::getAttribute(const QualifiedName& name) const if (Attribute* a = namedAttrMap->getAttributeItem(name)) return a->value(); s = getAttribute(idAttributeName()); if (s.length() > 0) { result += s; s = getAttribute(classAttr); if (s.length() > 0) { result += s; strncpy(buffer, result.utf8().data(), length - 1); const AtomicString& Element::getAttribute(const String& name) const if (!m_isStyleAttributeValid && equalPossiblyIgnoringCase(name, styleAttr.localName(), ignoreCase)) if (Attribute* attribute = namedAttrMap->getAttributeItem(name, ignoreCase)) return attribute->value(); s = getAttribute(idAttributeName()); if (s.length() > 0) { result += s; strncpy(buffer, result.utf8().data(), length - 1); 0 --------------------------------- 25540 153801/tile-manager.c Buffer_Overflow_Indexes 87 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25541 153164/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25542 153164/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25543 153409/config_file.c Buffer_Overflow_Indexes 122 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25544 153244/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25545 153244/color.c Buffer_Overflow_Indexes 181 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25546 153244/color.c Buffer_Overflow_Indexes 185 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25547 153244/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&plusiinae_skeletin,"DIETARIES_FLOCCULATING"); stonesoup_data->buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25548 153244/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&plusiinae_skeletin,"DIETARIES_FLOCCULATING"); if (plusiinae_skeletin != 0) {; fugitating_hydrophilite = ((char *)plusiinae_skeletin); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(fugitating_hydrophilite)+1, fugitating_hydrophilite, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, fugitating_hydrophilite, strlen(fugitating_hydrophilite) + 1); if (plusiinae_skeletin != 0) free(((char *)plusiinae_skeletin)); 0 --------------------------------- 25549 153244/color.c Buffer_Overflow_Indexes 187 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25550 153244/color.c Buffer_Overflow_LowBound 587 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *plusiinae_skeletin; stonesoup_read_taint(&plusiinae_skeletin,"DIETARIES_FLOCCULATING"); fugitating_hydrophilite = ((char *)plusiinae_skeletin); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(fugitating_hydrophilite)+1, fugitating_hydrophilite, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, fugitating_hydrophilite, strlen(fugitating_hydrophilite) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&plusiinae_skeletin,"DIETARIES_FLOCCULATING"); fugitating_hydrophilite = ((char *)plusiinae_skeletin); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(fugitating_hydrophilite)+1, fugitating_hydrophilite, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, fugitating_hydrophilite, strlen(fugitating_hydrophilite) + 1); 1 --------------------------------- 25551 153244/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25552 153244/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25553 153244/color.c Buffer_Overflow_cpycat 201 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25554 153244/color.c Buffer_Overflow_cpycat 377 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25555 153244/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25556 153244/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25557 153244/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25558 153244/color.c Buffer_Overflow_cpycat 356 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25559 153244/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25560 153244/color.c Buffer_Overflow_cpycat 328 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25561 153244/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25562 153244/color.c Buffer_Overflow_cpycat 349 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25563 153244/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25564 153244/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25565 153244/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25566 153244/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25567 153244/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25568 153244/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25569 153244/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25570 153244/color.c Buffer_Overflow_cpycat 357 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25571 153244/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25572 153244/color.c Buffer_Overflow_cpycat 244 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25573 153244/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25574 153244/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25575 153443/aviobuf.c Buffer_Overflow_scanf 114 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&spreadability_chamfrain,"2873",exobasidium_chemult); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25576 153443/aviobuf.c Buffer_Overflow_Indexes 66 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&spreadability_chamfrain,"2873",exobasidium_chemult); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(alfurese_unhypothetical)); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(alfurese_unhypothetical)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25577 153443/aviobuf.c Buffer_Overflow_Indexes 112 strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || 0 --------------------------------- 25578 153443/aviobuf.c Buffer_Overflow_LowBound 1120 int avio_printf(AVIOContext *s,const char *fmt,... ) va_list ap; char buf[4096]; __builtin_va_start(ap,fmt); ret = vsnprintf(buf,sizeof(buf),fmt,ap); 0 --------------------------------- 25579 153588/file_wrappers.c Buffer_Overflow_Indexes 146 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25580 153344/utf.c Buffer_Overflow_Indexes 152 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&baileyton_ethambutol,"TRUCKIE_LYSIGENIC"); if (baileyton_ethambutol != 0) {; urobilinemia_past . endosternum_disadvantaging = ((char *)baileyton_ethambutol); tungstosilicate_staid(urobilinemia_past); void tungstosilicate_staid(const struct cohesiveness_gelatinous grimacingly_undesirably) backvelder_yorke = ((char *)((struct cohesiveness_gelatinous )grimacingly_undesirably) . endosternum_disadvantaging); stonesoup_buff_size = ((int )(strlen(backvelder_yorke))); memcpy(stonesoup_data.buffer, backvelder_yorke, 64); for (; stonesoup_i < stonesoup_buff_size; ++stonesoup_i){ stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); if (((struct cohesiveness_gelatinous )grimacingly_undesirably) . endosternum_disadvantaging != 0) free(((char *)((struct cohesiveness_gelatinous )grimacingly_undesirably) . endosternum_disadvantaging)); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 25581 153344/utf.c Buffer_Overflow_Indexes 147 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25582 153344/utf.c Buffer_Overflow_Indexes 106 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&baileyton_ethambutol,"TRUCKIE_LYSIGENIC"); tungstosilicate_staid(urobilinemia_past); svn_error_t *svn_err__temp = svn_mutex__unlock(svn_mutex__m,get_xlate_handle_node_internal(ret,topage,frompage,userdata_key,pool)); return get_xlate_handle_node(ret,SVN_APR_UTF8_CHARSET,(assume_native_charset_is_utf8?SVN_APR_UTF8_CHARSET : ((const char *)1)),SVN_UTF_NTOU_XLATE_HANDLE,pool); svn_error_t *svn_err__temp = get_ntou_xlate_handle_node(&node,pool); return get_xlate_handle_node(ret,SVN_APR_UTF8_CHARSET,(assume_native_charset_is_utf8?SVN_APR_UTF8_CHARSET : ((const char *)1)),SVN_UTF_NTOU_XLATE_HANDLE,pool); svn_error_t *svn_err__temp = svn_mutex__unlock(svn_mutex__m,get_xlate_handle_node_internal(ret,topage,frompage,userdata_key,pool)); stonesoup_setup_printf_context(); stonesoup_read_taint(&baileyton_ethambutol,"TRUCKIE_LYSIGENIC"); tungstosilicate_staid(urobilinemia_past); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25583 153422/color.c Buffer_Overflow_Indexes 573 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 0 --------------------------------- 25584 153422/color.c Buffer_Overflow_Indexes 160 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25585 153422/color.c Buffer_Overflow_Indexes 158 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25586 153422/color.c Buffer_Overflow_Indexes 154 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25587 153422/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25588 153422/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25589 153422/color.c Buffer_Overflow_cpycat 350 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25590 153422/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25591 153422/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25592 153422/color.c Buffer_Overflow_cpycat 174 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25593 153422/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25594 153422/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25595 153422/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25596 153422/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25597 153422/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25598 153422/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25599 153422/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25600 153422/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25601 153422/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25602 153422/color.c Buffer_Overflow_cpycat 182 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25603 153422/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25604 153422/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25605 153422/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25606 153422/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25607 153422/color.c Buffer_Overflow_cpycat 329 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25608 153422/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25609 153422/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25610 153422/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25611 153422/color.c Buffer_Overflow_cpycat 330 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25612 153703/tile-swap.c Buffer_Overflow_Indexes 157 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25613 153703/tile-swap.c Buffer_Overflow_LowBound 980 void offsprings_azotic(char *preodorous_ulani) balloons_contamination(preodorous_ulani); void balloons_contamination(char *debtee_kurr) overheaps_arisaid = ((char *)debtee_kurr); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(overheaps_arisaid))); strncpy(stonesoup_heap_buff_64, overheaps_arisaid, 64); 0 --------------------------------- 25614 153580/pmsignal.c Buffer_Overflow_scanf 138 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&aftercomer_brauhauser,"6331",bewhisker_animadversions); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25615 153580/pmsignal.c Buffer_Overflow_Indexes 401 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 25616 153580/pmsignal.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&aftercomer_brauhauser,"6331",bewhisker_animadversions); PMSignalState = ((PMSignalData *)(ShmemInitStruct("PMSignalState",PMSignalShmemSize(),&found))); Size _len = PMSignalShmemSize(); stonesoup_setup_printf_context(); stonesoup_read_taint(&aftercomer_brauhauser,"6331",bewhisker_animadversions); chameleonlike_unpicketed = circularism_unplump(amidships_corrivalry); reacts_liana(closemouthed_nonintercepting,chameleonlike_unpicketed); reacts_liana(waynant_nonenvious,thanatophobia_wini); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25617 153580/pmsignal.c Buffer_Overflow_Indexes 136 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25618 153608/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25619 153608/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25620 153486/bufmgr.c Buffer_Overflow_Indexes 110 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25621 153486/bufmgr.c Buffer_Overflow_Indexes 2673 impeyan_unshell = getenv("TANDEMER_CASUARINALES"); if (impeyan_unshell != 0) {; *conoscopic_semiluminous = impeyan_unshell; 0 --------------------------------- 25622 153486/bufmgr.c Buffer_Overflow_LowBound 2702 char *meares_organisable = 0; protonated_bostonians(&meares_organisable); daydream_repermit = trisulfoxide_siricoidea(meares_organisable); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, cunaxa_lyonnesse, 64); char *trisulfoxide_siricoidea(char *slinkier_milt) return slinkier_milt; daydream_repermit = trisulfoxide_siricoidea(meares_organisable); discretive_jonglery[3] = daydream_repermit; cunaxa_lyonnesse = ((char *)discretive_jonglery[3]); stonesoup_buff_size = ((int )(strlen(cunaxa_lyonnesse))); strncpy(stonesoup_heap_buff_64, cunaxa_lyonnesse, 64); 0 --------------------------------- 25623 153540/eng_table.c Buffer_Overflow_Indexes 100 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&bluntishness_fibiger,"PLUTEUS_VALLECULA"); stonesoup_buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25624 153540/eng_table.c Buffer_Overflow_Indexes 141 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25625 153540/eng_table.c Buffer_Overflow_Indexes 146 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&bluntishness_fibiger,"PLUTEUS_VALLECULA"); if (bluntishness_fibiger != 0) {; antiphlogistin_erythron[3] = bluntishness_fibiger; crane_snipy[5] = antiphlogistin_erythron; heartsomeness_tranks = *(crane_snipy + springling_beachie[1]); virulented_bantry = ((char *)heartsomeness_tranks[3]); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(virulented_bantry)+1, virulented_bantry, "TRIGGER-STATE"); strncpy(stonesoup_buffer,virulented_bantry,strlen(virulented_bantry) + 1); if (heartsomeness_tranks[3] != 0) free(((char *)heartsomeness_tranks[3])); 0 --------------------------------- 25626 153540/eng_table.c Buffer_Overflow_LowBound 366 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char stonesoup_buffer[8]; char *bluntishness_fibiger; stonesoup_read_taint(&bluntishness_fibiger,"PLUTEUS_VALLECULA"); antiphlogistin_erythron[3] = bluntishness_fibiger; crane_snipy[5] = antiphlogistin_erythron; springling_beachie[1] = 5; heartsomeness_tranks = *(crane_snipy + springling_beachie[1]); virulented_bantry = ((char *)heartsomeness_tranks[3]); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(virulented_bantry)+1, virulented_bantry, "TRIGGER-STATE"); strncpy(stonesoup_buffer,virulented_bantry,strlen(virulented_bantry) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&bluntishness_fibiger,"PLUTEUS_VALLECULA"); antiphlogistin_erythron[3] = bluntishness_fibiger; crane_snipy[5] = antiphlogistin_erythron; heartsomeness_tranks = *(crane_snipy + springling_beachie[1]); virulented_bantry = ((char *)heartsomeness_tranks[3]); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(virulented_bantry)+1, virulented_bantry, "TRIGGER-STATE"); strncpy(stonesoup_buffer,virulented_bantry,strlen(virulented_bantry) + 1); 1 --------------------------------- 25627 153491/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25628 153491/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25629 153802/types.c Buffer_Overflow_scanf 105 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&transumpt_blunt,"7884",inflamedness_khalsah); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25630 153802/types.c Buffer_Overflow_Indexes 57 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25631 153802/types.c Buffer_Overflow_Indexes 103 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25632 153802/types.c Buffer_Overflow_LowBound 427 char stonesoup_buffer[8]; struct kaffiyehs_remunerates hypocreales_auguring = {0}; quezals_plasmin(&hypocreales_auguring); duckier_wakikis = inhalant_hinson(hypocreales_auguring); strncpy(stonesoup_buffer,laxer_gibsons,strlen(laxer_gibsons) + 1); struct kaffiyehs_remunerates inhalant_hinson(struct kaffiyehs_remunerates scintillation_ungrabbing) return scintillation_ungrabbing; duckier_wakikis = inhalant_hinson(hypocreales_auguring); laxer_gibsons = ((char *)duckier_wakikis . vetanda_galantine); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(laxer_gibsons)+1, laxer_gibsons, "TRIGGER-STATE"); strncpy(stonesoup_buffer,laxer_gibsons,strlen(laxer_gibsons) + 1); 1 --------------------------------- 25633 153161/cryptlib.c Buffer_Overflow_Indexes 172 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25634 153161/cryptlib.c Buffer_Overflow_Indexes 213 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25635 153161/cryptlib.c Buffer_Overflow_Indexes 218 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&lymphocytotoxin_findjan,"PRIVATE_SHOPPE"); if (lymphocytotoxin_findjan != 0) {; breakwaters_ubi . pourboires_aeruginous = ((char *)lymphocytotoxin_findjan); dishonour_candollea = &breakwaters_ubi; bajardo_savers = &dishonour_candollea; alonzo_precorrection = &bajardo_savers; samsonite_unscowling = &alonzo_precorrection; unpitifulness_repoint = &samsonite_unscowling; lubbi_hyperrealizing = &unpitifulness_repoint; cutup_aspic = &lubbi_hyperrealizing; cacara_monotrochal = &cutup_aspic; cycasin_renewably = &cacara_monotrochal; southcottian_graydon = &cycasin_renewably; amelia_formularise(exiguousness_blueprints,southcottian_graydon); void amelia_formularise(int unbeheld_disqualifying,struct fouqu_palpebral **********scote_mayoralties); 0 --------------------------------- 25636 153161/cryptlib.c Buffer_Overflow_Indexes 689 if (env = getenv("OPENSSL_ia32cap")) { int off = env[0] == '~'?1 : 0; 0 --------------------------------- 25637 301/basic-00047-min.c Buffer_Overflow_LowBound 60 char buf[10]; src[11 - 1] = '\0'; strncpy(buf, src, 11); 1 --------------------------------- 25638 153304/color.c Buffer_Overflow_Indexes 550 bobbinet_eleutherism = getenv("UNSTANDARDIZED_HALLOWS"); if (bobbinet_eleutherism != 0) {; sweatiest_tearaway = ((char *)bobbinet_eleutherism); stonesoup_taint_len = ((int )(strlen(sweatiest_tearaway))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_data->buffer[stonesoup_buff_size] = sweatiest_tearaway[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); 1 --------------------------------- 25639 153304/color.c Buffer_Overflow_Indexes 159 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25640 153304/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25641 153304/color.c Buffer_Overflow_Indexes 155 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25642 153304/color.c Buffer_Overflow_Indexes 161 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25643 153304/color.c Buffer_Overflow_cpycat 190 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25644 153304/color.c Buffer_Overflow_cpycat 330 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25645 153304/color.c Buffer_Overflow_cpycat 239 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25646 153304/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25647 153304/color.c Buffer_Overflow_cpycat 253 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25648 153304/color.c Buffer_Overflow_cpycat 323 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25649 153304/color.c Buffer_Overflow_cpycat 281 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25650 153304/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25651 153304/color.c Buffer_Overflow_cpycat 351 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25652 153304/color.c Buffer_Overflow_cpycat 288 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25653 153304/color.c Buffer_Overflow_cpycat 183 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25654 153304/color.c Buffer_Overflow_cpycat 274 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25655 153304/color.c Buffer_Overflow_cpycat 246 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25656 153304/color.c Buffer_Overflow_cpycat 267 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25657 153304/color.c Buffer_Overflow_cpycat 295 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25658 153304/color.c Buffer_Overflow_cpycat 302 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25659 153304/color.c Buffer_Overflow_cpycat 197 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25660 153304/color.c Buffer_Overflow_cpycat 260 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25661 153304/color.c Buffer_Overflow_cpycat 218 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25662 153304/color.c Buffer_Overflow_cpycat 309 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25663 153304/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25664 153304/color.c Buffer_Overflow_cpycat 175 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25665 153304/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25666 153304/color.c Buffer_Overflow_cpycat 316 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25667 153656/color.c Buffer_Overflow_Indexes 147 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25668 153656/color.c Buffer_Overflow_Indexes 538 hardesty_illguide = getenv("SQUAMSCOT_TUNELESS"); if (hardesty_illguide != 0) {; taimyrite_unsacrificial = ((char *)hardesty_illguide); for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen(taimyrite_unsacrificial); ++stonesoup_ss_i) { tracepoint(stonesoup_trace, variable_signed_integral, "((int)STONESOUP_TAINT_SOURCE[stonesoup_ss_i])", ((int)taimyrite_unsacrificial[stonesoup_ss_i]), &(taimyrite_unsacrificial[stonesoup_ss_i]), "TRIGGER-STATE"); taimyrite_unsacrificial[stonesoup_ss_i], stonesoup_stack_buff[(int) taimyrite_unsacrificial[stonesoup_ss_i]]); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 25669 153656/color.c Buffer_Overflow_Indexes 149 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25670 153656/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); s stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25671 153656/color.c Buffer_Overflow_Indexes 143 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25672 153656/color.c Buffer_Overflow_Indexes 542 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 0 --------------------------------- 25673 153656/color.c Buffer_Overflow_cpycat 318 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25674 153656/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25675 153656/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25676 153656/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25677 153656/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25678 153656/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25679 153656/color.c Buffer_Overflow_cpycat 171 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25680 153656/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25681 153656/color.c Buffer_Overflow_cpycat 339 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25682 153656/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25683 153656/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25684 153656/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25685 153656/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25686 153656/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25687 153656/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25688 153656/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25689 153656/color.c Buffer_Overflow_cpycat 206 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25690 153656/color.c Buffer_Overflow_cpycat 163 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25691 153656/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25692 153656/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25693 153656/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25694 153656/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25695 153656/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25696 153656/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25697 153400/dirent_uri.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); ELLGA_ELCAJA(taglia_papelonne); stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25698 153400/dirent_uri.c Buffer_Overflow_Indexes 145 reflectivity_libbey = getenv("UNPRIMNESS_JEUZ"); if (reflectivity_libbey != 0) {; phlegmonous_paining . explemental_cisternae = ((char *)reflectivity_libbey); postolivary_kirigami[5] = phlegmonous_paining; taglia_papelonne = *(postolivary_kirigami + gabrilowitsch_merycoidodon[1]); ELLGA_ELCAJA(taglia_papelonne); void warren_reheeling(struct offensive_postexercise decrescendo_homecoming) ELLGA_ELCAJA(taglia_papelonne); elasmobranchian_prepared = ((char *)decrescendo_homecoming . explemental_cisternae); strncpy(stonesoup_source, elasmobranchian_prepared, sizeof(stonesoup_source)); 0 --------------------------------- 25699 153400/dirent_uri.c Buffer_Overflow_LowBound 2084 struct offensive_postexercise phlegmonous_paining; reflectivity_libbey = getenv("UNPRIMNESS_JEUZ"); phlegmonous_paining . explemental_cisternae = ((char *)reflectivity_libbey); postolivary_kirigami[5] = phlegmonous_paining; gabrilowitsch_merycoidodon[1] = 5; taglia_papelonne = *(postolivary_kirigami + gabrilowitsch_merycoidodon[1]); ELLGA_ELCAJA(taglia_papelonne); char stonesoup_source[1024]; stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, elasmobranchian_prepared, sizeof(stonesoup_source)); void warren_reheeling(struct offensive_postexercise decrescendo_homecoming) elasmobranchian_prepared = ((char *)decrescendo_homecoming . explemental_cisternae); strncpy(stonesoup_source, elasmobranchian_prepared, sizeof(stonesoup_source)); 0 --------------------------------- 25700 153400/dirent_uri.c Buffer_Overflow_LowBound 2093 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 25701 153426/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25702 153426/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25703 153079/cmdline.c Buffer_Overflow_scanf 128 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&reveller_commonest,"5788",greenings_mendaciousness); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25704 153079/cmdline.c Buffer_Overflow_Indexes 897 e = (getenv("EDITOR")); if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 25705 153079/cmdline.c Buffer_Overflow_Indexes 80 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&reveller_commonest,"5788",greenings_mendaciousness); stonesoup_data.buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25706 153079/cmdline.c Buffer_Overflow_Indexes 894 e = (getenv("VISUAL")); if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 25707 153079/cmdline.c Buffer_Overflow_Indexes 266 env_val = (getenv( *env_var)); if (env_val && env_val[0]) { fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); 0 --------------------------------- 25708 153079/cmdline.c Buffer_Overflow_Indexes 126 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25709 153079/cmdline.c Buffer_Overflow_Indexes 885 e = (getenv("SVN_EDITOR")); if (!e) { svn_config_get(cfg,&e,"helpers","editor-cmd",((void *)0)); if (!e) { if (!e) { if (!e) { if (e) { for (c = e; *c; c++) if (!( *c)) { *editor = e; svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,file_name)); sys_err = system(cmd); if (sys_err) { return svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); svn_error_t *svn_err__temp = find_editor_binary(&editor,editor_cmd,config); cmd = (apr_psprintf(pool,"%s %s",editor,tmpfile_native)); sys_err = system(cmd); if (sys_err != 0) { err = svn_error_createf(SVN_ERR_EXTERNAL_PROGRAM,((void *)0),(dgettext("subversion","system('%s') returned %d")),cmd,sys_err); if (!err && err2) { return err; static svn_error_t *find_editor_binary(const char **editor,const char *editor_cmd,apr_hash_t *config) 0 --------------------------------- 25710 153079/cmdline.c Buffer_Overflow_LowBound 291 int svn_cmdline_init(const char *progname,FILE *error_stream) char prefix_buf[64]; fprintf(error_stream,"%s: warning: cannot set LC_CTYPE locale\n%s: warning: environment variable %s is %s\n%s: warning: please check that your locale name is correct\n",progname,progname, *env_var,env_val,progname); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); strncpy(prefix_buf,progname,sizeof(prefix_buf) - 3); 0 --------------------------------- 25711 153079/cmdline.c Buffer_Overflow_LowBound 199 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int greenings_mendaciousness = 53; char *reveller_commonest; stonesoup_read_taint(&reveller_commonest,"5788",greenings_mendaciousness); angelographer_cringer[20] = reveller_commonest; untactfulness_caen[5] = angelographer_cringer; trilaurin_autocorrelate = 5; linefeed_enables = &trilaurin_autocorrelate; tertius_sublation = *(untactfulness_caen + *linefeed_enables); contextural_soldierwise = ((char *)tertius_sublation[20]); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(contextural_soldierwise)+1, contextural_soldierwise, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, contextural_soldierwise, strlen(contextural_soldierwise) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&reveller_commonest,"5788",greenings_mendaciousness); angelographer_cringer[20] = reveller_commonest; untactfulness_caen[5] = angelographer_cringer; tertius_sublation = *(untactfulness_caen + *linefeed_enables); contextural_soldierwise = ((char *)tertius_sublation[20]); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(contextural_soldierwise)+1, contextural_soldierwise, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, contextural_soldierwise, strlen(contextural_soldierwise) + 1); 1 --------------------------------- 25712 153079/cmdline.c Buffer_Overflow_cpycat 293 prefix_buf[sizeof(prefix_buf) - 3] = '\0'; strcat(prefix_buf,": "); 0 --------------------------------- 25713 153458/config.c Buffer_Overflow_Indexes 118 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25714 153458/config.c Buffer_Overflow_LowBound 1023 char* stonesoup_tainted_buff; int buffer_size = 1000; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, paralogician_bemedalled, 64); void stonesoup_handle_taint(char *vinaigretted_unmaimable) symbiotically_apasttra = vinaigretted_unmaimable; paralogician_bemedalled = ((char *)symbiotically_apasttra); stonesoup_buff_size = ((int )(strlen(paralogician_bemedalled))); strncpy(stonesoup_heap_buff_64, paralogician_bemedalled, 64); 0 --------------------------------- 25715 153396/avfilter.c Buffer_Overflow_scanf 104 void disimprisonment_decenaries(int lisiere_overannotate,abjections_cacus amendatory_pointlessly) galangal_refugee = ((char *)amendatory_pointlessly); stonesoup_fp = stonesoup_switch_func(galangal_refugee); stonesoup_fct_ptr stonesoup_switch_func(char *param) stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 25716 153396/avfilter.c Buffer_Overflow_Indexes 170 suprajural_ricercars = getenv("SHIFTLESS_COLTISHNESS"); if (suprajural_ricercars != 0) {; subvened_nonlegitimacy = suprajural_ricercars; deerwood_crojiks[5] = subvened_nonlegitimacy; huddle_hemlock = *(deerwood_crojiks + *limnobiological_overtrimme); disimprisonment_decenaries(harhay_algonquins,huddle_hemlock); void disimprisonment_decenaries(int lisiere_overannotate,abjections_cacus amendatory_pointlessly); 0 --------------------------------- 25717 153396/avfilter.c Buffer_Overflow_Indexes 49 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25718 153396/avfilter.c Buffer_Overflow_LowBound 111 av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); 0 --------------------------------- 25719 153167/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25720 153167/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25721 148966/packet-etch.c Buffer_Overflow_scanf 310 int hash; line[pos + 1] = '\0'; if (sscanf(&line[0], "%x", &hash) != 1) 0 --------------------------------- 25722 148966/packet-etch.c Buffer_Overflow_fgets 293 char line[256]; while (fgets(line, sizeof line, pFile) != NULL) { line[pos + 1] = '\0'; if (sscanf(&line[0], "%x", &hash) != 1) pos = strcspn(line, ","); while (fgets(line, sizeof line, pFile) != NULL) { g_strdup_printf("%." ETCH_MAX_SYMBOL_LENGTH "s", &line[pos+1])); char *filename; g_free(filename); add_symbols_of_file(filename); gbl_symbols_array_append(int hash, gchar *symbol) { g_strdup_printf("%." ETCH_MAX_SYMBOL_LENGTH "s", &line[pos+1])); while (fgets(line, sizeof line, pFile) != NULL) { add_symbols_of_file(const char *filename) pFile = ws_fopen(filename, "r"); while (fgets(line, sizeof line, pFile) != NULL) { 0 --------------------------------- 25723 152920/oids.c Buffer_Overflow_Indexes 183 char *debug_env = getenv("WIRESHARK_DEBUG_MIBS"); debuglevel = ((debug_env?strtoul(debug_env,((void *)0),10) : 0)); 0 --------------------------------- 25724 152920/oids.c Buffer_Overflow_Indexes 100 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&inguinocrural_portionless,"LENTISCUS_TETRADACTYLY"); nonstrictness_tramcars = biramose_switchback(clitellar_anthropotomy); stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25725 152920/oids.c Buffer_Overflow_Indexes 141 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25726 152920/oids.c Buffer_Overflow_Indexes 146 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&inguinocrural_portionless,"LENTISCUS_TETRADACTYLY"); if (inguinocrural_portionless != 0) {; clitellar_anthropotomy . enterocentesis_seminule = inguinocrural_portionless; nonstrictness_tramcars = biramose_switchback(clitellar_anthropotomy); union forrard_shetrit biramose_switchback(union forrard_shetrit tetraselenodont_unhabitually) return tetraselenodont_unhabitually; nonstrictness_tramcars = biramose_switchback(clitellar_anthropotomy); sowans_khedivial = ((char *)nonstrictness_tramcars . enterocentesis_seminule); strncpy(stonesoup_source, sowans_khedivial, sizeof(stonesoup_source)); if (nonstrictness_tramcars . enterocentesis_seminule != 0) free(((char *)nonstrictness_tramcars . enterocentesis_seminule)); 0 --------------------------------- 25727 152920/oids.c Buffer_Overflow_LowBound 1000 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 25728 152920/oids.c Buffer_Overflow_LowBound 991 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; union forrard_shetrit clitellar_anthropotomy; char *inguinocrural_portionless; stonesoup_read_taint(&inguinocrural_portionless,"LENTISCUS_TETRADACTYLY"); clitellar_anthropotomy . enterocentesis_seminule = inguinocrural_portionless; nonstrictness_tramcars = biramose_switchback(clitellar_anthropotomy); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, sowans_khedivial, sizeof(stonesoup_source)); union forrard_shetrit biramose_switchback(union forrard_shetrit tetraselenodont_unhabitually) return tetraselenodont_unhabitually; nonstrictness_tramcars = biramose_switchback(clitellar_anthropotomy); sowans_khedivial = ((char *)nonstrictness_tramcars . enterocentesis_seminule); strncpy(stonesoup_source, sowans_khedivial, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&inguinocrural_portionless,"LENTISCUS_TETRADACTYLY"); clitellar_anthropotomy . enterocentesis_seminule = inguinocrural_portionless; nonstrictness_tramcars = biramose_switchback(clitellar_anthropotomy); 0 --------------------------------- 25729 153594/error.c Buffer_Overflow_Indexes 123 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25730 153594/error.c Buffer_Overflow_Indexes 128 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&compressibly_allotropical,"MICROMEMBRANE_INDUBIOUSLY"); if (compressibly_allotropical != 0) {; begirdled_thi . usucaptible_filipendulous = compressibly_allotropical; unholiness_unabsorbed = overwheel_monostomatidae(begirdled_thi); union chivachee_hyposystole overwheel_monostomatidae(union chivachee_hyposystole appellate_citua); 0 --------------------------------- 25731 153594/error.c Buffer_Overflow_Indexes 82 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25732 153521/mutex.c Buffer_Overflow_Indexes 86 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25733 153521/mutex.c Buffer_Overflow_LowBound 197 void stonesoup_handle_taint(char *underjanitor_tinkerly) union strigous_newsier parasyntheton_invades; parasyntheton_invades . cherkesser_usneaceae = underjanitor_tinkerly; toothily_unadhesive[5] = parasyntheton_invades; glenmora_fanioned = 5; overdignity_unslandered = &glenmora_fanioned; shirtless_prelawfulness = *(toothily_unadhesive + *overdignity_unslandered); CHRISTIES_TRICHI(shirtless_prelawfulness); void arette_ulla(union strigous_newsier unmusical_matoke) preguarantee_tartarize = ((char *)unmusical_matoke . cherkesser_usneaceae); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof (struct stonesoup_struct)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(preguarantee_tartarize)+1, preguarantee_tartarize, "TAINTED-SOURCE"); strncpy(stonesoup_data->buffer, preguarantee_tartarize, strlen(preguarantee_tartarize) + 1); 1 --------------------------------- 25734 297/basic-00046-min.c Buffer_Overflow_cpycat 60 char buf[10]; src[11 - 1] = '\0'; strcpy(buf, src); 1 --------------------------------- 25735 153367/dirent_uri.c Buffer_Overflow_Indexes 128 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&stratochamber_titmall,"GAVIIFORMES_PATIENCE"); if (stratochamber_titmall != 0) {; tsadi_conundrum . apium_rotalia = stratochamber_titmall; beclowned_condensable = &tsadi_conundrum; counterguerilla_elatine = ((union bludgeoned_tasseling *)(((unsigned long )beclowned_condensable) * skeiner_influxive * skeiner_influxive)) + 5; beseem_captioned(beaning_tuesday,counterguerilla_elatine); void beseem_captioned(int bibliophily_snyes,union bludgeoned_tasseling *sycamine_orbitelous) beseem_captioned(bibliophily_snyes,sycamine_orbitelous); 0 --------------------------------- 25736 153367/dirent_uri.c Buffer_Overflow_Indexes 82 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&stratochamber_titmall,"GAVIIFORMES_PATIENCE"); beseem_captioned(beaning_tuesday,counterguerilla_elatine); beseem_captioned(bibliophily_snyes,sycamine_orbitelous); stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25737 153367/dirent_uri.c Buffer_Overflow_Indexes 123 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25738 153367/dirent_uri.c Buffer_Overflow_cpycat 2120 madlyn_murrains = ((char *)( *(sycamine_orbitelous - 5)) . apium_rotalia); stonesoup_data.buffer[stonesoup_i] = 0; strcpy(stonesoup_data.buffer, madlyn_murrains); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data.buffer); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, madlyn_murrains); 0 --------------------------------- 25739 153077/file_wrappers.c Buffer_Overflow_Indexes 152 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&episternal_larcenist,"HECATE_AMENABLE"); if (episternal_larcenist != 0) {; chawed_anarchs . malinvestment_garfish = episternal_larcenist; iffiest_chubbiest = ((char *)chawed_anarchs . malinvestment_garfish); if (strlen(iffiest_chubbiest) < 20) { realpath(iffiest_chubbiest,stonesoup_base_path); if (chawed_anarchs . malinvestment_garfish != 0) free(((char *)chawed_anarchs . malinvestment_garfish)); 0 --------------------------------- 25740 153077/file_wrappers.c Buffer_Overflow_Indexes 147 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25741 153077/file_wrappers.c Buffer_Overflow_Indexes 106 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&episternal_larcenist,"HECATE_AMENABLE"); stonesoup_base_path[stonesoup_oc_i] = stonesoup_toupper(stonesoup_base_path[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_base_path); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25742 153555/utf.c Buffer_Overflow_Indexes 142 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&syncretizing_parcenership,"DARINGS_VERTEBROILIAC"); if (syncretizing_parcenership != 0) {; subsultorily_severate[ *( *( *( *( *( *( *( *( *( *mohole_reviviscence)))))))))] = syncretizing_parcenership; standerwort_scaldberry = subsultorily_severate[ *( *( *( *( *( *( *( *( *( *mohole_reviviscence)))))))))]; fugitate_surcoat(standerwort_scaldberry); void fugitate_surcoat(char *anaphyte_brumidi); 0 --------------------------------- 25743 153555/utf.c Buffer_Overflow_Indexes 96 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25744 153555/utf.c Buffer_Overflow_Indexes 137 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25745 153377/emem.c Buffer_Overflow_scanf 216 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&favosites_anauxite,"9920",athymy_peacekeeper); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25746 153377/emem.c Buffer_Overflow_Indexes 1614 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1909))); 0 --------------------------------- 25747 153377/emem.c Buffer_Overflow_Indexes 319 ep_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_EP_NO_CHUNKS") == ((void *)0); ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 25748 153377/emem.c Buffer_Overflow_Indexes 338 se_packet_mem . debug_verify_pointers = getenv("WIRESHARK_SE_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 25749 153377/emem.c Buffer_Overflow_Indexes 336 se_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_SE_NO_CHUNKS") == ((void *)0); se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 25750 153377/emem.c Buffer_Overflow_Indexes 1564 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1856))); 0 --------------------------------- 25751 153377/emem.c Buffer_Overflow_Indexes 168 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&favosites_anauxite,"9920",athymy_peacekeeper); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25752 153377/emem.c Buffer_Overflow_Indexes 321 ep_packet_mem . debug_verify_pointers = getenv("WIRESHARK_EP_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 25753 153377/emem.c Buffer_Overflow_Indexes 1579 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1872))); 0 --------------------------------- 25754 153377/emem.c Buffer_Overflow_Indexes 1649 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1945))); 0 --------------------------------- 25755 153377/emem.c Buffer_Overflow_Indexes 1631 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1926))); 0 --------------------------------- 25756 153377/emem.c Buffer_Overflow_Indexes 214 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25757 153377/emem.c Buffer_Overflow_Indexes 337 se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 25758 153377/emem.c Buffer_Overflow_Indexes 320 ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 25759 153377/emem.c Buffer_Overflow_Indexes 1596 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1890))); 0 --------------------------------- 25760 153377/emem.c Buffer_Overflow_cpycat 1161 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; char stonesoup_stack_buffer_64[64]; int athymy_peacekeeper = 1001; char *favosites_anauxite;; stonesoup_read_taint(&favosites_anauxite,"9920",athymy_peacekeeper); neoholmia_fritze = ((void *)favosites_anauxite); benevolently_badass = ((char *)((char *)neoholmia_fritze)); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,benevolently_badass); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&favosites_anauxite,"9920",athymy_peacekeeper); neoholmia_fritze = ((void *)favosites_anauxite); benevolently_badass = ((char *)((char *)neoholmia_fritze)); strcpy(stonesoup_stack_buffer_64,benevolently_badass); 1 --------------------------------- 25761 153234/img2.c Buffer_Overflow_Indexes 41 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25762 153234/img2.c Buffer_Overflow_Indexes 97 assam_gorhen = getenv("LYCANTHROPOUS_CARBOLXYLOL"); if (assam_gorhen != 0) {; bescourge_mids(assam_gorhen); 0 --------------------------------- 25763 153234/img2.c Buffer_Overflow_LowBound 144 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 25764 153234/img2.c Buffer_Overflow_LowBound 135 void glycyl_undeludedly(char *apepsy_preindemnifying) char stonesoup_source[1024]; octometer_saucemen = ((char *)apepsy_preindemnifying); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,octometer_saucemen,sizeof(stonesoup_source)); 0 --------------------------------- 25765 152960/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25766 152960/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25767 153649/pmsignal.c Buffer_Overflow_Indexes 89 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25768 153649/pmsignal.c Buffer_Overflow_Indexes 130 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25769 153649/pmsignal.c Buffer_Overflow_Indexes 135 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&sowing_lurched,"IMPRESSIBLE_ALMAGRA"); if (sowing_lurched != 0) {; *oki_akmudar = sowing_lurched; 0 --------------------------------- 25770 149201/HeapOverFlow-bad.c Buffer_Overflow_Indexes 19 int main(int argc, char **argv) buf = (char *)malloc(BUFSIZE); strcpy(buf, argv[1]); 1 --------------------------------- 25771 13/Write-what-where_condition.c Buffer_Overflow_cpycat 5 int main(int argc, char **argv) { char *buf1 = (char *) malloc(BUFSIZE); strcpy(buf1, argv[1]); 1 --------------------------------- 25772 153506/color.c Buffer_Overflow_Indexes 539 behaviorist_roughers = getenv("CABOOSE_WHANGEE"); if (behaviorist_roughers != 0) {; macarthur_moraler = ((char *)behaviorist_roughers); stonesoup_buff_size = strlen(macarthur_moraler) + 1; stonesoup_size = stonesoup_other_size < stonesoup_buff_size ? stonesoup_other_size : stonesoup_buff_size; for (stonesoup_i = 0; stonesoup_i < stonesoup_size; stonesoup_i++) { macarthur_moraler[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = for (stonesoup_i = 0; stonesoup_i < stonesoup_buff_size; stonesoup_i++) { stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buff_size", stonesoup_buff_size, &stonesoup_buff_size, "TRIGGER-STATE"); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 25773 153506/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25774 153506/color.c Buffer_Overflow_Indexes 149 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25775 153506/color.c Buffer_Overflow_Indexes 147 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25776 153506/color.c Buffer_Overflow_Indexes 143 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25777 153506/color.c Buffer_Overflow_cpycat 318 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25778 153506/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25779 153506/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25780 153506/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25781 153506/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25782 153506/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25783 153506/color.c Buffer_Overflow_cpycat 171 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25784 153506/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25785 153506/color.c Buffer_Overflow_cpycat 339 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25786 153506/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25787 153506/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25788 153506/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25789 153506/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25790 153506/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25791 153506/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25792 153506/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25793 153506/color.c Buffer_Overflow_cpycat 206 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25794 153506/color.c Buffer_Overflow_cpycat 163 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25795 153506/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25796 153506/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25797 153506/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25798 153506/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25799 153506/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25800 153506/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25801 6/Using_freed_memory.c Buffer_Overflow_LowBound 15 int main(int argc, char **argv) { char *buf2R1; buf2R1 = (char *) malloc(BUFSIZER1); free(buf2R1); strncpy(buf2R1, argv[1], BUFSIZER1-1); 1 --------------------------------- 25802 152995/bio_err.c Buffer_Overflow_scanf 135 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&duotriode_unreprovedly,"1742",interface_proreption); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25803 152995/bio_err.c Buffer_Overflow_Indexes 133 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25804 152995/bio_err.c Buffer_Overflow_Indexes 87 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25805 153254/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25806 153254/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25807 153499/color.c Buffer_Overflow_Indexes 154 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25808 153499/color.c Buffer_Overflow_Indexes 156 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25809 153499/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25810 153499/color.c Buffer_Overflow_Indexes 150 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25811 153499/color.c Buffer_Overflow_Indexes 543 matfellon_sermoniser = getenv("TAMARAITE_BECKFORD"); if (matfellon_sermoniser != 0) {; pseudobrachium_sylvestral = ((char *)matfellon_sermoniser); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(pseudobrachium_sylvestral)+1, pseudobrachium_sylvestral, "TRIGGER-STATE"); strncpy(stonesoup_data, pseudobrachium_sylvestral, strlen(pseudobrachium_sylvestral) + 1); 0 --------------------------------- 25812 153499/color.c Buffer_Overflow_LowBound 554 matfellon_sermoniser = getenv("TAMARAITE_BECKFORD"); pseudobrachium_sylvestral = ((char *)matfellon_sermoniser); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(pseudobrachium_sylvestral)+1, pseudobrachium_sylvestral, "TRIGGER-STATE"); strncpy(stonesoup_data, pseudobrachium_sylvestral, strlen(pseudobrachium_sylvestral) + 1); 1 --------------------------------- 25813 153499/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25814 153499/color.c Buffer_Overflow_cpycat 170 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25815 153499/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25816 153499/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25817 153499/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25818 153499/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25819 153499/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25820 153499/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25821 153499/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25822 153499/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25823 153499/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25824 153499/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25825 153499/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25826 153499/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25827 153499/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25828 153499/color.c Buffer_Overflow_cpycat 346 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25829 153499/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25830 153499/color.c Buffer_Overflow_cpycat 325 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25831 153499/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25832 153499/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25833 153499/color.c Buffer_Overflow_cpycat 192 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25834 153499/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25835 153499/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25836 153499/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25837 153778/tile-manager.c Buffer_Overflow_scanf 100 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&explicitly_sender,"8991",phyleus_carryalls); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25838 153778/tile-manager.c Buffer_Overflow_Indexes 52 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25839 153778/tile-manager.c Buffer_Overflow_Indexes 98 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25840 153670/avdevice.c Buffer_Overflow_Indexes 43 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25841 153670/avdevice.c Buffer_Overflow_Indexes 106 innervating_onagraceae = getenv("UNDEWILY_HINTED"); if (innervating_onagraceae != 0) {; lidded_infanta . rostrated_missilries = innervating_onagraceae; decurtate_cailly[5] = lidded_infanta; brisked_periosteophyte = *(decurtate_cailly + *overresolute_rectorial); plaudit_scrumpy = ((char *)brisked_periosteophyte . rostrated_missilries); strcpy(stonesoup_stack_buffer_64,plaudit_scrumpy); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "CROSSOVER-STATE"); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); int stonesoup_toupper(int c) { if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "FINAL-STATE"); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 25842 153670/avdevice.c Buffer_Overflow_cpycat 130 char stonesoup_stack_buffer_64[64]; union monolinguist_amphibolitic lidded_infanta; innervating_onagraceae = getenv("UNDEWILY_HINTED"); lidded_infanta . rostrated_missilries = innervating_onagraceae; decurtate_cailly[5] = lidded_infanta; duende_curvirostral = 5; overresolute_rectorial = &duende_curvirostral; brisked_periosteophyte = *(decurtate_cailly + *overresolute_rectorial); plaudit_scrumpy = ((char *)brisked_periosteophyte . rostrated_missilries); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,plaudit_scrumpy); 0 --------------------------------- 25843 153714/bio_err.c Buffer_Overflow_scanf 144 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&contours_giraffoid,"4199",liripipe_pizzles); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25844 153714/bio_err.c Buffer_Overflow_Indexes 142 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25845 153714/bio_err.c Buffer_Overflow_Indexes 96 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&contours_giraffoid,"4199",liripipe_pizzles); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25846 153714/bio_err.c Buffer_Overflow_LowBound 203 fractiousness_darter = ((char *)( *(sandiness_nightmarish - 5)) . secondhanded_permoralize); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(fractiousness_darter)+1, fractiousness_darter, "TRIGGER-STATE"); strncpy(stonesoup_data, fractiousness_darter, strlen(fractiousness_darter) + 1); 1 --------------------------------- 25847 153455/color.c Buffer_Overflow_Indexes 128 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25848 153455/color.c Buffer_Overflow_Indexes 159 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25849 153455/color.c Buffer_Overflow_Indexes 163 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25850 153455/color.c Buffer_Overflow_Indexes 165 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25851 153455/color.c Buffer_Overflow_cpycat 229 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25852 153455/color.c Buffer_Overflow_cpycat 187 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25853 153455/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25854 153455/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25855 153455/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25856 153455/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25857 153455/color.c Buffer_Overflow_cpycat 334 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25858 153455/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25859 153455/color.c Buffer_Overflow_cpycat 179 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25860 153455/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25861 153455/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25862 153455/color.c Buffer_Overflow_cpycat 194 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25863 153455/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25864 153455/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25865 153455/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25866 153455/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25867 153455/color.c Buffer_Overflow_cpycat 355 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25868 153455/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25869 153455/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25870 153455/color.c Buffer_Overflow_cpycat 214 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25871 153455/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25872 153455/color.c Buffer_Overflow_cpycat 582 char* stonesoup_tainted_buff; int buffer_size = 1000; data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); buffer_size = buffer_size * 2; stonesoup_tainted_buff = (char*) malloc(buffer_size * sizeof(char)); data_size = mg_get_var(conn, "data", stonesoup_tainted_buff, buffer_size * sizeof(char)); free(stonesoup_tainted_buff); stonesoup_handle_taint(stonesoup_tainted_buff); char stonesoup_stack_buffer_64[64]; memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,nonpersuasible_cochampion); void stonesoup_handle_taint(char *insectan_cassididae) nonpersuasible_cochampion = ((char *)insectan_cassididae); strcpy(stonesoup_stack_buffer_64,nonpersuasible_cochampion); 1 --------------------------------- 25873 153455/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25874 153455/color.c Buffer_Overflow_cpycat 201 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25875 153455/color.c Buffer_Overflow_cpycat 222 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25876 305/basic-00048-min.c Buffer_Overflow_LowBound 62 char buf[10]; src[11 - 1] = '\0'; len = 11; strncpy(buf, src, len); 1 --------------------------------- 25877 153057/file_wrappers.c Buffer_Overflow_Indexes 97 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25878 153057/file_wrappers.c Buffer_Overflow_Indexes 2081 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_input_string", stonesoup_input_string, "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data.buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 25879 153057/file_wrappers.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25880 153057/file_wrappers.c Buffer_Overflow_Indexes 143 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&adays_thermophilous,"TURMEL_MEROSYSTEMATIC"); if (adays_thermophilous != 0) {; shaps_umbrellaless[29] = adays_thermophilous; pheidole_quickwork = &shaps_umbrellaless; yuji_martinton = &pheidole_quickwork; midwesterners_vandervelde(yuji_martinton); void midwesterners_vandervelde(char *(**zac_underpressure)[37]); 0 --------------------------------- 25881 153807/utils.c Buffer_Overflow_Indexes 80 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25882 153807/utils.c Buffer_Overflow_Indexes 2538 cluniac_demibath = getenv("SUBSPECIALIST_NONLOYALTY"); if (cluniac_demibath != 0) {; cert_gimbal . fruz_constipated = ((char *)cluniac_demibath); ungregariously_emerited[5] = cert_gimbal; pedregal_tripetaloid = *(ungregariously_emerited + pedule_phytopathogen[1]); if (pedregal_tripetaloid . fruz_constipated != 0) { newt_ftnerr = ((char *)pedregal_tripetaloid . fruz_constipated); strcpy(stonesoup_data->buffer, newt_ftnerr); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data->buffer); for (; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); free(stonesoup_data); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->after(stonesoup_data->buffer[stonesoup_i])); 1 --------------------------------- 25883 153807/utils.c Buffer_Overflow_LowBound 1261 char buf[128]; av_log(avctx,16,"Specified pixel format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_pix_fmt_name(avctx -> pix_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> pix_fmt); 0 --------------------------------- 25884 153807/utils.c Buffer_Overflow_LowBound 1248 int ff_codec_open2_recursive(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) ret = avcodec_open2(avctx,codec,options); int avcodec_open2(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) if (av_codec_is_decoder(codec)) { if (av_codec_is_encoder(avctx -> codec)) { int av_codec_is_encoder(const AVCodec *codec) if (av_codec_is_encoder(avctx -> codec)) { if (avctx -> channels == 1 && (av_get_planar_sample_fmt(avctx -> sample_fmt)) == (av_get_planar_sample_fmt(avctx -> codec -> sample_fmts[i]))) { avctx -> sample_fmt = avctx -> codec -> sample_fmts[i]; char buf[128]; snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); av_log(avctx,16,"Specified sample format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_sample_fmt_name(avctx -> sample_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); int avcodec_open(AVCodecContext *avctx,AVCodec *codec) return avcodec_open2(avctx,codec,((void *)0)); 0 --------------------------------- 25885 153807/utils.c Buffer_Overflow_LowBound 2431 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 25886 153807/utils.c Buffer_Overflow_LowBound 2456 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 25887 153807/utils.c Buffer_Overflow_LowBound 2442 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); 0 --------------------------------- 25888 153807/utils.c Buffer_Overflow_LowBound 2427 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); AVRational display_aspect_ratio; buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) profile = av_get_profile_name(p,enc -> profile); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); 0 --------------------------------- 25889 153807/utils.c Buffer_Overflow_LowBound 2469 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); 0 --------------------------------- 25890 153807/utils.c Buffer_Overflow_LowBound 2412 codec_tag >>= 8; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); 0 --------------------------------- 25891 153807/utils.c Buffer_Overflow_LowBound 2420 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); 0 --------------------------------- 25892 153807/utils.c Buffer_Overflow_LowBound 2474 bit_rate = ctx -> bit_rate; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); bitrate = get_bit_rate(enc); return 4; return 8; return 16; return 24; return 32; return 64; return 0; return 2; return 3; return 4; return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); bit_rate = 0; return bit_rate; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); static int get_bit_rate(AVCodecContext *ctx) bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); 0 --------------------------------- 25893 153807/utils.c Buffer_Overflow_LowBound 2466 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); 0 --------------------------------- 25894 153807/utils.c Buffer_Overflow_LowBound 2435 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); 0 --------------------------------- 25895 153807/utils.c Buffer_Overflow_LowBound 2407 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); 0 --------------------------------- 25896 153807/utils.c Buffer_Overflow_LowBound 2403 AVCodec *experimental = ((void *)0); p = first_avcodec; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { p = p -> next; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { experimental = p; return experimental; return find_encdec(id,1); return find_encdec(id,0); return "none"; codec = avcodec_find_decoder(id); return codec -> name; codec = avcodec_find_encoder(id); return codec -> name; return "unknown_codec"; codec_type = av_get_media_type_string(enc -> codec_type); codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_encoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); const char *avcodec_get_name(enum AVCodecID id) cd = avcodec_descriptor_get(id); return cd -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_decoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); 0 --------------------------------- 25897 153807/utils.c Buffer_Overflow_LowBound 2370 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf_size = (buf_size > len?buf_size - len : 0); len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); 0 --------------------------------- 25898 153807/utils.c Buffer_Overflow_LowBound 2447 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); 0 --------------------------------- 25899 153807/utils.c Buffer_Overflow_cpycat 2563 struct annunciation_halftimes cert_gimbal; cluniac_demibath = getenv("SUBSPECIALIST_NONLOYALTY"); cert_gimbal . fruz_constipated = ((char *)cluniac_demibath); ungregariously_emerited[5] = cert_gimbal; pedule_phytopathogen[1] = 5; pedregal_tripetaloid = *(ungregariously_emerited + pedule_phytopathogen[1]); newt_ftnerr = ((char *)pedregal_tripetaloid . fruz_constipated); stonesoup_data = (struct stonesoup_struct*) malloc(sizeof(struct stonesoup_struct)); memset(stonesoup_data->buffer,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "INITIAL-STATE"); strcpy(stonesoup_data->buffer, newt_ftnerr); 1 --------------------------------- 25900 153709/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25901 153709/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25902 153036/string.c Buffer_Overflow_Indexes 65 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25903 153036/string.c Buffer_Overflow_Indexes 106 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25904 153036/string.c Buffer_Overflow_Indexes 111 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&commune_loudmouthed,"INFANGTHIEF_QUERELE"); if (commune_loudmouthed != 0) {; mesocephalism_calusa . lusterlessness_lithophile = ((char *)commune_loudmouthed); 0 --------------------------------- 25905 153062/main_statusbar.c Buffer_Overflow_Indexes 157 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25906 153531/emem.c Buffer_Overflow_Indexes 214 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&palewise_flagstick,"NICKS_PRIORITIZED"); if (palewise_flagstick != 0) {; rejuvenised_inviable = ((void *)palewise_flagstick); *flecken_ensheath = rejuvenised_inviable; 0 --------------------------------- 25907 153531/emem.c Buffer_Overflow_Indexes 317 ep_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_EP_NO_CHUNKS") == ((void *)0); ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 25908 153531/emem.c Buffer_Overflow_Indexes 1606 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1945))); 0 --------------------------------- 25909 153531/emem.c Buffer_Overflow_Indexes 1553 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1890))); 0 --------------------------------- 25910 153531/emem.c Buffer_Overflow_Indexes 1521 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1856))); 0 --------------------------------- 25911 153531/emem.c Buffer_Overflow_Indexes 319 ep_packet_mem . debug_verify_pointers = getenv("WIRESHARK_EP_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 25912 153531/emem.c Buffer_Overflow_Indexes 1571 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1909))); 0 --------------------------------- 25913 153531/emem.c Buffer_Overflow_Indexes 334 se_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_SE_NO_CHUNKS") == ((void *)0); se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 25914 153531/emem.c Buffer_Overflow_Indexes 1536 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1872))); 0 --------------------------------- 25915 153531/emem.c Buffer_Overflow_Indexes 2020 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 0 --------------------------------- 25916 153531/emem.c Buffer_Overflow_Indexes 1588 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1926))); 0 --------------------------------- 25917 153531/emem.c Buffer_Overflow_Indexes 336 se_packet_mem . debug_verify_pointers = getenv("WIRESHARK_SE_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 25918 153531/emem.c Buffer_Overflow_Indexes 209 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25919 153531/emem.c Buffer_Overflow_Indexes 335 se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 25920 153531/emem.c Buffer_Overflow_Indexes 168 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25921 153531/emem.c Buffer_Overflow_Indexes 318 ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 25922 153350/column-utils.c Buffer_Overflow_Indexes 105 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&hercynian_pontypool,"NEMATOLOGY_IMID"); if (hercynian_pontypool != 0) {; culottes_symbiotes = &hercynian_pontypool; infrabuccal_converters = ((char **)(((unsigned long )culottes_symbiotes) * sarcasmproof_phonatory * sarcasmproof_phonatory)) + 5; noncognizantly_monostich(infrabuccal_converters); void noncognizantly_monostich(char **overtorturing_tumps); 0 --------------------------------- 25923 153350/column-utils.c Buffer_Overflow_Indexes 59 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25924 153350/column-utils.c Buffer_Overflow_Indexes 100 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25925 153350/column-utils.c Buffer_Overflow_cpycat 2188 void noncognizantly_monostich(char **overtorturing_tumps) spences_gutium(overtorturing_tumps); void spences_gutium(char **stationery_gryllotalpa) guthrun_coconino = ((char *)( *(stationery_gryllotalpa - 5))); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, guthrun_coconino); 1 --------------------------------- 25926 153471/mux.c Buffer_Overflow_scanf 125 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&countergauge_laggins,"3876",contractable_hoptoads); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25927 153471/mux.c Buffer_Overflow_Indexes 123 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25928 153471/mux.c Buffer_Overflow_Indexes 77 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&countergauge_laggins,"3876",contractable_hoptoads); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); CARIFTA_FAKER(myodynamic_kessler); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25929 153336/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 25930 153336/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 25931 153720/resowner.c Buffer_Overflow_scanf 189 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&gotos_dahle,"7533",gnar_relocations); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25932 153720/resowner.c Buffer_Overflow_Indexes 187 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25933 153720/resowner.c Buffer_Overflow_Indexes 141 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&gotos_dahle,"7533",gnar_relocations); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25934 153720/resowner.c Buffer_Overflow_LowBound 730 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 25935 153720/resowner.c Buffer_Overflow_LowBound 721 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; int gnar_relocations = 91; char *gotos_dahle; stonesoup_read_taint(&gotos_dahle,"7533",gnar_relocations); nosean_metsky = gotos_dahle; multisacculate_bettongia = &nosean_metsky; amsonia_fordham = multisacculate_bettongia + 5; tapirine_intap = ((char *)( *(amsonia_fordham - 5))); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, tapirine_intap, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&gotos_dahle,"7533",gnar_relocations); nosean_metsky = gotos_dahle; multisacculate_bettongia = &nosean_metsky; amsonia_fordham = multisacculate_bettongia + 5; tapirine_intap = ((char *)( *(amsonia_fordham - 5))); strncpy(stonesoup_source, tapirine_intap, sizeof(stonesoup_source)); 0 --------------------------------- 25936 7/Buffer_overflow.c Buffer_Overflow_cpycat 3 int main(int argc, char **argv) { example(argv[1]); void example(char *s) { char buf[1024]; strcpy(buf, s); 1 --------------------------------- 25937 153490/tile-swap.c Buffer_Overflow_scanf 168 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&neele_uvularia,"9914",coagulose_ale); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25938 153490/tile-swap.c Buffer_Overflow_Indexes 166 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25939 153490/tile-swap.c Buffer_Overflow_Indexes 120 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&neele_uvularia,"9914",coagulose_ale); stonesoup_printf("string is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("string is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25940 153393/pgstat.c Buffer_Overflow_Indexes 268 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&alleviater_dehorn,"SURVEYAL_BEINKED"); stonesoup_stack_buffer_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buffer_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25941 153393/pgstat.c Buffer_Overflow_Indexes 309 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25942 153393/pgstat.c Buffer_Overflow_Indexes 314 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&alleviater_dehorn,"SURVEYAL_BEINKED"); if (alleviater_dehorn != 0) {; hilloas_belligerences[82] = alleviater_dehorn; offshoots_skidproof = hilloas_belligerences; personality_shellackers = ((char **)(((unsigned long )offshoots_skidproof) * genoise_shmaltzier * genoise_shmaltzier)) + 5; revitalizing_undelayed = ((char *)(personality_shellackers - 5)[82]); if ((personality_shellackers - 5)[82] != 0) free(((char *)(personality_shellackers - 5)[82])); 0 --------------------------------- 25943 153393/pgstat.c Buffer_Overflow_cpycat 2457 PgBackendStatus *localtable; localtable = ((PgBackendStatus *)(MemoryContextAlloc(pgStatLocalContext,sizeof(PgBackendStatus ) * MaxBackends))); localappname = ((char *)(MemoryContextAlloc(pgStatLocalContext,(64 * MaxBackends)))); beentry = BackendStatusArray; beentry++; localappname += 64; strcpy(localappname,((char *)(beentry -> st_appname))); 0 --------------------------------- 25944 153393/pgstat.c Buffer_Overflow_cpycat 2459 PgBackendStatus *localtable; localtable = ((PgBackendStatus *)(MemoryContextAlloc(pgStatLocalContext,sizeof(PgBackendStatus ) * MaxBackends))); localappname = ((char *)(MemoryContextAlloc(pgStatLocalContext,(64 * MaxBackends)))); localactivity = ((char *)(MemoryContextAlloc(pgStatLocalContext,(pgstat_track_activity_query_size * MaxBackends)))); beentry = BackendStatusArray; beentry++; localactivity += pgstat_track_activity_query_size; strcpy(localactivity,((char *)(beentry -> st_activity))); 0 --------------------------------- 25945 153393/pgstat.c Buffer_Overflow_cpycat 3582 char stonesoup_stack_buffer_64[64]; revitalizing_undelayed = ((char *)(personality_shellackers - 5)[82]); memset(stonesoup_stack_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buffer_64", stonesoup_stack_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_stack_buffer_64,revitalizing_undelayed); 1 --------------------------------- 25946 153479/file_wrappers.c Buffer_Overflow_Indexes 139 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25947 153479/file_wrappers.c Buffer_Overflow_Indexes 98 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 25948 153479/file_wrappers.c Buffer_Overflow_Indexes 144 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&strive_tachinidae,"CANUTE_MONOCARBONATE"); if (strive_tachinidae != 0) {; coholder_entreaties[1] = strive_tachinidae; plagueless_wealthiness(1,coholder_entreaties); void plagueless_wealthiness(int launceiot_insobriety,... ); 0 --------------------------------- 25949 153241/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&discommoning_memorablenesses,"9011",multilobular_libanophorous); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 25950 153241/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25951 153241/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&discommoning_memorablenesses,"9011",multilobular_libanophorous); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25952 153241/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25953 153241/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25954 153241/color.c Buffer_Overflow_Indexes 177 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25955 153241/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25956 153241/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25957 153241/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 25958 153241/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25959 153241/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25960 153241/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25961 153241/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25962 153241/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25963 153241/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25964 153241/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25965 153241/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25966 153241/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25967 153241/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25968 153241/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25969 153241/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25970 153241/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25971 153241/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25972 153241/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25973 153241/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25974 153241/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25975 153241/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25976 153241/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25977 153241/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25978 153241/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25979 148916/packet-ms-mms.c Buffer_Overflow_scanf 777 static void dissect_client_transport_info(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, guint offset, guint length_remaining) char protocol[3+1] = ""; guint ipaddr[4]; guint port; proto_tree_add_item(tree, hf_msmms_command_prefix1, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; proto_tree_add_item(tree, hf_msmms_command_prefix2, tvb, offset, 4, ENC_LITTLE_ENDIAN); offset += 4; offset += 4; offset += 4; offset += 4; transport_info = tvb_get_ephemeral_unicode_string(tvb, offset, length_remaining - 20, ENC_LITTLE_ENDIAN); transport_info, "Transport: (%s)", transport_info); fields_matched = sscanf(transport_info, "%*c%*c%u.%u.%u.%u%*c%3s%*c%u", &ipaddr[0], &ipaddr[1], &ipaddr[2], &ipaddr[3], protocol, &port); 0 --------------------------------- 25980 152934/conf_mod.c Buffer_Overflow_Indexes 568 file = getenv("OPENSSL_CONF"); if (file) { return BUF_strdup(file); file = CONF_get1_default_config_file(); if (!file) { if (NCONF_load(conf,file,((void *)0)) <= 0) { CRYPTO_free(file); 0 --------------------------------- 25981 152934/conf_mod.c Buffer_Overflow_Indexes 162 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25982 152934/conf_mod.c Buffer_Overflow_LowBound 677 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 25983 152934/conf_mod.c Buffer_Overflow_LowBound 668 void hypogenetic_access(void **ioniser_leegrant) char stonesoup_source[1024]; ergonomically_monotelephonic = ((char *)((char *)( *(ioniser_leegrant - 5)))); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, ergonomically_monotelephonic, sizeof(stonesoup_source)); 0 --------------------------------- 25984 153193/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 25985 153193/color.c Buffer_Overflow_Indexes 170 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 25986 153193/color.c Buffer_Overflow_Indexes 174 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25987 153193/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&zambezian_precis,"HIRELINGS_PIBLOCKTO"); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 25988 153193/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&zambezian_precis,"HIRELINGS_PIBLOCKTO"); if (zambezian_precis != 0) {; watercolourist_seibert = ((char *)zambezian_precis); stonesoup_buff_size = ((int )(strlen(watercolourist_seibert))); strncpy(stonesoup_heap_buff_64, watercolourist_seibert, 64); for (; stonesoup_ss_i < stonesoup_buff_size; ++stonesoup_ss_i){ if (zambezian_precis != 0) free(((char *)zambezian_precis)); 0 --------------------------------- 25989 153193/color.c Buffer_Overflow_Indexes 176 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 25990 153193/color.c Buffer_Overflow_LowBound 575 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *zambezian_precis; stonesoup_read_taint(&zambezian_precis,"HIRELINGS_PIBLOCKTO"); watercolourist_seibert = ((char *)zambezian_precis); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); stonesoup_buff_size = ((int )(strlen(watercolourist_seibert))); strncpy(stonesoup_heap_buff_64, watercolourist_seibert, 64); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&zambezian_precis,"HIRELINGS_PIBLOCKTO"); watercolourist_seibert = ((char *)zambezian_precis); stonesoup_buff_size = ((int )(strlen(watercolourist_seibert))); strncpy(stonesoup_heap_buff_64, watercolourist_seibert, 64); 0 --------------------------------- 25991 153193/color.c Buffer_Overflow_cpycat 233 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25992 153193/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25993 153193/color.c Buffer_Overflow_cpycat 198 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25994 153193/color.c Buffer_Overflow_cpycat 225 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25995 153193/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25996 153193/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25997 153193/color.c Buffer_Overflow_cpycat 366 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 25998 153193/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 25999 153193/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26000 153193/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26001 153193/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26002 153193/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26003 153193/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26004 153193/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26005 153193/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26006 153193/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26007 153193/color.c Buffer_Overflow_cpycat 190 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26008 153193/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26009 153193/color.c Buffer_Overflow_cpycat 345 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26010 153193/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26011 153193/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26012 153193/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26013 153193/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26014 153193/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26015 153799/conf_mod.c Buffer_Overflow_scanf 174 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&tribrachs_inflicted,"8967",idiospastic_farmership); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26016 153799/conf_mod.c Buffer_Overflow_Indexes 172 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26017 153799/conf_mod.c Buffer_Overflow_Indexes 697 file = getenv("OPENSSL_CONF"); if (file) { return BUF_strdup(file); file = CONF_get1_default_config_file(); if (!file) { if (NCONF_load(conf,file,((void *)0)) <= 0) { CRYPTO_free(file); 0 --------------------------------- 26018 153799/conf_mod.c Buffer_Overflow_Indexes 126 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26019 153799/conf_mod.c Buffer_Overflow_LowBound 785 void outrail_resiliences(char **sepion_paragraphically) uptuck_obscures(sepion_paragraphically); void uptuck_obscures(char **pharyngitic_knowledgably) char stonesoup_buffer[8]; obsidians_rookies = ((char *)pharyngitic_knowledgably[59]); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(obsidians_rookies)+1, obsidians_rookies, "TRIGGER-STATE"); strncpy(stonesoup_buffer,obsidians_rookies,strlen(obsidians_rookies) + 1); 1 --------------------------------- 26020 153394/error.c Buffer_Overflow_Indexes 73 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26021 153394/error.c Buffer_Overflow_Indexes 114 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26022 153394/error.c Buffer_Overflow_Indexes 119 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&palateful_commendingly,"GITONIN_SUBSTANTIABLE"); if (palateful_commendingly != 0) {; ferventness_kelwin = palateful_commendingly; imperiling_lobo = &ferventness_kelwin; kintra_phaeophyta = ((talclike_crista *)(((unsigned long )imperiling_lobo) * yeshiva_nominalness * yeshiva_nominalness)) + 5; intemerateness_primely(rexenite_parsaye,kintra_phaeophyta); void intemerateness_primely(int cephalotaceous_merula,talclike_crista *reveler_xanthoceras); 0 --------------------------------- 26023 153394/error.c Buffer_Overflow_LowBound 708 void intemerateness_primely(int cephalotaceous_merula,talclike_crista *reveler_xanthoceras) synezisis_dimercury = ((char *)( *(reveler_xanthoceras - 5))); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(synezisis_dimercury)+1, synezisis_dimercury, "TRIGGER-STATE"); strncpy(stonesoup_data, synezisis_dimercury, strlen(synezisis_dimercury) + 1); 1 --------------------------------- 26024 153109/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&punnets_catamnestic,"4630",santoro_rebemire); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26025 153109/color.c Buffer_Overflow_Indexes 180 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 26026 153109/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&punnets_catamnestic,"4630",santoro_rebemire); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26027 153109/color.c Buffer_Overflow_Indexes 186 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26028 153109/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26029 153109/color.c Buffer_Overflow_Indexes 184 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26030 153109/color.c Buffer_Overflow_LowBound 586 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; int santoro_rebemire = 91; char *punnets_catamnestic; stonesoup_read_taint(&punnets_catamnestic,"4630",santoro_rebemire); unfulfill_inviolate = ((char *)punnets_catamnestic); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, unfulfill_inviolate, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&punnets_catamnestic,"4630",santoro_rebemire); unfulfill_inviolate = ((char *)punnets_catamnestic); strncpy(stonesoup_source, unfulfill_inviolate, sizeof(stonesoup_source)); 0 --------------------------------- 26031 153109/color.c Buffer_Overflow_LowBound 595 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 26032 153109/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26033 153109/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26034 153109/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26035 153109/color.c Buffer_Overflow_cpycat 208 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26036 153109/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26037 153109/color.c Buffer_Overflow_cpycat 348 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26038 153109/color.c Buffer_Overflow_cpycat 222 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26039 153109/color.c Buffer_Overflow_cpycat 200 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26040 153109/color.c Buffer_Overflow_cpycat 376 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26041 153109/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26042 153109/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26043 153109/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26044 153109/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26045 153109/color.c Buffer_Overflow_cpycat 356 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26046 153109/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26047 153109/color.c Buffer_Overflow_cpycat 334 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26048 153109/color.c Buffer_Overflow_cpycat 235 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26049 153109/color.c Buffer_Overflow_cpycat 341 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26050 153109/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26051 153109/color.c Buffer_Overflow_cpycat 215 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26052 153109/color.c Buffer_Overflow_cpycat 355 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26053 153109/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26054 153109/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26055 153109/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26056 153530/bio_err.c Buffer_Overflow_scanf 145 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&diectasis_ecorse,"8416",coloreds_subaerial); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26057 153530/bio_err.c Buffer_Overflow_Indexes 97 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&diectasis_ecorse,"8416",coloreds_subaerial); PERIPHERICALLY_NONHUMANNESS(renewed_sphygmophonic); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26058 153530/bio_err.c Buffer_Overflow_Indexes 143 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26059 153530/bio_err.c Buffer_Overflow_LowBound 216 char stonesoup_source[1024]; coalescence_keven = ((char *)( *(nobbut_ordzhonikidze - 5)) . vitric_medimnus); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, coalescence_keven, sizeof(stonesoup_source)); 0 --------------------------------- 26060 153530/bio_err.c Buffer_Overflow_LowBound 225 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 26061 153370/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26062 153370/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26063 153258/column.c Buffer_Overflow_Indexes 100 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&cigarillos_marinna,"SCIMITARED_FURNESS"); if (cigarillos_marinna != 0) {; pacas_cathartically = &cigarillos_marinna; recutting_marmennill = pacas_cathartically + 5; rips_praxiteles = ((char *)( *(recutting_marmennill - 5))); stonesoup_taint_len = ((int )(strlen(rips_praxiteles))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_heap_buff_64[stonesoup_buff_size] = rips_praxiteles[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "CROSSOVER-STATE"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); free(stonesoup_heap_buff_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "FINAL-STATE"); if ( *(recutting_marmennill - 5) != 0) free(((char *)( *(recutting_marmennill - 5)))); void stonesoup_printf(char * format, ...) { stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); 0 --------------------------------- 26064 153258/column.c Buffer_Overflow_Indexes 95 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26065 153258/column.c Buffer_Overflow_Indexes 54 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&cigarillos_marinna,"SCIMITARED_FURNESS"); stonesoup_heap_buff_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buff_64[stonesoup_i]); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",&(stonesoup_heap_buff_64[stonesoup_buff_size+1])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26066 153450/oids.c Buffer_Overflow_Indexes 1325 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 26067 153450/oids.c Buffer_Overflow_Indexes 91 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); explorational_micropterygidae(waki_fritillaria); s vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); s stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26068 153450/oids.c Buffer_Overflow_Indexes 924 debatter_suppertime = getenv("TRANSGRESSED_SULFONAL"); if (debatter_suppertime != 0) {; laicity_akutagawa = ((int )(strlen(debatter_suppertime))); waki_fritillaria = ((char *)(malloc(laicity_akutagawa + 1))); if (waki_fritillaria == 0) { memset(waki_fritillaria,0,laicity_akutagawa + 1); memcpy(waki_fritillaria,debatter_suppertime,laicity_akutagawa); explorational_micropterygidae(waki_fritillaria); void explorational_micropterygidae(char *const pregladness_enseating) negatrons_famiglietti = ((char *)((char *)pregladness_enseating)); for (stonesoup_i = 0; stonesoup_i < strlen(negatrons_famiglietti); ++stonesoup_i) { negatrons_famiglietti[stonesoup_i], stonesoup_data->buffer[(int) negatrons_famiglietti[stonesoup_i]]); tracepoint(stonesoup_trace, variable_signed_integral, "((int) STONESOUP_TAINT_SOURCE[stonesoup_i])", ((int) negatrons_famiglietti[stonesoup_i]), &(negatrons_famiglietti[stonesoup_i]), "TRIGGER-STATE"); if (((char *)pregladness_enseating) != 0) free(((char *)((char *)pregladness_enseating))); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 26069 153450/oids.c Buffer_Overflow_Indexes 142 char *debug_env = getenv("WIRESHARK_DEBUG_MIBS"); debuglevel = ((debug_env?strtoul(debug_env,((void *)0),10) : 0)); 0 --------------------------------- 26070 199315/underrun_st_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==44 || vflag_file == 888) 0 --------------------------------- 26071 153283/color.c Buffer_Overflow_Indexes 154 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26072 153283/color.c Buffer_Overflow_Indexes 150 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 26073 153283/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(lornnesses_unworkmanlike)); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(lornnesses_unworkmanlike)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26074 153283/color.c Buffer_Overflow_Indexes 156 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26075 153283/color.c Buffer_Overflow_Indexes 546 reactive_monohydric = getenv("PUSHFUL_CHASTY"); if (reactive_monohydric != 0) {; lornnesses_unworkmanlike = ((char *)reactive_monohydric); stonesoup_other_buff[7] = lornnesses_unworkmanlike; stonesoup_buff_size = ((int )(strlen(lornnesses_unworkmanlike))); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_other_buff", stonesoup_other_buff, "INITIAL-STATE"); for (; stonesoup_buff_size >= 0; (--stonesoup_my_buff_size , --stonesoup_buff_size)) { stonesoup_stack_buff_64[stonesoup_my_buff_size] = lornnesses_unworkmanlike[stonesoup_buff_size]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buff_64", stonesoup_stack_buff_64, "CROSSOVER-STATE"); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(lornnesses_unworkmanlike)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); void stonesoup_printf(char * format, ...) { stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buff_64", stonesoup_stack_buff_64, "FINAL-STATE"); 0 --------------------------------- 26076 153283/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26077 153283/color.c Buffer_Overflow_cpycat 170 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26078 153283/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26079 153283/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26080 153283/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26081 153283/color.c Buffer_Overflow_cpycat 234 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26082 153283/color.c Buffer_Overflow_cpycat 185 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26083 153283/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26084 153283/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26085 153283/color.c Buffer_Overflow_cpycat 178 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26086 153283/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26087 153283/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26088 153283/color.c Buffer_Overflow_cpycat 241 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26089 153283/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26090 153283/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26091 153283/color.c Buffer_Overflow_cpycat 346 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26092 153283/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26093 153283/color.c Buffer_Overflow_cpycat 325 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26094 153283/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26095 153283/color.c Buffer_Overflow_cpycat 326 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26096 153283/color.c Buffer_Overflow_cpycat 192 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26097 153283/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26098 153283/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26099 153283/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26100 153612/tile-swap.c Buffer_Overflow_scanf 168 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&iin_mantle,"6802",nicoli_antiferromagnet); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26101 153612/tile-swap.c Buffer_Overflow_Indexes 166 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26102 153612/tile-swap.c Buffer_Overflow_Indexes 120 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26103 153612/tile-swap.c Buffer_Overflow_Indexes 640 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 26104 153666/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26105 153666/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26106 153214/pgstat.c Buffer_Overflow_Indexes 326 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&yeuking_ardussi,"BABAKOTO_PSYCHODRAMAS"); if (yeuking_ardussi != 0) {; premen_papist . terzet_alkalinuria = yeuking_ardussi; 0 --------------------------------- 26107 153214/pgstat.c Buffer_Overflow_Indexes 280 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26108 153214/pgstat.c Buffer_Overflow_Indexes 321 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26109 153214/pgstat.c Buffer_Overflow_LowBound 4131 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 26110 153214/pgstat.c Buffer_Overflow_LowBound 4122 union resina_unedging chairmen_ebenezer = {0}; va_list nonirritability_upwafts; __builtin_va_start(nonirritability_upwafts,budgereegah_unpropagable); chairmen_ebenezer = (va_arg(nonirritability_upwafts,union resina_unedging )); debs_adoniad(deathsman_workouts,chairmen_ebenezer); char stonesoup_source[1024]; memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, microfilaria_homeochromatism, sizeof(stonesoup_source)); void debs_adoniad(int hartsel_scribblemania,union resina_unedging ambari_trangams) microfilaria_homeochromatism = ((char *)ambari_trangams . terzet_alkalinuria); strncpy(stonesoup_source, microfilaria_homeochromatism, sizeof(stonesoup_source)); 0 --------------------------------- 26111 153214/pgstat.c Buffer_Overflow_cpycat 2472 PgBackendStatus *localtable; localtable = ((PgBackendStatus *)(MemoryContextAlloc(pgStatLocalContext,sizeof(PgBackendStatus ) * MaxBackends))); localappname = ((char *)(MemoryContextAlloc(pgStatLocalContext,(64 * MaxBackends)))); beentry = BackendStatusArray; beentry++; localappname += 64; strcpy(localappname,((char *)(beentry -> st_appname))); 0 --------------------------------- 26112 153214/pgstat.c Buffer_Overflow_cpycat 2474 PgBackendStatus *localtable; localtable = ((PgBackendStatus *)(MemoryContextAlloc(pgStatLocalContext,sizeof(PgBackendStatus ) * MaxBackends))); localappname = ((char *)(MemoryContextAlloc(pgStatLocalContext,(64 * MaxBackends)))); localactivity = ((char *)(MemoryContextAlloc(pgStatLocalContext,(pgstat_track_activity_query_size * MaxBackends)))); beentry = BackendStatusArray; beentry++; localactivity += pgstat_track_activity_query_size; strcpy(localactivity,((char *)(beentry -> st_activity))); 0 --------------------------------- 26113 153603/ffmpeg.c Buffer_Overflow_scanf 2572 char target[64]; char command[256]; char arg[256] = {(0)}; double time; buf[i] = 0; if (k > 0 && (n = sscanf(buf,"%63[^ ] %lf %255[^ ] %255[^\n]",target,&time,command,arg)) >= 3) { 0 --------------------------------- 26114 153603/ffmpeg.c Buffer_Overflow_scanf 2603 int debug = 0; if (scanf("%d",&debug) != 1) { 0 --------------------------------- 26115 153603/ffmpeg.c Buffer_Overflow_Indexes 199 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26116 153603/ffmpeg.c Buffer_Overflow_Indexes 3153 int main(int argc,char **argv) parse_loglevel(argc,argv,options); if (argc > 1 && !strcmp(argv[1],"-d")) { argc--; argv++; show_banner(argc,argv,options); ret = ffmpeg_parse_options(argc,argv); if (ret < 0) { 0 --------------------------------- 26117 153603/ffmpeg.c Buffer_Overflow_LowBound 1204 static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); 0 --------------------------------- 26118 153603/ffmpeg.c Buffer_Overflow_LowBound 1264 static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> coded_frame -> error[j]; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); 0 --------------------------------- 26119 153603/ffmpeg.c Buffer_Overflow_LowBound 1268 total_size = avio_size(oc -> pb); total_size = avio_tell(oc -> pb); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); 0 --------------------------------- 26120 153603/ffmpeg.c Buffer_Overflow_LowBound 1239 q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); double error_sum = 0; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); static double psnr(double d) return - 10.0 * log(d) / log(10.0); qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); static void close_output_stream(OutputStream *ost) ost -> finished = 1; static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double scale_sum = 0; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error_sum += error; scale_sum += scale; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); output_streams[i] -> unavailable = 0; if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); 0 --------------------------------- 26121 153603/ffmpeg.c Buffer_Overflow_LowBound 1935 static int init_input_stream(int ist_index,char *error,int error_len) InputStream *ist = input_streams[ist_index]; snprintf(error,error_len,"Error while opening decoder for input stream #%d:%d",ist -> file_index,ist -> st -> index); 0 --------------------------------- 26122 153603/ffmpeg.c Buffer_Overflow_LowBound 1261 output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); 0 --------------------------------- 26123 153603/ffmpeg.c Buffer_Overflow_LowBound 1243 static void close_output_stream(OutputStream *ost) ost -> finished = 1; output_streams[i] -> unavailable = 0; reset_eagain(); sub2video_heartbeat(ist,pkt . pts); ret = output_packet(ist,(&pkt)); reset_eagain(); ret = process_input(ist -> file_index); if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); 0 --------------------------------- 26124 153603/ffmpeg.c Buffer_Overflow_LowBound 1919 static int init_input_stream(int ist_index,char *error,int error_len) InputStream *ist = input_streams[ist_index]; snprintf(error,error_len,"Decoder (codec %s) not found for input stream #%d:%d",avcodec_get_name(ist -> st -> codec -> codec_id),ist -> file_index,ist -> st -> index); 0 --------------------------------- 26125 153603/ffmpeg.c Buffer_Overflow_LowBound 3237 void stonesoup_handle_taint(char *mannerlessness_stipels) union loka_upperer stopgaps_peevishness; stopgaps_peevishness . succumbence_gaea = mannerlessness_stipels; involuntary_nonhistorically = virgilia_anthropopathy(stopgaps_peevishness); union loka_upperer virgilia_anthropopathy(union loka_upperer dicasteries_morandi) return dicasteries_morandi; involuntary_nonhistorically = virgilia_anthropopathy(stopgaps_peevishness); dalliance_profilers = ((char *)involuntary_nonhistorically . succumbence_gaea); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(dalliance_profilers)+1, dalliance_profilers, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, dalliance_profilers, strlen(dalliance_profilers) + 1); 1 --------------------------------- 26126 153603/ffmpeg.c Buffer_Overflow_LowBound 2202 static InputStream *get_input_stream(OutputStream *ost) pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; char error[1024]; ost = output_streams[i]; ist = get_input_stream(ost); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ist = get_input_stream(ost); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) ost -> enc = avcodec_find_encoder(codec -> codec_id); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); if (!strcmp(ost -> enc -> name,"libx264")) { ist = get_input_stream(ost); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); 0 --------------------------------- 26127 153603/ffmpeg.c Buffer_Overflow_LowBound 1282 double duration = 0; duration = 1 / (av_q2d(ost -> frame_rate) * av_q2d(enc -> time_base)); sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = 1; nb_frames = 0; nb_frames = (lrintf(delta)); nb_frames = 0; nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { close_output_stream(ost); duration = 1 / (av_q2d(ost -> frame_rate) * av_q2d(enc -> time_base)); sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = 1; nb_frames = 0; nb_frames = (lrintf(delta)); nb_frames = 0; nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_drop++; nb_frames_drop++; nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { if (!ost -> filtered_frame && !(ost -> filtered_frame = avcodec_alloc_frame())) { avcodec_get_frame_defaults(ost -> filtered_frame); filtered_frame = ost -> filtered_frame; avfilter_copy_buf_props(filtered_frame,picref); do_video_out(of -> ctx,ost,filtered_frame); int64_t pts = - 9223372036854775807L - 1; static int qp_histogram['4']; total_size = avio_size(oc -> pb); total_size = avio_tell(oc -> pb); buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); bitrate = (pts && total_size >= 0?(total_size * 8) / (pts / 1000.0) : (- 1)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); av_bprintf(&buf_script,"dup_frames=%d\n",nb_frames_dup); av_bprintf(&buf_script,"drop_frames=%d\n",nb_frames_drop); return reap_filters(); ret = reap_filters(); if ((ret = transcode_from_filter(ost -> filter -> graph,&ist)) < 0) { return reap_filters(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static void do_video_out(AVFormatContext *s,OutputStream *ost,AVFrame *in_picture) sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = (lrintf(delta)); nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; do_video_out(of -> ctx,ost,filtered_frame); return reap_filters(); ret = transcode_step(); print_report(0,timer_start,cur_time); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); 0 --------------------------------- 26128 153603/ffmpeg.c Buffer_Overflow_LowBound 1199 ost -> finished = 1; ost = output_streams[i]; close_output_stream(output_streams[of -> ost_index + j]); output_streams[i] -> unavailable = 0; if (check_keyboard_interaction(cur_time) < 0) { if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); timer_start = av_gettime(); int64_t cur_time = av_gettime(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static void print_report(int is_last_report,int64_t timer_start,int64_t cur_time) float t = ((cur_time - timer_start) / 1000000.0); fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static void close_output_stream(OutputStream *ost) if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static int check_keyboard_interaction(int64_t cur_time) print_report(0,timer_start,cur_time); 0 --------------------------------- 26129 153603/ffmpeg.c Buffer_Overflow_LowBound 1266 int64_t pts = - 9223372036854775807L - 1; secs = (pts / 1000000); us = (pts % 1000000); mins = secs / 60; secs %= 60; hours = mins / 60; mins %= 60; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); 0 --------------------------------- 26130 153603/ffmpeg.c Buffer_Overflow_LowBound 2404 static InputStream *get_input_stream(OutputStream *ost) pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; char error[1024]; ost = output_streams[i]; ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; if (!oc -> oformat -> codec_tag || (av_codec_get_id(oc -> oformat -> codec_tag,icodec -> codec_tag)) == (codec -> codec_id) || !av_codec_get_tag2(oc -> oformat -> codec_tag,icodec -> codec_id,&codec_tag)) { if (!strcmp(oc -> oformat -> name,"avi")) { if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { if (!(oc -> oformat -> flags & 0002000) && strcmp(oc -> oformat -> name,"mov") && strcmp(oc -> oformat -> name,"mp4") && strcmp(oc -> oformat -> name,"3gp") && strcmp(oc -> oformat -> name,"3g2") && strcmp(oc -> oformat -> name,"psp") && strcmp(oc -> oformat -> name,"ipod") && strcmp(oc -> oformat -> name,"f4v")) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (!strcmp(ost -> enc -> name,"libx264")) { ost = output_streams[i]; AVCodecContext *dec = ((void *)0); if (ist = get_input_stream(ost)) { ost -> st -> codec -> subtitle_header = (av_mallocz((dec -> subtitle_header_size + 1))); memcpy((ost -> st -> codec -> subtitle_header),(dec -> subtitle_header),(dec -> subtitle_header_size)); ost -> st -> codec -> subtitle_header_size = dec -> subtitle_header_size; if ((ret = avcodec_open2(ost -> st -> codec,codec,&ost -> opts)) < 0) { if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); av_buffersink_set_frame_size(ost -> filter -> filter,(ost -> st -> codec -> frame_size)); av_opt_set_dict((ost -> st -> codec),&ost -> opts); if (ist = get_input_stream(ost)) { for (i = 0; i < nb_output_files; i++) { oc = output_files[i] -> ctx; oc -> interrupt_callback = int_cb; if ((ret = avformat_write_header(oc,&output_files[i] -> opts)) < 0) { char errbuf[128]; const char *errbuf_ptr = errbuf; if (av_strerror(ret,errbuf,sizeof(errbuf)) < 0) { errbuf_ptr = (strerror(-ret)); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); if (strcmp(oc -> oformat -> name,"rtp")) { if ((ret = avformat_write_header(oc,&output_files[i] -> opts)) < 0) { if (av_strerror(ret,errbuf,sizeof(errbuf)) < 0) { errbuf_ptr = (strerror(-ret)); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (ist = get_input_stream(ost)) { static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (ist = get_input_stream(ost)) { 0 --------------------------------- 26131 153603/ffmpeg.c Buffer_Overflow_LowBound 2352 char error[1024]; ost -> st -> disposition = ist -> st -> disposition; ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); if (!strcmp(ost -> enc -> name,"libx264")) { if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); av_buffersink_set_frame_size(ost -> filter -> filter,(ost -> st -> codec -> frame_size)); if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); 0 --------------------------------- 26132 153603/ffmpeg.c Buffer_Overflow_LowBound 2300 static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) int n = 1; int64_t *pts; size = n; pts = (av_malloc(sizeof(( *pts)) * size)); p = kf; char *next = strchr(p,','); *(next++) = 0; if (!memcmp(p,"chapters",8)) { if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); AVChapter *c = avf -> chapters[j]; pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost -> forced_kf_pts = pts; input_streams[j + ifile -> ist_index] -> start = av_gettime(); for (i = 0; i < nb_output_streams; i++) { ost = output_streams[i]; ist = get_input_stream(ost); return input_streams[ost -> source_index]; ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); ost -> encoding_needed = 1; ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); ost -> frame_rate = ist -> framerate; int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); codec -> time_base = av_inv_q(ost -> frame_rate); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); if (!strncmp((ost -> forced_keyframes),"expr:",5)) { parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); fg = init_simple_filtergraph(ist,ost); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); char logfilename[1024]; snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static InputStream *get_input_stream(OutputStream *ost) return ((void *)0); ist = get_input_stream(ost); ost -> frame_rate = ist -> framerate; codec -> time_base = av_inv_q(ost -> frame_rate); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); 0 --------------------------------- 26133 153603/ffmpeg.c Buffer_Overflow_LowBound 1271 static double psnr(double d) return - 10.0 * log(d) / log(10.0); static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); 0 --------------------------------- 26134 153603/ffmpeg.c Buffer_Overflow_LowBound 543 va_list va; char buf[1024]; __builtin_va_start(va,fmt); vsnprintf(buf,sizeof(buf),fmt,va); update_benchmark(((void *)0)); update_benchmark("encode_audio %d.%d",ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("encode_video %d.%d",ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("flush %s %d.%d",desc,ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("decode_audio %d.%d",ist -> file_index,ist -> st -> index); update_benchmark(((void *)0)); update_benchmark("decode_video %d.%d",ist -> file_index,ist -> st -> index); static void update_benchmark(const char *fmt,... ) __builtin_va_start(va,fmt); vsnprintf(buf,sizeof(buf),fmt,va); 0 --------------------------------- 26135 153603/ffmpeg.c Buffer_Overflow_LowBound 1213 buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); 0 --------------------------------- 26136 153603/ffmpeg.c Buffer_Overflow_LowBound 1223 ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); char type[3] = {('Y'), ('U'), ('V')}; error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); 0 --------------------------------- 26137 152946/file_wrappers.c Buffer_Overflow_Indexes 98 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26138 152946/file_wrappers.c Buffer_Overflow_Indexes 865 bspa_rubella = getenv("EQUABLE_UNCRINKLING"); if (bspa_rubella != 0) {; stoppableness_complimentarily = bspa_rubella; turtlings_unchromed = &stoppableness_complimentarily; lynndyl_upreared = ((noak_taking *)(((unsigned long )turtlings_unchromed) * marcellina_befraught * marcellina_befraught)) + 5; acnodal_unbedimmed(lynndyl_upreared); 0 --------------------------------- 26139 153787/dynahash.c Buffer_Overflow_Indexes 286 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&pozzuolanic_gynecophorous,"ANTHROPOIDEA_RAILWAYED"); if (pozzuolanic_gynecophorous != 0) {; candiel_unspherical = pozzuolanic_gynecophorous; galactopathy_renoir(1,candiel_unspherical); void galactopathy_renoir(int posi_unimplicated,... ) 0 --------------------------------- 26140 153787/dynahash.c Buffer_Overflow_Indexes 240 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&pozzuolanic_gynecophorous,"ANTHROPOIDEA_RAILWAYED"); if (((long )(calc_bucket(hctl,currElement -> hashvalue))) == old_bucket) { stonesoup_setup_printf_context(); stonesoup_read_taint(&pozzuolanic_gynecophorous,"ANTHROPOIDEA_RAILWAYED"); galactopathy_renoir(1,candiel_unspherical); stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26141 153787/dynahash.c Buffer_Overflow_Indexes 281 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26142 153787/dynahash.c Buffer_Overflow_LowBound 1579 char stonesoup_source[1024]; computerizing_infaust beryllonite_hexosamine = 0; va_list pyrolignous_myrrhis; __builtin_va_start(pyrolignous_myrrhis,posi_unimplicated); beryllonite_hexosamine = (va_arg(pyrolignous_myrrhis,computerizing_infaust )); moundy_pinatas = ((char *)beryllonite_hexosamine); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, moundy_pinatas, sizeof(stonesoup_source)); 0 --------------------------------- 26143 153787/dynahash.c Buffer_Overflow_LowBound 1588 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 26144 153787/dynahash.c Buffer_Overflow_cpycat 396 HTAB *hash_create(const char *tabname,long nelem,HASHCTL *info,int flags) CurrentDynaHashCxt = AllocSetContextCreate(CurrentDynaHashCxt,tabname,0,(8 * 1024),(8 * 1024 * 1024)); hashp = ((HTAB *)(DynaHashAlloc(sizeof(HTAB ) + strlen(tabname) + 1))); hashp -> tabname = ((char *)(hashp + 1)); strcpy(hashp -> tabname,tabname); 0 --------------------------------- 26145 152918/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26146 152918/color.c Buffer_Overflow_Indexes 180 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 26147 152918/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&nondefeat_elevatingly,"KELLINA_PENURIOUSLY"); stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26148 152918/color.c Buffer_Overflow_Indexes 184 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26149 152918/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&nondefeat_elevatingly,"KELLINA_PENURIOUSLY"); if (nondefeat_elevatingly != 0) {; tossers_choppin = ((char *)nondefeat_elevatingly); strncpy(stonesoup_source, tossers_choppin, sizeof(stonesoup_source)); if (nondefeat_elevatingly != 0) free(((char *)nondefeat_elevatingly)); 0 --------------------------------- 26150 152918/color.c Buffer_Overflow_Indexes 186 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26151 152918/color.c Buffer_Overflow_LowBound 597 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 26152 152918/color.c Buffer_Overflow_LowBound 588 stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; char *nondefeat_elevatingly; stonesoup_read_taint(&nondefeat_elevatingly,"KELLINA_PENURIOUSLY"); tossers_choppin = ((char *)nondefeat_elevatingly); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, tossers_choppin, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&nondefeat_elevatingly,"KELLINA_PENURIOUSLY"); tossers_choppin = ((char *)nondefeat_elevatingly); strncpy(stonesoup_source, tossers_choppin, sizeof(stonesoup_source)); 0 --------------------------------- 26153 152918/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26154 152918/color.c Buffer_Overflow_cpycat 257 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26155 152918/color.c Buffer_Overflow_cpycat 292 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26156 152918/color.c Buffer_Overflow_cpycat 208 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26157 152918/color.c Buffer_Overflow_cpycat 299 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26158 152918/color.c Buffer_Overflow_cpycat 348 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26159 152918/color.c Buffer_Overflow_cpycat 222 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26160 152918/color.c Buffer_Overflow_cpycat 200 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26161 152918/color.c Buffer_Overflow_cpycat 376 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26162 152918/color.c Buffer_Overflow_cpycat 264 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26163 152918/color.c Buffer_Overflow_cpycat 250 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26164 152918/color.c Buffer_Overflow_cpycat 306 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26165 152918/color.c Buffer_Overflow_cpycat 285 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26166 152918/color.c Buffer_Overflow_cpycat 356 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26167 152918/color.c Buffer_Overflow_cpycat 320 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26168 152918/color.c Buffer_Overflow_cpycat 334 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26169 152918/color.c Buffer_Overflow_cpycat 235 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26170 152918/color.c Buffer_Overflow_cpycat 341 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26171 152918/color.c Buffer_Overflow_cpycat 278 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26172 152918/color.c Buffer_Overflow_cpycat 215 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26173 152918/color.c Buffer_Overflow_cpycat 355 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26174 152918/color.c Buffer_Overflow_cpycat 313 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26175 152918/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26176 152918/color.c Buffer_Overflow_cpycat 271 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26177 153721/color.c Buffer_Overflow_scanf 170 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; sscanf(param,"%p",&fct_ptr_addr); char *impartibilibly_theogeological; stonesoup_read_taint(&impartibilibly_theogeological,"URTICA_UNDERBEAR"); antiperthite_rodsman = ((char *)impartibilibly_theogeological); stonesoup_fp = stonesoup_switch_func(antiperthite_rodsman); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&impartibilibly_theogeological,"URTICA_UNDERBEAR"); antiperthite_rodsman = ((char *)impartibilibly_theogeological); stonesoup_fp = stonesoup_switch_func(antiperthite_rodsman); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 26178 153721/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26179 153721/color.c Buffer_Overflow_Indexes 188 if (getenv("TERM") == ((void *)0)) { 0 --------------------------------- 26180 153721/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&impartibilibly_theogeological,"URTICA_UNDERBEAR"); stonesoup_fp = stonesoup_switch_func(antiperthite_rodsman); stonesoup_printf("strings are equal\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strings are equal\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26181 153721/color.c Buffer_Overflow_Indexes 194 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26182 153721/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&impartibilibly_theogeological,"URTICA_UNDERBEAR"); if (impartibilibly_theogeological != 0) {; antiperthite_rodsman = ((char *)impartibilibly_theogeological); stonesoup_fp = stonesoup_switch_func(antiperthite_rodsman); if (impartibilibly_theogeological != 0) free(((char *)impartibilibly_theogeological)); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; if (var_len == 0) { else if (var_len == 1) { sscanf(param,"%p",&fct_ptr_addr); return fct_ptr_addr; stonesoup_fp = stonesoup_switch_func(antiperthite_rodsman); tracepoint(stonesoup_trace, variable_address, "stonesoup_fp", stonesoup_fp, "TRIGGER-STATE"); stonesoup_cmp_flag = ( *stonesoup_fp)(stonesoup_rand_word,antiperthite_rodsman); if (stonesoup_cmp_flag == 0) 0 --------------------------------- 26183 153721/color.c Buffer_Overflow_Indexes 192 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26184 153721/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26185 153721/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26186 153721/color.c Buffer_Overflow_cpycat 363 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26187 153721/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26188 153721/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26189 153721/color.c Buffer_Overflow_cpycat 356 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26190 153721/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26191 153721/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26192 153721/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26193 153721/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26194 153721/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26195 153721/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26196 153721/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26197 153721/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26198 153721/color.c Buffer_Overflow_cpycat 384 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26199 153721/color.c Buffer_Overflow_cpycat 230 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26200 153721/color.c Buffer_Overflow_cpycat 243 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26201 153721/color.c Buffer_Overflow_cpycat 208 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26202 153721/color.c Buffer_Overflow_cpycat 364 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26203 153721/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26204 153721/color.c Buffer_Overflow_cpycat 328 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26205 153721/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26206 153721/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26207 153721/color.c Buffer_Overflow_cpycat 349 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26208 153153/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26209 153153/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26210 153504/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26211 153504/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26212 153271/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26213 153271/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26214 153391/ffmpeg.c Buffer_Overflow_scanf 2563 char target[64]; char command[256]; char arg[256] = {(0)}; double time; buf[i] = 0; if (k > 0 && (n = sscanf(buf,"%63[^ ] %lf %255[^ ] %255[^\n]",target,&time,command,arg)) >= 3) { 0 --------------------------------- 26215 153391/ffmpeg.c Buffer_Overflow_scanf 2594 int debug = 0; if (scanf("%d",&debug) != 1) { 0 --------------------------------- 26216 153391/ffmpeg.c Buffer_Overflow_Indexes 3144 int main(int argc,char **argv) parse_loglevel(argc,argv,options); if (argc > 1 && !strcmp(argv[1],"-d")) { argc--; argv++; show_banner(argc,argv,options); ret = ffmpeg_parse_options(argc,argv); if (ret < 0) { 0 --------------------------------- 26217 153391/ffmpeg.c Buffer_Overflow_Indexes 151 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); investigable_poring = dimpling_repraise(ulstering_wac); matatua_adamsun(humuslike_tidies,investigable_poring); sub2video_update(ist2,((void *)0)); sub2video_push_ref(ist2,pts2); sub2video_heartbeat(ist,pkt . pts); ret = output_packet(ist,(&pkt)); ret = decode_audio(ist,&avpkt,&got_output); ret = output_packet(ist,(&pkt)); ret = process_input(ist -> file_index); ret = transcode_step(); print_report(0,timer_start,cur_time); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); matatua_adamsun(nicotinic_teutonized,unmatchable_cuplike); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26218 153391/ffmpeg.c Buffer_Overflow_Indexes 290 dom_presumedly = getenv("GUR_MISERABILIA"); if (dom_presumedly != 0) {; ulstering_wac[10] = dom_presumedly; investigable_poring = dimpling_repraise(ulstering_wac); char **dimpling_repraise(char **rubeolas_balaenid); 0 --------------------------------- 26219 153391/ffmpeg.c Buffer_Overflow_LowBound 1230 double scale_sum = 0; p = psnr(error_sum / scale_sum); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); static void close_output_stream(OutputStream *ost) ost -> finished = 1; static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error_sum += error; scale_sum += scale; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); output_streams[i] -> unavailable = 0; if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); 0 --------------------------------- 26220 153391/ffmpeg.c Buffer_Overflow_LowBound 1910 static int init_input_stream(int ist_index,char *error,int error_len) InputStream *ist = input_streams[ist_index]; snprintf(error,error_len,"Decoder (codec %s) not found for input stream #%d:%d",avcodec_get_name(ist -> st -> codec -> codec_id),ist -> file_index,ist -> st -> index); 0 --------------------------------- 26221 153391/ffmpeg.c Buffer_Overflow_LowBound 2395 static InputStream *get_input_stream(OutputStream *ost) pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; char error[1024]; ost = output_streams[i]; ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; if (!oc -> oformat -> codec_tag || (av_codec_get_id(oc -> oformat -> codec_tag,icodec -> codec_tag)) == (codec -> codec_id) || !av_codec_get_tag2(oc -> oformat -> codec_tag,icodec -> codec_id,&codec_tag)) { if (!strcmp(oc -> oformat -> name,"avi")) { if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { if (!(oc -> oformat -> flags & 0002000) && strcmp(oc -> oformat -> name,"mov") && strcmp(oc -> oformat -> name,"mp4") && strcmp(oc -> oformat -> name,"3gp") && strcmp(oc -> oformat -> name,"3g2") && strcmp(oc -> oformat -> name,"psp") && strcmp(oc -> oformat -> name,"ipod") && strcmp(oc -> oformat -> name,"f4v")) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (!strcmp(ost -> enc -> name,"libx264")) { ost = output_streams[i]; AVCodecContext *dec = ((void *)0); if (ist = get_input_stream(ost)) { ost -> st -> codec -> subtitle_header = (av_mallocz((dec -> subtitle_header_size + 1))); memcpy((ost -> st -> codec -> subtitle_header),(dec -> subtitle_header),(dec -> subtitle_header_size)); ost -> st -> codec -> subtitle_header_size = dec -> subtitle_header_size; if ((ret = avcodec_open2(ost -> st -> codec,codec,&ost -> opts)) < 0) { if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); av_buffersink_set_frame_size(ost -> filter -> filter,(ost -> st -> codec -> frame_size)); av_opt_set_dict((ost -> st -> codec),&ost -> opts); if (ist = get_input_stream(ost)) { for (i = 0; i < nb_output_files; i++) { oc = output_files[i] -> ctx; oc -> interrupt_callback = int_cb; if ((ret = avformat_write_header(oc,&output_files[i] -> opts)) < 0) { if (av_strerror(ret,errbuf,sizeof(errbuf)) < 0) { errbuf_ptr = (strerror(-ret)); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); if (strcmp(oc -> oformat -> name,"rtp")) { if ((ret = avformat_write_header(oc,&output_files[i] -> opts)) < 0) { char errbuf[128]; const char *errbuf_ptr = errbuf; if (av_strerror(ret,errbuf,sizeof(errbuf)) < 0) { errbuf_ptr = (strerror(-ret)); snprintf(error,sizeof(error),"Could not write header for output file #%d (incorrect codec parameters ?): %s",i,errbuf_ptr); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (ist = get_input_stream(ost)) { static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); if (ist = get_input_stream(ost)) { 0 --------------------------------- 26222 153391/ffmpeg.c Buffer_Overflow_LowBound 1234 static double psnr(double d) return - 10.0 * log(d) / log(10.0); float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); scale = (enc -> width * enc -> height) * 255.0 * 255.0; error_sum += error; scale_sum += scale; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; reset_eagain(); sub2video_heartbeat(ist,pkt . pts); ret = output_packet(ist,(&pkt)); ret = process_input(ist -> file_index); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); error = enc -> error[j]; error_sum += error; p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); static void close_output_stream(OutputStream *ost) ost -> finished = 1; static int qp_histogram['4']; buf[0] = '\0'; ost = output_streams[i]; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); output_streams[i] -> unavailable = 0; if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); 0 --------------------------------- 26223 153391/ffmpeg.c Buffer_Overflow_LowBound 2343 char error[1024]; ost -> st -> disposition = ist -> st -> disposition; ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; if (!strcmp(ost -> enc -> name,"libx264")) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); av_buffersink_set_frame_size(ost -> filter -> filter,(ost -> st -> codec -> frame_size)); if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { static InputStream *get_input_stream(OutputStream *ost) if (ist = get_input_stream(ost)) { snprintf(error,sizeof(error),"Error while opening encoder for output stream #%d:%d - maybe incorrect parameters such as bit_rate, rate, width or height",ost -> file_index,ost -> index); 0 --------------------------------- 26224 153391/ffmpeg.c Buffer_Overflow_LowBound 1195 static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); 0 --------------------------------- 26225 153391/ffmpeg.c Buffer_Overflow_LowBound 2193 static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; char error[1024]; ost = output_streams[i]; ist = get_input_stream(ost); ost -> enc = avcodec_find_encoder(codec -> codec_id); ist = get_input_stream(ost); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ist = get_input_stream(ost); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); if (!strcmp(ost -> enc -> name,"libx264")) { ist = get_input_stream(ost); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); 0 --------------------------------- 26226 153391/ffmpeg.c Buffer_Overflow_LowBound 534 va_list va; char buf[1024]; __builtin_va_start(va,fmt); vsnprintf(buf,sizeof(buf),fmt,va); update_benchmark(((void *)0)); update_benchmark("encode_audio %d.%d",ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("encode_video %d.%d",ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("flush %s %d.%d",desc,ost -> file_index,ost -> index); update_benchmark(((void *)0)); update_benchmark("decode_audio %d.%d",ist -> file_index,ist -> st -> index); update_benchmark(((void *)0)); update_benchmark("decode_video %d.%d",ist -> file_index,ist -> st -> index); static void update_benchmark(const char *fmt,... ) __builtin_va_start(va,fmt); vsnprintf(buf,sizeof(buf),fmt,va); 0 --------------------------------- 26227 153391/ffmpeg.c Buffer_Overflow_LowBound 2291 static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) int n = 1; int64_t *pts; size = n; pts = (av_malloc(sizeof(( *pts)) * size)); p = kf; char *next = strchr(p,','); *(next++) = 0; if (!memcmp(p,"chapters",8)) { if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); AVChapter *c = avf -> chapters[j]; pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; if (avf -> nb_chapters > (2147483647 - size) || !(pts = (av_realloc_f(pts,(size += avf -> nb_chapters - 1),sizeof(( *pts)))))) { p = next; char *next = strchr(p,','); if (!memcmp(p,"chapters",8)) { t = (p[8]?parse_time_or_die("force_key_frames",(p + 8),1) : 0); pts[index++] = av_rescale_q(c -> start,c -> time_base,avctx -> time_base) + t; qsort(pts,size,sizeof(( *pts)),compare_int64); ost -> forced_kf_pts = pts; input_streams[j + ifile -> ist_index] -> start = av_gettime(); for (i = 0; i < nb_output_streams; i++) { ost = output_streams[i]; ist = get_input_stream(ost); return input_streams[ost -> source_index]; return ((void *)0); ist = get_input_stream(ost); ost -> st -> disposition = ist -> st -> disposition; if (copy_tb < 0 && av_q2d(ist -> st -> r_frame_rate) >= av_q2d(ist -> st -> avg_frame_rate) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(ist -> st -> time_base) && 0.5 / av_q2d(ist -> st -> r_frame_rate) > av_q2d(icodec -> time_base) && av_q2d(ist -> st -> time_base) < 1.0 / 500 && av_q2d(icodec -> time_base) < 1.0 / 500 || copy_tb == 2) { ost -> st -> avg_frame_rate = ist -> st -> avg_frame_rate; ost -> enc = avcodec_find_encoder(codec -> codec_id); snprintf(error,sizeof(error),"Encoder (codec %s) not found for output stream #%d:%d",avcodec_get_name(ost -> st -> codec -> codec_id),ost -> file_index,ost -> index); ost -> encoding_needed = 1; ost -> frame_rate = av_buffersink_get_frame_rate(ost -> filter -> filter); ost -> frame_rate = ist -> framerate; int idx = av_find_nearest_q_idx(ost -> frame_rate,ost -> enc -> supported_framerates); ost -> frame_rate = ost -> enc -> supported_framerates[idx]; codec -> channels = avfilter_link_get_channels(ost -> filter -> filter -> inputs[0]); codec -> time_base = av_inv_q(ost -> frame_rate); codec -> width = ost -> filter -> filter -> inputs[0] -> w; codec -> height = ost -> filter -> filter -> inputs[0] -> h; codec -> sample_aspect_ratio = ost -> st -> sample_aspect_ratio = (ost -> frame_aspect_ratio?av_d2q((ost -> frame_aspect_ratio * (codec -> height) / (codec -> width)),255) : ost -> filter -> filter -> inputs[0] -> sample_aspect_ratio); if (!strncmp((ost -> forced_keyframes),"expr:",5)) { parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); fg = init_simple_filtergraph(ist,ost); parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); char logfilename[1024]; snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); static void parse_forced_key_frames(char *kf,OutputStream *ost,AVCodecContext *avctx) parse_forced_key_frames(ost -> forced_keyframes,ost,ost -> st -> codec); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); static InputStream *get_input_stream(OutputStream *ost) ist = get_input_stream(ost); snprintf(logfilename,sizeof(logfilename),"%s-%d.log",(ost -> logfile_prefix?ost -> logfile_prefix : "ffmpeg2pass"),i); 0 --------------------------------- 26228 153391/ffmpeg.c Buffer_Overflow_LowBound 1259 total_size = avio_size(oc -> pb); total_size = avio_tell(oc -> pb); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); 0 --------------------------------- 26229 153391/ffmpeg.c Buffer_Overflow_LowBound 1257 int64_t pts = - 9223372036854775807L - 1; secs = (pts / 1000000); us = (pts % 1000000); mins = secs / 60; secs %= 60; hours = mins / 60; mins %= 60; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); 0 --------------------------------- 26230 153391/ffmpeg.c Buffer_Overflow_LowBound 1273 nb_frames = 0; nb_frames = (lrintf(delta)); nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { close_output_stream(ost); double duration = 0; delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = (lrintf(delta)); nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { duration = 1 / (av_q2d(ost -> frame_rate) * av_q2d(enc -> time_base)); sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = 1; nb_frames = 0; nb_frames = (lrintf(delta)); nb_frames = 0; nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_drop++; nb_frames_drop++; nb_frames_dup += nb_frames - 1; if (!check_recording_time(ost)) { if (!ost -> filtered_frame && !(ost -> filtered_frame = avcodec_alloc_frame())) { avcodec_get_frame_defaults(ost -> filtered_frame); filtered_frame = ost -> filtered_frame; avfilter_copy_buf_props(filtered_frame,picref); do_video_out(of -> ctx,ost,filtered_frame); int64_t pts = - 9223372036854775807L - 1; static int qp_histogram['4']; total_size = avio_size(oc -> pb); total_size = avio_tell(oc -> pb); buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); bitrate = (pts && total_size >= 0?(total_size * 8) / (pts / 1000.0) : (- 1)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); av_bprintf(&buf_script,"dup_frames=%d\n",nb_frames_dup); av_bprintf(&buf_script,"drop_frames=%d\n",nb_frames_drop); return reap_filters(); ret = reap_filters(); if ((ret = transcode_from_filter(ost -> filter -> graph,&ist)) < 0) { return reap_filters(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=N/A"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); static void do_video_out(AVFormatContext *s,OutputStream *ost,AVFrame *in_picture) sync_ipts = (in_picture -> pts); delta = sync_ipts - (ost -> sync_opts) + duration; nb_frames = (lrintf(delta)); nb_frames = ((nb_frames > ost -> max_frames - (ost -> frame_number)?ost -> max_frames - (ost -> frame_number) : nb_frames)); nb_frames_dup += nb_frames - 1; do_video_out(of -> ctx,ost,filtered_frame); return reap_filters(); ret = transcode_step(); print_report(0,timer_start,cur_time); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf)," dup=%d drop=%d",nb_frames_dup,nb_frames_drop); 0 --------------------------------- 26231 153391/ffmpeg.c Buffer_Overflow_LowBound 1252 output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); 0 --------------------------------- 26232 153391/ffmpeg.c Buffer_Overflow_LowBound 1214 ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); char type[3] = {('Y'), ('U'), ('V')}; error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); 0 --------------------------------- 26233 153391/ffmpeg.c Buffer_Overflow_LowBound 1262 static double psnr(double d) return - 10.0 * log(d) / log(10.0); static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=N/A time="); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%02d:%02d:%02d.%02d ",hours,mins,secs,100 * us / 1000000); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"bitrate=%6.1fkbits/s",bitrate); 0 --------------------------------- 26234 153391/ffmpeg.c Buffer_Overflow_LowBound 1255 static int qp_histogram['4']; buf[0] = '\0'; float q = (- 1); q = (enc -> coded_frame -> quality) / ((float )'v'); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); if (qp >= 0 && qp < sizeof(qp_histogram) / sizeof(qp_histogram[0])) { qp_histogram[qp]++; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error_sum += error; scale_sum += scale; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; p = psnr(error / scale); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"size=%8.0fkB time=",total_size / 1024.0); 0 --------------------------------- 26235 153391/ffmpeg.c Buffer_Overflow_LowBound 1204 buf[0] = '\0'; float q = (- 1); ost = output_streams[i]; q = (enc -> coded_frame -> quality) / ((float )'v'); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); double error_sum = 0; double scale_sum = 0; char type[3] = {('Y'), ('U'), ('V')}; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"PSNR="); error = enc -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; error = enc -> coded_frame -> error[j]; scale = (enc -> width * enc -> height) * 255.0 * 255.0; scale /= 4; error_sum += error; scale_sum += scale; p = psnr(error / scale); av_bprintf(&buf_script,"stream_%d_%d_psnr_%c=%2.2f\n",ost -> file_index,ost -> index,type[j] | 32,p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); p = psnr(error_sum / scale_sum); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); static double psnr(double d) return - 10.0 * log(d) / log(10.0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%X",((int )(lrintf((log2((qp_histogram[j] + 1))))))); 0 --------------------------------- 26236 153391/ffmpeg.c Buffer_Overflow_LowBound 1190 ost -> finished = 1; close_output_stream(output_streams[of -> ost_index + j]); output_streams[i] -> unavailable = 0; reset_eagain(); timer_start = av_gettime(); int64_t cur_time = av_gettime(); if (check_keyboard_interaction(cur_time) < 0) { if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); scale = (enc -> width * enc -> height) * 255.0 * 255.0 * frame_number; p = psnr(error / scale); output_streams[i] -> unavailable = 0; reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"L"); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); av_bprintf(&buf_script,"stream_%d_%d_q=%.1f\n",ost -> file_index,ost -> index,q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static double psnr(double d) return - 10.0 * log(d) / log(10.0); p = psnr(error / scale); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"%c:%2.2f ",type[j],p); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"*:%2.2f ",psnr(error_sum / scale_sum)); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"q=%2.1f ",q); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static void close_output_stream(OutputStream *ost) if (!need_output()) { ret = transcode_step(); ost = choose_output(); if (got_eagain()) { reset_eagain(); ret = transcode_step(); print_report(0,timer_start,cur_time); free_input_threads(); flush_encoders(); term_exit(); print_report(1,timer_start,av_gettime()); ost = output_streams[i]; frame_number = ost -> frame_number; fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); av_bprintf(&buf_script,"frame=%d\n",frame_number); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); static int check_keyboard_interaction(int64_t cur_time) print_report(0,timer_start,cur_time); static void print_report(int is_last_report,int64_t timer_start,int64_t cur_time) float t = ((cur_time - timer_start) / 1000000.0); fps = (t > 1?frame_number / t : 0); snprintf(buf + strlen(buf),sizeof(buf) - strlen(buf),"frame=%5d fps=%3.*f q=%3.1f ",frame_number,fps < 9.95,fps,q); 0 --------------------------------- 26237 153391/ffmpeg.c Buffer_Overflow_LowBound 1926 static int init_input_stream(int ist_index,char *error,int error_len) InputStream *ist = input_streams[ist_index]; snprintf(error,error_len,"Error while opening decoder for input stream #%d:%d",ist -> file_index,ist -> st -> index); 0 --------------------------------- 26238 153535/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26239 153535/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26240 153811/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26241 153811/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26242 153617/emem.c Buffer_Overflow_Indexes 1610 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1890))); 0 --------------------------------- 26243 153617/emem.c Buffer_Overflow_Indexes 177 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&cellular_studite,"SPECTERLIKE_SEMICARBAZONE"); parent = emem_tree_parent(node); grandparent = emem_tree_parent(parent); stonesoup_setup_printf_context(); stonesoup_read_taint(&cellular_studite,"SPECTERLIKE_SEMICARBAZONE"); pococurantism_aceldamas = polyesters_immaturely(tupler_omnivident); stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26244 153617/emem.c Buffer_Overflow_Indexes 327 ep_packet_mem . debug_verify_pointers = getenv("WIRESHARK_EP_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 26245 153617/emem.c Buffer_Overflow_Indexes 1593 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1872))); 0 --------------------------------- 26246 153617/emem.c Buffer_Overflow_Indexes 218 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26247 153617/emem.c Buffer_Overflow_Indexes 1663 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1945))); 0 --------------------------------- 26248 153617/emem.c Buffer_Overflow_Indexes 343 se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 26249 153617/emem.c Buffer_Overflow_Indexes 1628 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1909))); 0 --------------------------------- 26250 153617/emem.c Buffer_Overflow_Indexes 1578 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1856))); 0 --------------------------------- 26251 153617/emem.c Buffer_Overflow_Indexes 223 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&cellular_studite,"SPECTERLIKE_SEMICARBAZONE"); if (cellular_studite != 0) {; tupler_omnivident . unwaving_pycnogonidium = cellular_studite; pococurantism_aceldamas = polyesters_immaturely(tupler_omnivident); union undercommander_overfee polyesters_immaturely(union undercommander_overfee talmudize_unintentionally) return talmudize_unintentionally; pococurantism_aceldamas = polyesters_immaturely(tupler_omnivident); if (pococurantism_aceldamas . unwaving_pycnogonidium != 0) { bastard_studbook = ((char *)pococurantism_aceldamas . unwaving_pycnogonidium); stonesoup_buff_size = strlen(bastard_studbook) + 1; stonesoup_size = stonesoup_other_size < stonesoup_buff_size ? stonesoup_other_size : stonesoup_buff_size; for (stonesoup_i = 0; stonesoup_i < stonesoup_size; stonesoup_i++) { bastard_studbook[stonesoup_buff_size - stonesoup_i - 1]; stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1] = for (stonesoup_i = 0; stonesoup_i < stonesoup_buff_size; stonesoup_i++) { stonesoup_printf("%02x",stonesoup_other_buff[stonesoup_other_size - stonesoup_i - 1]); free (stonesoup_other_buff); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buff_size", stonesoup_buff_size, &stonesoup_buff_size, "TRIGGER-STATE"); if (pococurantism_aceldamas . unwaving_pycnogonidium != 0) free(((char *)pococurantism_aceldamas . unwaving_pycnogonidium)); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 26252 153617/emem.c Buffer_Overflow_Indexes 326 ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 26253 153617/emem.c Buffer_Overflow_Indexes 342 se_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_SE_NO_CHUNKS") == ((void *)0); se_packet_mem . debug_use_canary = se_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_SE_USE_CANARY") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 26254 153617/emem.c Buffer_Overflow_Indexes 325 ep_packet_mem . debug_use_chunks = getenv("WIRESHARK_DEBUG_EP_NO_CHUNKS") == ((void *)0); ep_packet_mem . debug_use_canary = ep_packet_mem . debug_use_chunks && getenv("WIRESHARK_DEBUG_EP_NO_CANARY") == ((void *)0); emem_init_chunk(&ep_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&ep_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 26255 153617/emem.c Buffer_Overflow_Indexes 344 se_packet_mem . debug_verify_pointers = getenv("WIRESHARK_SE_VERIFY_POINTERS") != ((void *)0); emem_init_chunk(&se_packet_mem); static void emem_init_chunk(emem_header_t *mem) if (mem -> debug_use_canary) { emem_canary_init(mem -> canary); if (mem -> debug_use_chunks) { emem_init_chunk(&se_packet_mem); static void emem_canary_init(guint8 *canary) 0 --------------------------------- 26256 153617/emem.c Buffer_Overflow_Indexes 1645 getenv("WIRESHARK_ABORT_ON_DISSECTOR_BUG") != ((void *)0)?abort() : except_throw(1,4,(ep_strdup_printf("%s:%u: failed assertion \"DISSECTOR_ASSERT_NOT_REACHED\"","emem.c",1926))); 0 --------------------------------- 26257 149042/red.c Buffer_Overflow_Indexes 159 n = fread(p, 1, SSL_HDR_LEN, stdin); rr->type = *p++; s->s3->major = *p++; s->s3->minor = *p++; version = (s->s3->major << 8) | s->s3->minor; if (s->version != version) s->version, version); fprintf(stderr, "%s: version mismatch: ssl %x packet %x\n", n2s(p, rr->length); if (rr->length > s->s3->rbuf.len - SSL_HDR_LEN) { rr->length, s->s3->rbuf.len - SSL_HDR_LEN); n = fread(p, 1, rr->length, stdin); s->packet = &(s->s3->rbuf.buf[0]); void ssl3_get_record(SSL *s) SSL3_RECORD *rr = &s->s3->rrec; SSL3_BUFFER *rb = &s->s3->rbuf; if (s->version != version) s->version, version); ssl3_get_record(s); examine_hb_packet(s); void examine_hb_packet(SSL *s) SSL3_RECORD *rr = &s->s3->rrec; examine_hb_packet(s); (void) tls1_process_heartbeat(s); s->bio_should_retry++; int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) SSL3_RECORD *rr = &s->s3->rrec; ssl3_get_record(s); n = ssl3_read_bytes(s, SSL3_RT_APPLICATION_DATA, if (n == -1 && !s->bio_should_retry) int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) ssl3_get_record(s); int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) n = ssl3_read_bytes(s, SSL3_RT_APPLICATION_DATA, int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) ssl3_get_record(s); int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) n = ssl3_read_bytes(s, SSL3_RT_APPLICATION_DATA, int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) ssl3_get_record(s); 0 --------------------------------- 26258 153470/mutex.c Buffer_Overflow_Indexes 146 moonblink_scrunching = getenv("SCHENE_ENCHORIC"); if (moonblink_scrunching != 0) {; cuya_hemiganus . babeship_accessors = ((char *)moonblink_scrunching); conidiophorous_whiskerandos[ *( *spumier_secretes)] = cuya_hemiganus; gerodontia_hippocratism = conidiophorous_whiskerandos[ *( *spumier_secretes)]; nincom_resuperheat(gerodontia_hippocratism); 0 --------------------------------- 26259 153470/mutex.c Buffer_Overflow_Indexes 48 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26260 153470/mutex.c Buffer_Overflow_cpycat 191 rhizomic_aposiopestic = ((char *)grosz_jon . babeship_accessors); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, rhizomic_aposiopestic); 1 --------------------------------- 26261 199313/st_underrun_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==43 || vflag_file == 888) 0 --------------------------------- 26262 153515/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&saltary_brininess,"5835",upcaught_chemosmotic); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26263 153515/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&saltary_brininess,"5835",upcaught_chemosmotic); stonesoup_data.buffer[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data.buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data.buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26264 153515/color.c Buffer_Overflow_Indexes 185 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26265 153515/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26266 153515/color.c Buffer_Overflow_Indexes 187 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26267 153515/color.c Buffer_Overflow_LowBound 586 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int upcaught_chemosmotic = 53; char *saltary_brininess; stonesoup_read_taint(&saltary_brininess,"5835",upcaught_chemosmotic); lived_strongylidosis = ((char *)saltary_brininess); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(lived_strongylidosis)+1, lived_strongylidosis, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, lived_strongylidosis, strlen(lived_strongylidosis) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&saltary_brininess,"5835",upcaught_chemosmotic); lived_strongylidosis = ((char *)saltary_brininess); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(lived_strongylidosis)+1, lived_strongylidosis, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, lived_strongylidosis, strlen(lived_strongylidosis) + 1); 1 --------------------------------- 26268 153515/color.c Buffer_Overflow_cpycat 223 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26269 153515/color.c Buffer_Overflow_cpycat 314 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26270 153515/color.c Buffer_Overflow_cpycat 201 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26271 153515/color.c Buffer_Overflow_cpycat 377 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26272 153515/color.c Buffer_Overflow_cpycat 265 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26273 153515/color.c Buffer_Overflow_cpycat 251 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26274 153515/color.c Buffer_Overflow_cpycat 307 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26275 153515/color.c Buffer_Overflow_cpycat 356 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26276 153515/color.c Buffer_Overflow_cpycat 293 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26277 153515/color.c Buffer_Overflow_cpycat 328 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26278 153515/color.c Buffer_Overflow_cpycat 258 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26279 153515/color.c Buffer_Overflow_cpycat 349 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26280 153515/color.c Buffer_Overflow_cpycat 342 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26281 153515/color.c Buffer_Overflow_cpycat 335 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26282 153515/color.c Buffer_Overflow_cpycat 236 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26283 153515/color.c Buffer_Overflow_cpycat 279 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26284 153515/color.c Buffer_Overflow_cpycat 300 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26285 153515/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26286 153515/color.c Buffer_Overflow_cpycat 286 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26287 153515/color.c Buffer_Overflow_cpycat 357 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26288 153515/color.c Buffer_Overflow_cpycat 321 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26289 153515/color.c Buffer_Overflow_cpycat 244 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26290 153515/color.c Buffer_Overflow_cpycat 272 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26291 153515/color.c Buffer_Overflow_cpycat 209 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26292 153509/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&esophagoscope_dunham,"9602",workroom_dilettantism); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26293 153509/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26294 153509/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&esophagoscope_dunham,"9602",workroom_dilettantism); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26295 153509/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26296 153509/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26297 153509/color.c Buffer_Overflow_LowBound 591 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 26298 153509/color.c Buffer_Overflow_LowBound 582 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; int workroom_dilettantism = 91; char *esophagoscope_dunham; stonesoup_read_taint(&esophagoscope_dunham,"9602",workroom_dilettantism); outbend_cyprian = ((char *)esophagoscope_dunham); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, outbend_cyprian, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&esophagoscope_dunham,"9602",workroom_dilettantism); outbend_cyprian = ((char *)esophagoscope_dunham); strncpy(stonesoup_source, outbend_cyprian, sizeof(stonesoup_source)); 0 --------------------------------- 26299 153509/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26300 153509/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26301 153509/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26302 153509/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26303 153509/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26304 153509/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26305 153509/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26306 153509/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26307 153509/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26308 153509/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26309 153509/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26310 153509/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26311 153509/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26312 153509/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26313 153509/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26314 153509/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26315 153509/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26316 153509/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26317 153509/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26318 153509/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26319 153509/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26320 153509/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26321 153509/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26322 153509/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26323 152967/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26324 152967/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26325 152967/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&undisbursed_puris,"FRITTERING_HYBRIDISED"); stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26326 152967/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26327 152967/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&undisbursed_puris,"FRITTERING_HYBRIDISED"); if (undisbursed_puris != 0) {; campanularian_babroot = ((char *)undisbursed_puris); strcpy(stonesoup_heap_buffer_64, campanularian_babroot); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "CROSSOVER-STATE"); for (; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_opt_var", stonesoup_opt_var, &stonesoup_opt_var, "FINAL-STATE"); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); if (undisbursed_puris != 0) free(((char *)undisbursed_puris)); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_heap_buffer_64[stonesoup_i] = stonesoup_toupper(stonesoup_heap_buffer_64[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "BEFORE-FREE"); stonesoup_printf("%s\n",stonesoup_heap_buffer_64); void stonesoup_printf(char * format, ...) { free(stonesoup_heap_buffer_64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "FINAL-STATE"); 0 --------------------------------- 26328 152967/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26329 152967/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26330 152967/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26331 152967/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26332 152967/color.c Buffer_Overflow_cpycat 584 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *undisbursed_puris; stonesoup_read_taint(&undisbursed_puris,"FRITTERING_HYBRIDISED"); campanularian_babroot = ((char *)undisbursed_puris); stonesoup_heap_buffer_64 = (char*) malloc(64 * sizeof(char)); memset(stonesoup_heap_buffer_64,0,64); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buffer_64", stonesoup_heap_buffer_64, "INITIAL-STATE"); strcpy(stonesoup_heap_buffer_64, campanularian_babroot); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&undisbursed_puris,"FRITTERING_HYBRIDISED"); campanularian_babroot = ((char *)undisbursed_puris); strcpy(stonesoup_heap_buffer_64, campanularian_babroot); 1 --------------------------------- 26333 152967/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26334 152967/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26335 152967/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26336 152967/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26337 152967/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26338 152967/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26339 152967/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26340 152967/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26341 152967/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26342 152967/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26343 152967/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26344 152967/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26345 152967/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26346 152967/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26347 152967/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26348 152967/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26349 152967/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26350 152967/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26351 152967/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26352 152967/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26353 153621/avdevice.c Buffer_Overflow_Indexes 36 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26354 153621/avdevice.c Buffer_Overflow_Indexes 135 chutzpah_toader = getenv("SILKWORKER_REFORMER"); if (chutzpah_toader != 0) {; toxophile_depraver = chutzpah_toader; rockman_ottweilian(1,toxophile_depraver); void rockman_ottweilian(int unwithered_necroscopy,... ); 0 --------------------------------- 26355 153621/avdevice.c Buffer_Overflow_Indexes 480 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 0 --------------------------------- 26356 304/basic-00048-med.c Buffer_Overflow_LowBound 62 char buf[10]; src[18 - 1] = '\0'; len = 18; strncpy(buf, src, len); 1 --------------------------------- 26357 153170/column-utils.c Buffer_Overflow_Indexes 97 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26358 153170/column-utils.c Buffer_Overflow_LowBound 2159 void nonlactic_magisteries(char **sacrodorsal_nonfictional) char stonesoup_buffer[8]; isenstein_dodos = ((char *)sacrodorsal_nonfictional[24]); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(isenstein_dodos)+1, isenstein_dodos, "TRIGGER-STATE"); strncpy(stonesoup_buffer,isenstein_dodos,strlen(isenstein_dodos) + 1); 1 --------------------------------- 26359 153743/stream.c Buffer_Overflow_Indexes 108 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26360 153743/stream.c Buffer_Overflow_Indexes 149 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26361 153743/stream.c Buffer_Overflow_Indexes 154 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&shelducks_litherly,"WOOLFELLS_SCLEROTIZED"); if (shelducks_litherly != 0) {; grammar_serfdoms . macapa_airsheds = ((char *)shelducks_litherly); hemiteratic_palaeolithy[5] = grammar_serfdoms; unbranded_repatency = *(hemiteratic_palaeolithy + acronyctous_corrosived[1]); backfired_crambambuli(unbranded_repatency); void backfired_crambambuli(struct somewhy_mutter marcgrave_unitrivalent); 0 --------------------------------- 26362 153032/timestamp.c Buffer_Overflow_Indexes 132 abrus_ultraobstinate = getenv("XUI_BASKETRY"); if (abrus_ultraobstinate != 0) {; amides_alguazil . narrows_dichroiscope = abrus_ultraobstinate; naggers_retrenchments[5] = amides_alguazil; venosities_recognition = *(naggers_retrenchments + *counterirritate_ralph); arginines_apotropaically(venosities_recognition); 0 --------------------------------- 26363 153032/timestamp.c Buffer_Overflow_Indexes 61 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26364 153032/timestamp.c Buffer_Overflow_LowBound 183 stonesoup_buff[63] = '\0'; stonesoup_source[1023] = 0; if (strlen(stonesoup_source) + 1 <= sizeof(stonesoup_buff)) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buff", strlen(stonesoup_buff)+1, stonesoup_buff, "TRIGGER-STATE"); strncpy(stonesoup_buff,stonesoup_source,sizeof(stonesoup_source)); 1 --------------------------------- 26365 153032/timestamp.c Buffer_Overflow_LowBound 174 char stonesoup_source[1024]; hyloid_dealable = ((char *)bloxberg_misbelieving . narrows_dichroiscope); memset(stonesoup_source,0,1024); strncpy(stonesoup_source,hyloid_dealable,sizeof(stonesoup_source)); 0 --------------------------------- 26366 153740/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26367 153740/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26368 153209/avdevice.c Buffer_Overflow_scanf 87 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&overnumerously_accoutres,"5475",predifferent_unroll); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26369 153209/avdevice.c Buffer_Overflow_Indexes 85 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26370 153209/avdevice.c Buffer_Overflow_Indexes 39 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&overnumerously_accoutres,"5475",predifferent_unroll); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 26371 153591/e_camellia.c Buffer_Overflow_Indexes 122 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26372 153591/e_camellia.c Buffer_Overflow_Indexes 627 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); if (stonesoup_input_string != 0) { for (stonesoup_i = 0; stonesoup_i < strlen((char *) stonesoup_input_string); ++stonesoup_i) { if (stonesoup_input_string[stonesoup_i] < 0) ++stonesoup_data->buffer[stonesoup_input_string[stonesoup_i]]; 0 --------------------------------- 26373 149049/mem-bad.c Buffer_Overflow_Indexes 26 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) p = strdup(str); if(p) { printf("result: %s\n", p); free(p); free(p); 0 --------------------------------- 26374 153122/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26375 153122/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26376 153095/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26377 153095/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26378 153114/tile.c Buffer_Overflow_Indexes 88 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26379 153114/tile.c Buffer_Overflow_LowBound 385 stonesoup_data.buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data.buffer", strlen(stonesoup_data.buffer)+1, stonesoup_data.buffer, "TRIGGER-STATE"); strncpy(stonesoup_data.buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 26380 153114/tile.c Buffer_Overflow_LowBound 376 void pskov_sacrificeable(int hyperlithuria_nonohmic,char **naida_wittier) char stonesoup_source[1024]; nauseas_tumble = ((char *)((char **)naida_wittier)[1]); stonesoup_source[stonesoup_i] = 0; strncpy(stonesoup_source, nauseas_tumble, sizeof(stonesoup_source)); stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { strncpy(stonesoup_source, nauseas_tumble, sizeof(stonesoup_source)); 0 --------------------------------- 26381 153233/bio_err.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26382 153345/eng_table.c Buffer_Overflow_scanf 151 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&arnoldson_futiley,"1992",ragouting_superadditional); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26383 153345/eng_table.c Buffer_Overflow_Indexes 149 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26384 153345/eng_table.c Buffer_Overflow_Indexes 103 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26385 153345/eng_table.c Buffer_Overflow_LowBound 876 collector_leadsmen = ((char *)( *( *( *( *( *( *( *( *( *( *superfine_degusts))))))))))[1]); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, collector_leadsmen, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, collector_leadsmen, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, collector_leadsmen, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, collector_leadsmen, stonesoup_buffer_len); 1 --------------------------------- 26386 153345/eng_table.c Buffer_Overflow_LowBound 851 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, collector_leadsmen, stonesoup_buffer_len); 0 --------------------------------- 26387 149059/ahscpy1-bad.c Buffer_Overflow_Indexes 44 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) while((*p++ = *str++)) 0 --------------------------------- 26388 153019/mutex.c Buffer_Overflow_scanf 98 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&estab_strangerwise,"5201",lai_hanses); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26389 153019/mutex.c Buffer_Overflow_Indexes 50 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&estab_strangerwise,"5201",lai_hanses); RACIER_FLUIDIFICATION(shopboys_orchestrational); stonesoup_toupper(stonesoup_data->buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26390 153019/mutex.c Buffer_Overflow_Indexes 96 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26391 153019/mutex.c Buffer_Overflow_LowBound 221 stonesoup_data->buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_data->buffer", strlen(stonesoup_data->buffer)+1, stonesoup_data->buffer, "TRIGGER-STATE"); strncpy(stonesoup_data->buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 26392 153019/mutex.c Buffer_Overflow_LowBound 212 void infernally_translating(union luminescent_marksville morita_interfilamentar) char stonesoup_source[1024]; ectosarc_unmanumitted = ((char *)morita_interfilamentar . ported_emerged); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, ectosarc_unmanumitted, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { *stonesoup_tainted_buff = NULL; if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; union luminescent_marksville nucleiferous_asarabacca; int lai_hanses = 91; char *estab_strangerwise;; stonesoup_read_taint(&estab_strangerwise,"5201",lai_hanses); nucleiferous_asarabacca . ported_emerged = estab_strangerwise; gerfalcon_quinque[ *( *perlucidus_anterolateral)] = nucleiferous_asarabacca; shopboys_orchestrational = gerfalcon_quinque[ *( *perlucidus_anterolateral)]; RACIER_FLUIDIFICATION(shopboys_orchestrational); 0 --------------------------------- 26393 152900/avdevice.c Buffer_Overflow_scanf 86 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&pokorny_resiliate,"3161",chloromycetin_updress); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26394 152900/avdevice.c Buffer_Overflow_Indexes 84 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26395 152900/avdevice.c Buffer_Overflow_Indexes 38 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&pokorny_resiliate,"3161",chloromycetin_updress); stonesoup_printf("string is too short to test\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("string is too short to test\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26396 1605/scpy4-bad.c Buffer_Overflow_cpycat 48 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) str2 = shortstr(str, strlen(str), 80); shortstr(char *p, int n, int targ) return shortstr(p+1, n-1, targ); return p; return shortstr(p+1, n-1, targ); char buf[MAXSIZE], *str2; str2 = shortstr(str, strlen(str), 80); strcpy(buf, str2); 1 --------------------------------- 26397 153690/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26398 153690/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26399 152908/utils.c Buffer_Overflow_Indexes 2533 bbl_cupromanganese = getenv("CLITORIDECTOMY_SAUNTER"); if (bbl_cupromanganese != 0) {; refreshers_wiliest = evemerus_predestining(bbl_cupromanganese); char *evemerus_predestining(char *disjects_hypogeugea) return disjects_hypogeugea; refreshers_wiliest = evemerus_predestining(bbl_cupromanganese); outdreaming_lilburn = ((char *)refreshers_wiliest); strncpy(stonesoup_buffer, outdreaming_lilburn, stonesoup_buffer_len); *stonesoup_buffer_ptr = outdreaming_lilburn; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); strncpy(stonesoup_buffer, outdreaming_lilburn, stonesoup_buffer_len); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); if (stonesoup_buffer_ptr != 0) { free(stonesoup_buffer_ptr); 0 --------------------------------- 26400 152908/utils.c Buffer_Overflow_Indexes 70 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); refreshers_wiliest = evemerus_predestining(bbl_cupromanganese); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26401 152908/utils.c Buffer_Overflow_LowBound 2421 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); AVRational display_aspect_ratio; buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); 0 --------------------------------- 26402 152908/utils.c Buffer_Overflow_LowBound 2460 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); 0 --------------------------------- 26403 152908/utils.c Buffer_Overflow_LowBound 2575 bbl_cupromanganese = getenv("CLITORIDECTOMY_SAUNTER"); refreshers_wiliest = evemerus_predestining(bbl_cupromanganese); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, outdreaming_lilburn, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, outdreaming_lilburn, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); strncpy(stonesoup_buffer, outdreaming_lilburn, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, outdreaming_lilburn, stonesoup_buffer_len); char *evemerus_predestining(char *disjects_hypogeugea) return disjects_hypogeugea; refreshers_wiliest = evemerus_predestining(bbl_cupromanganese); outdreaming_lilburn = ((char *)refreshers_wiliest); strncpy(stonesoup_buffer, outdreaming_lilburn, stonesoup_buffer_len); 1 --------------------------------- 26404 152908/utils.c Buffer_Overflow_LowBound 2463 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); 0 --------------------------------- 26405 152908/utils.c Buffer_Overflow_LowBound 2436 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); 0 --------------------------------- 26406 152908/utils.c Buffer_Overflow_LowBound 1255 char buf[128]; av_log(avctx,16,"Specified pixel format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_pix_fmt_name(avctx -> pix_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> pix_fmt); 0 --------------------------------- 26407 152908/utils.c Buffer_Overflow_LowBound 2550 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, outdreaming_lilburn, stonesoup_buffer_len); 0 --------------------------------- 26408 152908/utils.c Buffer_Overflow_LowBound 2468 static int get_bit_rate(AVCodecContext *ctx) bit_rate = ctx -> bit_rate; bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); bit_rate = 0; return bit_rate; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); av_reduce(&display_aspect_ratio . num,&display_aspect_ratio . den,(enc -> width * enc -> sample_aspect_ratio . num),(enc -> height * enc -> sample_aspect_ratio . den),(1024 * 1024)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 1"); snprintf(buf + strlen(buf),buf_size - strlen(buf),", pass 2"); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return 4; return 16; return 32; return 64; return 0; return 2; bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return 4; bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); return 8; return 3; return av_get_exact_bits_per_sample(codec_id); bits_per_sample = av_get_bits_per_sample(ctx -> codec_id); return 24; return av_get_exact_bits_per_sample(codec_id); bit_rate = (bits_per_sample?ctx -> sample_rate * ctx -> channels * bits_per_sample : ctx -> bit_rate); return bit_rate; return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); bitrate = get_bit_rate(enc); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d kb/s",bitrate / 1000); 0 --------------------------------- 26409 152908/utils.c Buffer_Overflow_LowBound 2406 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); codec_tag >>= 8; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); 0 --------------------------------- 26410 152908/utils.c Buffer_Overflow_LowBound 2414 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); return ((void *)0); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); 0 --------------------------------- 26411 152908/utils.c Buffer_Overflow_LowBound 2364 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf_size = (buf_size > len?buf_size - len : 0); len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); 0 --------------------------------- 26412 152908/utils.c Buffer_Overflow_LowBound 2401 void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); 0 --------------------------------- 26413 152908/utils.c Buffer_Overflow_LowBound 2397 AVCodec *experimental = ((void *)0); p = first_avcodec; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { experimental = p; p = p -> next; if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return experimental; return find_encdec(id,1); return find_encdec(id,0); return "none"; codec = avcodec_find_decoder(id); return codec -> name; codec = avcodec_find_encoder(id); return codec -> name; return "unknown_codec"; codec_type = av_get_media_type_string(enc -> codec_type); codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_encoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); const char *avcodec_get_name(enum AVCodecID id) cd = avcodec_descriptor_get(id); return cd -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); int av_codec_is_decoder(const AVCodec *codec) if (((encoder?av_codec_is_encoder(p) : av_codec_is_decoder(p))) && (p -> id) == id) { return p; return find_encdec(id,0); codec = avcodec_find_decoder(id); return codec -> name; codec_name = avcodec_get_name(enc -> codec_id); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); 0 --------------------------------- 26414 152908/utils.c Buffer_Overflow_LowBound 2441 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d Hz",enc -> sample_rate); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) const char *profile = ((void *)0); snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); av_strlcat(buf,", ",buf_size); av_get_channel_layout_string(buf + strlen(buf),(buf_size - strlen(buf)),enc -> channels,enc -> channel_layout); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_sample_fmt_name(enc -> sample_fmt)); 0 --------------------------------- 26415 152908/utils.c Buffer_Overflow_LowBound 2429 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); int g = (av_gcd(enc -> time_base . num,enc -> time_base . den)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", q=%d-%d",enc -> qmin,enc -> qmax); 0 --------------------------------- 26416 152908/utils.c Buffer_Overflow_LowBound 1242 int avcodec_open(AVCodecContext *avctx,AVCodec *codec) return avcodec_open2(avctx,codec,((void *)0)); int avcodec_open2(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) if (av_codec_is_decoder(codec)) { if (av_codec_is_encoder(avctx -> codec)) { int av_codec_is_encoder(const AVCodec *codec) if (av_codec_is_encoder(avctx -> codec)) { if (avctx -> channels == 1 && (av_get_planar_sample_fmt(avctx -> sample_fmt)) == (av_get_planar_sample_fmt(avctx -> codec -> sample_fmts[i]))) { avctx -> sample_fmt = avctx -> codec -> sample_fmts[i]; char buf[128]; snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); av_log(avctx,16,"Specified sample format %s is invalid or not supported\n",((char *)(av_x_if_null((av_get_sample_fmt_name(avctx -> sample_fmt)),buf)))); snprintf(buf,sizeof(buf),"%d",avctx -> sample_fmt); int ff_codec_open2_recursive(AVCodecContext *avctx,const AVCodec *codec,AVDictionary **options) ret = avcodec_open2(avctx,codec,options); 0 --------------------------------- 26417 152908/utils.c Buffer_Overflow_LowBound 2450 len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); buf[0] ^= 'a' ^ 'A'; snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 26418 152908/utils.c Buffer_Overflow_LowBound 2425 size_t av_get_codec_tag_string(char *buf,size_t buf_size,unsigned int codec_tag) len = snprintf(buf,buf_size,(((codec_tag & 0xff) >= 48 && (codec_tag & 0xff) <= '9' || (codec_tag & 0xff) >= 'a' && (codec_tag & 0xff) <= 'z' || (codec_tag & 0xff) >= 'A' && (codec_tag & 0xff) <= 'Z' || ((codec_tag & 0xff) == '.' || (codec_tag & 0xff) == 32 || (codec_tag & 0xff) == '-' || (codec_tag & 0xff) == '_')?"%c" : "[%d]")),codec_tag & 0xff); buf += len; codec_tag >>= 8; const char *profile = ((void *)0); buf[0] ^= 'a' ^ 'A'; char tag_buf[32]; av_get_codec_tag_string(tag_buf,sizeof(tag_buf),enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf)," [SAR %d:%d DAR %d:%d]",enc -> sample_aspect_ratio . num,enc -> sample_aspect_ratio . den,display_aspect_ratio . num,display_aspect_ratio . den); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); return ((void *)0); return ((void *)0); profile = av_get_profile_name(p,enc -> profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s)",profile); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%s / 0x%04X)",tag_buf,enc -> codec_tag); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %s",av_get_pix_fmt_name(enc -> pix_fmt)); snprintf(buf + strlen(buf),buf_size - strlen(buf)," (%d bpc)",enc -> bits_per_raw_sample); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); void avcodec_string(char *buf,int buf_size,AVCodecContext *enc,int encode) snprintf(buf,buf_size,"%s: %s%s",(codec_type?codec_type : "unknown"),codec_name,(enc -> mb_decision?" (hq)" : "")); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %dx%d",enc -> width,enc -> height); snprintf(buf + strlen(buf),buf_size - strlen(buf),", %d/%d",enc -> time_base . num / g,enc -> time_base . den / g); 0 --------------------------------- 26419 316/basic-00051-med.c Buffer_Overflow_LowBound 65 char buf[10]; src[18 - 1] = '\0'; strncpy(buf, src, function1(18)); int function1(int arg1) return arg1; strncpy(buf, src, function1(18)); 1 --------------------------------- 26420 153629/avpacket.c Buffer_Overflow_Indexes 78 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26421 153629/avpacket.c Buffer_Overflow_Indexes 488 stonesoup_input_string = (signed char *) getenv("INPUT_STRING"); tracepoint(stonesoup_trace, variable_buffer, "((char *)stonesoup_input_string)", ((char *)stonesoup_input_string), "INITIAL-STATE"); if (stonesoup_input_string != 0) { for (stonesoup_ss_i = 0; stonesoup_ss_i < strlen((char *)stonesoup_input_string); ++stonesoup_ss_i) { if (stonesoup_input_string[stonesoup_ss_i] < 0) ++stonesoup_stack_buff[stonesoup_input_string[stonesoup_ss_i]]; 0 --------------------------------- 26422 152998/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26423 152998/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26424 152884/mem_dbg.c Buffer_Overflow_scanf 303 stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; sscanf(param,"%p",&fct_ptr_addr); dampcourse_lornnesses = ((char *)( *classicolatry_superabstractly) . pratincole_superodorsal); stonesoup_fp = stonesoup_switch_func(dampcourse_lornnesses); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 26425 152884/mem_dbg.c Buffer_Overflow_Indexes 222 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26426 152884/mem_dbg.c Buffer_Overflow_Indexes 263 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26427 152884/mem_dbg.c Buffer_Overflow_Indexes 268 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&imager_marsala,"TOYER_MCA"); if (imager_marsala != 0) {; pung_ethanoyl . pratincole_superodorsal = ((char *)imager_marsala); heterophyllous_reimburser = &pung_ethanoyl; extol_bassetts(heterophyllous_reimburser); 0 --------------------------------- 26428 153476/column.c Buffer_Overflow_Indexes 1136 pantascope_swagbellied = getenv("COCCYGOMORPH_BLOODYING"); if (pantascope_swagbellied != 0) {; negritos_balakirev = ((void *)pantascope_swagbellied); retaliate_multichrome = &negritos_balakirev; euplotid_orchideously = &retaliate_multichrome; conjured_bivoluminous = &euplotid_orchideously; discriminators_careeners = &conjured_bivoluminous; pollable_blowier = &discriminators_careeners; starchmen_nemichthys = &pollable_blowier; termagancy_unsuspectful = &starchmen_nemichthys; flightiest_londinensian = &termagancy_unsuspectful; karamu_aerogels = &flightiest_londinensian; sudatory_blandishers = &karamu_aerogels; heteroclitical_porte = &sudatory_blandishers; revomit_parasigmatism = &heteroclitical_porte; preconceals_librarian = &revomit_parasigmatism; coattail_sionite = &preconceals_librarian; wonga_unjamming = &coattail_sionite; involution_glycerolate = &wonga_unjamming; blockholer_teadish = &involution_glycerolate; amplexicaul_kingsides = &blockholer_teadish; aldebaran_noncorrupt = &lexicaul_kingsides; unwholesome_nepheline = &aldebaran_noncorrupt; viaduct_bluesides = &unwholesome_nepheline; rangoon_unlionlike = &viaduct_bluesides; grete_coerciveness = &rangoon_unlionlike; caterers_redivision = &grete_coerciveness; osric_wanworth = &caterers_redivision; unremittable_huswives = &osric_wanworth; subcurate_workshops = &unremittable_huswives; 0 --------------------------------- 26429 153476/column.c Buffer_Overflow_Indexes 55 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26430 153476/column.c Buffer_Overflow_LowBound 1419 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 26431 153476/column.c Buffer_Overflow_LowBound 1410 void heliolatrous_petaurist(void ***************************************************riane_anapaestic) bonjour_rarotonga(riane_anapaestic); void bonjour_rarotonga(void ***************************************************poa_noncooperation) char stonesoup_source[1024]; outslip_oneill = ((char *)((char *)( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *poa_noncooperation)))))))))))))))))))))))))))))))))))))))))))))))))))); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, outslip_oneill, sizeof(stonesoup_source)); 0 --------------------------------- 26432 153364/cmdutils.c Buffer_Overflow_Indexes 1671 c = getchar(); while(c != '\n' && c != - 1) 0 --------------------------------- 26433 153364/cmdutils.c Buffer_Overflow_Indexes 120 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26434 153364/cmdutils.c Buffer_Overflow_Indexes 1668 int c = getchar(); int yesno = av_toupper(c) == 'Y'; while(c != '\n' && c != - 1) return yesno; 0 --------------------------------- 26435 153364/cmdutils.c Buffer_Overflow_Indexes 490 if ((env = (getenv("FFREPORT"))) || idx) { init_report(env); static int init_report(const char *env); 0 --------------------------------- 26436 153364/cmdutils.c Buffer_Overflow_LowBound 1732 f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); 0 --------------------------------- 26437 153364/cmdutils.c Buffer_Overflow_LowBound 1735 FILE *get_preset_file(char *filename,size_t filename_size,const char *preset_name,int is_path,const char *codec_name) snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),preset_name); f = fopen(filename,"r"); snprintf(filename,filename_size,"%s%s/%s-%s.ffpreset",base[i],(i != 1?"" : "/.ffmpeg"),codec_name,preset_name); 0 --------------------------------- 26438 153364/cmdutils.c Buffer_Overflow_LowBound 1257 printf("%s %s [%s]:\n",(encoder?"Encoder" : "Decoder"),c -> name,(c -> long_name?c -> long_name : "")); char name[16]; snprintf(name,sizeof(name),"%d", *p); show_help_children(c -> priv_class,1 | 2); if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { while(prev = (av_codec_next(prev))){ if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { return prev; return ((void *)0); while(codec = next_codec_for_id(desc -> id,codec,encoder)){ print_codec(codec); *(par++) = 0; show_help_codec(par,0); show_help_codec(par,1); static void print_codec(const AVCodec *c) int encoder = av_codec_is_encoder(c); const int *p = c -> supported_samplerates; snprintf(name,sizeof(name),"%d", *p); p++; snprintf(name,sizeof(name),"%d", *p); print_codec(codec); while(codec = next_codec_for_id(desc -> id,codec,encoder)){ static const AVCodec *next_codec_for_id(enum AVCodecID id,const AVCodec *prev,int encoder) while(prev = (av_codec_next(prev))){ if ((prev -> id) == id && ((encoder?av_codec_is_encoder(prev) : av_codec_is_decoder(prev)))) { return prev; while(codec = next_codec_for_id(desc -> id,codec,encoder)){ print_codec(codec); static void print_codec(const AVCodec *c) const int *p = c -> supported_samplerates; snprintf(name,sizeof(name),"%d", *p); static void show_help_codec(const char *name,int encoder) codec = ((encoder?avcodec_find_encoder_by_name(name) : avcodec_find_decoder_by_name(name))); print_codec(codec); int show_help(void *optctx,const char *opt,const char *arg) topic = av_strdup((arg?arg : "")); par = strchr(topic,'='); show_help_codec(par,1); show_help_children(child,flags); print_codec(codec); 0 --------------------------------- 26439 153004/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26440 153004/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26441 153217/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26442 153217/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26443 152891/color.c Buffer_Overflow_Indexes 543 molybdic_huccatoon = getenv("BORESOMENESS_TEETY"); if (molybdic_huccatoon != 0) {; spunking_hidalgoism = ((char *)molybdic_huccatoon); stonesoup_buffer = malloc((strlen(spunking_hidalgoism) + 1) * sizeof(char )); if (stonesoup_buffer == 0) { strcpy(stonesoup_buffer,spunking_hidalgoism); if (stonesoup_buffer[0] >= 97) { stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); if (stonesoup_buffer != 0) { free(stonesoup_buffer); char stonesoup_process_buffer(char *buffer_param) first_char = buffer_param[0] - 97; free(buffer_param); return first_char; stonesoup_printf("Index of first char: %i\n",stonesoup_process_buffer(stonesoup_buffer)); void stonesoup_printf(char * format, ...) { 0 --------------------------------- 26444 152891/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26445 152891/color.c Buffer_Overflow_Indexes 155 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26446 152891/color.c Buffer_Overflow_Indexes 157 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26447 152891/color.c Buffer_Overflow_cpycat 312 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26448 152891/color.c Buffer_Overflow_cpycat 327 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26449 152891/color.c Buffer_Overflow_cpycat 214 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26450 152891/color.c Buffer_Overflow_cpycat 347 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26451 152891/color.c Buffer_Overflow_cpycat 552 molybdic_huccatoon = getenv("BORESOMENESS_TEETY"); spunking_hidalgoism = ((char *)molybdic_huccatoon); stonesoup_buffer = malloc((strlen(spunking_hidalgoism) + 1) * sizeof(char )); strcpy(stonesoup_buffer,spunking_hidalgoism); 0 --------------------------------- 26452 152891/color.c Buffer_Overflow_cpycat 319 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26453 152891/color.c Buffer_Overflow_cpycat 179 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26454 152891/color.c Buffer_Overflow_cpycat 249 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26455 152891/color.c Buffer_Overflow_cpycat 242 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26456 152891/color.c Buffer_Overflow_cpycat 284 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26457 152891/color.c Buffer_Overflow_cpycat 221 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26458 152891/color.c Buffer_Overflow_cpycat 206 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26459 152891/color.c Buffer_Overflow_cpycat 298 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26460 152891/color.c Buffer_Overflow_cpycat 291 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26461 152891/color.c Buffer_Overflow_cpycat 228 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26462 152891/color.c Buffer_Overflow_cpycat 193 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26463 152891/color.c Buffer_Overflow_cpycat 171 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26464 152891/color.c Buffer_Overflow_cpycat 270 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26465 152891/color.c Buffer_Overflow_cpycat 256 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26466 152891/color.c Buffer_Overflow_cpycat 186 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26467 152891/color.c Buffer_Overflow_cpycat 277 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26468 152891/color.c Buffer_Overflow_cpycat 263 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26469 152891/color.c Buffer_Overflow_cpycat 305 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26470 152891/color.c Buffer_Overflow_cpycat 326 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26471 152891/color.c Buffer_Overflow_cpycat 235 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26472 153696/config.c Buffer_Overflow_Indexes 126 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&soldat_unamusingly,"THAPSIA_PULVINIC"); if (soldat_unamusingly != 0) {; waster_jumbler = soldat_unamusingly; sentence_interdentally[5] = waster_jumbler; volante_betimes = *(sentence_interdentally + *chromos_wonderwell); swahili_hecctkaerre = ((char *)volante_betimes); strcpy(stonesoup_data.buffer, swahili_hecctkaerre); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data.buffer); for (stonesoup_i = 0; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "FINAL-STATE"); if (volante_betimes != 0) free(((char *)volante_betimes)); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); 0 --------------------------------- 26473 153696/config.c Buffer_Overflow_Indexes 80 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&soldat_unamusingly,"THAPSIA_PULVINIC"); stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26474 153696/config.c Buffer_Overflow_Indexes 121 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26475 153696/config.c Buffer_Overflow_cpycat 219 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *soldat_unamusingly; stonesoup_read_taint(&soldat_unamusingly,"THAPSIA_PULVINIC"); waster_jumbler = soldat_unamusingly; sentence_interdentally[5] = waster_jumbler; bessie_mihrab = 5; chromos_wonderwell = &bessie_mihrab; volante_betimes = *(sentence_interdentally + *chromos_wonderwell); swahili_hecctkaerre = ((char *)volante_betimes); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, swahili_hecctkaerre); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&soldat_unamusingly,"THAPSIA_PULVINIC"); waster_jumbler = soldat_unamusingly; sentence_interdentally[5] = waster_jumbler; volante_betimes = *(sentence_interdentally + *chromos_wonderwell); swahili_hecctkaerre = ((char *)volante_betimes); strcpy(stonesoup_data.buffer, swahili_hecctkaerre); 1 --------------------------------- 26476 153607/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26477 153607/color.c Buffer_Overflow_Indexes 188 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26478 153607/color.c Buffer_Overflow_Indexes 186 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26479 153607/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&enation_lithonephritis,"EUBANK_RESEARCHER"); stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26480 153607/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&enation_lithonephritis,"EUBANK_RESEARCHER"); if (enation_lithonephritis != 0) {; referees_offensive = ((char *)enation_lithonephritis); strcpy(stonesoup_data.buffer, referees_offensive); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data.buffer); for (stonesoup_i = 0; stonesoup_i < stonesoup_opt_var; ++stonesoup_i) { stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "FINAL-STATE"); if (enation_lithonephritis != 0) free(((char *)enation_lithonephritis)); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data.after(stonesoup_data.buffer[stonesoup_i])); 0 --------------------------------- 26481 153607/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26482 153607/color.c Buffer_Overflow_cpycat 378 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26483 153607/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26484 153607/color.c Buffer_Overflow_cpycat 358 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26485 153607/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26486 153607/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26487 153607/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26488 153607/color.c Buffer_Overflow_cpycat 343 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26489 153607/color.c Buffer_Overflow_cpycat 237 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26490 153607/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26491 153607/color.c Buffer_Overflow_cpycat 217 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26492 153607/color.c Buffer_Overflow_cpycat 357 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26493 153607/color.c Buffer_Overflow_cpycat 592 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char *enation_lithonephritis; stonesoup_read_taint(&enation_lithonephritis,"EUBANK_RESEARCHER"); referees_offensive = ((char *)enation_lithonephritis); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, referees_offensive); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&enation_lithonephritis,"EUBANK_RESEARCHER"); referees_offensive = ((char *)enation_lithonephritis); strcpy(stonesoup_data.buffer, referees_offensive); 1 --------------------------------- 26494 153607/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26495 153607/color.c Buffer_Overflow_cpycat 210 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26496 153607/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26497 153607/color.c Buffer_Overflow_cpycat 350 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26498 153607/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26499 153607/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26500 153607/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26501 153607/color.c Buffer_Overflow_cpycat 202 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26502 153607/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26503 153607/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26504 153607/color.c Buffer_Overflow_cpycat 336 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26505 153607/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26506 153210/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26507 153210/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26508 152867/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26509 152867/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26510 153407/config.c Buffer_Overflow_scanf 139 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&unworking_pulque,"3552",uncompound_sailflying); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26511 153407/config.c Buffer_Overflow_Indexes 91 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&unworking_pulque,"3552",uncompound_sailflying); TOURTE_JERKIEST(diabelli_chaufer); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%x",stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26512 153407/config.c Buffer_Overflow_Indexes 137 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26513 841/basic-00182-min.c Buffer_Overflow_fgets 61 char buf[10]; f = fopen("TestInputFile1", "r"); assert(f != NULL); fgets(buf, 11, f); 1 --------------------------------- 26514 153068/aviobuf.c Buffer_Overflow_Indexes 101 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26515 153068/aviobuf.c Buffer_Overflow_LowBound 1035 int avio_printf(AVIOContext *s,const char *fmt,... ) va_list ap; char buf[4096]; __builtin_va_start(ap,fmt); ret = vsnprintf(buf,sizeof(buf),fmt,ap); 0 --------------------------------- 26516 1603/scpy3-bad.c Buffer_Overflow_LowBound 37 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; strncpy(buf, str, 80); 1 --------------------------------- 26517 317/basic-00051-min.c Buffer_Overflow_LowBound 65 char buf[10]; src[11 - 1] = '\0'; strncpy(buf, src, function1(11)); int function1(int arg1) return arg1; strncpy(buf, src, function1(11)); 1 --------------------------------- 26518 153179/config_file.c Buffer_Overflow_scanf 164 void antiferromagnet_polyonymy(void *zionists_dolomites) dogs_wana = ((char *)((char *)zionists_dolomites)); stonesoup_fp = stonesoup_switch_func(dogs_wana); stonesoup_fct_ptr stonesoup_switch_func(char *param) stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 26519 153179/config_file.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26520 153179/config_file.c Buffer_Overflow_Indexes 129 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&eggar_garniture,"BUPRESTIDAN_EAVESING"); if (eggar_garniture != 0) {; padishah_weaner = ((void *)eggar_garniture); excessed_grimmish[ *stultiloquently_gladiatrix] = padishah_weaner; spatterware_preclassify = excessed_grimmish[ *stultiloquently_gladiatrix]; porencephaly_calsouns(spatterware_preclassify); 0 --------------------------------- 26521 153179/config_file.c Buffer_Overflow_Indexes 124 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26522 153573/bss_file.c Buffer_Overflow_Indexes 315 landladydom_drosky = getenv("REPRESSOR_POMMELS"); if (landladydom_drosky != 0) {; crambes_seidule = ((void *)landladydom_drosky); biasing_conveying[5] = crambes_seidule; apex_diametrical = *(biasing_conveying + basaree_propylidene[1]); if (((char *)apex_diametrical) != 0) { eupathy_forsythia = ((char *)((char *)apex_diametrical)); stonesoup_taint_len = ((int )(strlen(eupathy_forsythia))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_data->buffer[stonesoup_buff_size] = eupathy_forsythia[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "CROSSOVER-STATE"); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); free(stonesoup_data); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data->buffer", stonesoup_data->buffer, "FINAL-STATE"); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); 0 --------------------------------- 26523 153573/bss_file.c Buffer_Overflow_Indexes 112 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_data->buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data->buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%c",stonesoup_data->before(stonesoup_data->buffer[stonesoup_i])); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26524 153573/bss_file.c Buffer_Overflow_fgets 540 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,(bp -> ptr))) { 0 --------------------------------- 26525 153573/bss_file.c Buffer_Overflow_fgets 545 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,((FILE *)(bp -> ptr)))) { 0 --------------------------------- 26526 153029/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26527 153029/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26528 153029/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&middled_nontenableness,"VILLATE_EPICOELIAC"); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(jenna_resicken)); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(jenna_resicken)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26529 153029/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26530 153029/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&middled_nontenableness,"VILLATE_EPICOELIAC"); if (middled_nontenableness != 0) {; jenna_resicken = ((char *)middled_nontenableness); stonesoup_other_buff[7] = jenna_resicken; stonesoup_buff_size = ((int )(strlen(jenna_resicken))); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_other_buff", stonesoup_other_buff, "INITIAL-STATE"); for (; stonesoup_buff_size >= 0; (--stonesoup_my_buff_size , --stonesoup_buff_size)) { stonesoup_stack_buff_64[stonesoup_my_buff_size] = jenna_resicken[stonesoup_buff_size]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buff_64", stonesoup_stack_buff_64, "CROSSOVER-STATE"); stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_stack_buff_64); stonesoup_printf("strlen size = %d\n",strlen(jenna_resicken)); stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); if (middled_nontenableness != 0) free(((char *)middled_nontenableness)); void stonesoup_printf(char * format, ...) { stonesoup_printf("strlen size = %d\n",strlen(stonesoup_other_buff[7])); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_stack_buff_64", stonesoup_stack_buff_64, "FINAL-STATE"); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_stack_buff_64[stonesoup_oc_i] = stonesoup_toupper(stonesoup_stack_buff_64[stonesoup_oc_i]); 0 --------------------------------- 26531 153029/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26532 153029/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26533 153029/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26534 153029/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26535 153029/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26536 153029/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26537 153029/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26538 153029/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26539 153029/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26540 153029/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26541 153029/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26542 153029/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26543 153029/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26544 153029/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26545 153029/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26546 153029/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26547 153029/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26548 153029/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26549 153029/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26550 153029/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26551 153029/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26552 153029/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26553 153029/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26554 153029/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26555 153467/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&achaenocarp_pressor,"2478",acknowledgment_cackler); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26556 153467/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26557 153467/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&achaenocarp_pressor,"2478",acknowledgment_cackler); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26558 153467/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26559 153467/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26560 153467/color.c Buffer_Overflow_LowBound 582 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int acknowledgment_cackler = 53; char *achaenocarp_pressor; stonesoup_read_taint(&achaenocarp_pressor,"2478",acknowledgment_cackler); palmists_ratability = ((char *)achaenocarp_pressor); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(palmists_ratability)+1, palmists_ratability, "TRIGGER-STATE"); strncpy(stonesoup_data, palmists_ratability, strlen(palmists_ratability) + 1); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&achaenocarp_pressor,"2478",acknowledgment_cackler); palmists_ratability = ((char *)achaenocarp_pressor); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(palmists_ratability)+1, palmists_ratability, "TRIGGER-STATE"); strncpy(stonesoup_data, palmists_ratability, strlen(palmists_ratability) + 1); 1 --------------------------------- 26561 153467/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26562 153467/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26563 153467/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26564 153467/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26565 153467/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26566 153467/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26567 153467/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26568 153467/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26569 153467/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26570 153467/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26571 153467/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26572 153467/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26573 153467/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26574 153467/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26575 153467/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26576 153467/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26577 153467/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26578 153467/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26579 153467/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26580 153467/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26581 153467/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26582 153467/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26583 153467/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26584 153467/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26585 153774/eng_table.c Buffer_Overflow_Indexes 316 piffero_qualificator = getenv("UNIQUEST_NONPHILOLOGIC"); if (piffero_qualificator != 0) {; vereeniging_milanville = ((int )(strlen(piffero_qualificator))); guildford_epicier = ((char *)(malloc(vereeniging_milanville + 1))); if (guildford_epicier == 0) { memset(guildford_epicier,0,vereeniging_milanville + 1); memcpy(guildford_epicier,piffero_qualificator,vereeniging_milanville); rehood_satellitoid = &guildford_epicier; if ( *rehood_satellitoid != 0) { junkyards_gawney = ((char *)( *rehood_satellitoid)); if (strlen(junkyards_gawney) < 20) { realpath(junkyards_gawney,stonesoup_base_path); if ( *rehood_satellitoid != 0) free(((char *)( *rehood_satellitoid))); 0 --------------------------------- 26586 153774/eng_table.c Buffer_Overflow_Indexes 102 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_base_path[stonesoup_oc_i] = stonesoup_toupper(stonesoup_base_path[stonesoup_oc_i]); stonesoup_printf("%s\n",stonesoup_base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n",stonesoup_base_path); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26587 153203/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26588 153203/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26589 153387/subtrans.c Buffer_Overflow_Indexes 75 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26590 153387/subtrans.c Buffer_Overflow_Indexes 121 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&gnaphalium_sialid,"CHROMITE_ROSTRATED"); if (gnaphalium_sialid != 0) {; papp_basking[3] = gnaphalium_sialid; paralytically_tupelo[5] = papp_basking; kyanizes_toitish = *(paralytically_tupelo + *inelegant_approbative); bistipuled_adoptional(kyanizes_toitish); void bistipuled_adoptional(char **castoffs_saignant); 0 --------------------------------- 26591 153387/subtrans.c Buffer_Overflow_Indexes 116 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26592 153633/bufmgr.c Buffer_Overflow_Indexes 149 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26593 153633/bufmgr.c Buffer_Overflow_cpycat 2723 lickspittle_eroding coefficacy_bedwell = 0; va_list azymite_petroleum; __builtin_va_start(azymite_petroleum,medicining_pareu); coefficacy_bedwell = (va_arg(azymite_petroleum,lickspittle_eroding )); GREYING_CHAIRWOMAN(coefficacy_bedwell); void northerners_yowie(lickspittle_eroding worthies_halfpence) characterology_nontempered = ((char *)worthies_halfpence); stonesoup_buffer = malloc((strlen(characterology_nontempered) + 1) * sizeof(char )); strcpy(stonesoup_buffer,characterology_nontempered); 0 --------------------------------- 26594 153466/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26595 153466/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26596 153054/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26597 153054/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26598 153402/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26599 153402/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26600 153818/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26601 153818/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26602 1616/snp1-bad.c Buffer_Overflow_LowBound 37 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; snprintf(buf, 1024, "<%s>", str); 1 --------------------------------- 26603 153829/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26604 153829/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26605 153329/avfilter.c Buffer_Overflow_scanf 109 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&mastosquamose_gasser,"8433",cryptomnesic_vend); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26606 153329/avfilter.c Buffer_Overflow_Indexes 107 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26607 153329/avfilter.c Buffer_Overflow_Indexes 61 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&mastosquamose_gasser,"8433",cryptomnesic_vend); polychromatize_unanemic(deficit_geothlypis,slayable_moorman); polychromatize_unanemic(inharmony_btn,unresuscitative_beaverwood); stonesoup_data[stonesoup_oc_i] = stonesoup_toupper(stonesoup_data[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26608 153329/avfilter.c Buffer_Overflow_LowBound 136 av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); 0 --------------------------------- 26609 153329/avfilter.c Buffer_Overflow_LowBound 1009 worrit_thundershower = ((char *)( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *( *unresuscitative_beaverwood)))))))))))))))))))))))))))))))))))))))))))))))))) . corder_felonwood); stonesoup_data = (char*) malloc(8 * sizeof(char)); tracepoint(stonesoup_trace, variable_buffer_info, "STONESOUP_TAINT_SOURCE", strlen(worrit_thundershower)+1, worrit_thundershower, "TRIGGER-STATE"); strncpy(stonesoup_data, worrit_thundershower, strlen(worrit_thundershower) + 1); 1 --------------------------------- 26610 153792/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26611 153792/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26612 153382/mux.c Buffer_Overflow_Indexes 75 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26613 153382/mux.c Buffer_Overflow_Indexes 436 hearthsides_increasingly = getenv("POCHAY_ALLISSA"); if (hearthsides_increasingly != 0) {; equisetums_ballgowns[34] = hearthsides_increasingly; projicience_following(1,equisetums_ballgowns); void projicience_following(int abbassid_czechoslovak,... ); 0 --------------------------------- 26614 153444/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26615 153444/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26616 152962/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26617 152962/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26618 153504/e_bf.c Buffer_Overflow_scanf 132 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&beadings_piranhas,"7594",dutchy_muscle); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26619 153504/e_bf.c Buffer_Overflow_Indexes 84 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&beadings_piranhas,"7594",dutchy_muscle); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26620 153504/e_bf.c Buffer_Overflow_Indexes 130 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26621 153504/e_bf.c Buffer_Overflow_LowBound 256 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; int dutchy_muscle = 91; char *beadings_piranhas;; stonesoup_read_taint(&beadings_piranhas,"7594",dutchy_muscle); mcevoy_begartered = ((void *)beadings_piranhas); featherwood_arbitratorship = 1; propos_unstainableness = &mcevoy_begartered; boeke_wadi = ((void **)(((unsigned long )propos_unstainableness) * featherwood_arbitratorship * featherwood_arbitratorship)) + 5; tetramorph_subitem = ((char *)((char *)( *(boeke_wadi - 5)))); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, tetramorph_subitem, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&beadings_piranhas,"7594",dutchy_muscle); mcevoy_begartered = ((void *)beadings_piranhas); propos_unstainableness = &mcevoy_begartered; boeke_wadi = ((void **)(((unsigned long )propos_unstainableness) * featherwood_arbitratorship * featherwood_arbitratorship)) + 5; tetramorph_subitem = ((char *)((char *)( *(boeke_wadi - 5)))); strncpy(stonesoup_source, tetramorph_subitem, sizeof(stonesoup_source)); 0 --------------------------------- 26622 153504/e_bf.c Buffer_Overflow_LowBound 265 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 26623 153426/e_bf.c Buffer_Overflow_scanf 133 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&radiosonde_farrel,"2332",skylights_diapophysis); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26624 153426/e_bf.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26625 153426/e_bf.c Buffer_Overflow_Indexes 85 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&radiosonde_farrel,"2332",skylights_diapophysis); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); 0 --------------------------------- 26626 153426/e_bf.c Buffer_Overflow_cpycat 309 void nonheretical_amores(int verd_bye,char *therms_chorizo) guyot_dinitril = ((char *)therms_chorizo); stonesoup_data.buffer[stonesoup_i] = 0; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, guyot_dinitril); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_opt_var = strlen( stonesoup_data.buffer); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "INITIAL-STATE"); strcpy(stonesoup_data.buffer, guyot_dinitril); 1 --------------------------------- 26627 153030/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26628 153030/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26629 153616/mux.c Buffer_Overflow_Indexes 75 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); fredrick_porchlike = ower_unfarsighted(fringelike_lactation); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%02x",stonesoup_heap_buff_64[stonesoup_ss_i]); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26630 153616/mux.c Buffer_Overflow_Indexes 436 furcule_malayalam = getenv("COALFIELD_COMIQUE"); if (furcule_malayalam != 0) {; eugeny_animadversions = ((int )(strlen(furcule_malayalam))); fringelike_lactation = ((char *)(malloc(eugeny_animadversions + 1))); if (fringelike_lactation == 0) { memset(fringelike_lactation,0,eugeny_animadversions + 1); memcpy(fringelike_lactation,furcule_malayalam,eugeny_animadversions); fredrick_porchlike = ower_unfarsighted(fringelike_lactation); char *ower_unfarsighted(char *furtherer_rabiform) return furtherer_rabiform; fredrick_porchlike = ower_unfarsighted(fringelike_lactation); pluteus_hallan = ((char *)fredrick_porchlike); stonesoup_buff_size = ((int )(strlen(pluteus_hallan))); strncpy(stonesoup_heap_buff_64, pluteus_hallan, 64); for (; stonesoup_ss_i < stonesoup_buff_size; ++stonesoup_ss_i){ if (fredrick_porchlike != 0) free(((char *)fredrick_porchlike)); 0 --------------------------------- 26631 153616/mux.c Buffer_Overflow_LowBound 465 furcule_malayalam = getenv("COALFIELD_COMIQUE"); eugeny_animadversions = ((int )(strlen(furcule_malayalam))); fringelike_lactation = ((char *)(malloc(eugeny_animadversions + 1))); memset(fringelike_lactation,0,eugeny_animadversions + 1); memcpy(fringelike_lactation,furcule_malayalam,eugeny_animadversions); fredrick_porchlike = ower_unfarsighted(fringelike_lactation); stonesoup_heap_buff_64[63] = '\0'; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_heap_buff_64", stonesoup_heap_buff_64, "INITIAL-STATE"); strncpy(stonesoup_heap_buff_64, pluteus_hallan, 64); char *ower_unfarsighted(char *furtherer_rabiform) return furtherer_rabiform; fredrick_porchlike = ower_unfarsighted(fringelike_lactation); pluteus_hallan = ((char *)fredrick_porchlike); stonesoup_buff_size = ((int )(strlen(pluteus_hallan))); strncpy(stonesoup_heap_buff_64, pluteus_hallan, 64); 0 --------------------------------- 26632 1637/spr2-bad.c Buffer_Overflow_Indexes 52 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; sprintf(buf, "<%.32s>", str); printf("result: %s\n", buf); 1 --------------------------------- 26633 153373/color.c Buffer_Overflow_Indexes 131 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26634 153373/color.c Buffer_Overflow_Indexes 183 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26635 153373/color.c Buffer_Overflow_Indexes 90 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&dia_cherbourg,"WORDISHLY_GROUSY"); stonesoup_toupper(stonesoup_buffer[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buffer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26636 153373/color.c Buffer_Overflow_Indexes 181 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26637 153373/color.c Buffer_Overflow_Indexes 136 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&dia_cherbourg,"WORDISHLY_GROUSY"); if (dia_cherbourg != 0) {; amphithecial_immaterialist = ((char *)dia_cherbourg); strncpy(stonesoup_source, amphithecial_immaterialist, sizeof(stonesoup_source)); if (dia_cherbourg != 0) free(((char *)dia_cherbourg)); 0 --------------------------------- 26638 153373/color.c Buffer_Overflow_LowBound 590 stonesoup_buffer[64 - 1] = '\0'; stonesoup_source[1023] = '\0'; if (strlen(stonesoup_source) + 1 <= 64) { tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_source", strlen(stonesoup_source)+1, stonesoup_source, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_buffer_info, "stonesoup_buffer", strlen(stonesoup_buffer)+1, stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, stonesoup_source, sizeof(stonesoup_source)); 1 --------------------------------- 26639 153373/color.c Buffer_Overflow_LowBound 581 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; char stonesoup_source[1024]; char *dia_cherbourg; stonesoup_read_taint(&dia_cherbourg,"WORDISHLY_GROUSY"); amphithecial_immaterialist = ((char *)dia_cherbourg); memset(stonesoup_source, 0, 1024); strncpy(stonesoup_source, amphithecial_immaterialist, sizeof(stonesoup_source)); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&dia_cherbourg,"WORDISHLY_GROUSY"); amphithecial_immaterialist = ((char *)dia_cherbourg); strncpy(stonesoup_source, amphithecial_immaterialist, sizeof(stonesoup_source)); 0 --------------------------------- 26640 153373/color.c Buffer_Overflow_cpycat 197 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26641 153373/color.c Buffer_Overflow_cpycat 261 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26642 153373/color.c Buffer_Overflow_cpycat 352 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26643 153373/color.c Buffer_Overflow_cpycat 310 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26644 153373/color.c Buffer_Overflow_cpycat 205 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26645 153373/color.c Buffer_Overflow_cpycat 289 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26646 153373/color.c Buffer_Overflow_cpycat 296 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26647 153373/color.c Buffer_Overflow_cpycat 345 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26648 153373/color.c Buffer_Overflow_cpycat 338 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26649 153373/color.c Buffer_Overflow_cpycat 317 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26650 153373/color.c Buffer_Overflow_cpycat 331 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26651 153373/color.c Buffer_Overflow_cpycat 212 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26652 153373/color.c Buffer_Overflow_cpycat 268 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26653 153373/color.c Buffer_Overflow_cpycat 324 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26654 153373/color.c Buffer_Overflow_cpycat 219 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26655 153373/color.c Buffer_Overflow_cpycat 275 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26656 153373/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26657 153373/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26658 153373/color.c Buffer_Overflow_cpycat 373 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26659 153373/color.c Buffer_Overflow_cpycat 282 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26660 153373/color.c Buffer_Overflow_cpycat 254 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26661 153373/color.c Buffer_Overflow_cpycat 247 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26662 153373/color.c Buffer_Overflow_cpycat 232 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26663 153373/color.c Buffer_Overflow_cpycat 303 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26664 153803/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26665 153803/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26666 1309/create-dns-file.c Buffer_Overflow_cpycat 117 unsigned char buf[200]; strcat(buf,"HEADER JUNK:"); strcat(buf,"LL.MIT.EDU"); i = len = strlen(buf); p = buf + i + 4; temp = "BLAH.MIT.EDU"; strcpy(p, temp); i = strlen(temp); p += i; *p++ = 0; *p++ = 16; *p++ = 0; *p++ = 1; *p++ = 0; *p++ = 0; *p++ = 0; *p++ = 255; *p++ = 0; *p++ = 20; *p++ = 30; strcat(p,"This is random junk in the TXT record that will overflow (*rr)->rr_u.rr_txt"); 0 --------------------------------- 26667 153270/dynahash.c Buffer_Overflow_Indexes 239 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&valeted_epitaphize,"NONIMMIGRANT_QUINCUNXES"); if (((long )(calc_bucket(hctl,currElement -> hashvalue))) == old_bucket) { stonesoup_setup_printf_context(); stonesoup_read_taint(&valeted_epitaphize,"NONIMMIGRANT_QUINCUNXES"); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); SAGGIER_OUTRAKE(acondylose_cigarillos); stonesoup_printf("\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26668 153270/dynahash.c Buffer_Overflow_Indexes 285 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&valeted_epitaphize,"NONIMMIGRANT_QUINCUNXES"); if (valeted_epitaphize != 0) {; overtaxation_tantaluses = ((int )(strlen(valeted_epitaphize))); gloom_ungnawed = ((char *)(malloc(overtaxation_tantaluses + 1))); if (gloom_ungnawed == 0) { memset(gloom_ungnawed,0,overtaxation_tantaluses + 1); memcpy(gloom_ungnawed,valeted_epitaphize,overtaxation_tantaluses); if (valeted_epitaphize != 0) free(((char *)valeted_epitaphize)); acondylose_cigarillos = &gloom_ungnawed; SAGGIER_OUTRAKE(acondylose_cigarillos); void relata_watertightness(char **bentonville_semisilica) SAGGIER_OUTRAKE(acondylose_cigarillos); ribbonmaker_virulented = ((char *)( *bentonville_semisilica)); stonesoup_taint_len = ((int )(strlen(ribbonmaker_virulented))); for (; stonesoup_taint_len >= 0; (--stonesoup_buff_size , --stonesoup_taint_len)) { stonesoup_data.buffer[stonesoup_buff_size] = ribbonmaker_virulented[stonesoup_taint_len]; tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "CROSSOVER-STATE"); stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); tracepoint(stonesoup_trace, variable_buffer, "stonesoup_data.buffer", stonesoup_data.buffer, "FINAL-STATE"); if ( *bentonville_semisilica != 0) free(((char *)( *bentonville_semisilica))); int stonesoup_toupper(int c) if (c >= 97 && c <= 122) { return c - 32; return c; stonesoup_data.buffer[stonesoup_i] = stonesoup_toupper(stonesoup_data.buffer[stonesoup_i]); stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); void stonesoup_printf(char * format, ...) { stonesoup_printf("%c",stonesoup_data.before(stonesoup_data.buffer[stonesoup_i])); 0 --------------------------------- 26669 153270/dynahash.c Buffer_Overflow_Indexes 280 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26670 153270/dynahash.c Buffer_Overflow_cpycat 397 HTAB *hash_create(const char *tabname,long nelem,HASHCTL *info,int flags) CurrentDynaHashCxt = AllocSetContextCreate(CurrentDynaHashCxt,tabname,0,(8 * 1024),(8 * 1024 * 1024)); hashp = ((HTAB *)(DynaHashAlloc(sizeof(HTAB ) + strlen(tabname) + 1))); hashp -> tabname = ((char *)(hashp + 1)); strcpy(hashp -> tabname,tabname); 0 --------------------------------- 26671 152881/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26672 152881/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26673 153128/avfilter.c Buffer_Overflow_Indexes 87 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26674 153128/avfilter.c Buffer_Overflow_LowBound 114 av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); av_log(ctx,48,"ref[%p buf:%p refcount:%d perms:%s data:%p linesize[%d, %d, %d, %d] pts:%ld pos:%ld",ref,ref -> buf,ref -> buf -> refcount,ff_get_ref_perms_string(buf,sizeof(buf),ref -> perms),ref -> data[0],ref -> linesize[0],ref -> linesize[1],ref -> linesize[2],ref -> linesize[3],ref -> pts,ref -> pos); char *ff_get_ref_perms_string(char *buf,size_t buf_size,int perms) snprintf(buf,buf_size,"%s%s%s%s%s%s",(perms & 0x1?"r" : ""),(perms & 0x02?"w" : ""),(perms & 0x04?"p" : ""),(perms & 0x08?"u" : ""),(perms & 0x10?"U" : ""),(perms & 0x20?"n" : "")); 0 --------------------------------- 26675 153708/bss_file.c Buffer_Overflow_scanf 192 rewind(stonesoup_tainted_file); stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); *stonesoup_tainted_buff = NULL; stonesoup_fct_ptr fct_ptr_addr = (stonesoup_fct_ptr )0; sscanf(param,"%p",&fct_ptr_addr); char *lectionary_metallist; stonesoup_read_taint(&lectionary_metallist,"PHOTOETCHING_INQUILINISM"); carnified_muddlement = lectionary_metallist; genetyllis_procure = ((char *)carnified_muddlement); stonesoup_fp = stonesoup_switch_func(genetyllis_procure); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_env_var_name) { stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); stonesoup_read_taint(&lectionary_metallist,"PHOTOETCHING_INQUILINISM"); carnified_muddlement = lectionary_metallist; genetyllis_procure = ((char *)carnified_muddlement); stonesoup_fp = stonesoup_switch_func(genetyllis_procure); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; sscanf(param,"%p",&fct_ptr_addr); 0 --------------------------------- 26676 153708/bss_file.c Buffer_Overflow_Indexes 158 stonesoup_tainted_file_name = getenv(stonesoup_env_var_name); stonesoup_tainted_file = fopen(stonesoup_tainted_file_name,"rb"); if (stonesoup_tainted_file != 0) { fseek(stonesoup_tainted_file,0L,2); stonesoup_lsize = ftell(stonesoup_tainted_file); rewind(stonesoup_tainted_file); *stonesoup_tainted_buff = ((char *)(malloc(sizeof(char ) * (stonesoup_lsize + 1)))); if (*stonesoup_tainted_buff != 0) { stonesoup_result = fread(*stonesoup_tainted_buff,1,stonesoup_lsize,stonesoup_tainted_file); if (stonesoup_tainted_file != 0) { fclose(stonesoup_tainted_file); stonesoup_read_taint(&lectionary_metallist,"PHOTOETCHING_INQUILINISM"); if (lectionary_metallist != 0) {; carnified_muddlement = lectionary_metallist; genetyllis_procure = ((char *)carnified_muddlement); stonesoup_fp = stonesoup_switch_func(genetyllis_procure); if (carnified_muddlement != 0) free(((char *)carnified_muddlement)); stonesoup_fct_ptr stonesoup_switch_func(char *param) var_len = strlen(param) % 3; if (var_len == 0) { else if (var_len == 1) { sscanf(param,"%p",&fct_ptr_addr); return fct_ptr_addr; stonesoup_fp = stonesoup_switch_func(genetyllis_procure); tracepoint(stonesoup_trace, variable_address, "stonesoup_fp", stonesoup_fp, "TRIGGER-STATE"); stonesoup_cmp_flag = ( *stonesoup_fp)(stonesoup_rand_word,genetyllis_procure); if (stonesoup_cmp_flag == 0) 0 --------------------------------- 26677 153708/bss_file.c Buffer_Overflow_Indexes 112 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&lectionary_metallist,"PHOTOETCHING_INQUILINISM"); stonesoup_fp = stonesoup_switch_func(genetyllis_procure); stonesoup_printf("strings are equal\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("strings are equal\n"); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26678 153708/bss_file.c Buffer_Overflow_Indexes 153 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26679 153708/bss_file.c Buffer_Overflow_fgets 550 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,((FILE *)(bp -> ptr)))) { 0 --------------------------------- 26680 153708/bss_file.c Buffer_Overflow_fgets 545 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,(bp -> ptr))) { 0 --------------------------------- 26681 152925/eng_lib.c Buffer_Overflow_scanf 134 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&axiolite_scumboard,"2674",zeugobranchia_overbar); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26682 152925/eng_lib.c Buffer_Overflow_Indexes 132 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26683 152925/eng_lib.c Buffer_Overflow_Indexes 86 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&axiolite_scumboard,"2674",zeugobranchia_overbar); stonesoup_printf("Error: Failed to allocate memory\n"); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26684 152925/eng_lib.c Buffer_Overflow_cpycat 345 void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { *stonesoup_tainted_buff = NULL; if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); *stonesoup_tainted_buff = NULL; union mucocellulosic_seated tires_yaakov; int zeugobranchia_overbar = 44; char *axiolite_scumboard;; stonesoup_read_taint(&axiolite_scumboard,"2674",zeugobranchia_overbar); tires_yaakov . classicalities_perioesophageal = axiolite_scumboard; majestical_overmuches[ *( *( *( *( *( *( *( *( *( *cheirotherium_carbin)))))))))] = tires_yaakov; tweedles_quomodos = majestical_overmuches[ *( *( *( *( *( *( *( *( *( *cheirotherium_carbin)))))))))]; pruss_bibliopolic = ((char *)tweedles_quomodos . classicalities_perioesophageal); stonesoup_buffer = malloc((strlen(pruss_bibliopolic) + 1) * sizeof(char )); strcpy(stonesoup_buffer,pruss_bibliopolic); 0 --------------------------------- 26685 153007/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26686 153007/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26687 152971/utils.c Buffer_Overflow_scanf 125 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&balloters_restudies,"2655",pharyngobranch_subvocally); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26688 152971/utils.c Buffer_Overflow_Indexes 123 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26689 152971/utils.c Buffer_Overflow_Indexes 77 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&balloters_restudies,"2655",pharyngobranch_subvocally); stonesoup_toupper(stonesoup_buff[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_buff); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_buff); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26690 152971/utils.c Buffer_Overflow_LowBound 4464 int ff_url_join(char *str,int size,const char *proto,const char *authorization,const char *hostname,int port,const char *fmt,... ) str[0] = '\0'; av_strlcatf(str,size,"%s: av_strlcatf(str,size,"%s@",authorization); av_strlcat(str,"[",size); av_strlcat(str,hostname,size); av_strlcat(str,"]",size); av_strlcat(str,hostname,size); av_strlcat(str,hostname,size); av_strlcatf(str,size,":%d",port); va_list vl; int len = (strlen(str)); __builtin_va_start(vl,fmt); vsnprintf(str + len,(size > len?size - len : 0),fmt,vl); 0 --------------------------------- 26691 152971/utils.c Buffer_Overflow_LowBound 4022 return av_guess_format("image2",((void *)0),((void *)0)); if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if (!av_filename_number_test(filename)) { char buf1[20]; while(av_isdigit(( *p))){ c = *(p++); nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); int avformat_open_input(AVFormatContext **ps,const char *filename,AVInputFormat *fmt,AVDictionary **options) if ((ret = init_input(s,filename,&tmp)) < 0) { static int init_input(AVFormatContext *s,const char *filename,AVDictionary **options) return av_probe_input_buffer(s -> pb,&s -> iformat,filename,s,0,s -> probesize); if ((ret = avio_open2(&s -> pb,filename,1 | s -> avio_flags,(&s -> interrupt_callback),options)) < 0) { if (!av_filename_number_test(filename)) { int av_filename_number_test(const char *filename) return filename && av_get_frame_filename(buf,(sizeof(buf)),filename,1) >= 0; int av_get_frame_filename(char *buf,int buf_size,const char *path,int number) p = path; c = *(p++); nd = 0; nd = nd * '\n' + ( *(p++)) - 48; snprintf(buf1,sizeof(buf1),"%0*d",nd,number); len = (strlen(buf1)); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); memcpy(q,buf1,len); snprintf(buf1,sizeof(buf1),"%0*d",nd,number); int av_probe_input_buffer(AVIOContext *pb,AVInputFormat **fmt,const char *filename,void *logctx,unsigned int offset,unsigned int max_probe_size) if (!av_filename_number_test(filename)) { AVOutputFormat *av_guess_format(const char *short_name,const char *filename,const char *mime_type) if (!short_name && filename && av_filename_number_test(filename) && (ff_guess_image2_codec(filename)) != AV_CODEC_ID_NONE) { 0 --------------------------------- 26692 149067/gets2-bad.c Buffer_Overflow_fgets 37 char buf[MAXSIZE]; if(fgets(buf, 1024, stdin)) printf("result: %s\n", buf); 1 --------------------------------- 26693 303/basic-00048-large.c Buffer_Overflow_LowBound 62 char buf[10]; src[4106 - 1] = '\0'; len = 4106; strncpy(buf, src, len); 1 --------------------------------- 26694 152883/avpacket.c Buffer_Overflow_Indexes 41 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_toupper(stonesoup_data->base_path[stonesoup_oc_i]); stonesoup_printf("%s\n", stonesoup_data->base_path); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->base_path); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_printf("%s\n", stonesoup_data->buff_pointer); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26695 152883/avpacket.c Buffer_Overflow_Indexes 406 anisotropically_superfused = getenv("RENORMALIZE_DRUMORE"); if (anisotropically_superfused != 0) {; whitebook_nabak = anisotropically_superfused; granitite_discombobulated = &whitebook_nabak; gunstone_sigmodontes = ((honebein_superpolite *)(((unsigned long )granitite_discombobulated) * supersuborder_saponated * supersuborder_saponated)) + 5; aberdeen_luncheon = ((char *)( *(gunstone_sigmodontes - 5))); if (strlen(aberdeen_luncheon) < 20) {; realpath(aberdeen_luncheon, stonesoup_data->base_path); 0 --------------------------------- 26696 153247/conversation.c Buffer_Overflow_Indexes 422 heterometaboly_moneymaker = getenv("NONRANDOMNESS_MIMBARS"); if (heterometaboly_moneymaker != 0) {; thiofurfuran_entered . amphiboliferous_chadless = ((char *)heterometaboly_moneymaker); whinnying_prolusionize(thiofurfuran_entered); void whinnying_prolusionize(const struct unctuous_protthalli mesoplast_vulturelike) if (((struct unctuous_protthalli )mesoplast_vulturelike) . amphiboliferous_chadless != 0) { trisulfoxide_nonexpanded = ((char *)((struct unctuous_protthalli )mesoplast_vulturelike) . amphiboliferous_chadless); strncpy(stonesoup_buffer, trisulfoxide_nonexpanded, stonesoup_buffer_len); *stonesoup_buffer_ptr = trisulfoxide_nonexpanded; tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer_ptr", stonesoup_buffer_ptr, "TRIGGER-STATE"); tracepoint(stonesoup_trace, variable_address, "*stonesoup_buffer_ptr", *stonesoup_buffer_ptr, "TRIGGER-STATE"); strncpy(stonesoup_buffer, trisulfoxide_nonexpanded, stonesoup_buffer_len); stonesoup_tainted_len = strlen( *stonesoup_buffer_ptr); if (stonesoup_buffer_ptr != 0) { free(stonesoup_buffer_ptr); 0 --------------------------------- 26697 153247/conversation.c Buffer_Overflow_Indexes 102 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); whinnying_prolusionize(thiofurfuran_entered); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26698 153247/conversation.c Buffer_Overflow_LowBound 1267 heterometaboly_moneymaker = getenv("NONRANDOMNESS_MIMBARS"); thiofurfuran_entered . amphiboliferous_chadless = ((char *)heterometaboly_moneymaker); whinnying_prolusionize(thiofurfuran_entered); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, trisulfoxide_nonexpanded, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, trisulfoxide_nonexpanded, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, trisulfoxide_nonexpanded, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, trisulfoxide_nonexpanded, stonesoup_buffer_len); void whinnying_prolusionize(const struct unctuous_protthalli mesoplast_vulturelike) trisulfoxide_nonexpanded = ((char *)((struct unctuous_protthalli )mesoplast_vulturelike) . amphiboliferous_chadless); strncpy(stonesoup_buffer, trisulfoxide_nonexpanded, stonesoup_buffer_len); strncpy(stonesoup_buffer, trisulfoxide_nonexpanded, stonesoup_buffer_len); 1 --------------------------------- 26699 153247/conversation.c Buffer_Overflow_LowBound 1242 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, trisulfoxide_nonexpanded, stonesoup_buffer_len); 0 --------------------------------- 26700 153033/color.c Buffer_Overflow_Indexes 165 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26701 153033/color.c Buffer_Overflow_Indexes 167 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26702 153033/color.c Buffer_Overflow_Indexes 129 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26703 153033/color.c Buffer_Overflow_cpycat 196 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26704 153033/color.c Buffer_Overflow_cpycat 252 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26705 153033/color.c Buffer_Overflow_cpycat 336 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26706 153033/color.c Buffer_Overflow_cpycat 301 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26707 153033/color.c Buffer_Overflow_cpycat 315 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26708 153033/color.c Buffer_Overflow_cpycat 357 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26709 153033/color.c Buffer_Overflow_cpycat 238 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26710 153033/color.c Buffer_Overflow_cpycat 203 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26711 153033/color.c Buffer_Overflow_cpycat 273 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26712 153033/color.c Buffer_Overflow_cpycat 259 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26713 153033/color.c Buffer_Overflow_cpycat 181 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26714 153033/color.c Buffer_Overflow_cpycat 287 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26715 153033/color.c Buffer_Overflow_cpycat 224 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26716 153033/color.c Buffer_Overflow_cpycat 216 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26717 153033/color.c Buffer_Overflow_cpycat 266 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26718 153033/color.c Buffer_Overflow_cpycat 231 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26719 153033/color.c Buffer_Overflow_cpycat 294 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26720 153033/color.c Buffer_Overflow_cpycat 189 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26721 153033/color.c Buffer_Overflow_cpycat 280 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26722 153033/color.c Buffer_Overflow_cpycat 245 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26723 153033/color.c Buffer_Overflow_cpycat 337 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26724 153033/color.c Buffer_Overflow_cpycat 308 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26725 153033/color.c Buffer_Overflow_cpycat 329 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26726 153033/color.c Buffer_Overflow_cpycat 322 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26727 153377/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26728 153377/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26729 153570/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26730 153570/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26731 153402/color.c Buffer_Overflow_scanf 140 key_t stonesoup_key; if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { stonesoup_read_taint(&ruches_matronna,"4477",sikimi_illawarra); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if(sscanf(stonesoup_envKey, "%d", &stonesoup_key) > 0) { 0 --------------------------------- 26732 153402/color.c Buffer_Overflow_Indexes 189 s = getenv("TREE_COLORS"); if (s == ((void *)0)) { if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26733 153402/color.c Buffer_Overflow_Indexes 92 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { stonesoup_setup_printf_context(); stonesoup_read_taint(&ruches_matronna,"4477",sikimi_illawarra); stonesoup_printf("%s\n", stonesoup_buffer); vfprintf(stonesoup_printf_context, format, argptr); fflush(stonesoup_printf_context); stonesoup_close_printf_context(); if (stonesoup_printf_context != NULL && stonesoup_printf_context != stderr) { fclose(stonesoup_printf_context); 0 --------------------------------- 26734 153402/color.c Buffer_Overflow_Indexes 191 s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { if (s == ((void *)0) || !force_color && (nocolor || !isatty(1))) { colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26735 153402/color.c Buffer_Overflow_Indexes 138 if (getenv("STONESOUP_DISABLE_WEAKNESS") == NULL || strcmp(getenv("STONESOUP_DISABLE_WEAKNESS"), "1") != 0) { 0 --------------------------------- 26736 153402/color.c Buffer_Overflow_LowBound 590 stonesoup_buffer = malloc(65528); strncpy(stonesoup_buffer, presecular_obote, stonesoup_buffer_len); 0 --------------------------------- 26737 153402/color.c Buffer_Overflow_LowBound 615 *stonesoup_tainted_buff = NULL; *stonesoup_tainted_buff = NULL; int sikimi_illawarra = 44; char *ruches_matronna; stonesoup_read_taint(&ruches_matronna,"4477",sikimi_illawarra); presecular_obote = ((char *)ruches_matronna); stonesoup_buffer_len = 4; strncpy(stonesoup_buffer, presecular_obote, stonesoup_buffer_len); stonesoup_buffer[stonesoup_buffer_len - 1] = 0; stonesoup_printf("%s\n", stonesoup_buffer); tracepoint(stonesoup_trace, variable_signed_integral, "stonesoup_buffer_len", stonesoup_buffer_len, &stonesoup_buffer_len, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "CROSSOVER-STATE"); stonesoup_main_first_char = stonesoup_process_buffer(stonesoup_buffer); strncpy(stonesoup_buffer, presecular_obote, stonesoup_buffer_len); char stonesoup_process_buffer(char *buffer_param) free(buffer_param); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, presecular_obote, stonesoup_buffer_len); void stonesoup_read_taint(char** stonesoup_tainted_buff, char* stonesoup_envKey, int stonesoup_shmsz) { if ((stonesoup_shmid = shmget(stonesoup_key, stonesoup_shmsz, 0666)) >= 0) { *stonesoup_tainted_buff = (char*)calloc(stonesoup_shmsz, sizeof(char)); stonesoup_read_taint(&ruches_matronna,"4477",sikimi_illawarra); presecular_obote = ((char *)ruches_matronna); strncpy(stonesoup_buffer, presecular_obote, stonesoup_buffer_len); strncpy(stonesoup_buffer, presecular_obote, stonesoup_buffer_len); void stonesoup_printf(char * format, ...) { tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "INITIAL-STATE"); tracepoint(stonesoup_trace, variable_address, "stonesoup_buffer", stonesoup_buffer, "TRIGGER-STATE"); strncpy(stonesoup_buffer, presecular_obote, stonesoup_buffer_len); 1 --------------------------------- 26738 153402/color.c Buffer_Overflow_cpycat 318 c = split(arg[i],"=",&n); sticky_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26739 153402/color.c Buffer_Overflow_cpycat 276 c = split(arg[i],"=",&n); orphan_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26740 153402/color.c Buffer_Overflow_cpycat 213 c = split(arg[i],"=",&n); norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26741 153402/color.c Buffer_Overflow_cpycat 255 c = split(arg[i],"=",&n); door_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26742 153402/color.c Buffer_Overflow_cpycat 311 c = split(arg[i],"=",&n); otherwr_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26743 153402/color.c Buffer_Overflow_cpycat 339 c = split(arg[i],"=",&n); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26744 153402/color.c Buffer_Overflow_cpycat 205 s = getenv("TREE_COLORS"); s = getenv("LS_COLORS"); if ((s == ((void *)0) || strlen(s) == 0) && force_color) { s = ":no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.bat=01;32:*.BAT=01;32:*.btm=01;32:*.BTM=01;32:*.cmd=01;32:*.CMD=01;32:*.com=01;32:*.COM=01;32:*.dll=01;32:*.DLL=01;32:*.exe=01;32:*.EXE=01;32:*.arj=01;31:*.bz2=01;31:*.deb=01;31:*.gz=01;31:*.lzh=01;31:*.rpm=01;31:*.tar=01;31:*.taz=01;31:*.tb2=01;31:*.tbz2=01;31:*.tbz=01;31:*.tgz=01;31:*.tz2=01;31:*.z=01;31:*.Z=01;31:*.zip=01;31:*.ZIP=01;31:*.zoo=01;31:*.asf=01;35:*.ASF=01;35:*.avi=01;35:*.AVI=01;35:*.bmp=01;35:*.BMP=01;35:*.flac=01;35:*.FLAC=01;35:*.gif=01;35:*.GIF=01;35:*.jpg=01;35:*.JPG=01;35:*.jpeg=01;35:*.JPEG=01;35:*.m2a=01;35:*.M2a=01;35:*.m2v=01;35:*.M2V=01;35:*.mov=01;35:*.MOV=01;35:*.mp3=01;35:*.MP3=01;35:*.mpeg=01;35:*.MPEG=01;35:*.mpg=01;35:*.MPG=01;35:*.ogg=01;35:*.OGG=01;35:*.ppm=01;35:*.rm=01;35:*.RM=01;35:*.tga=01;35:*.TGA=01;35:*.tif=01;35:*.TIF=01;35:*.wav=01;35:*.WAV=01;35:*.wmv=01;35:*.WMV=01;35:*.xbm=01;35:*.xpm=01;35:"; colors = strcpy((xmalloc(strlen(s) + 1)),s); 0 --------------------------------- 26745 153402/color.c Buffer_Overflow_cpycat 269 c = split(arg[i],"=",&n); char_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26746 153402/color.c Buffer_Overflow_cpycat 262 c = split(arg[i],"=",&n); block_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26747 153402/color.c Buffer_Overflow_cpycat 360 e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); 0 --------------------------------- 26748 153402/color.c Buffer_Overflow_cpycat 227 c = split(arg[i],"=",&n); dir_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26749 153402/color.c Buffer_Overflow_cpycat 381 char buf[1025]; norm_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); leftcode = strcpy((xmalloc(strlen("\033[") + 1)),"\033["); rightcode = strcpy((xmalloc(strlen("m") + 1)),"m"); norm_flgs = strcpy((xmalloc(strlen("00") + 1)),"00"); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); sprintf(buf,"%s%s%s",leftcode,norm_flgs,rightcode); endcode = strcpy((xmalloc(strlen(buf) + 1)),buf); 0 --------------------------------- 26750 153402/color.c Buffer_Overflow_cpycat 332 c = split(arg[i],"=",&n); missing_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26751 153402/color.c Buffer_Overflow_cpycat 240 c = split(arg[i],"=",&n); if (strcasecmp("target",c[1]) == 0) { link_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26752 153402/color.c Buffer_Overflow_cpycat 353 c = split(arg[i],"=",&n); endcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26753 153402/color.c Buffer_Overflow_cpycat 283 c = split(arg[i],"=",&n); sock_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26754 153402/color.c Buffer_Overflow_cpycat 290 c = split(arg[i],"=",&n); suid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26755 153402/color.c Buffer_Overflow_cpycat 297 c = split(arg[i],"=",&n); sgid_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26756 153402/color.c Buffer_Overflow_cpycat 248 c = split(arg[i],"=",&n); fifo_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26757 153402/color.c Buffer_Overflow_cpycat 304 c = split(arg[i],"=",&n); stickyow_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26758 153402/color.c Buffer_Overflow_cpycat 346 c = split(arg[i],"=",&n); rightcode = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26759 153402/color.c Buffer_Overflow_cpycat 325 c = split(arg[i],"=",&n); exec_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26760 153402/color.c Buffer_Overflow_cpycat 220 c = split(arg[i],"=",&n); file_flgs = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26761 153402/color.c Buffer_Overflow_cpycat 361 c = split(arg[i],"=",&n); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); e -> ext = strcpy((xmalloc(strlen((c[0] + 1)) + 1)),(c[0] + 1)); e -> term_flg = strcpy((xmalloc(strlen(c[1]) + 1)),c[1]); 0 --------------------------------- 26762 153328/e_camellia.c Buffer_Overflow_Indexes 83 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26763 153328/e_camellia.c Buffer_Overflow_Indexes 580 infraspinate_mccabe = getenv("RUDENTURE_SABELLIAN"); if (infraspinate_mccabe != 0) {; *devaluates_grommets = infraspinate_mccabe; 0 --------------------------------- 26764 309/basic-00049-min.c Buffer_Overflow_LowBound 62 char buf[10]; src[11 - 1] = '\0'; i = 2; strncpy(buf, src, (4 * i) + 3); 0 --------------------------------- 26765 153040/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26766 153040/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26767 153292/shm_setup.c Buffer_Overflow_Indexes 11 int main(int argc, char **argv) { while ((c = getopt(argc, argv, "k:s:m:o:h")) != -1) { switch(c) { 0 --------------------------------- 26768 153292/shm_setup.c Buffer_Overflow_cpycat 88 int shmsz; key_t key; char *str = NULL; if ((key = strtol(optarg, NULL, 10)) < 1000) { if ((shmsz = atoi(optarg)) <= 0) { str = optarg; } else if (strlen(str) >= shmsz) { if ((shmid = shmget(key, shmsz, IPC_CREAT | 0666)) < 0) { if ((shm = shmat(shmid, NULL, 0)) == (char *) -1) { strcpy(shm, str); 0 --------------------------------- 26769 152956/bss_file.c Buffer_Overflow_Indexes 123 ss_tc_root = getenv("SS_TC_ROOT"); if (ss_tc_root != NULL) { size_dirpath = strlen(ss_tc_root) + strlen("testData") + 2; dirpath = (char*) malloc (size_dirpath * sizeof(char)); if (dirpath != NULL) { sprintf(dirpath, "%s/%s", ss_tc_root, "testData"); if (stat(dirpath, &st) == -1) { retval = mkdir(dirpath, 0700); if (retval == 0) { size_filepath = strlen(dirpath) + strlen("logfile.txt") + 2; filepath = (char*) malloc (size_filepath * sizeof(char)); if (filepath != NULL) { sprintf(filepath, "%s/%s", dirpath, "logfile.txt"); stonesoup_printf_context = fopen(filepath, "w"); free(filepath); free(dirpath); if (stonesoup_printf_context == NULL) { 0 --------------------------------- 26770 152956/bss_file.c Buffer_Overflow_Indexes 520 parson_outfieldsmen = getenv("ARISTOGENICS_PREINDULGE"); if (parson_outfieldsmen != 0) {; pusey_electricans . trochophore_causticized = ((char *)parson_outfieldsmen); *burned_flinthead = pusey_electricans; 0 --------------------------------- 26771 152956/bss_file.c Buffer_Overflow_fgets 494 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,((FILE *)(bp -> ptr)))) { 0 --------------------------------- 26772 152956/bss_file.c Buffer_Overflow_fgets 489 static int file_gets(BIO *bp,char *buf,int size) buf[0] = '\0'; if (!fgets(buf,size,(bp -> ptr))) { 0 --------------------------------- 26773 1301/mime1-bad.c Buffer_Overflow_fgets 150 char buf[MAXLINE]; u_char obuf[MAXLINE]; obp = obuf; if (mime_fromqp((u_char *) buf, &obp, 0, MAXLINE) == 0) { obp = obuf; printf ("obp-obuf=%u\n", obp-obuf); printf ("buf-obuf=%u\n", buf-(char *)obuf); while (fgets(buf, sizeof buf, e->e_dfp) != NULL) mime_fromqp(infile, outfile, state, maxlen) if (mime_fromqp((u_char *) buf, &obp, 0, MAXLINE) == 0) { printf ("obp-obuf=%u\n", obp-obuf); printf ("buf-obuf=%u\n", buf-(char *)obuf); while (fgets(buf, sizeof buf, e->e_dfp) != NULL) 0 --------------------------------- 26774 1301/mime1-bad.c Buffer_Overflow_cpycat 124 char canary[10]; strcpy(canary, "GOOD"); 0 --------------------------------- 26775 1266/basic-00288-ok.c Buffer_Overflow_boundedcpy 56 char src[10]; memset(src, 'A', 10); 0 --------------------------------- 26776 1266/basic-00288-ok.c Buffer_Overflow_boundedcpy 60 char buf[10]; src[10 - 1] = '\0'; memcpy(buf, src, 10); 0 --------------------------------- 26777 1270/basic-00289-ok.c Buffer_Overflow_boundedcpy 57 char src[10]; memset(src, 'A', 10); 0 --------------------------------- 26778 1270/basic-00289-ok.c Buffer_Overflow_boundedcpy 62 char buf[10]; src[10 - 1] = '\0'; size = 10; memcpy(buf, src, size); 0 --------------------------------- 26779 1274/basic-00290-ok.c Buffer_Overflow_boundedcpy 59 char src[10]; memset(src, 'A', 10); 0 --------------------------------- 26780 1274/basic-00290-ok.c Buffer_Overflow_boundedcpy 66 char buf[10]; src[10 - 1] = '\0'; copy_size = 10; memcpy(buf, src, copy_size); 0 --------------------------------- 26781 1278/basic-00291-ok.c Buffer_Overflow_boundedcpy 64 char buf[10]; src[10 - 1] = '\0'; copy_size = 10; if (copy_size <= (int)(sizeof buf)) memcpy(buf, src, copy_size); 0 --------------------------------- 26782 1278/basic-00291-ok.c Buffer_Overflow_boundedcpy 58 char src[10]; memset(src, 'A', 10); 0 --------------------------------- 26783 1292/create_msg_file.c Format_String_Attack 195 char exp_dn[200], exp_dn2[200]; int i,len = 0, comp_size; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); len += strlen(temp); strcpy(exp_dn, "lcs.mit.edu"); *dnptrs++ = (u_char *) exp_dn; *dnptrs-- = NULL; lastdnptr = NULL; comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("comp_size = %d\n", comp_size); len += comp_size; len += 10; len += 18; strcpy(exp_dn2, "sls.lcs.mit.edu"); *dnptrs2++ = (u_char *) exp_dn2; *dnptrs2-- = NULL; lastdnptr = NULL; comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("comp_size = %d\n", comp_size); len += comp_size; len += 4; printf("len = %d\n", len); 0 --------------------------------- 26784 1292/create_msg_file.c Format_String_Attack 121 dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("comp_size = %d\n", comp_size); 0 --------------------------------- 26785 1292/create_msg_file.c Format_String_Attack 176 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("comp_size = %d\n", comp_size); 0 --------------------------------- 26786 1292/create_msg_file.c Format_String_Attack 122 char exp_dn[200], exp_dn2[200]; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); strcpy(exp_dn, "lcs.mit.edu"); comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("uncomp_size = %d\n", strlen(exp_dn)); printf("exp_dn = %s, comp_dn = %s\n", exp_dn, (char *) comp_dn); 0 --------------------------------- 26787 1292/create_msg_file.c Format_String_Attack 177 char exp_dn[200], exp_dn2[200]; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); strcpy(exp_dn2, "sls.lcs.mit.edu"); comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("uncomp_size = %d\n", strlen(exp_dn2)); printf("exp_dn2 = %s, comp_dn2 = %s\n", exp_dn2, (char *) comp_dn2); 0 --------------------------------- 26788 1292/create_msg_file.c Format_String_Attack 156 now = time(NULL); printf("Signing at = %d\n", now); 0 --------------------------------- 26789 1292/create_msg_file.c Buffer_Overflow_cpycat 111 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); 0 --------------------------------- 26790 1292/create_msg_file.c Buffer_Overflow_cpycat 167 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn2, "sls.lcs.mit.edu"); 0 --------------------------------- 26791 1292/create_msg_file.c Buffer_Overflow_cpycat 104 temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); 0 --------------------------------- 26792 1292/create_msg_file.c String_Termination_Error 175 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn2, "sls.lcs.mit.edu"); printf("uncomp_size = %d\n", strlen(exp_dn2)); 0 --------------------------------- 26793 1292/create_msg_file.c String_Termination_Error 106 temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); len += strlen(temp); 0 --------------------------------- 26794 1292/create_msg_file.c String_Termination_Error 120 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); printf("uncomp_size = %d\n", strlen(exp_dn)); 0 --------------------------------- 26795 1292/sig-ok.c Format_String_Attack 298 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; p = buf; strcpy(temp, "HEADER JUNK:"); len += strlen(temp); *p++ = *temp++; comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); *p++ = *comp_dn++; PUTSHORT(24, p); p += 2; PUTSHORT(C_IN, p); p += 2; PUTLONG(255, p); p += 4; PUTSHORT(30, p); p += 2; PUTSHORT(15, p); p += 2; PUTSHORT(256*2, p); p += 2; PUTLONG(255, p); p += 4; PUTLONG(now+20000, p); p += 4; PUTLONG(now, p); p += 4; PUTSHORT(100, p); p += 2; comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); *p++ = *comp_dn2++; PUTLONG(123, p); p += 4; return (p-buf); u_char *name = (u_char *) malloc(100*sizeof(u_char)); u_char *msg = (u_char *) malloc(1000 * sizeof(u_char)); msglen = createSig(msg); printf("msglen = %d\n", msglen); dp = msg + sizeof(HEADER); ret = rrextract(msg, msglen, dp, name, 100); rrextract(u_char *msg, int msglen, u_char *rrp, u_char *dname, int namelen) cp = rrp; eom = msg + msglen; printf("msg = %s, msglen = %d, rrp = %s, namelen = %d\n", (char *) msg, msglen, (char *)rrp, namelen); if ((n = dn_expand(msg, eom, cp, (char *) dname, namelen)) < 0) { printf("dn_expand returned %d\n", n); int createSig (u_char *buf) { ret = rrextract(msg, msglen, dp, name, 100); 0 --------------------------------- 26796 1292/sig-ok.c Format_String_Attack 678 char exp_dn[200], exp_dn2[200]; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); strcpy(exp_dn2, "sls.lcs.mit.edu"); *dnptrs2++ = (u_char *) exp_dn2; *dnptrs2-- = NULL; lastdnptr = NULL; comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("comp_size = %d\n", comp_size); 0 --------------------------------- 26797 1292/sig-ok.c Format_String_Attack 658 now = time(NULL); printf("Signing at = %d\n", now); 0 --------------------------------- 26798 1292/sig-ok.c Format_String_Attack 303 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; p = buf; strcpy(temp, "HEADER JUNK:"); len += strlen(temp); *p++ = *temp++; comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); *p++ = *comp_dn++; PUTSHORT(24, p); p += 2; PUTSHORT(C_IN, p); p += 2; PUTLONG(255, p); p += 4; PUTSHORT(30, p); p += 2; PUTSHORT(15, p); p += 2; PUTSHORT(256*2, p); p += 2; PUTLONG(255, p); p += 4; PUTLONG(now+20000, p); p += 4; PUTLONG(now, p); p += 4; PUTSHORT(100, p); p += 2; comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); *p++ = *comp_dn2++; PUTLONG(123, p); p += 4; return (p-buf); u_char *name = (u_char *) malloc(100*sizeof(u_char)); u_char *msg = (u_char *) malloc(1000 * sizeof(u_char)); msglen = createSig(msg); printf("msglen = %d\n", msglen); dp = msg + sizeof(HEADER); ret = rrextract(msg, msglen, dp, name, 100); rrextract(u_char *msg, int msglen, u_char *rrp, u_char *dname, int namelen) cp = rrp; eom = msg + msglen; printf("msg = %s, msglen = %d, rrp = %s, namelen = %d\n", (char *) msg, msglen, (char *)rrp, namelen); if ((n = dn_expand(msg, eom, cp, (char *) dname, namelen)) < 0) { printf("First dn_expand returned n = %d\n", n); int createSig (u_char *buf) { ret = rrextract(msg, msglen, dp, name, 100); 0 --------------------------------- 26799 1292/sig-ok.c Format_String_Attack 679 char exp_dn[200], exp_dn2[200]; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); strcpy(exp_dn2, "sls.lcs.mit.edu"); comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("uncomp_size = %d\n", strlen(exp_dn2)); printf("exp_dn2 = %s, comp_dn2 = %s\n", exp_dn2, (char *) comp_dn2); 0 --------------------------------- 26800 1292/sig-ok.c Format_String_Attack 623 char exp_dn[200], exp_dn2[200]; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); strcpy(exp_dn, "lcs.mit.edu"); *dnptrs++ = (u_char *) exp_dn; *dnptrs-- = NULL; lastdnptr = NULL; comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("comp_size = %d\n", comp_size); 0 --------------------------------- 26801 1292/sig-ok.c Format_String_Attack 313 GETSHORT(type, cp); printf("type = %d\n", type); 0 --------------------------------- 26802 1292/sig-ok.c Buffer_Overflow_cpycat 606 temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); 0 --------------------------------- 26803 1292/sig-ok.c Buffer_Overflow_cpycat 669 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn2, "sls.lcs.mit.edu"); 0 --------------------------------- 26804 1292/sig-ok.c Buffer_Overflow_cpycat 613 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); 0 --------------------------------- 26805 1292/sig-ok.c String_Termination_Error 622 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); printf("uncomp_size = %d\n", strlen(exp_dn)); 0 --------------------------------- 26806 1292/sig-ok.c String_Termination_Error 677 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn2, "sls.lcs.mit.edu"); printf("uncomp_size = %d\n", strlen(exp_dn2)); 0 --------------------------------- 26807 1294/create_msg_file.c Format_String_Attack 122 char exp_dn[200], exp_dn2[200]; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); strcpy(exp_dn, "lcs.mit.edu"); comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("uncomp_size = %d\n", strlen(exp_dn)); printf("exp_dn = %s, comp_dn = %s\n", exp_dn, (char *) comp_dn); 0 --------------------------------- 26808 1294/create_msg_file.c Format_String_Attack 121 dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("comp_size = %d\n", comp_size); 0 --------------------------------- 26809 1294/create_msg_file.c Format_String_Attack 154 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("comp_size = %d\n", comp_size); 0 --------------------------------- 26810 1294/create_msg_file.c Format_String_Attack 155 char exp_dn[200], exp_dn2[200]; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); strcpy(exp_dn2, "sls.lcs.mit.edu"); comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("uncomp_size = %d\n", strlen(exp_dn2)); printf("exp_dn2 = %s, comp_dn2 = %s\n", exp_dn2, (char *) comp_dn2); 0 --------------------------------- 26811 1294/create_msg_file.c Format_String_Attack 177 char exp_dn[200], exp_dn2[200]; int i,len = 0, comp_size; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); len += strlen(temp); strcpy(exp_dn, "lcs.mit.edu"); *dnptrs++ = (u_char *) exp_dn; *dnptrs-- = NULL; lastdnptr = NULL; comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("comp_size = %d\n", comp_size); len += comp_size; len += 10; strcpy(exp_dn2, "sls.lcs.mit.edu"); *dnptrs2++ = (u_char *) exp_dn2; *dnptrs2-- = NULL; lastdnptr = NULL; comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("comp_size = %d\n", comp_size); len += comp_size; len += 16; printf("len = %d\n", len); 0 --------------------------------- 26812 1294/create_msg_file.c Buffer_Overflow_cpycat 111 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); 0 --------------------------------- 26813 1294/create_msg_file.c Buffer_Overflow_cpycat 145 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn2, "sls.lcs.mit.edu"); 0 --------------------------------- 26814 1294/create_msg_file.c Buffer_Overflow_cpycat 104 temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); 0 --------------------------------- 26815 1294/create_msg_file.c String_Termination_Error 153 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn2, "sls.lcs.mit.edu"); printf("uncomp_size = %d\n", strlen(exp_dn2)); 0 --------------------------------- 26816 1294/create_msg_file.c String_Termination_Error 120 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); printf("uncomp_size = %d\n", strlen(exp_dn)); 0 --------------------------------- 26817 1294/nxt-ok.c Format_String_Attack 570 char exp_dn[200], exp_dn2[200]; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); strcpy(exp_dn2, "sls.lcs.mit.edu"); comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("uncomp_size = %d\n", strlen(exp_dn2)); printf("exp_dn2 = %s, comp_dn2 = %s\n", exp_dn2, (char *) comp_dn2); 0 --------------------------------- 26818 1294/nxt-ok.c Format_String_Attack 536 dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("comp_size = %d\n", comp_size); 0 --------------------------------- 26819 1294/nxt-ok.c Format_String_Attack 569 dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("comp_size = %d\n", comp_size); 0 --------------------------------- 26820 1294/nxt-ok.c Format_String_Attack 537 char exp_dn[200], exp_dn2[200]; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); strcpy(exp_dn, "lcs.mit.edu"); comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("uncomp_size = %d\n", strlen(exp_dn)); printf("exp_dn = %s, comp_dn = %s\n", exp_dn, (char *) comp_dn); 0 --------------------------------- 26821 1294/nxt-ok.c Format_String_Attack 280 u_char *name = (u_char *) malloc(100*sizeof(u_char)); u_char *msg = (u_char *) malloc(1000 * sizeof(u_char)); msglen = create_msg(msg); int create_msg(u_char *buf) { char exp_dn[200], exp_dn2[200]; int i,len = 0, comp_size; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); len += strlen(temp); strcpy(exp_dn, "lcs.mit.edu"); *dnptrs++ = (u_char *) exp_dn; *dnptrs-- = NULL; lastdnptr = NULL; comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("comp_size = %d\n", comp_size); len += comp_size; len += 10; strcpy(exp_dn2, "sls.lcs.mit.edu"); *dnptrs2++ = (u_char *) exp_dn2; *dnptrs2-- = NULL; lastdnptr = NULL; comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("comp_size = %d\n", comp_size); len += comp_size; len += 16; return (len);} printf("msglen = %d\n", msglen); dp = msg + sizeof(HEADER); ret = rrextract(msg, msglen, dp, name, 100); rrextract(u_char *msg, int msglen, u_char *rrp, u_char *dname, int namelen) printf("msg = %s, msglen = %d, rrp = %s, namelen = %d\n", (char *) msg, msglen, (char *)rrp, namelen); 0 --------------------------------- 26822 1294/nxt-ok.c Format_String_Attack 288 u_char *name = (u_char *) malloc(100*sizeof(u_char)); u_char *msg = (u_char *) malloc(1000 * sizeof(u_char)); msglen = create_msg(msg); int create_msg(u_char *buf) { char exp_dn[200], exp_dn2[200]; int i,len = 0, comp_size; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); len += strlen(temp); strcpy(exp_dn, "lcs.mit.edu"); *dnptrs++ = (u_char *) exp_dn; *dnptrs-- = NULL; lastdnptr = NULL; comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("comp_size = %d\n", comp_size); len += comp_size; len += 10; strcpy(exp_dn2, "sls.lcs.mit.edu"); *dnptrs2++ = (u_char *) exp_dn2; *dnptrs2-- = NULL; lastdnptr = NULL; comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("comp_size = %d\n", comp_size); len += comp_size; len += 16; return (len);} printf("msglen = %d\n", msglen); dp = msg + sizeof(HEADER); ret = rrextract(msg, msglen, dp, name, 100); rrextract(u_char *msg, int msglen, u_char *rrp, u_char *dname, int namelen) cp = rrp; eom = msg + msglen; printf("msg = %s, msglen = %d, rrp = %s, namelen = %d\n", (char *) msg, msglen, (char *)rrp, namelen); if ((n = dn_expand(msg, eom, cp, (char *) dname, namelen)) < 0) { printf("dn_expand returned %d\n", n); printf("First dn_expand returned n = %d\n", n); 0 --------------------------------- 26823 1294/nxt-ok.c Format_String_Attack 283 u_char *name = (u_char *) malloc(100*sizeof(u_char)); u_char *msg = (u_char *) malloc(1000 * sizeof(u_char)); msglen = create_msg(msg); int create_msg(u_char *buf) { char exp_dn[200], exp_dn2[200]; int i,len = 0, comp_size; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); comp_dn2 = (unsigned char *) malloc(200*sizeof(unsigned char)); temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); len += strlen(temp); strcpy(exp_dn, "lcs.mit.edu"); *dnptrs++ = (u_char *) exp_dn; *dnptrs-- = NULL; comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("comp_size = %d\n", comp_size); len += comp_size; len += 10; strcpy(exp_dn2, "sls.lcs.mit.edu"); *dnptrs2-- = NULL; lastdnptr = NULL; comp_size = dn_comp((const char *) exp_dn2, comp_dn2, 200, dnptrs2, lastdnptr); printf("comp_size = %d\n", comp_size); len += comp_size; len += 16; return (len);} printf("msglen = %d\n", msglen); dp = msg + sizeof(HEADER); ret = rrextract(msg, msglen, dp, name, 100); rrextract(u_char *msg, int msglen, u_char *rrp, u_char *dname, int namelen) cp = rrp; eom = msg + msglen; printf("msg = %s, msglen = %d, rrp = %s, namelen = %d\n", (char *) msg, msglen, (char *)rrp, namelen); if ((n = dn_expand(msg, eom, cp, (char *) dname, namelen)) < 0) { printf("dn_expand returned %d\n", n); 0 --------------------------------- 26824 1294/nxt-ok.c Buffer_Overflow_cpycat 526 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); 0 --------------------------------- 26825 1294/nxt-ok.c Buffer_Overflow_cpycat 519 temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); 0 --------------------------------- 26826 1294/nxt-ok.c Buffer_Overflow_cpycat 560 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn2, "sls.lcs.mit.edu"); 0 --------------------------------- 26827 1294/nxt-ok.c String_Termination_Error 535 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); printf("uncomp_size = %d\n", strlen(exp_dn)); 0 --------------------------------- 26828 1294/nxt-ok.c String_Termination_Error 568 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn2, "sls.lcs.mit.edu"); printf("uncomp_size = %d\n", strlen(exp_dn2)); 0 --------------------------------- 26829 1294/nxt-ok.c String_Termination_Error 521 temp1 = (char *) malloc(400*sizeof(char)); temp = temp1; strcpy(temp, "HEADER JUNK:"); len += strlen(temp); 0 --------------------------------- 26830 1296/create_iquery.c Format_String_Attack 147 char exp_dn[200], exp_dn2[200]; int i,len = 0, comp_size; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); len += 12; strcpy(exp_dn, "lcs.mit.edu"); *dnptrs++ = (u_char *) exp_dn; *dnptrs-- = NULL; lastdnptr = NULL; comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("comp_size = %d\n", comp_size); len += comp_size; len += 14; printf("len = %d\n", len); 0 --------------------------------- 26831 1296/create_iquery.c Format_String_Attack 124 char exp_dn[200], exp_dn2[200]; dnptrs = (unsigned char **) malloc(2 * sizeof(unsigned char *)); dnptrs2 = (unsigned char **) malloc(2 * sizeof(unsigned char *)); comp_dn = (unsigned char *) malloc(200*sizeof(unsigned char)); strcpy(exp_dn, "lcs.mit.edu"); comp_size = dn_comp((const char *) exp_dn, comp_dn, 200, dnptrs, lastdnptr); printf("uncomp_size = %d\n", strlen(exp_dn)); printf("exp_dn = %s, comp_dn = %s\n", exp_dn, (char *) comp_dn); 0 --------------------------------- 26832 1296/create_iquery.c Buffer_Overflow_cpycat 113 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); 0 --------------------------------- 26833 1296/create_iquery.c String_Termination_Error 122 char exp_dn[200], exp_dn2[200]; strcpy(exp_dn, "lcs.mit.edu"); printf("uncomp_size = %d\n", strlen(exp_dn)); 0 --------------------------------- 26834 1296/iquery-ok.c Buffer_Overflow_Indexes 178 int main(int argc, char **argv){ assert(argc==2); f = fopen (argv[1], "r"); assert(f!=NULL); assert ((fscanf(f, "%d", &something)) != 0); msglen = create_msg(msg, 10000); req_iquery(hp, &cp, eom, &msglen, msg); 0 --------------------------------- 26835 1296/iquery-ok.c Format_String_Attack 139 msg = (u_char *) malloc(10000*sizeof(u_char)); msglen = create_msg(msg, 10000); int create_msg(u_char *msg, int len){ int i = 0; if ((f = fopen("iquery-file", "r")) == NULL) return -1; while (((c = fgetc(f)) != EOF) && (i < len)) { *msg++ = (u_char) c; i++; return i;} cp = msg + sizeof(HEADER); eom = msg + msglen; req_iquery(hp, &cp, eom, &msglen, msg); req_iquery(HEADER *hp, u_char **cpp, u_char *eom, int *buflenp, u_char *msg) char anbuf[2], *data, *fname; if ((n = dn_skipname(*cpp, eom)) < 0) { *cpp += n; GETSHORT(type, *cpp); *cpp += INT32SZ; GETSHORT(dlen, *cpp); *cpp += dlen; fname = (char *)msg + HFIXEDSZ; alen = (char *)*cpp - fname; if ((size_t)alen > sizeof anbuf){ printf("BUFFER OVERFLOW DETECTED!\n"); printf("Copying %d bytes from fname to anbuf which can store %d bytes\n", alen, sizeof(anbuf)); 0 --------------------------------- 26836 1296/iquery-ok.c Buffer_Overflow_boundedcpy 142 int i = 0; if ((f = fopen("iquery-file", "r")) == NULL) return -1; while (((c = fgetc(f)) != EOF) && (i < len)) { *msg++ = (u_char) c; i++; return i; msg = (u_char *) malloc(10000*sizeof(u_char)); msglen = create_msg(msg, 10000); cp = msg + sizeof(HEADER); eom = msg + msglen; req_iquery(hp, &cp, eom, &msglen, msg); int create_msg(u_char *msg, int len){ cp = msg + sizeof(HEADER); req_iquery(hp, &cp, eom, &msglen, msg); req_iquery(HEADER *hp, u_char **cpp, u_char *eom, int *buflenp, u_char *msg) char anbuf[2], *data, *fname; if ((n = dn_skipname(*cpp, eom)) < 0) { printf("FORMERR IQuery packet name problem\n"); *cpp += n; GETSHORT(type, *cpp); *cpp += INT32SZ; GETSHORT(dlen, *cpp); *cpp += dlen; fname = (char *)msg + HFIXEDSZ; alen = (char *)*cpp - fname; if ((size_t)alen > sizeof anbuf){ return (Finish);} printf("Copying %d bytes from fname to anbuf which can store %d bytes\n", alen, sizeof(anbuf)); memcpy(anbuf, fname, alen); 0 --------------------------------- 26837 1296/iquery-ok.c Buffer_Overflow_unbounded 178 int main(int argc, char **argv){ f = fopen (argv[1], "r"); assert(f!=NULL); assert ((fscanf(f, "%d", &something)) != 0); msglen = create_msg(msg, 10000); req_iquery(hp, &cp, eom, &msglen, msg); 0 --------------------------------- 26838 1298/crackaddr-ok.c Format_String_Attack 266 char address[100]; scanf("%99s", address); res_addr = crackaddr(address); char * crackaddr(addr) register char *addr; static char buf[MAXNAME + 1]; addr++; buflim = bufend = &buf[sizeof(buf) - 1]; bp = bufhead = buf; obp = bp; p = addrhead = addr; while ((c = *p++) != '\0') printf("c = %c\n", c); buflim++; bp--; SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); bufhead = bp; bp = bufhead; SM_APPEND_CHAR('"'); addrhead = p; for (q = addrhead; q < p; ) c = *q++; SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != ':') SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); SM_APPEND_CHAR(c); if (strchr(MustQuoteChars, c) != NULL) buflim--; bp = bufhead; SM_APPEND_CHAR('"'); for (q = addrhead; q < p; ) c = *q++; SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != '<') SM_APPEND_CHAR(c); buflim++; bp--; SM_APPEND_CHAR(c); SM_APPEND_CHAR(' '); SM_APPEND_CHAR(MACROEXPAND); SM_APPEND_CHAR('g'); SM_APPEND_CHAR(c); p--; p++; p++; while ((c = *p++) != ':') p++; p++; while ((c = *p++) != '<') if ((c = *p++) == '\0') SM_APPEND_CHAR(c); buflim--; buflim++; buflim--; SM_APPEND_CHAR(c); #define SM_APPEND_CHAR(c) \ do \ { \ printf ("bp-obp = %d buflim-obp=%d\n", (bp-obp), (buflim-obp)); \ if (SM_HAVE_ROOM) \ *bp++ = (c); \ else \ goto returng; \ } while (0) 0 --------------------------------- 26839 1298/crackaddr-ok.c Format_String_Attack 209 char address[100]; scanf("%99s", address); res_addr = crackaddr(address); char * crackaddr(addr) register char *addr; static char buf[MAXNAME + 1]; addr++; buflim = bufend = &buf[sizeof(buf) - 1]; bp = bufhead = buf; p = addrhead = addr; p++; while ((c = *p++) != '<') while ((c = *p++) != '\0') if ((c = *p++) == '\0') p--; SM_APPEND_CHAR(c); p++; p++; while ((c = *p++) != ':') p++; SM_APPEND_CHAR(*p); SM_APPEND_CHAR(c); #define SM_APPEND_CHAR(c) \ do \ { \ printf ("bp-obp = %d buflim-obp=%d\n", (bp-obp), (buflim-obp)); \ if (SM_HAVE_ROOM) \ *bp++ = (c); \ else \ goto returng; \ } while (0) 0 --------------------------------- 26840 1298/crackaddr-ok.c Format_String_Attack 446 static char buf[MAXNAME + 1]; addr++; buflim = bufend = &buf[sizeof(buf) - 1]; bp = bufhead = buf; obp = bp; p = addrhead = addr; while ((c = *p++) != '<') while ((c = *p++) != '\0') SM_APPEND_CHAR('"'); SM_APPEND_CHAR(c); buflim++; SM_APPEND_CHAR(c); SM_APPEND_CHAR(' '); SM_APPEND_CHAR(MACROEXPAND); SM_APPEND_CHAR('g'); SM_APPEND_CHAR(c); if ((c = *p++) == '\0') p++; p--; SM_APPEND_CHAR(c); buflim--; buflim++; buflim--; SM_APPEND_CHAR(' '); SM_APPEND_CHAR(c); buflim++; SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); p++; bp = bufhead; SM_APPEND_CHAR('"'); p++; for (q = addrhead; q < p; ) c = *q++; SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != ':') SM_APPEND_CHAR(c); p++; SM_APPEND_CHAR(*p); bufhead = bp; SM_APPEND_CHAR(c); buflim--; bp = bufhead; SM_APPEND_CHAR('"'); SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); #define SM_APPEND_CHAR(c) \ do \ { \ printf ("bp-obp = %d buflim-obp=%d\n", (bp-obp), (buflim-obp)); \ if (SM_HAVE_ROOM) \ *bp++ = (c); \ else \ goto returng; \ } while (0) 0 --------------------------------- 26841 1298/crackaddr-ok.c Format_String_Attack 226 static char buf[MAXNAME + 1]; buflim = bufend = &buf[sizeof(buf) - 1]; bp = bufhead = buf; obp = bp; while ((c = *p++) != '\0') printf("c = %c\n", c); buflim--; buflim++; buflim--; SM_APPEND_CHAR(' '); SM_APPEND_CHAR(c); buflim++; bp--; SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); bufhead = bp; bp = bufhead; SM_APPEND_CHAR('"'); addrhead = p; for (q = addrhead; q < p; ) c = *q++; SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != ':') SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); SM_APPEND_CHAR(c); if (strchr(MustQuoteChars, c) != NULL) buflim--; bp = bufhead; SM_APPEND_CHAR('"'); for (q = addrhead; q < p; ) c = *q++; SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != '<') SM_APPEND_CHAR(c); buflim++; bp--; SM_APPEND_CHAR(c); SM_APPEND_CHAR(' '); SM_APPEND_CHAR(MACROEXPAND); SM_APPEND_CHAR('g'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); #define SM_APPEND_CHAR(c) \ do \ { \ printf ("bp-obp = %d buflim-obp=%d\n", (bp-obp), (buflim-obp)); \ if (SM_HAVE_ROOM) \ *bp++ = (c); \ else \ goto returng; \ } while (0) 0 --------------------------------- 26842 1298/crackaddr-ok.c Format_String_Attack 440 addr++; p = addrhead = addr; p++; while ((c = *p++) != '\0') if ((c = *p++) == '\0') while ((c = *p++) != '<') p--; p++; p++; while ((c = *p++) != ':') p++; SM_APPEND_CHAR(*p); bufhead = bp; addrhead = p; bp = bufhead; for (q = addrhead; q < p; ) c = *q++; SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); SM_APPEND_CHAR('\\'); #define SM_APPEND_CHAR(c) \ do \ { \ printf ("bp-obp = %d buflim-obp=%d\n", (bp-obp), (buflim-obp)); \ if (SM_HAVE_ROOM) \ *bp++ = (c); \ else \ goto returng; \ } while (0) 0 --------------------------------- 26843 1298/crackaddr-ok.c Format_String_Attack 561 buf[4]= '\0'; return buf; res_addr = crackaddr(address); printf("result = %s\n", res_addr); printf("buf len = %d\n", strlen(res_addr)); 0 --------------------------------- 26844 1298/crackaddr-ok.c Format_String_Attack 540 static char test_buf[10]; strcpy(test_buf, "GOOD"); printf("test_buf = %s\n", test_buf); 0 --------------------------------- 26845 1298/crackaddr-ok.c Format_String_Attack 317 char address[100]; scanf("%99s", address); res_addr = crackaddr(address); char * crackaddr(addr) register char *addr; addr++; p = addrhead = addr; while ((c = *p++) != '\0') printf("c = %c\n", c); SM_APPEND_CHAR(*p); SM_APPEND_CHAR(c); p--; p++; p++; while ((c = *p++) != ':') p++; p++; while ((c = *p++) != '<') if ((c = *p++) == '\0') SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); #define SM_APPEND_CHAR(c) \ do \ { \ printf ("bp-obp = %d buflim-obp=%d\n", (bp-obp), (buflim-obp)); \ if (SM_HAVE_ROOM) \ *bp++ = (c); \ else \ goto returng; \ } while (0) 0 --------------------------------- 26846 1298/crackaddr-ok.c Format_String_Attack 346 char address[100]; scanf("%99s", address); res_addr = crackaddr(address); char * crackaddr(addr) register char *addr; addr++; p = addrhead = addr; p++; while ((c = *p++) != '<') while ((c = *p++) != '\0') if ((c = *p++) == '\0') p--; p++; p++; while ((c = *p++) != ':') p++; SM_APPEND_CHAR(*p); bufhead = bp; bp = bufhead; addrhead = p; for (q = addrhead; q < p; ) c = *q++; SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); SM_APPEND_CHAR('\\'); #define SM_APPEND_CHAR(c) \ do \ { \ printf ("bp-obp = %d buflim-obp=%d\n", (bp-obp), (buflim-obp)); \ if (SM_HAVE_ROOM) \ *bp++ = (c); \ else \ goto returng; \ } while (0) 0 --------------------------------- 26847 1298/crackaddr-ok.c Format_String_Attack 197 qmode = realqmode = addangle = false; printf("qmode = %d\n", qmode); 0 --------------------------------- 26848 1298/crackaddr-ok.c Format_String_Attack 374 static char buf[MAXNAME + 1]; buflim = bufend = &buf[sizeof(buf) - 1]; bp = bufhead = buf; obp = bp; SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); buflim--; SM_APPEND_CHAR('"'); SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); SM_APPEND_CHAR('"'); SM_APPEND_CHAR(c); buflim++; SM_APPEND_CHAR(c); SM_APPEND_CHAR(' '); SM_APPEND_CHAR(MACROEXPAND); SM_APPEND_CHAR('g'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); buflim--; buflim++; buflim--; SM_APPEND_CHAR(' '); SM_APPEND_CHAR(c); buflim++; SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); bufhead = bp; bp = bufhead; SM_APPEND_CHAR('"'); addrhead = p; for (q = addrhead; q < p; ) c = *q++; SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != ':') SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); #define SM_APPEND_CHAR(c) \ do \ { \ printf ("bp-obp = %d buflim-obp=%d\n", (bp-obp), (buflim-obp)); \ if (SM_HAVE_ROOM) \ *bp++ = (c); \ else \ goto returng; \ } while (0) 0 --------------------------------- 26849 1298/crackaddr-ok.c Format_String_Attack 460 char address[100]; scanf("%99s", address); res_addr = crackaddr(address); char * crackaddr(addr) register char *addr; static char buf[MAXNAME + 1]; addr++; buflim = bufend = &buf[sizeof(buf) - 1]; bp = bufhead = buf; obp = bp; p = addrhead = addr; while ((c = *p++) != '\0') buflim++; SM_APPEND_CHAR(c); SM_APPEND_CHAR(' '); SM_APPEND_CHAR(MACROEXPAND); SM_APPEND_CHAR('g'); SM_APPEND_CHAR(c); if ((c = *p++) == '\0') p--; SM_APPEND_CHAR(c); buflim--; buflim++; buflim--; SM_APPEND_CHAR(' '); SM_APPEND_CHAR(c); buflim++; SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); p++; bp = bufhead; SM_APPEND_CHAR('"'); p++; for (q = addrhead; q < p; ) c = *q++; SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != ':') SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); p++; bufhead = bp; addrhead = p; SM_APPEND_CHAR(c); buflim--; bp = bufhead; SM_APPEND_CHAR('"'); p++; for (q = addrhead; q < p; ) c = *q++; SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); bp--; while ((c = *p++) != '<') SM_APPEND_CHAR(c); #define SM_APPEND_CHAR(c) \ do \ { \ printf ("bp-obp = %d buflim-obp=%d\n", (bp-obp), (buflim-obp)); \ if (SM_HAVE_ROOM) \ *bp++ = (c); \ else \ goto returng; \ } while (0) 0 --------------------------------- 26850 1298/crackaddr-ok.c Format_String_Attack 501 char address[100]; scanf("%99s", address); res_addr = crackaddr(address); char * crackaddr(addr) register char *addr; static char buf[MAXNAME + 1]; addr++; buflim = bufend = &buf[sizeof(buf) - 1]; bp = bufhead = buf; obp = bp; p = addrhead = addr; p++; while ((c = *p++) != '<') while ((c = *p++) != '\0') printf("c = %c\n", c); SM_APPEND_CHAR(MACROEXPAND); SM_APPEND_CHAR('g'); SM_APPEND_CHAR(c); if ((c = *p++) == '\0') p--; SM_APPEND_CHAR(c); buflim--; buflim++; buflim--; SM_APPEND_CHAR(' '); SM_APPEND_CHAR(c); buflim++; bp--; SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); p++; bufhead = bp; bp = bufhead; SM_APPEND_CHAR('"'); p++; addrhead = p; for (q = addrhead; q < p; ) c = *q++; SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != ':') SM_APPEND_CHAR(c); p++; SM_APPEND_CHAR(*p); SM_APPEND_CHAR(c); if (strchr(MustQuoteChars, c) != NULL) buflim--; bp = bufhead; SM_APPEND_CHAR('"'); for (q = addrhead; q < p; ) c = *q++; SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != '<') SM_APPEND_CHAR(c); buflim++; bp--; SM_APPEND_CHAR(c); SM_APPEND_CHAR(' '); #define SM_APPEND_CHAR(c) \ do \ { \ printf ("bp-obp = %d buflim-obp=%d\n", (bp-obp), (buflim-obp)); \ if (SM_HAVE_ROOM) \ *bp++ = (c); \ else \ goto returng; \ } while (0) 0 --------------------------------- 26851 1298/crackaddr-ok.c Buffer_Overflow_cpycat 175 static char test_buf[10]; strcpy(test_buf, "GOOD"); 0 --------------------------------- 26852 1298/crackaddr-ok.c Buffer_Overflow_Indexes 557 scanf("%99s", address); res_addr = crackaddr(address); char * crackaddr(addr) register char *addr; while (*addr != '\0' && isascii((int)*addr) && isspace((int)*addr)) addr++; p = addrhead = addr; while ((c = *p++) != '\0') printf("c = %c\n", c); SM_APPEND_CHAR(c); if (c == '\\') if ((c = *p++) == '\0') p--; SM_APPEND_CHAR(c); if (c == '"' && cmtlev <= 0) if (copylev > 0 && SM_HAVE_ROOM) if (c == '(') if (SM_HAVE_ROOM) if (bp != bufhead) SM_APPEND_CHAR(' '); SM_APPEND_CHAR(c); if (c == ')') if (SM_HAVE_ROOM) else if (c == ')') if (copylev > 0 && SM_HAVE_ROOM) bp--; if (c == '[') else if (c == ']') if (c == ':' && anglelev <= 0 && bracklev <= 0 && !gotcolon && !ColonOkInAddr) if (*p == ':' || *p == '.') SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); p++; --p; while (p > addr && isascii((int) *--p) && isspace((int) *p)) p++; for (q = addrhead; q < p; ) c = *q++; if (quoteit && c == '"') SM_APPEND_CHAR(c); SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); if (bp == &bufhead[1]) bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != ':') SM_APPEND_CHAR(c); while (isascii((int)*p) && isspace((int)*p)) SM_APPEND_CHAR(*p); SM_APPEND_CHAR(c); p++; bufhead = bp; if (bp != bufhead) bp = bufhead; SM_APPEND_CHAR('"'); if (bp == &bufhead[1]) addrhead = p; if (c == ';' && copylev <= 0 && !ColonOkInAddr) SM_APPEND_CHAR(c); if (strchr(MustQuoteChars, c) != NULL) if (c == '<') if (SM_HAVE_ROOM) bp = bufhead; SM_APPEND_CHAR('"'); --p; while (p > addr && isascii((int)*--p) && isspace((int)*p)) p++; for (q = addrhead; q < p; ) c = *q++; if (quoteit && c == '"') SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); if (bp == &buf[1]) bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != '<') SM_APPEND_CHAR(c); if (c == '>') if (SM_HAVE_ROOM) else if (SM_HAVE_ROOM) bp--; SM_APPEND_CHAR(c); if (bp > buf && bp[-1] == ')') SM_APPEND_CHAR(' '); SM_APPEND_CHAR(MACROEXPAND); SM_APPEND_CHAR('g'); if (realqmode && bp < bufend) *bp++ = '"'; while (realcmtlev-- > 0 && bp < bufend) *bp++ = ')'; if (addangle && bp < bufend) *bp++ = '>'; *bp = '\0'; if (bp < bufend) 0 --------------------------------- 26853 1298/crackaddr-ok.c String_Termination_Error 389 char address[100]; scanf("%99s", address); res_addr = crackaddr(address); char * crackaddr(addr) register char *addr; addr++; p = addrhead = addr; while ((c = *p++) != '\0') printf("c = %c\n", c); p--; p++; p++; p++; p++; while ((c = *p++) != '<') if ((c = *p++) == '\0') addrhead = p; for (q = addrhead; q < p; ) c = *q++; while ((c = *p++) != ':') MustQuoteChars = "@,;:\\()[].'"; res_addr = crackaddr(address); if (strchr(MustQuoteChars, c) != NULL) 0 --------------------------------- 26854 1298/crackaddr-ok.c Buffer_Overflow_scanf 557 char address[100]; scanf("%99s", address); 0 --------------------------------- 26855 1298/crackaddr-ok.c Buffer_Overflow_unbounded 551 scanf("%d", &ColonOkInAddr); res_addr = crackaddr(address); !gotcolon && !ColonOkInAddr) if (c == ';' && copylev <= 0 && !ColonOkInAddr) 0 --------------------------------- 26856 1298/crackaddr-ok.c Buffer_Overflow_unbounded 557 scanf("%99s", address); res_addr = crackaddr(address); char * crackaddr(addr) register char *addr; while (*addr != '\0' && isascii((int)*addr) && isspace((int)*addr)) addr++; p = addrhead = addr; while ((c = *p++) != '\0') printf("c = %c\n", c); SM_APPEND_CHAR(c); if (c == '\\') if ((c = *p++) == '\0') p--; SM_APPEND_CHAR(c); if (c == '"' && cmtlev <= 0) if (copylev > 0 && SM_HAVE_ROOM) if (c == '(') if (SM_HAVE_ROOM) if (bp != bufhead) SM_APPEND_CHAR(' '); SM_APPEND_CHAR(c); if (c == ')') if (SM_HAVE_ROOM) else if (c == ')') if (copylev > 0 && SM_HAVE_ROOM) bp--; if (c == '[') else if (c == ']') if (c == ':' && anglelev <= 0 && bracklev <= 0 && !gotcolon && !ColonOkInAddr) if (*p == ':' || *p == '.') SM_APPEND_CHAR(c); SM_APPEND_CHAR(*p); p++; --p; while (p > addr && isascii((int) *--p) && isspace((int) *p)) p++; for (q = addrhead; q < p; ) c = *q++; if (quoteit && c == '"') SM_APPEND_CHAR(c); SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); if (bp == &bufhead[1]) bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != ':') SM_APPEND_CHAR(c); while (isascii((int)*p) && isspace((int)*p)) SM_APPEND_CHAR(*p); SM_APPEND_CHAR(c); p++; bufhead = bp; if (bp != bufhead) bp = bufhead; SM_APPEND_CHAR('"'); if (bp == &bufhead[1]) addrhead = p; if (c == ';' && copylev <= 0 && !ColonOkInAddr) SM_APPEND_CHAR(c); if (strchr(MustQuoteChars, c) != NULL) if (c == '<') if (SM_HAVE_ROOM) bp = bufhead; SM_APPEND_CHAR('"'); --p; while (p > addr && isascii((int)*--p) && isspace((int)*p)) p++; for (q = addrhead; q < p; ) c = *q++; if (quoteit && c == '"') SM_APPEND_CHAR('\\'); SM_APPEND_CHAR(c); SM_APPEND_CHAR(c); if (bp == &buf[1]) bp--; SM_APPEND_CHAR('"'); while ((c = *p++) != '<') SM_APPEND_CHAR(c); if (c == '>') if (SM_HAVE_ROOM) else if (SM_HAVE_ROOM) bp--; SM_APPEND_CHAR(c); if (bp > buf && bp[-1] == ')') SM_APPEND_CHAR(' '); SM_APPEND_CHAR(MACROEXPAND); SM_APPEND_CHAR('g'); if (realqmode && bp < bufend) *bp++ = '"'; while (realcmtlev-- > 0 && bp < bufend) *bp++ = ')'; if (addangle && bp < bufend) *bp++ = '>'; *bp = '\0'; if (bp < bufend) 0 --------------------------------- 26857 1300/main-ok.c Format_String_Attack 84 ADDRESS **sendq = NULL; int aliaslevel = 0; ADDRESS *a = (ADDRESS *) malloc(sizeof(struct address)); a->q_flags = 0x00000000; a->q_user = "rpc"; ret_address = (ADDRESS *) recipient(a, sendq, aliaslevel); printf("Real name of user %s = %s\n", a->q_user, ret_address->q_fullname); 0 --------------------------------- 26858 1300/recipient-ok.c Format_String_Attack 180 printf ("sizeof(nbuf) = %d\n", sizeof(nbuf)); buildfname(pw->pw_gecos, pw->pw_name, nbuf, sizeof(nbuf)); printf("nbuf before call to buildfname = %s\n", nbuf); 0 --------------------------------- 26859 1300/recipient-ok.c Format_String_Attack 308 char buf[MAXNAME + 1]; buildfname(pw->pw_gecos, pw->pw_name, buf, sizeof(buf)); if (strchr(buf, ' ') != NULL && !strcasecmp(buf, name)) { printf ("sizeof(buf) = %d\n", sizeof(buf)); 0 --------------------------------- 26860 1300/recipient-ok.c Format_String_Attack 191 char test_buf[10]; strcpy(test_buf, "GOOD"); printf("test_buf should be GOOD. test_buf = %s\n", test_buf); 0 --------------------------------- 26861 1300/recipient-ok.c Format_String_Attack 182 char nbuf[MAXNAME + 1]; buildfname(pw->pw_gecos, pw->pw_name, nbuf, sizeof(nbuf)); printf("nbuf before call to buildfname = %s\n", nbuf); printf ("sizeof(nbuf) = %d\n", sizeof(nbuf)); 0 --------------------------------- 26862 1300/recipient-ok.c Format_String_Attack 179 char buf0[MAXNAME + 1]; i = strlen(a->q_user); if (i >= sizeof buf0) buf = xalloc(i + 1); buf = buf0; (void) strcpy(buf, a->q_user); auto enum bool fuzzy; pw = finduser(buf, &fuzzy); buildfname(pw->pw_gecos, pw->pw_name, nbuf, sizeof(nbuf)); a->q_ruser = newstr(pw->pw_name); printf("Before call to builfname, pw_gecos = %s, and pw_name = %s\n", pw->pw_gecos, pw->pw_name); 0 --------------------------------- 26863 1300/recipient-ok.c Buffer_Overflow_cpycat 140 char buf0[MAXNAME + 1]; i = strlen(a->q_user); if (i >= sizeof buf0) buf = xalloc(i + 1); buf = buf0; (void) strcpy(buf, a->q_user); 0 --------------------------------- 26864 1300/recipient-ok.c Buffer_Overflow_cpycat 168 char test_buf[10]; strcpy(test_buf, "GOOD"); 0 --------------------------------- 26865 1300/recipient-ok.c String_Termination_Error 170 char buf0[MAXNAME + 1]; 114 i = strlen(a->q_user); if (i >= sizeof buf0) buf = xalloc(i + 1); buf = buf0; (void) strcpy(buf, a->q_user); auto enum bool fuzzy; pw = finduser(buf, &fuzzy); if (strcmp(pw->pw_dir, "/") == 0) 0 --------------------------------- 26866 1300/recipient-ok.c String_Termination_Error 311 char buf[MAXNAME + 1]; printf ("sizeof(buf) = %d\n", sizeof(buf)); buildfname(pw->pw_gecos, pw->pw_name, buf, sizeof(buf)); if (strchr(buf, ' ') != NULL && !strcasecmp(buf, name)) { 0 --------------------------------- 26867 1300/recipient.c Format_String_Attack 1251 errno = 0; printf("include: read error: %s\n", errstring(errno)); 0 --------------------------------- 26868 1300/recipient.c Format_String_Attack 159 ca = getctladdr(ctladdr); register ADDRESS *a; return (a); ctladdr->q_uid = st.st_uid; ctladdr->q_ruser = ca->q_ruser; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS **sendq; char *oldto = e->e_to; e->e_message = newstr("Deferred: user database error"); e->e_nrcpts++; e->e_nrcpts++; fprintf(e->e_xfp, register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); e->e_to = oldto; register ENVELOPE *e; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_flags |= EF_SENDRECEIPT; register ENVELOPE *e; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); forward(a, sendq, aliaslevel, e); a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; e->e_to = a->q_paddr; e->e_origrcpt = a->q_paddr; e->e_origrcpt = ""; e->e_nrcpts++; ENVELOPE *e; char *oldto = e->e_to; oldto, shortenstring(buf, 203)); e->e_to = oldto; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_to = NULL; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; char buf[MAXNAME + 1]; printaddr(ctladdr, FALSE); strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || e->e_flags &= ~EF_OLDSTYLE; a = a->q_alias; return (a); ca = getctladdr(ctladdr); ctladdr->q_ruser = ca->q_ruser; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); delimiter = ' '; if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL) delimiter = ','; al = NULL; i = strlen(list) + 1; if (i <= sizeof buf) bufp = buf; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) auto char *delimptr; while ((isascii(*p) && isspace(*p)) || *p == ',') p++; p = delimptr; b = self_reference(a, e); a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); if (sameaddr(ctladdr, a)) b = self_reference(a, e); printaddr(a, FALSE); a->q_orcpt = ctladdr->q_orcpt; al = a; a->q_next = al; if (sameaddr(ctladdr, a)) printaddr(ctladdr, FALSE); a->q_alias = ctladdr; if (sameaddr(ctladdr, a)) ctladdr->q_flags |= QSELFREF; a->q_flags |= QDONTSEND; a->q_fullname = ctladdr->q_fullname; a->q_flags &= ~QINHERITEDBITS; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; al = a->q_next; register ADDRESS *a = al; alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; register ADDRESS **sendq; bool initialdontsend = bitset(QDONTSEND, a->q_flags); a->q_flags |= QPRIMARY; printaddr(a, FALSE); i = strlen(a->q_user); (void) strcpy(buf, a->q_user); a->q_flags |= QBADADDR; a->q_status = "5.7.1"; else if (bitset(QBOGUSSHELL, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_ruser, MyHostName); else if (bitset(QUNSAFEADDR, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_paddr); for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) printaddr(q, FALSE); if (!bitset(QPRIMARY, q->q_flags)) if (!bitset(QDONTSEND, a->q_flags)) q->q_flags |= a->q_flags; else if (bitset(QSELFREF, q->q_flags)) q->q_flags |= a->q_flags & ~QDONTSEND; a = q; a->q_next = NULL; printf("at trylocaluser %s\n", a->q_user); if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags)) a->q_flags |= QDONTSEND; ctladdr->q_gid = st.st_gid; ctladdr->q_ruser = ca->q_ruser; pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= QQUEUEUP; ctladdr->q_flags |= QGOODUID; ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags |= QVERIFIED; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags &= ~QSELFREF; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags)) ctladdr->q_flags |= QDONTSEND; ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); message("including file %s", a->q_user); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; FILE *volatile fp = NULL; char buf[MAXLINE]; printf("include(%s)\n", fname); rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register char **argv; while ((p = *argv++) != NULL) (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); char *list; printf("sendto: %s\n ctladdr=", list); 0 --------------------------------- 26869 1300/recipient.c Format_String_Attack 423 ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; ADDRESS **sendq; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; FILE *volatile fp = NULL; char buf[MAXLINE]; printf("include(%s)\n", fname); rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); oldto, shortenstring(buf, 203)); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS **sendq; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; printf("at trylocaluser %s\n", a->q_user); register char **argv; while ((p = *argv++) != NULL) (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); char *list; register ADDRESS *a; a = a->q_alias; ca = getctladdr(ctladdr); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_ruser = ca->q_ruser; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS **sendq; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); if (sameaddr(ctladdr, a)) b = self_reference(a, e); printaddr(a, FALSE); a->q_fullname = ctladdr->q_fullname; a->q_orcpt = ctladdr->q_orcpt; al = a; a->q_next = al; if (sameaddr(ctladdr, a)) printaddr(ctladdr, FALSE); a->q_alias = ctladdr; al = a; al = a->q_next; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; bool initialdontsend = bitset(QDONTSEND, a->q_flags); a->q_flags |= QPRIMARY; printaddr(a, FALSE); a->q_flags |= QBADADDR; a->q_status = "5.7.1"; else if (bitset(QBOGUSSHELL, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_ruser, MyHostName); else if (bitset(QUNSAFEADDR, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_paddr); if (sameaddr(q, a)) printaddr(q, FALSE); if (!bitset(QPRIMARY, q->q_flags)) if (!bitset(QDONTSEND, a->q_flags)) q->q_flags |= a->q_flags; else if (bitset(QSELFREF, q->q_flags)) q->q_flags |= a->q_flags & ~QDONTSEND; a = q; a->q_next = NULL; if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags)) a->q_flags |= QDONTSEND; message("including file %s", a->q_user); ctladdr->q_ruser = ca->q_ruser; pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); ctladdr->q_flags |= QVERIFIED; if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags)) ctladdr->q_flags |= QDONTSEND; ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= QQUEUEUP; ctladdr->q_flags |= QGOODUID; ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags &= ~QSELFREF; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ctladdr->q_gid = st.st_gid; ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; struct stat st; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); if (fstat(fileno(fp), &st) < 0) ctladdr->q_uid = st.st_uid; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS *ctladdr; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS **sendq; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); forward(a, sendq, aliaslevel, e); a = recipient(a, sendq, aliaslevel, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; char *oldto = e->e_to; e->e_message = newstr("Deferred: user database error"); register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); e->e_nrcpts++; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_nrcpts++; e->e_flags |= EF_SENDRECEIPT; fprintf(e->e_xfp, register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); e->e_to = oldto; register ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; char *oldto = e->e_to; e->e_nrcpts++; oldto, shortenstring(buf, 203)); e->e_to = oldto; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; if (bitset(EF_VRFYONLY, e->e_flags)) nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; e->e_to = a->q_paddr; e->e_origrcpt = a->q_paddr; e->e_origrcpt = ""; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; e->e_to = NULL; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; char buf[MAXNAME + 1]; printf("sendto: %s\n ctladdr=", list); printaddr(ctladdr, FALSE); strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || e->e_flags &= ~EF_OLDSTYLE; delimiter = ' '; if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL) delimiter = ','; al = NULL; i = strlen(list) + 1; if (i <= sizeof buf) bufp = buf; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) auto char *delimptr; while ((isascii(*p) && isspace(*p)) || *p == ',') p++; p = delimptr; b = self_reference(a, e); a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); if (sameaddr(ctladdr, a)) ctladdr->q_flags |= QSELFREF; a->q_flags |= QDONTSEND; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; a->q_flags &= ~QINHERITEDBITS; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; register ADDRESS **sendq; i = strlen(a->q_user); (void) strcpy(buf, a->q_user); for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; printf("at trylocaluser %s\n", a->q_user); 0 --------------------------------- 26870 1300/recipient.c Format_String_Attack 863 char *filename; int flags; printf("writable(%s, 0x%x)\n", filename, flags); 0 --------------------------------- 26871 1300/recipient.c Format_String_Attack 814 while ((pw = getpwent()) != NULL) if (strcasecmp(pw->pw_name, name) == 0) buildfname(pw->pw_gecos, pw->pw_name, buf); printf("fuzzy matches %s\n", pw->pw_name); 0 --------------------------------- 26872 1300/recipient.c Format_String_Attack 1242 syslog(LOG_INFO, "%s: user %s has bad shell %s, marked %s",shortenstring(fname, 203),pw->pw_name, sh, safechown ? "bogus" : "unsafe"); syslog(LOG_INFO, "%s: world writable %s file, marked unsafe", shortenstring(fname, 203), forwarding ? "forward" : ":include:"); syslog(LOG_INFO, "%s: forward %.200s => %s", e->e_id == NULL ? "NOQUEUE" : e->e_id, oldto, shortenstring(buf, 203)); 0 --------------------------------- 26873 1300/recipient.c Format_String_Attack 397 safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register char **argv; while ((p = *argv++) != NULL) (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); char *list; ADDRESS **sendq; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS **sendq; e->e_message = newstr("Deferred: user database error"); fprintf(e->e_xfp, register ENVELOPE *e; (time_t) 0, e); alias(a, sendq, aliaslevel, e); maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); forward(a, sendq, aliaslevel, e); a = recipient(a, sendq, aliaslevel, e); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; e->e_nrcpts++; ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; char *oldto = e->e_to; a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; e->e_origrcpt = a->q_paddr; register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); e->e_nrcpts++; e->e_nrcpts++; register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); e->e_to = oldto; char *oldto = e->e_to; oldto, shortenstring(buf, 203)); e->e_to = oldto; ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_flags |= EF_SENDRECEIPT; register ENVELOPE *e; printf("at trylocaluser %s\n", a->q_user); message("including file %s", a->q_user); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; e->e_to = a->q_paddr; e->e_origrcpt = a->q_paddr; e->e_origrcpt = ""; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_to = NULL; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; char buf[MAXNAME + 1]; printf("sendto: %s\n ctladdr=", list); printaddr(ctladdr, FALSE); strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || e->e_flags &= ~EF_OLDSTYLE; delimiter = ' '; if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL) delimiter = ','; al = NULL; i = strlen(list) + 1; if (i <= sizeof buf) bufp = buf; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) auto char *delimptr; while ((isascii(*p) && isspace(*p)) || *p == ',') p++; p = delimptr; b = self_reference(a, e); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); al = a; register ADDRESS *a = al; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; register ADDRESS **sendq; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) printf("%s in sendq: ", a->q_paddr); 0 --------------------------------- 26874 1300/recipient.c Format_String_Attack 1166 struct stat st; if (fstat(fileno(fp), &st) < 0) pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); sh = pw->pw_shell; sh = "/SENDMAIL/ANY/SHELL/"; if (!usershellok(pw->pw_name, sh)) syslog(LOG_INFO, "%s: user %s has bad shell %s, marked %s", shortenstring(fname, 203), pw->pw_name, sh, safechown ? "bogus" : "unsafe"); 0 --------------------------------- 26875 1300/recipient.c Format_String_Attack 317 (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); int aliaslevel; aliaslevel, MaxAliasRecursion); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); int aliaslevel; a = recipient(a, sendq, aliaslevel, e); int aliaslevel; printf("\nrecipient (%d): ", aliaslevel); 0 --------------------------------- 26876 1300/recipient.c Format_String_Attack 1083 errno = 0; rval = errno; printf("include: open: %s\n", errstring(rval)); 0 --------------------------------- 26877 1300/recipient.c Buffer_Overflow_cpycat 182 ADDRESS *ctladdr; if (sameaddr(ctladdr, a)) printaddr(ctladdr, FALSE); ctladdr->q_flags |= QSELFREF; struct stat st; if (fstat(fileno(fp), &st) < 0) ctladdr->q_uid = st.st_uid; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS *ctladdr; char *oldto = e->e_to; if (sameaddr(ctladdr, a)) a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); e->e_to = oldto; register ENVELOPE *e; register ADDRESS *a; i = strlen(a->q_user); (void) strcpy(buf, a->q_user); message("including file %s", a->q_user); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); char *list; printaddr(ctladdr, FALSE); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS *ctladdr; strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || i = strlen(list) + 1; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS **sendq; char *oldto = e->e_to; e->e_message = newstr("Deferred: user database error"); e->e_nrcpts++; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_nrcpts++; e->e_flags |= EF_SENDRECEIPT; fprintf(e->e_xfp, register ENVELOPE *e; e->e_to = a->q_paddr; e->e_message = newstr("Deferred: user database error"); e->e_nrcpts++; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_nrcpts++; e->e_flags |= EF_SENDRECEIPT; fprintf(e->e_xfp, a = recipient(a, sendq, aliaslevel, e); e->e_to = oldto; register ENVELOPE *e; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); forward(a, sendq, aliaslevel, e); a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; e->e_to = a->q_paddr; e->e_origrcpt = a->q_paddr; e->e_origrcpt = ""; e->e_nrcpts++; ENVELOPE *e; char *oldto = e->e_to; oldto, shortenstring(buf, 203)); e->e_to = oldto; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_to = NULL; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; char buf[MAXNAME + 1]; e->e_flags &= ~EF_OLDSTYLE; delimiter = ' '; if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL) delimiter = ','; al = NULL; i = strlen(list) + 1; if (i <= sizeof buf) bufp = buf; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) auto char *delimptr; while ((isascii(*p) && isspace(*p)) || *p == ',') p++; p = delimptr; b = self_reference(a, e); a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); a->q_next = al; a->q_alias = ctladdr; if (sameaddr(ctladdr, a)) a->q_flags |= QDONTSEND; a->q_fullname = ctladdr->q_fullname; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; a->q_flags &= ~QINHERITEDBITS; al = a; register ADDRESS *a = al; alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; register ADDRESS **sendq; bool initialdontsend = bitset(QDONTSEND, a->q_flags); a->q_flags |= QPRIMARY; i = strlen(a->q_user); (void) strcpy(buf, a->q_user); a->q_flags |= QBADADDR; a->q_status = "5.7.1"; else if (bitset(QBOGUSSHELL, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_ruser, MyHostName); else if (bitset(QUNSAFEADDR, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_paddr); for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) if (!bitset(QPRIMARY, q->q_flags)) else if (bitset(QSELFREF, q->q_flags)) a = q; if (sameaddr(q, a)) if (!bitset(QPRIMARY, q->q_flags)) if (!bitset(QDONTSEND, a->q_flags)) q->q_flags |= a->q_flags; else if (bitset(QSELFREF, q->q_flags)) q->q_flags |= a->q_flags & ~QDONTSEND; a = q; a->q_next = NULL; printf("at trylocaluser %s\n", a->q_user); if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags)) a->q_flags |= QDONTSEND; ctladdr->q_gid = st.st_gid; ctladdr->q_ruser = ca->q_ruser; pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; a = a->q_alias; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= QQUEUEUP; ctladdr->q_flags |= QGOODUID; ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags |= QVERIFIED; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags &= ~QSELFREF; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags)) ctladdr->q_flags |= QDONTSEND; ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); message("including file %s", a->q_user); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; FILE *volatile fp = NULL; char buf[MAXLINE]; printf("include(%s)\n", fname); rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); oldto, shortenstring(buf, 203)); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register char **argv; while ((p = *argv++) != NULL) (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); char *list; printf("sendto: %s\n ctladdr=", list); strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || i = strlen(list) + 1; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); 0 --------------------------------- 26878 1300/recipient.c Buffer_Overflow_cpycat 349 while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register char **argv; while ((p = *argv++) != NULL) (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); char *list; ADDRESS *ctladdr; a->q_alias = ctladdr; al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; ca = getctladdr(ctladdr); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; if (sameaddr(ctladdr, a)) a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; i = strlen(a->q_user); buf = xalloc(i + 1); (void) strcpy(buf, a->q_user); register ADDRESS *a; a = a->q_alias; ca = getctladdr(ctladdr); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; a = a->q_alias; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_ruser = ca->q_ruser; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS **sendq; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ctladdr->q_gid = st.st_gid; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); if (sameaddr(ctladdr, a)) b = self_reference(a, e); printaddr(a, FALSE); a->q_fullname = ctladdr->q_fullname; a->q_orcpt = ctladdr->q_orcpt; al = a; a->q_next = al; if (sameaddr(ctladdr, a)) printaddr(ctladdr, FALSE); a->q_alias = ctladdr; al = a; al = a->q_next; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; bool initialdontsend = bitset(QDONTSEND, a->q_flags); a->q_flags |= QPRIMARY; printaddr(a, FALSE); (void) strcpy(buf, a->q_user); a->q_flags |= QBADADDR; a->q_status = "5.7.1"; else if (bitset(QBOGUSSHELL, a->q_alias->q_flags)) oldto, shortenstring(buf, 203)); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_ruser, MyHostName); else if (bitset(QUNSAFEADDR, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_paddr); if (sameaddr(q, a)) printaddr(q, FALSE); if (!bitset(QPRIMARY, q->q_flags)) if (!bitset(QDONTSEND, a->q_flags)) q->q_flags |= a->q_flags; else if (bitset(QSELFREF, q->q_flags)) q->q_flags |= a->q_flags & ~QDONTSEND; a = q; a->q_next = NULL; printf("at trylocaluser %s\n", a->q_user); if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags)) a->q_flags |= QDONTSEND; message("including file %s", a->q_user); ctladdr->q_ruser = ca->q_ruser; pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= QQUEUEUP; ctladdr->q_flags |= QGOODUID; ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags &= ~QSELFREF; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS **sendq; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; ctladdr->q_gid = st.st_gid; ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; struct stat st; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); if (fstat(fileno(fp), &st) < 0) ctladdr->q_uid = st.st_uid; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); forward(a, sendq, aliaslevel, e); fprintf(e->e_xfp, a = recipient(a, sendq, aliaslevel, e); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; e->e_origrcpt = a->q_paddr; e->e_message = newstr("Deferred: user database error"); register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); e->e_nrcpts++; e->e_nrcpts++; register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *oldto = e->e_to; e->e_nrcpts++; oldto, shortenstring(buf, 203)); e->e_to = oldto; ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; e->e_to = a->q_paddr; e->e_origrcpt = ""; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; e->e_to = NULL; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; char buf[MAXNAME + 1]; printf("sendto: %s\n ctladdr=", list); printaddr(ctladdr, FALSE); strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || e->e_flags &= ~EF_OLDSTYLE; delimiter = ' '; if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL) delimiter = ','; al = NULL; i = strlen(list) + 1; if (i <= sizeof buf) bufp = buf; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) auto char *delimptr; while ((isascii(*p) && isspace(*p)) || *p == ',') p++; p = delimptr; b = self_reference(a, e); a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); if (sameaddr(ctladdr, a)) ctladdr->q_flags |= QSELFREF; a->q_flags |= QDONTSEND; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; a->q_flags &= ~QINHERITEDBITS; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; i = strlen(a->q_user); buf = xalloc(i + 1); (void) strcpy(buf, a->q_user); 0 --------------------------------- 26879 1300/recipient.c String_Termination_Error 1214 char *list; a = a->q_alias; ca = getctladdr(ctladdr); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS **sendq; char *oldto = e->e_to; e->e_to = oldto; register ENVELOPE *e; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) e->e_message = newstr("Deferred: user database error"); e->e_nrcpts++; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); if (bitset(EF_VRFYONLY, e->e_flags)) forward(a, sendq, aliaslevel, e); e->e_nrcpts++; e->e_flags |= EF_SENDRECEIPT; fprintf(e->e_xfp, a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; char *oldto = e->e_to; oldto, shortenstring(buf, 203)); e->e_to = oldto; ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; e->e_nrcpts++; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || i = strlen(list) + 1; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); a->q_alias = ctladdr; al = a; register ADDRESS *a = al; printaddr(*sendq, TRUE); register ADDRESS **sendq; alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; register ADDRESS **sendq; bool initialdontsend = bitset(QDONTSEND, a->q_flags); printaddr(a, FALSE); i = strlen(a->q_user); (void) strcpy(buf, a->q_user); for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) printaddr(q, FALSE); a = q; if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags)) ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); message("including file %s", a->q_user); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); 0 --------------------------------- 26880 1300/recipient.c String_Termination_Error 165 if (sameaddr(ctladdr, a)) printaddr(ctladdr, FALSE); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS *ctladdr; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); e->e_message = newstr("Deferred: user database error"); e->e_nrcpts++; e->e_nrcpts++; fprintf(e->e_xfp, register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; char *oldto = e->e_to; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_flags |= EF_SENDRECEIPT; register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); e->e_to = oldto; e->e_nrcpts++; ENVELOPE *e; char *oldto = e->e_to; oldto, shortenstring(buf, 203)); e->e_to = oldto; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; printaddr(ctladdr, FALSE); (strchr(list, ',') != NULL || strchr(list, ';') != NULL || i = strlen(list) + 1; strcpy(bufp, denlstring(list, FALSE, TRUE)); a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); if (sameaddr(ctladdr, a)) printaddr(ctladdr, FALSE); a->q_alias = ctladdr; if (sameaddr(ctladdr, a)) a->q_fullname = ctladdr->q_fullname; al = a; register ADDRESS *a = al; printaddr(*sendq, TRUE); register ADDRESS **sendq; alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; register ADDRESS **sendq; bool initialdontsend = bitset(QDONTSEND, a->q_flags); for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) printaddr(q, FALSE); a = q; if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags)) ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); message("including file %s", a->q_user); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); char *list; if (ctladdr == NULL && (strchr(list, ',') != NULL || strchr(list, ';') != NULL || strchr(list, '<') != NULL || strchr(list, '(') != NULL)) 0 --------------------------------- 26881 1300/recipient.c String_Termination_Error 166 (strchr(list, ',') != NULL || strchr(list, ';') != NULL || strchr(list, '<') != NULL || strchr(list, '(') != NULL)) i = strlen(list) + 1; strcpy(bufp, denlstring(list, FALSE, TRUE)); b = self_reference(a, e); al = a; a->q_next = al; printaddr(a, FALSE); al = a; al = a; register ADDRESS *a = al; alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; register ADDRESS **sendq; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); message("including file %s", a->q_user); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); char *list; if (ctladdr == NULL && (strchr(list, ',') != NULL || strchr(list, ';') != NULL || strchr(list, '<') != NULL || strchr(list, '(') != NULL)) 0 --------------------------------- 26882 1300/recipient.c String_Termination_Error 177 ADDRESS *ctladdr; printaddr(ctladdr, FALSE); printaddr(ctladdr, FALSE); struct stat st; if (fstat(fileno(fp), &st) < 0) ctladdr->q_uid = st.st_uid; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS **sendq; char *oldto = e->e_to; e->e_to = oldto; register ENVELOPE *e; if (sameaddr(ctladdr, a)) (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) e->e_message = newstr("Deferred: user database error"); e->e_nrcpts++; (time_t) 0, e); if (bitset(EF_VRFYONLY, e->e_flags)) forward(a, sendq, aliaslevel, e); e->e_nrcpts++; e->e_flags |= EF_SENDRECEIPT; fprintf(e->e_xfp, a = recipient(a, sendq, aliaslevel, e); e->e_to = a->q_paddr; e->e_origrcpt = a->q_paddr; e->e_origrcpt = ""; e->e_nrcpts++; oldto, shortenstring(buf, 203)); e->e_to = oldto; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ENVELOPE *e; if (bitset(EF_VRFYONLY, e->e_flags)) e->e_to = NULL; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; char buf[MAXNAME + 1]; printaddr(ctladdr, FALSE); e->e_flags &= ~EF_OLDSTYLE; delimiter = ' '; if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL) delimiter = ','; al = NULL; i = strlen(list) + 1; if (i <= sizeof buf) bufp = buf; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) auto char *delimptr; while ((isascii(*p) && isspace(*p)) || *p == ',') p++; p = delimptr; b = self_reference(a, e); maplocaluser(a, sendq, aliaslevel + 1, e); a = recipient(a, sendq, aliaslevel, e); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); a->q_orcpt = ctladdr->q_orcpt; al = a; a->q_next = al; a->q_alias = ctladdr; if (sameaddr(ctladdr, a)) ctladdr->q_flags |= QSELFREF; a->q_flags |= QDONTSEND; a->q_fullname = ctladdr->q_fullname; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; a->q_flags &= ~QINHERITEDBITS; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; register ADDRESS *a = al; printaddr(*sendq, TRUE); register ADDRESS **sendq; alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; register ADDRESS **sendq; bool initialdontsend = bitset(QDONTSEND, a->q_flags); a->q_flags |= QPRIMARY; printaddr(a, FALSE); i = strlen(a->q_user); (void) strcpy(buf, a->q_user); a->q_flags |= QBADADDR; a->q_status = "5.7.1"; else if (bitset(QBOGUSSHELL, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_ruser, MyHostName); else if (bitset(QUNSAFEADDR, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_paddr); for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) if (!bitset(QPRIMARY, q->q_flags)) else if (bitset(QSELFREF, q->q_flags)) a = q; if (sameaddr(q, a)) if (!bitset(QDONTSEND, a->q_flags)) q->q_flags |= a->q_flags; q->q_flags |= a->q_flags & ~QDONTSEND; a = q; a->q_next = NULL; printf("at trylocaluser %s\n", a->q_user); if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags)) a->q_flags |= QDONTSEND; ctladdr->q_gid = st.st_gid; ctladdr->q_ruser = ca->q_ruser; pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; a = a->q_alias; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= QQUEUEUP; ctladdr->q_flags |= QGOODUID; ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags |= QVERIFIED; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags &= ~QSELFREF; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags)) ctladdr->q_flags |= QDONTSEND; ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); message("including file %s", a->q_user); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); char *list; strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || i = strlen(list) + 1; 0 --------------------------------- 26883 1300/recipient.c String_Termination_Error 594 char buf[MAXLINE]; while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); char *list; return (a); ca = getctladdr(ctladdr); ctladdr->q_ruser = ca->q_ruser; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; alias(a, sendq, aliaslevel, e); maplocaluser(a, sendq, aliaslevel + 1, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS **sendq; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; a = a->q_alias; ca = getctladdr(ctladdr); ctladdr->q_ruser = ca->q_ruser; pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); oldto, shortenstring(buf, 203)); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; if (sameaddr(ctladdr, a)) b = self_reference(a, e); printaddr(a, FALSE); a->q_fullname = ctladdr->q_fullname; a->q_orcpt = ctladdr->q_orcpt; al = a; a->q_next = al; if (sameaddr(ctladdr, a)) printaddr(ctladdr, FALSE); a->q_alias = ctladdr; al = a; al = a->q_next; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; bool initialdontsend = bitset(QDONTSEND, a->q_flags); a->q_flags |= QPRIMARY; printaddr(a, FALSE); a->q_flags |= QBADADDR; a->q_status = "5.7.1"; else if (bitset(QBOGUSSHELL, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_alias->q_ruser, MyHostName); else if (bitset(QUNSAFEADDR, a->q_alias->q_flags)) a->q_flags |= QBADADDR; a->q_status = "5.7.1"; a->q_alias->q_paddr); if (sameaddr(q, a)) printaddr(q, FALSE); if (!bitset(QPRIMARY, q->q_flags)) if (!bitset(QDONTSEND, a->q_flags)) q->q_flags |= a->q_flags; else if (bitset(QSELFREF, q->q_flags)) q->q_flags |= a->q_flags & ~QDONTSEND; a = q; a->q_next = NULL; printf("at trylocaluser %s\n", a->q_user); if (bitset(QDONTSEND|QBADADDR|QVERIFIED, a->q_flags)) a->q_flags |= QDONTSEND; message("including file %s", a->q_user); ctladdr->q_flags |= QVERIFIED; if (nincludes > 0 && !bitset(QSELFREF, ctladdr->q_flags)) ctladdr->q_flags |= QDONTSEND; ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; printaddr(ctladdr, FALSE); ca = getctladdr(ctladdr); register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) register ADDRESS *a; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= QQUEUEUP; ctladdr->q_flags |= QGOODUID; ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_flags |= QBOGUSSHELL; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags |= QUNSAFEADDR; ctladdr->q_flags &= ~QSELFREF; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS **sendq; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS **sendq; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; ctladdr->q_gid = st.st_gid; ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; struct stat st; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); if (fstat(fileno(fp), &st) < 0) ctladdr->q_uid = st.st_uid; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; char *oldto = e->e_to; e->e_message = newstr("Deferred: user database error"); if (bitset(EF_VRFYONLY, e->e_flags)) e->e_flags |= EF_SENDRECEIPT; fprintf(e->e_xfp, register ENVELOPE *e; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) e->e_nrcpts++; maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); e->e_nrcpts++; a = recipient(a, sendq, aliaslevel, e); e->e_to = oldto; register ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; char *oldto = e->e_to; e->e_nrcpts++; oldto, shortenstring(buf, 203)); e->e_to = oldto; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; if (bitset(EF_VRFYONLY, e->e_flags)) nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; forward(a, sendq, aliaslevel, e); a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; e->e_to = a->q_paddr; e->e_origrcpt = a->q_paddr; e->e_origrcpt = ""; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; e->e_to = NULL; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; char buf[MAXNAME + 1]; printf("sendto: %s\n ctladdr=", list); printaddr(ctladdr, FALSE); strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || e->e_flags &= ~EF_OLDSTYLE; delimiter = ' '; if (!bitset(EF_OLDSTYLE, e->e_flags) || ctladdr != NULL) delimiter = ','; al = NULL; i = strlen(list) + 1; if (i <= sizeof buf) bufp = buf; bufp = xalloc(i); strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) auto char *delimptr; while ((isascii(*p) && isspace(*p)) || *p == ',') p++; p = delimptr; b = self_reference(a, e); a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); if (sameaddr(ctladdr, a)) ctladdr->q_flags |= QSELFREF; a->q_flags |= QDONTSEND; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; a->q_flags &= ~QINHERITEDBITS; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; char buf0[MAXNAME + 1]; i = strlen(a->q_user); if (i >= sizeof buf0) buf = xalloc(i + 1); buf = buf0; (void) strcpy(buf, a->q_user); stripquotes(buf); else if (!writable(buf, a->q_alias, SFF_CREAT)) auto bool fuzzy; pw = finduser(buf, &fuzzy); if (strcmp(pw->pw_dir, "/") == 0) 0 --------------------------------- 26884 1300/recipient.c String_Termination_Error 811 char buf[MAXNAME + 1]; buildfname(pw->pw_gecos, pw->pw_name, buf); if (strchr(buf, ' ') != NULL && !strcasecmp(buf, name)) 0 --------------------------------- 26885 1300/recipient.c String_Termination_Error 344 ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); char *fname; FILE *volatile fp = NULL; printf("include(%s)\n", fname); rval = safefile(fname, uid, gid, uname, sfflags, S_IREAD, NULL); fp = fopen(fname, "r"); if (fstat(fileno(fp), &st) < 0) safechown = chownsafe(fileno(fp)); while (fgets(buf, sizeof buf, fp) != NULL) register char *p = strchr(buf, '\n'); forwarding ? "forwarding" : "sending", buf); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); char *list; register ADDRESS *a; while (a != NULL && !bitset(QGOODUID, a->q_flags)) a = a->q_alias; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; ctladdr->q_ruser = ca->q_ruser; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) maplocaluser(a, sendq, aliaslevel + 1, e); forward(a, sendq, aliaslevel, e); printaddr(*sendq, TRUE); register ADDRESS **sendq; a = recipient(a, sendq, aliaslevel, e); register ADDRESS **sendq; for (pq = sendq; (q = *pq) != NULL; pq = &q->q_next) if (sameaddr(q, a)) a = q; if (sameaddr(q, a)) ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); ctladdr->q_gid = st.st_gid; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; ca = getctladdr(ctladdr); nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; (void) strcpy(buf, a->q_user); message("including file %s", a->q_user); ctladdr->q_ruser = ca->q_ruser; pw = sm_getpwuid(st.st_uid); ctladdr->q_ruser = newstr(pw->pw_name); ADDRESS *ctladdr; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ADDRESS *ctladdr; ca = getctladdr(ctladdr); register ADDRESS *a; return (a); ca = getctladdr(ctladdr); ctladdr->q_flags |= ca->q_flags & QBOGUSSHELL; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); ADDRESS *ctladdr; (time_t) 0, e); alias(a, sendq, aliaslevel, e); if (udbexpand(a, sendq, aliaslevel, e) == EX_TEMPFAIL) e->e_message = newstr("Deferred: user database error"); e->e_nrcpts++; maplocaluser(a, sendq, aliaslevel + 1, e); (time_t) 0, e); forward(a, sendq, aliaslevel, e); e->e_nrcpts++; a = recipient(a, sendq, aliaslevel, e); (void) sendtolist(p, NULLADDR, &e->e_sendqueue, 0, e); register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; a = recipient(a, sendq, aliaslevel, e); register ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; ret = include(a->q_user, FALSE, a, sendq, aliaslevel, e); ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; nincludes += sendtolist(buf, ctladdr, sendq, aliaslevel + 1, e); register ENVELOPE *e; strchr(list, '<') != NULL || strchr(list, '(') != NULL)) (strchr(list, ',') != NULL || strchr(list, ';') != NULL || i = strlen(list) + 1; strcpy(bufp, denlstring(list, FALSE, TRUE)); for (p = bufp; *p != '\0'; ) a = parseaddr(p, NULLADDR, RF_COPYALL, delimiter, &delimptr, e); if (sameaddr(ctladdr, a)) a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; a->q_flags &= ~QINHERITEDBITS; a->q_flags |= ctladdr->q_flags & QINHERITEDBITS; al = a; register ADDRESS *a = al; a = recipient(a, sendq, aliaslevel, e); register ADDRESS *a; i = strlen(a->q_user); 0 --------------------------------- 26886 1300/util-ok.c Format_String_Attack 154 register char *gecos; char *buf; int buflen; gecos++; printf ("sizeof (buf) = %d\n", sizeof (buf)); printf ("buflen = %d\n", buflen); printf ("strlen (gecos)=%d\n", strlen (gecos)); snprintf(buf, buflen, "%s", gecos); 0 --------------------------------- 26887 1300/util-ok.c Format_String_Attack 174 register char *gecos; char *buf; register char *bp = buf; gecos++; for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++) printf ("sizeof(bp) = %d\n", sizeof(bp)); printf ("SPACELEFT(buf,bp)=%d\n", SPACELEFT(buf,bp)); snprintf(bp, SPACELEFT(buf, bp), "%s", login); *bp = toupper(*bp); bp += strlen(bp); *bp++ = *p; printf ("bp-buf=%d\n", (bp-buf)); 0 --------------------------------- 26888 1300/util-ok.c Format_String_Attack 164 char *buf; register char *bp = buf; printf ("SPACELEFT(buf,bp)=%d\n", SPACELEFT(buf,bp)); snprintf(bp, SPACELEFT(buf, bp), "%s", login); bp += strlen(bp); printf ("bp-buf=%d\n", (bp-buf)); *bp++ = *p; printf ("sizeof(bp) = %d\n", sizeof(bp)); 0 --------------------------------- 26889 1300/util-ok.c Format_String_Attack 168 register char *gecos; char *login; char *buf; register char *bp = buf; gecos++; l += strlen(login); for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++) *bp = toupper(*bp); bp += strlen(bp); *bp++ = *p; printf ("sizeof(bp) = %d\n", sizeof(bp)); snprintf(bp, SPACELEFT(buf, bp), "%s", login); printf ("bp-buf=%d\n", (bp-buf)); printf ("SPACELEFT(buf,bp)=%d\n", SPACELEFT(buf,bp)); printf ("strlen(login)=%d\n", strlen(login)); snprintf(bp, SPACELEFT(buf, bp), "%s", login); 0 --------------------------------- 26890 1300/util-ok.c Format_String_Attack 166 snprintf(bp, SPACELEFT(buf, bp), "%s", login); printf ("strlen(login)=%d\n", strlen(login)); 0 --------------------------------- 26891 1300/util-ok.c Buffer_Overflow_LowBound 154 register char *gecos; char *buf; int buflen; gecos++; printf ("sizeof (buf) = %d\n", sizeof (buf)); printf ("buflen = %d\n", buflen); printf ("strlen (gecos)=%d\n", strlen (gecos)); snprintf(buf, buflen, "%s", gecos); 0 --------------------------------- 26892 1300/util-ok.c Buffer_Overflow_LowBound 168 register char *gecos; char *login; char *buf; register char *bp = buf; gecos++; l += strlen(login); for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++) *bp = toupper(*bp); bp += strlen(bp); *bp++ = *p; printf ("sizeof(bp) = %d\n", sizeof(bp)); snprintf(bp, SPACELEFT(buf, bp), "%s", login); printf ("bp-buf=%d\n", (bp-buf)); printf ("SPACELEFT(buf,bp)=%d\n", SPACELEFT(buf,bp)); printf ("strlen(login)=%d\n", strlen(login)); snprintf(bp, SPACELEFT(buf, bp), "%s", login); 0 --------------------------------- 26893 1300/util-ok.c String_Termination_Error 166 char *login; l += strlen(login); snprintf(bp, SPACELEFT(buf, bp), "%s", login); printf ("strlen(login)=%d\n", strlen(login)); 0 --------------------------------- 26894 1300/util-ok.c String_Termination_Error 142 char *login; l += strlen(login); 0 --------------------------------- 26895 1300/util-ok.c String_Termination_Error 170 register char *gecos; char *buf; register char *bp = buf; gecos++; for (p = gecos; *p != '\0' && *p != ',' && *p != ';' && *p != '%'; p++) bp += strlen(bp); *bp++ = *p; printf ("sizeof(bp) = %d\n", sizeof(bp)); printf ("bp-buf=%d\n", (bp-buf)); printf ("SPACELEFT(buf,bp)=%d\n", SPACELEFT(buf,bp)); snprintf(bp, SPACELEFT(buf, bp), "%s", login); *bp = toupper(*bp); bp += strlen(bp); 0 --------------------------------- 26896 1300/util-ok.c String_Termination_Error 152 register char *gecos; gecos++; printf ("strlen (gecos)=%d\n", strlen (gecos)); 0 --------------------------------- 26897 1302/main.c Buffer_Overflow_Indexes 68 int main(int argc, char **argv){ assert (argc == 2); temp = fopen (argv[1], "r"); assert (temp != NULL); e->e_dfp = temp; mime7to8(header, e); fclose(temp); 0 --------------------------------- 26898 1302/main.c Buffer_Overflow_unbounded 68 int main(int argc, char **argv){ temp = fopen (argv[1], "r"); assert (temp != NULL); e->e_dfp = temp; mime7to8(header, e); fclose(temp); 0 --------------------------------- 26899 1302/mime1-ok.c Format_String_Attack 176 char canary[10]; strcpy(canary, "GOOD"); printf("canary = %s\n", canary); 0 --------------------------------- 26900 1302/mime1-ok.c Format_String_Attack 174 u_char obuf[MAXLINE]; printf("obuf = %s\n",obuf); 0 --------------------------------- 26901 1302/mime1-ok.c Buffer_Overflow_fgets 159 char buf[MAXLINE]; while (fgets(buf, sizeof buf, e->e_dfp) != NULL) 0 --------------------------------- 26902 1302/mime1-ok.c Buffer_Overflow_cpycat 133 char canary[10]; strcpy(canary, "GOOD"); 0 --------------------------------- 26903 1304/mime2-ok.c Buffer_Overflow_Indexes 72 int main(int argc, char **argv){ assert (argc==2); temp = fopen(argv[1],"r"); e->e_dfp = temp; fclose(temp); 0 --------------------------------- 26904 1304/mime2-ok.c Format_String_Attack 300 char canary[10]; strcpy(canary, "GOOD"); printf("canary = %s\n", canary); 0 --------------------------------- 26905 1304/mime2-ok.c Buffer_Overflow_cpycat 149 char canary[10]; strcpy(canary, "GOOD"); 0 --------------------------------- 26906 1304/mime2-ok.c Buffer_Overflow_unbounded 72 int main(int argc, char **argv){ temp = fopen(argv[1],"r"); e->e_dfp = temp; fclose(temp); 0 --------------------------------- 26907 1306/prescan-overflow-ok.c Format_String_Attack 536 char canary[] = "GOOD"; pvp = prescan(addr, delim, pvpbuf, sizeof pvpbuf, delimptr, NULL, canary); char *canary; printf ("canary=[%s]\n", canary); printf ("canary=[%s]\n", canary); printf ("canary=[%s]\n", canary); 0 --------------------------------- 26908 1306/prescan-overflow-ok.c Format_String_Attack 353 addr[i+1] = special_char; CurEnv->e_to = (char *) malloc(strlen(addr) * sizeof(char) + 1); strcpy(CurEnv->e_to, addr); parseaddr(addr, delim, delimptr); char ** parseaddr(addr, delim, delimptr) char *addr; pvp = prescan(addr, delim, pvpbuf, sizeof pvpbuf, delimptr, NULL, canary); char ** prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab, canary) char *addr; c = NOCHAR; p = addr; c = (*p++) & 0x00ff; c = '"'; c = ')'; c = '>'; p--; c = '>'; p--; c = NOCHAR; c = NOCHAR; c = NOCHAR; c = NOCHAR; c = NOCHAR; else if (delim == ' ' && isascii(c) && isspace(c)) c = ' '; if (isascii(c) && isprint(c)) printf("653 Illegal character %c", c); printf("653 Illegal character 0x%02x", c); c = NOCHAR; printf("Writing %c to q!\n", c); 0 --------------------------------- 26909 1306/prescan-overflow-ok.c Format_String_Attack 432 char canary[] = "GOOD"; pvp = prescan(addr, delim, pvpbuf, sizeof pvpbuf, delimptr, NULL, canary); char *canary; printf ("canary=[%s]\n", canary); printf ("canary=[%s]\n", canary); printf ("canary=[%s]\n", canary); 0 --------------------------------- 26910 1306/prescan-overflow-ok.c Format_String_Attack 512 addr[i+1] = special_char; CurEnv->e_to = (char *) malloc(strlen(addr) * sizeof(char) + 1); strcpy(CurEnv->e_to, addr); parseaddr(addr, delim, delimptr); char ** parseaddr(addr, delim, delimptr) char *addr; pvp = prescan(addr, delim, pvpbuf, sizeof pvpbuf, delimptr, NULL, canary); char ** prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab, canary) char *addr; p = addr; p--; c = (*p++) & 0x00ff; c = '"'; c = ')'; c = '>'; c = '>'; p--; c = NOCHAR; c = NOCHAR; c = NOCHAR; c = NOCHAR; c = NOCHAR; else if (delim == ' ' && isascii(c) && isspace(c)) c = ' '; if (isascii(c) && isprint(c)) printf("653 Illegal character %c", c); 0 --------------------------------- 26911 1306/prescan-overflow-ok.c Format_String_Attack 514 CurEnv->e_to = (char *) malloc(strlen(addr) * sizeof(char) + 1); strcpy(CurEnv->e_to, addr); parseaddr(addr, delim, delimptr); char ** parseaddr(addr, delim, delimptr) char *addr; pvp = prescan(addr, delim, pvpbuf, sizeof pvpbuf, delimptr, NULL, canary); char ** prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab, canary) char *addr; addr = (char *) malloc(sizeof(char) * 500); p = addr; c = (*p++) & 0x00ff; c = '"'; c = ')'; c = '>'; p--; c = '>'; p--; c = NOCHAR; c = NOCHAR; c = NOCHAR; c = NOCHAR; c = NOCHAR; else if (delim == ' ' && isascii(c) && isspace(c)) c = ' '; if (isascii(c) && isprint(c)) printf("653 Illegal character 0x%02x", c); 0 --------------------------------- 26912 1306/prescan-overflow-ok.c Buffer_Overflow_cpycat 624 addr = (char *) malloc(sizeof(char) * 500); CurEnv->e_to = (char *) malloc(strlen(addr) * sizeof(char) + 1); strcpy(CurEnv->e_to, addr); 0 --------------------------------- 26913 1306/prescan-overflow-ok.c String_Termination_Error 340 addr = (char *) malloc(sizeof(char) * 500); addr[i+1] = special_char; CurEnv->e_to = (char *) malloc(strlen(addr) * sizeof(char) + 1); strcpy(CurEnv->e_to, addr); parseaddr(addr, delim, delimptr); char *addr; pvp = prescan(addr, delim, pvpbuf, sizeof pvpbuf, delimptr, NULL, canary); char *addr; if (strlen(addr) > (SIZE_T) MAXNAME) 0 --------------------------------- 26914 1310/create-dns-file.c Buffer_Overflow_cpycat 117 unsigned char buf[200]; strcat(buf,"HEADER JUNK:"); strcat(buf,"LL.MIT.EDU"); i = len = strlen(buf); p = buf + i + 4; temp = "BLAH.MIT.EDU"; strcpy(p, temp); i = strlen(temp); p += i; *p++ = 0; *p++ = 16; *p++ = 0; *p++ = 1; *p++ = 0; *p++ = 0; *p++ = 0; *p++ = 255; *p++ = 0; *p++ = 20; *p++ = 30; strcat(p,"This is random junk in the TXT record that will overflow (*rr)->rr_u.rr_txt"); 0 --------------------------------- 26915 1310/create-dns-file.c String_Termination_Error 81 unsigned char buf[200]; strcat(buf,"HEADER JUNK:"); strcat(buf,"LL.MIT.EDU"); 0 --------------------------------- 26916 1310/txt-dns-file-ok.c Buffer_Overflow_boundedcpy 150 r = (DNS_REPLY_T *) xalloc(sizeof(*r)); memset(r, 0, sizeof(*r)); 0 --------------------------------- 26917 1310/txt-dns-file-ok.c Format_String_Attack 379 f = fopen(DNSFILE, "w"); DNS_REC_LEN = create_dns_file(); dns_reply = dns_lookup_int(domain, rr_class, rr_type, retrans, retry); printf("Reading from file = %s ...\n", DNSFILE); 0 --------------------------------- 26918 1310/txt-dns-file-ok.c Format_String_Attack 177 GETSHORT(r->dns_r_q.dns_q_type, p); printf("Record type queried = %d\n",r->dns_r_q.dns_q_type); 0 --------------------------------- 26919 1310/txt-dns-file-ok.c Format_String_Attack 188 char host[MAXHOSTNAMELEN]; strcpy(host, "LL.MIT.EDU"); status = strlen(host); r->dns_r_q.dns_q_domain = (char *) strdup(host); strcpy(host,"BLAH.MIT.EDU"); status = strlen(host); printf("status returned = %d\n", status); 0 --------------------------------- 26920 1310/txt-dns-file-ok.c Format_String_Attack 216 GETSHORT(type, p); printf("query type = %d\n", type); 0 --------------------------------- 26921 1310/txt-dns-file-ok.c Format_String_Attack 381 len = read_record_from_file(reply, sizeof(reply)); printf("read_record_from_file returned len = %d\n", len); 0 --------------------------------- 26922 1310/txt-dns-file-ok.c String_Termination_Error 455 temp = "BLAH.MIT.EDU"; len += strlen(temp); 0 --------------------------------- 26923 1310/txt-dns-file-ok.c String_Termination_Error 442 temp = "LL.MIT.EDU"; len += strlen(temp); 0 --------------------------------- 26924 1310/txt-dns-file-ok.c String_Termination_Error 247 size_t strlcpy(char *, const char *, size_t); char host[MAXHOSTNAMELEN]; strcpy(host, "LL.MIT.EDU"); status = strlen(host); r->dns_r_q.dns_q_domain = (char *) strdup(host); strcpy(host,"BLAH.MIT.EDU"); status = strlen(host); (*rr)->rr_domain = (char *) strdup(host); status = dn_expand(data, data + len, p, host, (*rr)->rr_u.rr_txt = (char *) strdup(host); strcpy(host,"BLAH.MIT.EDU"); status = strlen(host); (*rr)->rr_domain = (char *) strdup(host); status = dn_expand(data, data + len, p + 2, host, l = strlen(host) + 1; (void) strlcpy((*rr)->rr_u.rr_mx->mx_r_domain, host, l); status = dn_expand(data, data + len, p + 6, host, l = strlen(host) + 1; (void) strlcpy((*rr)->rr_u.rr_srv->srv_r_target, host, l); strcpy(host,"BLAH.MIT.EDU"); status = strlen(host); (*rr)->rr_domain = (char *) strdup(host); status = dn_expand(data, data + len, p + 2, host, l = strlen(host) + 1; 0 --------------------------------- 26925 1310/txt-dns-file-ok.c String_Termination_Error 436 temp = "HEADER JUNK:"; len += strlen(temp); 0 --------------------------------- 26926 1310/txt-dns-file-ok.c String_Termination_Error 268 size_t strlcpy(char *, const char *, size_t); char host[MAXHOSTNAMELEN]; strcpy(host, "LL.MIT.EDU"); status = strlen(host); r->dns_r_q.dns_q_domain = (char *) strdup(host); strcpy(host,"BLAH.MIT.EDU"); status = strlen(host); (*rr)->rr_domain = (char *) strdup(host); status = dn_expand(data, data + len, p, host, (*rr)->rr_u.rr_txt = (char *) strdup(host); strcpy(host,"BLAH.MIT.EDU"); status = strlen(host); (*rr)->rr_domain = (char *) strdup(host); status = dn_expand(data, data + len, p + 2, host, l = strlen(host) + 1; (void) strlcpy((*rr)->rr_u.rr_mx->mx_r_domain, host, l); status = dn_expand(data, data + len, p + 6, host, l = strlen(host) + 1; (void) strlcpy((*rr)->rr_u.rr_srv->srv_r_target, host, l); strcpy(host,"BLAH.MIT.EDU"); status = strlen(host); (*rr)->rr_domain = (char *) strdup(host); status = dn_expand(data, data + len, p + 6, host, l = strlen(host) + 1; 0 --------------------------------- 26927 1310/txt-dns-file-ok.c String_Termination_Error 478 temp = "This is random junk in the TXT record that will overflow (*rr)->rr_u.rr_txt"; len += strlen(temp); 0 --------------------------------- 26928 1310/txt-dns-file-ok.c Buffer_Overflow_cpycat 184 status = dn_expand(data, data + len, p + 2, host, l = strlen(host) + 1; (void) strlcpy((*rr)->rr_u.rr_mx->mx_r_domain, host, l); status = dn_expand(data, data + len, p + 6, host, l = strlen(host) + 1; (void) strlcpy((*rr)->rr_u.rr_srv->srv_r_target, host, l); size_t strlcpy(char *, const char *, size_t); char host[MAXHOSTNAMELEN]; strcpy(host, "LL.MIT.EDU"); status = strlen(host); r->dns_r_q.dns_q_domain = (char *) strdup(host); strcpy(host,"BLAH.MIT.EDU"); status = strlen(host); strcpy(host,"BLAH.MIT.EDU"); (*rr)->rr_domain = (char *) strdup(host); strcpy(host,"BLAH.MIT.EDU"); status = dn_expand(data, data + len, p, host, (*rr)->rr_u.rr_txt = (char *) strdup(host); strcpy(host,"BLAH.MIT.EDU"); 0 --------------------------------- 26929 149046/fmt-good.c Buffer_Overflow_Indexes 19 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) printf("%s\n", str); 0 --------------------------------- 26930 149046/fmt-good.c Format_String_Attack 15 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) printf("%s\n", str); 0 --------------------------------- 26931 149046/fmt-good.c Buffer_Overflow_unbounded 19 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) printf("%s\n", str); 0 --------------------------------- 26932 149048/fmt-good.c Buffer_Overflow_Indexes 31 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) filter(str, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789: "); filter(char *str, const char *whitelist) for(src = str, dst = str; *src; src++) *dst = '\0'; syslog(LOG_CRIT, "%s\n", str); 0 --------------------------------- 26933 149048/fmt-good.c Format_String_Attack 27 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) filter(str, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789: "); filter(char *str, const char *whitelist) syslog(LOG_CRIT, "%s\n", str); 0 --------------------------------- 26934 149048/fmt-good.c Buffer_Overflow_unbounded 31 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) filter(str, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789: "); filter(char *str, const char *whitelist) for(src = str, dst = str; *src; src++) *dst = '\0'; syslog(LOG_CRIT, "%s\n", str); 0 --------------------------------- 26935 149050/mem-good.c Buffer_Overflow_Indexes 26 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) p = strdup(str); if(p) { printf("result: %s\n", p); free(p); 0 --------------------------------- 26936 149050/mem-good.c Format_String_Attack 19 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) p = strdup(str); printf("result: %s\n", p); 0 --------------------------------- 26937 149050/mem-good.c Buffer_Overflow_unbounded 26 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) p = strdup(str); if(p) { printf("result: %s\n", p); free(p); 0 --------------------------------- 26938 149056/ahdec1-good.c Off_by_One_Error_in_Methods 53 main(int argc, char **argv) char *userstr; if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; strncpy(buf, str, MAXSIZE); 1 --------------------------------- 26939 149058/ahgets1-good.c Buffer_Overflow_Indexes 39 while((ch = getc(stdin)) != EOF && ch != '\n' && p < ep) *p++ = ch; while((ch = getc(stdin)) != EOF && ch != '\n' && p < ep) *p++ = 0; 0 --------------------------------- 26940 149058/ahgets1-good.c Format_String_Attack 42 char buf[MAXSIZE], *p, *ep; ep = buf + sizeof buf - 1; printf("result: %s\n", buf); 0 --------------------------------- 26941 149060/ahscpy1-good.c Buffer_Overflow_Indexes 46 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) while(p < ep && (*p++ = *str++)) 0 --------------------------------- 26942 149060/ahscpy1-good.c Format_String_Attack 42 char buf[MAXSIZE], *p, *ep; ep = buf + sizeof buf - 1; printf("result: %s\n", buf); 0 --------------------------------- 26943 149060/ahscpy1-good.c Buffer_Overflow_unbounded 46 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) while(p < ep && (*p++ = *str++)) 0 --------------------------------- 26944 149062/fmt3-good.c Buffer_Overflow_Indexes 57 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) filter(str, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789: "); filter(char *str, const char *whitelist) for(src = str, dst = str; *src; src++) *dst = '\0'; snprintf(buf, sizeof buf, "<%s>", str); syslog(LOG_CRIT, "%s", buf); 0 --------------------------------- 26945 149062/fmt3-good.c Buffer_Overflow_LowBound 52 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) filter(str, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789: "); filter(char *str, const char *whitelist) char buf[MAXSIZE]; snprintf(buf, sizeof buf, "<%s>", str); 0 --------------------------------- 26946 149062/fmt3-good.c Buffer_Overflow_unbounded 57 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) filter(str, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789: "); filter(char *str, const char *whitelist) for(src = str, dst = str; *src; src++) *dst = '\0'; snprintf(buf, sizeof buf, "<%s>", str); syslog(LOG_CRIT, "%s", buf); 0 --------------------------------- 26947 149064/fmt5-good.c Buffer_Overflow_Indexes 37 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; if(userstr[0] == '!') test("<%s>", userstr); test("[%s]", userstr); test(char *fmt, char *str) printf(fmt, str); 0 --------------------------------- 26948 149064/fmt5-good.c Format_String_Attack 33 test(char *fmt, char *str) printf(fmt, str); main(int argc, char **argv) userstr = argv[1]; test("<%s>", userstr); test("[%s]", userstr); 0 --------------------------------- 26949 149064/fmt5-good.c Buffer_Overflow_unbounded 37 main(int argc, char **argv) userstr = argv[1]; if(userstr[0] == '!') test("<%s>", userstr); test("[%s]", userstr); test(char *fmt, char *str) printf(fmt, str); 0 --------------------------------- 26950 149066/gets1-good.c Buffer_Overflow_Indexes 37 if(fgets(buf, sizeof buf, stdin)) printf("result: %s\n", buf); 0 --------------------------------- 26951 149066/gets1-good.c Format_String_Attack 38 char buf[MAXSIZE]; if(fgets(buf, sizeof buf, stdin)) printf("result: %s\n", buf); 0 --------------------------------- 26952 149066/gets1-good.c Buffer_Overflow_fgets 37 char buf[MAXSIZE]; if(fgets(buf, sizeof buf, stdin)) 0 --------------------------------- 26953 149068/gets2-good.c Buffer_Overflow_Indexes 37 if(fgets(buf, sizeof buf, stdin)) printf("result: %s\n", buf); 0 --------------------------------- 26954 149068/gets2-good.c Format_String_Attack 38 char buf[MAXSIZE]; if(fgets(buf, sizeof buf, stdin)) printf("result: %s\n", buf); 0 --------------------------------- 26955 149068/gets2-good.c Buffer_Overflow_fgets 37 char buf[MAXSIZE]; if(fgets(buf, sizeof buf, stdin)) 0 --------------------------------- 26956 149070/into2-good.c Buffer_Overflow_Indexes 53 main(int argc, char **argv) if(argc != 2) l = strtoul(argv[1], 0, 10); if(l > UINT_MAX || (l == ULONG_MAX && errno == ERANGE)) test((unsigned int)l); test(unsigned int n) if(n > 100) buf = malloc(n * sizeof *buf); if(!buf) for(i = 0; i < n; i++) free(buf); test((unsigned int)l); 0 --------------------------------- 26957 149070/into2-good.c Buffer_Overflow_unbounded 53 main(int argc, char **argv) l = strtoul(argv[1], 0, 10); if(l > UINT_MAX || (l == ULONG_MAX && errno == ERANGE)) test((unsigned int)l); test(unsigned int n) if(n > 100) buf = malloc(n * sizeof *buf); if(!buf) for(i = 0; i < n; i++) free(buf); test((unsigned int)l); 0 --------------------------------- 26958 149076/mem3-good.c Buffer_Overflow_Indexes 43 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; p = test(userstr); test(char *str) p = strdup(str); if(p) { printf("result: %s\n", p); return p; p = test(userstr); if(p) free(p); 0 --------------------------------- 26959 149076/mem3-good.c Format_String_Attack 37 main(int argc, char **argv) userstr = argv[1]; p = test(userstr); test(char *str) p = strdup(str); printf("result: %s\n", p); 0 --------------------------------- 26960 149076/mem3-good.c Buffer_Overflow_unbounded 43 main(int argc, char **argv) userstr = argv[1]; p = test(userstr); test(char *str) p = strdup(str); if(p) { printf("result: %s\n", p); return p; p = test(userstr); if(p) free(p); 0 --------------------------------- 26961 149078/scpy2-good.c Format_String_Attack 42 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; if(strlen(str) >= MAXSIZE) strcpy(buf, str); printf("result: %s\n", buf); 1 --------------------------------- 26962 149078/scpy2-good.c Buffer_Overflow_cpycat 41 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; if(strlen(str) >= MAXSIZE) strcpy(buf, str); 1 --------------------------------- 26963 149078/scpy2-good.c String_Termination_Error 39 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) >= MAXSIZE) 0 --------------------------------- 26964 149080/scpy7-good.c Format_String_Attack 46 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); if(strlen(str) >= MAXSIZE) { strcpy(buf, str); printf("result: %s\n", buf); 1 --------------------------------- 26965 149080/scpy7-good.c Buffer_Overflow_cpycat 45 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); if(strlen(str) >= MAXSIZE) { strcpy(buf, str); 1 --------------------------------- 26966 149080/scpy7-good.c String_Termination_Error 41 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) >= MAXSIZE) { 0 --------------------------------- 26967 149082/scpy8-good.c Buffer_Overflow_LowBound 41 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); strncpy(buf, str, MAXSIZE); 1 --------------------------------- 26968 149082/scpy8-good.c Format_String_Attack 43 buf[MAXSIZE-1] = '\0'; printf("result: %s\n", buf); 0 --------------------------------- 26969 149082/scpy8-good.c Buffer_Overflow_Indexes 48 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) strncpy(buf, str, MAXSIZE); 1 --------------------------------- 26970 149082/scpy8-good.c Off_by_One_Error_in_Methods 41 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); strncpy(buf, str, MAXSIZE); 1 --------------------------------- 26971 149084/scpy9-good.c Buffer_Overflow_Indexes 56 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); shortstr(char *p, int n, int targ) if(n > targ){ return shortstr(p+1, n-1, targ);} return p; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); test(str2); test(char *str) strcpy(buf, str); printf("result: %s\n", buf); free(buf); 0 --------------------------------- 26972 149084/scpy9-good.c Format_String_Attack 51 shortstr(char *p, int n, int targ) if(n > targ){ return shortstr(p+1, n-1, targ);} return p; buf = malloc(MAXSIZE); strcpy(buf, str); printf("result: %s\n", buf); str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); test(str2); test(char *str) strcpy(buf, str); printf("result: %s\n", buf); main(int argc, char **argv) userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); 0 --------------------------------- 26973 149084/scpy9-good.c Buffer_Overflow_unbounded 56 main(int argc, char **argv) userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); shortstr(char *p, int n, int targ) if(n > targ){ return shortstr(p+1, n-1, targ);} shortstr(char *p, int n, int targ) return p; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); test(str2); test(char *str) strcpy(buf, str); printf("result: %s\n", buf); free(buf); 0 --------------------------------- 26974 149084/scpy9-good.c Buffer_Overflow_cpycat 50 main(int argc, char **argv) userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); shortstr(char *p, int n, int targ) if(n > targ){ return shortstr(p+1, n-1, targ);} return p; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); test(str2); test(char *str) buf = malloc(MAXSIZE); strcpy(buf, str); 0 --------------------------------- 26975 149084/scpy9-good.c String_Termination_Error 62 main(int argc, char **argv) userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); 0 --------------------------------- 26976 149108/dble_free_local_flow-good.c Format_String_Attack 31 fprintf(stderr, "Error opening file\n"); fprintf(stderr, "Error reading file\n"); 0 --------------------------------- 26977 149108/dble_free_local_flow-good.c Format_String_Attack 37 fprintf(stderr, "Error opening file\n"); fprintf(stderr, "Error reading file\n"); fprintf(stderr, "Error closing file\n"); 0 --------------------------------- 26978 149110/dble_free_loop-good.c Format_String_Attack 31 fprintf(stderr, "Error opening file\n"); fprintf(stderr, "Error reading file\n"); 0 --------------------------------- 26979 149110/dble_free_loop-good.c Format_String_Attack 37 fprintf(stderr, "Error opening file\n"); fprintf(stderr, "Error reading file\n"); fprintf(stderr, "Error closing file\n"); 0 --------------------------------- 26980 149112/fmt_string_local_container-good.c Format_String_Attack 30 container.fmt[MAX_SIZE - 1] = '\0'; printf("%s", container.fmt); 0 --------------------------------- 26981 149114/fmt_string_local_control_flow-good.c Format_String_Attack 21 void print_1(const char *str) { printf("%s", str); 0 --------------------------------- 26982 149114/fmt_string_local_control_flow-good.c Format_String_Attack 25 void print_2(const char *str) { printf("%s", str); 0 --------------------------------- 26983 149126/heap_overflow_cplx-good.c Format_String_Attack 33 fprintf(stderr, "Error opening file\n"); fprintf(stderr, "Error reading file\n"); 0 --------------------------------- 26984 149126/heap_overflow_cplx-good.c Format_String_Attack 39 fprintf(stderr, "Error opening file\n"); fprintf(stderr, "Error reading file\n"); fprintf(stderr, "Error closing file\n"); 0 --------------------------------- 26985 149126/heap_overflow_cplx-good.c Format_String_Attack 71 buf[24] = '\0'; printf("%s\n", buf); 0 --------------------------------- 26986 149126/heap_overflow_cplx-good.c Off_by_One_Error_in_Methods 68 return NULL; t[i] = '\0'; return t; buf = malloc(25*sizeof(char)); char *t = rand_text(); strncpy(buf,t,25*sizeof(char)); 0 --------------------------------- 26987 149126/heap_overflow_cplx-good.c Buffer_Overflow_LowBound 68 t[i] = '\0'; return t; buf = malloc(25*sizeof(char)); char *t = rand_text(); strncpy(buf,t,25*sizeof(char)); 0 --------------------------------- 26988 149126/heap_overflow_cplx-good.c Buffer_Overflow_boundedcpy 68 t[i] = '\0'; return t; buf = malloc(25*sizeof(char)); char *t = rand_text(); strncpy(buf,t,25*sizeof(char)); 0 --------------------------------- 26989 149166/stack_overflow_array_length-good.c Format_String_Attack 32 fprintf(stderr, "Error opening file\n"); fprintf(stderr, "Error reading file\n"); 0 --------------------------------- 26990 149166/stack_overflow_array_length-good.c Format_String_Attack 52 buffer[plop()] = '!'; printf("%s\n", buffer); 0 --------------------------------- 26991 149166/stack_overflow_array_length-good.c Format_String_Attack 38 fprintf(stderr, "Error opening file\n"); fprintf(stderr, "Error reading file\n"); fprintf(stderr, "Error closing file\n"); 0 --------------------------------- 26992 149166/stack_overflow_array_length-good.c Buffer_Overflow_boundedcpy 50 char buffer[256]; memset(buffer, 0, sizeof(buffer)); 0 --------------------------------- 26993 149194/StackOverflow-good.c Buffer_Overflow_LowBound 30 name[sizeof name - 1] = '\0'; strncat(name, " = ", sizeof name - strlen(name) - 1); strncat(name, argv[2], sizeof name - strlen(name) - 1); 0 --------------------------------- 26994 149194/StackOverflow-good.c Buffer_Overflow_boundedcpy 27 char name [2048]; strncpy(name, argv[1], sizeof name - 1); 0 --------------------------------- 26995 149194/StackOverflow-good.c Buffer_Overflow_boundedcpy 30 name[sizeof name - 1] = '\0'; strncat(name, " = ", sizeof name - strlen(name) - 1); strncat(name, argv[2], sizeof name - strlen(name) - 1); 0 --------------------------------- 26996 149194/StackOverflow-good.c String_Termination_Error 30 name[sizeof name - 1] = '\0'; strncat(name, " = ", sizeof name - strlen(name) - 1); strncat(name, argv[2], sizeof name - strlen(name) - 1); 0 --------------------------------- 26997 149194/StackOverflow-good.c Buffer_Overflow_Indexes 21 int main(int argc, char *argv[]) if(argc == 3) strncpy(name, argv[1], sizeof name - 1); name[sizeof name - 1] = '\0'; strncat(name, argv[2], sizeof name - strlen(name) - 1); 0 --------------------------------- 26998 149194/StackOverflow-good.c Off_by_One_Error_in_Methods 27 char name [2048]; strncpy(name, argv[1], sizeof name - 1); 0 --------------------------------- 26999 149194/StackOverflow-good.c Off_by_One_Error_in_Methods 30 name[sizeof name - 1] = '\0'; strncat(name, " = ", sizeof name - strlen(name) - 1); strncat(name, argv[2], sizeof name - strlen(name) - 1); 0 --------------------------------- 27000 149194/StackOverflow-good.c Buffer_Overflow_unbounded 21 int main(int argc, char *argv[]) strncpy(name, argv[1], sizeof name - 1); name[sizeof name - 1] = '\0'; strncat(name, argv[2], sizeof name - strlen(name) - 1); 0 --------------------------------- 27001 149202/HeapOverFlow-good.c Buffer_Overflow_Indexes 19 int main(int argc, char **argv) if (argc > 1 && strlen(argv[1]) < BUFSIZE) strcpy(buf, argv[1]); printf("buf = %s\n", buf); free(buf); 0 --------------------------------- 27002 149202/HeapOverFlow-good.c Format_String_Attack 29 int main(int argc, char **argv) buf = (char *)malloc(BUFSIZE); if (argc > 1 && strlen(argv[1]) < BUFSIZE) strcpy(buf, argv[1]); printf("buf = %s\n", buf); 0 --------------------------------- 27003 149202/HeapOverFlow-good.c Buffer_Overflow_unbounded 19 int main(int argc, char **argv) if (argc > 1 && strlen(argv[1]) < BUFSIZE) strcpy(buf, argv[1]); printf("buf = %s\n", buf); free(buf); 0 --------------------------------- 27004 149202/HeapOverFlow-good.c String_Termination_Error 26 int main(int argc, char **argv) if (argc > 1 && strlen(argv[1]) < BUFSIZE) 0 --------------------------------- 27005 149204/UseAfterFree_container-good.c Format_String_Attack 35 container.foo.b[0] = 'S'; printf("%s\n", container.foo.b); 0 --------------------------------- 27006 149204/UseAfterFree_container-good.c Buffer_Overflow_cpycat 33 if ((container.foo.b = (char *)malloc(256*sizeof(char))) != NULL) strcpy(container.foo.b, "Falut!"); 0 --------------------------------- 27007 149222/use_after_free_scope-good.c Format_String_Attack 32 str[0] = 'S'; if ((str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(str, "Falut!"); doSomething(str); printf("%s\n", str); void doSomething(char *str) printf("%s\n", str); 0 --------------------------------- 27008 149222/use_after_free_scope-good.c Buffer_Overflow_cpycat 30 if ((str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(str, "Falut!"); 0 --------------------------------- 27009 149224/use_after_free_container-good.c Format_String_Attack 34 container.foo.b[0] = 'S'; printf("%s\n", container.foo.b); 0 --------------------------------- 27010 149224/use_after_free_container-good.c Buffer_Overflow_cpycat 32 if ((container.foo.b = (char *)malloc(256*sizeof(char))) != NULL) strcpy(container.foo.b, "Falut!"); 0 --------------------------------- 27011 149226/use_after_free_@buffer-good.c Format_String_Attack 25 char *str[1] = {(char *)NULL}; if ((*str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(*str, "Falut!"); **str = 'S'; printf("%s\n", *str); 0 --------------------------------- 27012 149226/use_after_free_@buffer-good.c Buffer_Overflow_cpycat 23 char *str[1] = {(char *)NULL}; if ((*str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(*str, "Falut!"); 0 --------------------------------- 27013 149230/double_free-good.c Format_String_Attack 29 int size = sizeof(shellcode); shellcode_location = (char *)malloc(size); strcpy(shellcode_location, shellcode); printf("%s", shellcode_location); 0 --------------------------------- 27014 149230/double_free-good.c Buffer_Overflow_cpycat 28 int size = sizeof(shellcode); shellcode_location = (char *)malloc(size); strcpy(shellcode_location, shellcode); 0 --------------------------------- 27015 149238/Format_string_problem-good.c Buffer_Overflow_LowBound 26 char buf[5012]; strncpy(buf, argv[1], sizeof buf - 1); 0 --------------------------------- 27016 149238/Format_string_problem-good.c Buffer_Overflow_boundedcpy 26 char buf[5012]; strncpy(buf, argv[1], sizeof buf - 1); 0 --------------------------------- 27017 149238/Format_string_problem-good.c Format_String_Attack 29 buf[sizeof buf - 1] = 0; printf("%s\n", buf); 0 --------------------------------- 27018 149238/Format_string_problem-good.c Buffer_Overflow_Indexes 21 int main(int argc, char **argv) { if(argc >= 2) { strncpy(buf, argv[1], sizeof buf - 1); buf[sizeof buf - 1] = 0; 0 --------------------------------- 27019 149238/Format_string_problem-good.c Off_by_One_Error_in_Methods 26 char buf[5012]; strncpy(buf, argv[1], sizeof buf - 1); 0 --------------------------------- 27020 149238/Format_string_problem-good.c Buffer_Overflow_unbounded 21 int main(int argc, char **argv) { strncpy(buf, argv[1], sizeof buf - 1); buf[sizeof buf - 1] = 0; 0 --------------------------------- 27021 149240/use_after_free_@buffer-good.c Format_String_Attack 25 char *str[1] = {(char *)NULL}; if ((*str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(*str, "Falut!"); **str = 'S'; printf("%s\n", *str); 0 --------------------------------- 27022 149240/use_after_free_@buffer-good.c Buffer_Overflow_cpycat 23 char *str[1] = {(char *)NULL}; if ((*str = (char *)malloc(256*sizeof(char))) != NULL) strcpy(*str, "Falut!"); 0 --------------------------------- 27023 1495/Figure2-29-windows.cpp Buffer_Overflow_Indexes 31 int main(char * argv[]) myfunc(argv[1]); int myfunc(const char *arg) if (strlen(arg) >= sizeof(buff)) 0 --------------------------------- 27024 1495/Figure2-29-windows.cpp String_Termination_Error 25 int main(char * argv[]) myfunc(argv[1]); int myfunc(const char *arg) if (strlen(arg) >= sizeof(buff)) 0 --------------------------------- 27025 1561/fmt4-ok.c Buffer_Overflow_Indexes 45 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) idx = (str[0] == '!'); printf(fmts[idx], str); 0 --------------------------------- 27026 1561/fmt4-ok.c Format_String_Attack 41 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) printf(fmts[idx], str); 0 --------------------------------- 27027 1561/fmt4-ok.c Buffer_Overflow_unbounded 45 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) idx = (str[0] == '!'); printf(fmts[idx], str); 0 --------------------------------- 27028 1576/into3-ok.c Buffer_Overflow_Indexes 54 main(int argc, char **argv) if(argc != 2) n = strtoul(argv[1], 0, 10); test(n); test(unsigned int n) if(n > INT_MAX / sizeof *buf) buf = malloc(n * sizeof *buf); if(!buf) for(i = 0; i < n; i++) printf("%x ", buf[i]); free(buf); 0 --------------------------------- 27029 1576/into3-ok.c Buffer_Overflow_unbounded 54 main(int argc, char **argv) n = strtoul(argv[1], 0, 10); test(n); test(unsigned int n) if(n > INT_MAX / sizeof *buf) buf = malloc(n * sizeof *buf); if(!buf) for(i = 0; i < n; i++) printf("%x ", buf[i]); free(buf); 0 --------------------------------- 27030 1578/into4-ok.c Buffer_Overflow_Indexes 51 main(int argc, char **argv) if(argc != 2) n = strtoul(argv[1], 0, 10); if(n <= INT_MAX / sizeof(int)) test(n); test(unsigned int n) buf = malloc(n * sizeof *buf); if(!buf) for(i = 0; i < n; i++) printf("%x ", buf[i]); free(buf); 0 --------------------------------- 27031 1604/scpy3-ok.c Buffer_Overflow_LowBound 37 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; strncpy(buf, str, sizeof buf); 0 --------------------------------- 27032 1604/scpy3-ok.c Buffer_Overflow_boundedcpy 37 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; strncpy(buf, str, sizeof buf); 0 --------------------------------- 27033 1604/scpy3-ok.c Format_String_Attack 39 buf[MAXSIZE-1] = '\0'; printf("result: %s\n", buf); 0 --------------------------------- 27034 1604/scpy3-ok.c Off_by_One_Error_in_Methods 37 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; strncpy(buf, str, sizeof buf); 0 --------------------------------- 27035 1604/scpy3-ok.c Buffer_Overflow_unbounded 43 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) strncpy(buf, str, sizeof buf); 0 --------------------------------- 27036 1606/scpy4-ok.c Buffer_Overflow_Indexes 52 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) str2 = shortstr(str, strlen(str), MAXSIZE-1); shortstr(char *p, int n, int targ) if(n > targ){ return shortstr(p+1, n-1, targ);} return p; strcpy(buf, str2); printf("result: %s\n", buf); 0 --------------------------------- 27037 1606/scpy4-ok.c Format_String_Attack 48 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE], *str2; str2 = shortstr(str, strlen(str), MAXSIZE-1); shortstr(char *p, int n, int targ) if(n > targ){ return shortstr(p+1, n-1, targ);} return p; strcpy(buf, str2); printf("result: %s\n", buf); 0 --------------------------------- 27038 1606/scpy4-ok.c Buffer_Overflow_unbounded 52 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) str2 = shortstr(str, strlen(str), MAXSIZE-1); shortstr(char *p, int n, int targ) if(n > targ){ return shortstr(p+1, n-1, targ);} return p; strcpy(buf, str2); printf("result: %s\n", buf); 0 --------------------------------- 27039 1606/scpy4-ok.c Buffer_Overflow_cpycat 47 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE], *str2; str2 = shortstr(str, strlen(str), MAXSIZE-1); shortstr(char *p, int n, int targ) if(n > targ){ return shortstr(p+1, n-1, targ);} return p; 0 --------------------------------- 27040 1606/scpy4-ok.c String_Termination_Error 46 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) str2 = shortstr(str, strlen(str), MAXSIZE-1); 0 --------------------------------- 27041 1608/scpy5-ok.c Buffer_Overflow_Indexes 51 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); shortstr(char *p, int n, int targ) if(n > targ){ return shortstr(p+1, n-1, targ);} return p; test(str2); test(char *str) strcpy(buf, str); printf("result: %s\n", buf); 0 --------------------------------- 27042 1608/scpy5-ok.c Format_String_Attack 47 main(int argc, char **argv) userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); shortstr(char *p, int n, int targ) if(n > targ{ return shortstr(p+1, n-1, targ);} return p; test(str2); test(char *str) char buf[MAXSIZE]; strcpy(buf, str); printf("result: %s\n", buf); 0 --------------------------------- 27043 1608/scpy5-ok.c Buffer_Overflow_unbounded 51 main(int argc, char **argv) userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); shortstr(char *p, int n, int targ) if(n > targ{ return shortstr(p+1, n-1, targ);} return p; test(str2); test(char *str) strcpy(buf, str); printf("result: %s\n", buf); 0 --------------------------------- 27044 1608/scpy5-ok.c Buffer_Overflow_cpycat 46 main(int argc, char **argv) userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); shortstr(char *p, int n, int targ) if(n > targ){ return shortstr(p+1, n-1, targ);} return p; test(str2); test(char *str) char buf[MAXSIZE]; strcpy(buf, str); 0 --------------------------------- 27045 1608/scpy5-ok.c String_Termination_Error 57 main(int argc, char **argv) userstr = argv[1]; str2 = shortstr(userstr, strlen(userstr), MAXSIZE-1); 0 --------------------------------- 27046 1610/scpy6-ok.c Buffer_Overflow_Indexes 50 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) for(l = 0; str[l]; l++) strcpy(buf, str); printf("result: %s\n", buf); 0 --------------------------------- 27047 1610/scpy6-ok.c Format_String_Attack 46 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; strcpy(buf, str); printf("result: %s\n", buf); 0 --------------------------------- 27048 1610/scpy6-ok.c Buffer_Overflow_cpycat 45 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; strcpy(buf, str); 0 --------------------------------- 27049 1610/scpy6-ok.c Buffer_Overflow_unbounded 50 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) for(l = 0; str[l]; l++) strcpy(buf, str); printf("result: %s\n", buf); 0 --------------------------------- 27050 1617/snp1-ok.c Buffer_Overflow_Indexes 42 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) snprintf(buf, MAXSIZE, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27051 1617/snp1-ok.c Format_String_Attack 38 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; snprintf(buf, MAXSIZE, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27052 1617/snp1-ok.c Buffer_Overflow_LowBound 37 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; snprintf(buf, MAXSIZE, "<%s>", str); 0 --------------------------------- 27053 1617/snp1-ok.c Buffer_Overflow_unbounded 42 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) snprintf(buf, MAXSIZE, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27054 1619/snp2-ok.c Format_String_Attack 37 char buf[MAXSIZE]; snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); test("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); test("aaaaaaaaaaaaa"); test(char *str) snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27055 1619/snp2-ok.c Buffer_Overflow_LowBound 36 char buf[MAXSIZE]; snprintf(buf, 1024, "<%s>", str); test("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"); test("aaaaaaaaaaaaa"); test(char *str) snprintf(buf, 1024, "<%s>", str); 0 --------------------------------- 27056 1621/snp3-ok.c Buffer_Overflow_Indexes 42 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) snprintf(buf, 1024, "<%.35s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27057 1621/snp3-ok.c Format_String_Attack 38 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; snprintf(buf, 1024, "<%.35s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27058 1621/snp3-ok.c Buffer_Overflow_LowBound 37 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; snprintf(buf, 1024, "<%.35s>", str); 0 --------------------------------- 27059 1621/snp3-ok.c Buffer_Overflow_unbounded 42 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) snprintf(buf, 1024, "<%.35s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27060 1623/snp4-ok.c Buffer_Overflow_Indexes 64 main(int argc, char **argv) if(argc > 2) { userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; if(l > 2) { *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); x = strlen(p); p += x; l -= x; 0 --------------------------------- 27061 1623/snp4-ok.c Format_String_Attack 55 main(int argc, char **argv) userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) char buf[MAXSIZE]; p = buf; l = sizeof buf; snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); 0 --------------------------------- 27062 1623/snp4-ok.c Format_String_Attack 60 char buf[MAXSIZE]; l = sizeof buf; printf("result: %s\n", buf); 0 --------------------------------- 27063 1623/snp4-ok.c Buffer_Overflow_unbounded 64 main(int argc, char **argv) userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; if(l > 2) { *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); x = strlen(p); p += x; l -= x; 0 --------------------------------- 27064 1623/snp4-ok.c Buffer_Overflow_LowBound 55 main(int argc, char **argv) userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) char buf[MAXSIZE]; p = buf; l = sizeof buf; snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); 0 --------------------------------- 27065 1623/snp4-ok.c String_Termination_Error 44 main(int argc, char **argv) userstr = argv[1]; test(userstr, userstr2); test(char *str1, char *str2) snprintf(p, l, "<%s>", str1); x = strlen(p); 0 --------------------------------- 27066 1623/snp4-ok.c String_Termination_Error 56 main(int argc, char **argv) userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) char buf[MAXSIZE]; p = buf; snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; *p++ = ' '; *p++ = '-'; snprintf(p, l, "<%s>\n", str2); x = strlen(p); 0 --------------------------------- 27067 1625/snp5-ok.c Buffer_Overflow_Indexes 44 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) >= MAXSIZE - 3) snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27068 1625/snp5-ok.c Format_String_Attack 40 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; if(strlen(str) >= MAXSIZE - 3) snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27069 1625/snp5-ok.c Buffer_Overflow_unbounded 44 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) >= MAXSIZE - 3) snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27070 1625/snp5-ok.c Buffer_Overflow_LowBound 39 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; if(strlen(str) >= MAXSIZE - 3) snprintf(buf, 1024, "<%s>", str); 0 --------------------------------- 27071 1625/snp5-ok.c String_Termination_Error 37 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) >= MAXSIZE - 3) 0 --------------------------------- 27072 1627/snp6-ok.c Buffer_Overflow_Indexes 42 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27073 1627/snp6-ok.c Format_String_Attack 38 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) char buf[MAXSIZE]; snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27074 1627/snp6-ok.c Buffer_Overflow_unbounded 42 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27075 1627/snp6-ok.c Buffer_Overflow_LowBound 37 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) char buf[MAXSIZE]; snprintf(buf, 1024, "<%s>", str); 0 --------------------------------- 27076 1627/snp6-ok.c String_Termination_Error 48 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) 0 --------------------------------- 27077 1629/snp7-ok.c Buffer_Overflow_Indexes 42 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) snprintf(buf, 1024, "<%*.*s>", MAXSIZE-3, MAXSIZE-3, str); 0 --------------------------------- 27078 1629/snp7-ok.c Format_String_Attack 38 char buf[MAXSIZE]; snprintf(buf, 1024, "<%*.*s>", MAXSIZE-3, MAXSIZE-3, str); printf("result: %s\n", buf); 0 --------------------------------- 27079 1629/snp7-ok.c Format_String_Attack 37 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) snprintf(buf, 1024, "<%*.*s>", MAXSIZE-3, MAXSIZE-3, str); 0 --------------------------------- 27080 1629/snp7-ok.c Buffer_Overflow_LowBound 37 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; snprintf(buf, 1024, "<%*.*s>", MAXSIZE-3, MAXSIZE-3, str); 0 --------------------------------- 27081 1629/snp7-ok.c Buffer_Overflow_unbounded 42 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) snprintf(buf, 1024, "<%*.*s>", MAXSIZE-3, MAXSIZE-3, str); 0 --------------------------------- 27082 1631/snp8-ok.c Buffer_Overflow_Indexes 47 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) snprintf(buf, MAXSIZE, "<%s>", str); printf("result: %s\n", buf); free(buf); 0 --------------------------------- 27083 1631/snp8-ok.c Format_String_Attack 42 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); snprintf(buf, MAXSIZE, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27084 1631/snp8-ok.c Buffer_Overflow_LowBound 41 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) buf = malloc(MAXSIZE); snprintf(buf, MAXSIZE, "<%s>", str); 0 --------------------------------- 27085 1631/snp8-ok.c Buffer_Overflow_unbounded 47 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) snprintf(buf, MAXSIZE, "<%s>", str); printf("result: %s\n", buf); free(buf); 0 --------------------------------- 27086 1633/snp9-ok.c Buffer_Overflow_Indexes 68 main(int argc, char **argv) if(argc > 2) { userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; if(l > 2) { *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); x = strlen(p); p += x; l -= x; 0 --------------------------------- 27087 1633/snp9-ok.c Format_String_Attack 58 main(int argc, char **argv) userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) buf = malloc(MAXSIZE); p = buf; l = MAXSIZE; snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); 0 --------------------------------- 27088 1633/snp9-ok.c Format_String_Attack 63 buf = malloc(MAXSIZE); printf("result: %s\n", buf); 0 --------------------------------- 27089 1633/snp9-ok.c Buffer_Overflow_unbounded 68 main(int argc, char **argv) userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; if(l > 2) { *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); x = strlen(p); p += x; l -= x; 0 --------------------------------- 27090 1633/snp9-ok.c Buffer_Overflow_LowBound 58 main(int argc, char **argv) userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) buf = malloc(MAXSIZE); p = buf; l = MAXSIZE; snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; l -= x; *p++ = ' '; *p++ = '-'; l -= 2; snprintf(p, l, "<%s>\n", str2); 0 --------------------------------- 27091 1633/snp9-ok.c String_Termination_Error 59 main(int argc, char **argv) userstr = argv[1]; userstr2 = argv[2]; test(userstr, userstr2); test(char *str1, char *str2) buf = malloc(MAXSIZE); p = buf; snprintf(p, l, "<%s>", str1); x = strlen(p); p += x; *p++ = ' '; *p++ = '-'; snprintf(p, l, "<%s>\n", str2); x = strlen(p); 0 --------------------------------- 27092 1633/snp9-ok.c String_Termination_Error 47 main(int argc, char **argv) userstr = argv[1]; test(userstr, userstr2); test(char *str1, char *str2) snprintf(p, l, "<%s>", str1); x = strlen(p); 0 --------------------------------- 27093 1635/snp10-ok.c Buffer_Overflow_Indexes 47 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); free(buf); 0 --------------------------------- 27094 1635/snp10-ok.c Format_String_Attack 42 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) buf = malloc(MAXSIZE); snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27095 1635/snp10-ok.c Buffer_Overflow_unbounded 47 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) snprintf(buf, 1024, "<%s>", str); printf("result: %s\n", buf); free(buf); 0 --------------------------------- 27096 1635/snp10-ok.c Buffer_Overflow_LowBound 41 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) buf = malloc(MAXSIZE); snprintf(buf, 1024, "<%s>", str); 0 --------------------------------- 27097 1635/snp10-ok.c String_Termination_Error 53 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) 0 --------------------------------- 27098 1638/spr2-ok.c Buffer_Overflow_Indexes 49 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) sprintf(buf, "<%.29s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27099 1638/spr2-ok.c Format_String_Attack 45 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; sprintf(buf, "<%.29s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27100 1638/spr2-ok.c Buffer_Overflow_unbounded 49 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) sprintf(buf, "<%.29s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27101 1640/spr3-ok.c Buffer_Overflow_Indexes 44 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) >= MAXSIZE - 3) sprintf(buf, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27102 1640/spr3-ok.c Format_String_Attack 40 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) char buf[MAXSIZE]; if(strlen(str) >= MAXSIZE - 3) sprintf(buf, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27103 1640/spr3-ok.c Buffer_Overflow_unbounded 44 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) >= MAXSIZE - 3) sprintf(buf, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27104 1640/spr3-ok.c Missing_Precision 39 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) >= MAXSIZE - 3) sprintf(buf, "<%s>", str); 0 --------------------------------- 27105 1640/spr3-ok.c String_Termination_Error 37 main(int argc, char **argv) userstr = argv[1]; test(userstr); test(char *str) if(strlen(str) >= MAXSIZE - 3) 0 --------------------------------- 27106 1642/spr4-ok.c Buffer_Overflow_Indexes 42 main(int argc, char **argv) if(argc > 1) { userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) sprintf(buf, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27107 1642/spr4-ok.c Format_String_Attack 38 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) char buf[MAXSIZE]; sprintf(buf, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27108 1642/spr4-ok.c Buffer_Overflow_unbounded 42 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) sprintf(buf, "<%s>", str); printf("result: %s\n", buf); 0 --------------------------------- 27109 1642/spr4-ok.c Missing_Precision 37 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) test(userstr); test(char *str) sprintf(buf, "<%s>", str); 0 --------------------------------- 27110 1642/spr4-ok.c String_Termination_Error 48 main(int argc, char **argv) userstr = argv[1]; if(strlen(userstr) < MAXSIZE - 3) 0 --------------------------------- 27111 1936/heap_overflow_basic_good.c Buffer_Overflow_unbounded 17 int main(int argc, char **argv) char *buf; buf = (char *)malloc(BUFSIZE); if (strlen(argv[1]) < BUFSIZE) strcpy(buf, argv[1]); 0 --------------------------------- 27112 1936/heap_overflow_basic_good.c String_Termination_Error 21 int main(int argc, char **argv) if (strlen(argv[1]) < BUFSIZE) 0 --------------------------------- 27113 199234/buffer_overrun_dynamic.c Format_String_Attack 62 int *buf=(int*) calloc(5,sizeof(int)); buf[i]=1; ret = buf[4]; printf("%d",ret); 0 --------------------------------- 27114 199234/buffer_overrun_dynamic.c Buffer_Overflow_boundedcpy 581 char a[12],*ptr2 = a; ptr1[i]='\0'; memcpy(ptr2,ptr1,11); 0 --------------------------------- 27115 199234/buffer_overrun_dynamic_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 27116 199234/buffer_overrun_dynamic_main.c Format_String_Attack 19 int main(int argc,char*argv[]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 27117 199234/buffer_overrun_dynamic_main.c Buffer_Overflow_unbounded 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 27118 199236/buffer_overrun_dynamic_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 27119 199236/buffer_overrun_dynamic_main.c Format_String_Attack 19 int main(int argc,char*argv[]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 27120 199236/buffer_overrun_dynamic_main.c Buffer_Overflow_unbounded 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 27121 199236/buffer_underrun_dynamic.c Buffer_Overflow_LowBound 653 char* srcbuf="Test Code"; char* destbuf=(char*) malloc(10*sizeof(char)); for(i=0;ia = 10; i=s->a; s->a = 20; i=s->a; return i; ret = invalid_memory_access_012_func_001 (1); printf("%d",ret); 0 --------------------------------- 27135 199276/invalid_memory_access.c Format_String_Attack 465 int i=0; invalid_memory_access_013_s_001_s_gbl->a = 10; i=invalid_memory_access_013_s_001_s_gbl->a; invalid_memory_access_013_s_001_s_gbl->a = 20; i=invalid_memory_access_013_s_001_s_gbl->a; return i; ret = invalid_memory_access_013_func_002 (1); printf("%d",ret); 0 --------------------------------- 27136 199276/invalid_memory_access.c Format_String_Attack 76 double *ptr, *dptr = 0,a; a = *(ptr+1); a = *(dptr+1); printf("%lf",a); 0 --------------------------------- 27137 199276/invalid_memory_access.c Format_String_Attack 634 invalid_memory_access_017_doubleptr_gbl=(char*) malloc(10*sizeof(char)); strcpy(invalid_memory_access_017_doubleptr_gbl,"TEST"); char s[10] ; invalid_memory_access_017_func_002(); if(invalid_memory_access_017_func_001(flag) == 0) invalid_memory_access_017_func_004(); printf("invalid gbl= %s \n",invalid_memory_access_017_doubleptr_gbl); strcpy(s,invalid_memory_access_017_doubleptr_gbl); printf("invalid str= %s \n",s); 0 --------------------------------- 27138 199276/invalid_memory_access.c Format_String_Attack 576 invalid_memory_access_016_doubleptr_gbl=(char**) malloc(10*sizeof(char*)); invalid_memory_access_016_doubleptr_gbl[i]=(char*) malloc(10*sizeof(char)); strcpy(invalid_memory_access_016_doubleptr_gbl[i],"STRING00"); char s[10] ; invalid_memory_access_016_func_002(); if(invalid_memory_access_016_func_001(flag)==0) invalid_memory_access_016_func_003(); printf("invalid gbl= %s \n",invalid_memory_access_016_doubleptr_gbl[0]); strcpy(s,invalid_memory_access_016_doubleptr_gbl[0]); printf("invalid str= %s \n",s); 0 --------------------------------- 27139 199276/invalid_memory_access.c Buffer_Overflow_boundedcpy 231 char* buf=(char*) calloc(25, sizeof(char)); char* buf1= "This is a string"; memcpy(buf,buf1,11); 0 --------------------------------- 27140 199276/invalid_memory_access.c Buffer_Overflow_boundedcpy 129 buf = (char *)malloc(100*sizeof(char)); memset(buf, 'A', 100-1); 0 --------------------------------- 27141 199276/invalid_memory_access.c Buffer_Overflow_cpycat 575 char s[10] ; strcpy(s,invalid_memory_access_016_doubleptr_gbl[0]); 0 --------------------------------- 27142 199276/invalid_memory_access.c Buffer_Overflow_cpycat 104 buf = (char *) malloc (25 * sizeof(char)); buf = NULL; strcpy(buf,"This is String"); 0 --------------------------------- 27143 199276/invalid_memory_access.c Buffer_Overflow_cpycat 633 invalid_memory_access_017_doubleptr_gbl=(char*) malloc(10*sizeof(char)); strcpy(invalid_memory_access_017_doubleptr_gbl,"TEST"); char s[10] ; invalid_memory_access_017_func_002(); if(invalid_memory_access_017_func_001(flag) == 0) invalid_memory_access_017_func_004(); printf("invalid gbl= %s \n",invalid_memory_access_017_doubleptr_gbl); strcpy(s,invalid_memory_access_017_doubleptr_gbl); 0 --------------------------------- 27144 199276/invalid_memory_access.c Buffer_Overflow_cpycat 621 invalid_memory_access_017_doubleptr_gbl=(char*) malloc(10*sizeof(char)); strcpy(invalid_memory_access_017_doubleptr_gbl,"TEST"); 0 --------------------------------- 27145 199276/invalid_memory_access.c String_Termination_Error 509 char buf[][25]={"This is a String", str = invalid_memory_access_015_func_001(buf[j]); static char * invalid_memory_access_015_func_001 (char *str1) i = strlen(str1); 0 --------------------------------- 27146 199276/invalid_memory_access_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==24 || vflag_file == 888) 0 --------------------------------- 27147 199276/invalid_memory_access_main.c Format_String_Attack 19 int main(int argc,char*argv[]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 27148 199276/invalid_memory_access_main.c Buffer_Overflow_unbounded 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==24 || vflag_file == 888) 0 --------------------------------- 27149 199292/overrun_st_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==32 || vflag_file == 888) 0 --------------------------------- 27150 199292/overrun_st_main.c Format_String_Attack 19 int main(int argc,char*argv[]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 27151 199292/overrun_st_main.c Buffer_Overflow_unbounded 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==32 || vflag_file == 888) 0 --------------------------------- 27152 199314/st_underrun.c Buffer_Overflow_cpycat 23 char buf[10]; strcpy(buf, "my string"); 0 --------------------------------- 27153 199314/st_underrun.c String_Termination_Error 122 st_underrun_004_s_001 s,s2; s2 = st_underrun_004_func_001(&s); st_underrun_004_s_001 st_underrun_004_func_001 (st_underrun_004_s_001 *s) st_underrun_004_func_002(s); void st_underrun_004_func_002 (st_underrun_004_s_001 *s) char buf[10] = "STRING"; strcpy(s->buf,buf); int len = strlen(s->buf) - 1; 0 --------------------------------- 27154 199314/st_underrun.c String_Termination_Error 85 st_underrun_003_s_001 s; st_underrun_003_func_001(&s); void st_underrun_003_func_001 (st_underrun_003_s_001 *s) char buf[10] = "STRING"; strcpy(s->buf,buf); st_underrun_003_func_002(&s); void st_underrun_003_func_002 (st_underrun_003_s_001 *s) int len = strlen(s->buf) - 1; 0 --------------------------------- 27155 199314/st_underrun.c String_Termination_Error 24 char buf[10]; strcpy(buf, "my string"); 0 --------------------------------- 27156 199314/st_underrun.c String_Termination_Error 233 st_underrun_007_s_001 s; s.buf[0] = 1; st_underrun_007_func_001(&s); void st_underrun_007_func_001 (st_underrun_007_s_001 *s) int len = strlen(s->buf) - 1; 0 --------------------------------- 27157 199314/st_underrun_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==43 || vflag_file == 888) 0 --------------------------------- 27158 199314/st_underrun_main.c Format_String_Attack 19 int main(int argc,char*argv[]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 27159 199314/st_underrun_main.c Buffer_Overflow_unbounded 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==43 || vflag_file == 888) 0 --------------------------------- 27160 199316/underrun_st_main.c Buffer_Overflow_Indexes 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==44 || vflag_file == 888) 0 --------------------------------- 27161 199316/underrun_st_main.c Format_String_Attack 19 int main(int argc,char*argv[]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 27162 199316/underrun_st_main.c Buffer_Overflow_unbounded 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==44 || vflag_file == 888) 0 --------------------------------- 27163 199320/uninit_pointer.c Format_String_Attack 423 uninit_pointer_016_gbl_doubleptr=(char**) malloc(10*sizeof(char*)); uninit_pointer_016_gbl_doubleptr[i]=(char*) malloc(10*sizeof(char)); strcpy(uninit_pointer_016_gbl_doubleptr[i],"STRING00"); char *s=(char*) malloc(10*sizeof(char)); uninit_pointer_016_func_002(); free (uninit_pointer_016_gbl_doubleptr[i]); printf("unint p %s \n",uninit_pointer_016_gbl_doubleptr[i]); strcpy(s,uninit_pointer_016_gbl_doubleptr[i]); printf("unint p %s \n",s); 0 --------------------------------- 27164 199320/uninit_pointer.c Format_String_Attack 138 char **pbuf[5] = {&buf1, &buf2, &buf3, &buf4, &buf5}; int i,j=4; *((*pbuf[i])+j)='a'; printf("uninit %c \n",*((*pbuf[i])+j)); 0 --------------------------------- 27165 199320/uninit_pointer.c Buffer_Overflow_cpycat 196 char *buf,buf1[25]; buf = "This is a string"; strcpy(buf1,buf); 0 --------------------------------- 27166 199320/uninit_pointer.c Buffer_Overflow_cpycat 422 uninit_pointer_016_gbl_doubleptr=(char**) malloc(10*sizeof(char*)); uninit_pointer_016_gbl_doubleptr[i]=(char*) malloc(10*sizeof(char)); strcpy(uninit_pointer_016_gbl_doubleptr[i],"STRING00"); char *s=(char*) malloc(10*sizeof(char)); uninit_pointer_016_func_002(); free (uninit_pointer_016_gbl_doubleptr[i]); printf("unint p %s \n",uninit_pointer_016_gbl_doubleptr[i]); strcpy(s,uninit_pointer_016_gbl_doubleptr[i]); printf("unint p %s \n",s); strcpy(s,uninit_pointer_016_gbl_doubleptr[i]); 0 --------------------------------- 27167 199320/uninit_pointer_main.c Format_String_Attack 19 int main(int argc,char*argv[]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); 0 --------------------------------- 27168 199320/uninit_pointer_main.c Buffer_Overflow_unbounded 11 int main(int argc,char*argv[]) if(argv[1]) vflag_copy = atoi(argv[1]); vflag_file = (int)floor((double)vflag_copy/1000.0); vflag = (int)floor((int)vflag_copy%1000); printf("vflag_file = %d vflag_func = %d vflag_copy =%d \n" , vflag_file, vflag,vflag_copy); if (vflag_file ==46 || vflag_file == 888) 0 --------------------------------- 27169 294/basic-00045-ok.c Buffer_Overflow_cpycat 57 char buf[10]; strcpy(buf, "AAAAAAAAA"); 0 --------------------------------- 27170 298/basic-00046-ok.c Buffer_Overflow_cpycat 60 char buf[10]; src[10 - 1] = '\0'; strcpy(buf, src); 0 --------------------------------- 27171 298/basic-00046-ok.c Buffer_Overflow_boundedcpy 56 char src[10]; memset(src, 'A', 10); 0 --------------------------------- 27172 302/basic-00047-ok.c Off_by_One_Error_in_Methods 60 char buf[10]; src[10 - 1] = '\0'; strncpy(buf, src, 10); 0 --------------------------------- 27173 302/basic-00047-ok.c Buffer_Overflow_LowBound 60 char buf[10]; src[10 - 1] = '\0'; strncpy(buf, src, 10); 0 --------------------------------- 27174 302/basic-00047-ok.c Buffer_Overflow_boundedcpy 56 char src[10]; memset(src, 'A', 10); 0 --------------------------------- 27175 302/basic-00047-ok.c Buffer_Overflow_boundedcpy 60 char buf[10]; src[10 - 1] = '\0'; strncpy(buf, src, 10); 0 --------------------------------- 27176 306/basic-00048-ok.c Off_by_One_Error_in_Methods 62 char buf[10]; src[10 - 1] = '\0'; len = 10; strncpy(buf, src, len); 0 --------------------------------- 27177 306/basic-00048-ok.c Buffer_Overflow_LowBound 62 char buf[10]; src[10 - 1] = '\0'; len = 10; strncpy(buf, src, len); 0 --------------------------------- 27178 306/basic-00048-ok.c Buffer_Overflow_boundedcpy 57 char src[10]; memset(src, 'A', 10); 0 --------------------------------- 27179 306/basic-00048-ok.c Buffer_Overflow_boundedcpy 62 char buf[10]; src[10 - 1] = '\0'; len = 10; strncpy(buf, src, len); 0 --------------------------------- 27180 310/basic-00049-ok.c Off_by_One_Error_in_Methods 62 char buf[10]; src[10 - 1] = '\0'; i = 2; strncpy(buf, src, (4 * i) + 2); 0 --------------------------------- 27181 310/basic-00049-ok.c Buffer_Overflow_LowBound 62 char buf[10]; src[10 - 1] = '\0'; i = 2; strncpy(buf, src, (4 * i) + 2); 0 --------------------------------- 27182 310/basic-00049-ok.c Buffer_Overflow_boundedcpy 57 char src[10]; memset(src, 'A', 10); 0 --------------------------------- 27183 310/basic-00049-ok.c Buffer_Overflow_boundedcpy 62 char buf[10]; src[10 - 1] = '\0'; i = 2; strncpy(buf, src, (4 * i) + 2); 0 --------------------------------- 27184 314/basic-00050-ok.c Off_by_One_Error_in_Methods 62 char buf[10]; src[10 - 1] = '\0'; i = 11; strncpy(buf, src, 10 % i); 0 --------------------------------- 27185 314/basic-00050-ok.c Buffer_Overflow_LowBound 62 char buf[10]; src[10 - 1] = '\0'; i = 11; strncpy(buf, src, 10 % i); 0 --------------------------------- 27186 314/basic-00050-ok.c Buffer_Overflow_boundedcpy 57 char src[10]; memset(src, 'A', 10); 0 --------------------------------- 27187 314/basic-00050-ok.c Buffer_Overflow_boundedcpy 62 char buf[10]; src[10 - 1] = '\0'; i = 11; strncpy(buf, src, 10 % i); 0 --------------------------------- 27188 318/basic-00051-ok.c Off_by_One_Error_in_Methods 65 char buf[10]; src[10 - 1] = '\0'; strncpy(buf, src, function1(10)); int function1(int arg1) return arg1; 0 --------------------------------- 27189 318/basic-00051-ok.c Buffer_Overflow_LowBound 65 char buf[10]; src[10 - 1] = '\0'; strncpy(buf, src, function1(10)); int function1(int arg1) return arg1; 0 --------------------------------- 27190 318/basic-00051-ok.c Buffer_Overflow_boundedcpy 65 char buf[10]; src[10 - 1] = '\0'; strncpy(buf, src, function1(10)); int function1(int arg1) return arg1; 0 --------------------------------- 27191 318/basic-00051-ok.c Buffer_Overflow_boundedcpy 61 char src[10]; memset(src, 'A', 10); 0 --------------------------------- 27192 322/basic-00052-ok.c Off_by_One_Error_in_Methods 62 char buf[10]; src[10 - 1] = '\0'; strncpy(buf, src, index_array[0]); 0 --------------------------------- 27193 322/basic-00052-ok.c Buffer_Overflow_LowBound 62 char buf[10]; src[10 - 1] = '\0'; strncpy(buf, src, index_array[0]); 0 --------------------------------- 27194 322/basic-00052-ok.c Buffer_Overflow_boundedcpy 57 char src[10]; memset(src, 'A', 10); 0 --------------------------------- 27195 322/basic-00052-ok.c Buffer_Overflow_boundedcpy 62 char buf[10]; src[10 - 1] = '\0'; strncpy(buf, src, index_array[0]); 0 --------------------------------- 27196 838/basic-00181-ok.c Buffer_Overflow_Indexes 58 envvar = getenv("STRINGLEN_OK"); if (envvar != NULL) i = strlen(envvar); if (i > 9) buf[i] = 'A'; 0 --------------------------------- 27197 838/basic-00181-ok.c Buffer_Overflow_unbounded 58 envvar = getenv("STRINGLEN_OK"); if (envvar != NULL) i = strlen(envvar); if (i > 9) 0 --------------------------------- 27198 838/basic-00181-ok.c String_Termination_Error 61 envvar = getenv("STRINGLEN_OK"); i = strlen(envvar); 0 --------------------------------- 27199 842/basic-00182-ok.c Buffer_Overflow_fgets 61 char buf[10]; f = fopen("TestInputFile1", "r"); assert(f != NULL); fgets(buf, 10, f); 0 --------------------------------- 27200 70471/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_34.c Buffer_Overflow_Indexes 229 typedef union int unionFirst; int unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_34_unionType; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_34_unionType myUnion; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int * buffer = (int *)malloc(10 * sizeof(int)); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27201 70471/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_34.c Buffer_Overflow_Indexes 90 typedef union int unionFirst; int unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_34_unionType; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_34_unionType myUnion; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27202 70472/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_41.c Buffer_Overflow_Indexes 112 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badSink(data); static void badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27203 70472/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_41.c Buffer_Overflow_Indexes 250 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2GSink(data); static void goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27204 70473/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_42.c Buffer_Overflow_Indexes 221 data = -1; data = badSource(data); static int badSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27205 70473/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_42.c Buffer_Overflow_Indexes 80 data = -1; data = goodB2GSource(data); static int goodB2GSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27206 70475/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_44.c Buffer_Overflow_Indexes 255 void (*funcPtr) (int) = badSink; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27207 70475/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_44.c Buffer_Overflow_Indexes 114 void (*funcPtr) (int) = goodB2GSink; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27208 70476/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_45.c Buffer_Overflow_Indexes 259 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_45_badData = data; badSink(); static void badSink() int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_45_badData; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27209 70476/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_45.c Buffer_Overflow_Indexes 117 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_45_goodB2GData; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27210 70477/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_51.c Buffer_Overflow_Indexes 171 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_51b_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27211 70477/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_51.c Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_51b_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_51b_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27212 70478/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52.c Buffer_Overflow_Indexes 171 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52b_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52c_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27213 70478/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52.c Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52b_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52b_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52c_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_52c_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27214 70479/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53.c Buffer_Overflow_Indexes 171 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53b_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53c_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53d_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27215 70479/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53.c Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53b_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53b_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53c_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53c_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53d_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_53d_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27216 70480/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54.c Buffer_Overflow_Indexes 171 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54b_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54c_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54d_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54e_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27217 70480/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54.c Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54b_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54b_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54c_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54c_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54d_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54d_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54e_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_54e_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27218 70481/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_61.c Buffer_Overflow_Indexes 270 data = -1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_61b_badSource(data); int CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_61b_badSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27219 70481/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_61.c Buffer_Overflow_Indexes 345 data = -1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_61b_goodB2GSource(data); int CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_61b_goodB2GSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27220 70483/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_63.c Buffer_Overflow_Indexes 171 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_63b_badSink(int * dataPtr) int data = *dataPtr; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27221 70483/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_63.c Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_63b_goodB2GSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_63b_goodB2GSink(int * dataPtr) int data = *dataPtr; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27222 70484/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_64.c Buffer_Overflow_Indexes 171 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27223 70484/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_64.c Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_64b_goodB2GSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_64b_goodB2GSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27224 70485/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_65.c Buffer_Overflow_Indexes 88 void (*funcPtr) (int) = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_65b_badSink; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_65b_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27225 70485/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_65.c Buffer_Overflow_Indexes 176 void (*funcPtr) (int) = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_65b_goodB2GSink; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_65b_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27226 70486/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_66.c Buffer_Overflow_Indexes 87 int data; int dataArray[5]; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_66b_badSink(int dataArray[]) int data = dataArray[2]; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27227 70486/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_66.c Buffer_Overflow_Indexes 177 int dataArray[5]; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_66b_goodB2GSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_66b_goodB2GSink(int dataArray[]) int data = dataArray[2]; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27228 70487/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67.c Buffer_Overflow_Indexes 92 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67_structType int structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67_structType; int data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67_structType myStruct; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67_structType myStruct) int data = myStruct.structFirst; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27229 70487/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67.c Buffer_Overflow_Indexes 181 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67_structType int structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67_structType; int data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67_structType myStruct; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67b_goodB2GSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67b_goodB2GSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_67_structType myStruct) int data = myStruct.structFirst; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27230 70488/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68.c Buffer_Overflow_Indexes 90 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68b_badSink() int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68_badData; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27231 70488/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68.c Buffer_Overflow_Indexes 177 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68_goodB2GData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68b_goodB2GSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68b_goodB2GSink() int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_68_goodB2GData; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27232 70496/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c Buffer_Overflow_Indexes 32 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27233 70496/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_01.c Buffer_Overflow_fgets 32 int data; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27234 70497/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_02.c Buffer_Overflow_Indexes 90 data = -1; if(1) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(1) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27235 70497/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_02.c Buffer_Overflow_Indexes 146 data = -1; if(1) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(0) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27236 70497/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_02.c Buffer_Overflow_Indexes 34 data = -1; if(1) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(1) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27237 70498/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_03.c Buffer_Overflow_Indexes 90 data = -1; if(5==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(5==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27238 70498/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_03.c Buffer_Overflow_Indexes 146 data = -1; if(5==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(5!=5) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27239 70498/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_03.c Buffer_Overflow_Indexes 34 data = -1; if(5==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(5==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27240 70499/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_04.c Buffer_Overflow_Indexes 96 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27241 70499/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_04.c Buffer_Overflow_Indexes 152 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(STATIC_CONST_FALSE) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27242 70499/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_04.c Buffer_Overflow_Indexes 40 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27243 70500/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_05.c Buffer_Overflow_Indexes 96 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticTrue) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27244 70500/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_05.c Buffer_Overflow_Indexes 152 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticFalse) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27245 70500/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_05.c Buffer_Overflow_Indexes 40 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticTrue) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27246 70501/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_06.c Buffer_Overflow_Indexes 39 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27247 70501/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_06.c Buffer_Overflow_Indexes 95 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(STATIC_CONST_FIVE!=5) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27248 70501/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_06.c Buffer_Overflow_Indexes 151 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27249 70502/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_07.c Buffer_Overflow_Indexes 39 static int staticFive = 5; data = -1; if(staticFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticFive==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27250 70502/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_07.c Buffer_Overflow_Indexes 95 static int staticFive = 5; data = -1; if(staticFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticFive!=5) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27251 70502/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_07.c Buffer_Overflow_Indexes 151 static int staticFive = 5; data = -1; if(staticFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticFive==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27252 70503/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_08.c Buffer_Overflow_Indexes 47 static int staticReturnsTrue() return 1; }   static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticReturnsTrue()) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27253 70503/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_08.c Buffer_Overflow_Indexes 103 static int staticReturnsTrue() return 1; }   static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticReturnsFalse()) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27254 70503/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_08.c Buffer_Overflow_Indexes 159 static int staticReturnsTrue() return 1; }   static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticReturnsTrue()) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27255 70504/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_09.c Buffer_Overflow_Indexes 90 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27256 70504/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_09.c Buffer_Overflow_Indexes 146 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(GLOBAL_CONST_FALSE) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27257 70504/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_09.c Buffer_Overflow_Indexes 34 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27258 70505/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_10.c Buffer_Overflow_Indexes 90 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalTrue) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27259 70505/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_10.c Buffer_Overflow_Indexes 146 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalFalse) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27260 70505/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_10.c Buffer_Overflow_Indexes 34 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalTrue) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27261 70506/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_11.c Buffer_Overflow_Indexes 90 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalReturnsTrue()) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27262 70506/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_11.c Buffer_Overflow_Indexes 146 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalReturnsFalse()) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27263 70506/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_11.c Buffer_Overflow_Indexes 34 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalReturnsTrue()) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27264 70508/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_13.c Buffer_Overflow_Indexes 90 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27265 70508/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_13.c Buffer_Overflow_Indexes 146 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE!=5) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27266 70508/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_13.c Buffer_Overflow_Indexes 34 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27267 70509/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_14.c Buffer_Overflow_Indexes 90 int globalFive = 5;  data = -1; if(globalFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalFive==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27268 70509/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_14.c Buffer_Overflow_Indexes 146 int globalFive = 5;  data = -1; if(globalFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalFive!=5) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27269 70509/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_14.c Buffer_Overflow_Indexes 34 int globalFive = 5;  data = -1; if(globalFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalFive==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27270 70510/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_15.c Buffer_Overflow_Indexes 103 data = -1; switch(6) case 6: char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); break; default: break; switch(7) case 7: int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27271 70510/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_15.c Buffer_Overflow_Indexes 166 data = -1; switch(6) case 6: char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); break; default: break; switch(8) case 7: break; default: int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27272 70510/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_15.c Buffer_Overflow_Indexes 35 data = -1; switch(6) case 6: char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); break; default: break; switch(7) case 7: int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27273 70511/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_16.c Buffer_Overflow_Indexes 92 data = -1; while(1) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); break; while(1) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27274 70511/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_16.c Buffer_Overflow_Indexes 34 data = -1; while(1) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); break; while(1) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; break; 0 --------------------------------- 27275 70512/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_17.c Buffer_Overflow_Indexes 35 data = -1; for(i = 0; i < 1; i++) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); for(j = 0; j < 1; j++) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27276 70512/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_17.c Buffer_Overflow_Indexes 92 data = -1; for(i = 0; i < 1; i++) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); for(k = 0; k < 1; k++) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27277 70513/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_18.c Buffer_Overflow_Indexes 88 data = -1; goto source; source: char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); goto sink; sink: int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27278 70513/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_18.c Buffer_Overflow_Indexes 34 data = -1; goto source; source: char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); goto sink; sink: int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27279 70514/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_21.c Buffer_Overflow_Indexes 135 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); badStatic = 1; badSink(data); static void badSink(int data) if(badStatic) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27280 70514/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_21.c Buffer_Overflow_Indexes 189 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); goodB2G1Static = 0; goodB2G1Sink(data); static void goodB2G1Sink(int data) if(goodB2G1Static) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27281 70514/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_21.c Buffer_Overflow_Indexes 67 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); goodB2G2Static = 1; goodB2G2Sink(data); static void goodB2G2Sink(int data) if(goodB2G2Static) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27282 70515/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22.c Buffer_Overflow_Indexes 71 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22_badGlobal = 1; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22_badSink(int data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22_badGlobal){ int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27283 70515/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22.c Buffer_Overflow_Indexes 96 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22_goodB2G1Global = 0; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22_goodB2G1Sink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22_goodB2G1Sink(int data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22_goodB2G1Global) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27284 70515/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22.c Buffer_Overflow_Indexes 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22_goodB2G2Global = 1; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22_goodB2G2Sink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22_goodB2G2Sink(int data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_22_goodB2G2Global) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27285 70516/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_31.c Buffer_Overflow_Indexes 32 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27286 70516/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_31.c Buffer_Overflow_fgets 32 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27287 70517/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_32.c Buffer_Overflow_Indexes 140 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27288 70517/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_32.c Buffer_Overflow_fgets 140 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27289 70519/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_34.c Buffer_Overflow_Indexes 39 typedef union int unionFirst; int unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_34_unionType; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_34_unionType myUnion; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27290 70519/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_34.c Buffer_Overflow_fgets 135 typedef union int unionFirst; int unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_34_unionType; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_34_unionType myUnion; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27291 70520/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_41.c Buffer_Overflow_Indexes 61 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); badSink(data); static void badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27292 70520/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_41.c Buffer_Overflow_fgets 61 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); goodB2GSink(data); static void goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27293 70521/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_42.c Buffer_Overflow_Indexes 127 data = -1; data = badSource(data); static int badSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27294 70521/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_42.c Buffer_Overflow_fgets 127 data = -1; data = goodB2GSource(data); static int goodB2GSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27295 70523/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_44.c Buffer_Overflow_Indexes 63 void (*funcPtr) (int) = badSink; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); funcPtr(data); static void badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27296 70523/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_44.c Buffer_Overflow_fgets 63 void (*funcPtr) (int) = goodB2GSink; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); funcPtr(data); static void goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27297 70524/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45.c Buffer_Overflow_Indexes 165 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45_badData = data; badSink(); static void badSink() int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45_badData; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27298 70524/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45.c Buffer_Overflow_fgets 165 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_45_goodB2GData; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27299 70525/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51.c Buffer_Overflow_Indexes 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51b_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27300 70525/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51.c Buffer_Overflow_fgets 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51b_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_51b_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27301 70526/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52.c Buffer_Overflow_Indexes 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52b_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52c_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27302 70526/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52.c Buffer_Overflow_fgets 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52b_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52b_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52c_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_52c_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27303 70527/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53.c Buffer_Overflow_Indexes 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53b_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53c_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53d_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27304 70527/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53.c Buffer_Overflow_fgets 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53b_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53b_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53c_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53c_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53d_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_53d_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27305 70529/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_61.c Buffer_Overflow_Indexes 231 data = -1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_61b_badSource(data); int CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_61b_badSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27306 70529/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_61.c Buffer_Overflow_fgets 199 data = -1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_61b_goodB2GSource(data); int CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_61b_goodB2GSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27307 70531/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63.c Buffer_Overflow_Indexes 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63b_badSink(int * dataPtr) int data = *dataPtr; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27308 70531/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63.c Buffer_Overflow_fgets 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63b_goodB2GSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_63b_goodB2GSink(int * dataPtr) int data = *dataPtr; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27309 70532/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64.c Buffer_Overflow_Indexes 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27310 70532/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64.c Buffer_Overflow_fgets 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64b_goodB2GSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_64b_goodB2GSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27311 70533/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_65.c Buffer_Overflow_Indexes 37 void (*funcPtr) (int) = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_65b_badSink; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_65b_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27312 70533/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_65.c Buffer_Overflow_fgets 37 void (*funcPtr) (int) = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_65b_goodB2GSink; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_65b_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27313 70534/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66.c Buffer_Overflow_Indexes 83 int dataArray[5]; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66b_badSink(int dataArray[]) int data = dataArray[2]; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 27314 70534/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66.c Buffer_Overflow_fgets 83 int dataArray[5]; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66b_goodB2GSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_66b_goodB2GSink(int dataArray[]) int data = dataArray[2]; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27315 70535/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67.c Buffer_Overflow_Indexes 87 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67_structType int structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67_structType; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67_structType myStruct) int data = myStruct.structFirst; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27316 70535/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67.c Buffer_Overflow_fgets 87 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67_structType int structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67_structType; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67_structType myStruct; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67b_goodB2GSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67b_goodB2GSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_67_structType myStruct) int data = myStruct.structFirst; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27317 70536/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68.c Buffer_Overflow_Indexes 39 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68b_badSink() int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68_badData; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27318 70536/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68.c Buffer_Overflow_fgets 39 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68_goodB2GData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68b_goodB2GSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68b_goodB2GSink() int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_68_goodB2GData; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27319 70540/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81a.cpp Buffer_Overflow_Indexes 76 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); const CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81_bad();  baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81_bad::action(int data) const int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27320 70540/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81a.cpp Buffer_Overflow_fgets 76 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); const CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81_goodB2G(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_81_goodB2G::action(int data) const int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27321 70541/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82a.cpp Buffer_Overflow_Indexes 78 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82_bad::action(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; delete baseObject; 1 --------------------------------- 27322 70541/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82a.cpp Buffer_Overflow_fgets 78 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82_goodB2G;  baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_fgets_82_goodB2G::action(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; delete baseObject; 0 --------------------------------- 27323 70640/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_01.c Buffer_Overflow_Indexes 92 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27324 70640/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_01.c Buffer_Overflow_Indexes 234 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27325 70641/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_02.c Buffer_Overflow_Indexes 206 data = -1; if(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(1) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27326 70641/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_02.c Buffer_Overflow_Indexes 94 data = -1; if(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(0){ } else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27327 70641/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_02.c Buffer_Overflow_Indexes 318 data = -1; if(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(1) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27328 70642/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_03.c Buffer_Overflow_Indexes 206 data = -1; if(5==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27329 70642/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_03.c Buffer_Overflow_Indexes 94 data = -1; if(5==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5!=5) { } else{ int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27330 70642/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_03.c Buffer_Overflow_Indexes 318 data = -1; if(5==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27331 70643/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_04.c Buffer_Overflow_Indexes 100 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27332 70643/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_04.c Buffer_Overflow_Indexes 212 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FALSE) { } else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27333 70643/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_04.c Buffer_Overflow_Indexes 324 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27334 70644/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_05.c Buffer_Overflow_Indexes 100 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticTrue) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27335 70644/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_05.c Buffer_Overflow_Indexes 212 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFalse) { } else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27336 70644/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_05.c Buffer_Overflow_Indexes 324 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticTrue) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27337 70645/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_06.c Buffer_Overflow_Indexes 323 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27338 70645/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_06.c Buffer_Overflow_Indexes 99 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE!=5) { } else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27339 70645/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_06.c Buffer_Overflow_Indexes 211 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27340 70646/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_07.c Buffer_Overflow_Indexes 323 static int staticFive = 5; data = -1; if(staticFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27341 70646/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_07.c Buffer_Overflow_Indexes 99 static int staticFive = 5; data = -1; if(staticFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive!=5) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27342 70646/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_07.c Buffer_Overflow_Indexes 211 static int staticFive = 5; data = -1; if(staticFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27343 70647/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_08.c Buffer_Overflow_Indexes 219 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsTrue()) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27344 70647/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_08.c Buffer_Overflow_Indexes 331 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsFalse()) { } else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27345 70647/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_08.c Buffer_Overflow_Indexes 107 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsTrue()) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27346 70648/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_09.c Buffer_Overflow_Indexes 206 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27347 70648/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_09.c Buffer_Overflow_Indexes 94 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FALSE) { } else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27348 70648/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_09.c Buffer_Overflow_Indexes 318 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27349 70649/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_10.c Buffer_Overflow_Indexes 206 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalTrue) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27350 70649/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_10.c Buffer_Overflow_Indexes 94 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFalse) { } else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27351 70649/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_10.c Buffer_Overflow_Indexes 318 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalTrue) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27352 70650/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_11.c Buffer_Overflow_Indexes 206 int globalReturnsTrue()  return 1; }  int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsTrue()) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27353 70650/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_11.c Buffer_Overflow_Indexes 94 int globalReturnsTrue()  return 1; }  int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsFalse()) { } else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27354 70650/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_11.c Buffer_Overflow_Indexes 318 int globalReturnsTrue()  return 1; }  int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsTrue()) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27355 70652/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_13.c Buffer_Overflow_Indexes 206 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27356 70652/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_13.c Buffer_Overflow_Indexes 94 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE!=5) { } else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27357 70652/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_13.c Buffer_Overflow_Indexes 318 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27358 70653/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_14.c Buffer_Overflow_Indexes 206 int globalFive = 5; data = -1; if(globalFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27359 70653/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_14.c Buffer_Overflow_Indexes 94 int globalFive = 5; data = -1; if(globalFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive!=5) { } else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27360 70653/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_14.c Buffer_Overflow_Indexes 318 int globalFive = 5; data = -1; if(globalFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive==5) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27361 70654/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_15.c Buffer_Overflow_Indexes 219 data = -1; switch(6) case 6: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(7) case 7: int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27362 70654/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_15.c Buffer_Overflow_Indexes 338 data = -1; switch(6) case 6: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(8) case 7: break; default: int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27363 70654/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_15.c Buffer_Overflow_Indexes 95 data = -1; switch(6) case 6: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(7) case 7: int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27364 70655/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_16.c Buffer_Overflow_Indexes 208 data = -1; while(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; while(1) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; break; 1 --------------------------------- 27365 70655/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_16.c Buffer_Overflow_Indexes 94 data = -1; while(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; while(1) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; break; 0 --------------------------------- 27366 70656/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_17.c Buffer_Overflow_Indexes 95 data = -1; for(i = 0; i < 1; i++) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); for(j = 0; j < 1; j++) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27367 70656/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_17.c Buffer_Overflow_Indexes 208 data = -1; for(i = 0; i < 1; i++) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); for(k = 0; k < 1; k++) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27368 70657/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_18.c Buffer_Overflow_Indexes 204 data = -1; goto source; source: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goto sink; sink: int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27369 70657/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_18.c Buffer_Overflow_Indexes 94 data = -1; goto source; source: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goto sink; sink: int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27370 70658/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_21.c Buffer_Overflow_Indexes 251 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badStatic = 1; badSink(data); static void badSink(int data) if(badStatic) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27371 70658/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_21.c Buffer_Overflow_Indexes 361 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2G1Static = 0; goodB2G1Sink(data); static void goodB2G1Sink(int data) if(goodB2G1Static) { } else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27372 70658/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_21.c Buffer_Overflow_Indexes 127 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2G2Static = 1; goodB2G2Sink(data); static void goodB2G2Sink(int data) if(goodB2G2Static) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27373 70659/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22.c Buffer_Overflow_Indexes 187 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22_badGlobal = 1; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22_badSink(int data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22_badGlobal) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27374 70659/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22.c Buffer_Overflow_Indexes 268 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22_goodB2G1Global = 0; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22_goodB2G1Sink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22_goodB2G1Sink(int data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22_goodB2G1Global) {} else int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27375 70659/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22.c Buffer_Overflow_Indexes 97 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22_goodB2G2Global = 1; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22_goodB2G2Sink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22_goodB2G2Sink(int data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_22_goodB2G2Global) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27376 70660/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_31.c Buffer_Overflow_Indexes 92 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27377 70660/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_31.c Buffer_Overflow_Indexes 242 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27378 70661/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_32.c Buffer_Overflow_Indexes 96 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27379 70661/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_32.c Buffer_Overflow_Indexes 256 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27380 70663/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_34.c Buffer_Overflow_Indexes 251 typedef union int unionFirst; int unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_34_unionType; int data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_34_unionType myUnion; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27381 70663/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_34.c Buffer_Overflow_Indexes 99 typedef union int unionFirst; int unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_34_unionType; int data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_34_unionType myUnion; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27382 70664/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_41.c Buffer_Overflow_Indexes 121 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badSink(data); static void badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27383 70664/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_41.c Buffer_Overflow_Indexes 272 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2GSink(data); static void goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27384 70665/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_42.c Buffer_Overflow_Indexes 243 int data; data = -1; data = badSource(data); static int badSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27385 70665/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_42.c Buffer_Overflow_Indexes 89 int data; data = -1; data = goodB2GSource(data); static int goodB2GSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27386 70667/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_44.c Buffer_Overflow_Indexes 123 int data; void (*funcPtr) (int) = badSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27387 70667/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_44.c Buffer_Overflow_Indexes 277 int data; void (*funcPtr) (int) = goodB2GSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27388 70668/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_45.c Buffer_Overflow_Indexes 281 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_45_badData = data; badSink(); static void badSink() int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_45_badData; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27389 70668/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_45.c Buffer_Overflow_Indexes 126 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_45_goodB2GData; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27390 70669/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_51.c Buffer_Overflow_Indexes 193 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_51b_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27391 70669/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_51.c Buffer_Overflow_Indexes 95 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_51b_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_51b_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27392 70670/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52.c Buffer_Overflow_Indexes 193 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52b_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52c_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27393 70670/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52.c Buffer_Overflow_Indexes 95 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52b_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52b_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52c_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_52c_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27394 70671/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53.c Buffer_Overflow_Indexes 193 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53b_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53c_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53d_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27395 70671/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53.c Buffer_Overflow_Indexes 95 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53b_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53b_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53c_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53c_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53d_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_53d_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27396 70672/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54.c Buffer_Overflow_Indexes 193 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54b_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54c_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54d_badSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54e_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27397 70672/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54.c Buffer_Overflow_Indexes 95 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54b_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54b_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54c_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54c_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54d_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54d_goodB2GSink(int data) CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54e_goodB2GSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_54e_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27398 70673/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_61.c Buffer_Overflow_Indexes 367 int data; data = -1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_61b_badSource(data); int CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_61b_badSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27399 70673/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_61.c Buffer_Overflow_Indexes 279 int data; data = -1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_61b_goodB2GSource(data); int CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_61b_goodB2GSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27400 70675/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_63.c Buffer_Overflow_Indexes 193 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_63b_badSink(int * dataPtr) int data = *dataPtr; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27401 70675/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_63.c Buffer_Overflow_Indexes 95 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_63b_goodB2GSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_63b_goodB2GSink(int * dataPtr) int data = *dataPtr; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27402 70676/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_64.c Buffer_Overflow_Indexes 193 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27403 70676/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_64.c Buffer_Overflow_Indexes 95 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_64b_goodB2GSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_64b_goodB2GSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27404 70677/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_65.c Buffer_Overflow_Indexes 97 int data; void (*funcPtr) (int) = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_65b_badSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_65b_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27405 70677/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_65.c Buffer_Overflow_Indexes 198 int data; void (*funcPtr) (int) = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_65b_goodB2GSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_65b_goodB2GSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27406 70678/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_66.c Buffer_Overflow_Indexes 199 int data; int dataArray[5]; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_66b_badSink(int dataArray[]) int data = dataArray[2]; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27407 70678/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_66.c Buffer_Overflow_Indexes 96 int data; int dataArray[5]; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_66b_goodB2GSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_66b_goodB2GSink(int dataArray[]) int data = dataArray[2]; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27408 70679/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67.c Buffer_Overflow_Indexes 203 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67_structType int structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67_structType; int data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67_structType myStruct; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67_structType myStruct) int data = myStruct.structFirst; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27409 70679/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67.c Buffer_Overflow_Indexes 101 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67_structType int structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67_structType; int data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67_structType myStruct; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67b_goodB2GSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67b_goodB2GSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_67_structType myStruct) int data = myStruct.structFirst; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27410 70680/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68.c Buffer_Overflow_Indexes 99 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68b_badSink() int data = CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68_badData; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 27411 70680/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68.c Buffer_Overflow_Indexes 199 int data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68_goodB2GData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68b_goodB2GSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_listen_socket_68b_goodB2GSink() int data = CWE122_Heap_B ased_Buffer_Overflow__c_CWE129_listen_socket_68_goodB2GData; int * buffer = (int *)malloc(10 * sizeof(int)); for (i = 0; i < 10; i++) buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 27412 70736/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_01.c Buffer_Overflow_cpycat 37 #define SRC_STRING "AAAAAAAAAA" data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27413 70736/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_01.c Buffer_Overflow_cpycat 57 #define SRC_STRING "AAAAAAAAAA" data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27414 70737/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_02.c Buffer_Overflow_cpycat 40 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(1) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27415 70737/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_02.c Buffer_Overflow_cpycat 68 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(0) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27416 70737/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_02.c Buffer_Overflow_cpycat 87 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(1) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27417 70738/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_03.c Buffer_Overflow_cpycat 40 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(5==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27418 70738/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_03.c Buffer_Overflow_cpycat 68 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(5!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27419 70738/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_03.c Buffer_Overflow_cpycat 87 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(5==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27420 70739/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_04.c Buffer_Overflow_cpycat 75 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27421 70739/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_04.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27422 70739/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_04.c Buffer_Overflow_cpycat 47 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27423 70740/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_05.c Buffer_Overflow_cpycat 75 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27424 70740/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_05.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27425 70740/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_05.c Buffer_Overflow_cpycat 47 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27426 70741/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_06.c Buffer_Overflow_cpycat 72 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27427 70741/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_06.c Buffer_Overflow_cpycat 91 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27428 70741/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_06.c Buffer_Overflow_cpycat 44 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27429 70742/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_07.c Buffer_Overflow_cpycat 74 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27430 70742/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_07.c Buffer_Overflow_cpycat 93 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; data = NULL; if(staticFive!=5){} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27431 70742/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_07.c Buffer_Overflow_cpycat 46 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27432 70743/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_08.c Buffer_Overflow_cpycat 82 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27433 70743/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_08.c Buffer_Overflow_cpycat 101 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27434 70743/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_08.c Buffer_Overflow_cpycat 54 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27435 70744/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_09.c Buffer_Overflow_cpycat 40 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27436 70744/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_09.c Buffer_Overflow_cpycat 68 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27437 70744/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_09.c Buffer_Overflow_cpycat 87 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27438 70745/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_10.c Buffer_Overflow_cpycat 40 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27439 70745/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_10.c Buffer_Overflow_cpycat 68 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27440 70745/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_10.c Buffer_Overflow_cpycat 87 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27441 70746/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_11.c Buffer_Overflow_cpycat 40 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27442 70746/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_11.c Buffer_Overflow_cpycat 68 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; char * data; data = NULL; if(globalReturnsFalse()) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27443 70746/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_11.c Buffer_Overflow_cpycat 87 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27444 70748/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_13.c Buffer_Overflow_cpycat 40 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27445 70748/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_13.c Buffer_Overflow_cpycat 68 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27446 70748/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_13.c Buffer_Overflow_cpycat 87 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27447 70749/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_14.c Buffer_Overflow_cpycat 40 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5; char * data; data = NULL; if(globalFive==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27448 70749/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_14.c Buffer_Overflow_cpycat 68 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5; char * data; data = NULL; if(globalFive!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27449 70749/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_14.c Buffer_Overflow_cpycat 87 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5; char * data; data = NULL; if(globalFive==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27450 70750/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_15.c Buffer_Overflow_cpycat 75 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; switch(6) case 6: data = (char *)malloc(10*sizeof(char)); break; default: break; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27451 70750/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_15.c Buffer_Overflow_cpycat 46 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; switch(5) case 6: break; default: data = (char *)malloc((10+1)*sizeof(char)); break; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27452 70750/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_15.c Buffer_Overflow_cpycat 100 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; switch(6) case 6: data = (char *)malloc((10+1)*sizeof(char)); break; default: break; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27453 70751/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_16.c Buffer_Overflow_cpycat 65 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; while(1) data = (char *)malloc(10*sizeof(char)); break; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27454 70751/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_16.c Buffer_Overflow_cpycat 41 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; while(1) data = (char *)malloc((10+1)*sizeof(char)); break; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27455 70752/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_17.c Buffer_Overflow_cpycat 41 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; for(i = 0; i < 1; i++) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27456 70752/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_17.c Buffer_Overflow_cpycat 65 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; for(h = 0; h < 1; h++) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27457 70753/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_18.c Buffer_Overflow_cpycat 61 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goto source; source: data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27458 70753/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_18.c Buffer_Overflow_cpycat 39 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goto source; source: data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27459 70754/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_21.c Buffer_Overflow_cpycat 50 #define SRC_STRING "AAAAAAAAAA" data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27460 70754/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_21.c Buffer_Overflow_cpycat 115 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) {} else data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27461 70754/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_21.c Buffer_Overflow_cpycat 89 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27462 70755/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22.c Buffer_Overflow_cpycat 42 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_badSource(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_badGlobal) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27463 70755/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22.c Buffer_Overflow_cpycat 86 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B1Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B1Global) {} else data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27464 70755/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22.c Buffer_Overflow_cpycat 68 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B2Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_22_goodG2B2Global) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27465 70756/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_31.c Buffer_Overflow_cpycat 40 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27466 70756/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_31.c Buffer_Overflow_cpycat 64 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27467 70757/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_32.c Buffer_Overflow_cpycat 74 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(10*sizeof(char)); *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27468 70757/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_32.c Buffer_Overflow_cpycat 45 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc((10+1)*sizeof(char)); *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27469 70759/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_34.c Buffer_Overflow_cpycat 72 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_34_unionType myUnion; data = NULL; data = (char *)malloc(10*sizeof(char)); myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27470 70759/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_34.c Buffer_Overflow_cpycat 47 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_34_unionType myUnion; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27471 70760/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_41.c Buffer_Overflow_cpycat 33 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_41_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27472 70760/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_41.c Buffer_Overflow_cpycat 57 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_41_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27473 70761/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_42.c Buffer_Overflow_cpycat 69 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27474 70761/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_42.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27475 70763/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_44.c Buffer_Overflow_cpycat 61 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = (char *)malloc(10*sizeof(char)); funcPtr(data); static void badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27476 70763/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_44.c Buffer_Overflow_cpycat 33 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); funcPtr(data); static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27477 70764/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_45.c Buffer_Overflow_cpycat 37 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_45_badData; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27478 70764/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_45.c Buffer_Overflow_cpycat 64 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_45_goodG2BData; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27479 70765/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_51.c Buffer_Overflow_cpycat 143 #define SRC_STRING "AAAAAAAAAA" data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_51b_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27480 70765/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_51.c Buffer_Overflow_cpycat 127 #define SRC_STRING "AAAAAAAAAA" data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_51b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27481 70766/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52.c Buffer_Overflow_cpycat 197 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52c_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27482 70766/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52.c Buffer_Overflow_cpycat 181 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_52c_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27483 70767/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53.c Buffer_Overflow_cpycat 235 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53d_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27484 70767/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53.c Buffer_Overflow_cpycat 251 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_53d_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27485 70768/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54.c Buffer_Overflow_cpycat 305 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54e_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27486 70768/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54.c Buffer_Overflow_cpycat 289 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_54e_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27487 70769/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_61.c Buffer_Overflow_cpycat 60 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_61b_badSource(char * data) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27488 70769/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_61.c Buffer_Overflow_cpycat 39 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_61b_goodG2BSource(char * data) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27489 70771/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_63.c Buffer_Overflow_cpycat 125 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27490 70771/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_63.c Buffer_Overflow_cpycat 142 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27491 70772/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_64.c Buffer_Overflow_cpycat 128 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27492 70772/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_64.c Buffer_Overflow_cpycat 148 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27493 70773/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_65.c Buffer_Overflow_cpycat 144 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_65b_badSink; data = NULL; data = (char *)malloc(10*sizeof(char)); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_65b_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27494 70773/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_65.c Buffer_Overflow_cpycat 128 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_65b_goodG2BSink; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_65b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27495 70774/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_66.c Buffer_Overflow_cpycat 131 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; data = NULL; data = (char *)malloc(10*sizeof(char)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27496 70774/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_66.c Buffer_Overflow_cpycat 148 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27497 70775/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67.c Buffer_Overflow_cpycat 139 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67_structType myStruct; data = NULL; data = (char *)malloc(10*sizeof(char)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27498 70775/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67.c Buffer_Overflow_cpycat 156 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67_structType myStruct; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27499 70776/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68.c Buffer_Overflow_cpycat 136 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68_badData; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 27500 70776/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68.c Buffer_Overflow_cpycat 153 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_cpy_68_goodG2BData; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 27501 70832/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_01.c String_Termination_Error 38 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27502 70832/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_01.c String_Termination_Error 59 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27503 70833/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_02.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(1) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27504 70833/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_02.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(0) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27505 70833/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_02.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(1) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27506 70834/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_03.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(5==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27507 70834/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_03.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(5!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27508 70834/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_03.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(5==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27509 70835/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_04.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27510 70835/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_04.c String_Termination_Error 48 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27511 70835/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_04.c String_Termination_Error 77 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27512 70836/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_05.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27513 70836/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_05.c String_Termination_Error 48 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27514 70836/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_05.c String_Termination_Error 77 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27515 70837/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_06.c String_Termination_Error 94 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27516 70837/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_06.c String_Termination_Error 45 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27517 70837/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_06.c String_Termination_Error 74 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27518 70838/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_07.c String_Termination_Error 96 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27519 70838/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_07.c String_Termination_Error 47 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; data = NULL; if(staticFive!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27520 70838/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_07.c String_Termination_Error 76 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27521 70839/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_08.c String_Termination_Error 104 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27522 70839/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_08.c String_Termination_Error 55 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27523 70839/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_08.c String_Termination_Error 84 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27524 70840/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_09.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27525 70840/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_09.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27526 70840/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_09.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27527 70841/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_10.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27528 70841/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_10.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27529 70841/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_10.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27530 70842/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_11.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27531 70842/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_11.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; char * data; data = NULL; if(globalReturnsFalse()) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27532 70842/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_11.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27533 70844/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_13.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27534 70844/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_13.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27535 70844/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_13.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27536 70845/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_14.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5; char * data; data = NULL; if(globalFive==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27537 70845/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_14.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5; char * data; data = NULL; if(globalFive!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27538 70845/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_14.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5; char * data; data = NULL; if(globalFive==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27539 70846/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_15.c String_Termination_Error 77 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; switch(6) case 6: data = (char *)malloc(10*sizeof(char)); break; default: break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27540 70846/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_15.c String_Termination_Error 103 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; switch(5) case 6: break; default: data = (char *)malloc((10+1)*sizeof(char)); break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27541 70846/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_15.c String_Termination_Error 47 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; switch(6) case 6: data = (char *)malloc((10+1)*sizeof(char)); break; default: break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27542 70847/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_16.c String_Termination_Error 67 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; while(1) data = (char *)malloc(10*sizeof(char)); break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27543 70847/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_16.c String_Termination_Error 42 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; while(1) data = (char *)malloc((10+1)*sizeof(char)); break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27544 70848/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_17.c String_Termination_Error 67 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; for(i = 0; i < 1; i++) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27545 70848/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_17.c String_Termination_Error 42 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; for(h = 0; h < 1; h++) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27546 70849/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_18.c String_Termination_Error 40 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goto source; source: data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27547 70849/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_18.c String_Termination_Error 63 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goto source; source: data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27548 70850/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_21.c String_Termination_Error 118 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27549 70850/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_21.c String_Termination_Error 91 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) {} else data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27550 70850/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_21.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27551 70851/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22.c String_Termination_Error 89 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_badSource(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_badGlobal) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27552 70851/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B1Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B1Global) {} else data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27553 70851/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22.c String_Termination_Error 43 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B2Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_22_goodG2B2Global) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27554 70852/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_31.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27555 70852/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_31.c String_Termination_Error 66 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27556 70853/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_32.c String_Termination_Error 46 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(10*sizeof(char)); *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27557 70853/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_32.c String_Termination_Error 76 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc((10+1)*sizeof(char)); *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27558 70855/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_34.c String_Termination_Error 48 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_34_unionType myUnion; data = NULL; data = (char *)malloc(10*sizeof(char)); myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27559 70855/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_34.c String_Termination_Error 74 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_34_unionType myUnion; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27560 70856/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_41.c String_Termination_Error 59 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_41_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27561 70856/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_41.c String_Termination_Error 34 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_41_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27562 70857/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_42.c String_Termination_Error 71 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27563 70857/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_42.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27564 70859/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_44.c String_Termination_Error 34 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = (char *)malloc(10*sizeof(char)); funcPtr(data); static void badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27565 70859/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_44.c String_Termination_Error 63 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); funcPtr(data); static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27566 70860/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_45.c String_Termination_Error 38 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_45_badData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27567 70860/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_45.c String_Termination_Error 66 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_45_goodG2BData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27568 70861/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_51.c String_Termination_Error 145 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_51b_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27569 70861/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_51.c String_Termination_Error 128 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_51b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27570 70862/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52.c String_Termination_Error 182 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52c_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27571 70862/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52.c String_Termination_Error 199 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_52c_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27572 70863/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53.c String_Termination_Error 253 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53d_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27573 70863/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53.c String_Termination_Error 236 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_53d_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27574 70864/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54.c String_Termination_Error 307 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54e_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27575 70864/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54.c String_Termination_Error 290 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_54e_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27576 70865/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_61.c String_Termination_Error 62 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_61b_badSource(char * data) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27577 70865/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_61.c String_Termination_Error 40 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_61b_goodG2BSource(char * data) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27578 70867/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_63.c String_Termination_Error 126 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27579 70867/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_63.c String_Termination_Error 144 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27580 70868/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_64.c String_Termination_Error 129 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27581 70868/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_64.c String_Termination_Error 150 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27582 70869/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_65.c String_Termination_Error 129 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_65b_badSink; data = NULL; data = (char *)malloc(10*sizeof(char)); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_65b_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27583 70869/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_65.c String_Termination_Error 146 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_65b_goodG2BSink; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_65b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27584 70870/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_66.c String_Termination_Error 150 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; data = NULL; data = (char *)malloc(10*sizeof(char)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27585 70870/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_66.c String_Termination_Error 132 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27586 70871/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67.c String_Termination_Error 158 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67_structType myStruct; data = NULL; data = (char *)malloc(10*sizeof(char)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27587 70871/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67.c String_Termination_Error 140 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67_structType myStruct; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27588 70872/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68.c String_Termination_Error 137 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68_badData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27589 70872/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68.c String_Termination_Error 155 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memcpy_68_goodG2BData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27590 70880/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_01.c String_Termination_Error 59 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27591 70880/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_01.c String_Termination_Error 38 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27592 70881/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_02.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(1) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27593 70881/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_02.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(0) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27594 70881/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_02.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(1) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27595 70882/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_03.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(5==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27596 70882/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_03.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(5!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27597 70882/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_03.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(5==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27598 70883/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_04.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27599 70883/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_04.c String_Termination_Error 48 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27600 70883/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_04.c String_Termination_Error 77 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27601 70884/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_05.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27602 70884/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_05.c String_Termination_Error 48 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27603 70884/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_05.c String_Termination_Error 77 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27604 70885/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_06.c String_Termination_Error 74 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27605 70885/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_06.c String_Termination_Error 45 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27606 70885/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_06.c String_Termination_Error 94 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27607 70886/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_07.c String_Termination_Error 76 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27608 70886/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_07.c String_Termination_Error 47 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; data = NULL; if(staticFive!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27609 70886/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_07.c String_Termination_Error 96 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27610 70887/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_08.c String_Termination_Error 84 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27611 70887/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_08.c String_Termination_Error 55 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27612 70887/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_08.c String_Termination_Error 104 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27613 70888/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_09.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27614 70888/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_09.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27615 70888/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_09.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27616 70889/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_10.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27617 70889/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_10.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27618 70889/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_10.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27619 70890/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_11.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27620 70890/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_11.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsFalse()) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27621 70890/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_11.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27622 70892/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_13.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27623 70892/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_13.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27624 70892/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_13.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27625 70893/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_14.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; data = NULL; if(globalFive==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27626 70893/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_14.c String_Termination_Error 90 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; data = NULL; if(globalFive!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27627 70893/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_14.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; data = NULL; if(globalFive==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27628 70894/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_15.c String_Termination_Error 103 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; switch(6) case 6: data = (char *)malloc(10*sizeof(char)); break; default: break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27629 70894/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_15.c String_Termination_Error 47 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; switch(5) case 6: break; default: data = (char *)malloc((10+1)*sizeof(char)); break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27630 70894/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_15.c String_Termination_Error 77 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; switch(6) case 6: data = (char *)malloc((10+1)*sizeof(char)); break; default: break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27631 70895/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_16.c String_Termination_Error 67 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; while(1) data = (char *)malloc(10*sizeof(char)); break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27632 70895/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_16.c String_Termination_Error 42 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; while(1) data = (char *)malloc((10+1)*sizeof(char)); break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27633 70896/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_17.c String_Termination_Error 67 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; for(i = 0; i < 1; i++) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27634 70896/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_17.c String_Termination_Error 42 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; for(h = 0; h < 1; h++) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27635 70897/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_18.c String_Termination_Error 63 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goto source; source: data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27636 70897/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_18.c String_Termination_Error 40 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goto source; source: data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27637 70898/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_21.c String_Termination_Error 91 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27638 70898/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_21.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) {} else data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27639 70898/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_21.c String_Termination_Error 118 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27640 70899/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22.c String_Termination_Error 43 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_badSource(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_badGlobal) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27641 70899/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22.c String_Termination_Error 89 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B1Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B1Global) {} else data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27642 70899/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22.c String_Termination_Error 70 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B2Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_22_goodG2B2Global) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27643 70900/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_31.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27644 70900/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_31.c String_Termination_Error 66 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27645 70901/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_32.c String_Termination_Error 76 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(10*sizeof(char)); *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27646 70901/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_32.c String_Termination_Error 46 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc((10+1)*sizeof(char)); *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27647 70903/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_34.c String_Termination_Error 74 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_34_unionType myUnion; data = NULL; data = (char *)malloc(10*sizeof(char)); myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27648 70903/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_34.c String_Termination_Error 48 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_34_unionType myUnion; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27649 70904/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_41.c String_Termination_Error 59 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_41_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27650 70904/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_41.c String_Termination_Error 34 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_41_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27651 70905/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_42.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27652 70905/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_42.c String_Termination_Error 71 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27653 70907/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_44.c String_Termination_Error 34 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = (char *)malloc(10*sizeof(char)); funcPtr(data); static void badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27654 70907/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_44.c String_Termination_Error 63 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); funcPtr(data); static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27655 70908/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_45.c String_Termination_Error 66 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_45_badData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27656 70908/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_45.c String_Termination_Error 38 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_45_goodG2BData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27657 70909/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_51.c String_Termination_Error 145 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_51b_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27658 70909/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_51.c String_Termination_Error 128 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_51b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27659 70910/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52.c String_Termination_Error 199 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52c_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27660 70910/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52.c String_Termination_Error 182 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_52c_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27661 70911/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53.c String_Termination_Error 236 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53d_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27662 70911/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53.c String_Termination_Error 253 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_53d_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27663 70912/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54.c String_Termination_Error 307 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54e_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27664 70912/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54.c String_Termination_Error 290 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_54e_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27665 70913/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_61.c String_Termination_Error 40 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_61b_badSource(char * data) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27666 70913/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_61.c String_Termination_Error 62 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_61b_goodG2BSource(char * data) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27667 70915/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_63.c String_Termination_Error 144 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27668 70915/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_63.c String_Termination_Error 126 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27669 70916/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_64.c String_Termination_Error 129 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27670 70916/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_64.c String_Termination_Error 150 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27671 70917/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_65.c String_Termination_Error 129 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_65b_badSink; data = NULL; data = (char *)malloc(10*sizeof(char)); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_65b_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27672 70917/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_65.c String_Termination_Error 146 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_65b_goodG2BSink; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_65b_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27673 70918/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_66.c String_Termination_Error 132 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; data = NULL; data = (char *)malloc(10*sizeof(char)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27674 70918/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_66.c String_Termination_Error 150 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27675 70919/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67.c String_Termination_Error 140 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67_structType myStruct; data = NULL; data = (char *)malloc(10*sizeof(char)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27676 70919/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67.c String_Termination_Error 158 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67_structType myStruct; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27677 70920/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68.c String_Termination_Error 155 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68_badData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 27678 70920/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68.c String_Termination_Error 137 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_memmove_68_goodG2BData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 27679 70928/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_01.c Buffer_Overflow_LowBound 38 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27680 70928/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_01.c Buffer_Overflow_LowBound 59 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27681 70929/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_02.c Off_by_One_Error_in_Methods 70 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(1) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27682 70929/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_02.c Off_by_One_Error_in_Methods 41 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(0) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27683 70929/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_02.c Off_by_One_Error_in_Methods 90 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(1) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27684 70930/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_03.c Buffer_Overflow_LowBound 70 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(5==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27685 70930/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_03.c Buffer_Overflow_LowBound 41 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(5!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27686 70930/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_03.c Buffer_Overflow_LowBound 90 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; if(5==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27687 70931/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_04.c Buffer_Overflow_LowBound 48 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27688 70931/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_04.c Buffer_Overflow_LowBound 77 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27689 70931/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_04.c Buffer_Overflow_LowBound 97 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27690 70932/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_05.c Buffer_Overflow_LowBound 48 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27691 70932/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_05.c Buffer_Overflow_LowBound 77 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27692 70932/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_05.c Buffer_Overflow_LowBound 97 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27693 70933/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_06.c Buffer_Overflow_LowBound 45 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27694 70933/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_06.c Buffer_Overflow_LowBound 94 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27695 70933/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_06.c Buffer_Overflow_LowBound 74 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27696 70934/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_07.c Buffer_Overflow_LowBound 47 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27697 70934/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_07.c Buffer_Overflow_LowBound 96 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; data = NULL; if(staticFive!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27698 70934/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_07.c Buffer_Overflow_LowBound 76 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27699 70935/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_08.c Buffer_Overflow_LowBound 55 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27700 70935/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_08.c Buffer_Overflow_LowBound 104 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27701 70935/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_08.c Buffer_Overflow_LowBound 84 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27702 70936/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_09.c Buffer_Overflow_LowBound 70 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27703 70936/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_09.c Buffer_Overflow_LowBound 41 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27704 70936/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_09.c Buffer_Overflow_LowBound 90 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27705 70937/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_10.c Buffer_Overflow_LowBound 70 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27706 70937/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_10.c Buffer_Overflow_LowBound 41 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27707 70937/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_10.c Buffer_Overflow_LowBound 90 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27708 70938/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_11.c Buffer_Overflow_LowBound 70 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27709 70938/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_11.c Buffer_Overflow_LowBound 41 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsFalse()) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27710 70938/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_11.c Buffer_Overflow_LowBound 90 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27711 70940/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_13.c Buffer_Overflow_LowBound 70 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27712 70940/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_13.c Buffer_Overflow_LowBound 41 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27713 70940/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_13.c Buffer_Overflow_LowBound 90 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27714 70941/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_14.c Buffer_Overflow_LowBound 70 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; data = NULL; if(globalFive==5) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27715 70941/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_14.c Buffer_Overflow_LowBound 41 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; data = NULL; if(globalFive!=5) {} else data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27716 70941/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_14.c Buffer_Overflow_LowBound 90 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; data = NULL; if(globalFive==5) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27717 70942/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_15.c Buffer_Overflow_LowBound 47 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; switch(6) case 6: data = (char *)malloc(10*sizeof(char)); break; default: break; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27718 70942/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_15.c Buffer_Overflow_LowBound 103 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; switch(5) case 6: break; default: data = (char *)malloc((10+1)*sizeof(char)); break; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27719 70942/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_15.c Buffer_Overflow_LowBound 77 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; switch(6) case 6: data = (char *)malloc((10+1)*sizeof(char)); break; default: break; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27720 70943/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_16.c Buffer_Overflow_LowBound 67 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; while(1) data = (char *)malloc(10*sizeof(char)); break; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27721 70943/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_16.c Buffer_Overflow_LowBound 42 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; while(1) data = (char *)malloc((10+1)*sizeof(char)); break; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27722 70944/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_17.c Buffer_Overflow_LowBound 67 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; for(i = 0; i < 1; i++) data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27723 70944/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_17.c Buffer_Overflow_LowBound 42 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; for(h = 0; h < 1; h++) data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27724 70945/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_18.c Buffer_Overflow_LowBound 63 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goto source; source: data = (char *)malloc(10*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27725 70945/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_18.c Buffer_Overflow_LowBound 40 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goto source; source: data = (char *)malloc((10+1)*sizeof(char)); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27726 70946/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_21.c Buffer_Overflow_LowBound 91 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27727 70946/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_21.c Buffer_Overflow_LowBound 118 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) {} else data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27728 70946/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_21.c Buffer_Overflow_LowBound 51 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27729 70947/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22.c Buffer_Overflow_LowBound 70 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_badSource(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_badGlobal) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27730 70947/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22.c Buffer_Overflow_LowBound 43 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B1Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B1Global) {} else data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27731 70947/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22.c Buffer_Overflow_LowBound 89 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B2Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_22_goodG2B2Global) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27732 70948/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_31.c Buffer_Overflow_LowBound 41 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27733 70948/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_31.c Buffer_Overflow_LowBound 66 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27734 70949/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_32.c Buffer_Overflow_LowBound 46 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(10*sizeof(char)); *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27735 70949/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_32.c Buffer_Overflow_LowBound 76 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc((10+1)*sizeof(char)); *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27736 70951/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_34.c Buffer_Overflow_LowBound 48 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_34_unionType myUnion; data = NULL; data = (char *)malloc(10*sizeof(char)); myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27737 70951/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_34.c Buffer_Overflow_LowBound 74 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_34_unionType myUnion; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27738 70952/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_41.c Buffer_Overflow_LowBound 59 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_41_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27739 70952/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_41.c Buffer_Overflow_LowBound 34 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_41_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27740 70953/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_42.c Buffer_Overflow_LowBound 71 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27741 70953/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_42.c Buffer_Overflow_LowBound 44 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27742 70955/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_44.c Buffer_Overflow_LowBound 63 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = (char *)malloc(10*sizeof(char)); funcPtr(data); static void badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27743 70955/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_44.c Buffer_Overflow_LowBound 34 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); funcPtr(data); static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27744 70956/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_45.c Buffer_Overflow_LowBound 38 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_45_badData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27745 70956/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_45.c Buffer_Overflow_LowBound 66 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_45_goodG2BData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27746 70957/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_51.c Buffer_Overflow_LowBound 128 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_51b_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27747 70957/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_51.c Buffer_Overflow_LowBound 145 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_51b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27748 70958/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52.c Buffer_Overflow_LowBound 199 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52c_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27749 70958/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52.c Buffer_Overflow_LowBound 182 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_52c_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27750 70959/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53.c Buffer_Overflow_LowBound 253 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53d_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27751 70959/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53.c Buffer_Overflow_LowBound 236 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_53d_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27752 70960/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54.c Buffer_Overflow_LowBound 307 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54e_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27753 70960/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54.c Buffer_Overflow_LowBound 290 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_54e_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27754 70961/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_61.c Buffer_Overflow_LowBound 40 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_61b_badSource(char * data) data = (char *)malloc(10*sizeof(char)); return data; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27755 70961/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_61.c Buffer_Overflow_LowBound 62 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_61b_goodG2BSource(char * data) data = (char *)malloc((10+1)*sizeof(char)); return data; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27756 70963/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_63.c Buffer_Overflow_LowBound 144 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27757 70963/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_63.c Buffer_Overflow_LowBound 126 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27758 70964/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_64.c Buffer_Overflow_LowBound 150 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27759 70964/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_64.c Buffer_Overflow_LowBound 129 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27760 70965/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_65.c Buffer_Overflow_LowBound 129 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_65b_badSink; data = NULL; data = (char *)malloc(10*sizeof(char)); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_65b_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27761 70965/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_65.c Buffer_Overflow_LowBound 146 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_65b_goodG2BSink; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_65b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27762 70966/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_66.c Buffer_Overflow_LowBound 150 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; data = NULL; data = (char *)malloc(10*sizeof(char)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27763 70966/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_66.c Buffer_Overflow_LowBound 132 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27764 70967/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67.c Buffer_Overflow_LowBound 158 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67_structType myStruct; data = NULL; data = (char *)malloc(10*sizeof(char)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27765 70967/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67.c Buffer_Overflow_LowBound 140 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67_structType myStruct; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27766 70968/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68.c Buffer_Overflow_LowBound 155 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68_badData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27767 70968/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68.c Buffer_Overflow_LowBound 137 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_68_goodG2BData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27768 70972/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_81_bad.cpp Buffer_Overflow_LowBound 30 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); const CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_81_bad::action(char * data) const char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 27769 70972/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 30 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); const CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_81_goodG2B::action(char * data) const char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 27770 70973/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_82_bad.cpp Buffer_Overflow_LowBound 30 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc(10*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_82_bad::action(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); delete baseObject; 1 --------------------------------- 27771 70973/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 30 #define SRC_STRING "AAAAAAAAAA" char * data; data = NULL; data = (char *)malloc((10+1)*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_char_ncpy_82_goodG2B::action(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); delete baseObject; 0 --------------------------------- 27772 70976/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_01.c Buffer_Overflow_cpycat 57 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27773 70976/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_01.c Buffer_Overflow_cpycat 37 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27774 70977/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_02.c Buffer_Overflow_cpycat 68 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; if(1) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27775 70977/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_02.c Buffer_Overflow_cpycat 87 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; if(1) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27776 70977/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_02.c Buffer_Overflow_cpycat 40 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; if(0) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27777 70978/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_03.c Buffer_Overflow_cpycat 68 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; if(5==5) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27778 70978/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_03.c Buffer_Overflow_cpycat 87 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; if(5!=5) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27779 70978/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_03.c Buffer_Overflow_cpycat 40 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; if(5==5) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27780 70979/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_04.c Buffer_Overflow_cpycat 94 #define SRC_STRING L"AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27781 70979/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_04.c Buffer_Overflow_cpycat 47 #define SRC_STRING L"AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_FALSE) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27782 70979/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_04.c Buffer_Overflow_cpycat 75 #define SRC_STRING L"AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27783 70980/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_05.c Buffer_Overflow_cpycat 94 #define SRC_STRING L"AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27784 70980/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_05.c Buffer_Overflow_cpycat 47 #define SRC_STRING L"AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticFalse) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27785 70980/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_05.c Buffer_Overflow_cpycat 75 #define SRC_STRING L"AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27786 70981/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_06.c Buffer_Overflow_cpycat 44 #define SRC_STRING L"AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27787 70981/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_06.c Buffer_Overflow_cpycat 72 #define SRC_STRING L"AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE!=5) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27788 70981/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_06.c Buffer_Overflow_cpycat 91 #define SRC_STRING L"AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27789 70982/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_07.c Buffer_Overflow_cpycat 46 #define SRC_STRING L"AAAAAAAAAA" static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27790 70982/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_07.c Buffer_Overflow_cpycat 74 #define SRC_STRING L"AAAAAAAAAA" static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive!=5) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27791 70982/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_07.c Buffer_Overflow_cpycat 93 #define SRC_STRING L"AAAAAAAAAA" static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27792 70983/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_08.c Buffer_Overflow_cpycat 54 #define SRC_STRING L"AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27793 70983/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_08.c Buffer_Overflow_cpycat 82 #define SRC_STRING L"AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsFalse()) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27794 70983/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_08.c Buffer_Overflow_cpycat 101 #define SRC_STRING L"AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27795 70984/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_09.c Buffer_Overflow_cpycat 68 #define SRC_STRING L"AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27796 70984/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_09.c Buffer_Overflow_cpycat 87 #define SRC_STRING L"AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = NULL; if(GLOBAL_CONST_FALSE) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27797 70984/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_09.c Buffer_Overflow_cpycat 40 #define SRC_STRING L"AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27798 70985/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_10.c Buffer_Overflow_cpycat 68 #define SRC_STRING L"AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27799 70985/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_10.c Buffer_Overflow_cpycat 87 #define SRC_STRING L"AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalFalse) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27800 70985/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_10.c Buffer_Overflow_cpycat 40 #define SRC_STRING L"AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27801 70986/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_11.c Buffer_Overflow_cpycat 68 #define SRC_STRING L"AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27802 70986/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_11.c Buffer_Overflow_cpycat 87 #define SRC_STRING L"AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsFalse()) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27803 70986/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_11.c Buffer_Overflow_cpycat 40 #define SRC_STRING L"AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27804 70988/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_13.c Buffer_Overflow_cpycat 68 #define SRC_STRING L"AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27805 70988/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_13.c Buffer_Overflow_cpycat 87 #define SRC_STRING L"AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27806 70988/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_13.c Buffer_Overflow_cpycat 40 #define SRC_STRING L"AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27807 70989/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_14.c Buffer_Overflow_cpycat 68 #define SRC_STRING L"AAAAAAAAAA" int globalFive = 5;  wchar_t * data; data = NULL; if(globalFive==5) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27808 70989/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_14.c Buffer_Overflow_cpycat 87 #define SRC_STRING L"AAAAAAAAAA" int globalFive = 5;  wchar_t * data; data = NULL; if(globalFive!=5) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27809 70989/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_14.c Buffer_Overflow_cpycat 40 #define SRC_STRING L"AAAAAAAAAA" int globalFive = 5;  wchar_t * data; data = NULL; if(globalFive==5) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27810 70990/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_15.c Buffer_Overflow_cpycat 46 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; switch(6) case 6: data = (wchar_t *)malloc(10*sizeof(wchar_t)); break; default: break; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27811 70990/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_15.c Buffer_Overflow_cpycat 100 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; switch(5) case 6: break; default: data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); break; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27812 70990/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_15.c Buffer_Overflow_cpycat 75 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; switch(6) case 6: data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); break; default: break; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27813 70991/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_16.c Buffer_Overflow_cpycat 65 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; while(1) data = (wchar_t *)malloc(10*sizeof(wchar_t)); break; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27814 70991/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_16.c Buffer_Overflow_cpycat 41 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; while(1) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); break; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27815 70992/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_17.c Buffer_Overflow_cpycat 41 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; for(i = 0; i < 1; i++) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27816 70992/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_17.c Buffer_Overflow_cpycat 65 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; for(h = 0; h < 1; h++) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27817 70993/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_18.c Buffer_Overflow_cpycat 39 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; goto source; source: data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27818 70993/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_18.c Buffer_Overflow_cpycat 61 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; goto source; source: data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27819 70994/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_21.c Buffer_Overflow_cpycat 89 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; badStatic = 1; data = badSource(data); static wchar_t * badSource(wchar_t * data) if(badStatic) data = (wchar_t *)malloc(10*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27820 70994/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_21.c Buffer_Overflow_cpycat 50 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Static) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27821 70994/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_21.c Buffer_Overflow_cpycat 115 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Static) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27822 70995/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22.c Buffer_Overflow_cpycat 86 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_badSource(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_badGlobal) data = (wchar_t *)malloc(10*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27823 70995/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22.c Buffer_Overflow_cpycat 68 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_goodG2B1Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_goodG2B1Source(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_goodG2B1Global) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27824 70995/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22.c Buffer_Overflow_cpycat 42 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_goodG2B2Source(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_22_goodG2B2Global) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27825 70996/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_31.c Buffer_Overflow_cpycat 64 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27826 70996/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_31.c Buffer_Overflow_cpycat 40 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27827 70997/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_32.c Buffer_Overflow_cpycat 74 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = (wchar_t *)malloc(10*sizeof(wchar_t)); *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27828 70997/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_32.c Buffer_Overflow_cpycat 45 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27829 70999/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_34.c Buffer_Overflow_cpycat 47 #define SRC_STRING L"AAAAAAAAAA" typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_34_unionType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_34_unionType myUnion; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27830 70999/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_34.c Buffer_Overflow_cpycat 72 #define SRC_STRING L"AAAAAAAAAA" typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_34_unionType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_34_unionType myUnion; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27831 71000/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_41.c Buffer_Overflow_cpycat 33 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_41_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27832 71000/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_41.c Buffer_Overflow_cpycat 57 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_41_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27833 71001/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_42.c Buffer_Overflow_cpycat 69 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = (wchar_t *)malloc(10*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27834 71001/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_42.c Buffer_Overflow_cpycat 43 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27835 71003/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_44.c Buffer_Overflow_cpycat 33 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); funcPtr(data); static void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27836 71003/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_44.c Buffer_Overflow_cpycat 61 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27837 71004/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_45.c Buffer_Overflow_cpycat 37 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_45_badData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27838 71004/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_45.c Buffer_Overflow_cpycat 64 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_45_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27839 71005/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_51.c Buffer_Overflow_cpycat 127 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_51b_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27840 71005/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_51.c Buffer_Overflow_cpycat 143 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_51b_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27841 71006/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52.c Buffer_Overflow_cpycat 197 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52c_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27842 71006/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52.c Buffer_Overflow_cpycat 181 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_52c_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27843 71007/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53.c Buffer_Overflow_cpycat 251 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53d_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27844 71007/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53.c Buffer_Overflow_cpycat 235 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_53d_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27845 71008/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54.c Buffer_Overflow_cpycat 305 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54d_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54e_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27846 71008/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54.c Buffer_Overflow_cpycat 289 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_54e_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27847 71009/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_61.c Buffer_Overflow_cpycat 60 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_61b_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_61b_badSource(wchar_t * data) data = (wchar_t *)malloc(10*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27848 71009/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_61.c Buffer_Overflow_cpycat 39 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_61b_goodG2BSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_61b_goodG2BSource(wchar_t * data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27849 71011/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_63.c Buffer_Overflow_cpycat 142 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27850 71011/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_63.c Buffer_Overflow_cpycat 125 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27851 71012/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_64.c Buffer_Overflow_cpycat 148 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27852 71012/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_64.c Buffer_Overflow_cpycat 128 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27853 71013/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_65.c Buffer_Overflow_cpycat 128 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_65b_badSink; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_65b_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27854 71013/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_65.c Buffer_Overflow_cpycat 144 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_65b_goodG2BSink; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_65b_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27855 71014/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_66.c Buffer_Overflow_cpycat 148 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27856 71014/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_66.c Buffer_Overflow_cpycat 131 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27857 71015/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67.c Buffer_Overflow_cpycat 156 #define SRC_STRING L"AAAAAAAAAA" typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67_structType wchar_t * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67_structType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67_structType myStruct; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27858 71015/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67.c Buffer_Overflow_cpycat 139 #define SRC_STRING L"AAAAAAAAAA" typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67_structType wchar_t * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67_structType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67_structType myStruct; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27859 71016/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68.c Buffer_Overflow_cpycat 153 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68b_badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68_badData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27860 71016/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68.c Buffer_Overflow_cpycat 136 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68b_goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_68_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27861 71020/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); const CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_81_bad::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 27862 71020/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); const CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_81_goodG2B::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 27863 71021/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_82_bad.cpp Buffer_Overflow_cpycat 29 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_82_bad::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); delete baseObject; 1 --------------------------------- 27864 71021/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 29 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_cpy_82_goodG2B::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); delete baseObject; 0 --------------------------------- 27865 71168/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_01.c Buffer_Overflow_LowBound 38 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27866 71168/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_01.c Buffer_Overflow_LowBound 59 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27867 71169/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_02.c Buffer_Overflow_LowBound 70 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; if(1) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27868 71169/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_02.c Buffer_Overflow_LowBound 41 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; if(0) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27869 71169/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_02.c Buffer_Overflow_LowBound 90 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; if(1) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27870 71170/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_03.c Buffer_Overflow_LowBound 70 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; if(5==5) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27871 71170/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_03.c Buffer_Overflow_LowBound 41 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; if(5!=5) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27872 71170/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_03.c Buffer_Overflow_LowBound 90 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; if(5==5) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27873 71171/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_04.c Buffer_Overflow_LowBound 48 #define SRC_STRING L"AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27874 71171/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_04.c Buffer_Overflow_LowBound 77 #define SRC_STRING L"AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_FALSE) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27875 71171/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_04.c Buffer_Overflow_LowBound 97 #define SRC_STRING L"AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27876 71172/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_05.c Buffer_Overflow_LowBound 48 #define SRC_STRING L"AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27877 71172/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_05.c Buffer_Overflow_LowBound 77 #define SRC_STRING L"AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticFalse) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27878 71172/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_05.c Buffer_Overflow_LowBound 97 #define SRC_STRING L"AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27879 71173/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_06.c Buffer_Overflow_LowBound 45 #define SRC_STRING L"AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27880 71173/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_06.c Buffer_Overflow_LowBound 94 #define SRC_STRING L"AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE!=5) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27881 71173/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_06.c Buffer_Overflow_LowBound 74 #define SRC_STRING L"AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27882 71174/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_07.c Buffer_Overflow_LowBound 47 #define SRC_STRING L"AAAAAAAAAA" static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27883 71174/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_07.c Buffer_Overflow_LowBound 96 #define SRC_STRING L"AAAAAAAAAA" static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive!=5) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27884 71174/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_07.c Buffer_Overflow_LowBound 76 #define SRC_STRING L"AAAAAAAAAA" static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27885 71175/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 55 #define SRC_STRING L"AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27886 71175/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 104 #define SRC_STRING L"AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsFalse()) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27887 71175/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 84 #define SRC_STRING L"AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27888 71176/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 70 #define SRC_STRING L"AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27889 71176/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 41 #define SRC_STRING L"AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_FALSE) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27890 71176/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 90 #define SRC_STRING L"AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27891 71177/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 70 #define SRC_STRING L"AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27892 71177/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 41 #define SRC_STRING L"AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalFalse) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27893 71177/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 90 #define SRC_STRING L"AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27894 71178/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 70 #define SRC_STRING L"AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27895 71178/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 41 #define SRC_STRING L"AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsFalse()) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27896 71178/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 90 #define SRC_STRING L"AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27897 71180/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 70 #define SRC_STRING L"AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27898 71180/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 41 #define SRC_STRING L"AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27899 71180/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 90 #define SRC_STRING L"AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27900 71181/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 70 #define SRC_STRING L"AAAAAAAAAA" int globalFive = 5; wchar_t * data; data = NULL; if(globalFive==5) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27901 71181/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 41 #define SRC_STRING L"AAAAAAAAAA" int globalFive = 5; wchar_t * data; data = NULL; if(globalFive!=5) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27902 71181/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 90 #define SRC_STRING L"AAAAAAAAAA" int globalFive = 5; wchar_t * data; data = NULL; if(globalFive==5) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27903 71182/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 47 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; switch(6) case 6: data = (wchar_t *)malloc(10*sizeof(wchar_t)); break; default: break; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27904 71182/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 103 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; switch(5) case 6: break; default: data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); break; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27905 71182/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 77 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; switch(6) case 6: data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); break; default: break; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27906 71183/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_16.c Buffer_Overflow_LowBound 67 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; while(1) data = (wchar_t *)malloc(10*sizeof(wchar_t)); break; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27907 71183/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_16.c Buffer_Overflow_LowBound 42 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; while(1) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); break; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27908 71184/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_17.c Buffer_Overflow_LowBound 67 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; for(i = 0; i < 1; i++) data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27909 71184/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_17.c Buffer_Overflow_LowBound 42 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; for(h = 0; h < 1; h++) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27910 71185/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_18.c Buffer_Overflow_LowBound 63 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; goto source; source: data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27911 71185/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_18.c Buffer_Overflow_LowBound 40 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; goto source; source: data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27912 71186/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 91 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; badStatic = 1; data = badSource(data); static wchar_t * badSource(wchar_t * data) if(badStatic) data = (wchar_t *)malloc(10*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27913 71186/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 118 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Static) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27914 71186/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 51 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Static) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27915 71187/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 70 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_badSource(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_badGlobal) data = (wchar_t *)malloc(10*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27916 71187/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 43 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_goodG2B1Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_goodG2B1Source(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_goodG2B1Global) {} else data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27917 71187/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 89 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_goodG2B2Source(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_22_goodG2B2Global) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27918 71188/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_31.c Buffer_Overflow_LowBound 41 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27919 71188/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_31.c Buffer_Overflow_LowBound 66 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27920 71189/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_32.c Buffer_Overflow_LowBound 46 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = (wchar_t *)malloc(10*sizeof(wchar_t)); *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27921 71189/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_32.c Buffer_Overflow_LowBound 76 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27922 71191/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_34.c Buffer_Overflow_LowBound 48 #define SRC_STRING L"AAAAAAAAAA" typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_34_unionType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_34_unionType myUnion; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27923 71191/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_34.c Buffer_Overflow_LowBound 74 #define SRC_STRING L"AAAAAAAAAA" typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_34_unionType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_34_unionType myUnion; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27924 71192/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_41.c Buffer_Overflow_LowBound 59 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_41_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27925 71192/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_41.c Buffer_Overflow_LowBound 34 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_41_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27926 71193/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_42.c Buffer_Overflow_LowBound 71 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = (wchar_t *)malloc(10*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27927 71193/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_42.c Buffer_Overflow_LowBound 44 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27928 71195/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_44.c Buffer_Overflow_LowBound 63 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); funcPtr(data); static void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27929 71195/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_44.c Buffer_Overflow_LowBound 34 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27930 71196/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_45.c Buffer_Overflow_LowBound 38 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_45_badData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27931 71196/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_45.c Buffer_Overflow_LowBound 66 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_45_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27932 71197/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_51.c Buffer_Overflow_LowBound 128 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_51b_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27933 71197/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_51.c Buffer_Overflow_LowBound 145 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27934 71198/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52.c Buffer_Overflow_LowBound 199 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52c_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27935 71198/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52.c Buffer_Overflow_LowBound 182 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27936 71199/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53.c Buffer_Overflow_LowBound 253 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53d_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27937 71199/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53.c Buffer_Overflow_LowBound 236 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27938 71200/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54.c Buffer_Overflow_LowBound 307 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54d_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54e_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27939 71200/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54.c Buffer_Overflow_LowBound 290 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27940 71201/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_61.c Buffer_Overflow_LowBound 40 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_61b_badSource(data); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27941 71201/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_61.c Buffer_Overflow_LowBound 62 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_61b_goodG2BSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_61b_goodG2BSource(wchar_t * data) data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27942 71203/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_63.c Buffer_Overflow_LowBound 144 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27943 71203/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_63.c Buffer_Overflow_LowBound 126 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27944 71204/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_64.c Buffer_Overflow_LowBound 150 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27945 71204/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_64.c Buffer_Overflow_LowBound 129 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27946 71205/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_65.c Buffer_Overflow_LowBound 129 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_65b_badSink; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_65b_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27947 71205/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_65.c Buffer_Overflow_LowBound 146 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_65b_goodG2BSink; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27948 71206/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_66.c Buffer_Overflow_LowBound 150 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27949 71206/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_66.c Buffer_Overflow_LowBound 132 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27950 71207/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67.c Buffer_Overflow_LowBound 158 #define SRC_STRING L"AAAAAAAAAA" typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67_structType wchar_t * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67_structType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67_structType myStruct; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27951 71207/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67.c Buffer_Overflow_LowBound 140 #define SRC_STRING L"AAAAAAAAAA" typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67_structType wchar_t * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67_structType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67_structType myStruct; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27952 71208/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68.c Buffer_Overflow_LowBound 155 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68b_badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68_badData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27953 71208/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68.c Buffer_Overflow_LowBound 137 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68b_goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_68_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27954 71212/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_81_bad.cpp Buffer_Overflow_LowBound 30 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); const CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_81_bad::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 27955 71212/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 30 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); const CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 27956 71213/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_82_bad.cpp Buffer_Overflow_LowBound 30 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc(10*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_82_bad::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); delete baseObject; 1 --------------------------------- 27957 71213/CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 30 #define SRC_STRING L"AAAAAAAAAA" wchar_t * data; data = NULL; data = (wchar_t *)malloc((10+1)*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE193_wchar_t_ncpy_82_goodG2B::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); delete baseObject; 0 --------------------------------- 27958 71360/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_01.c Buffer_Overflow_LowBound 35 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27959 71360/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_01.c Buffer_Overflow_LowBound 58 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27960 71361/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_02.c Buffer_Overflow_LowBound 38 char * data; data = NULL; if(1) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27961 71361/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_02.c Buffer_Overflow_LowBound 91 char * data; data = NULL; if(0) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27962 71361/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_02.c Buffer_Overflow_LowBound 69 char * data; data = NULL; if(1) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27963 71362/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_03.c Buffer_Overflow_LowBound 38 char * data; data = NULL; if(5==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27964 71362/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_03.c Buffer_Overflow_LowBound 91 char * data; data = NULL; if(5!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27965 71362/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_03.c Buffer_Overflow_LowBound 69 char * data; data = NULL; if(5==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27966 71363/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_04.c Buffer_Overflow_LowBound 45 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27967 71363/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_04.c Buffer_Overflow_LowBound 98 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27968 71363/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_04.c Buffer_Overflow_LowBound 76 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27969 71364/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_05.c Buffer_Overflow_LowBound 45 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27970 71364/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_05.c Buffer_Overflow_LowBound 98 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27971 71364/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_05.c Buffer_Overflow_LowBound 76 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27972 71365/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_06.c Buffer_Overflow_LowBound 73 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27973 71365/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_06.c Buffer_Overflow_LowBound 42 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27974 71365/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_06.c Buffer_Overflow_LowBound 95 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27975 71366/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_07.c Buffer_Overflow_LowBound 97 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27976 71366/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_07.c Buffer_Overflow_LowBound 75 static int staticFive = 5; char * data; data = NULL; if(staticFive!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27977 71366/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_07.c Buffer_Overflow_LowBound 44 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27978 71367/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_08.c Buffer_Overflow_LowBound 105 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27979 71367/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_08.c Buffer_Overflow_LowBound 83 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27980 71367/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_08.c Buffer_Overflow_LowBound 52 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27981 71368/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_09.c Buffer_Overflow_LowBound 38 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27982 71368/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_09.c Buffer_Overflow_LowBound 91 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27983 71368/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_09.c Buffer_Overflow_LowBound 69 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27984 71369/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_10.c Buffer_Overflow_LowBound 38 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27985 71369/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_10.c Buffer_Overflow_LowBound 91 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27986 71369/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_10.c Buffer_Overflow_LowBound 69 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27987 71370/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_11.c Buffer_Overflow_LowBound 38 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27988 71370/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_11.c Buffer_Overflow_LowBound 91 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsFalse()) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27989 71370/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_11.c Buffer_Overflow_LowBound 69 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27990 71372/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_13.c Buffer_Overflow_LowBound 38 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27991 71372/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_13.c Buffer_Overflow_LowBound 91 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27992 71372/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_13.c Buffer_Overflow_LowBound 69 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27993 71373/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_14.c Buffer_Overflow_LowBound 38 int globalFive = 5;  char * data; data = NULL; if(globalFive==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27994 71373/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_14.c Buffer_Overflow_LowBound 91 int globalFive = 5;  char * data; data = NULL; if(globalFive!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27995 71373/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_14.c Buffer_Overflow_LowBound 69 int globalFive = 5;  char * data; data = NULL; if(globalFive==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27996 71374/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_15.c Buffer_Overflow_LowBound 104 char * data; data = NULL; switch(6) case 6: data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 27997 71374/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_15.c Buffer_Overflow_LowBound 44 char * data; data = NULL; switch(5) case 6: break; default: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27998 71374/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_15.c Buffer_Overflow_LowBound 76 char * data; data = NULL; switch(6) case 6: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 27999 71375/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_16.c Buffer_Overflow_LowBound 66 char * data; data = NULL; while(1) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28000 71375/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_16.c Buffer_Overflow_LowBound 39 char * data; data = NULL; while(1) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28001 71376/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_17.c Buffer_Overflow_LowBound 66 char * data; data = NULL; for(i = 0; i < 1; i++) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28002 71376/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_17.c Buffer_Overflow_LowBound 39 char * data; data = NULL; for(h = 0; h < 1; h++) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28003 71377/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_18.c Buffer_Overflow_LowBound 62 char * data; data = NULL; goto source; source: data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28004 71377/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_18.c Buffer_Overflow_LowBound 37 char * data; data = NULL; goto source; source: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28005 71378/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_21.c Buffer_Overflow_LowBound 48 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28006 71378/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_21.c Buffer_Overflow_LowBound 90 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28007 71378/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_21.c Buffer_Overflow_LowBound 119 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28008 71379/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22.c Buffer_Overflow_LowBound 67 char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_badSource(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_badGlobal) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28009 71379/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22.c Buffer_Overflow_LowBound 39 char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_goodG2B1Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_goodG2B1Global) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28010 71379/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22.c Buffer_Overflow_LowBound 87 char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_goodG2B2Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_22_goodG2B2Global) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28011 71380/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_31.c Buffer_Overflow_LowBound 65 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28012 71380/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_31.c Buffer_Overflow_LowBound 38 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28013 71381/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_32.c Buffer_Overflow_LowBound 43 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28014 71381/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_32.c Buffer_Overflow_LowBound 75 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28015 71383/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_34.c Buffer_Overflow_LowBound 73 typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_34_unionType myUnion; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28016 71383/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_34.c Buffer_Overflow_LowBound 45 typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_34_unionType myUnion; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28017 71384/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_41.c Buffer_Overflow_LowBound 57 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28018 71384/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_41.c Buffer_Overflow_LowBound 30 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28019 71385/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_42.c Buffer_Overflow_LowBound 41 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28020 71385/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_42.c Buffer_Overflow_LowBound 70 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28021 71387/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_44.c Buffer_Overflow_LowBound 30 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28022 71387/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_44.c Buffer_Overflow_LowBound 61 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28023 71388/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_45.c Buffer_Overflow_LowBound 64 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28024 71388/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_45.c Buffer_Overflow_LowBound 34 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28025 71389/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_51.c Buffer_Overflow_LowBound 121 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28026 71389/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_51.c Buffer_Overflow_LowBound 139 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28027 71390/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52.c Buffer_Overflow_LowBound 170 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28028 71390/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52.c Buffer_Overflow_LowBound 188 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28029 71391/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53.c Buffer_Overflow_LowBound 219 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28030 71391/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53.c Buffer_Overflow_LowBound 237 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28031 71392/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54.c Buffer_Overflow_LowBound 286 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28032 71392/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54.c Buffer_Overflow_LowBound 268 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28033 71393/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_61.c Buffer_Overflow_LowBound 59 char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_61b_goodG2BSource(char * data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28034 71393/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_61.c Buffer_Overflow_LowBound 36 char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_61b_goodG2BSource(data); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28035 71395/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_63.c Buffer_Overflow_LowBound 138 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28036 71395/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_63.c Buffer_Overflow_LowBound 119 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28037 71396/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_64.c Buffer_Overflow_LowBound 144 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28038 71396/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_64.c Buffer_Overflow_LowBound 122 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28039 71397/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_65.c Buffer_Overflow_LowBound 122 char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_65b_badSink; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28040 71397/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_65.c Buffer_Overflow_LowBound 140 char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_65b_goodG2BSink; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28041 71398/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_66.c Buffer_Overflow_LowBound 144 char * data; char * dataArray[5]; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28042 71398/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_66.c Buffer_Overflow_LowBound 125 char * data; char * dataArray[5]; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28043 71399/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67.c Buffer_Overflow_LowBound 152 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67_structType myStruct; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28044 71399/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67.c Buffer_Overflow_LowBound 133 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67_structType myStruct; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28045 71400/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68.c Buffer_Overflow_LowBound 149 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28046 71400/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68.c Buffer_Overflow_LowBound 130 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28047 71404/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 28048 71404/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_81_bad.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 28049 71405/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_82_bad.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); delete baseObject; 1 --------------------------------- 28050 71405/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_82_bad.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncat_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); delete baseObject; 0 --------------------------------- 28051 71408/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_01.c Buffer_Overflow_LowBound 59 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28052 71408/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_01.c Buffer_Overflow_LowBound 35 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28053 71409/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_02.c Buffer_Overflow_LowBound 93 char * data; data = NULL; if(1) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28054 71409/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_02.c Buffer_Overflow_LowBound 38 char * data; data = NULL; if(0) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28055 71409/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_02.c Buffer_Overflow_LowBound 70 char * data; data = NULL; if(1) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28056 71410/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_03.c Buffer_Overflow_LowBound 93 char * data; data = NULL; if(5==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28057 71410/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_03.c Buffer_Overflow_LowBound 38 char * data; data = NULL; if(5!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28058 71410/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_03.c Buffer_Overflow_LowBound 70 char * data; data = NULL; if(5==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28059 71411/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_04.c Buffer_Overflow_LowBound 45 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28060 71411/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_04.c Buffer_Overflow_LowBound 77 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28061 71411/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_04.c Buffer_Overflow_LowBound 100 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28062 71412/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_05.c Buffer_Overflow_LowBound 45 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28063 71412/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_05.c Buffer_Overflow_LowBound 77 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28064 71412/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_05.c Buffer_Overflow_LowBound 100 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28065 71413/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_06.c Buffer_Overflow_LowBound 42 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28066 71413/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_06.c Buffer_Overflow_LowBound 97 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28067 71413/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_06.c Buffer_Overflow_LowBound 74 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28068 71414/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_07.c Buffer_Overflow_LowBound 99 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28069 71414/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_07.c Buffer_Overflow_LowBound 76 static int staticFive = 5; char * data; data = NULL; if(staticFive!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28070 71414/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_07.c Buffer_Overflow_LowBound 44 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28071 71415/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_08.c Buffer_Overflow_LowBound 107 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28072 71415/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_08.c Buffer_Overflow_LowBound 84 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28073 71415/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_08.c Buffer_Overflow_LowBound 52 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28074 71416/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_09.c Buffer_Overflow_LowBound 93 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28075 71416/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_09.c Buffer_Overflow_LowBound 38 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28076 71416/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_09.c Buffer_Overflow_LowBound 70 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28077 71417/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_10.c Buffer_Overflow_LowBound 93 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28078 71417/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_10.c Buffer_Overflow_LowBound 38 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28079 71417/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_10.c Buffer_Overflow_LowBound 70 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28080 71418/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_11.c Buffer_Overflow_LowBound 93 char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28081 71418/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_11.c Buffer_Overflow_LowBound 38 char * data; data = NULL; if(globalReturnsFalse()) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28082 71418/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_11.c Buffer_Overflow_LowBound 70 char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28083 71420/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_13.c Buffer_Overflow_LowBound 93 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28084 71420/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_13.c Buffer_Overflow_LowBound 38 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5){} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28085 71420/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_13.c Buffer_Overflow_LowBound 70 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28086 71421/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_14.c Buffer_Overflow_LowBound 93 int globalFive = 5;  char * data; data = NULL; if(globalFive==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28087 71421/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_14.c Buffer_Overflow_LowBound 38 int globalFive = 5;  char * data; data = NULL; if(globalFive!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28088 71421/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_14.c Buffer_Overflow_LowBound 70 int globalFive = 5;  char * data; data = NULL; if(globalFive==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28089 71422/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_15.c Buffer_Overflow_LowBound 77 char * data; data = NULL; switch(6) case 6: data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28090 71422/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_15.c Buffer_Overflow_LowBound 44 char * data; data = NULL; switch(5) case 6: break; default: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28091 71422/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_15.c Buffer_Overflow_LowBound 106 char * data; data = NULL; switch(6) case 6: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28092 71423/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_16.c Buffer_Overflow_LowBound 39 char * data; data = NULL; while(1) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28093 71423/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_16.c Buffer_Overflow_LowBound 67 char * data; data = NULL; while(1) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28094 71424/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_17.c Buffer_Overflow_LowBound 39 char * data; data = NULL; for(i = 0; i < 1; i++) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28095 71424/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_17.c Buffer_Overflow_LowBound 67 char * data; data = NULL; for(h = 0; h < 1; h++) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28096 71425/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_18.c Buffer_Overflow_LowBound 63 char * data; data = NULL; goto source; source: data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28097 71425/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_18.c Buffer_Overflow_LowBound 37 char * data; data = NULL; goto source; source: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28098 71426/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_21.c Buffer_Overflow_LowBound 48 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28099 71426/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_21.c Buffer_Overflow_LowBound 91 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28100 71426/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_21.c Buffer_Overflow_LowBound 121 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28101 71427/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22.c Buffer_Overflow_LowBound 39 char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22_badSource(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22_badGlobal) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28102 71427/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22.c Buffer_Overflow_LowBound 68 char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22_goodG2B1Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22_goodG2B1Global) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28103 71427/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22.c Buffer_Overflow_LowBound 89 char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22_goodG2B2Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_22_goodG2B2Global) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28104 71428/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_31.c Buffer_Overflow_LowBound 38 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28105 71428/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_31.c Buffer_Overflow_LowBound 66 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28106 71429/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_32.c Buffer_Overflow_LowBound 43 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28107 71429/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_32.c Buffer_Overflow_LowBound 76 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28108 71431/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_34.c Buffer_Overflow_LowBound 45 typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_34_unionType myUnion; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28109 71431/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_34.c Buffer_Overflow_LowBound 74 typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_34_unionType myUnion; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28110 71432/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_41.c Buffer_Overflow_LowBound 30 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28111 71432/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_41.c Buffer_Overflow_LowBound 58 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28112 71433/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_42.c Buffer_Overflow_LowBound 71 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28113 71433/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_42.c Buffer_Overflow_LowBound 41 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28114 71435/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_44.c Buffer_Overflow_LowBound 62 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28115 71435/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_44.c Buffer_Overflow_LowBound 30 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28116 71436/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_45.c Buffer_Overflow_LowBound 65 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28117 71436/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_45.c Buffer_Overflow_LowBound 34 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28118 71437/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_51.c Buffer_Overflow_LowBound 140 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28119 71437/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_51.c Buffer_Overflow_LowBound 121 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28120 71438/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_52.c Buffer_Overflow_LowBound 189 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28121 71438/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_52.c Buffer_Overflow_LowBound 170 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28122 71439/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53.c Buffer_Overflow_LowBound 238 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28123 71439/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53.c Buffer_Overflow_LowBound 219 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28124 71440/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54.c Buffer_Overflow_LowBound 287 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28125 71440/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54.c Buffer_Overflow_LowBound 268 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28126 71441/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_61.c Buffer_Overflow_LowBound 60 char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_61b_badSource(char * data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 28127 71441/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_61.c Buffer_Overflow_LowBound 36 char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_61b_goodG2BSource(char * data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 28128 71443/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_63.c Buffer_Overflow_LowBound 119 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28129 71443/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_63.c Buffer_Overflow_LowBound 139 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28130 71444/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_64.c Buffer_Overflow_LowBound 145 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28131 71444/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_64.c Buffer_Overflow_LowBound 122 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28132 71445/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_65.c Buffer_Overflow_LowBound 141 char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_65b_badSink; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28133 71445/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_65.c Buffer_Overflow_LowBound 122 char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_65b_goodG2BSink; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28134 71446/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_66.c Buffer_Overflow_LowBound 125 char * data; char * dataArray[5]; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28135 71446/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_66.c Buffer_Overflow_LowBound 145 char * data; char * dataArray[5]; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28136 71447/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67.c Buffer_Overflow_LowBound 133 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67_structType myStruct; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28137 71447/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67.c Buffer_Overflow_LowBound 153 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67_structType myStruct; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28138 71448/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_68.c Buffer_Overflow_LowBound 150 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28139 71448/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_68.c Buffer_Overflow_LowBound 130 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28140 71452/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 1 --------------------------------- 28141 71452/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; 0 --------------------------------- 28142 71453/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; delete baseObject; 1 --------------------------------- 28143 71453/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_ncpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; delete baseObject; 0 --------------------------------- 28144 71456/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_01.c Format_String_Attack 64 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28145 71456/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_01.c Format_String_Attack 41 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28146 71457/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_02.c Format_String_Attack 75 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; if(1) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28147 71457/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_02.c Format_String_Attack 44 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; if(0) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28148 71457/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_02.c Format_String_Attack 97 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; if(1) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28149 71458/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_03.c Format_String_Attack 75 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; if(5==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28150 71458/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_03.c Format_String_Attack 44 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; if(5!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28151 71458/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_03.c Format_String_Attack 97 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; if(5==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28152 71459/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_04.c Format_String_Attack 104 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28153 71459/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_04.c Format_String_Attack 51 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28154 71459/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_04.c Format_String_Attack 82 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28155 71460/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_05.c Format_String_Attack 104 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28156 71460/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_05.c Format_String_Attack 51 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28157 71460/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_05.c Format_String_Attack 82 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28158 71461/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_06.c Format_String_Attack 79 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28159 71461/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_06.c Format_String_Attack 48 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28160 71461/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_06.c Format_String_Attack 101 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28161 71462/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_07.c Format_String_Attack 103 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28162 71462/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_07.c Format_String_Attack 81 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticFive = 5; char * data; data = NULL; if(staticFive!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28163 71462/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_07.c Format_String_Attack 50 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28164 71463/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_08.c Format_String_Attack 111 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28165 71463/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_08.c Format_String_Attack 89 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28166 71463/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_08.c Format_String_Attack 58 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28167 71464/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_09.c Format_String_Attack 75 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28168 71464/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_09.c Format_String_Attack 44 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28169 71464/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_09.c Format_String_Attack 97 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28170 71465/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_10.c Format_String_Attack 75 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28171 71465/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_10.c Format_String_Attack 44 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28172 71465/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_10.c Format_String_Attack 97 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28173 71466/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_11.c Format_String_Attack 75 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28174 71466/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_11.c Format_String_Attack 44 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsFalse()) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28175 71466/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_11.c Format_String_Attack 97 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28176 71468/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_13.c Format_String_Attack 75 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28177 71468/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_13.c Format_String_Attack 44 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28178 71468/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_13.c Format_String_Attack 97 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28179 71469/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_14.c Format_String_Attack 75 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalFive = 5; char * data; data = NULL; if(globalFive==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28180 71469/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_14.c Format_String_Attack 44 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalFive = 5; char * data; data = NULL; if(globalFive!=5) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28181 71469/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_14.c Format_String_Attack 97 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalFive = 5; char * data; data = NULL; if(globalFive==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28182 71470/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_15.c Format_String_Attack 82 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; switch(6) case 6: data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28183 71470/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_15.c Format_String_Attack 110 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; switch(5) case 6: break; default: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28184 71470/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_15.c Format_String_Attack 50 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; switch(6) case 6: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28185 71471/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_16.c Format_String_Attack 72 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; while(1) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28186 71471/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_16.c Format_String_Attack 45 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; while(1) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28187 71472/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_17.c Format_String_Attack 72 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; for(i = 0; i < 1; i++) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28188 71472/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_17.c Format_String_Attack 45 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; for(h = 0; h < 1; h++) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28189 71473/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_18.c Format_String_Attack 43 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; goto source; source: data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28190 71473/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_18.c Format_String_Attack 68 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; goto source; source: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28191 71474/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_21.c Format_String_Attack 96 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28192 71474/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_21.c Format_String_Attack 125 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28193 71474/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_21.c Format_String_Attack 54 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28194 71475/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22.c Format_String_Attack 45 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_badSource(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_badGlobal) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28195 71475/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22.c Format_String_Attack 93 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_goodG2B1Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_goodG2B1Global) {} else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28196 71475/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22.c Format_String_Attack 73 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_goodG2B2Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_22_goodG2B2Global) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28197 71476/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_31.c Format_String_Attack 71 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28198 71476/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_31.c Format_String_Attack 44 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28199 71477/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_32.c Format_String_Attack 49 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28200 71477/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_32.c Format_String_Attack 81 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28201 71479/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_34.c Format_String_Attack 79 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_34_unionType myUnion; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28202 71479/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_34.c Format_String_Attack 51 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_34_unionType myUnion; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28203 71480/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_41.c Format_String_Attack 63 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28204 71480/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_41.c Format_String_Attack 36 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28205 71481/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_42.c Format_String_Attack 47 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 28206 71481/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_42.c Format_String_Attack 76 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 28207 72378/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_11.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28208 72378/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_11.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28209 72378/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_11.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28210 72379/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_12.c String_Termination_Error 74 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28211 72379/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_12.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28212 72380/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_13.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28213 72380/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_13.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28214 72380/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_13.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28215 72381/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_14.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28216 72381/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_14.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28217 72381/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_14.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28218 72382/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_15.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28219 72382/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_15.c String_Termination_Error 100 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28220 72382/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_15.c String_Termination_Error 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28221 72383/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_16.c String_Termination_Error 37 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28222 72383/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_16.c String_Termination_Error 63 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28223 72384/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_17.c String_Termination_Error 37 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28224 72384/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_17.c String_Termination_Error 63 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28225 72385/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_18.c String_Termination_Error 59 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28226 72385/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_18.c String_Termination_Error 35 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28227 72386/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_21.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28228 72386/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_21.c String_Termination_Error 46 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28229 72386/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_21.c String_Termination_Error 115 data = (char *)malloc(100*sizeof(char)); data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28230 72387/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22.c String_Termination_Error 37 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_badSource(char * data) data[100-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_badSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28231 72387/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22.c String_Termination_Error 83 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_goodG2B2Source(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28232 72387/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22.c String_Termination_Error 64 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_22_goodG2B1Source(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28233 72388/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_31.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28234 72388/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_31.c String_Termination_Error 62 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28235 72389/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_32.c String_Termination_Error 41 char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = (char *)malloc(100*sizeof(char)); char * data = *dataPtr1; data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28236 72389/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_32.c String_Termination_Error 72 char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = (char *)malloc(100*sizeof(char)); char * data = *dataPtr1; data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28237 72391/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_34.c String_Termination_Error 70 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_34_unionType myUnion; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28238 72391/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_34.c String_Termination_Error 43 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_34_unionType myUnion; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28239 72392/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_41.c String_Termination_Error 28 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_41_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28240 72392/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_41.c String_Termination_Error 54 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_41_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28241 72393/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_42.c String_Termination_Error 39 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28242 72393/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_42.c String_Termination_Error 67 data = (char *)malloc(100*sizeof(char)); data = goodG2BSource(data); static char * goodG2BSource(char * data) data[50-1] = '\0'; return data; data = goodG2BSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28243 72395/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_44.c String_Termination_Error 58 void (*funcPtr) (char *) = goodG2BSink; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28244 72395/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_44.c String_Termination_Error 28 void (*funcPtr) (char *) = badSink; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28245 72396/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_45.c String_Termination_Error 61 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_45_goodG2BData; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28246 72396/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_45.c String_Termination_Error 32 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_45_badData; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28247 72397/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_51.c String_Termination_Error 119 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_51b_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28248 72397/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_51.c String_Termination_Error 136 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_51b_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28249 72398/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52.c String_Termination_Error 185 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52c_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28250 72398/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52.c String_Termination_Error 168 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_52c_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28251 72399/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53.c String_Termination_Error 234 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53d_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28252 72399/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53.c String_Termination_Error 217 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_53d_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28253 72400/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54.c String_Termination_Error 266 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54e_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28254 72400/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54.c String_Termination_Error 283 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_54e_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28255 72401/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_61.c String_Termination_Error 34 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_61b_badSource(char * data) data[100-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_61b_badSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28256 72401/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_61.c String_Termination_Error 56 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_61b_goodG2BSource(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_61b_goodG2BSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28257 72403/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_63.c String_Termination_Error 117 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28258 72403/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_63.c String_Termination_Error 135 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28259 72404/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_64.c String_Termination_Error 141 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28260 72404/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_64.c String_Termination_Error 120 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28261 72405/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_65.c String_Termination_Error 137 void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_65b_goodG2BSink; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_65b_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28262 72405/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_65.c String_Termination_Error 120 void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_65b_badSink; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_65b_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28263 72406/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_66.c String_Termination_Error 141 char * dataArray[5]; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28264 72406/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_66.c String_Termination_Error 123 char * dataArray[5]; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28265 72407/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67.c String_Termination_Error 149 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28266 72407/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67.c String_Termination_Error 131 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28267 72408/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68.c String_Termination_Error 146 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68_goodG2BData; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28268 72408/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68.c String_Termination_Error 128 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_68_badData; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28269 72412/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_81_bad.cpp Off_by_One_Error_in_Methods 29 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_81_bad::action(char * data) const char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28270 72412/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_81_goodG2B.cpp String_Termination_Error 29 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_81_goodG2B::action(char * data) const char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28271 72413/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_82_bad.cpp Off_by_One_Error_in_Methods 29 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_82_bad::action(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 28272 72413/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_82_goodG2B.cpp String_Termination_Error 29 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_82_goodG2B::action(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 28273 72416/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_01.c String_Termination_Error 55 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28274 72416/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_01.c String_Termination_Error 33 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28275 72417/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_02.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28276 72417/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_02.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28277 72417/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_02.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28278 72418/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_03.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28279 72418/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_03.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28280 72418/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_03.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28281 72419/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_04.c String_Termination_Error 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28282 72419/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_04.c String_Termination_Error 43 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28283 72419/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_04.c String_Termination_Error 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28284 72420/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_05.c String_Termination_Error 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28285 72420/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_05.c String_Termination_Error 43 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28286 72420/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_05.c String_Termination_Error 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28287 72421/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_06.c String_Termination_Error 40 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28288 72421/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_06.c String_Termination_Error 70 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28289 72421/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_06.c String_Termination_Error 91 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28290 72422/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_07.c String_Termination_Error 72 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28291 72422/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_07.c String_Termination_Error 93 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28292 72422/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_07.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28293 72423/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_08.c String_Termination_Error 80 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28294 72423/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_08.c String_Termination_Error 101 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28295 72423/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_08.c String_Termination_Error 50 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28296 72424/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_09.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28297 72424/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_09.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28298 72424/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_09.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28299 72425/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_10.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28300 72425/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_10.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28301 72425/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_10.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28302 72426/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_11.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28303 72426/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_11.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28304 72426/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_11.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28305 72427/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_12.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28306 72427/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_12.c String_Termination_Error 74 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28307 72428/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_13.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28308 72428/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_13.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28309 72428/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_13.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28310 72429/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_14.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28311 72429/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_14.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28312 72429/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_14.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28313 72430/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_15.c String_Termination_Error 100 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28314 72430/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_15.c String_Termination_Error 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28315 72430/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_15.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28316 72431/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_16.c String_Termination_Error 63 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28317 72431/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_16.c String_Termination_Error 37 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28318 72432/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_17.c String_Termination_Error 63 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28319 72432/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_17.c String_Termination_Error 37 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28320 72433/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_18.c String_Termination_Error 59 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28321 72433/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_18.c String_Termination_Error 35 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28322 72434/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_21.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28323 72434/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_21.c String_Termination_Error 46 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28324 72434/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_21.c String_Termination_Error 115 data = (char *)malloc(100*sizeof(char)); data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28325 72435/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22.c String_Termination_Error 64 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_goodG2B1Source(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28326 72435/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22.c String_Termination_Error 37 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_badSource(char * data) data[100-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_badSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28327 72435/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22.c String_Termination_Error 83 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_22_goodG2B2Source(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28328 72436/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_31.c String_Termination_Error 62 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28329 72436/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_31.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28330 72437/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_32.c String_Termination_Error 72 char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = (char *)malloc(100*sizeof(char)); char * data = *dataPtr1; data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28331 72437/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_32.c String_Termination_Error 41 char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = (char *)malloc(100*sizeof(char)); char * data = *dataPtr1; data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28332 72439/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_34.c String_Termination_Error 70 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_34_unionType myUnion; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28333 72439/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_34.c String_Termination_Error 43 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_34_unionType myUnion; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28334 72440/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_41.c String_Termination_Error 54 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_41_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28335 72440/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_41.c String_Termination_Error 28 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_41_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28336 72441/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_42.c String_Termination_Error 39 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28337 72441/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_42.c String_Termination_Error 67 data = (char *)malloc(100*sizeof(char)); data = goodG2BSource(data); static char * goodG2BSource(char * data) data[50-1] = '\0'; return data; data = goodG2BSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28338 72443/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_44.c String_Termination_Error 28 void (*funcPtr) (char *) = badSink; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28339 72443/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_44.c String_Termination_Error 58 void (*funcPtr) (char *) = goodG2BSink; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28340 72444/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_45.c String_Termination_Error 32 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_45_badData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28341 72444/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_45.c String_Termination_Error 61 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_45_goodG2BData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28342 72445/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_51.c String_Termination_Error 119 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_51b_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28343 72445/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_51.c String_Termination_Error 136 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_51b_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28344 72446/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52.c String_Termination_Error 168 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52c_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28345 72446/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52.c String_Termination_Error 185 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_52c_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28346 72447/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53.c String_Termination_Error 217 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53d_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28347 72447/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53.c String_Termination_Error 234 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_53d_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28348 72448/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54.c String_Termination_Error 283 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54e_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28349 72448/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54.c String_Termination_Error 266 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_54e_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28350 72449/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_61.c String_Termination_Error 56 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_61b_goodG2BSource(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_61b_goodG2BSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28351 72449/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_61.c String_Termination_Error 34 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_61b_badSource(char * data) data[100-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_61b_badSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28352 72451/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_63.c String_Termination_Error 135 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28353 72451/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_63.c String_Termination_Error 117 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28354 72452/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_64.c String_Termination_Error 120 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28355 72452/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_64.c String_Termination_Error 141 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28356 72453/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_65.c String_Termination_Error 120 void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_65b_badSink; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_65b_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28357 72453/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_65.c String_Termination_Error 137 void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_65b_goodG2BSink; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_65b_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28358 72454/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_66.c String_Termination_Error 141 char * dataArray[5]; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28359 72454/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_66.c String_Termination_Error 123 char * dataArray[5]; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28360 72455/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67.c String_Termination_Error 149 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28361 72455/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67.c String_Termination_Error 131 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28362 72456/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68.c String_Termination_Error 128 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68_badData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28363 72456/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68.c String_Termination_Error 146 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_68_goodG2BData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28364 72460/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 29 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_81_bad::action(char * data) const char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28365 72460/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_81_goodG2B.cpp String_Termination_Error 29 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_81_goodG2B::action(char * data) const char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28366 72461/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 29 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_82_bad::action(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 28367 72461/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_82_goodG2B.cpp String_Termination_Error 29 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncpy_82_goodG2B::action(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 28368 72464/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_01.c String_Termination_Error 39 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 28369 72464/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_01.c String_Termination_Error 60 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 28370 72465/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_02.c String_Termination_Error 91 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 28371 72465/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_02.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 28372 72465/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_snprintf_02.c String_Termination_Error 71 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 28373 72711/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 80 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(staticReturnsTrue()) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28374 72711/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 101 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(staticReturnsFalse()){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28375 72711/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 50 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(staticReturnsTrue()) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28376 72712/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 87 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(GLOBAL_CONST_TRUE) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28377 72712/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 36 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(GLOBAL_CONST_FALSE){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28378 72712/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 66 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(GLOBAL_CONST_TRUE) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28379 72713/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 87 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalTrue) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28380 72713/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 36 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalFalse){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28381 72713/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 66 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalTrue) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28382 72714/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 87 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalReturnsTrue()) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28383 72714/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 36 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalReturnsFalse()){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28384 72714/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 66 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalReturnsTrue()) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28385 72716/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 87 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28386 72716/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 36 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE!=5){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28387 72716/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 66 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28388 72717/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 87 int globalFive = 5; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalFive==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28389 72717/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 36 int globalFive = 5; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalFive!=5){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28390 72717/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 66 int globalFive = 5; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalFive==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28391 72718/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 100 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); switch(6) case 6: wmemset(data, L'A', 100-1); data[100-1] = L'\0'; break; default: break; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28392 72718/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 73 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); switch(5) case 6: break; default: wmemset(data, L'A', 50-1); data[50-1] = L'\0'; break; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28393 72718/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 42 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); switch(6) case 6: wmemset(data, L'A', 50-1); data[50-1] = L'\0'; break; default: break; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28394 72719/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_16.c Buffer_Overflow_LowBound 63 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); while(1) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; break; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28395 72719/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_16.c Buffer_Overflow_LowBound 37 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); while(1) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; break; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28396 72720/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_17.c Buffer_Overflow_LowBound 63 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); for(i = 0; i < 1; i++) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28397 72720/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_17.c Buffer_Overflow_LowBound 37 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); for(h = 0; h < 1; h++) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28398 72721/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_18.c Buffer_Overflow_LowBound 59 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); goto source; source: wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28399 72721/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_18.c Buffer_Overflow_LowBound 35 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); goto source; source: wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28400 72722/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 87 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); badStatic = 1; data = badSource(data); static wchar_t * badSource(wchar_t * data) if(badStatic) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28401 72722/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 46 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2B1Static = 0; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Static){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28402 72722/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 115 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2B2Static = 1; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Static) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28403 72723/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 64 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_badSource(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_badGlobal) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28404 72723/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 37 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B1Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B1Source(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B1Global){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28405 72723/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 83 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B2Source(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_22_goodG2B2Global) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28406 72724/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_31.c Buffer_Overflow_LowBound 62 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28407 72724/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_31.c Buffer_Overflow_LowBound 36 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28408 72725/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_32.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wchar_t * data = *dataPtr1; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28409 72725/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_32.c Buffer_Overflow_LowBound 41 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wchar_t * data = *dataPtr1; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28410 72727/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_34.c Buffer_Overflow_LowBound 70 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_34_unionType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_34_unionType myUnion; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28411 72727/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_34.c Buffer_Overflow_LowBound 43 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_34_unionType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_34_unionType myUnion; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28412 72728/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_41.c Buffer_Overflow_LowBound 54 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_41_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28413 72728/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_41.c Buffer_Overflow_LowBound 28 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_41_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28414 72729/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_42.c Buffer_Overflow_LowBound 39 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28415 72729/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_42.c Buffer_Overflow_LowBound 67 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28416 72731/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_44.c Buffer_Overflow_LowBound 28 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28417 72731/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_44.c Buffer_Overflow_LowBound 58 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28418 72732/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_45.c Buffer_Overflow_LowBound 32 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_45_badData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28419 72732/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_45.c Buffer_Overflow_LowBound 61 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_45_goodG2BData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28420 72733/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_51.c Buffer_Overflow_LowBound 119 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_51b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28421 72733/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_51.c Buffer_Overflow_LowBound 136 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28422 72734/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52.c Buffer_Overflow_LowBound 168 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52c_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28423 72734/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52.c Buffer_Overflow_LowBound 185 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28424 72735/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53.c Buffer_Overflow_LowBound 217 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53d_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28425 72735/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53.c Buffer_Overflow_LowBound 234 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28426 72736/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54.c Buffer_Overflow_LowBound 283 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54d_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54e_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28427 72736/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54.c Buffer_Overflow_LowBound 266 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28428 72737/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61.c Buffer_Overflow_LowBound 56 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61b_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61b_badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28429 72737/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61.c Buffer_Overflow_LowBound 34 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61b_goodG2BSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28430 72739/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_63.c Buffer_Overflow_LowBound 135 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28431 72739/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_63.c Buffer_Overflow_LowBound 117 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28432 72740/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_64.c Buffer_Overflow_LowBound 120 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28433 72740/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_64.c Buffer_Overflow_LowBound 141 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28434 72741/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_65.c Buffer_Overflow_LowBound 120 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_65b_badSink; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_65b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28435 72741/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_65.c Buffer_Overflow_LowBound 137 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_65b_goodG2BSink; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28436 72742/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_66.c Buffer_Overflow_LowBound 141 wchar_t * data; wchar_t * dataArray[5]; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28437 72742/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_66.c Buffer_Overflow_LowBound 123 wchar_t * data; wchar_t * dataArray[5]; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28438 72743/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67.c Buffer_Overflow_LowBound 149 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67_structType wchar_t * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67_structType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67_structType myStruct; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28439 72743/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67.c Buffer_Overflow_LowBound 131 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67_structType wchar_t * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67_structType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67_structType myStruct; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28440 72744/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68.c Buffer_Overflow_LowBound 128 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68b_badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68_badData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28441 72744/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68.c Buffer_Overflow_LowBound 146 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68b_goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_68_goodG2BData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28442 72748/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_81_bad.cpp Buffer_Overflow_LowBound 29 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 28443 72748/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 29 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 28444 72749/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_82_bad.cpp Buffer_Overflow_LowBound 29 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); delete baseObject; 1 --------------------------------- 28445 72749/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 29 wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_ncpy_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); delete baseObject; 0 --------------------------------- 28446 72752/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_01.c Format_String_Attack 60 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28447 72752/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_01.c Format_String_Attack 39 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28448 72753/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_02.c Buffer_Overflow_LowBound 71 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(1) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28449 72753/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_02.c Buffer_Overflow_LowBound 42 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(0){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28450 72753/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_02.c Buffer_Overflow_LowBound 91 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(1) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28451 72754/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_03.c Buffer_Overflow_LowBound 71 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(5==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28452 72754/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_03.c Buffer_Overflow_LowBound 42 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(5!=5){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28453 72754/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_03.c Buffer_Overflow_LowBound 91 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(5==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28454 72755/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_04.c Buffer_Overflow_LowBound 78 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(STATIC_CONST_TRUE) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28455 72755/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_04.c Buffer_Overflow_LowBound 49 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(STATIC_CONST_FALSE){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28456 72755/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_04.c Buffer_Overflow_LowBound 98 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(STATIC_CONST_TRUE) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28457 72756/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_05.c Buffer_Overflow_LowBound 78 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(staticTrue) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28458 72756/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_05.c Buffer_Overflow_LowBound 49 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(staticFalse){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28459 72756/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_05.c Buffer_Overflow_LowBound 98 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(staticTrue) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28460 72757/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_06.c Buffer_Overflow_LowBound 46 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(STATIC_CONST_FIVE==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28461 72757/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_06.c Buffer_Overflow_LowBound 95 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(STATIC_CONST_FIVE!=5){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28462 72757/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_06.c Buffer_Overflow_LowBound 75 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(STATIC_CONST_FIVE==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28463 72758/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_07.c Buffer_Overflow_LowBound 97 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static int staticFive = 5; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(staticFive==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28464 72758/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_07.c Buffer_Overflow_LowBound 77 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static int staticFive = 5; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(staticFive!=5){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28465 72758/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_07.c Buffer_Overflow_LowBound 48 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static int staticFive = 5; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(staticFive==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28466 72759/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_08.c Buffer_Overflow_LowBound 105 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(staticReturnsTrue()) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28467 72759/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_08.c Buffer_Overflow_LowBound 85 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(staticReturnsFalse()){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28468 72759/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_08.c Buffer_Overflow_LowBound 56 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(staticReturnsTrue()) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28469 72760/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_09.c Buffer_Overflow_LowBound 71 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(GLOBAL_CONST_TRUE) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28470 72760/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_09.c Buffer_Overflow_LowBound 42 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(GLOBAL_CONST_FALSE){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28471 72760/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_09.c Buffer_Overflow_LowBound 91 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(GLOBAL_CONST_TRUE) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28472 72761/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_10.c Buffer_Overflow_LowBound 71 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalTrue) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28473 72761/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_10.c Buffer_Overflow_LowBound 42 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalFalse){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28474 72761/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_10.c Buffer_Overflow_LowBound 91 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalTrue) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28475 72762/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_11.c Buffer_Overflow_LowBound 71 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalReturnsTrue()) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28476 72762/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_11.c Buffer_Overflow_LowBound 42 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalReturnsFalse()){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28477 72762/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_11.c Buffer_Overflow_LowBound 91 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalReturnsTrue()) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28478 72764/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_13.c Buffer_Overflow_LowBound 71 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28479 72764/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_13.c Buffer_Overflow_LowBound 42 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE!=5){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28480 72764/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_13.c Buffer_Overflow_LowBound 91 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28481 72765/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_14.c Buffer_Overflow_LowBound 71 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif int globalFive = 5;  wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalFive==5) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28482 72765/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_14.c Buffer_Overflow_LowBound 42 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif int globalFive = 5;  wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalFive!=5){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28483 72765/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_14.c Buffer_Overflow_LowBound 91 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif int globalFive = 5;  wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); if(globalFive==5) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28484 72766/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_15.c Buffer_Overflow_LowBound 78 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); switch(6) case 6: wmemset(data, L'A', 100-1); data[100-1] = L'\0'; break; default: break; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28485 72766/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_15.c Buffer_Overflow_LowBound 48 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); switch(5) case 6: break; default: wmemset(data, L'A', 50-1); data[50-1] = L'\0'; break; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28486 72766/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_15.c Buffer_Overflow_LowBound 104 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); switch(6) case 6: wmemset(data, L'A', 50-1); data[50-1] = L'\0'; break; default: break; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28487 72767/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_16.c Buffer_Overflow_LowBound 68 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); while(1) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; break; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28488 72767/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_16.c Buffer_Overflow_LowBound 43 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); while(1) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; break; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28489 72768/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_17.c Buffer_Overflow_LowBound 68 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); for(i = 0; i < 1; i++) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28490 72768/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_17.c Buffer_Overflow_LowBound 43 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); for(h = 0; h < 1; h++) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28491 72769/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_18.c Buffer_Overflow_LowBound 41 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); goto source; source: wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28492 72769/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_18.c Buffer_Overflow_LowBound 64 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); goto source; source: wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28493 72770/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_21.c Buffer_Overflow_LowBound 92 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); badStatic = 1; data = badSource(data); static wchar_t * badSource(wchar_t * data) if(badStatic) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28494 72770/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_21.c Buffer_Overflow_LowBound 119 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2B1Static = 0; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Static){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28495 72770/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_21.c Buffer_Overflow_LowBound 52 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); goodG2B2Static = 1; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Static) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28496 72771/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22.c Buffer_Overflow_LowBound 87 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_badSource(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_badGlobal) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28497 72771/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22.c Buffer_Overflow_LowBound 69 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B1Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B1Source(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B1Global){ } else wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28498 72771/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22.c Buffer_Overflow_LowBound 43 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B2Source(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_22_goodG2B2Global) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28499 72772/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_31.c Buffer_Overflow_LowBound 42 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28500 72772/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_31.c Buffer_Overflow_LowBound 67 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28501 72773/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_32.c Buffer_Overflow_LowBound 47 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wchar_t * data = *dataPtr1; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28502 72773/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_32.c Buffer_Overflow_LowBound 77 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wchar_t * data = *dataPtr1; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28503 72775/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_34.c Buffer_Overflow_LowBound 49 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_34_unionType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_34_unionType myUnion; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28504 72775/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_34.c Buffer_Overflow_LowBound 75 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_34_unionType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_34_unionType myUnion; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28505 72776/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_41.c Buffer_Overflow_LowBound 34 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_41_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28506 72776/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_41.c Buffer_Overflow_LowBound 59 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_41_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28507 72777/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_42.c Buffer_Overflow_LowBound 45 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28508 72777/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_42.c Buffer_Overflow_LowBound 72 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28509 72779/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_44.c Buffer_Overflow_LowBound 63 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28510 72779/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_44.c Buffer_Overflow_LowBound 34 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28511 72780/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_45.c Buffer_Overflow_LowBound 38 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_45_badData; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28512 72780/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_45.c Buffer_Overflow_LowBound 66 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_45_goodG2BData; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28513 72781/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_51.c Buffer_Overflow_LowBound 147 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_51b_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28514 72781/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_51.c Buffer_Overflow_LowBound 131 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_51b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28515 72782/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52.c Buffer_Overflow_LowBound 186 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52c_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28516 72782/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52.c Buffer_Overflow_LowBound 202 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_52c_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28517 72783/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53.c Buffer_Overflow_LowBound 257 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53d_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28518 72783/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53.c Buffer_Overflow_LowBound 241 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_53d_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28519 72784/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54.c Buffer_Overflow_LowBound 312 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54d_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54e_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28520 72784/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54.c Buffer_Overflow_LowBound 296 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_54e_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28521 72785/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61.c Buffer_Overflow_LowBound 61 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61b_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61b_badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28522 72785/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61.c Buffer_Overflow_LowBound 40 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61b_goodG2BSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28523 72787/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_63.c Buffer_Overflow_LowBound 129 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28524 72787/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_63.c Buffer_Overflow_LowBound 146 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28525 72788/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_64.c Buffer_Overflow_LowBound 132 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28526 72788/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_64.c Buffer_Overflow_LowBound 152 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28527 72789/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_65.c Buffer_Overflow_LowBound 132 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_65b_badSink; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_65b_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28528 72789/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_65.c Buffer_Overflow_LowBound 148 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_65b_goodG2BSink; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_65b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28529 72790/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_66.c Buffer_Overflow_LowBound 135 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; wchar_t * dataArray[5]; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28530 72790/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_66.c Buffer_Overflow_LowBound 152 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; wchar_t * dataArray[5]; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28531 72791/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67.c Buffer_Overflow_LowBound 143 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67_structType wchar_t * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67_structType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67_structType myStruct; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28532 72791/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67.c Buffer_Overflow_LowBound 160 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67_structType wchar_t * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67_structType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67_structType myStruct; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28533 72792/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68.c Buffer_Overflow_LowBound 140 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68b_badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68_badData; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28534 72792/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68.c Buffer_Overflow_LowBound 157 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68b_goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_68_goodG2BData; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28535 72796/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_81_bad.cpp Buffer_Overflow_LowBound 35 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 28536 72796/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_81_goodG2B.cpp Buffer_Overflow_LowBound 35 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 28537 72797/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_82_bad.cpp Buffer_Overflow_LowBound 35 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); delete baseObject; 1 --------------------------------- 28538 72797/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_82_goodG2B.cpp Buffer_Overflow_LowBound 35 #ifdef _WIN32 #define SNPRINTF _snwprintf #else #define SNPRINTF snprintf #endif wchar_t * data; data = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_wchar_t_snprintf_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); delete baseObject; 0 --------------------------------- 28539 72800/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_01.c Buffer_Overflow_cpycat 35 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28540 72800/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_01.c Buffer_Overflow_cpycat 58 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28541 72801/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_02.c Buffer_Overflow_cpycat 91 char * data; data = NULL; if(1) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28542 72801/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_02.c Buffer_Overflow_cpycat 38 char * data; data = NULL; if(0){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28543 72801/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_02.c Buffer_Overflow_cpycat 69 char * data; data = NULL; if(1) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28544 72802/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_03.c Buffer_Overflow_cpycat 91 char * data; data = NULL; if(5==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28545 72802/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_03.c Buffer_Overflow_cpycat 38 char * data; data = NULL; if(5!=5){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28546 72802/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_03.c Buffer_Overflow_cpycat 69 char * data; data = NULL; if(5==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28547 72803/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_04.c Buffer_Overflow_cpycat 76 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28548 72803/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_04.c Buffer_Overflow_cpycat 45 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28549 72803/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_04.c Buffer_Overflow_cpycat 98 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28550 72804/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_05.c Buffer_Overflow_cpycat 76 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28551 72804/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_05.c Buffer_Overflow_cpycat 45 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28552 72804/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_05.c Buffer_Overflow_cpycat 98 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28553 72805/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_06.c Buffer_Overflow_cpycat 95 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28554 72805/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_06.c Buffer_Overflow_cpycat 42 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28555 72805/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_06.c Buffer_Overflow_cpycat 73 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28556 72806/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_07.c Buffer_Overflow_cpycat 44 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28557 72806/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_07.c Buffer_Overflow_cpycat 75 static int staticFive = 5; char * data; data = NULL; if(staticFive!=5){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28558 72806/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_07.c Buffer_Overflow_cpycat 97 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28559 72807/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_08.c Buffer_Overflow_cpycat 52 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28560 72807/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_08.c Buffer_Overflow_cpycat 83 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28561 72807/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_08.c Buffer_Overflow_cpycat 105 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28562 72808/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_09.c Buffer_Overflow_cpycat 91 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28563 72808/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_09.c Buffer_Overflow_cpycat 38 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28564 72808/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_09.c Buffer_Overflow_cpycat 69 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28565 72809/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_10.c Buffer_Overflow_cpycat 91 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28566 72809/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_10.c Buffer_Overflow_cpycat 38 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28567 72809/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_10.c Buffer_Overflow_cpycat 69 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28568 72810/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_11.c Buffer_Overflow_cpycat 91 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28569 72810/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_11.c Buffer_Overflow_cpycat 38 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsFalse()){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28570 72810/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_11.c Buffer_Overflow_cpycat 69 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28571 72812/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_13.c Buffer_Overflow_cpycat 91 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28572 72812/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_13.c Buffer_Overflow_cpycat 38 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28573 72812/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_13.c Buffer_Overflow_cpycat 69 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28574 72813/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_14.c Buffer_Overflow_cpycat 91 int globalFive = 5;  char * data; data = NULL; if(globalFive==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28575 72813/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_14.c Buffer_Overflow_cpycat 38 int globalFive = 5;  char * data; data = NULL; if(globalFive!=5){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28576 72813/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_14.c Buffer_Overflow_cpycat 69 int globalFive = 5;  char * data; data = NULL; if(globalFive==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28577 72814/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_15.c Buffer_Overflow_cpycat 76 char * data; data = NULL; switch(6) case 6: data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28578 72814/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_15.c Buffer_Overflow_cpycat 44 char * data; data = NULL; switch(5) case 6: break; default: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28579 72814/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_15.c Buffer_Overflow_cpycat 104 char * data; data = NULL; switch(6) case 6: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28580 72815/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_16.c Buffer_Overflow_cpycat 39 char * data; data = NULL; while(1) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28581 72815/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_16.c Buffer_Overflow_cpycat 66 char * data; data = NULL; while(1) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28582 72816/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_17.c Buffer_Overflow_cpycat 39 char * data; data = NULL; for(i = 0; i < 1; i++) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28583 72816/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_17.c Buffer_Overflow_cpycat 66 char * data; data = NULL; for(h = 0; h < 1; h++) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28584 72817/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_18.c Buffer_Overflow_cpycat 62 char * data; data = NULL; goto source; source: data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28585 72817/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_18.c Buffer_Overflow_cpycat 37 char * data; data = NULL; goto source; source: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28586 72818/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_21.c Buffer_Overflow_cpycat 48 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28587 72818/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_21.c Buffer_Overflow_cpycat 119 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28588 72818/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_21.c Buffer_Overflow_cpycat 90 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28589 72819/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22.c Buffer_Overflow_cpycat 67 char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_badSource(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_badGlobal) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28590 72819/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22.c Buffer_Overflow_cpycat 87 char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_goodG2B1Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_goodG2B1Global){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28591 72819/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22.c Buffer_Overflow_cpycat 39 char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_goodG2B2Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_22_goodG2B2Global) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28592 72820/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_31.c Buffer_Overflow_cpycat 38 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28593 72820/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_31.c Buffer_Overflow_cpycat 65 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28594 72821/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_32.c Buffer_Overflow_cpycat 43 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28595 72821/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_32.c Buffer_Overflow_cpycat 75 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28596 72823/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_34.c Buffer_Overflow_cpycat 45 typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_34_unionType myUnion; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28597 72823/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_34.c Buffer_Overflow_cpycat 73 typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_34_unionType myUnion; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28598 72824/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_41.c Buffer_Overflow_cpycat 30 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28599 72824/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_41.c Buffer_Overflow_cpycat 57 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28600 72825/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_42.c Buffer_Overflow_cpycat 70 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28601 72825/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_42.c Buffer_Overflow_cpycat 41 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28602 72827/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_44.c Buffer_Overflow_cpycat 30 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28603 72827/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_44.c Buffer_Overflow_cpycat 61 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28604 72828/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_45.c Buffer_Overflow_cpycat 64 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28605 72828/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_45.c Buffer_Overflow_cpycat 34 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28606 72829/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_51.c Buffer_Overflow_cpycat 139 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28607 72829/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_51.c Buffer_Overflow_cpycat 121 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28608 72830/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_52.c Buffer_Overflow_cpycat 188 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28609 72830/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_52.c Buffer_Overflow_cpycat 170 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28610 72831/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53.c Buffer_Overflow_cpycat 219 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28611 72831/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53.c Buffer_Overflow_cpycat 237 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28612 72832/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54.c Buffer_Overflow_cpycat 268 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28613 72832/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54.c Buffer_Overflow_cpycat 286 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28614 72833/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_61.c Buffer_Overflow_cpycat 36 char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_61b_badSource(char * data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28615 72833/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_61.c Buffer_Overflow_cpycat 59 char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_61b_goodG2BSource(char * data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28616 72835/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_63.c Buffer_Overflow_cpycat 119 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28617 72835/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_63.c Buffer_Overflow_cpycat 138 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28618 72836/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_64.c Buffer_Overflow_cpycat 144 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28619 72836/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_64.c Buffer_Overflow_cpycat 122 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28620 72837/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_65.c Buffer_Overflow_cpycat 140 char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_65b_badSink; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28621 72837/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_65.c Buffer_Overflow_cpycat 122 char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_65b_goodG2BSink; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28622 72838/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_66.c Buffer_Overflow_cpycat 125 char * data; char * dataArray[5]; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28623 72838/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_66.c Buffer_Overflow_cpycat 144 char * data; char * dataArray[5]; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28624 72839/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67.c Buffer_Overflow_cpycat 133 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67_structType myStruct; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28625 72839/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67.c Buffer_Overflow_cpycat 152 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67_structType myStruct; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28626 72840/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68.c Buffer_Overflow_cpycat 149 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28627 72840/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68.c Buffer_Overflow_cpycat 130 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28628 72844/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 28629 72844/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 28630 72845/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); delete baseObject; 1 --------------------------------- 28631 72845/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cat_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); delete baseObject; 0 --------------------------------- 28632 72848/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_01.c Buffer_Overflow_cpycat 58 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28633 72848/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_01.c Buffer_Overflow_cpycat 35 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28634 72849/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_02.c Buffer_Overflow_cpycat 69 char * data; data = NULL; if(1) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28635 72849/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_02.c Buffer_Overflow_cpycat 91 char * data; data = NULL; if(0){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28636 72849/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_02.c Buffer_Overflow_cpycat 38 char * data; data = NULL; if(1) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28637 72850/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_03.c Buffer_Overflow_cpycat 69 char * data; data = NULL; if(5==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28638 72850/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_03.c Buffer_Overflow_cpycat 91 char * data; data = NULL; if(5!=5){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28639 72850/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_03.c Buffer_Overflow_cpycat 38 char * data; data = NULL; if(5==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28640 72851/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_04.c Buffer_Overflow_cpycat 98 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28641 72851/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_04.c Buffer_Overflow_cpycat 45 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28642 72851/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_04.c Buffer_Overflow_cpycat 76 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28643 72852/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_05.c Buffer_Overflow_cpycat 98 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28644 72852/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_05.c Buffer_Overflow_cpycat 45 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28645 72852/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_05.c Buffer_Overflow_cpycat 76 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28646 72853/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_06.c Buffer_Overflow_cpycat 42 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28647 72853/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_06.c Buffer_Overflow_cpycat 73 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28648 72853/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_06.c Buffer_Overflow_cpycat 95 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28649 72854/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_07.c Buffer_Overflow_cpycat 75 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28650 72854/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_07.c Buffer_Overflow_cpycat 97 static int staticFive = 5; char * data; data = NULL; if(staticFive!=5){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28651 72854/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_07.c Buffer_Overflow_cpycat 44 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28652 72855/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_08.c Buffer_Overflow_cpycat 83 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28653 72855/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_08.c Buffer_Overflow_cpycat 105 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28654 72855/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_08.c Buffer_Overflow_cpycat 52 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28655 72856/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_09.c Buffer_Overflow_cpycat 69 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28656 72856/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_09.c Buffer_Overflow_cpycat 91 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28657 72856/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_09.c Buffer_Overflow_cpycat 38 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28658 72857/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_10.c Buffer_Overflow_cpycat 69 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28659 72857/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_10.c Buffer_Overflow_cpycat 91 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28660 72857/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_10.c Buffer_Overflow_cpycat 38 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28661 72858/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_11.c Buffer_Overflow_cpycat 69 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28662 72858/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_11.c Buffer_Overflow_cpycat 91 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsFalse()){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28663 72858/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_11.c Buffer_Overflow_cpycat 38 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28664 72860/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_13.c Buffer_Overflow_cpycat 69 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28665 72860/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_13.c Buffer_Overflow_cpycat 91 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28666 72860/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_13.c Buffer_Overflow_cpycat 38 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28667 72861/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_14.c Buffer_Overflow_cpycat 69 int globalFive = 5;  char * data; data = NULL; if(globalFive==5) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28668 72861/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_14.c Buffer_Overflow_cpycat 91 int globalFive = 5;  char * data; data = NULL; if(globalFive!=5){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28669 72861/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_14.c Buffer_Overflow_cpycat 38 int globalFive = 5;  char * data; data = NULL; if(globalFive==5) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28670 72862/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_15.c Buffer_Overflow_cpycat 104 char * data; data = NULL; switch(6) case 6: data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28671 72862/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_15.c Buffer_Overflow_cpycat 44 char * data; data = NULL; switch(5) case 6: break; default: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28672 72862/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_15.c Buffer_Overflow_cpycat 76 char * data; data = NULL; switch(6) case 6: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28673 72863/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_16.c Buffer_Overflow_cpycat 66 char * data; data = NULL; while(1) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28674 72863/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_16.c Buffer_Overflow_cpycat 39 char * data; data = NULL; while(1) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28675 72864/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_17.c Buffer_Overflow_cpycat 66 char * data; data = NULL; for(i = 0; i < 1; i++) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28676 72864/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_17.c Buffer_Overflow_cpycat 39 char * data; data = NULL; for(h = 0; h < 1; h++) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28677 72865/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_18.c Buffer_Overflow_cpycat 37 char * data; data = NULL; goto source; source: data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28678 72865/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_18.c Buffer_Overflow_cpycat 62 char * data; data = NULL; goto source; source: data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28679 72866/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_21.c Buffer_Overflow_cpycat 90 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28680 72866/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_21.c Buffer_Overflow_cpycat 48 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28681 72866/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_21.c Buffer_Overflow_cpycat 119 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28682 72867/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22.c Buffer_Overflow_cpycat 39 char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_badSource(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_badGlobal) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28683 72867/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22.c Buffer_Overflow_cpycat 67 char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_goodG2B1Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_goodG2B1Global){ } else data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28684 72867/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22.c Buffer_Overflow_cpycat 87 char * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_goodG2B2Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_22_goodG2B2Global) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28685 72868/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_31.c Buffer_Overflow_cpycat 38 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28686 72868/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_31.c Buffer_Overflow_cpycat 65 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28687 72869/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_32.c Buffer_Overflow_cpycat 43 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28688 72869/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_32.c Buffer_Overflow_cpycat 75 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28689 72871/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_34.c Buffer_Overflow_cpycat 45 typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_34_unionType myUnion; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28690 72871/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_34.c Buffer_Overflow_cpycat 73 typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_34_unionType myUnion; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28691 72872/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_41.c Buffer_Overflow_cpycat 30 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28692 72872/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_41.c Buffer_Overflow_cpycat 57 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28693 72873/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_42.c Buffer_Overflow_cpycat 70 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28694 72873/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_42.c Buffer_Overflow_cpycat 41 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28695 72875/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_44.c Buffer_Overflow_cpycat 61 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28696 72875/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_44.c Buffer_Overflow_cpycat 30 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28697 72876/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_45.c Buffer_Overflow_cpycat 34 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28698 72876/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_45.c Buffer_Overflow_cpycat 64 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28699 72877/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_51.c Buffer_Overflow_cpycat 139 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28700 72877/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_51.c Buffer_Overflow_cpycat 121 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28701 72878/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52.c Buffer_Overflow_cpycat 170 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28702 72878/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52.c Buffer_Overflow_cpycat 188 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28703 72879/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53.c Buffer_Overflow_cpycat 237 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28704 72879/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53.c Buffer_Overflow_cpycat 219 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28705 72880/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54.c Buffer_Overflow_cpycat 286 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28706 72880/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54.c Buffer_Overflow_cpycat 268 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28707 72881/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_61.c Buffer_Overflow_cpycat 59 char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_61b_badSource(char * data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28708 72881/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_61.c Buffer_Overflow_cpycat 36 char * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_61b_goodG2BSource(char * data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28709 72883/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_63.c Buffer_Overflow_cpycat 138 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28710 72883/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_63.c Buffer_Overflow_cpycat 119 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28711 72884/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_64.c Buffer_Overflow_cpycat 122 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28712 72884/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_64.c Buffer_Overflow_cpycat 144 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28713 72885/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_65.c Buffer_Overflow_cpycat 122 char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_65b_badSink; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28714 72885/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_65.c Buffer_Overflow_cpycat 140 char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_65b_goodG2BSink; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28715 72886/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_66.c Buffer_Overflow_cpycat 125 char * data; char * dataArray[5]; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28716 72886/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_66.c Buffer_Overflow_cpycat 144 char * data; char * dataArray[5]; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28717 72887/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67.c Buffer_Overflow_cpycat 133 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67_structType myStruct; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28718 72887/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67.c Buffer_Overflow_cpycat 152 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67_structType myStruct; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28719 72888/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68.c Buffer_Overflow_cpycat 130 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28720 72888/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68.c Buffer_Overflow_cpycat 149 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28721 72892/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 28722 72892/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 28723 72893/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); delete baseObject; 1 --------------------------------- 28724 72893/CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_char_cpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); delete baseObject; 0 --------------------------------- 28725 72944/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_01.c Buffer_Overflow_cpycat 58 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28726 72944/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_01.c Buffer_Overflow_cpycat 35 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28727 72945/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_02.c Buffer_Overflow_cpycat 38 wchar_t * data; data = NULL; if(1) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28728 72945/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_02.c Buffer_Overflow_cpycat 69 wchar_t * data; data = NULL; if(0){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28729 72945/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_02.c Buffer_Overflow_cpycat 91 wchar_t * data; data = NULL; if(1) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28730 72946/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_03.c Buffer_Overflow_cpycat 38 wchar_t * data; data = NULL; if(5==5) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28731 72946/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_03.c Buffer_Overflow_cpycat 69 wchar_t * data; data = NULL; if(5!=5){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28732 72946/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_03.c Buffer_Overflow_cpycat 91 wchar_t * data; data = NULL; if(5==5) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28733 72947/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_04.c Buffer_Overflow_cpycat 76 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28734 72947/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_04.c Buffer_Overflow_cpycat 98 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_FALSE){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28735 72947/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_04.c Buffer_Overflow_cpycat 45 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28736 72948/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_05.c Buffer_Overflow_cpycat 76 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28737 72948/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_05.c Buffer_Overflow_cpycat 98 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticFalse){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28738 72948/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_05.c Buffer_Overflow_cpycat 45 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28739 72949/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_06.c Buffer_Overflow_cpycat 73 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28740 72949/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_06.c Buffer_Overflow_cpycat 95 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE!=5){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28741 72949/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_06.c Buffer_Overflow_cpycat 42 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28742 72950/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_07.c Buffer_Overflow_cpycat 97 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28743 72950/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_07.c Buffer_Overflow_cpycat 44 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive!=5){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28744 72950/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_07.c Buffer_Overflow_cpycat 75 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28745 72951/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_08.c Buffer_Overflow_cpycat 105 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28746 72951/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_08.c Buffer_Overflow_cpycat 52 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsFalse()){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28747 72951/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_08.c Buffer_Overflow_cpycat 83 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28748 72952/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_09.c Buffer_Overflow_cpycat 38 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28749 72952/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_09.c Buffer_Overflow_cpycat 69 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_FALSE){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28750 72952/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_09.c Buffer_Overflow_cpycat 91 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28751 72953/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_10.c Buffer_Overflow_cpycat 38 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28752 72953/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_10.c Buffer_Overflow_cpycat 69 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalFalse){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28753 72953/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_10.c Buffer_Overflow_cpycat 91 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28754 72954/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_11.c Buffer_Overflow_cpycat 38 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28755 72954/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_11.c Buffer_Overflow_cpycat 69 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsFalse()){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28756 72954/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_11.c Buffer_Overflow_cpycat 91 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28757 72956/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_13.c Buffer_Overflow_cpycat 38 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28758 72956/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_13.c Buffer_Overflow_cpycat 69 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE!=5){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28759 72956/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_13.c Buffer_Overflow_cpycat 91 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28760 72957/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_14.c Buffer_Overflow_cpycat 38 int globalFive = 5;  wchar_t * data; data = NULL; if(globalFive==5) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28761 72957/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_14.c Buffer_Overflow_cpycat 69 int globalFive = 5;  wchar_t * data; data = NULL; if(globalFive!=5){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28762 72957/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_14.c Buffer_Overflow_cpycat 91 int globalFive = 5;  wchar_t * data; data = NULL; if(globalFive==5) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28763 72958/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_15.c Buffer_Overflow_cpycat 76 wchar_t * data; data = NULL; switch(6) case 6: data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28764 72958/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_15.c Buffer_Overflow_cpycat 44 wchar_t * data; data = NULL; switch(5) case 6: break; default: data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28765 72958/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_15.c Buffer_Overflow_cpycat 104 wchar_t * data; data = NULL; switch(6) case 6: data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28766 72959/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_16.c Buffer_Overflow_cpycat 39 wchar_t * data; data = NULL; while(1) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28767 72959/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_16.c Buffer_Overflow_cpycat 66 wchar_t * data; data = NULL; while(1) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28768 72960/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_17.c Buffer_Overflow_cpycat 39 wchar_t * data; data = NULL; for(i = 0; i < 1; i++) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28769 72960/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_17.c Buffer_Overflow_cpycat 66 wchar_t * data; data = NULL; for(h = 0; h < 1; h++) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28770 72961/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_18.c Buffer_Overflow_cpycat 62 wchar_t * data; data = NULL; goto source; source: data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28771 72961/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_18.c Buffer_Overflow_cpycat 37 wchar_t * data; data = NULL; goto source; source: data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28772 72962/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_21.c Buffer_Overflow_cpycat 119 wchar_t * data; data = NULL; badStatic = 1; data = badSource(data); static wchar_t * badSource(wchar_t * data) if(badStatic) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28773 72962/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_21.c Buffer_Overflow_cpycat 90 wchar_t * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Static){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28774 72962/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_21.c Buffer_Overflow_cpycat 48 wchar_t * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Static) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28775 72963/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22.c Buffer_Overflow_cpycat 87 wchar_t * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_badSource(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_badGlobal) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28776 72963/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22.c Buffer_Overflow_cpycat 39 wchar_t * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_goodG2B1Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_goodG2B1Source(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_goodG2B1Global){ } else data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28777 72963/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22.c Buffer_Overflow_cpycat 67 wchar_t * data; data = NULL; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_goodG2B2Source(wchar_t * data) if(CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_22_goodG2B2Global) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28778 72964/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_31.c Buffer_Overflow_cpycat 38 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28779 72964/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_31.c Buffer_Overflow_cpycat 65 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28780 72965/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_32.c Buffer_Overflow_cpycat 75 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28781 72965/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_32.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28782 72967/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_34.c Buffer_Overflow_cpycat 73 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_34_unionType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_34_unionType myUnion; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28783 72967/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_34.c Buffer_Overflow_cpycat 45 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_34_unionType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_34_unionType myUnion; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28784 72968/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_41.c Buffer_Overflow_cpycat 30 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_41_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28785 72968/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_41.c Buffer_Overflow_cpycat 57 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_41_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28786 72969/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_42.c Buffer_Overflow_cpycat 70 wchar_t * data; data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28787 72969/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_42.c Buffer_Overflow_cpycat 41 wchar_t * data; data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28788 72971/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_44.c Buffer_Overflow_cpycat 30 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28789 72971/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_44.c Buffer_Overflow_cpycat 61 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28790 72972/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_45.c Buffer_Overflow_cpycat 34 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_45_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28791 72972/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_45.c Buffer_Overflow_cpycat 64 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_45_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28792 72973/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_51.c Buffer_Overflow_cpycat 121 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_51b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28793 72973/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_51.c Buffer_Overflow_cpycat 139 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28794 72974/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52.c Buffer_Overflow_cpycat 188 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52c_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28795 72974/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52.c Buffer_Overflow_cpycat 170 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28796 72975/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53.c Buffer_Overflow_cpycat 237 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53d_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28797 72975/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53.c Buffer_Overflow_cpycat 219 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28798 72976/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54.c Buffer_Overflow_cpycat 286 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54d_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54e_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28799 72976/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54.c Buffer_Overflow_cpycat 268 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28800 72977/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_61.c Buffer_Overflow_cpycat 36 wchar_t * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_61b_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_61b_badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28801 72977/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_61.c Buffer_Overflow_cpycat 59 wchar_t * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_61b_goodG2BSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_61b_goodG2BSource(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28802 72979/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_63.c Buffer_Overflow_cpycat 119 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28803 72979/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_63.c Buffer_Overflow_cpycat 138 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28804 72980/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_64.c Buffer_Overflow_cpycat 122 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28805 72980/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_64.c Buffer_Overflow_cpycat 144 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28806 72981/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_65.c Buffer_Overflow_cpycat 140 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_65b_badSink; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_65b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28807 72981/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_65.c Buffer_Overflow_cpycat 122 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_65b_goodG2BSink; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28808 72982/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_66.c Buffer_Overflow_cpycat 125 wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28809 72982/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_66.c Buffer_Overflow_cpycat 144 wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28810 72983/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67.c Buffer_Overflow_cpycat 133 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67_structType wchar_t * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67_structType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67_structType myStruct; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28811 72983/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67.c Buffer_Overflow_cpycat 152 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67_structType wchar_t * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67_structType; wchar_t * data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67_structType myStruct; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28812 72984/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68.c Buffer_Overflow_cpycat 130 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68b_badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28813 72984/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68.c Buffer_Overflow_cpycat 149 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68b_goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28814 72988/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; const CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 28815 72988/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; const CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 28816 72989/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); delete baseObject; 1 --------------------------------- 28817 72989/CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_dest_wchar_t_cpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); delete baseObject; 0 --------------------------------- 28818 72992/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_01.c Buffer_Overflow_cpycat 33 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28819 72992/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_01.c Buffer_Overflow_cpycat 54 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28820 72993/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_02.c Buffer_Overflow_cpycat 36 char * data; data = (char *)malloc(100*sizeof(char)); if(1) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28821 72993/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_02.c Buffer_Overflow_cpycat 65 char * data; data = (char *)malloc(100*sizeof(char)); if(0){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28822 72993/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_02.c Buffer_Overflow_cpycat 85 char * data; data = (char *)malloc(100*sizeof(char)); if(1) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28823 72994/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_03.c Buffer_Overflow_cpycat 36 char * data; data = (char *)malloc(100*sizeof(char)); if(5==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28824 72994/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_03.c Buffer_Overflow_cpycat 65 char * data; data = (char *)malloc(100*sizeof(char)); if(5!=5){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28825 72994/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_03.c Buffer_Overflow_cpycat 85 char * data; data = (char *)malloc(100*sizeof(char)); if(5==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28826 72995/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_04.c Buffer_Overflow_cpycat 43 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(STATIC_CONST_TRUE) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28827 72995/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_04.c Buffer_Overflow_cpycat 92 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(STATIC_CONST_FALSE){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28828 72995/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_04.c Buffer_Overflow_cpycat 72 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(STATIC_CONST_TRUE) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28829 72996/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_05.c Buffer_Overflow_cpycat 43 static int staticTrue = 1; static int staticFalse = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(staticTrue) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28830 72996/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_05.c Buffer_Overflow_cpycat 92 static int staticTrue = 1; static int staticFalse = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(staticFalse){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28831 72996/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_05.c Buffer_Overflow_cpycat 72 static int staticTrue = 1; static int staticFalse = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(staticTrue) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28832 72997/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_06.c Buffer_Overflow_cpycat 89 static const int STATIC_CONST_FIVE = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(STATIC_CONST_FIVE==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28833 72997/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_06.c Buffer_Overflow_cpycat 40 static const int STATIC_CONST_FIVE = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(STATIC_CONST_FIVE!=5){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28834 72997/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_06.c Buffer_Overflow_cpycat 69 static const int STATIC_CONST_FIVE = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(STATIC_CONST_FIVE==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28835 72998/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_07.c Buffer_Overflow_cpycat 91 static int staticFive = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(staticFive==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28836 72998/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_07.c Buffer_Overflow_cpycat 42 static int staticFive = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(staticFive!=5){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28837 72998/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_07.c Buffer_Overflow_cpycat 71 static int staticFive = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(staticFive==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28838 72999/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_08.c Buffer_Overflow_cpycat 99 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = (char *)malloc(100*sizeof(char)); if(staticReturnsTrue()) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28839 72999/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_08.c Buffer_Overflow_cpycat 50 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = (char *)malloc(100*sizeof(char)); if(staticReturnsFalse()){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28840 72999/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_08.c Buffer_Overflow_cpycat 79 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = (char *)malloc(100*sizeof(char)); if(staticReturnsTrue()) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28841 73000/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_09.c Buffer_Overflow_cpycat 36 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(GLOBAL_CONST_TRUE) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28842 73000/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_09.c Buffer_Overflow_cpycat 65 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(GLOBAL_CONST_FALSE){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28843 73000/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_09.c Buffer_Overflow_cpycat 85 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(GLOBAL_CONST_TRUE) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28844 73001/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_10.c Buffer_Overflow_cpycat 36 int globalTrue = 1; int globalFalse = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(globalTrue) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28845 73001/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_10.c Buffer_Overflow_cpycat 65 int globalTrue = 1; int globalFalse = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(globalFalse){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28846 73001/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_10.c Buffer_Overflow_cpycat 85 int globalTrue = 1; int globalFalse = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(globalTrue) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28847 73002/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_11.c Buffer_Overflow_cpycat 36 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = (char *)malloc(100*sizeof(char)); if(globalReturnsTrue()) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28848 73002/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_11.c Buffer_Overflow_cpycat 65 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = (char *)malloc(100*sizeof(char)); if(globalReturnsFalse()){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28849 73002/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_11.c Buffer_Overflow_cpycat 85 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = (char *)malloc(100*sizeof(char)); if(globalReturnsTrue()) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28850 73004/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_13.c Buffer_Overflow_cpycat 36 const int GLOBAL_CONST_FIVE = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(GLOBAL_CONST_FIVE==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28851 73004/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_13.c Buffer_Overflow_cpycat 65 const int GLOBAL_CONST_FIVE = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(GLOBAL_CONST_FIVE!=5){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28852 73004/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_13.c Buffer_Overflow_cpycat 85 const int GLOBAL_CONST_FIVE = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(GLOBAL_CONST_FIVE==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28853 73005/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_14.c Buffer_Overflow_cpycat 36 int globalFive = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(globalFive==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28854 73005/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_14.c Buffer_Overflow_cpycat 65 int globalFive = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(globalFive!=5){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28855 73005/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_14.c Buffer_Overflow_cpycat 85 int globalFive = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(globalFive==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28856 73006/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_15.c Buffer_Overflow_cpycat 98 char * data; data = (char *)malloc(100*sizeof(char)); switch(6) case 6: memset(data, 'A', 100-1); data[100-1] = '\0'; break; default: break; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28857 73006/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_15.c Buffer_Overflow_cpycat 72 char * data; data = (char *)malloc(100*sizeof(char)); switch(5) case 6: break; default: memset(data, 'A', 50-1); data[50-1] = '\0'; break; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28858 73006/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_15.c Buffer_Overflow_cpycat 42 char * data; data = (char *)malloc(100*sizeof(char)); switch(6) case 6: memset(data, 'A', 50-1); data[50-1] = '\0'; break; default: break; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28859 73007/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_16.c Buffer_Overflow_cpycat 37 char * data; data = (char *)malloc(100*sizeof(char)); while(1) memset(data, 'A', 100-1); data[100-1] = '\0'; break; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28860 73007/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_16.c Buffer_Overflow_cpycat 62 char * data; data = (char *)malloc(100*sizeof(char)); while(1) memset(data, 'A', 50-1); data[50-1] = '\0'; break; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28861 73008/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_17.c Buffer_Overflow_cpycat 37 char * data; data = (char *)malloc(100*sizeof(char)); for(i = 0; i < 1; i++) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28862 73008/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_17.c Buffer_Overflow_cpycat 62 char * data; data = (char *)malloc(100*sizeof(char)); for(h = 0; h < 1; h++) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28863 73009/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_18.c Buffer_Overflow_cpycat 35 char * data; data = (char *)malloc(100*sizeof(char)); goto source; source: memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28864 73009/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_18.c Buffer_Overflow_cpycat 58 char * data; data = (char *)malloc(100*sizeof(char)); goto source; source: memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28865 73010/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_21.c Buffer_Overflow_cpycat 113 char * data; data = (char *)malloc(100*sizeof(char)); badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28866 73010/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_21.c Buffer_Overflow_cpycat 86 char * data; data = (char *)malloc(100*sizeof(char)); goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28867 73010/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_21.c Buffer_Overflow_cpycat 46 char * data; data = (char *)malloc(100*sizeof(char)); goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28868 73011/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22.c Buffer_Overflow_cpycat 81 char * data; data = (char *)malloc(100*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_badSource(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_badGlobal) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28869 73011/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22.c Buffer_Overflow_cpycat 63 char * data; data = (char *)malloc(100*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_goodG2B1Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_goodG2B1Global){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28870 73011/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22.c Buffer_Overflow_cpycat 37 char * data; data = (char *)malloc(100*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_goodG2B2Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_22_goodG2B2Global) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28871 73012/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_31.c Buffer_Overflow_cpycat 36 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28872 73012/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_31.c Buffer_Overflow_cpycat 61 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28873 73013/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_32.c Buffer_Overflow_cpycat 41 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = (char *)malloc(100*sizeof(char)); char * data = *dataPtr1; memset(data, 'A', 100-1); data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28874 73013/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_32.c Buffer_Overflow_cpycat 71 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = (char *)malloc(100*sizeof(char)); char * data = *dataPtr1; memset(data, 'A', 50-1); data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28875 73015/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_34.c Buffer_Overflow_cpycat 43 typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_34_unionType myUnion; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28876 73015/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_34.c Buffer_Overflow_cpycat 69 typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_34_unionType myUnion; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28877 73016/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_41.c Buffer_Overflow_cpycat 28 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_41_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28878 73016/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_41.c Buffer_Overflow_cpycat 53 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_41_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28879 73017/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_42.c Buffer_Overflow_cpycat 66 char * data; data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28880 73017/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_42.c Buffer_Overflow_cpycat 39 char * data; data = (char *)malloc(100*sizeof(char)); data = goodG2BSource(data); static char * goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28881 73019/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_44.c Buffer_Overflow_cpycat 28 char * data; void (*funcPtr) (char *) = badSink; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28882 73019/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_44.c Buffer_Overflow_cpycat 57 char * data; void (*funcPtr) (char *) = goodG2BSink; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28883 73020/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_45.c Buffer_Overflow_cpycat 60 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_45_badData; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28884 73020/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_45.c Buffer_Overflow_cpycat 32 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_45_goodG2BData; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28885 73021/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_51.c Buffer_Overflow_cpycat 135 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_51b_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28886 73021/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_51.c Buffer_Overflow_cpycat 119 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_51b_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28887 73022/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52.c Buffer_Overflow_cpycat 168 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52c_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28888 73022/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52.c Buffer_Overflow_cpycat 184 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_52c_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28889 73023/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53.c Buffer_Overflow_cpycat 217 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53d_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28890 73023/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53.c Buffer_Overflow_cpycat 233 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_53d_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28891 73024/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54.c Buffer_Overflow_cpycat 266 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54e_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28892 73024/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54.c Buffer_Overflow_cpycat 282 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_54e_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28893 73025/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_61.c Buffer_Overflow_cpycat 34 char * data; data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_61b_badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28894 73025/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_61.c Buffer_Overflow_cpycat 55 char * data; data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_61b_goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28895 73027/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_63.c Buffer_Overflow_cpycat 117 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28896 73027/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_63.c Buffer_Overflow_cpycat 134 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28897 73028/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_64.c Buffer_Overflow_cpycat 140 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28898 73028/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_64.c Buffer_Overflow_cpycat 120 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28899 73029/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_65.c Buffer_Overflow_cpycat 136 char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_65b_badSink; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_65b_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28900 73029/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_65.c Buffer_Overflow_cpycat 120 char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_65b_goodG2BSink; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_65b_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28901 73030/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_66.c Buffer_Overflow_cpycat 123 char * data; char * dataArray[5]; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28902 73030/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_66.c Buffer_Overflow_cpycat 140 char * data; char * dataArray[5]; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28903 73031/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67.c Buffer_Overflow_cpycat 131 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28904 73031/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67.c Buffer_Overflow_cpycat 148 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28905 73032/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68.c Buffer_Overflow_cpycat 145 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68_badData; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28906 73032/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68.c Buffer_Overflow_cpycat 128 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_68_goodG2BData; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28907 73036/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_81_bad.cpp Buffer_Overflow_cpycat 29 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_81_bad::action(char * data) const char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 28908 73036/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_81_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_81_goodG2B::action(char * data) const char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 28909 73037/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_82_bad.cpp Buffer_Overflow_cpycat 29 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_82_bad::action(char * data) char dest[50] = ""; strcat(dest, data); delete baseObject; 1 --------------------------------- 28910 73037/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_82_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cat_82_goodG2B::action(char * data) char dest[50] = ""; strcat(dest, data); delete baseObject; 0 --------------------------------- 28911 73040/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_01.c Buffer_Overflow_cpycat 33 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28912 73040/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_01.c Buffer_Overflow_cpycat 54 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28913 73041/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_02.c Buffer_Overflow_cpycat 65 char * data; data = (char *)malloc(100*sizeof(char)); if(1) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28914 73041/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_02.c Buffer_Overflow_cpycat 85 char * data; data = (char *)malloc(100*sizeof(char)); if(0){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28915 73041/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_02.c Buffer_Overflow_cpycat 36 char * data; data = (char *)malloc(100*sizeof(char)); if(1) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28916 73042/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_03.c Buffer_Overflow_cpycat 65 char * data; data = (char *)malloc(100*sizeof(char)); if(5==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28917 73042/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_03.c Buffer_Overflow_cpycat 85 char * data; data = (char *)malloc(100*sizeof(char)); if(5!=5){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28918 73042/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_03.c Buffer_Overflow_cpycat 36 char * data; data = (char *)malloc(100*sizeof(char)); if(5==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28919 73043/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_04.c Buffer_Overflow_cpycat 43 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(STATIC_CONST_TRUE) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28920 73043/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_04.c Buffer_Overflow_cpycat 72 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(STATIC_CONST_FALSE){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28921 73043/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_04.c Buffer_Overflow_cpycat 92 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(STATIC_CONST_TRUE) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28922 73044/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_05.c Buffer_Overflow_cpycat 43 static int staticTrue = 1; static int staticFalse = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(staticTrue) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28923 73044/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_05.c Buffer_Overflow_cpycat 72 static int staticTrue = 1; static int staticFalse = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(staticFalse){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28924 73044/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_05.c Buffer_Overflow_cpycat 92 static int staticTrue = 1; static int staticFalse = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(staticTrue) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28925 73045/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_06.c Buffer_Overflow_cpycat 89 static const int STATIC_CONST_FIVE = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(STATIC_CONST_FIVE==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28926 73045/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_06.c Buffer_Overflow_cpycat 40 static const int STATIC_CONST_FIVE = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(STATIC_CONST_FIVE!=5){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28927 73045/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_06.c Buffer_Overflow_cpycat 69 static const int STATIC_CONST_FIVE = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(STATIC_CONST_FIVE==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28928 73046/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_07.c Buffer_Overflow_cpycat 91 static int staticFive = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(staticFive==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28929 73046/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_07.c Buffer_Overflow_cpycat 42 static int staticFive = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(staticFive!=5){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28930 73046/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_07.c Buffer_Overflow_cpycat 71 static int staticFive = 5; char * data; data = (char *)malloc(100*sizeof(char)); if(staticFive==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28931 73047/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_08.c Buffer_Overflow_cpycat 99 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = (char *)malloc(100*sizeof(char)); if(staticReturnsTrue()) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28932 73047/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_08.c Buffer_Overflow_cpycat 50 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = (char *)malloc(100*sizeof(char)); if(staticReturnsFalse()){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28933 73047/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_08.c Buffer_Overflow_cpycat 79 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = (char *)malloc(100*sizeof(char)); if(staticReturnsTrue()) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28934 73048/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_09.c Buffer_Overflow_cpycat 65 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(GLOBAL_CONST_TRUE) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28935 73048/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_09.c Buffer_Overflow_cpycat 85 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(GLOBAL_CONST_FALSE){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28936 73048/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_09.c Buffer_Overflow_cpycat 36 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(GLOBAL_CONST_TRUE) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28937 73049/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_10.c Buffer_Overflow_cpycat 65 int globalTrue = 1; int globalFalse = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(globalTrue) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28938 73049/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_10.c Buffer_Overflow_cpycat 85 int globalTrue = 1; int globalFalse = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(globalFalse){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28939 73049/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_10.c Buffer_Overflow_cpycat 36 int globalTrue = 1; int globalFalse = 0; char * data; data = (char *)malloc(100*sizeof(char)); if(globalTrue) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28940 73050/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_11.c Buffer_Overflow_cpycat 65 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = (char *)malloc(100*sizeof(char)); if(globalReturnsTrue()) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28941 73050/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_11.c Buffer_Overflow_cpycat 85 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = (char *)malloc(100*sizeof(char)); if(globalReturnsFalse()){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28942 73050/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_11.c Buffer_Overflow_cpycat 36 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = (char *)malloc(100*sizeof(char)); if(globalReturnsTrue()) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28943 73052/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_13.c Buffer_Overflow_cpycat 65 const int GLOBAL_CONST_FIVE = 5;  char * data; data = (char *)malloc(100*sizeof(char)); if(GLOBAL_CONST_FIVE==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28944 73052/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_13.c Buffer_Overflow_cpycat 85 const int GLOBAL_CONST_FIVE = 5;  char * data; data = (char *)malloc(100*sizeof(char)); if(GLOBAL_CONST_FIVE!=5){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28945 73052/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_13.c Buffer_Overflow_cpycat 36 const int GLOBAL_CONST_FIVE = 5;  char * data; data = (char *)malloc(100*sizeof(char)); if(GLOBAL_CONST_FIVE==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28946 73053/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_14.c Buffer_Overflow_cpycat 65 int globalFive = 5;  char * data; data = (char *)malloc(100*sizeof(char)); if(globalFive==5) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28947 73053/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_14.c Buffer_Overflow_cpycat 85 int globalFive = 5;  char * data; data = (char *)malloc(100*sizeof(char)); if(globalFive!=5){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28948 73053/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_14.c Buffer_Overflow_cpycat 36 int globalFive = 5;  char * data; data = (char *)malloc(100*sizeof(char)); if(globalFive==5) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28949 73054/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_15.c Buffer_Overflow_cpycat 72 char * data; data = (char *)malloc(100*sizeof(char)); switch(6) case 6: memset(data, 'A', 100-1); data[100-1] = '\0'; break; default: break; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28950 73054/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_15.c Buffer_Overflow_cpycat 98 char * data; data = (char *)malloc(100*sizeof(char)); switch(5) case 6: break; default: memset(data, 'A', 50-1); data[50-1] = '\0'; break; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28951 73054/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_15.c Buffer_Overflow_cpycat 42 char * data; data = (char *)malloc(100*sizeof(char)); switch(6) case 6: memset(data, 'A', 50-1); data[50-1] = '\0'; break; default: break; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28952 73055/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_16.c Buffer_Overflow_cpycat 62 char * data; data = (char *)malloc(100*sizeof(char)); while(1) memset(data, 'A', 100-1); data[100-1] = '\0'; break; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28953 73055/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_16.c Buffer_Overflow_cpycat 37 char * data; data = (char *)malloc(100*sizeof(char)); while(1) memset(data, 'A', 100-1); data[100-1] = '\0'; break; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28954 73056/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_17.c Buffer_Overflow_cpycat 62 char * data; data = (char *)malloc(100*sizeof(char)); for(i = 0; i < 1; i++) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28955 73056/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_17.c Buffer_Overflow_cpycat 37 char * data; data = (char *)malloc(100*sizeof(char)); for(h = 0; h < 1; h++) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28956 73057/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_18.c Buffer_Overflow_cpycat 35 char * data; data = (char *)malloc(100*sizeof(char)); goto source; source: memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28957 73057/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_18.c Buffer_Overflow_cpycat 58 char * data; data = (char *)malloc(100*sizeof(char)); goto source; source: memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28958 73058/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_21.c Buffer_Overflow_cpycat 113 char * data; data = (char *)malloc(100*sizeof(char)); badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28959 73058/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_21.c Buffer_Overflow_cpycat 46 char * data; data = (char *)malloc(100*sizeof(char)); goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28960 73058/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_21.c Buffer_Overflow_cpycat 86 char * data; data = (char *)malloc(100*sizeof(char)); goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28961 73059/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22.c Buffer_Overflow_cpycat 81 char * data; data = (char *)malloc(100*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_badGlobal = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_badSource(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_badGlobal) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28962 73059/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22.c Buffer_Overflow_cpycat 37 char * data; data = (char *)malloc(100*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_goodG2B1Global = 0; data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_goodG2B1Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_goodG2B1Global){ } else memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28963 73059/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22.c Buffer_Overflow_cpycat 63 char * data; data = (char *)malloc(100*sizeof(char)); CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_goodG2B2Global = 1; data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_goodG2B2Source(char * data) if(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_22_goodG2B2Global) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28964 73060/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_31.c Buffer_Overflow_cpycat 61 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28965 73060/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_31.c Buffer_Overflow_cpycat 36 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28966 73061/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_32.c Buffer_Overflow_cpycat 41 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = (char *)malloc(100*sizeof(char)); char * data = *dataPtr1; memset(data, 'A', 100-1); data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28967 73061/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_32.c Buffer_Overflow_cpycat 71 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = (char *)malloc(100*sizeof(char)); char * data = *dataPtr1; memset(data, 'A', 50-1); data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28968 73063/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_34.c Buffer_Overflow_cpycat 43 typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_34_unionType myUnion; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28969 73063/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_34.c Buffer_Overflow_cpycat 69 typedef union char * unionFirst; char * unionSecond; } CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_34_unionType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_34_unionType myUnion; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28970 73064/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_41.c Buffer_Overflow_cpycat 53 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_41_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28971 73064/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_41.c Buffer_Overflow_cpycat 28 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_41_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28972 73065/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_42.c Buffer_Overflow_cpycat 66 char * data; data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28973 73065/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_42.c Buffer_Overflow_cpycat 39 char * data; data = (char *)malloc(100*sizeof(char)); data = goodG2BSource(data); static char * goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28974 73067/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_44.c Buffer_Overflow_cpycat 57 char * data; void (*funcPtr) (char *) = badSink; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28975 73067/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_44.c Buffer_Overflow_cpycat 28 char * data; void (*funcPtr) (char *) = goodG2BSink; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28976 73068/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_45.c Buffer_Overflow_cpycat 32 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_45_badData; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28977 73068/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_45.c Buffer_Overflow_cpycat 60 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_45_goodG2BData; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28978 73069/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_51.c Buffer_Overflow_cpycat 135 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_51b_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28979 73069/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_51.c Buffer_Overflow_cpycat 119 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_51b_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28980 73070/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52.c Buffer_Overflow_cpycat 168 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52c_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28981 73070/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52.c Buffer_Overflow_cpycat 184 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_52c_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28982 73071/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53.c Buffer_Overflow_cpycat 217 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53d_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28983 73071/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53.c Buffer_Overflow_cpycat 233 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_53d_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28984 73072/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54.c Buffer_Overflow_cpycat 282 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54e_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28985 73072/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54.c Buffer_Overflow_cpycat 266 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_54e_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28986 73073/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_61.c Buffer_Overflow_cpycat 34 char * data; data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_61b_badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28987 73073/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_61.c Buffer_Overflow_cpycat 55 char * data; data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_61b_goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28988 73075/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_63.c Buffer_Overflow_cpycat 134 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28989 73075/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_63.c Buffer_Overflow_cpycat 117 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28990 73076/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_64.c Buffer_Overflow_cpycat 120 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28991 73076/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_64.c Buffer_Overflow_cpycat 140 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28992 73077/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_65.c Buffer_Overflow_cpycat 136 char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_65b_badSink; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_65b_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28993 73077/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_65.c Buffer_Overflow_cpycat 120 char * data; void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_65b_goodG2BSink; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_65b_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28994 73078/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_66.c Buffer_Overflow_cpycat 123 char * data; char * dataArray[5]; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28995 73078/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_66.c Buffer_Overflow_cpycat 140 char * data; char * dataArray[5]; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28996 73079/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67.c Buffer_Overflow_cpycat 131 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28997 73079/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67.c Buffer_Overflow_cpycat 148 typedef struct _CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67_structType char * structFirst; } CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67_structType; char * data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 50-1); data[50-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 28998 73080/CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_68.c Buffer_Overflow_cpycat 145 char * data; data = (char *)malloc(100*sizeof(char)); memset(data, 'A', 100-1); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_src_char_cpy_68_badData; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 28999 73694/CWE124_Buffer_Underwrite__CWE839_listen_socket_01.c Buffer_Overflow_Indexes 92 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29000 73694/CWE124_Buffer_Underwrite__CWE839_listen_socket_01.c Buffer_Overflow_Indexes 222 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29001 73695/CWE124_Buffer_Underwrite__CWE839_listen_socket_02.c Buffer_Overflow_Indexes 306 data = -1; if(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(1) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29002 73695/CWE124_Buffer_Underwrite__CWE839_listen_socket_02.c Buffer_Overflow_Indexes 200 data = -1; if(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(0) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29003 73695/CWE124_Buffer_Underwrite__CWE839_listen_socket_02.c Buffer_Overflow_Indexes 94 data = -1; if(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(1) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29004 73696/CWE124_Buffer_Underwrite__CWE839_listen_socket_03.c Buffer_Overflow_Indexes 306 data = -1; if(5==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5==5) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29005 73696/CWE124_Buffer_Underwrite__CWE839_listen_socket_03.c Buffer_Overflow_Indexes 200 data = -1; if(5==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29006 73696/CWE124_Buffer_Underwrite__CWE839_listen_socket_03.c Buffer_Overflow_Indexes 94 data = -1; if(5==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29007 73697/CWE124_Buffer_Underwrite__CWE839_listen_socket_04.c Buffer_Overflow_Indexes 100 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29008 73697/CWE124_Buffer_Underwrite__CWE839_listen_socket_04.c Buffer_Overflow_Indexes 312 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FALSE) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29009 73697/CWE124_Buffer_Underwrite__CWE839_listen_socket_04.c Buffer_Overflow_Indexes 206 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29010 73698/CWE124_Buffer_Underwrite__CWE839_listen_socket_05.c Buffer_Overflow_Indexes 100 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticTrue) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29011 73698/CWE124_Buffer_Underwrite__CWE839_listen_socket_05.c Buffer_Overflow_Indexes 312 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFalse) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29012 73698/CWE124_Buffer_Underwrite__CWE839_listen_socket_05.c Buffer_Overflow_Indexes 206 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticTrue) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29013 73699/CWE124_Buffer_Underwrite__CWE839_listen_socket_06.c Buffer_Overflow_Indexes 99 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29014 73699/CWE124_Buffer_Underwrite__CWE839_listen_socket_06.c Buffer_Overflow_Indexes 311 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29015 73699/CWE124_Buffer_Underwrite__CWE839_listen_socket_06.c Buffer_Overflow_Indexes 205 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29016 73700/CWE124_Buffer_Underwrite__CWE839_listen_socket_07.c Buffer_Overflow_Indexes 99 static int staticFive = 5; data = -1; if(staticFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive==5) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29017 73700/CWE124_Buffer_Underwrite__CWE839_listen_socket_07.c Buffer_Overflow_Indexes 311 static int staticFive = 5; data = -1; if(staticFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29018 73700/CWE124_Buffer_Underwrite__CWE839_listen_socket_07.c Buffer_Overflow_Indexes 205 static int staticFive = 5; data = -1; if(staticFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29019 73701/CWE124_Buffer_Underwrite__CWE839_listen_socket_08.c Buffer_Overflow_Indexes 107 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsTrue()) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29020 73701/CWE124_Buffer_Underwrite__CWE839_listen_socket_08.c Buffer_Overflow_Indexes 319 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsFalse()) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29021 73701/CWE124_Buffer_Underwrite__CWE839_listen_socket_08.c Buffer_Overflow_Indexes 213 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29022 73702/CWE124_Buffer_Underwrite__CWE839_listen_socket_09.c Buffer_Overflow_Indexes 306 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29023 73702/CWE124_Buffer_Underwrite__CWE839_listen_socket_09.c Buffer_Overflow_Indexes 200 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FALSE) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29024 73702/CWE124_Buffer_Underwrite__CWE839_listen_socket_09.c Buffer_Overflow_Indexes 94 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29025 73703/CWE124_Buffer_Underwrite__CWE839_listen_socket_10.c Buffer_Overflow_Indexes 306 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalTrue) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29026 73703/CWE124_Buffer_Underwrite__CWE839_listen_socket_10.c Buffer_Overflow_Indexes 200 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFalse) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29027 73703/CWE124_Buffer_Underwrite__CWE839_listen_socket_10.c Buffer_Overflow_Indexes 94 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalTrue) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29028 73704/CWE124_Buffer_Underwrite__CWE839_listen_socket_11.c Buffer_Overflow_Indexes 306 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsTrue()) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29029 73704/CWE124_Buffer_Underwrite__CWE839_listen_socket_11.c Buffer_Overflow_Indexes 200 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsFalse()) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29030 73704/CWE124_Buffer_Underwrite__CWE839_listen_socket_11.c Buffer_Overflow_Indexes 94 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29031 73706/CWE124_Buffer_Underwrite__CWE839_listen_socket_13.c Buffer_Overflow_Indexes 306 const int GLOBAL_CONST_FIVE = 5; data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29032 73706/CWE124_Buffer_Underwrite__CWE839_listen_socket_13.c Buffer_Overflow_Indexes 200 const int GLOBAL_CONST_FIVE = 5; data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29033 73706/CWE124_Buffer_Underwrite__CWE839_listen_socket_13.c Buffer_Overflow_Indexes 94 const int GLOBAL_CONST_FIVE = 5; data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29034 73707/CWE124_Buffer_Underwrite__CWE839_listen_socket_14.c Buffer_Overflow_Indexes 306 int globalFive = 5; data = -1; if(globalFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive==5) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29035 73707/CWE124_Buffer_Underwrite__CWE839_listen_socket_14.c Buffer_Overflow_Indexes 200 int globalFive = 5; data = -1; if(globalFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29036 73707/CWE124_Buffer_Underwrite__CWE839_listen_socket_14.c Buffer_Overflow_Indexes 94 int globalFive = 5; data = -1; if(globalFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29037 73708/CWE124_Buffer_Underwrite__CWE839_listen_socket_15.c Buffer_Overflow_Indexes 95 data = -1; switch(6) case 6: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(7) case 7: int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29038 73708/CWE124_Buffer_Underwrite__CWE839_listen_socket_15.c Buffer_Overflow_Indexes 213 data = -1; switch(6) case 6: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(8) case 7: break; default: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29039 73708/CWE124_Buffer_Underwrite__CWE839_listen_socket_15.c Buffer_Overflow_Indexes 326 data = -1; switch(6) case 6: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(7) case 7: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29040 73709/CWE124_Buffer_Underwrite__CWE839_listen_socket_16.c Buffer_Overflow_Indexes 202 data = -1; while(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; while(1) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; break; 1 --------------------------------- 29041 73709/CWE124_Buffer_Underwrite__CWE839_listen_socket_16.c Buffer_Overflow_Indexes 94 data = -1; while(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; while(1) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; break; 0 --------------------------------- 29042 73710/CWE124_Buffer_Underwrite__CWE839_listen_socket_17.c Buffer_Overflow_Indexes 202 data = -1; for(i = 0; i < 1; i++) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); for(j = 0; j < 1; j++) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29043 73710/CWE124_Buffer_Underwrite__CWE839_listen_socket_17.c Buffer_Overflow_Indexes 95 data = -1; for(i = 0; i < 1; i++) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); for(k = 0; k < 1; k++) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29044 73711/CWE124_Buffer_Underwrite__CWE839_listen_socket_18.c Buffer_Overflow_Indexes 94 data = -1; goto source; source: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goto sink; sink: int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29045 73711/CWE124_Buffer_Underwrite__CWE839_listen_socket_18.c Buffer_Overflow_Indexes 198 data = -1; goto source; source: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goto sink; sink: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29046 73712/CWE124_Buffer_Underwrite__CWE839_listen_socket_21.c Buffer_Overflow_Indexes 239 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badStatic = 1; badSink(data); static void badSink(int data) if(badStatic) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29047 73712/CWE124_Buffer_Underwrite__CWE839_listen_socket_21.c Buffer_Overflow_Indexes 121 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2G1Static = 0; goodB2G1Sink(data); static void goodB2G1Sink(int data) if(goodB2G1Static) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29048 73712/CWE124_Buffer_Underwrite__CWE839_listen_socket_21.c Buffer_Overflow_Indexes 343 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2G2Static = 1; goodB2G2Sink(data); static void goodB2G2Sink(int data) if(goodB2G2Static) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29049 73713/CWE124_Buffer_Underwrite__CWE839_listen_socket_22.c Buffer_Overflow_Indexes 187 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_22_badGlobal = 1; CWE124_Buffer_Underwrite__CWE839_listen_socket_22_badSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_22_badSink(int data) if(CWE124_Buffer_Underwrite__CWE839_listen_socket_22_badGlobal) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29050 73713/CWE124_Buffer_Underwrite__CWE839_listen_socket_22.c Buffer_Overflow_Indexes 268 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_22_goodB2G1Global = 0; CWE124_Buffer_Underwrite__CWE839_listen_socket_22_goodB2G1Sink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_22_goodB2G1Sink(int data) if(CWE124_Buffer_Underwrite__CWE839_listen_socket_22_goodB2G1Global) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29051 73713/CWE124_Buffer_Underwrite__CWE839_listen_socket_22.c Buffer_Overflow_Indexes 97 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_22_goodB2G2Global = 1; CWE124_Buffer_Underwrite__CWE839_listen_socket_22_goodB2G2Sink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_22_goodB2G2Sink(int data) if(CWE124_Buffer_Underwrite__CWE839_listen_socket_22_goodB2G2Global) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29052 73714/CWE124_Buffer_Underwrite__CWE839_listen_socket_31.c Buffer_Overflow_Indexes 92 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29053 73714/CWE124_Buffer_Underwrite__CWE839_listen_socket_31.c Buffer_Overflow_Indexes 230 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29054 73715/CWE124_Buffer_Underwrite__CWE839_listen_socket_32.c Buffer_Overflow_Indexes 244 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29055 73715/CWE124_Buffer_Underwrite__CWE839_listen_socket_32.c Buffer_Overflow_Indexes 96 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29056 73717/CWE124_Buffer_Underwrite__CWE839_listen_socket_34.c Buffer_Overflow_Indexes 99 typedef union int unionFirst; int unionSecond; } CWE124_Buffer_Underwrite__CWE839_listen_socket_34_unionType; CWE124_Buffer_Underwrite__CWE839_listen_socket_34_unionType myUnion; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29057 73717/CWE124_Buffer_Underwrite__CWE839_listen_socket_34.c Buffer_Overflow_Indexes 239 typedef union int unionFirst; int unionSecond; } CWE124_Buffer_Underwrite__CWE839_listen_socket_34_unionType; CWE124_Buffer_Underwrite__CWE839_listen_socket_34_unionType myUnion; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29058 73718/CWE124_Buffer_Underwrite__CWE839_listen_socket_41.c Buffer_Overflow_Indexes 115 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badSink(data); static void badSink(int data) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29059 73718/CWE124_Buffer_Underwrite__CWE839_listen_socket_41.c Buffer_Overflow_Indexes 254 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2GSink(data); static void goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29060 73719/CWE124_Buffer_Underwrite__CWE839_listen_socket_42.c Buffer_Overflow_Indexes 89 data = -1; data = badSource(data); static int badSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29061 73719/CWE124_Buffer_Underwrite__CWE839_listen_socket_42.c Buffer_Overflow_Indexes 231 data = -1; data = goodB2GSource(data); static int goodB2GSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29062 73721/CWE124_Buffer_Underwrite__CWE839_listen_socket_44.c Buffer_Overflow_Indexes 259 void (*funcPtr) (int) = badSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void badSink(int data) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29063 73721/CWE124_Buffer_Underwrite__CWE839_listen_socket_44.c Buffer_Overflow_Indexes 117 void (*funcPtr) (int) = goodB2GSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29064 73722/CWE124_Buffer_Underwrite__CWE839_listen_socket_45.c Buffer_Overflow_Indexes 263 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_45_badData = data; badSink(); static void badSink() int data = CWE124_Buffer_Underwrite__CWE839_listen_socket_45_badData; int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29065 73722/CWE124_Buffer_Underwrite__CWE839_listen_socket_45.c Buffer_Overflow_Indexes 120 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() int data = CWE124_Buffer_Underwrite__CWE839_listen_socket_45_goodB2GData; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29066 73723/CWE124_Buffer_Underwrite__CWE839_listen_socket_51.c Buffer_Overflow_Indexes 193 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_51b_badSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_51b_badSink(int data) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29067 73723/CWE124_Buffer_Underwrite__CWE839_listen_socket_51.c Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_51b_goodB2GSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_51b_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29068 73724/CWE124_Buffer_Underwrite__CWE839_listen_socket_52.c Buffer_Overflow_Indexes 193 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_52b_badSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_52b_badSink(int data) CWE124_Buffer_Underwrite__CWE839_listen_socket_52c_badSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_52c_badSink(int data) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29069 73724/CWE124_Buffer_Underwrite__CWE839_listen_socket_52.c Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_52b_goodB2GSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_52b_goodB2GSink(int data) CWE124_Buffer_Underwrite__CWE839_listen_socket_52c_goodB2GSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_52c_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29070 73725/CWE124_Buffer_Underwrite__CWE839_listen_socket_53.c Buffer_Overflow_Indexes 193 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_53b_badSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_53b_badSink(int data) CWE124_Buffer_Underwrite__CWE839_listen_socket_53c_badSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_53c_badSink(int data) CWE124_Buffer_Underwrite__CWE839_listen_socket_53d_badSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_53d_badSink(int data) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29071 73725/CWE124_Buffer_Underwrite__CWE839_listen_socket_53.c Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_53b_goodB2GSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_53b_goodB2GSink(int data) CWE124_Buffer_Underwrite__CWE839_listen_socket_53c_goodB2GSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_53c_goodB2GSink(int data) CWE124_Buffer_Underwrite__CWE839_listen_socket_53d_goodB2GSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_53d_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29072 73726/CWE124_Buffer_Underwrite__CWE839_listen_socket_54.c Buffer_Overflow_Indexes 193 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_54b_badSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_54b_badSink(int data) CWE124_Buffer_Underwrite__CWE839_listen_socket_54c_badSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_54c_badSink(int data) CWE124_Buffer_Underwrite__CWE839_listen_socket_54d_badSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_54d_badSink(int data) CWE124_Buffer_Underwrite__CWE839_listen_socket_54e_badSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_54e_badSink(int data) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29073 73726/CWE124_Buffer_Underwrite__CWE839_listen_socket_54.c Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_54b_goodB2GSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_54b_goodB2GSink(int data) CWE124_Buffer_Underwrite__CWE839_listen_socket_54c_goodB2GSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_54c_goodB2GSink(int data) CWE124_Buffer_Underwrite__CWE839_listen_socket_54d_goodB2GSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_54d_goodB2GSink(int data) CWE124_Buffer_Underwrite__CWE839_listen_socket_54e_goodB2GSink(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_54e_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29074 73727/CWE124_Buffer_Underwrite__CWE839_listen_socket_61.c Buffer_Overflow_Indexes 349 data = -1; data = CWE124_Buffer_Underwrite__CWE839_listen_socket_61b_badSource(data); int CWE124_Buffer_Underwrite__CWE839_listen_socket_61b_badSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29075 73727/CWE124_Buffer_Underwrite__CWE839_listen_socket_61.c Buffer_Overflow_Indexes 261 data = -1; data = CWE124_Buffer_Underwrite__CWE839_listen_socket_61b_goodB2GSource(data); int CWE124_Buffer_Underwrite__CWE839_listen_socket_61b_goodB2GSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29076 73729/CWE124_Buffer_Underwrite__CWE839_listen_socket_63.c Buffer_Overflow_Indexes 193 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_63b_badSink(&data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_63b_badSink(int * dataPtr) int data = *dataPtr; int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29077 73729/CWE124_Buffer_Underwrite__CWE839_listen_socket_63.c Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_63b_goodB2GSink(&data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_63b_goodB2GSink(int * dataPtr) int data = *dataPtr; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29078 73730/CWE124_Buffer_Underwrite__CWE839_listen_socket_64.c Buffer_Overflow_Indexes 193 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_64b_badSink(&data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29079 73730/CWE124_Buffer_Underwrite__CWE839_listen_socket_64.c Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_64b_goodB2GSink(&data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_64b_goodB2GSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29080 73731/CWE124_Buffer_Underwrite__CWE839_listen_socket_65.c Buffer_Overflow_Indexes 97 int data; void (*funcPtr) (int) = CWE124_Buffer_Underwrite__CWE839_listen_socket_65b_badSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_65b_badSink(int data) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29081 73731/CWE124_Buffer_Underwrite__CWE839_listen_socket_65.c Buffer_Overflow_Indexes 198 void (*funcPtr) (int) = CWE124_Buffer_Underwrite__CWE839_listen_socket_65b_goodB2GSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_65b_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29082 73732/CWE124_Buffer_Underwrite__CWE839_listen_socket_66.c Buffer_Overflow_Indexes 199 int dataArray[5]; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE124_Buffer_Underwrite__CWE839_listen_socket_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__CWE839_listen_socket_66b_badSink(int dataArray[]) int data = dataArray[2]; int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29083 73732/CWE124_Buffer_Underwrite__CWE839_listen_socket_66.c Buffer_Overflow_Indexes 96 int dataArray[5]; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE124_Buffer_Underwrite__CWE839_listen_socket_66b_goodB2GSink(dataArray); void CWE124_Buffer_Underwrite__CWE839_listen_socket_66b_goodB2GSink(int dataArray[]) int data = dataArray[2]; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29084 73733/CWE124_Buffer_Underwrite__CWE839_listen_socket_67.c Buffer_Overflow_Indexes 203 typedef struct _CWE124_Buffer_Underwrite__CWE839_listen_socket_67_structType int structFirst; } CWE124_Buffer_Underwrite__CWE839_listen_socket_67_structType; CWE124_Buffer_Underwrite__CWE839_listen_socket_67_structType myStruct; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE124_Buffer_Underwrite__CWE839_listen_socket_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__CWE839_listen_socket_67b_badSink(CWE124_Buffer_Underwrite__CWE839_listen_socket_67_structType myStruct) int data = myStruct.structFirst; int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29085 73733/CWE124_Buffer_Underwrite__CWE839_listen_socket_67.c Buffer_Overflow_Indexes 101 typedef struct _CWE124_Buffer_Underwrite__CWE839_listen_socket_67_structType int structFirst; } CWE124_Buffer_Underwrite__CWE839_listen_socket_67_structType; CWE124_Buffer_Underwrite__CWE839_listen_socket_67_structType myStruct; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE124_Buffer_Underwrite__CWE839_listen_socket_67b_goodB2GSink(myStruct); void CWE124_Buffer_Underwrite__CWE839_listen_socket_67b_goodB2GSink(CWE124_Buffer_Underwrite__CWE839_listen_socket_67_structType myStruct) int data = myStruct.structFirst; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29086 73734/CWE124_Buffer_Underwrite__CWE839_listen_socket_68.c Buffer_Overflow_Indexes 99 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_68_badData = data; CWE124_Buffer_Underwrite__CWE839_listen_socket_68b_badSink(); void CWE124_Buffer_Underwrite__CWE839_listen_socket_68b_badSink() int data = CWE124_Buffer_Underwrite__CWE839_listen_socket_68_badData; int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29087 73734/CWE124_Buffer_Underwrite__CWE839_listen_socket_68.c Buffer_Overflow_Indexes 199 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_68_goodB2GData = data; CWE124_Buffer_Underwrite__CWE839_listen_socket_68b_goodB2GSink(); void CWE124_Buffer_Underwrite__CWE839_listen_socket_68b_goodB2GSink() int data = CWE124_Buffer_Underwrite__CWE839_listen_socket_68_goodB2GData; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29088 73738/CWE124_Buffer_Underwrite__CWE839_listen_socket_81a.cpp Buffer_Overflow_Indexes 96 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); const CWE124_Buffer_Underwrite__CWE839_listen_socket_81_base& baseObject = CWE124_Buffer_Underwrite__CWE839_listen_socket_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_81_bad::action(int data) const int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; 1 --------------------------------- 29089 73738/CWE124_Buffer_Underwrite__CWE839_listen_socket_81a.cpp Buffer_Overflow_Indexes 192 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); const CWE124_Buffer_Underwrite__CWE839_listen_socket_81_base& baseObject = CWE124_Buffer_Underwrite__CWE839_listen_socket_81_goodB2G(); baseObject.action(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_81_goodB2G::action(int data) const int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 29090 73739/CWE124_Buffer_Underwrite__CWE839_listen_socket_82a.cpp Buffer_Overflow_Indexes 194 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_82_base* baseObject = new CWE124_Buffer_Underwrite__CWE839_listen_socket_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_82_bad::action(int data) int buffer[10] = { 0 }; if (data < 10) buffer[data] = 1; delete baseObject; 1 --------------------------------- 29091 73739/CWE124_Buffer_Underwrite__CWE839_listen_socket_82a.cpp Buffer_Overflow_Indexes 96 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE124_Buffer_Underwrite__CWE839_listen_socket_82_base* baseObject = new CWE124_Buffer_Underwrite__CWE839_listen_socket_82_goodB2G; baseObject->action(data); void CWE124_Buffer_Underwrite__CWE839_listen_socket_82_goodB2G::action(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; delete baseObject; 0 --------------------------------- 29092 73742/CWE124_Buffer_Underwrite__char_alloca_cpy_01.c Buffer_Overflow_cpycat 59 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29093 73742/CWE124_Buffer_Underwrite__char_alloca_cpy_01.c Buffer_Overflow_cpycat 36 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29094 73743/CWE124_Buffer_Underwrite__char_alloca_cpy_02.c Buffer_Overflow_cpycat 70 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29095 73743/CWE124_Buffer_Underwrite__char_alloca_cpy_02.c Buffer_Overflow_cpycat 92 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(0) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29096 73743/CWE124_Buffer_Underwrite__char_alloca_cpy_02.c Buffer_Overflow_cpycat 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29097 73744/CWE124_Buffer_Underwrite__char_alloca_cpy_03.c Buffer_Overflow_cpycat 70 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29098 73744/CWE124_Buffer_Underwrite__char_alloca_cpy_03.c Buffer_Overflow_cpycat 92 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29099 73744/CWE124_Buffer_Underwrite__char_alloca_cpy_03.c Buffer_Overflow_cpycat 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29100 73745/CWE124_Buffer_Underwrite__char_alloca_cpy_04.c Buffer_Overflow_cpycat 77 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29101 73745/CWE124_Buffer_Underwrite__char_alloca_cpy_04.c Buffer_Overflow_cpycat 99 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FALSE) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29102 73745/CWE124_Buffer_Underwrite__char_alloca_cpy_04.c Buffer_Overflow_cpycat 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29103 73746/CWE124_Buffer_Underwrite__char_alloca_cpy_05.c Buffer_Overflow_cpycat 77 static int staticTrue = 1; static int staticFalse = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29104 73746/CWE124_Buffer_Underwrite__char_alloca_cpy_05.c Buffer_Overflow_cpycat 99 static int staticTrue = 1; static int staticFalse = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFalse) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29105 73746/CWE124_Buffer_Underwrite__char_alloca_cpy_05.c Buffer_Overflow_cpycat 46 static int staticTrue = 1; static int staticFalse = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29106 73747/CWE124_Buffer_Underwrite__char_alloca_cpy_06.c Buffer_Overflow_cpycat 74 static const int STATIC_CONST_FIVE = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29107 73747/CWE124_Buffer_Underwrite__char_alloca_cpy_06.c Buffer_Overflow_cpycat 96 static const int STATIC_CONST_FIVE = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29108 73747/CWE124_Buffer_Underwrite__char_alloca_cpy_06.c Buffer_Overflow_cpycat 43 static const int STATIC_CONST_FIVE = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29109 73748/CWE124_Buffer_Underwrite__char_alloca_cpy_07.c Buffer_Overflow_cpycat 98 static int staticFive = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29110 73748/CWE124_Buffer_Underwrite__char_alloca_cpy_07.c Buffer_Overflow_cpycat 45 static int staticFive = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29111 73748/CWE124_Buffer_Underwrite__char_alloca_cpy_07.c Buffer_Overflow_cpycat 76 static int staticFive = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29112 73749/CWE124_Buffer_Underwrite__char_alloca_cpy_08.c Buffer_Overflow_cpycat 106 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29113 73749/CWE124_Buffer_Underwrite__char_alloca_cpy_08.c Buffer_Overflow_cpycat 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsFalse()) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29114 73749/CWE124_Buffer_Underwrite__char_alloca_cpy_08.c Buffer_Overflow_cpycat 84 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29115 73750/CWE124_Buffer_Underwrite__char_alloca_cpy_09.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29116 73750/CWE124_Buffer_Underwrite__char_alloca_cpy_09.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FALSE) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29117 73750/CWE124_Buffer_Underwrite__char_alloca_cpy_09.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29118 73751/CWE124_Buffer_Underwrite__char_alloca_cpy_10.c Buffer_Overflow_cpycat 70 int globalTrue = 1; int globalFalse = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29119 73751/CWE124_Buffer_Underwrite__char_alloca_cpy_10.c Buffer_Overflow_cpycat 92 int globalTrue = 1; int globalFalse = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFalse) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29120 73751/CWE124_Buffer_Underwrite__char_alloca_cpy_10.c Buffer_Overflow_cpycat 39 int globalTrue = 1; int globalFalse = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29121 73752/CWE124_Buffer_Underwrite__char_alloca_cpy_11.c Buffer_Overflow_cpycat 70 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29122 73752/CWE124_Buffer_Underwrite__char_alloca_cpy_11.c Buffer_Overflow_cpycat 92 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsFalse()) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29123 73752/CWE124_Buffer_Underwrite__char_alloca_cpy_11.c Buffer_Overflow_cpycat 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29124 73754/CWE124_Buffer_Underwrite__char_alloca_cpy_13.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_FIVE = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29125 73754/CWE124_Buffer_Underwrite__char_alloca_cpy_13.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_FIVE = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29126 73754/CWE124_Buffer_Underwrite__char_alloca_cpy_13.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_FIVE = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29127 73755/CWE124_Buffer_Underwrite__char_alloca_cpy_14.c Buffer_Overflow_cpycat 70 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29128 73755/CWE124_Buffer_Underwrite__char_alloca_cpy_14.c Buffer_Overflow_cpycat 92 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29129 73755/CWE124_Buffer_Underwrite__char_alloca_cpy_14.c Buffer_Overflow_cpycat 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29130 73756/CWE124_Buffer_Underwrite__char_alloca_cpy_15.c Buffer_Overflow_cpycat 77 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29131 73756/CWE124_Buffer_Underwrite__char_alloca_cpy_15.c Buffer_Overflow_cpycat 105 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(5) case 6: break; default: data = dataBuffer; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29132 73756/CWE124_Buffer_Underwrite__char_alloca_cpy_15.c Buffer_Overflow_cpycat 45 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29133 73757/CWE124_Buffer_Underwrite__char_alloca_cpy_16.c Buffer_Overflow_cpycat 40 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer - 8; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29134 73757/CWE124_Buffer_Underwrite__char_alloca_cpy_16.c Buffer_Overflow_cpycat 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29135 73758/CWE124_Buffer_Underwrite__char_alloca_cpy_17.c Buffer_Overflow_cpycat 40 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29136 73758/CWE124_Buffer_Underwrite__char_alloca_cpy_17.c Buffer_Overflow_cpycat 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(h = 0; h < 1; h++) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29137 73759/CWE124_Buffer_Underwrite__char_alloca_cpy_18.c Buffer_Overflow_cpycat 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29138 73759/CWE124_Buffer_Underwrite__char_alloca_cpy_18.c Buffer_Overflow_cpycat 63 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29139 73760/CWE124_Buffer_Underwrite__char_alloca_cpy_31.c Buffer_Overflow_cpycat 66 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29140 73760/CWE124_Buffer_Underwrite__char_alloca_cpy_31.c Buffer_Overflow_cpycat 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29141 73761/CWE124_Buffer_Underwrite__char_alloca_cpy_32.c Buffer_Overflow_cpycat 44 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29142 73761/CWE124_Buffer_Underwrite__char_alloca_cpy_32.c Buffer_Overflow_cpycat 76 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29143 73763/CWE124_Buffer_Underwrite__char_alloca_cpy_34.c Buffer_Overflow_cpycat 74 typedef union char * unionFirst; char * unionSecond; } CWE124_Buffer_Underwrite__char_alloca_cpy_34_unionType; CWE124_Buffer_Underwrite__char_alloca_cpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29144 73763/CWE124_Buffer_Underwrite__char_alloca_cpy_34.c Buffer_Overflow_cpycat 46 typedef union char * unionFirst; char * unionSecond; } CWE124_Buffer_Underwrite__char_alloca_cpy_34_unionType; CWE124_Buffer_Underwrite__char_alloca_cpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29145 73764/CWE124_Buffer_Underwrite__char_alloca_cpy_41.c Buffer_Overflow_cpycat 30 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_cpy_41_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29146 73764/CWE124_Buffer_Underwrite__char_alloca_cpy_41.c Buffer_Overflow_cpycat 57 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_cpy_41_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29147 73765/CWE124_Buffer_Underwrite__char_alloca_cpy_44.c Buffer_Overflow_cpycat 61 char * data; void (*funcPtr) (char *) = badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29148 73765/CWE124_Buffer_Underwrite__char_alloca_cpy_44.c Buffer_Overflow_cpycat 30 char * data; void (*funcPtr) (char *) = goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29149 73766/CWE124_Buffer_Underwrite__char_alloca_cpy_45.c Buffer_Overflow_cpycat 34 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_cpy_45_badData = data; badSink(); static void badSink() char * data = CWE124_Buffer_Underwrite__char_alloca_cpy_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29150 73766/CWE124_Buffer_Underwrite__char_alloca_cpy_45.c Buffer_Overflow_cpycat 64 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE124_Buffer_Underwrite__char_alloca_cpy_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29151 73767/CWE124_Buffer_Underwrite__char_alloca_cpy_51.c Buffer_Overflow_cpycat 123 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_cpy_51b_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29152 73767/CWE124_Buffer_Underwrite__char_alloca_cpy_51.c Buffer_Overflow_cpycat 140 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_cpy_51b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29153 73768/CWE124_Buffer_Underwrite__char_alloca_cpy_52.c Buffer_Overflow_cpycat 189 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_cpy_52b_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_52b_badSink(char * data) CWE124_Buffer_Underwrite__char_alloca_cpy_52c_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29154 73768/CWE124_Buffer_Underwrite__char_alloca_cpy_52.c Buffer_Overflow_cpycat 172 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_cpy_52b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_52b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_alloca_cpy_52c_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29155 73769/CWE124_Buffer_Underwrite__char_alloca_cpy_53.c Buffer_Overflow_cpycat 221 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_cpy_53b_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_53b_badSink(char * data) CWE124_Buffer_Underwrite__char_alloca_cpy_53c_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_53c_badSink(char * data) CWE124_Buffer_Underwrite__char_alloca_cpy_53d_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29156 73769/CWE124_Buffer_Underwrite__char_alloca_cpy_53.c Buffer_Overflow_cpycat 238 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_cpy_53b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_53b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_alloca_cpy_53c_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_53c_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_alloca_cpy_53d_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29157 73770/CWE124_Buffer_Underwrite__char_alloca_cpy_54.c Buffer_Overflow_cpycat 270 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_cpy_54b_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_54b_badSink(char * data) CWE124_Buffer_Underwrite__char_alloca_cpy_54c_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_54c_badSink(char * data) CWE124_Buffer_Underwrite__char_alloca_cpy_54d_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_54d_badSink(char * data) CWE124_Buffer_Underwrite__char_alloca_cpy_54e_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29158 73770/CWE124_Buffer_Underwrite__char_alloca_cpy_54.c Buffer_Overflow_cpycat 287 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_cpy_54b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_54b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_alloca_cpy_54c_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_54c_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_alloca_cpy_54d_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_54d_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_alloca_cpy_54e_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29159 73771/CWE124_Buffer_Underwrite__char_alloca_cpy_63.c Buffer_Overflow_cpycat 139 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_cpy_63b_badSink(&data); void CWE124_Buffer_Underwrite__char_alloca_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29160 73771/CWE124_Buffer_Underwrite__char_alloca_cpy_63.c Buffer_Overflow_cpycat 121 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_cpy_63b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__char_alloca_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29161 73772/CWE124_Buffer_Underwrite__char_alloca_cpy_64.c Buffer_Overflow_cpycat 145 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_cpy_64b_badSink(&data); void CWE124_Buffer_Underwrite__char_alloca_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29162 73772/CWE124_Buffer_Underwrite__char_alloca_cpy_64.c Buffer_Overflow_cpycat 124 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_cpy_64b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__char_alloca_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29163 73773/CWE124_Buffer_Underwrite__char_alloca_cpy_65.c Buffer_Overflow_cpycat 141 char * data; void (*funcPtr) (char *) = CWE124_Buffer_Underwrite__char_alloca_cpy_65b_badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29164 73773/CWE124_Buffer_Underwrite__char_alloca_cpy_65.c Buffer_Overflow_cpycat 124 char * data; void (*funcPtr) (char *) = CWE124_Buffer_Underwrite__char_alloca_cpy_65b_goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29165 73774/CWE124_Buffer_Underwrite__char_alloca_cpy_66.c Buffer_Overflow_cpycat 145 char * data; char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; CWE124_Buffer_Underwrite__char_alloca_cpy_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__char_alloca_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29166 73774/CWE124_Buffer_Underwrite__char_alloca_cpy_66.c Buffer_Overflow_cpycat 127 char * data; char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; CWE124_Buffer_Underwrite__char_alloca_cpy_66b_goodG2BSink(dataArray); void CWE124_Buffer_Underwrite__char_alloca_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29167 73775/CWE124_Buffer_Underwrite__char_alloca_cpy_67.c Buffer_Overflow_cpycat 153 typedef struct _CWE124_Buffer_Underwrite__char_alloca_cpy_67_structType char * structFirst; } CWE124_Buffer_Underwrite__char_alloca_cpy_67_structType; char * data; CWE124_Buffer_Underwrite__char_alloca_cpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE124_Buffer_Underwrite__char_alloca_cpy_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__char_alloca_cpy_67b_badSink(CWE124_Buffer_Underwrite__char_alloca_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29168 73775/CWE124_Buffer_Underwrite__char_alloca_cpy_67.c Buffer_Overflow_cpycat 135 typedef struct _CWE124_Buffer_Underwrite__char_alloca_cpy_67_structType char * structFirst; } CWE124_Buffer_Underwrite__char_alloca_cpy_67_structType; char * data; CWE124_Buffer_Underwrite__char_alloca_cpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; CWE124_Buffer_Underwrite__char_alloca_cpy_67b_goodG2BSink(myStruct); void CWE124_Buffer_Underwrite__char_alloca_cpy_67b_goodG2BSink(CWE124_Buffer_Underwrite__char_alloca_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29169 73776/CWE124_Buffer_Underwrite__char_alloca_cpy_68.c Buffer_Overflow_cpycat 150 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_cpy_68_badData = data; CWE124_Buffer_Underwrite__char_alloca_cpy_68b_badSink(); void CWE124_Buffer_Underwrite__char_alloca_cpy_68b_badSink() char * data = CWE124_Buffer_Underwrite__char_alloca_cpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29170 73776/CWE124_Buffer_Underwrite__char_alloca_cpy_68.c Buffer_Overflow_cpycat 132 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_cpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__char_alloca_cpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__char_alloca_cpy_68b_goodG2BSink() char * data = CWE124_Buffer_Underwrite__char_alloca_cpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29171 73780/CWE124_Buffer_Underwrite__char_alloca_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__char_alloca_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__char_alloca_cpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29172 73780/CWE124_Buffer_Underwrite__char_alloca_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__char_alloca_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__char_alloca_cpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29173 73781/CWE124_Buffer_Underwrite__char_alloca_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__char_alloca_cpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); delete baseObject; 1 --------------------------------- 29174 73781/CWE124_Buffer_Underwrite__char_alloca_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__char_alloca_cpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__char_alloca_cpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); delete baseObject; 0 --------------------------------- 29175 73902/CWE124_Buffer_Underwrite__char_alloca_ncpy_01.c Buffer_Overflow_LowBound 61 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29176 73902/CWE124_Buffer_Underwrite__char_alloca_ncpy_01.c Buffer_Overflow_LowBound 36 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29177 73903/CWE124_Buffer_Underwrite__char_alloca_ncpy_02.c Buffer_Overflow_LowBound 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29178 73903/CWE124_Buffer_Underwrite__char_alloca_ncpy_02.c Buffer_Overflow_LowBound 96 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(0) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29179 73903/CWE124_Buffer_Underwrite__char_alloca_ncpy_02.c Buffer_Overflow_LowBound 72 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29180 73904/CWE124_Buffer_Underwrite__char_alloca_ncpy_03.c Buffer_Overflow_LowBound 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29181 73904/CWE124_Buffer_Underwrite__char_alloca_ncpy_03.c Buffer_Overflow_LowBound 96 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29182 73904/CWE124_Buffer_Underwrite__char_alloca_ncpy_03.c Buffer_Overflow_LowBound 72 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29183 73905/CWE124_Buffer_Underwrite__char_alloca_ncpy_04.c Buffer_Overflow_LowBound 103 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29184 73905/CWE124_Buffer_Underwrite__char_alloca_ncpy_04.c Buffer_Overflow_LowBound 79 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FALSE) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29185 73905/CWE124_Buffer_Underwrite__char_alloca_ncpy_04.c Buffer_Overflow_LowBound 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29186 73906/CWE124_Buffer_Underwrite__char_alloca_ncpy_05.c Buffer_Overflow_LowBound 103 static int staticTrue = 1; static int staticFalse = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29187 73906/CWE124_Buffer_Underwrite__char_alloca_ncpy_05.c Buffer_Overflow_LowBound 79 static int staticTrue = 1; static int staticFalse = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFalse) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29188 73906/CWE124_Buffer_Underwrite__char_alloca_ncpy_05.c Buffer_Overflow_LowBound 46 static int staticTrue = 1; static int staticFalse = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29189 73907/CWE124_Buffer_Underwrite__char_alloca_ncpy_06.c Buffer_Overflow_LowBound 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29190 73907/CWE124_Buffer_Underwrite__char_alloca_ncpy_06.c Buffer_Overflow_LowBound 100 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29191 73907/CWE124_Buffer_Underwrite__char_alloca_ncpy_06.c Buffer_Overflow_LowBound 76 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29192 73908/CWE124_Buffer_Underwrite__char_alloca_ncpy_07.c Buffer_Overflow_LowBound 78 static int staticFive = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29193 73908/CWE124_Buffer_Underwrite__char_alloca_ncpy_07.c Buffer_Overflow_LowBound 102 static int staticFive = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29194 73908/CWE124_Buffer_Underwrite__char_alloca_ncpy_07.c Buffer_Overflow_LowBound 45 static int staticFive = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29195 73909/CWE124_Buffer_Underwrite__char_alloca_ncpy_08.c Buffer_Overflow_LowBound 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29196 73909/CWE124_Buffer_Underwrite__char_alloca_ncpy_08.c Buffer_Overflow_LowBound 86 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsFalse()) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29197 73909/CWE124_Buffer_Underwrite__char_alloca_ncpy_08.c Buffer_Overflow_LowBound 110 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29198 73910/CWE124_Buffer_Underwrite__char_alloca_ncpy_09.c Buffer_Overflow_LowBound 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29199 73910/CWE124_Buffer_Underwrite__char_alloca_ncpy_09.c Buffer_Overflow_LowBound 96 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FALSE) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29200 73910/CWE124_Buffer_Underwrite__char_alloca_ncpy_09.c Buffer_Overflow_LowBound 72 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29201 73911/CWE124_Buffer_Underwrite__char_alloca_ncpy_10.c Buffer_Overflow_LowBound 39 int globalFive = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29202 73911/CWE124_Buffer_Underwrite__char_alloca_ncpy_10.c Buffer_Overflow_LowBound 96 int globalFive = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFalse) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29203 73911/CWE124_Buffer_Underwrite__char_alloca_ncpy_10.c Buffer_Overflow_LowBound 72 int globalFive = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29204 73912/CWE124_Buffer_Underwrite__char_alloca_ncpy_11.c Buffer_Overflow_LowBound 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29205 73912/CWE124_Buffer_Underwrite__char_alloca_ncpy_11.c Buffer_Overflow_LowBound 96 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsFalse()) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29206 73912/CWE124_Buffer_Underwrite__char_alloca_ncpy_11.c Buffer_Overflow_LowBound 72 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29207 73914/CWE124_Buffer_Underwrite__char_alloca_ncpy_13.c Buffer_Overflow_LowBound 39 const int GLOBAL_CONST_FIVE = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29208 73914/CWE124_Buffer_Underwrite__char_alloca_ncpy_13.c Buffer_Overflow_LowBound 96 const int GLOBAL_CONST_FIVE = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29209 73914/CWE124_Buffer_Underwrite__char_alloca_ncpy_13.c Buffer_Overflow_LowBound 72 const int GLOBAL_CONST_FIVE = 5; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29210 73915/CWE124_Buffer_Underwrite__char_alloca_ncpy_14.c Buffer_Overflow_LowBound 39 int globalFive = 5;  char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29211 73915/CWE124_Buffer_Underwrite__char_alloca_ncpy_14.c Buffer_Overflow_LowBound 96 int globalFive = 5;  char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29212 73915/CWE124_Buffer_Underwrite__char_alloca_ncpy_14.c Buffer_Overflow_LowBound 72 int globalFive = 5;  char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29213 73916/CWE124_Buffer_Underwrite__char_alloca_ncpy_15.c Buffer_Overflow_LowBound 79 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29214 73916/CWE124_Buffer_Underwrite__char_alloca_ncpy_15.c Buffer_Overflow_LowBound 109 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(5) case 6: break; default: data = dataBuffer; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29215 73916/CWE124_Buffer_Underwrite__char_alloca_ncpy_15.c Buffer_Overflow_LowBound 45 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29216 73917/CWE124_Buffer_Underwrite__char_alloca_ncpy_16.c Buffer_Overflow_LowBound 40 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer - 8; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29217 73917/CWE124_Buffer_Underwrite__char_alloca_ncpy_16.c Buffer_Overflow_LowBound 69 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29218 73918/CWE124_Buffer_Underwrite__char_alloca_ncpy_17.c Buffer_Overflow_LowBound 40 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29219 73918/CWE124_Buffer_Underwrite__char_alloca_ncpy_17.c Buffer_Overflow_LowBound 69 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(h = 0; h < 1; h++) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29220 73919/CWE124_Buffer_Underwrite__char_alloca_ncpy_18.c Buffer_Overflow_LowBound 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29221 73919/CWE124_Buffer_Underwrite__char_alloca_ncpy_18.c Buffer_Overflow_LowBound 65 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29222 73920/CWE124_Buffer_Underwrite__char_alloca_ncpy_31.c Buffer_Overflow_LowBound 39 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29223 73920/CWE124_Buffer_Underwrite__char_alloca_ncpy_31.c Buffer_Overflow_LowBound 68 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29224 73921/CWE124_Buffer_Underwrite__char_alloca_ncpy_32.c Buffer_Overflow_LowBound 78 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29225 73921/CWE124_Buffer_Underwrite__char_alloca_ncpy_32.c Buffer_Overflow_LowBound 44 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29226 73923/CWE124_Buffer_Underwrite__char_alloca_ncpy_34.c Buffer_Overflow_LowBound 46 typedef union char * unionFirst; char * unionSecond; } CWE124_Buffer_Underwrite__char_alloca_ncpy_34_unionType; CWE124_Buffer_Underwrite__char_alloca_ncpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29227 73923/CWE124_Buffer_Underwrite__char_alloca_ncpy_34.c Buffer_Overflow_LowBound 76 typedef union char * unionFirst; char * unionSecond; } CWE124_Buffer_Underwrite__char_alloca_ncpy_34_unionType; CWE124_Buffer_Underwrite__char_alloca_ncpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29228 73924/CWE124_Buffer_Underwrite__char_alloca_ncpy_41.c Buffer_Overflow_LowBound 30 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_ncpy_41_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29229 73924/CWE124_Buffer_Underwrite__char_alloca_ncpy_41.c Buffer_Overflow_LowBound 59 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_ncpy_41_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29230 73925/CWE124_Buffer_Underwrite__char_alloca_ncpy_44.c Buffer_Overflow_LowBound 63 char * data; void (*funcPtr) (char *) = badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29231 73925/CWE124_Buffer_Underwrite__char_alloca_ncpy_44.c Buffer_Overflow_LowBound 30 char * data; void (*funcPtr) (char *) = goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29232 73926/CWE124_Buffer_Underwrite__char_alloca_ncpy_45.c Buffer_Overflow_LowBound 34 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE124_Buffer_Underwrite__char_alloca_ncpy_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29233 73926/CWE124_Buffer_Underwrite__char_alloca_ncpy_45.c Buffer_Overflow_LowBound 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE124_Buffer_Underwrite__char_alloca_ncpy_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29234 73927/CWE124_Buffer_Underwrite__char_alloca_ncpy_51.c Buffer_Overflow_LowBound 142 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_ncpy_51b_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29235 73927/CWE124_Buffer_Underwrite__char_alloca_ncpy_51.c Buffer_Overflow_LowBound 123 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_ncpy_51b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29236 73928/CWE124_Buffer_Underwrite__char_alloca_ncpy_52.c Buffer_Overflow_LowBound 191 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_ncpy_52b_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_52b_badSink(char * data) CWE124_Buffer_Underwrite__char_alloca_ncpy_52c_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29237 73928/CWE124_Buffer_Underwrite__char_alloca_ncpy_52.c Buffer_Overflow_LowBound 172 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_ncpy_52b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_52b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_alloca_ncpy_52c_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29238 73929/CWE124_Buffer_Underwrite__char_alloca_ncpy_53.c Buffer_Overflow_LowBound 240 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_ncpy_53b_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_53b_badSink(char * data) CWE124_Buffer_Underwrite__char_alloca_ncpy_53c_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_53c_badSink(char * data) CWE124_Buffer_Underwrite__char_alloca_ncpy_53d_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29239 73929/CWE124_Buffer_Underwrite__char_alloca_ncpy_53.c Buffer_Overflow_LowBound 221 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_ncpy_53b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_53b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_alloca_ncpy_53c_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_53c_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_alloca_ncpy_53d_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29240 73930/CWE124_Buffer_Underwrite__char_alloca_ncpy_54.c Buffer_Overflow_LowBound 270 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_ncpy_54b_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_54b_badSink(char * data) CWE124_Buffer_Underwrite__char_alloca_ncpy_54c_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_54c_badSink(char * data) CWE124_Buffer_Underwrite__char_alloca_ncpy_54d_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_54d_badSink(char * data) CWE124_Buffer_Underwrite__char_alloca_ncpy_54e_badSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29241 73930/CWE124_Buffer_Underwrite__char_alloca_ncpy_54.c Buffer_Overflow_LowBound 289 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_ncpy_54b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_54b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_alloca_ncpy_54c_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_54c_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_alloca_ncpy_54d_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_54d_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_alloca_ncpy_54e_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29242 73931/CWE124_Buffer_Underwrite__char_alloca_ncpy_63.c Buffer_Overflow_LowBound 141 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_ncpy_63b_badSink(&data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29243 73931/CWE124_Buffer_Underwrite__char_alloca_ncpy_63.c Buffer_Overflow_LowBound 121 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_ncpy_63b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29244 73932/CWE124_Buffer_Underwrite__char_alloca_ncpy_64.c Buffer_Overflow_LowBound 147 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_ncpy_64b_badSink(&data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29245 73932/CWE124_Buffer_Underwrite__char_alloca_ncpy_64.c Buffer_Overflow_LowBound 124 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_ncpy_64b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29246 73933/CWE124_Buffer_Underwrite__char_alloca_ncpy_65.c Buffer_Overflow_LowBound 143 char * data; void (*funcPtr) (char *) = CWE124_Buffer_Underwrite__char_alloca_ncpy_65b_badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29247 73933/CWE124_Buffer_Underwrite__char_alloca_ncpy_65.c Buffer_Overflow_LowBound 124 char * data; void (*funcPtr) (char *) = CWE124_Buffer_Underwrite__char_alloca_ncpy_65b_goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29248 73934/CWE124_Buffer_Underwrite__char_alloca_ncpy_66.c Buffer_Overflow_LowBound 127 char * data; char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; CWE124_Buffer_Underwrite__char_alloca_ncpy_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__char_alloca_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29249 73934/CWE124_Buffer_Underwrite__char_alloca_ncpy_66.c Buffer_Overflow_LowBound 147 char * data; char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; CWE124_Buffer_Underwrite__char_alloca_ncpy_66b_goodG2BSink(dataArray); void CWE124_Buffer_Underwrite__char_alloca_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29250 73935/CWE124_Buffer_Underwrite__char_alloca_ncpy_67.c Buffer_Overflow_LowBound 135 typedef struct _CWE124_Buffer_Underwrite__char_alloca_ncpy_67_structType char * structFirst; } CWE124_Buffer_Underwrite__char_alloca_ncpy_67_structType; char * data; CWE124_Buffer_Underwrite__char_alloca_ncpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE124_Buffer_Underwrite__char_alloca_ncpy_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__char_alloca_ncpy_67b_badSink(CWE124_Buffer_Underwrite__char_alloca_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29251 73935/CWE124_Buffer_Underwrite__char_alloca_ncpy_67.c Buffer_Overflow_LowBound 155 typedef struct _CWE124_Buffer_Underwrite__char_alloca_ncpy_67_structType char * structFirst; } CWE124_Buffer_Underwrite__char_alloca_ncpy_67_structType; char * data; CWE124_Buffer_Underwrite__char_alloca_ncpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; CWE124_Buffer_Underwrite__char_alloca_ncpy_67b_goodG2BSink(myStruct); void CWE124_Buffer_Underwrite__char_alloca_ncpy_67b_goodG2BSink(CWE124_Buffer_Underwrite__char_alloca_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29252 73936/CWE124_Buffer_Underwrite__char_alloca_ncpy_68.c Buffer_Overflow_LowBound 152 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_ncpy_68_badData = data; CWE124_Buffer_Underwrite__char_alloca_ncpy_68b_badSink(); void CWE124_Buffer_Underwrite__char_alloca_ncpy_68b_badSink() char * data = CWE124_Buffer_Underwrite__char_alloca_ncpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29253 73936/CWE124_Buffer_Underwrite__char_alloca_ncpy_68.c Buffer_Overflow_LowBound 132 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_ncpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__char_alloca_ncpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__char_alloca_ncpy_68b_goodG2BSink() char * data = CWE124_Buffer_Underwrite__char_alloca_ncpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29254 73940/CWE124_Buffer_Underwrite__char_alloca_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__char_alloca_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__char_alloca_ncpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29255 73940/CWE124_Buffer_Underwrite__char_alloca_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__char_alloca_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__char_alloca_ncpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29256 73941/CWE124_Buffer_Underwrite__char_alloca_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_alloca_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__char_alloca_ncpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); delete baseObject; 1 --------------------------------- 29257 73941/CWE124_Buffer_Underwrite__char_alloca_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_alloca_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__char_alloca_ncpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__char_alloca_ncpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); delete baseObject; 0 --------------------------------- 29258 73942/CWE124_Buffer_Underwrite__char_declare_cpy_01.c Buffer_Overflow_cpycat 59 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29259 73942/CWE124_Buffer_Underwrite__char_declare_cpy_01.c Buffer_Overflow_cpycat 36 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29260 73943/CWE124_Buffer_Underwrite__char_declare_cpy_02.c Buffer_Overflow_cpycat 70 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29261 73943/CWE124_Buffer_Underwrite__char_declare_cpy_02.c Buffer_Overflow_cpycat 92 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(0) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29262 73943/CWE124_Buffer_Underwrite__char_declare_cpy_02.c Buffer_Overflow_cpycat 39 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29263 73944/CWE124_Buffer_Underwrite__char_declare_cpy_03.c Buffer_Overflow_cpycat 70 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29264 73944/CWE124_Buffer_Underwrite__char_declare_cpy_03.c Buffer_Overflow_cpycat 92 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29265 73944/CWE124_Buffer_Underwrite__char_declare_cpy_03.c Buffer_Overflow_cpycat 39 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29266 73945/CWE124_Buffer_Underwrite__char_declare_cpy_04.c Buffer_Overflow_cpycat 77 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29267 73945/CWE124_Buffer_Underwrite__char_declare_cpy_04.c Buffer_Overflow_cpycat 99 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FALSE) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29268 73945/CWE124_Buffer_Underwrite__char_declare_cpy_04.c Buffer_Overflow_cpycat 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29269 73946/CWE124_Buffer_Underwrite__char_declare_cpy_05.c Buffer_Overflow_cpycat 77 static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29270 73946/CWE124_Buffer_Underwrite__char_declare_cpy_05.c Buffer_Overflow_cpycat 99 static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFalse) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29271 73946/CWE124_Buffer_Underwrite__char_declare_cpy_05.c Buffer_Overflow_cpycat 46 static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29272 73947/CWE124_Buffer_Underwrite__char_declare_cpy_06.c Buffer_Overflow_cpycat 74 static const int STATIC_CONST_FIVE = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29273 73947/CWE124_Buffer_Underwrite__char_declare_cpy_06.c Buffer_Overflow_cpycat 96 static const int STATIC_CONST_FIVE = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29274 73947/CWE124_Buffer_Underwrite__char_declare_cpy_06.c Buffer_Overflow_cpycat 43 static const int STATIC_CONST_FIVE = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29275 73948/CWE124_Buffer_Underwrite__char_declare_cpy_07.c Buffer_Overflow_cpycat 98 static int staticFive = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29276 73948/CWE124_Buffer_Underwrite__char_declare_cpy_07.c Buffer_Overflow_cpycat 45 static int staticFive = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29277 73948/CWE124_Buffer_Underwrite__char_declare_cpy_07.c Buffer_Overflow_cpycat 76 static int staticFive = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29278 73949/CWE124_Buffer_Underwrite__char_declare_cpy_08.c Buffer_Overflow_cpycat 106 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29279 73949/CWE124_Buffer_Underwrite__char_declare_cpy_08.c Buffer_Overflow_cpycat 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsFalse()) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29280 73949/CWE124_Buffer_Underwrite__char_declare_cpy_08.c Buffer_Overflow_cpycat 84 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29281 73950/CWE124_Buffer_Underwrite__char_declare_cpy_09.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29282 73950/CWE124_Buffer_Underwrite__char_declare_cpy_09.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FALSE) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29283 73950/CWE124_Buffer_Underwrite__char_declare_cpy_09.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29284 73951/CWE124_Buffer_Underwrite__char_declare_cpy_10.c Buffer_Overflow_cpycat 70 int globalTrue = 1; int globalFalse = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29285 73951/CWE124_Buffer_Underwrite__char_declare_cpy_10.c Buffer_Overflow_cpycat 92 int globalTrue = 1; int globalFalse = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFalse) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29286 73951/CWE124_Buffer_Underwrite__char_declare_cpy_10.c Buffer_Overflow_cpycat 39 int globalTrue = 1; int globalFalse = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29287 73952/CWE124_Buffer_Underwrite__char_declare_cpy_11.c Buffer_Overflow_cpycat 70 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29288 73952/CWE124_Buffer_Underwrite__char_declare_cpy_11.c Buffer_Overflow_cpycat 92 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsFalse()) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29289 73952/CWE124_Buffer_Underwrite__char_declare_cpy_11.c Buffer_Overflow_cpycat 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29290 73954/CWE124_Buffer_Underwrite__char_declare_cpy_13.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29291 73954/CWE124_Buffer_Underwrite__char_declare_cpy_13.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29292 73954/CWE124_Buffer_Underwrite__char_declare_cpy_13.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29293 73955/CWE124_Buffer_Underwrite__char_declare_cpy_14.c Buffer_Overflow_cpycat 70 int globalFive = 5;  char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29294 73955/CWE124_Buffer_Underwrite__char_declare_cpy_14.c Buffer_Overflow_cpycat 92 int globalFive = 5;  char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29295 73955/CWE124_Buffer_Underwrite__char_declare_cpy_14.c Buffer_Overflow_cpycat 39 int globalFive = 5;  char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29296 73956/CWE124_Buffer_Underwrite__char_declare_cpy_15.c Buffer_Overflow_cpycat 77 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29297 73956/CWE124_Buffer_Underwrite__char_declare_cpy_15.c Buffer_Overflow_cpycat 105 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(5) case 6: break; default: data = dataBuffer; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29298 73956/CWE124_Buffer_Underwrite__char_declare_cpy_15.c Buffer_Overflow_cpycat 45 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29299 73957/CWE124_Buffer_Underwrite__char_declare_cpy_16.c Buffer_Overflow_cpycat 40 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer - 8; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29300 73957/CWE124_Buffer_Underwrite__char_declare_cpy_16.c Buffer_Overflow_cpycat 67 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29301 73958/CWE124_Buffer_Underwrite__char_declare_cpy_17.c Buffer_Overflow_cpycat 40 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29302 73958/CWE124_Buffer_Underwrite__char_declare_cpy_17.c Buffer_Overflow_cpycat 67 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(h = 0; h < 1; h++) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29303 73959/CWE124_Buffer_Underwrite__char_declare_cpy_18.c Buffer_Overflow_cpycat 38 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29304 73959/CWE124_Buffer_Underwrite__char_declare_cpy_18.c Buffer_Overflow_cpycat 63 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29305 73960/CWE124_Buffer_Underwrite__char_declare_cpy_31.c Buffer_Overflow_cpycat 66 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29306 73960/CWE124_Buffer_Underwrite__char_declare_cpy_31.c Buffer_Overflow_cpycat 39 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29307 73961/CWE124_Buffer_Underwrite__char_declare_cpy_32.c Buffer_Overflow_cpycat 44 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29308 73961/CWE124_Buffer_Underwrite__char_declare_cpy_32.c Buffer_Overflow_cpycat 76 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29309 73963/CWE124_Buffer_Underwrite__char_declare_cpy_34.c Buffer_Overflow_cpycat 74 typedef union char * unionFirst; char * unionSecond; } CWE124_Buffer_Underwrite__char_declare_cpy_34_unionType; CWE124_Buffer_Underwrite__char_declare_cpy_34_unionType myUnion; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29310 73963/CWE124_Buffer_Underwrite__char_declare_cpy_34.c Buffer_Overflow_cpycat 46 typedef union char * unionFirst; char * unionSecond; } CWE124_Buffer_Underwrite__char_declare_cpy_34_unionType; CWE124_Buffer_Underwrite__char_declare_cpy_34_unionType myUnion; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29311 73964/CWE124_Buffer_Underwrite__char_declare_cpy_41.c Buffer_Overflow_cpycat 30 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_cpy_41_badSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29312 73964/CWE124_Buffer_Underwrite__char_declare_cpy_41.c Buffer_Overflow_cpycat 57 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_cpy_41_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29313 73965/CWE124_Buffer_Underwrite__char_declare_cpy_44.c Buffer_Overflow_cpycat 61 char * data; void (*funcPtr) (char *) = badSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29314 73965/CWE124_Buffer_Underwrite__char_declare_cpy_44.c Buffer_Overflow_cpycat 30 char * data; void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29315 73966/CWE124_Buffer_Underwrite__char_declare_cpy_45.c Buffer_Overflow_cpycat 34 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_cpy_45_badData = data; badSink(); static void badSink() char * data = CWE124_Buffer_Underwrite__char_declare_cpy_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29316 73966/CWE124_Buffer_Underwrite__char_declare_cpy_45.c Buffer_Overflow_cpycat 64 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE124_Buffer_Underwrite__char_declare_cpy_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29317 73967/CWE124_Buffer_Underwrite__char_declare_cpy_51.c Buffer_Overflow_cpycat 123 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_cpy_51b_badSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29318 73967/CWE124_Buffer_Underwrite__char_declare_cpy_51.c Buffer_Overflow_cpycat 140 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_cpy_51b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29319 73968/CWE124_Buffer_Underwrite__char_declare_cpy_52.c Buffer_Overflow_cpycat 189 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_cpy_52b_badSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_52b_badSink(char * data) CWE124_Buffer_Underwrite__char_declare_cpy_52c_badSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29320 73968/CWE124_Buffer_Underwrite__char_declare_cpy_52.c Buffer_Overflow_cpycat 172 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_cpy_52b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_52b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_declare_cpy_52c_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29321 73969/CWE124_Buffer_Underwrite__char_declare_cpy_53.c Buffer_Overflow_cpycat 221 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_cpy_53b_badSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_53b_badSink(char * data) CWE124_Buffer_Underwrite__char_declare_cpy_53c_badSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_53c_badSink(char * data) CWE124_Buffer_Underwrite__char_declare_cpy_53d_badSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29322 73969/CWE124_Buffer_Underwrite__char_declare_cpy_53.c Buffer_Overflow_cpycat 238 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_cpy_53b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_53b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_declare_cpy_53c_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_53c_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_declare_cpy_53d_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29323 73970/CWE124_Buffer_Underwrite__char_declare_cpy_54.c Buffer_Overflow_cpycat 270 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_cpy_54b_badSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_54b_badSink(char * data) CWE124_Buffer_Underwrite__char_declare_cpy_54c_badSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_54c_badSink(char * data) CWE124_Buffer_Underwrite__char_declare_cpy_54d_badSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_54d_badSink(char * data) CWE124_Buffer_Underwrite__char_declare_cpy_54e_badSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29324 73970/CWE124_Buffer_Underwrite__char_declare_cpy_54.c Buffer_Overflow_cpycat 287 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_cpy_54b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_54b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_declare_cpy_54c_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_54c_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_declare_cpy_54d_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_54d_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_declare_cpy_54e_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_cpy_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29325 73971/CWE124_Buffer_Underwrite__char_declare_cpy_63.c Buffer_Overflow_cpycat 139 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_cpy_63b_badSink(&data); void CWE124_Buffer_Underwrite__char_declare_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29326 73971/CWE124_Buffer_Underwrite__char_declare_cpy_63.c Buffer_Overflow_cpycat 121 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_cpy_63b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__char_declare_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29327 73972/CWE124_Buffer_Underwrite__char_declare_cpy_64.c Buffer_Overflow_cpycat 145 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_cpy_64b_badSink(&data); void CWE124_Buffer_Underwrite__char_declare_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29328 73972/CWE124_Buffer_Underwrite__char_declare_cpy_64.c Buffer_Overflow_cpycat 124 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_cpy_64b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__char_declare_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29329 73973/CWE124_Buffer_Underwrite__char_declare_cpy_65.c Buffer_Overflow_cpycat 141 char * data; void (*funcPtr) (char *) = CWE124_Buffer_Underwrite__char_declare_cpy_65b_badSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void CWE124_Buffer_Underwrite__char_declare_cpy_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29330 73973/CWE124_Buffer_Underwrite__char_declare_cpy_65.c Buffer_Overflow_cpycat 124 char * data; void (*funcPtr) (char *) = CWE124_Buffer_Underwrite__char_declare_cpy_65b_goodG2BSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void CWE124_Buffer_Underwrite__char_declare_cpy_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29331 73974/CWE124_Buffer_Underwrite__char_declare_cpy_66.c Buffer_Overflow_cpycat 145 char * data; char * dataArray[5]; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; CWE124_Buffer_Underwrite__char_declare_cpy_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__char_declare_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29332 73974/CWE124_Buffer_Underwrite__char_declare_cpy_66.c Buffer_Overflow_cpycat 127 char * data; char * dataArray[5]; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; CWE124_Buffer_Underwrite__char_declare_cpy_66b_goodG2BSink(dataArray); void CWE124_Buffer_Underwrite__char_declare_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29333 73975/CWE124_Buffer_Underwrite__char_declare_cpy_67.c Buffer_Overflow_cpycat 153 typedef struct _CWE124_Buffer_Underwrite__char_declare_cpy_67_structType char * structFirst; } CWE124_Buffer_Underwrite__char_declare_cpy_67_structType; char * data; CWE124_Buffer_Underwrite__char_declare_cpy_67_structType myStruct; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE124_Buffer_Underwrite__char_declare_cpy_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__char_declare_cpy_67b_badSink(CWE124_Buffer_Underwrite__char_declare_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29334 73975/CWE124_Buffer_Underwrite__char_declare_cpy_67.c Buffer_Overflow_cpycat 135 typedef struct _CWE124_Buffer_Underwrite__char_declare_cpy_67_structType char * structFirst; } CWE124_Buffer_Underwrite__char_declare_cpy_67_structType; char * data; CWE124_Buffer_Underwrite__char_declare_cpy_67_structType myStruct; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; CWE124_Buffer_Underwrite__char_declare_cpy_67b_goodG2BSink(myStruct); void CWE124_Buffer_Underwrite__char_declare_cpy_67b_goodG2BSink(CWE124_Buffer_Underwrite__char_declare_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29335 73976/CWE124_Buffer_Underwrite__char_declare_cpy_68.c Buffer_Overflow_cpycat 150 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_cpy_68_badData = data; CWE124_Buffer_Underwrite__char_declare_cpy_68b_badSink(); void CWE124_Buffer_Underwrite__char_declare_cpy_68b_badSink() char * data = CWE124_Buffer_Underwrite__char_declare_cpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29336 73976/CWE124_Buffer_Underwrite__char_declare_cpy_68.c Buffer_Overflow_cpycat 132 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_cpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__char_declare_cpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__char_declare_cpy_68b_goodG2BSink() char * data = CWE124_Buffer_Underwrite__char_declare_cpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29337 73980/CWE124_Buffer_Underwrite__char_declare_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__char_declare_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__char_declare_cpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__char_declare_cpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29338 73980/CWE124_Buffer_Underwrite__char_declare_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__char_declare_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__char_declare_cpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__char_declare_cpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29339 73981/CWE124_Buffer_Underwrite__char_declare_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__char_declare_cpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__char_declare_cpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); delete baseObject; 1 --------------------------------- 29340 73981/CWE124_Buffer_Underwrite__char_declare_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__char_declare_cpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__char_declare_cpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); delete baseObject; 0 --------------------------------- 29341 74102/CWE124_Buffer_Underwrite__char_declare_ncpy_01.c Buffer_Overflow_LowBound 61 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29342 74102/CWE124_Buffer_Underwrite__char_declare_ncpy_01.c Buffer_Overflow_LowBound 36 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29343 74103/CWE124_Buffer_Underwrite__char_declare_ncpy_02.c Buffer_Overflow_LowBound 39 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29344 74103/CWE124_Buffer_Underwrite__char_declare_ncpy_02.c Buffer_Overflow_LowBound 96 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(0) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29345 74103/CWE124_Buffer_Underwrite__char_declare_ncpy_02.c Buffer_Overflow_LowBound 72 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29346 74104/CWE124_Buffer_Underwrite__char_declare_ncpy_03.c Buffer_Overflow_LowBound 39 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29347 74104/CWE124_Buffer_Underwrite__char_declare_ncpy_03.c Buffer_Overflow_LowBound 96 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29348 74104/CWE124_Buffer_Underwrite__char_declare_ncpy_03.c Buffer_Overflow_LowBound 72 char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29349 74105/CWE124_Buffer_Underwrite__char_declare_ncpy_04.c Buffer_Overflow_LowBound 103 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29350 74105/CWE124_Buffer_Underwrite__char_declare_ncpy_04.c Buffer_Overflow_LowBound 79 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FALSE) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29351 74105/CWE124_Buffer_Underwrite__char_declare_ncpy_04.c Buffer_Overflow_LowBound 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29352 74106/CWE124_Buffer_Underwrite__char_declare_ncpy_05.c Buffer_Overflow_LowBound 103 static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29353 74106/CWE124_Buffer_Underwrite__char_declare_ncpy_05.c Buffer_Overflow_LowBound 79 static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFalse) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29354 74106/CWE124_Buffer_Underwrite__char_declare_ncpy_05.c Buffer_Overflow_LowBound 46 static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29355 74107/CWE124_Buffer_Underwrite__char_declare_ncpy_06.c Buffer_Overflow_LowBound 43 static const int STATIC_CONST_FIVE = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29356 74107/CWE124_Buffer_Underwrite__char_declare_ncpy_06.c Buffer_Overflow_LowBound 100 static const int STATIC_CONST_FIVE = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29357 74107/CWE124_Buffer_Underwrite__char_declare_ncpy_06.c Buffer_Overflow_LowBound 76 static const int STATIC_CONST_FIVE = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29358 74108/CWE124_Buffer_Underwrite__char_declare_ncpy_07.c Buffer_Overflow_LowBound 78 static int staticFive = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29359 74108/CWE124_Buffer_Underwrite__char_declare_ncpy_07.c Buffer_Overflow_LowBound 102 static int staticFive = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29360 74108/CWE124_Buffer_Underwrite__char_declare_ncpy_07.c Buffer_Overflow_LowBound 45 static int staticFive = 5; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29361 74109/CWE124_Buffer_Underwrite__char_declare_ncpy_08.c Buffer_Overflow_LowBound 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29362 74109/CWE124_Buffer_Underwrite__char_declare_ncpy_08.c Buffer_Overflow_LowBound 86 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsFalse()) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29363 74109/CWE124_Buffer_Underwrite__char_declare_ncpy_08.c Buffer_Overflow_LowBound 110 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29364 74110/CWE124_Buffer_Underwrite__char_declare_ncpy_09.c Buffer_Overflow_LowBound 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29365 74110/CWE124_Buffer_Underwrite__char_declare_ncpy_09.c Buffer_Overflow_LowBound 96 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FALSE) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29366 74110/CWE124_Buffer_Underwrite__char_declare_ncpy_09.c Buffer_Overflow_LowBound 72 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29367 74111/CWE124_Buffer_Underwrite__char_declare_ncpy_10.c Buffer_Overflow_LowBound 39 int globalTrue = 1; int globalFalse = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29368 74111/CWE124_Buffer_Underwrite__char_declare_ncpy_10.c Buffer_Overflow_LowBound 96 int globalTrue = 1; int globalFalse = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFalse) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29369 74111/CWE124_Buffer_Underwrite__char_declare_ncpy_10.c Buffer_Overflow_LowBound 72 int globalTrue = 1; int globalFalse = 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29370 74112/CWE124_Buffer_Underwrite__char_declare_ncpy_11.c Buffer_Overflow_LowBound 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29371 74112/CWE124_Buffer_Underwrite__char_declare_ncpy_11.c Buffer_Overflow_LowBound 96 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsFalse()) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29372 74112/CWE124_Buffer_Underwrite__char_declare_ncpy_11.c Buffer_Overflow_LowBound 72 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29373 74114/CWE124_Buffer_Underwrite__char_declare_ncpy_13.c Buffer_Overflow_LowBound 39 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29374 74114/CWE124_Buffer_Underwrite__char_declare_ncpy_13.c Buffer_Overflow_LowBound 96 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29375 74114/CWE124_Buffer_Underwrite__char_declare_ncpy_13.c Buffer_Overflow_LowBound 72 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29376 74115/CWE124_Buffer_Underwrite__char_declare_ncpy_14.c Buffer_Overflow_LowBound 39 int globalFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29377 74115/CWE124_Buffer_Underwrite__char_declare_ncpy_14.c Buffer_Overflow_LowBound 96 int globalFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive!=5) { } else data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29378 74115/CWE124_Buffer_Underwrite__char_declare_ncpy_14.c Buffer_Overflow_LowBound 72 int globalFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29379 74116/CWE124_Buffer_Underwrite__char_declare_ncpy_15.c Buffer_Overflow_LowBound 79 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29380 74116/CWE124_Buffer_Underwrite__char_declare_ncpy_15.c Buffer_Overflow_LowBound 109 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(5) case 6: break; default: data = dataBuffer; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29381 74116/CWE124_Buffer_Underwrite__char_declare_ncpy_15.c Buffer_Overflow_LowBound 45 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29382 74117/CWE124_Buffer_Underwrite__char_declare_ncpy_16.c Buffer_Overflow_LowBound 40 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer - 8; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29383 74117/CWE124_Buffer_Underwrite__char_declare_ncpy_16.c Buffer_Overflow_LowBound 69 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29384 74118/CWE124_Buffer_Underwrite__char_declare_ncpy_17.c Buffer_Overflow_LowBound 40 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29385 74118/CWE124_Buffer_Underwrite__char_declare_ncpy_17.c Buffer_Overflow_LowBound 69 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(h = 0; h < 1; h++) data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29386 74119/CWE124_Buffer_Underwrite__char_declare_ncpy_18.c Buffer_Overflow_LowBound 38 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29387 74119/CWE124_Buffer_Underwrite__char_declare_ncpy_18.c Buffer_Overflow_LowBound 65 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29388 74120/CWE124_Buffer_Underwrite__char_declare_ncpy_31.c Buffer_Overflow_LowBound 39 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29389 74120/CWE124_Buffer_Underwrite__char_declare_ncpy_31.c Buffer_Overflow_LowBound 68 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29390 74121/CWE124_Buffer_Underwrite__char_declare_ncpy_32.c Buffer_Overflow_LowBound 78 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29391 74121/CWE124_Buffer_Underwrite__char_declare_ncpy_32.c Buffer_Overflow_LowBound 44 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29392 74123/CWE124_Buffer_Underwrite__char_declare_ncpy_34.c Buffer_Overflow_LowBound 46 typedef union char * unionFirst; char * unionSecond; } CWE124_Buffer_Underwrite__char_declare_ncpy_34_unionType; CWE124_Buffer_Underwrite__char_declare_ncpy_34_unionType myUnion; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29393 74123/CWE124_Buffer_Underwrite__char_declare_ncpy_34.c Buffer_Overflow_LowBound 76 typedef union char * unionFirst; char * unionSecond; } CWE124_Buffer_Underwrite__char_declare_ncpy_34_unionType; CWE124_Buffer_Underwrite__char_declare_ncpy_34_unionType myUnion; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29394 74124/CWE124_Buffer_Underwrite__char_declare_ncpy_41.c Buffer_Overflow_LowBound 30 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_ncpy_41_badSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29395 74124/CWE124_Buffer_Underwrite__char_declare_ncpy_41.c Buffer_Overflow_LowBound 59 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_ncpy_41_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29396 74125/CWE124_Buffer_Underwrite__char_declare_ncpy_44.c Buffer_Overflow_LowBound 63 char * data; void (*funcPtr) (char *) = badSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29397 74125/CWE124_Buffer_Underwrite__char_declare_ncpy_44.c Buffer_Overflow_LowBound 30 char * data; void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29398 74126/CWE124_Buffer_Underwrite__char_declare_ncpy_45.c Buffer_Overflow_LowBound 34 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE124_Buffer_Underwrite__char_declare_ncpy_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29399 74126/CWE124_Buffer_Underwrite__char_declare_ncpy_45.c Buffer_Overflow_LowBound 66 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE124_Buffer_Underwrite__char_declare_ncpy_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29400 74127/CWE124_Buffer_Underwrite__char_declare_ncpy_51.c Buffer_Overflow_LowBound 142 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_ncpy_51b_badSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29401 74127/CWE124_Buffer_Underwrite__char_declare_ncpy_51.c Buffer_Overflow_LowBound 123 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_ncpy_51b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29402 74128/CWE124_Buffer_Underwrite__char_declare_ncpy_52.c Buffer_Overflow_LowBound 191 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_ncpy_52b_badSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_52b_badSink(char * data) CWE124_Buffer_Underwrite__char_declare_ncpy_52c_badSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29403 74128/CWE124_Buffer_Underwrite__char_declare_ncpy_52.c Buffer_Overflow_LowBound 172 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_ncpy_52b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_52b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_declare_ncpy_52c_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29404 74129/CWE124_Buffer_Underwrite__char_declare_ncpy_53.c Buffer_Overflow_LowBound 240 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_ncpy_53b_badSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_53b_badSink(char * data) CWE124_Buffer_Underwrite__char_declare_ncpy_53c_badSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_53c_badSink(char * data) CWE124_Buffer_Underwrite__char_declare_ncpy_53d_badSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29405 74129/CWE124_Buffer_Underwrite__char_declare_ncpy_53.c Buffer_Overflow_LowBound 221 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_ncpy_53b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_53b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_declare_ncpy_53c_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_53c_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_declare_ncpy_53d_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29406 74130/CWE124_Buffer_Underwrite__char_declare_ncpy_54.c Buffer_Overflow_LowBound 270 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_ncpy_54b_badSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_54b_badSink(char * data) CWE124_Buffer_Underwrite__char_declare_ncpy_54c_badSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_54c_badSink(char * data) CWE124_Buffer_Underwrite__char_declare_ncpy_54d_badSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_54d_badSink(char * data) CWE124_Buffer_Underwrite__char_declare_ncpy_54e_badSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29407 74130/CWE124_Buffer_Underwrite__char_declare_ncpy_54.c Buffer_Overflow_LowBound 289 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_ncpy_54b_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_54b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_declare_ncpy_54c_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_54c_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_declare_ncpy_54d_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_54d_goodG2BSink(char * data) CWE124_Buffer_Underwrite__char_declare_ncpy_54e_goodG2BSink(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29408 74131/CWE124_Buffer_Underwrite__char_declare_ncpy_63.c Buffer_Overflow_LowBound 141 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_ncpy_63b_badSink(&data); void CWE124_Buffer_Underwrite__char_declare_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29409 74131/CWE124_Buffer_Underwrite__char_declare_ncpy_63.c Buffer_Overflow_LowBound 121 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_ncpy_63b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__char_declare_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29410 74132/CWE124_Buffer_Underwrite__char_declare_ncpy_64.c Buffer_Overflow_LowBound 147 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_ncpy_64b_badSink(&data); void CWE124_Buffer_Underwrite__char_declare_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29411 74132/CWE124_Buffer_Underwrite__char_declare_ncpy_64.c Buffer_Overflow_LowBound 124 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_ncpy_64b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__char_declare_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29412 74133/CWE124_Buffer_Underwrite__char_declare_ncpy_65.c Buffer_Overflow_LowBound 143 char * data; void (*funcPtr) (char *) = CWE124_Buffer_Underwrite__char_declare_ncpy_65b_badSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29413 74133/CWE124_Buffer_Underwrite__char_declare_ncpy_65.c Buffer_Overflow_LowBound 124 char * data; void (*funcPtr) (char *) = CWE124_Buffer_Underwrite__char_declare_ncpy_65b_goodG2BSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29414 74134/CWE124_Buffer_Underwrite__char_declare_ncpy_66.c Buffer_Overflow_LowBound 127 char * data; char * dataArray[5]; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; CWE124_Buffer_Underwrite__char_declare_ncpy_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__char_declare_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29415 74134/CWE124_Buffer_Underwrite__char_declare_ncpy_66.c Buffer_Overflow_LowBound 147 char * data; char * dataArray[5]; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; CWE124_Buffer_Underwrite__char_declare_ncpy_66b_goodG2BSink(dataArray); void CWE124_Buffer_Underwrite__char_declare_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29416 74135/CWE124_Buffer_Underwrite__char_declare_ncpy_67.c Buffer_Overflow_LowBound 135 typedef struct _CWE124_Buffer_Underwrite__char_declare_ncpy_67_structType char * structFirst; } CWE124_Buffer_Underwrite__char_declare_ncpy_67_structType; char * data; CWE124_Buffer_Underwrite__char_declare_ncpy_67_structType myStruct; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE124_Buffer_Underwrite__char_declare_ncpy_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__char_declare_ncpy_67b_badSink(CWE124_Buffer_Underwrite__char_declare_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29417 74135/CWE124_Buffer_Underwrite__char_declare_ncpy_67.c Buffer_Overflow_LowBound 155 typedef struct _CWE124_Buffer_Underwrite__char_declare_ncpy_67_structType char * structFirst; } CWE124_Buffer_Underwrite__char_declare_ncpy_67_structType; char * data; CWE124_Buffer_Underwrite__char_declare_ncpy_67_structType myStruct; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; CWE124_Buffer_Underwrite__char_declare_ncpy_67b_goodG2BSink(myStruct); void CWE124_Buffer_Underwrite__char_declare_ncpy_67b_goodG2BSink(CWE124_Buffer_Underwrite__char_declare_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29418 74136/CWE124_Buffer_Underwrite__char_declare_ncpy_68.c Buffer_Overflow_LowBound 152 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_ncpy_68_badData = data; CWE124_Buffer_Underwrite__char_declare_ncpy_68b_badSink(); void CWE124_Buffer_Underwrite__char_declare_ncpy_68b_badSink() char * data = CWE124_Buffer_Underwrite__char_declare_ncpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29419 74136/CWE124_Buffer_Underwrite__char_declare_ncpy_68.c Buffer_Overflow_LowBound 132 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_ncpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__char_declare_ncpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__char_declare_ncpy_68b_goodG2BSink() char * data = CWE124_Buffer_Underwrite__char_declare_ncpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29420 74140/CWE124_Buffer_Underwrite__char_declare_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__char_declare_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__char_declare_ncpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29421 74140/CWE124_Buffer_Underwrite__char_declare_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__char_declare_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__char_declare_ncpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29422 74141/CWE124_Buffer_Underwrite__char_declare_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__char_declare_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__char_declare_ncpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); delete baseObject; 1 --------------------------------- 29423 74141/CWE124_Buffer_Underwrite__char_declare_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__char_declare_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__char_declare_ncpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__char_declare_ncpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); delete baseObject; 0 --------------------------------- 29424 74238/CWE124_Buffer_Underwrite__malloc_char_cpy_01.c Buffer_Overflow_cpycat 67 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29425 74238/CWE124_Buffer_Underwrite__malloc_char_cpy_01.c Buffer_Overflow_cpycat 39 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29426 74239/CWE124_Buffer_Underwrite__malloc_char_cpy_02.c Buffer_Overflow_cpycat 42 char * data; data = NULL; if(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29427 74239/CWE124_Buffer_Underwrite__malloc_char_cpy_02.c Buffer_Overflow_cpycat 78 char * data; data = NULL; if(0) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29428 74239/CWE124_Buffer_Underwrite__malloc_char_cpy_02.c Buffer_Overflow_cpycat 105 char * data; data = NULL; if(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29429 74240/CWE124_Buffer_Underwrite__malloc_char_cpy_03.c Buffer_Overflow_cpycat 42 char * data; data = NULL; if(5==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29430 74240/CWE124_Buffer_Underwrite__malloc_char_cpy_03.c Buffer_Overflow_cpycat 78 char * data; data = NULL; if(5!=5) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29431 74240/CWE124_Buffer_Underwrite__malloc_char_cpy_03.c Buffer_Overflow_cpycat 105 char * data; data = NULL; if(5==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29432 74241/CWE124_Buffer_Underwrite__malloc_char_cpy_04.c Buffer_Overflow_cpycat 85 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29433 74241/CWE124_Buffer_Underwrite__malloc_char_cpy_04.c Buffer_Overflow_cpycat 112 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29434 74241/CWE124_Buffer_Underwrite__malloc_char_cpy_04.c Buffer_Overflow_cpycat 49 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29435 74242/CWE124_Buffer_Underwrite__malloc_char_cpy_05.c Buffer_Overflow_cpycat 85 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29436 74242/CWE124_Buffer_Underwrite__malloc_char_cpy_05.c Buffer_Overflow_cpycat 112 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29437 74242/CWE124_Buffer_Underwrite__malloc_char_cpy_05.c Buffer_Overflow_cpycat 49 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29438 74243/CWE124_Buffer_Underwrite__malloc_char_cpy_06.c Buffer_Overflow_cpycat 82 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29439 74243/CWE124_Buffer_Underwrite__malloc_char_cpy_06.c Buffer_Overflow_cpycat 109 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29440 74243/CWE124_Buffer_Underwrite__malloc_char_cpy_06.c Buffer_Overflow_cpycat 46 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29441 74244/CWE124_Buffer_Underwrite__malloc_char_cpy_07.c Buffer_Overflow_cpycat 48 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29442 74244/CWE124_Buffer_Underwrite__malloc_char_cpy_07.c Buffer_Overflow_cpycat 84 static int staticFive = 5; char * data; data = NULL; if(staticFive!=5) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29443 74244/CWE124_Buffer_Underwrite__malloc_char_cpy_07.c Buffer_Overflow_cpycat 111 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29444 74245/CWE124_Buffer_Underwrite__malloc_char_cpy_08.c Buffer_Overflow_cpycat 56 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29445 74245/CWE124_Buffer_Underwrite__malloc_char_cpy_08.c Buffer_Overflow_cpycat 92 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29446 74245/CWE124_Buffer_Underwrite__malloc_char_cpy_08.c Buffer_Overflow_cpycat 119 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29447 74246/CWE124_Buffer_Underwrite__malloc_char_cpy_09.c Buffer_Overflow_cpycat 42 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29448 74246/CWE124_Buffer_Underwrite__malloc_char_cpy_09.c Buffer_Overflow_cpycat 78 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29449 74246/CWE124_Buffer_Underwrite__malloc_char_cpy_09.c Buffer_Overflow_cpycat 105 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29450 74247/CWE124_Buffer_Underwrite__malloc_char_cpy_10.c Buffer_Overflow_cpycat 42 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29451 74247/CWE124_Buffer_Underwrite__malloc_char_cpy_10.c Buffer_Overflow_cpycat 78 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29452 74247/CWE124_Buffer_Underwrite__malloc_char_cpy_10.c Buffer_Overflow_cpycat 105 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29453 74248/CWE124_Buffer_Underwrite__malloc_char_cpy_11.c Buffer_Overflow_cpycat 42 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29454 74248/CWE124_Buffer_Underwrite__malloc_char_cpy_11.c Buffer_Overflow_cpycat 78 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsFalse()) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29455 74248/CWE124_Buffer_Underwrite__malloc_char_cpy_11.c Buffer_Overflow_cpycat 105 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29456 74250/CWE124_Buffer_Underwrite__malloc_char_cpy_13.c Buffer_Overflow_cpycat 42 const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29457 74250/CWE124_Buffer_Underwrite__malloc_char_cpy_13.c Buffer_Overflow_cpycat 78 const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29458 74250/CWE124_Buffer_Underwrite__malloc_char_cpy_13.c Buffer_Overflow_cpycat 105 const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29459 74251/CWE124_Buffer_Underwrite__malloc_char_cpy_14.c Buffer_Overflow_cpycat 42 int globalFive = 5; char * data; data = NULL; if(globalFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29460 74251/CWE124_Buffer_Underwrite__malloc_char_cpy_14.c Buffer_Overflow_cpycat 78 int globalFive = 5; char * data; data = NULL; if(globalFive!=5) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29461 74251/CWE124_Buffer_Underwrite__malloc_char_cpy_14.c Buffer_Overflow_cpycat 105 int globalFive = 5; char * data; data = NULL; if(globalFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29462 74252/CWE124_Buffer_Underwrite__malloc_char_cpy_15.c Buffer_Overflow_cpycat 85 char * data; data = NULL; switch(6) case 6: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29463 74252/CWE124_Buffer_Underwrite__malloc_char_cpy_15.c Buffer_Overflow_cpycat 48 char * data; data = NULL; switch(5) case 6: break; default: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29464 74252/CWE124_Buffer_Underwrite__malloc_char_cpy_15.c Buffer_Overflow_cpycat 118 char * data; data = NULL; switch(6) case 6: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29465 74253/CWE124_Buffer_Underwrite__malloc_char_cpy_16.c Buffer_Overflow_cpycat 75 char * data; data = NULL; while(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29466 74253/CWE124_Buffer_Underwrite__malloc_char_cpy_16.c Buffer_Overflow_cpycat 43 char * data; data = NULL; while(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29467 74254/CWE124_Buffer_Underwrite__malloc_char_cpy_17.c Buffer_Overflow_cpycat 75 char * data; data = NULL; for(i = 0; i < 1; i++) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29468 74254/CWE124_Buffer_Underwrite__malloc_char_cpy_17.c Buffer_Overflow_cpycat 43 char * data; data = NULL; for(h = 0; h < 1; h++) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29469 74255/CWE124_Buffer_Underwrite__malloc_char_cpy_18.c Buffer_Overflow_cpycat 41 char * data; data = NULL; goto source; source: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29470 74255/CWE124_Buffer_Underwrite__malloc_char_cpy_18.c Buffer_Overflow_cpycat 71 char * data; data = NULL; goto source; source: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29471 74256/CWE124_Buffer_Underwrite__malloc_char_cpy_21.c Buffer_Overflow_cpycat 133 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29472 74256/CWE124_Buffer_Underwrite__malloc_char_cpy_21.c Buffer_Overflow_cpycat 99 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29473 74256/CWE124_Buffer_Underwrite__malloc_char_cpy_21.c Buffer_Overflow_cpycat 52 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29474 74257/CWE124_Buffer_Underwrite__malloc_char_cpy_22.c Buffer_Overflow_cpycat 89 char * data; data = NULL; CWE124_Buffer_Underwrite__malloc_char_cpy_22_badGlobal = 1; data = CWE124_Buffer_Underwrite__malloc_char_cpy_22_badSource(data); char * CWE124_Buffer_Underwrite__malloc_char_cpy_22_badSource(char * data) if(CWE124_Buffer_Underwrite__malloc_char_cpy_22_badGlobal) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29475 74257/CWE124_Buffer_Underwrite__malloc_char_cpy_22.c Buffer_Overflow_cpycat 68 char * data; data = NULL; CWE124_Buffer_Underwrite__malloc_char_cpy_22_goodG2B1Global = 0; data = CWE124_Buffer_Underwrite__malloc_char_cpy_22_goodG2B1Source(data); char * CWE124_Buffer_Underwrite__malloc_char_cpy_22_goodG2B1Source(char * data) if(CWE124_Buffer_Underwrite__malloc_char_cpy_22_goodG2B1Global) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29476 74257/CWE124_Buffer_Underwrite__malloc_char_cpy_22.c Buffer_Overflow_cpycat 39 char * data; data = NULL; CWE124_Buffer_Underwrite__malloc_char_cpy_22_goodG2B2Global = 1; data = CWE124_Buffer_Underwrite__malloc_char_cpy_22_goodG2B2Source(data); char * CWE124_Buffer_Underwrite__malloc_char_cpy_22_goodG2B2Source(char * data) if(CWE124_Buffer_Underwrite__malloc_char_cpy_22_goodG2B2Global) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29477 74258/CWE124_Buffer_Underwrite__malloc_char_cpy_31.c Buffer_Overflow_cpycat 74 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29478 74258/CWE124_Buffer_Underwrite__malloc_char_cpy_31.c Buffer_Overflow_cpycat 42 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29479 74259/CWE124_Buffer_Underwrite__malloc_char_cpy_32.c Buffer_Overflow_cpycat 84 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29480 74259/CWE124_Buffer_Underwrite__malloc_char_cpy_32.c Buffer_Overflow_cpycat 47 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29481 74261/CWE124_Buffer_Underwrite__malloc_char_cpy_34.c Buffer_Overflow_cpycat 82 typedef union char * unionFirst; char * unionSecond; } CWE124_Buffer_Underwrite__malloc_char_cpy_34_unionType; char * data; CWE124_Buffer_Underwrite__malloc_char_cpy_34_unionType myUnion; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29482 74261/CWE124_Buffer_Underwrite__malloc_char_cpy_34.c Buffer_Overflow_cpycat 49 typedef union char * unionFirst; char * unionSecond; } CWE124_Buffer_Underwrite__malloc_char_cpy_34_unionType; char * data; CWE124_Buffer_Underwrite__malloc_char_cpy_34_unionType myUnion; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29483 74262/CWE124_Buffer_Underwrite__malloc_char_cpy_41.c Buffer_Overflow_cpycat 62 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_cpy_41_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29484 74262/CWE124_Buffer_Underwrite__malloc_char_cpy_41.c Buffer_Overflow_cpycat 30 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_cpy_41_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29485 74263/CWE124_Buffer_Underwrite__malloc_char_cpy_42.c Buffer_Overflow_cpycat 45 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29486 74263/CWE124_Buffer_Underwrite__malloc_char_cpy_42.c Buffer_Overflow_cpycat 79 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29487 74265/CWE124_Buffer_Underwrite__malloc_char_cpy_44.c Buffer_Overflow_cpycat 66 char * data; void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29488 74265/CWE124_Buffer_Underwrite__malloc_char_cpy_44.c Buffer_Overflow_cpycat 30 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29489 74266/CWE124_Buffer_Underwrite__malloc_char_cpy_45.c Buffer_Overflow_cpycat 34 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_cpy_45_badData = data; badSink(); static void badSink() char * data = CWE124_Buffer_Underwrite__malloc_char_cpy_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29490 74266/CWE124_Buffer_Underwrite__malloc_char_cpy_45.c Buffer_Overflow_cpycat 69 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE124_Buffer_Underwrite__malloc_char_cpy_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29491 74267/CWE124_Buffer_Underwrite__malloc_char_cpy_51.c Buffer_Overflow_cpycat 129 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_cpy_51b_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29492 74267/CWE124_Buffer_Underwrite__malloc_char_cpy_51.c Buffer_Overflow_cpycat 148 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_cpy_51b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29493 74268/CWE124_Buffer_Underwrite__malloc_char_cpy_52.c Buffer_Overflow_cpycat 178 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_cpy_52b_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_52b_badSink(char * data) CWE124_Buffer_Underwrite__malloc_char_cpy_52c_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29494 74268/CWE124_Buffer_Underwrite__malloc_char_cpy_52.c Buffer_Overflow_cpycat 197 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_cpy_52b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_52b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__malloc_char_cpy_52c_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29495 74269/CWE124_Buffer_Underwrite__malloc_char_cpy_53.c Buffer_Overflow_cpycat 227 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_cpy_53b_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_53b_badSink(char * data) CWE124_Buffer_Underwrite__malloc_char_cpy_53c_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_53c_badSink(char * data) CWE124_Buffer_Underwrite__malloc_char_cpy_53d_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29496 74269/CWE124_Buffer_Underwrite__malloc_char_cpy_53.c Buffer_Overflow_cpycat 246 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_cpy_53b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_53b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__malloc_char_cpy_53c_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_53c_goodG2BSink(char * data) CWE124_Buffer_Underwrite__malloc_char_cpy_53d_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29497 74270/CWE124_Buffer_Underwrite__malloc_char_cpy_54.c Buffer_Overflow_cpycat 276 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_cpy_54b_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_54b_badSink(char * data) CWE124_Buffer_Underwrite__malloc_char_cpy_54c_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_54c_badSink(char * data) CWE124_Buffer_Underwrite__malloc_char_cpy_54d_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_54d_badSink(char * data) CWE124_Buffer_Underwrite__malloc_char_cpy_54e_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29498 74270/CWE124_Buffer_Underwrite__malloc_char_cpy_54.c Buffer_Overflow_cpycat 295 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_cpy_54b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_54b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__malloc_char_cpy_54c_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_54c_goodG2BSink(char * data) CWE124_Buffer_Underwrite__malloc_char_cpy_54d_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_54d_goodG2BSink(char * data) CWE124_Buffer_Underwrite__malloc_char_cpy_54e_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29499 74271/CWE124_Buffer_Underwrite__malloc_char_cpy_61.c Buffer_Overflow_cpycat 36 char * data; data = NULL; data = CWE124_Buffer_Underwrite__malloc_char_cpy_61b_badSource(data); char * CWE124_Buffer_Underwrite__malloc_char_cpy_61b_badSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29500 74271/CWE124_Buffer_Underwrite__malloc_char_cpy_61.c Buffer_Overflow_cpycat 60 char * data; data = NULL; data = CWE124_Buffer_Underwrite__malloc_char_cpy_61b_goodG2BSource(data); char * CWE124_Buffer_Underwrite__malloc_char_cpy_61b_goodG2BSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29501 74273/CWE124_Buffer_Underwrite__malloc_char_cpy_63.c Buffer_Overflow_cpycat 147 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_cpy_63b_badSink(&data); void CWE124_Buffer_Underwrite__malloc_char_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29502 74273/CWE124_Buffer_Underwrite__malloc_char_cpy_63.c Buffer_Overflow_cpycat 127 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_cpy_63b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__malloc_char_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29503 74274/CWE124_Buffer_Underwrite__malloc_char_cpy_64.c Buffer_Overflow_cpycat 130 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_cpy_64b_badSink(&data); void CWE124_Buffer_Underwrite__malloc_char_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29504 74274/CWE124_Buffer_Underwrite__malloc_char_cpy_64.c Buffer_Overflow_cpycat 153 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_cpy_64b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__malloc_char_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29505 74275/CWE124_Buffer_Underwrite__malloc_char_cpy_65.c Buffer_Overflow_cpycat 130 char * data; void (*funcPtr) (char *) = CWE124_Buffer_Underwrite__malloc_char_cpy_65b_badSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29506 74275/CWE124_Buffer_Underwrite__malloc_char_cpy_65.c Buffer_Overflow_cpycat 149 char * data; void (*funcPtr) (char *) = CWE124_Buffer_Underwrite__malloc_char_cpy_65b_goodG2BSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29507 74276/CWE124_Buffer_Underwrite__malloc_char_cpy_66.c Buffer_Overflow_cpycat 133 char * data; char * dataArray[5]; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; CWE124_Buffer_Underwrite__malloc_char_cpy_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__malloc_char_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29508 74276/CWE124_Buffer_Underwrite__malloc_char_cpy_66.c Buffer_Overflow_cpycat 153 char * data; char * dataArray[5]; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; CWE124_Buffer_Underwrite__malloc_char_cpy_66b_goodG2BSink(dataArray); void CWE124_Buffer_Underwrite__malloc_char_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29509 74277/CWE124_Buffer_Underwrite__malloc_char_cpy_67.c Buffer_Overflow_cpycat 141 typedef struct _CWE124_Buffer_Underwrite__malloc_char_cpy_67_structType char * structFirst; } CWE124_Buffer_Underwrite__malloc_char_cpy_67_structType; char * data; CWE124_Buffer_Underwrite__malloc_char_cpy_67_structType myStruct; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE124_Buffer_Underwrite__malloc_char_cpy_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__malloc_char_cpy_67b_badSink(CWE124_Buffer_Underwrite__malloc_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29510 74277/CWE124_Buffer_Underwrite__malloc_char_cpy_67.c Buffer_Overflow_cpycat 161 typedef struct _CWE124_Buffer_Underwrite__malloc_char_cpy_67_structType char * structFirst; } CWE124_Buffer_Underwrite__malloc_char_cpy_67_structType; char * data; CWE124_Buffer_Underwrite__malloc_char_cpy_67_structType myStruct; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; CWE124_Buffer_Underwrite__malloc_char_cpy_67b_goodG2BSink(myStruct); void CWE124_Buffer_Underwrite__malloc_char_cpy_67b_goodG2BSink(CWE124_Buffer_Underwrite__malloc_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29511 74278/CWE124_Buffer_Underwrite__malloc_char_cpy_68.c Buffer_Overflow_cpycat 138 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_cpy_68_badData = data; CWE124_Buffer_Underwrite__malloc_char_cpy_68b_badSink(); void CWE124_Buffer_Underwrite__malloc_char_cpy_68b_badSink() char * data = CWE124_Buffer_Underwrite__malloc_char_cpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29512 74278/CWE124_Buffer_Underwrite__malloc_char_cpy_68.c Buffer_Overflow_cpycat 158 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_cpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__malloc_char_cpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__malloc_char_cpy_68b_goodG2BSink() char * data = CWE124_Buffer_Underwrite__malloc_char_cpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29513 74282/CWE124_Buffer_Underwrite__malloc_char_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__malloc_char_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__malloc_char_cpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29514 74282/CWE124_Buffer_Underwrite__malloc_char_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__malloc_char_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__malloc_char_cpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29515 74283/CWE124_Buffer_Underwrite__malloc_char_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__malloc_char_cpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); delete baseObject; 1 --------------------------------- 29516 74283/CWE124_Buffer_Underwrite__malloc_char_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__malloc_char_cpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__malloc_char_cpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); delete baseObject; 0 --------------------------------- 29517 74430/CWE124_Buffer_Underwrite__malloc_char_ncpy_01.c Buffer_Overflow_LowBound 39 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29518 74430/CWE124_Buffer_Underwrite__malloc_char_ncpy_01.c Buffer_Overflow_LowBound 69 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29519 74431/CWE124_Buffer_Underwrite__malloc_char_ncpy_02.c Buffer_Overflow_LowBound 80 char * data; data = NULL; if(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29520 74431/CWE124_Buffer_Underwrite__malloc_char_ncpy_02.c Buffer_Overflow_LowBound 109 char * data; data = NULL; if(0) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29521 74431/CWE124_Buffer_Underwrite__malloc_char_ncpy_02.c Buffer_Overflow_LowBound 42 char * data; data = NULL; if(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29522 74432/CWE124_Buffer_Underwrite__malloc_char_ncpy_03.c Buffer_Overflow_LowBound 80 char * data; data = NULL; if(5==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29523 74432/CWE124_Buffer_Underwrite__malloc_char_ncpy_03.c Buffer_Overflow_LowBound 109 char * data; data = NULL; if(5!=5) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29524 74432/CWE124_Buffer_Underwrite__malloc_char_ncpy_03.c Buffer_Overflow_LowBound 42 char * data; data = NULL; if(5==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29525 74433/CWE124_Buffer_Underwrite__malloc_char_ncpy_04.c Buffer_Overflow_LowBound 87 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29526 74433/CWE124_Buffer_Underwrite__malloc_char_ncpy_04.c Buffer_Overflow_LowBound 116 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29527 74433/CWE124_Buffer_Underwrite__malloc_char_ncpy_04.c Buffer_Overflow_LowBound 49 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29528 74434/CWE124_Buffer_Underwrite__malloc_char_ncpy_05.c Buffer_Overflow_LowBound 87 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29529 74434/CWE124_Buffer_Underwrite__malloc_char_ncpy_05.c Buffer_Overflow_LowBound 116 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29530 74434/CWE124_Buffer_Underwrite__malloc_char_ncpy_05.c Buffer_Overflow_LowBound 49 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29531 74435/CWE124_Buffer_Underwrite__malloc_char_ncpy_06.c Buffer_Overflow_LowBound 46 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29532 74435/CWE124_Buffer_Underwrite__malloc_char_ncpy_06.c Buffer_Overflow_LowBound 84 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29533 74435/CWE124_Buffer_Underwrite__malloc_char_ncpy_06.c Buffer_Overflow_LowBound 113 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29534 74436/CWE124_Buffer_Underwrite__malloc_char_ncpy_07.c Buffer_Overflow_LowBound 48 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29535 74436/CWE124_Buffer_Underwrite__malloc_char_ncpy_07.c Buffer_Overflow_LowBound 86 static int staticFive = 5; char * data; data = NULL; if(staticFive!=5) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29536 74436/CWE124_Buffer_Underwrite__malloc_char_ncpy_07.c Buffer_Overflow_LowBound 115 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29537 74437/CWE124_Buffer_Underwrite__malloc_char_ncpy_08.c Buffer_Overflow_LowBound 56 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29538 74437/CWE124_Buffer_Underwrite__malloc_char_ncpy_08.c Buffer_Overflow_LowBound 94 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29539 74437/CWE124_Buffer_Underwrite__malloc_char_ncpy_08.c Buffer_Overflow_LowBound 123 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29540 74438/CWE124_Buffer_Underwrite__malloc_char_ncpy_09.c Buffer_Overflow_LowBound 80 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29541 74438/CWE124_Buffer_Underwrite__malloc_char_ncpy_09.c Buffer_Overflow_LowBound 109 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29542 74438/CWE124_Buffer_Underwrite__malloc_char_ncpy_09.c Buffer_Overflow_LowBound 42 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29543 74439/CWE124_Buffer_Underwrite__malloc_char_ncpy_10.c Buffer_Overflow_LowBound 80 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29544 74439/CWE124_Buffer_Underwrite__malloc_char_ncpy_10.c Buffer_Overflow_LowBound 109 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29545 74439/CWE124_Buffer_Underwrite__malloc_char_ncpy_10.c Buffer_Overflow_LowBound 42 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29546 74440/CWE124_Buffer_Underwrite__malloc_char_ncpy_11.c Buffer_Overflow_LowBound 80 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29547 74440/CWE124_Buffer_Underwrite__malloc_char_ncpy_11.c Buffer_Overflow_LowBound 109 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsFalse()) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29548 74440/CWE124_Buffer_Underwrite__malloc_char_ncpy_11.c Buffer_Overflow_LowBound 42 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29549 74442/CWE124_Buffer_Underwrite__malloc_char_ncpy_13.c Buffer_Overflow_LowBound 80 const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29550 74442/CWE124_Buffer_Underwrite__malloc_char_ncpy_13.c Buffer_Overflow_LowBound 109 const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29551 74442/CWE124_Buffer_Underwrite__malloc_char_ncpy_13.c Buffer_Overflow_LowBound 42 const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29552 74443/CWE124_Buffer_Underwrite__malloc_char_ncpy_14.c Buffer_Overflow_LowBound 80 int globalFive = 5; char * data; data = NULL; if(globalFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29553 74443/CWE124_Buffer_Underwrite__malloc_char_ncpy_14.c Buffer_Overflow_LowBound 109 int globalFive = 5; char * data; data = NULL; if(globalFive!=5) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29554 74443/CWE124_Buffer_Underwrite__malloc_char_ncpy_14.c Buffer_Overflow_LowBound 42 int globalFive = 5; char * data; data = NULL; if(globalFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29555 74444/CWE124_Buffer_Underwrite__malloc_char_ncpy_15.c Buffer_Overflow_LowBound 87 char * data; data = NULL; switch(6) case 6: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29556 74444/CWE124_Buffer_Underwrite__malloc_char_ncpy_15.c Buffer_Overflow_LowBound 48 char * data; data = NULL; switch(5) case 6: break; default: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29557 74444/CWE124_Buffer_Underwrite__malloc_char_ncpy_15.c Buffer_Overflow_LowBound 122 char * data; data = NULL; switch(6) case 6: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; break; default: break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29558 74445/CWE124_Buffer_Underwrite__malloc_char_ncpy_16.c Buffer_Overflow_LowBound 77 char * data; data = NULL; while(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29559 74445/CWE124_Buffer_Underwrite__malloc_char_ncpy_16.c Buffer_Overflow_LowBound 43 char * data; data = NULL; while(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; break; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29560 74446/CWE124_Buffer_Underwrite__malloc_char_ncpy_17.c Buffer_Overflow_LowBound 77 char * data; data = NULL; for(i = 0; i < 1; i++) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29561 74446/CWE124_Buffer_Underwrite__malloc_char_ncpy_17.c Buffer_Overflow_LowBound 43 char * data; data = NULL; for(h = 0; h < 1; h++) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29562 74447/CWE124_Buffer_Underwrite__malloc_char_ncpy_18.c Buffer_Overflow_LowBound 41 char * data; data = NULL; goto source; source: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29563 74447/CWE124_Buffer_Underwrite__malloc_char_ncpy_18.c Buffer_Overflow_LowBound 73 char * data; data = NULL; goto source; source: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29564 74448/CWE124_Buffer_Underwrite__malloc_char_ncpy_21.c Buffer_Overflow_LowBound 101 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29565 74448/CWE124_Buffer_Underwrite__malloc_char_ncpy_21.c Buffer_Overflow_LowBound 52 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29566 74448/CWE124_Buffer_Underwrite__malloc_char_ncpy_21.c Buffer_Overflow_LowBound 137 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29567 74449/CWE124_Buffer_Underwrite__malloc_char_ncpy_22.c Buffer_Overflow_LowBound 39 char * data; data = NULL; CWE124_Buffer_Underwrite__malloc_char_ncpy_22_badGlobal = 1; data = CWE124_Buffer_Underwrite__malloc_char_ncpy_22_badSource(data); char * CWE124_Buffer_Underwrite__malloc_char_ncpy_22_badSource(char * data) if(CWE124_Buffer_Underwrite__malloc_char_ncpy_22_badGlobal) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29568 74449/CWE124_Buffer_Underwrite__malloc_char_ncpy_22.c Buffer_Overflow_LowBound 93 char * data; data = NULL; CWE124_Buffer_Underwrite__malloc_char_ncpy_22_goodG2B1Global = 0; data = CWE124_Buffer_Underwrite__malloc_char_ncpy_22_goodG2B1Source(data); char * CWE124_Buffer_Underwrite__malloc_char_ncpy_22_goodG2B1Source(char * data) if(CWE124_Buffer_Underwrite__malloc_char_ncpy_22_goodG2B1Global) { } else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29569 74449/CWE124_Buffer_Underwrite__malloc_char_ncpy_22.c Buffer_Overflow_LowBound 70 char * data; data = NULL; CWE124_Buffer_Underwrite__malloc_char_ncpy_22_goodG2B2Global = 1; data = CWE124_Buffer_Underwrite__malloc_char_ncpy_22_goodG2B2Source(data); char * CWE124_Buffer_Underwrite__malloc_char_ncpy_22_goodG2B2Source(char * data) if(CWE124_Buffer_Underwrite__malloc_char_ncpy_22_goodG2B2Global) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29570 74450/CWE124_Buffer_Underwrite__malloc_char_ncpy_31.c Buffer_Overflow_LowBound 76 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29571 74450/CWE124_Buffer_Underwrite__malloc_char_ncpy_31.c Buffer_Overflow_LowBound 42 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29572 74451/CWE124_Buffer_Underwrite__malloc_char_ncpy_32.c Buffer_Overflow_LowBound 47 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29573 74451/CWE124_Buffer_Underwrite__malloc_char_ncpy_32.c Buffer_Overflow_LowBound 86 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29574 74453/CWE124_Buffer_Underwrite__malloc_char_ncpy_34.c Buffer_Overflow_LowBound 84 typedef union char * unionFirst; char * unionSecond; } CWE124_Buffer_Underwrite__malloc_char_ncpy_34_unionType; char * data; CWE124_Buffer_Underwrite__malloc_char_ncpy_34_unionType myUnion; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29575 74453/CWE124_Buffer_Underwrite__malloc_char_ncpy_34.c Buffer_Overflow_LowBound 49 typedef union char * unionFirst; char * unionSecond; } CWE124_Buffer_Underwrite__malloc_char_ncpy_34_unionType; char * data; CWE124_Buffer_Underwrite__malloc_char_ncpy_34_unionType myUnion; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29576 74454/CWE124_Buffer_Underwrite__malloc_char_ncpy_41.c Buffer_Overflow_LowBound 64 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_ncpy_41_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29577 74454/CWE124_Buffer_Underwrite__malloc_char_ncpy_41.c Buffer_Overflow_LowBound 30 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_ncpy_41_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29578 74455/CWE124_Buffer_Underwrite__malloc_char_ncpy_42.c Buffer_Overflow_LowBound 45 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29579 74455/CWE124_Buffer_Underwrite__malloc_char_ncpy_42.c Buffer_Overflow_LowBound 81 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29580 74457/CWE124_Buffer_Underwrite__malloc_char_ncpy_44.c Buffer_Overflow_LowBound 30 char * data; void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29581 74457/CWE124_Buffer_Underwrite__malloc_char_ncpy_44.c Buffer_Overflow_LowBound 68 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29582 74458/CWE124_Buffer_Underwrite__malloc_char_ncpy_45.c Buffer_Overflow_LowBound 71 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE124_Buffer_Underwrite__malloc_char_ncpy_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29583 74458/CWE124_Buffer_Underwrite__malloc_char_ncpy_45.c Buffer_Overflow_LowBound 34 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE124_Buffer_Underwrite__malloc_char_ncpy_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29584 74459/CWE124_Buffer_Underwrite__malloc_char_ncpy_51.c Buffer_Overflow_LowBound 150 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_ncpy_51b_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29585 74459/CWE124_Buffer_Underwrite__malloc_char_ncpy_51.c Buffer_Overflow_LowBound 129 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_ncpy_51b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29586 74460/CWE124_Buffer_Underwrite__malloc_char_ncpy_52.c Buffer_Overflow_LowBound 199 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_ncpy_52b_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_52b_badSink(char * data) CWE124_Buffer_Underwrite__malloc_char_ncpy_52c_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29587 74460/CWE124_Buffer_Underwrite__malloc_char_ncpy_52.c Buffer_Overflow_LowBound 178 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_ncpy_52b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_52b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__malloc_char_ncpy_52c_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29588 74461/CWE124_Buffer_Underwrite__malloc_char_ncpy_53.c Buffer_Overflow_LowBound 248 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_ncpy_53b_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_53b_badSink(char * data) CWE124_Buffer_Underwrite__malloc_char_ncpy_53c_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_53c_badSink(char * data) CWE124_Buffer_Underwrite__malloc_char_ncpy_53d_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29589 74461/CWE124_Buffer_Underwrite__malloc_char_ncpy_53.c Buffer_Overflow_LowBound 227 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_ncpy_53b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_53b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__malloc_char_ncpy_53c_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_53c_goodG2BSink(char * data) CWE124_Buffer_Underwrite__malloc_char_ncpy_53d_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29590 74462/CWE124_Buffer_Underwrite__malloc_char_ncpy_54.c Buffer_Overflow_LowBound 276 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_ncpy_54b_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_54b_badSink(char * data) CWE124_Buffer_Underwrite__malloc_char_ncpy_54c_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_54c_badSink(char * data) CWE124_Buffer_Underwrite__malloc_char_ncpy_54d_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_54d_badSink(char * data) CWE124_Buffer_Underwrite__malloc_char_ncpy_54e_badSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29591 74462/CWE124_Buffer_Underwrite__malloc_char_ncpy_54.c Buffer_Overflow_LowBound 297 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_ncpy_54b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_54b_goodG2BSink(char * data) CWE124_Buffer_Underwrite__malloc_char_ncpy_54c_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_54c_goodG2BSink(char * data) CWE124_Buffer_Underwrite__malloc_char_ncpy_54d_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_54d_goodG2BSink(char * data) CWE124_Buffer_Underwrite__malloc_char_ncpy_54e_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29592 74463/CWE124_Buffer_Underwrite__malloc_char_ncpy_61.c Buffer_Overflow_LowBound 62 char * data; data = NULL; data = CWE124_Buffer_Underwrite__malloc_char_ncpy_61b_badSource(data); char * CWE124_Buffer_Underwrite__malloc_char_ncpy_61b_badSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29593 74463/CWE124_Buffer_Underwrite__malloc_char_ncpy_61.c Buffer_Overflow_LowBound 36 char * data; data = NULL; data = CWE124_Buffer_Underwrite__malloc_char_ncpy_61b_goodG2BSource(data); char * CWE124_Buffer_Underwrite__malloc_char_ncpy_61b_goodG2BSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29594 74465/CWE124_Buffer_Underwrite__malloc_char_ncpy_63.c Buffer_Overflow_LowBound 127 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_ncpy_63b_badSink(&data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29595 74465/CWE124_Buffer_Underwrite__malloc_char_ncpy_63.c Buffer_Overflow_LowBound 149 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_ncpy_63b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29596 74466/CWE124_Buffer_Underwrite__malloc_char_ncpy_64.c Buffer_Overflow_LowBound 155 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_ncpy_64b_badSink(&data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29597 74466/CWE124_Buffer_Underwrite__malloc_char_ncpy_64.c Buffer_Overflow_LowBound 130 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_ncpy_64b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29598 74467/CWE124_Buffer_Underwrite__malloc_char_ncpy_65.c Buffer_Overflow_LowBound 151 char * data; void (*funcPtr) (char *) = CWE124_Buffer_Underwrite__malloc_char_ncpy_65b_badSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29599 74467/CWE124_Buffer_Underwrite__malloc_char_ncpy_65.c Buffer_Overflow_LowBound 130 char * data; void (*funcPtr) (char *) = CWE124_Buffer_Underwrite__malloc_char_ncpy_65b_goodG2BSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29600 74468/CWE124_Buffer_Underwrite__malloc_char_ncpy_66.c Buffer_Overflow_LowBound 133 char * data; char * dataArray[5]; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; CWE124_Buffer_Underwrite__malloc_char_ncpy_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__malloc_char_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29601 74468/CWE124_Buffer_Underwrite__malloc_char_ncpy_66.c Buffer_Overflow_LowBound 155 char * data; char * dataArray[5]; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; CWE124_Buffer_Underwrite__malloc_char_ncpy_66b_goodG2BSink(dataArray); void CWE124_Buffer_Underwrite__malloc_char_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29602 74469/CWE124_Buffer_Underwrite__malloc_char_ncpy_67.c Buffer_Overflow_LowBound 141 typedef struct _CWE124_Buffer_Underwrite__malloc_char_ncpy_67_structType char * structFirst; } CWE124_Buffer_Underwrite__malloc_char_ncpy_67_structType; char * data; CWE124_Buffer_Underwrite__malloc_char_ncpy_67_structType myStruct; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE124_Buffer_Underwrite__malloc_char_ncpy_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__malloc_char_ncpy_67b_badSink(CWE124_Buffer_Underwrite__malloc_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29603 74469/CWE124_Buffer_Underwrite__malloc_char_ncpy_67.c Buffer_Overflow_LowBound 163 typedef struct _CWE124_Buffer_Underwrite__malloc_char_ncpy_67_structType char * structFirst; } CWE124_Buffer_Underwrite__malloc_char_ncpy_67_structType; char * data; CWE124_Buffer_Underwrite__malloc_char_ncpy_67_structType myStruct; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; CWE124_Buffer_Underwrite__malloc_char_ncpy_67b_goodG2BSink(myStruct); void CWE124_Buffer_Underwrite__malloc_char_ncpy_67b_goodG2BSink(CWE124_Buffer_Underwrite__malloc_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29604 74470/CWE124_Buffer_Underwrite__malloc_char_ncpy_68.c Buffer_Overflow_LowBound 160 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_ncpy_68_badData = data; CWE124_Buffer_Underwrite__malloc_char_ncpy_68b_badSink(); void CWE124_Buffer_Underwrite__malloc_char_ncpy_68b_badSink() char * data = CWE124_Buffer_Underwrite__malloc_char_ncpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29605 74470/CWE124_Buffer_Underwrite__malloc_char_ncpy_68.c Buffer_Overflow_LowBound 138 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_ncpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__malloc_char_ncpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__malloc_char_ncpy_68b_goodG2BSink() char * data = CWE124_Buffer_Underwrite__malloc_char_ncpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29606 74474/CWE124_Buffer_Underwrite__malloc_char_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__malloc_char_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__malloc_char_ncpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29607 74474/CWE124_Buffer_Underwrite__malloc_char_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__malloc_char_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__malloc_char_ncpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29608 74475/CWE124_Buffer_Underwrite__malloc_char_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_char_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__malloc_char_ncpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); delete baseObject; 1 --------------------------------- 29609 74475/CWE124_Buffer_Underwrite__malloc_char_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_char_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__malloc_char_ncpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__malloc_char_ncpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); delete baseObject; 0 --------------------------------- 29610 74478/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_01.c Buffer_Overflow_cpycat 39 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29611 74478/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_01.c Buffer_Overflow_cpycat 67 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29612 74479/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_02.c Buffer_Overflow_cpycat 78 wchar_t * data; data = NULL; if(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29613 74479/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_02.c Buffer_Overflow_cpycat 105 wchar_t * data; data = NULL; if(0) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29614 74479/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_02.c Buffer_Overflow_cpycat 42 wchar_t * data; data = NULL; if(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29615 74480/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_03.c Buffer_Overflow_cpycat 78 wchar_t * data; data = NULL; if(5==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29616 74480/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_03.c Buffer_Overflow_cpycat 105 wchar_t * data; data = NULL; if(5!=5) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29617 74480/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_03.c Buffer_Overflow_cpycat 42 wchar_t * data; data = NULL; if(5==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29618 74481/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_04.c Buffer_Overflow_cpycat 49 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29619 74481/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_04.c Buffer_Overflow_cpycat 85 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_FALSE) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29620 74481/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_04.c Buffer_Overflow_cpycat 112 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29621 74482/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_05.c Buffer_Overflow_cpycat 49 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29622 74482/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_05.c Buffer_Overflow_cpycat 85 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticFalse) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29623 74482/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_05.c Buffer_Overflow_cpycat 112 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29624 74483/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_06.c Buffer_Overflow_cpycat 46 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29625 74483/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_06.c Buffer_Overflow_cpycat 82 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE!=5) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29626 74483/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_06.c Buffer_Overflow_cpycat 109 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29627 74484/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_07.c Buffer_Overflow_cpycat 84 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29628 74484/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_07.c Buffer_Overflow_cpycat 111 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive!=5) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29629 74484/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_07.c Buffer_Overflow_cpycat 48 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29630 74485/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_08.c Buffer_Overflow_cpycat 92 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29631 74485/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_08.c Buffer_Overflow_cpycat 119 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsFalse()) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29632 74485/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_08.c Buffer_Overflow_cpycat 56 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29633 74486/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_09.c Buffer_Overflow_cpycat 78 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29634 74486/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_09.c Buffer_Overflow_cpycat 105 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_FALSE) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29635 74486/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_09.c Buffer_Overflow_cpycat 42 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29636 74487/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_10.c Buffer_Overflow_cpycat 78 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29637 74487/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_10.c Buffer_Overflow_cpycat 105 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalFalse) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29638 74487/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_10.c Buffer_Overflow_cpycat 42 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29639 74488/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_11.c Buffer_Overflow_cpycat 78 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29640 74488/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_11.c Buffer_Overflow_cpycat 105 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsFalse()) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29641 74488/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_11.c Buffer_Overflow_cpycat 42 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29642 74490/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_13.c Buffer_Overflow_cpycat 78 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29643 74490/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_13.c Buffer_Overflow_cpycat 105 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29644 74490/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_13.c Buffer_Overflow_cpycat 42 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29645 74491/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_14.c Buffer_Overflow_cpycat 78 int globalFive = 5; wchar_t * data; data = NULL; if(globalFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29646 74491/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_14.c Buffer_Overflow_cpycat 105 int globalFive = 5; wchar_t * data; data = NULL; if(globalFive!=5) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29647 74491/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_14.c Buffer_Overflow_cpycat 42 int globalFive = 5; wchar_t * data; data = NULL; if(globalFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29648 74492/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_15.c Buffer_Overflow_cpycat 118 wchar_t * data; data = NULL; switch(6) case 6: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29649 74492/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_15.c Buffer_Overflow_cpycat 85 wchar_t * data; data = NULL; switch(5) case 6: break; default: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29650 74492/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_15.c Buffer_Overflow_cpycat 48 wchar_t * data; data = NULL; switch(6) case 6: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29651 74493/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_16.c Buffer_Overflow_cpycat 43 wchar_t * data; data = NULL; while(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29652 74493/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_16.c Buffer_Overflow_cpycat 75 wchar_t * data; data = NULL; while(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29653 74494/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_17.c Buffer_Overflow_cpycat 43 wchar_t * data; data = NULL; for(i = 0; i < 1; i++) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29654 74494/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_17.c Buffer_Overflow_cpycat 75 wchar_t * data; data = NULL; for(h = 0; h < 1; h++) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29655 74495/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_18.c Buffer_Overflow_cpycat 41 wchar_t * data; data = NULL; goto source; source: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29656 74495/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_18.c Buffer_Overflow_cpycat 71 wchar_t * data; data = NULL; goto source; source: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29657 74496/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_21.c Buffer_Overflow_cpycat 52 wchar_t * data; data = NULL; badStatic = 1; data = badSource(data); static wchar_t * badSource(wchar_t * data) if(badStatic) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29658 74496/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_21.c Buffer_Overflow_cpycat 133 wchar_t * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Static) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29659 74496/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_21.c Buffer_Overflow_cpycat 99 wchar_t * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Static) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29660 74497/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22.c Buffer_Overflow_cpycat 89 wchar_t * data; data = NULL; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22_badGlobal = 1; data = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22_badSource(data); wchar_t * CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22_badSource(wchar_t * data) if(CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22_badGlobal) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29661 74497/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22.c Buffer_Overflow_cpycat 68 wchar_t * data; data = NULL; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22_goodG2B1Global = 0; data = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22_goodG2B1Source(data); wchar_t * CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22_goodG2B1Source(wchar_t * data) if(CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22_goodG2B1Global) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29662 74497/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22.c Buffer_Overflow_cpycat 39 wchar_t * data; data = NULL; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22_goodG2B2Global = 1; data = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22_goodG2B2Source(data); wchar_t * CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22_goodG2B2Source(wchar_t * data) if(CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_22_goodG2B2Global) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29663 74498/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_31.c Buffer_Overflow_cpycat 42 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29664 74498/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_31.c Buffer_Overflow_cpycat 74 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29665 74499/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_32.c Buffer_Overflow_cpycat 84 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29666 74499/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_32.c Buffer_Overflow_cpycat 47 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29667 74501/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_34.c Buffer_Overflow_cpycat 49 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_34_unionType; wchar_t * data; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_34_unionType myUnion; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29668 74501/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_34.c Buffer_Overflow_cpycat 82 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_34_unionType; wchar_t * data; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_34_unionType myUnion; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29669 74502/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_41.c Buffer_Overflow_cpycat 30 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_41_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_41_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29670 74502/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_41.c Buffer_Overflow_cpycat 62 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_41_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_41_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29671 74503/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_42.c Buffer_Overflow_cpycat 79 wchar_t * data; data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29672 74503/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_42.c Buffer_Overflow_cpycat 45 wchar_t * data; data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29673 74505/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_44.c Buffer_Overflow_cpycat 30 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29674 74505/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_44.c Buffer_Overflow_cpycat 66 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29675 74506/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_45.c Buffer_Overflow_cpycat 34 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_45_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29676 74506/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_45.c Buffer_Overflow_cpycat 69 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_45_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29677 74507/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_51.c Buffer_Overflow_cpycat 129 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_51b_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_51b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29678 74507/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_51.c Buffer_Overflow_cpycat 148 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_51b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29679 74508/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_52.c Buffer_Overflow_cpycat 178 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_52b_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_52b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_52c_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_52c_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29680 74508/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_52.c Buffer_Overflow_cpycat 197 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_52b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_52b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_52c_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29681 74509/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53.c Buffer_Overflow_cpycat 246 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53b_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53c_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53c_badSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53d_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53d_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29682 74509/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53.c Buffer_Overflow_cpycat 227 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53c_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53c_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53d_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29683 74510/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54.c Buffer_Overflow_cpycat 276 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54b_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54c_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54c_badSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54d_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54d_badSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54e_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54e_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29684 74510/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54.c Buffer_Overflow_cpycat 295 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54c_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54c_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54d_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54d_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54e_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29685 74511/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_61.c Buffer_Overflow_cpycat 60 wchar_t * data; data = NULL; data = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_61b_badSource(data); wchar_t * CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_61b_badSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29686 74511/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_61.c Buffer_Overflow_cpycat 36 wchar_t * data; data = NULL; data = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_61b_goodG2BSource(data); wchar_t * CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_61b_goodG2BSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29687 74513/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_63.c Buffer_Overflow_cpycat 127 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_63b_badSink(&data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29688 74513/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_63.c Buffer_Overflow_cpycat 147 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_63b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29689 74514/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_64.c Buffer_Overflow_cpycat 153 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_64b_badSink(&data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29690 74514/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_64.c Buffer_Overflow_cpycat 130 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_64b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29691 74515/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_65.c Buffer_Overflow_cpycat 130 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_65b_badSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_65b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29692 74515/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_65.c Buffer_Overflow_cpycat 149 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_65b_goodG2BSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29693 74516/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_66.c Buffer_Overflow_cpycat 153 wchar_t * data; wchar_t * dataArray[5]; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataArray[2] = data; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29694 74516/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_66.c Buffer_Overflow_cpycat 133 wchar_t * data; wchar_t * dataArray[5]; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataArray[2] = data; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_66b_goodG2BSink(dataArray); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29695 74517/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67.c Buffer_Overflow_cpycat 161 typedef struct _CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67_structType wchar_t * structFirst; } CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67_structType; wchar_t * data; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67_structType myStruct; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67b_badSink(CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29696 74517/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67.c Buffer_Overflow_cpycat 141 typedef struct _CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67_structType wchar_t * structFirst; } CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67_structType; wchar_t * data; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67_structType myStruct; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myStruct.structFirst = data; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67b_goodG2BSink(myStruct); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67b_goodG2BSink(CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29697 74518/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_68.c Buffer_Overflow_cpycat 158 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_68_badData = data; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_68b_badSink(); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_68b_badSink() wchar_t * data = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29698 74518/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_68.c Buffer_Overflow_cpycat 138 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_68b_goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29699 74522/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29700 74522/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29701 74523/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); delete baseObject; 1 --------------------------------- 29702 74523/CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_cpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); delete baseObject; 0 --------------------------------- 29703 74670/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_01.c Buffer_Overflow_LowBound 39 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29704 74670/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_01.c Buffer_Overflow_LowBound 69 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29705 74671/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_02.c Buffer_Overflow_LowBound 42 wchar_t * data; data = NULL; if(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29706 74671/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_02.c Buffer_Overflow_LowBound 80 wchar_t * data; data = NULL; if(0) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29707 74671/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_02.c Buffer_Overflow_LowBound 109 wchar_t * data; data = NULL; if(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29708 74672/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_03.c Buffer_Overflow_LowBound 42 wchar_t * data; data = NULL; if(5==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29709 74672/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_03.c Buffer_Overflow_LowBound 80 wchar_t * data; data = NULL; if(5!=5) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29710 74672/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_03.c Buffer_Overflow_LowBound 109 wchar_t * data; data = NULL; if(5==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29711 74673/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_04.c Buffer_Overflow_LowBound 116 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29712 74673/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_04.c Buffer_Overflow_LowBound 49 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_FALSE) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29713 74673/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_04.c Buffer_Overflow_LowBound 87 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29714 74674/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_05.c Buffer_Overflow_LowBound 116 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29715 74674/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_05.c Buffer_Overflow_LowBound 49 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticFalse) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29716 74674/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_05.c Buffer_Overflow_LowBound 87 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29717 74675/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_06.c Buffer_Overflow_LowBound 84 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29718 74675/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_06.c Buffer_Overflow_LowBound 113 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE!=5) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29719 74675/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_06.c Buffer_Overflow_LowBound 46 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29720 74676/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_07.c Buffer_Overflow_LowBound 115 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29721 74676/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_07.c Buffer_Overflow_LowBound 48 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive!=5) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29722 74676/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_07.c Buffer_Overflow_LowBound 86 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29723 74677/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 123 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29724 74677/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 56 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsFalse()) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29725 74677/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 94 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29726 74678/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 42 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29727 74678/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 80 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_FALSE) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29728 74678/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 109 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29729 74679/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 42 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29730 74679/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 80 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalFalse) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29731 74679/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 109 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29732 74680/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 42 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29733 74680/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 80 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsFalse()) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29734 74680/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 109 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29735 74682/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 42 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29736 74682/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 80 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29737 74682/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 109 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29738 74683/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 42 int globalFive = 5; wchar_t * data; data = NULL; if(globalFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29739 74683/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 80 int globalFive = 5; wchar_t * data; data = NULL; if(globalFive!=5) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29740 74683/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 109 int globalFive = 5; wchar_t * data; data = NULL; if(globalFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29741 74684/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 122 wchar_t * data; data = NULL; switch(6) case 6: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29742 74684/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 87 wchar_t * data; data = NULL; switch(5) case 6: break; default: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29743 74684/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 48 wchar_t * data; data = NULL; switch(6) case 6: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29744 74685/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_16.c Buffer_Overflow_LowBound 43 wchar_t * data; data = NULL; while(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29745 74685/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_16.c Buffer_Overflow_LowBound 77 wchar_t * data; data = NULL; while(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29746 74686/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_17.c Buffer_Overflow_LowBound 43 wchar_t * data; data = NULL; for(i = 0; i < 1; i++) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29747 74686/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_17.c Buffer_Overflow_LowBound 77 wchar_t * data; data = NULL; for(h = 0; h < 1; h++) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29748 74687/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_18.c Buffer_Overflow_LowBound 73 wchar_t * data; data = NULL; goto source; source: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29749 74687/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_18.c Buffer_Overflow_LowBound 41 wchar_t * data; data = NULL; goto source; source: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29750 74688/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 52 wchar_t * data; data = NULL; badStatic = 1; data = badSource(data); static wchar_t * badSource(wchar_t * data) if(badStatic) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29751 74688/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 137 wchar_t * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Static) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29752 74688/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 101 wchar_t * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Static) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29753 74689/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 39 wchar_t * data; data = NULL; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22_badGlobal = 1; data = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22_badSource(data); wchar_t * CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22_badSource(wchar_t * data) if(CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22_badGlobal) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29754 74689/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 93 wchar_t * data; data = NULL; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22_goodG2B1Global = 0; data = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22_goodG2B1Source(data); wchar_t * CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22_goodG2B1Source(wchar_t * data) if(CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22_goodG2B1Global) { } else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29755 74689/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 70 wchar_t * data; data = NULL; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22_goodG2B2Global = 1; data = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22_goodG2B2Source(data); wchar_t * CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22_goodG2B2Source(wchar_t * data) if(CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_22_goodG2B2Global) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29756 74690/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_31.c Buffer_Overflow_LowBound 76 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29757 74690/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_31.c Buffer_Overflow_LowBound 42 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29758 74691/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_32.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29759 74691/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_32.c Buffer_Overflow_LowBound 86 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29760 74693/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_34.c Buffer_Overflow_LowBound 84 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_34_unionType; wchar_t * data; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_34_unionType myUnion; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29761 74693/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_34.c Buffer_Overflow_LowBound 49 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_34_unionType; wchar_t * data; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_34_unionType myUnion; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29762 74694/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_41.c Buffer_Overflow_LowBound 64 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_41_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_41_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29763 74694/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_41.c Buffer_Overflow_LowBound 30 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_41_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_41_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29764 74695/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_42.c Buffer_Overflow_LowBound 81 wchar_t * data; data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29765 74695/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_42.c Buffer_Overflow_LowBound 45 wchar_t * data; data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29766 74697/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_44.c Buffer_Overflow_LowBound 68 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29767 74697/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_44.c Buffer_Overflow_LowBound 30 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29768 74698/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_45.c Buffer_Overflow_LowBound 34 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_45_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29769 74698/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_45.c Buffer_Overflow_LowBound 71 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_45_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29770 74699/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_51.c Buffer_Overflow_LowBound 129 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_51b_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_51b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29771 74699/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_51.c Buffer_Overflow_LowBound 150 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_51b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29772 74700/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_52.c Buffer_Overflow_LowBound 178 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_52b_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_52b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_52c_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_52c_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29773 74700/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_52.c Buffer_Overflow_LowBound 199 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_52b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_52b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_52c_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29774 74701/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53.c Buffer_Overflow_LowBound 227 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53b_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53c_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53c_badSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53d_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53d_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29775 74701/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53.c Buffer_Overflow_LowBound 248 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53c_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53c_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53d_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29776 74702/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54.c Buffer_Overflow_LowBound 276 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54b_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54c_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54c_badSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54d_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54d_badSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54e_badSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54e_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29777 74702/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54.c Buffer_Overflow_LowBound 297 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54b_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54c_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54c_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54d_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54d_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54e_goodG2BSink(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29778 74703/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_61.c Buffer_Overflow_LowBound 36 wchar_t * data; data = NULL; data = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_61b_badSource(data); wchar_t * CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_61b_badSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29779 74703/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_61.c Buffer_Overflow_LowBound 62 wchar_t * data; data = NULL; data = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_61b_goodG2BSource(data); wchar_t * CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_61b_goodG2BSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29780 74705/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_63.c Buffer_Overflow_LowBound 127 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_63b_badSink(&data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29781 74705/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_63.c Buffer_Overflow_LowBound 149 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_63b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29782 74706/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_64.c Buffer_Overflow_LowBound 155 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_64b_badSink(&data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29783 74706/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_64.c Buffer_Overflow_LowBound 130 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_64b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29784 74707/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_65.c Buffer_Overflow_LowBound 130 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_65b_badSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_65b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29785 74707/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_65.c Buffer_Overflow_LowBound 151 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_65b_goodG2BSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29786 74708/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_66.c Buffer_Overflow_LowBound 155 wchar_t * data; wchar_t * dataArray[5]; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataArray[2] = data; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29787 74708/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_66.c Buffer_Overflow_LowBound 133 wchar_t * data; wchar_t * dataArray[5]; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataArray[2] = data; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_66b_goodG2BSink(dataArray); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29788 74709/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67.c Buffer_Overflow_LowBound 163 typedef struct _CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67_structType wchar_t * structFirst; } CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67_structType; wchar_t * data; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67_structType myStruct; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67b_badSink(CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29789 74709/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67.c Buffer_Overflow_LowBound 141 typedef struct _CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67_structType wchar_t * structFirst; } CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67_structType; wchar_t * data; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67_structType myStruct; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myStruct.structFirst = data; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67b_goodG2BSink(myStruct); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67b_goodG2BSink(CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29790 74710/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_68.c Buffer_Overflow_LowBound 138 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_68_badData = data; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_68b_badSink(); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_68b_badSink() wchar_t * data = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29791 74710/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_68.c Buffer_Overflow_LowBound 160 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_68b_goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29792 74714/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29793 74714/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29794 74715/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); delete baseObject; 1 --------------------------------- 29795 74715/CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__malloc_wchar_t_ncpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); delete baseObject; 0 --------------------------------- 29796 74762/CWE124_Buffer_Underwrite__new_char_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__new_char_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__new_char_cpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__new_char_cpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 29797 74762/CWE124_Buffer_Underwrite__new_char_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__new_char_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__new_char_cpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__new_char_cpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 29798 74763/CWE124_Buffer_Underwrite__new_char_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__new_char_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__new_char_cpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__new_char_cpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); delete baseObject; 1 --------------------------------- 29799 74763/CWE124_Buffer_Underwrite__new_char_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__new_char_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__new_char_cpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__new_char_cpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); delete baseObject; 0 --------------------------------- 29800 74954/CWE124_Buffer_Underwrite__new_char_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__new_char_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__new_char_ncpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__new_char_ncpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 29801 74954/CWE124_Buffer_Underwrite__new_char_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__new_char_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__new_char_ncpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__new_char_ncpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 29802 74955/CWE124_Buffer_Underwrite__new_char_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__new_char_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__new_char_ncpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__new_char_ncpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); delete baseObject; 1 --------------------------------- 29803 74955/CWE124_Buffer_Underwrite__new_char_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE124_Buffer_Underwrite__new_char_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__new_char_ncpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__new_char_ncpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); delete baseObject; 0 --------------------------------- 29804 75002/CWE124_Buffer_Underwrite__new_wchar_t_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__new_wchar_t_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__new_wchar_t_cpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__new_wchar_t_cpy_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29805 75002/CWE124_Buffer_Underwrite__new_wchar_t_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__new_wchar_t_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__new_wchar_t_cpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__new_wchar_t_cpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29806 75003/CWE124_Buffer_Underwrite__new_wchar_t_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__new_wchar_t_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__new_wchar_t_cpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__new_wchar_t_cpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); delete baseObject; 1 --------------------------------- 29807 75003/CWE124_Buffer_Underwrite__new_wchar_t_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__new_wchar_t_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__new_wchar_t_cpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__new_wchar_t_cpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); delete baseObject; 0 --------------------------------- 29808 75194/CWE124_Buffer_Underwrite__new_wchar_t_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__new_wchar_t_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__new_wchar_t_ncpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__new_wchar_t_ncpy_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29809 75194/CWE124_Buffer_Underwrite__new_wchar_t_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__new_wchar_t_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__new_wchar_t_ncpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__new_wchar_t_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29810 75195/CWE124_Buffer_Underwrite__new_wchar_t_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__new_wchar_t_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__new_wchar_t_ncpy_82_bad; baseObject->action(data); delete baseObject; void CWE124_Buffer_Underwrite__new_wchar_t_ncpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29811 75195/CWE124_Buffer_Underwrite__new_wchar_t_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__new_wchar_t_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__new_wchar_t_ncpy_82_goodG2B; baseObject->action(data); delete baseObject; void CWE124_Buffer_Underwrite__new_wchar_t_ncpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29812 75198/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_01.c Buffer_Overflow_cpycat 36 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29813 75198/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_01.c Buffer_Overflow_cpycat 59 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29814 75199/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29815 75199/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 92 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(0) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29816 75199/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29817 75200/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29818 75200/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 92 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29819 75200/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29820 75201/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29821 75201/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 77 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FALSE) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29822 75201/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 99 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29823 75202/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 46 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29824 75202/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 77 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFalse) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29825 75202/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 99 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29826 75203/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 74 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29827 75203/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 96 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29828 75203/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 43 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29829 75204/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 76 static int staticFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29830 75204/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 98 static int staticFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29831 75204/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 45 static int staticFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29832 75205/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 84 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29833 75205/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 106 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsFalse()) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29834 75205/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29835 75206/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29836 75206/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FALSE) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29837 75206/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29838 75207/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 70 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29839 75207/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 92 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFalse) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29840 75207/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 39 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29841 75208/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 70 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29842 75208/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 92 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsFalse()) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29843 75208/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29844 75210/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29845 75210/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29846 75210/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29847 75211/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 70 int globalFive = 5;  wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29848 75211/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 92 int globalFive = 5;  wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29849 75211/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 39 int globalFive = 5;  wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29850 75212/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 105 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29851 75212/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 77 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(5) case 6: break; default: data = dataBuffer; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29852 75212/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 45 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29853 75213/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_16.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer - 8; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29854 75213/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_16.c Buffer_Overflow_cpycat 67 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29855 75214/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_17.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29856 75214/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_17.c Buffer_Overflow_cpycat 67 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(h = 0; h < 1; h++) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29857 75215/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_18.c Buffer_Overflow_cpycat 38 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29858 75215/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_18.c Buffer_Overflow_cpycat 63 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29859 75216/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_31.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29860 75216/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_31.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29861 75217/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_32.c Buffer_Overflow_cpycat 76 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29862 75217/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_32.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29863 75219/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_34.c Buffer_Overflow_cpycat 46 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_34_unionType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29864 75219/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_34.c Buffer_Overflow_cpycat 74 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_34_unionType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29865 75220/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_41.c Buffer_Overflow_cpycat 30 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_41_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_41_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29866 75220/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_41.c Buffer_Overflow_cpycat 57 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_41_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_41_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29867 75221/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_44.c Buffer_Overflow_cpycat 30 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29868 75221/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_44.c Buffer_Overflow_cpycat 61 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29869 75222/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_45.c Buffer_Overflow_cpycat 34 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_45_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29870 75222/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_45.c Buffer_Overflow_cpycat 64 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_45_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29871 75223/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_51.c Buffer_Overflow_cpycat 140 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_51b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_51b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29872 75223/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_51.c Buffer_Overflow_cpycat 123 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_51b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29873 75224/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_52.c Buffer_Overflow_cpycat 172 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_52b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_52b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_52c_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_52c_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29874 75224/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_52.c Buffer_Overflow_cpycat 189 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_52b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_52b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_52c_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29875 75225/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53.c Buffer_Overflow_cpycat 238 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53c_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53c_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53d_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53d_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29876 75225/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53.c Buffer_Overflow_cpycat 221 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53c_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53c_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53d_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29877 75226/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54.c Buffer_Overflow_cpycat 270 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54c_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54c_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54d_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54d_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54e_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54e_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29878 75226/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54.c Buffer_Overflow_cpycat 287 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54c_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54c_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54d_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54d_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54e_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29879 75227/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_63.c Buffer_Overflow_cpycat 121 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_63b_badSink(&data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29880 75227/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_63.c Buffer_Overflow_cpycat 139 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_63b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29881 75228/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_64.c Buffer_Overflow_cpycat 145 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_64b_badSink(&data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29882 75228/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_64.c Buffer_Overflow_cpycat 124 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_64b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29883 75229/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_65.c Buffer_Overflow_cpycat 124 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_65b_badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_65b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29884 75229/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_65.c Buffer_Overflow_cpycat 141 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_65b_goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29885 75230/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_66.c Buffer_Overflow_cpycat 145 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataArray[2] = data; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29886 75230/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_66.c Buffer_Overflow_cpycat 127 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataArray[2] = data; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_66b_goodG2BSink(dataArray); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29887 75231/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67.c Buffer_Overflow_cpycat 153 typedef struct _CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67_structType wchar_t * structFirst; } CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67_structType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67b_badSink(CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29888 75231/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67.c Buffer_Overflow_cpycat 135 typedef struct _CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67_structType wchar_t * structFirst; } CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67_structType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myStruct.structFirst = data; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67b_goodG2BSink(myStruct); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67b_goodG2BSink(CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29889 75232/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_68.c Buffer_Overflow_cpycat 150 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_68_badData = data; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_68b_badSink(); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_68b_badSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29890 75232/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_68.c Buffer_Overflow_cpycat 132 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_68b_goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29891 75236/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29892 75236/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29893 75237/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); delete baseObject; 1 --------------------------------- 29894 75237/CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_cpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); delete baseObject; 0 --------------------------------- 29895 75358/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_01.c Buffer_Overflow_LowBound 36 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29896 75358/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_01.c Buffer_Overflow_LowBound 61 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29897 75359/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29898 75359/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 96 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(0) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29899 75359/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29900 75360/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29901 75360/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 96 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29902 75360/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29903 75361/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 79 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29904 75361/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 103 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FALSE) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29905 75361/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29906 75362/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 79 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29907 75362/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 103 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFalse) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29908 75362/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 46 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29909 75363/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 43 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29910 75363/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 100 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29911 75363/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 76 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29912 75364/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 78 static int staticFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29913 75364/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 45 static int staticFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29914 75364/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 102 static int staticFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29915 75365/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 110 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29916 75365/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsFalse()) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29917 75365/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 86 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29918 75366/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29919 75366/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 96 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FALSE) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29920 75366/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 72 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29921 75367/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 39 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29922 75367/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 96 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFalse) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29923 75367/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 72 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29924 75368/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29925 75368/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 96 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsFalse()) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29926 75368/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 72 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29927 75370/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 39 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29928 75370/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 96 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29929 75370/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 72 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29930 75371/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 39 int globalFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29931 75371/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 96 int globalFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29932 75371/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 72 int globalFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29933 75372/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 79 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29934 75372/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 45 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(5) case 6: break; default: data = dataBuffer; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29935 75372/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 109 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29936 75373/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_16.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer - 8; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29937 75373/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_16.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29938 75374/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_17.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29939 75374/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_17.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(h = 0; h < 1; h++) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29940 75375/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_18.c Buffer_Overflow_LowBound 65 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29941 75375/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_18.c Buffer_Overflow_LowBound 38 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29942 75376/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_31.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29943 75376/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_31.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29944 75377/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_32.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29945 75377/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_32.c Buffer_Overflow_LowBound 78 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29946 75379/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_34.c Buffer_Overflow_LowBound 76 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_34_unionType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29947 75379/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_34.c Buffer_Overflow_LowBound 46 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_34_unionType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29948 75380/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_41.c Buffer_Overflow_LowBound 59 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_41_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_41_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29949 75380/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_41.c Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_41_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_41_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29950 75381/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_44.c Buffer_Overflow_LowBound 63 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29951 75381/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_44.c Buffer_Overflow_LowBound 30 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29952 75382/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_45.c Buffer_Overflow_LowBound 66 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_45_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29953 75382/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_45.c Buffer_Overflow_LowBound 34 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_45_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29954 75383/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_51.c Buffer_Overflow_LowBound 123 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_51b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_51b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29955 75383/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_51.c Buffer_Overflow_LowBound 142 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_51b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29956 75384/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_52.c Buffer_Overflow_LowBound 172 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_52b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_52b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_52c_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_52c_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29957 75384/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_52.c Buffer_Overflow_LowBound 191 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_52b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_52b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_52c_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29958 75385/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53.c Buffer_Overflow_LowBound 240 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53c_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53c_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53d_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53d_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29959 75385/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53.c Buffer_Overflow_LowBound 221 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53c_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53c_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53d_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29960 75386/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54.c Buffer_Overflow_LowBound 289 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54c_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54c_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54d_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54d_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54e_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54e_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29961 75386/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54.c Buffer_Overflow_LowBound 270 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54c_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54c_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54d_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54d_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54e_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29962 75387/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_63.c Buffer_Overflow_LowBound 121 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_63b_badSink(&data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29963 75387/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_63.c Buffer_Overflow_LowBound 141 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_63b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29964 75388/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_64.c Buffer_Overflow_LowBound 147 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_64b_badSink(&data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29965 75388/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_64.c Buffer_Overflow_LowBound 124 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_64b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29966 75389/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_65.c Buffer_Overflow_LowBound 124 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_65b_badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_65b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29967 75389/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_65.c Buffer_Overflow_LowBound 143 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_65b_goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29968 75390/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_66.c Buffer_Overflow_LowBound 147 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataArray[2] = data; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29969 75390/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_66.c Buffer_Overflow_LowBound 127 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataArray[2] = data; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_66b_goodG2BSink(dataArray); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29970 75391/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67.c Buffer_Overflow_LowBound 155 typedef struct _CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67_structType wchar_t * structFirst; } CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67_structType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67b_badSink(CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29971 75391/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67.c Buffer_Overflow_LowBound 135 typedef struct _CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67_structType wchar_t * structFirst; } CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67_structType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myStruct.structFirst = data; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67b_goodG2BSink(myStruct); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67b_goodG2BSink(CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29972 75392/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68.c Buffer_Overflow_LowBound 132 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68_badData = data; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68b_badSink(); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68b_badSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29973 75392/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68.c Buffer_Overflow_LowBound 152 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68b_goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29974 75396/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68_badData = data; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68b_badSink(); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68b_badSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 29975 75396/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68b_goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 29976 75397/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); delete baseObject; 1 --------------------------------- 29977 75397/CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__wchar_t_alloca_ncpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); delete baseObject; 0 --------------------------------- 29978 75398/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_01.c Buffer_Overflow_cpycat 36 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29979 75398/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_01.c Buffer_Overflow_cpycat 59 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29980 75399/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29981 75399/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 92 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(0) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29982 75399/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29983 75400/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29984 75400/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 92 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29985 75400/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29986 75401/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29987 75401/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 77 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FALSE) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29988 75401/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 99 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29989 75402/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 46 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29990 75402/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 77 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFalse) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29991 75402/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 99 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29992 75403/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 74 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29993 75403/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 96 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29994 75403/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 43 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29995 75404/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 76 static int staticFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29996 75404/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 98 static int staticFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29997 75404/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 45 static int staticFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 29998 75405/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 84 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 29999 75405/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 106 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsFalse()) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30000 75405/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30001 75406/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30002 75406/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FALSE) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30003 75406/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30004 75407/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 70 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30005 75407/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 92 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFalse) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30006 75407/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 39 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30007 75408/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 70 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30008 75408/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 92 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsFalse()) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30009 75408/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30010 75410/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30011 75410/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30012 75410/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30013 75411/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 70 int globalFive = 5;  wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30014 75411/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 92 int globalFive = 5;  wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30015 75411/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 39 int globalFive = 5;  wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30016 75412/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 105 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30017 75412/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 77 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(5) case 6: break; default: data = dataBuffer; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30018 75412/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 45 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30019 75413/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_16.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer - 8; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30020 75413/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_16.c Buffer_Overflow_cpycat 67 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30021 75414/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_17.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30022 75414/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_17.c Buffer_Overflow_cpycat 67 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(h = 0; h < 1; h++) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30023 75415/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_18.c Buffer_Overflow_cpycat 38 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30024 75415/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_18.c Buffer_Overflow_cpycat 63 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30025 75416/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_31.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30026 75416/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_31.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30027 75417/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_32.c Buffer_Overflow_cpycat 76 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30028 75417/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_32.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30029 75419/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_34.c Buffer_Overflow_cpycat 46 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE124_Buffer_Underwrite__wchar_t_declare_cpy_34_unionType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_34_unionType myUnion; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30030 75419/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_34.c Buffer_Overflow_cpycat 74 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE124_Buffer_Underwrite__wchar_t_declare_cpy_34_unionType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_34_unionType myUnion; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30031 75420/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_41.c Buffer_Overflow_cpycat 30 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_41_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_41_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30032 75420/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_41.c Buffer_Overflow_cpycat 57 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_41_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_41_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30033 75421/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_44.c Buffer_Overflow_cpycat 30 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30034 75421/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_44.c Buffer_Overflow_cpycat 61 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30035 75422/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_45.c Buffer_Overflow_cpycat 34 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_declare_cpy_45_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30036 75422/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_45.c Buffer_Overflow_cpycat 64 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_declare_cpy_45_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30037 75423/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_51.c Buffer_Overflow_cpycat 140 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_51b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_51b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30038 75423/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_51.c Buffer_Overflow_cpycat 123 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_51b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30039 75424/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_52.c Buffer_Overflow_cpycat 172 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_52b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_52b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_cpy_52c_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_52c_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30040 75424/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_52.c Buffer_Overflow_cpycat 189 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_52b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_52b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_cpy_52c_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30041 75425/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53.c Buffer_Overflow_cpycat 238 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53c_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53c_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53d_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53d_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30042 75425/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53.c Buffer_Overflow_cpycat 221 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53c_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53c_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53d_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30043 75426/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54.c Buffer_Overflow_cpycat 270 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54c_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54c_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54d_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54d_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54e_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54e_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30044 75426/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54.c Buffer_Overflow_cpycat 287 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54c_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54c_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54d_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54d_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54e_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30045 75427/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_63.c Buffer_Overflow_cpycat 121 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_63b_badSink(&data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30046 75427/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_63.c Buffer_Overflow_cpycat 139 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_63b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30047 75428/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_64.c Buffer_Overflow_cpycat 145 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_64b_badSink(&data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30048 75428/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_64.c Buffer_Overflow_cpycat 124 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_64b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30049 75429/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_65.c Buffer_Overflow_cpycat 124 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE124_Buffer_Underwrite__wchar_t_declare_cpy_65b_badSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_65b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30050 75429/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_65.c Buffer_Overflow_cpycat 141 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE124_Buffer_Underwrite__wchar_t_declare_cpy_65b_goodG2BSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30051 75430/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_66.c Buffer_Overflow_cpycat 145 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataArray[2] = data; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30052 75430/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_66.c Buffer_Overflow_cpycat 127 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataArray[2] = data; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_66b_goodG2BSink(dataArray); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30053 75431/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67.c Buffer_Overflow_cpycat 153 typedef struct _CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67_structType wchar_t * structFirst; } CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67_structType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67_structType myStruct; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67b_badSink(CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30054 75431/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67.c Buffer_Overflow_cpycat 135 typedef struct _CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67_structType wchar_t * structFirst; } CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67_structType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67_structType myStruct; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myStruct.structFirst = data; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67b_goodG2BSink(myStruct); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67b_goodG2BSink(CWE124_Buffer_Underwrite__wchar_t_declare_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30055 75432/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_68.c Buffer_Overflow_cpycat 150 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_68_badData = data; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_68b_badSink(); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_68b_badSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_declare_cpy_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30056 75432/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_68.c Buffer_Overflow_cpycat 132 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_68b_goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_declare_cpy_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30057 75436/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__wchar_t_declare_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__wchar_t_declare_cpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 30058 75436/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__wchar_t_declare_cpy_81_base& baseObject = CWE124_Buffer_Underwrite__wchar_t_declare_cpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 30059 75437/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__wchar_t_declare_cpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); delete baseObject; 1 --------------------------------- 30060 75437/CWE124_Buffer_Underwrite__wchar_t_declare_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_cpy_82_base* baseObject = new CWE124_Buffer_Underwrite__wchar_t_declare_cpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__wchar_t_declare_cpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); delete baseObject; 0 --------------------------------- 30061 75558/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_01.c Buffer_Overflow_LowBound 36 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30062 75558/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_01.c Buffer_Overflow_LowBound 61 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30063 75559/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30064 75559/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 96 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(0) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30065 75559/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30066 75560/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30067 75560/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 96 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30068 75560/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30069 75561/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 79 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30070 75561/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 103 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FALSE) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30071 75561/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30072 75562/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 79 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30073 75562/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 103 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFalse) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30074 75562/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 46 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30075 75563/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 43 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30076 75563/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 100 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30077 75563/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 76 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30078 75564/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 78 static int staticFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30079 75564/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 45 static int staticFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30080 75564/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 102 static int staticFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30081 75565/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 110 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30082 75565/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsFalse()) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30083 75565/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 86 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30084 75566/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30085 75566/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 96 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FALSE) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30086 75566/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 72 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30087 75567/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 39 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30088 75567/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 96 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFalse) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30089 75567/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 72 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30090 75568/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30091 75568/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 96 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsFalse()) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30092 75568/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 72 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30093 75570/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 39 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30094 75570/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 96 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30095 75570/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 72 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30096 75571/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 39 int globalFive = 5;  wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30097 75571/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 96 int globalFive = 5;  wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive!=5) { } else data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30098 75571/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 72 int globalFive = 5;  wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30099 75572/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 79 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30100 75572/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 45 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(5) case 6: break; default: data = dataBuffer; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30101 75572/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 109 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer; break; default: break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30102 75573/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_16.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer - 8; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30103 75573/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_16.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer; break; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30104 75574/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_17.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30105 75574/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_17.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(h = 0; h < 1; h++) data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30106 75575/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_18.c Buffer_Overflow_LowBound 65 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer - 8; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30107 75575/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_18.c Buffer_Overflow_LowBound 38 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30108 75576/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_31.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30109 75576/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_31.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30110 75577/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_32.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30111 75577/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_32.c Buffer_Overflow_LowBound 78 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30112 75579/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_34.c Buffer_Overflow_LowBound 76 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_34_unionType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_34_unionType myUnion; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30113 75579/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_34.c Buffer_Overflow_LowBound 46 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_34_unionType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_34_unionType myUnion; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30114 75580/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_41.c Buffer_Overflow_LowBound 59 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_41_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_41_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30115 75580/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_41.c Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_41_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_41_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30116 75581/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_44.c Buffer_Overflow_LowBound 63 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30117 75581/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_44.c Buffer_Overflow_LowBound 30 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30118 75582/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_45.c Buffer_Overflow_LowBound 66 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_45_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30119 75582/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_45.c Buffer_Overflow_LowBound 34 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_45_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30120 75583/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_51.c Buffer_Overflow_LowBound 123 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_51b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_51b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30121 75583/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_51.c Buffer_Overflow_LowBound 142 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_51b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30122 75584/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_52.c Buffer_Overflow_LowBound 172 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_52b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_52b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_52c_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_52c_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30123 75584/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_52.c Buffer_Overflow_LowBound 191 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_52b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_52b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_52c_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30124 75585/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53.c Buffer_Overflow_LowBound 240 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53c_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53c_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53d_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53d_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30125 75585/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53.c Buffer_Overflow_LowBound 221 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53c_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53c_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53d_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30126 75586/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54.c Buffer_Overflow_LowBound 289 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54b_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54b_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54c_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54c_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54d_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54d_badSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54e_badSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54e_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30127 75586/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54.c Buffer_Overflow_LowBound 270 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54b_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54b_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54c_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54c_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54d_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54d_goodG2BSink(wchar_t * data) CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54e_goodG2BSink(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30128 75587/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_63.c Buffer_Overflow_LowBound 121 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_63b_badSink(&data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30129 75587/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_63.c Buffer_Overflow_LowBound 141 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_63b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30130 75588/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_64.c Buffer_Overflow_LowBound 147 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_64b_badSink(&data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30131 75588/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_64.c Buffer_Overflow_LowBound 124 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_64b_goodG2BSink(&data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30132 75589/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_65.c Buffer_Overflow_LowBound 124 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_65b_badSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_65b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30133 75589/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_65.c Buffer_Overflow_LowBound 143 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_65b_goodG2BSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30134 75590/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_66.c Buffer_Overflow_LowBound 147 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataArray[2] = data; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_66b_badSink(dataArray); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30135 75590/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_66.c Buffer_Overflow_LowBound 127 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataArray[2] = data; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_66b_goodG2BSink(dataArray); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30136 75591/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67.c Buffer_Overflow_LowBound 155 typedef struct _CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67_structType wchar_t * structFirst; } CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67_structType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67_structType myStruct; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67b_badSink(myStruct); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67b_badSink(CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30137 75591/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67.c Buffer_Overflow_LowBound 135 typedef struct _CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67_structType wchar_t * structFirst; } CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67_structType; wchar_t * data; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67_structType myStruct; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myStruct.structFirst = data; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67b_goodG2BSink(myStruct); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67b_goodG2BSink(CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30138 75592/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_68.c Buffer_Overflow_LowBound 132 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_68_badData = data; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_68b_badSink(); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_68b_badSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30139 75592/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_68.c Buffer_Overflow_LowBound 152 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_68_goodG2BData = data; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_68b_goodG2BSink(); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_68b_goodG2BSink() wchar_t * data = CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30140 75596/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_81_bad(); baseObject.action(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 30141 75596/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_81_base& baseObject = CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_81_goodG2B(); baseObject.action(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 30142 75597/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_82_bad; baseObject->action(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); delete baseObject; 1 --------------------------------- 30143 75597/CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_82_base* baseObject = new CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_82_goodG2B; baseObject->action(data); void CWE124_Buffer_Underwrite__wchar_t_declare_ncpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); delete baseObject; 0 --------------------------------- 30144 75598/CWE126_Buffer_Overread__CWE129_connect_socket_01.c Buffer_Overflow_Indexes 188 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30145 75598/CWE126_Buffer_Overread__CWE129_connect_socket_01.c Buffer_Overflow_Indexes 83 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30146 75599/CWE126_Buffer_Overread__CWE129_connect_socket_02.c Buffer_Overflow_Indexes 172 int data; data = -1; if(1) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(1) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30147 75599/CWE126_Buffer_Overread__CWE129_connect_socket_02.c Buffer_Overflow_Indexes 259 int data; data = -1; if(1) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(0) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30148 75599/CWE126_Buffer_Overread__CWE129_connect_socket_02.c Buffer_Overflow_Indexes 85 int data; data = -1; if(1) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(1) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30149 75600/CWE126_Buffer_Overread__CWE129_connect_socket_03.c Buffer_Overflow_Indexes 172 int data; data = -1; if(5==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5==5) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30150 75600/CWE126_Buffer_Overread__CWE129_connect_socket_03.c Buffer_Overflow_Indexes 259 int data; data = -1; if(5==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30151 75600/CWE126_Buffer_Overread__CWE129_connect_socket_03.c Buffer_Overflow_Indexes 85 int data; data = -1; if(5==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30152 75601/CWE126_Buffer_Overread__CWE129_connect_socket_04.c Buffer_Overflow_Indexes 91 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; int data; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30153 75601/CWE126_Buffer_Overread__CWE129_connect_socket_04.c Buffer_Overflow_Indexes 178 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; int data; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FALSE) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30154 75601/CWE126_Buffer_Overread__CWE129_connect_socket_04.c Buffer_Overflow_Indexes 265 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; int data; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30155 75602/CWE126_Buffer_Overread__CWE129_connect_socket_05.c Buffer_Overflow_Indexes 91 static int staticTrue = 1; static int staticFalse = 0; int data; data = -1; if(staticTrue) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticTrue) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30156 75602/CWE126_Buffer_Overread__CWE129_connect_socket_05.c Buffer_Overflow_Indexes 178 static int staticTrue = 1; static int staticFalse = 0; int data; data = -1; if(staticTrue) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFalse) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30157 75602/CWE126_Buffer_Overread__CWE129_connect_socket_05.c Buffer_Overflow_Indexes 265 static int staticTrue = 1; static int staticFalse = 0; int data; data = -1; if(staticTrue) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticTrue) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30158 75603/CWE126_Buffer_Overread__CWE129_connect_socket_06.c Buffer_Overflow_Indexes 264 static const int STATIC_CONST_FIVE = 5; int data; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30159 75603/CWE126_Buffer_Overread__CWE129_connect_socket_06.c Buffer_Overflow_Indexes 90 static const int STATIC_CONST_FIVE = 5; int data; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30160 75603/CWE126_Buffer_Overread__CWE129_connect_socket_06.c Buffer_Overflow_Indexes 177 static const int STATIC_CONST_FIVE = 5; int data; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30161 75604/CWE126_Buffer_Overread__CWE129_connect_socket_07.c Buffer_Overflow_Indexes 264 static int staticFive = 5; int data; data = -1; if(staticFive==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive==5) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30162 75604/CWE126_Buffer_Overread__CWE129_connect_socket_07.c Buffer_Overflow_Indexes 90 static int staticFive = 5; int data; data = -1; if(staticFive==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30163 75604/CWE126_Buffer_Overread__CWE129_connect_socket_07.c Buffer_Overflow_Indexes 177 static int staticFive = 5; int data; data = -1; if(staticFive==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30164 75605/CWE126_Buffer_Overread__CWE129_connect_socket_08.c Buffer_Overflow_Indexes 272 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; int data; data = -1; if(staticReturnsTrue()) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30165 75605/CWE126_Buffer_Overread__CWE129_connect_socket_08.c Buffer_Overflow_Indexes 98 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; int data; data = -1; if(staticReturnsTrue()) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsFalse()) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30166 75605/CWE126_Buffer_Overread__CWE129_connect_socket_08.c Buffer_Overflow_Indexes 185 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; int data; data = -1; if(staticReturnsTrue()) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30167 75606/CWE126_Buffer_Overread__CWE129_connect_socket_09.c Buffer_Overflow_Indexes 172 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; int data; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30168 75606/CWE126_Buffer_Overread__CWE129_connect_socket_09.c Buffer_Overflow_Indexes 259 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; int data; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30169 75606/CWE126_Buffer_Overread__CWE129_connect_socket_09.c Buffer_Overflow_Indexes 85 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; int data; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FALSE) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30170 75607/CWE126_Buffer_Overread__CWE129_connect_socket_10.c Buffer_Overflow_Indexes 172 int globalTrue = 1; int globalFalse = 0; int data; data = -1; if(globalTrue) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalTrue) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30171 75607/CWE126_Buffer_Overread__CWE129_connect_socket_10.c Buffer_Overflow_Indexes 259 int globalTrue = 1; int globalFalse = 0; int data; data = -1; if(globalTrue) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFalse) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30172 75607/CWE126_Buffer_Overread__CWE129_connect_socket_10.c Buffer_Overflow_Indexes 85 int globalTrue = 1; int globalFalse = 0; int data; data = -1; if(globalTrue) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalTrue) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30173 75608/CWE126_Buffer_Overread__CWE129_connect_socket_11.c Buffer_Overflow_Indexes 172 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; int data; data = -1; if(globalReturnsTrue()) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30174 75608/CWE126_Buffer_Overread__CWE129_connect_socket_11.c Buffer_Overflow_Indexes 259 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; int data; data = -1; if(globalReturnsTrue()) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsFalse()) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30175 75608/CWE126_Buffer_Overread__CWE129_connect_socket_11.c Buffer_Overflow_Indexes 85 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; int data; data = -1; if(globalReturnsTrue()) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30176 75610/CWE126_Buffer_Overread__CWE129_connect_socket_13.c Buffer_Overflow_Indexes 172 const int GLOBAL_CONST_FIVE = 5;  int data; data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30177 75610/CWE126_Buffer_Overread__CWE129_connect_socket_13.c Buffer_Overflow_Indexes 259 const int GLOBAL_CONST_FIVE = 5;  int data; data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30178 75610/CWE126_Buffer_Overread__CWE129_connect_socket_13.c Buffer_Overflow_Indexes 85 const int GLOBAL_CONST_FIVE = 5;  int data; data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30179 75611/CWE126_Buffer_Overread__CWE129_connect_socket_14.c Buffer_Overflow_Indexes 172 int globalFive = 5; int data; data = -1; if(globalFive==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive==5) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30180 75611/CWE126_Buffer_Overread__CWE129_connect_socket_14.c Buffer_Overflow_Indexes 259 int globalFive = 5; int data; data = -1; if(globalFive==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30181 75611/CWE126_Buffer_Overread__CWE129_connect_socket_14.c Buffer_Overflow_Indexes 85 int globalFive = 5; int data; data = -1; if(globalFive==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30182 75612/CWE126_Buffer_Overread__CWE129_connect_socket_15.c Buffer_Overflow_Indexes 86 int data; data = -1; switch(6) case 6: recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(7) case 7: int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); break; default: break; 1 --------------------------------- 30183 75612/CWE126_Buffer_Overread__CWE129_connect_socket_15.c Buffer_Overflow_Indexes 279 int data; data = -1; switch(6) case 6: recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(8) case 7: break; default: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30184 75612/CWE126_Buffer_Overread__CWE129_connect_socket_15.c Buffer_Overflow_Indexes 185 int data; data = -1; switch(6) case 6: recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(7) case 7: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); break; default: break; 0 --------------------------------- 30185 75613/CWE126_Buffer_Overread__CWE129_connect_socket_16.c Buffer_Overflow_Indexes 174 int data; data = -1; while(1) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; while(1) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); break; 1 --------------------------------- 30186 75613/CWE126_Buffer_Overread__CWE129_connect_socket_16.c Buffer_Overflow_Indexes 85 int data; data = -1; while(1) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; while(1) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); break; 0 --------------------------------- 30187 75614/CWE126_Buffer_Overread__CWE129_connect_socket_17.c Buffer_Overflow_Indexes 86 int data; data = -1; for(i = 0; i < 1; i++) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); for(j = 0; j < 1; j++) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30188 75614/CWE126_Buffer_Overread__CWE129_connect_socket_17.c Buffer_Overflow_Indexes 174 int data; data = -1; for(i = 0; i < 1; i++) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); for(k = 0; k < 1; k++) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30189 75615/CWE126_Buffer_Overread__CWE129_connect_socket_18.c Buffer_Overflow_Indexes 85 int data; data = -1; goto source; source: recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goto sink; sink: int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30190 75615/CWE126_Buffer_Overread__CWE129_connect_socket_18.c Buffer_Overflow_Indexes 170 int data; data = -1; goto source; source: recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goto sink; sink: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30191 75616/CWE126_Buffer_Overread__CWE129_connect_socket_21.c Buffer_Overflow_Indexes 205 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badStatic = 1; badSink(data); static void badSink(int data) if(badStatic) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30192 75616/CWE126_Buffer_Overread__CWE129_connect_socket_21.c Buffer_Overflow_Indexes 290 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2G1Static = 0; goodB2G1Sink(data); static void goodB2G1Sink(int data) if(goodB2G1Static) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30193 75616/CWE126_Buffer_Overread__CWE129_connect_socket_21.c Buffer_Overflow_Indexes 106 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2G2Static = 1; goodB2G2Sink(data); static void goodB2G2Sink(int data) if(goodB2G2Static) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30194 75617/CWE126_Buffer_Overread__CWE129_connect_socket_22.c Buffer_Overflow_Indexes 165 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_22_badGlobal = 1; CWE126_Buffer_Overread__CWE129_connect_socket_22_badSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_22_badSink(int data) if(CWE126_Buffer_Overread__CWE129_connect_socket_22_badGlobal) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30195 75617/CWE126_Buffer_Overread__CWE129_connect_socket_22.c Buffer_Overflow_Indexes 88 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_22_goodB2G1Global = 0; CWE126_Buffer_Overread__CWE129_connect_socket_22_goodB2G1Sink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_22_goodB2G1Sink(int data) if(CWE126_Buffer_Overread__CWE129_connect_socket_22_goodB2G1Global) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30196 75617/CWE126_Buffer_Overread__CWE129_connect_socket_22.c Buffer_Overflow_Indexes 233 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_22_goodB2G2Global = 1; CWE126_Buffer_Overread__CWE129_connect_socket_22_goodB2G2Sink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_22_goodB2G2Sink(int data) if(CWE126_Buffer_Overread__CWE129_connect_socket_22_goodB2G2Global) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30197 75618/CWE126_Buffer_Overread__CWE129_connect_socket_31.c Buffer_Overflow_Indexes 196 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30198 75618/CWE126_Buffer_Overread__CWE129_connect_socket_31.c Buffer_Overflow_Indexes 83 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30199 75619/CWE126_Buffer_Overread__CWE129_connect_socket_32.c Buffer_Overflow_Indexes 87 int data; int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30200 75619/CWE126_Buffer_Overread__CWE129_connect_socket_32.c Buffer_Overflow_Indexes 210 int data; int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30201 75621/CWE126_Buffer_Overread__CWE129_connect_socket_34.c Buffer_Overflow_Indexes 205 typedef union int unionFirst; int unionSecond; } CWE126_Buffer_Overread__CWE129_connect_socket_34_unionType; int data; CWE126_Buffer_Overread__CWE129_connect_socket_34_unionType myUnion; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30202 75621/CWE126_Buffer_Overread__CWE129_connect_socket_34.c Buffer_Overflow_Indexes 90 typedef union int unionFirst; int unionSecond; } CWE126_Buffer_Overread__CWE129_connect_socket_34_unionType; int data; CWE126_Buffer_Overread__CWE129_connect_socket_34_unionType myUnion; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30203 75622/CWE126_Buffer_Overread__CWE129_connect_socket_41.c Buffer_Overflow_Indexes 100 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badSink(data); static void badSink(int data) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30204 75622/CWE126_Buffer_Overread__CWE129_connect_socket_41.c Buffer_Overflow_Indexes 214 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2GSink(data); static void goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30205 75623/CWE126_Buffer_Overread__CWE129_connect_socket_42.c Buffer_Overflow_Indexes 197 int data; data = -1; data = badSource(data); static int badSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30206 75623/CWE126_Buffer_Overread__CWE129_connect_socket_42.c Buffer_Overflow_Indexes 80 int data; data = -1; data = goodB2GSource(data); static int goodB2GSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30207 75625/CWE126_Buffer_Overread__CWE129_connect_socket_44.c Buffer_Overflow_Indexes 219 int data; void (*funcPtr) (int) = badSink; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void badSink(int data) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30208 75625/CWE126_Buffer_Overread__CWE129_connect_socket_44.c Buffer_Overflow_Indexes 102 int data; void (*funcPtr) (int) = goodB2GSink; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30209 75626/CWE126_Buffer_Overread__CWE129_connect_socket_45.c Buffer_Overflow_Indexes 223 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_45_badData = data; badSink(); static void badSink() int data = CWE126_Buffer_Overread__CWE129_connect_socket_45_badData; int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30210 75626/CWE126_Buffer_Overread__CWE129_connect_socket_45.c Buffer_Overflow_Indexes 105 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() int data = CWE126_Buffer_Overread__CWE129_connect_socket_45_goodB2GData; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30211 75627/CWE126_Buffer_Overread__CWE129_connect_socket_51.c Buffer_Overflow_Indexes 171 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_51b_badSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_51b_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30212 75627/CWE126_Buffer_Overread__CWE129_connect_socket_51.c Buffer_Overflow_Indexes 86 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_51b_goodB2GSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_51b_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30213 75628/CWE126_Buffer_Overread__CWE129_connect_socket_52.c Buffer_Overflow_Indexes 171 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_52b_badSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_52b_badSink(int data) CWE126_Buffer_Overread__CWE129_connect_socket_52c_badSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_52c_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30214 75628/CWE126_Buffer_Overread__CWE129_connect_socket_52.c Buffer_Overflow_Indexes 86 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_52b_goodB2GSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_52b_goodB2GSink(int data) CWE126_Buffer_Overread__CWE129_connect_socket_52c_goodB2GSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_52c_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30215 75629/CWE126_Buffer_Overread__CWE129_connect_socket_53.c Buffer_Overflow_Indexes 171 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_53b_badSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_53b_badSink(int data) CWE126_Buffer_Overread__CWE129_connect_socket_53c_badSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_53c_badSink(int data) CWE126_Buffer_Overread__CWE129_connect_socket_53d_badSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_53d_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30216 75629/CWE126_Buffer_Overread__CWE129_connect_socket_53.c Buffer_Overflow_Indexes 86 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_53b_goodB2GSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_53b_goodB2GSink(int data) CWE126_Buffer_Overread__CWE129_connect_socket_53c_goodB2GSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_53c_goodB2GSink(int data) CWE126_Buffer_Overread__CWE129_connect_socket_53d_goodB2GSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_53d_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30217 75630/CWE126_Buffer_Overread__CWE129_connect_socket_54.c Buffer_Overflow_Indexes 171 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_54b_badSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_54b_badSink(int data) CWE126_Buffer_Overread__CWE129_connect_socket_54c_badSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_54c_badSink(int data) CWE126_Buffer_Overread__CWE129_connect_socket_54d_badSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_54d_badSink(int data) CWE126_Buffer_Overread__CWE129_connect_socket_54e_badSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_54e_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30218 75630/CWE126_Buffer_Overread__CWE129_connect_socket_54.c Buffer_Overflow_Indexes 86 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_54b_goodB2GSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_54b_goodB2GSink(int data) CWE126_Buffer_Overread__CWE129_connect_socket_54c_goodB2GSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_54c_goodB2GSink(int data) CWE126_Buffer_Overread__CWE129_connect_socket_54d_goodB2GSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_54d_goodB2GSink(int data) CWE126_Buffer_Overread__CWE129_connect_socket_54e_goodB2GSink(data); void CWE126_Buffer_Overread__CWE129_connect_socket_54e_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30219 75631/CWE126_Buffer_Overread__CWE129_connect_socket_61.c Buffer_Overflow_Indexes 309 int data; data = -1; data = CWE126_Buffer_Overread__CWE129_connect_socket_61b_badSource(data); int CWE126_Buffer_Overread__CWE129_connect_socket_61b_badSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30220 75631/CWE126_Buffer_Overread__CWE129_connect_socket_61.c Buffer_Overflow_Indexes 234 int data; data = -1; data = CWE126_Buffer_Overread__CWE129_connect_socket_61b_goodB2GSource(data); int CWE126_Buffer_Overread__CWE129_connect_socket_61b_goodB2GSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30221 75633/CWE126_Buffer_Overread__CWE129_connect_socket_63.c Buffer_Overflow_Indexes 171 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_63b_badSink(&data); void CWE126_Buffer_Overread__CWE129_connect_socket_63b_badSink(int * dataPtr) int data = *dataPtr; int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30222 75633/CWE126_Buffer_Overread__CWE129_connect_socket_63.c Buffer_Overflow_Indexes 86 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_63b_goodB2GSink(&data); void CWE126_Buffer_Overread__CWE129_connect_socket_63b_goodB2GSink(int * dataPtr) int data = *dataPtr; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30223 75634/CWE126_Buffer_Overread__CWE129_connect_socket_64.c Buffer_Overflow_Indexes 171 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_64b_badSink(&data); void CWE126_Buffer_Overread__CWE129_connect_socket_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30224 75634/CWE126_Buffer_Overread__CWE129_connect_socket_64.c Buffer_Overflow_Indexes 86 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_64b_goodB2GSink(&data); void CWE126_Buffer_Overread__CWE129_connect_socket_64b_goodB2GSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30225 75635/CWE126_Buffer_Overread__CWE129_connect_socket_65.c Buffer_Overflow_Indexes 88 int data; void (*funcPtr) (int) = CWE126_Buffer_Overread__CWE129_connect_socket_65b_badSink; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE126_Buffer_Overread__CWE129_connect_socket_65b_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30226 75635/CWE126_Buffer_Overread__CWE129_connect_socket_65.c Buffer_Overflow_Indexes 176 int data; void (*funcPtr) (int) = CWE126_Buffer_Overread__CWE129_connect_socket_65b_goodB2GSink; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE126_Buffer_Overread__CWE129_connect_socket_65b_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30227 75636/CWE126_Buffer_Overread__CWE129_connect_socket_66.c Buffer_Overflow_Indexes 87 int data; int dataArray[5]; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE126_Buffer_Overread__CWE129_connect_socket_66b_badSink(dataArray); void CWE126_Buffer_Overread__CWE129_connect_socket_66b_badSink(int dataArray[]) int data = dataArray[2]; int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30228 75636/CWE126_Buffer_Overread__CWE129_connect_socket_66.c Buffer_Overflow_Indexes 177 int data; int dataArray[5]; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE126_Buffer_Overread__CWE129_connect_socket_66b_goodB2GSink(dataArray); void CWE126_Buffer_Overread__CWE129_connect_socket_66b_goodB2GSink(int dataArray[]) int data = dataArray[2]; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30229 75637/CWE126_Buffer_Overread__CWE129_connect_socket_67.c Buffer_Overflow_Indexes 92 typedef struct _CWE126_Buffer_Overread__CWE129_connect_socket_67_structType int structFirst; } CWE126_Buffer_Overread__CWE129_connect_socket_67_structType; int data; CWE126_Buffer_Overread__CWE129_connect_socket_67_structType myStruct; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE126_Buffer_Overread__CWE129_connect_socket_67b_badSink(myStruct); void CWE126_Buffer_Overread__CWE129_connect_socket_67b_badSink(CWE126_Buffer_Overread__CWE129_connect_socket_67_structType myStruct) int data = myStruct.structFirst; int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30230 75637/CWE126_Buffer_Overread__CWE129_connect_socket_67.c Buffer_Overflow_Indexes 181 typedef struct _CWE126_Buffer_Overread__CWE129_connect_socket_67_structType int structFirst; } CWE126_Buffer_Overread__CWE129_connect_socket_67_structType; int data; CWE126_Buffer_Overread__CWE129_connect_socket_67_structType myStruct; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE126_Buffer_Overread__CWE129_connect_socket_67b_goodB2GSink(myStruct); void CWE126_Buffer_Overread__CWE129_connect_socket_67b_goodB2GSink(CWE126_Buffer_Overread__CWE129_connect_socket_67_structType myStruct) int data = myStruct.structFirst; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30231 75638/CWE126_Buffer_Overread__CWE129_connect_socket_68.c Buffer_Overflow_Indexes 90 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_68_badData = data; CWE126_Buffer_Overread__CWE129_connect_socket_68b_badSink(); void CWE126_Buffer_Overread__CWE129_connect_socket_68b_badSink() int data = CWE126_Buffer_Overread__CWE129_connect_socket_68_badData; int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30232 75638/CWE126_Buffer_Overread__CWE129_connect_socket_68.c Buffer_Overflow_Indexes 177 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_68_goodB2GData = data; CWE126_Buffer_Overread__CWE129_connect_socket_68b_goodB2GSink(); void CWE126_Buffer_Overread__CWE129_connect_socket_68b_goodB2GSink() int data = CWE126_Buffer_Overread__CWE129_connect_socket_68_goodB2GData; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30233 75642/CWE126_Buffer_Overread__CWE129_connect_socket_81a.cpp Buffer_Overflow_Indexes 87 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); const CWE126_Buffer_Overread__CWE129_connect_socket_81_base& baseObject = CWE126_Buffer_Overread__CWE129_connect_socket_81_bad(); baseObject.action(data); void CWE126_Buffer_Overread__CWE129_connect_socket_81_bad::action(int data) const int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); 1 --------------------------------- 30234 75642/CWE126_Buffer_Overread__CWE129_connect_socket_81a.cpp Buffer_Overflow_Indexes 170 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); const CWE126_Buffer_Overread__CWE129_connect_socket_81_base& baseObject = CWE126_Buffer_Overread__CWE129_connect_socket_81_goodB2G(); baseObject.action(data); void CWE126_Buffer_Overread__CWE129_connect_socket_81_goodB2G::action(int data) const int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); 0 --------------------------------- 30235 75643/CWE126_Buffer_Overread__CWE129_connect_socket_82a.cpp Buffer_Overflow_Indexes 172 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_82_base* baseObject = new CWE126_Buffer_Overread__CWE129_connect_socket_82_bad; baseObject->action(data); void CWE126_Buffer_Overread__CWE129_connect_socket_82_bad::action(int data) int buffer[10] = { 0 }; if (data >= 0) printIntLine(buffer[data]); delete baseObject; 1 --------------------------------- 30236 75643/CWE126_Buffer_Overread__CWE129_connect_socket_82a.cpp Buffer_Overflow_Indexes 87 int data; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE126_Buffer_Overread__CWE129_connect_socket_82_base* baseObject = new CWE126_Buffer_Overread__CWE129_connect_socket_82_goodB2G; baseObject->action(data); void CWE126_Buffer_Overread__CWE129_connect_socket_82_goodB2G::action(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) printIntLine(buffer[data]); delete baseObject; 0 --------------------------------- 30237 110312/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_01.c Buffer_Overflow_Indexes 82 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30238 110313/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_02.c Buffer_Overflow_Indexes 84 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30239 110314/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_03.c Buffer_Overflow_Indexes 84 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30240 110315/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_04.c Buffer_Overflow_Indexes 91 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30241 110316/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_05.c Buffer_Overflow_Indexes 91 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30242 110317/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_06.c Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30243 110318/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_07.c Buffer_Overflow_Indexes 90 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30244 110319/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_08.c Buffer_Overflow_Indexes 98 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30245 110320/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_09.c Buffer_Overflow_Indexes 84 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30246 110321/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_10.c Buffer_Overflow_Indexes 84 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30247 110322/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_11.c Buffer_Overflow_Indexes 84 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30248 110323/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_12.c Buffer_Overflow_Indexes 84 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30249 110324/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_13.c Buffer_Overflow_Indexes 84 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30250 110325/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_14.c Buffer_Overflow_Indexes 84 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30251 110326/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_15.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30252 110327/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_16.c Buffer_Overflow_Indexes 84 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30253 110328/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_17.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30254 110329/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_18.c Buffer_Overflow_Indexes 84 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30255 110330/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_21.c Buffer_Overflow_Indexes 84 data = badSource(data); static int badSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30256 110331/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_22.c Buffer_Overflow_Indexes 226 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30257 110332/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_31.c Buffer_Overflow_Indexes 82 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30258 110333/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_32.c Buffer_Overflow_Indexes 86 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30259 110335/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_34.c Buffer_Overflow_Indexes 89 typedef union int unionFirst; int unionSecond; } CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_34_unionType; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_34_unionType myUnion; myUnion.unionFirst = data; int data = myUnion.unionSecond; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30260 110336/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_41.c Buffer_Overflow_Indexes 99 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_41_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_41_badSink(int data) int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30261 110337/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_42.c Buffer_Overflow_Indexes 79 data = badSource(data); static int badSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30262 110339/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_44.c Buffer_Overflow_Indexes 101 void (*funcPtr) (int) = badSink; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30263 110340/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_45.c Buffer_Overflow_Indexes 103 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_45_badData = data; badSink(); int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_45_badData; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30264 110341/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_51.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_51b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_51b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30265 110342/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_52.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_52b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_52b_badSink(int data); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_52c_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_52c_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30266 110343/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53b_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53c_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53c_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53d_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53d_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30267 110344/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_54.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53b_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53c_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53c_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53d_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53d_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53e_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_53e_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30268 110345/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_61.c Buffer_Overflow_Indexes 209 data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_61b_badSource(data); int CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_61b_badSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30269 110347/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_63.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_63b_badSink(&data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_63b_badSink(int * dataPtr) int data = *dataPtr; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30270 110348/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_64.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_64b_badSink(&data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30271 110349/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_65.c Buffer_Overflow_Indexes 87 void (*funcPtr) (int) = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_65b_badSink; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_65b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30272 110350/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_66.c Buffer_Overflow_Indexes 86 int dataArray[5]; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_66b_badSink(dataArray); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_66b_badSink(int dataArray[]) int data = dataArray[2]; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 110350 1 CWE-680 -------------------------------- 72 /Mixed/110351/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_67.c Buffer_Overflow_Indexes typedef struct _CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_67_structType int structFirst; } CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_67_structType; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_67_structType myStruct; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_67b_badSink(myStruct); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_67b_goodG2BSink(CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_67_structType myStruct) int data = myStruct.structFirst; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30273 110352/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_68.c Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_68_badData = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_68b_badSink(); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_68b_badSink() int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_68_badData; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30274 110356/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_81a.cpp Buffer_Overflow_Indexes 86 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); const CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_81_base& baseObject = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_81_bad(); baseObject.action(data); namespace CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_81 void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_connect_socket_81_bad::action(int data) const intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30275 110360/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_01.c Buffer_Overflow_Indexes 31 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30276 110361/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_02.c Buffer_Overflow_Indexes 33 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30277 110362/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_03.c Buffer_Overflow_Indexes 33 data = -1; if(1) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30278 110363/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_04.c Buffer_Overflow_Indexes 40 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30279 110364/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_05.c Buffer_Overflow_Indexes 40 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30280 110365/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_06.c Buffer_Overflow_Indexes 37 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30281 110366/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_07.c Buffer_Overflow_Indexes 39 static int staticFive = 5; data = -1; if(staticFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30282 110367/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_08.c Buffer_Overflow_Indexes 47 static int staticReturnsTrue() return 1; }  static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) { char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30283 110368/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_09.c Buffer_Overflow_Indexes 33 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE){ char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30284 110369/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_10.c Buffer_Overflow_Indexes 33 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30285 110370/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_11.c Buffer_Overflow_Indexes 33 int globalReturnsTrue()  return 1; }   int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30286 110371/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_12.c Buffer_Overflow_Indexes 33 int globalReturnsTrueOrFalse()  return (rand() % 2); data = -1; if(globalReturnsTrueOrFalse()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30287 110372/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_13.c Buffer_Overflow_Indexes 33 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); printLine("fgets() failed."); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30288 110373/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_14.c Buffer_Overflow_Indexes 33 int globalFive = 5;  data = -1; if(globalFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30289 110374/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_15.c Buffer_Overflow_Indexes 34 data = -1; switch(6) case 6: char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); break; default: break; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30290 110375/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_16.c Buffer_Overflow_Indexes 33 data = -1; while(1) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); break; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30291 110376/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_17.c Buffer_Overflow_Indexes 34 data = -1; for(i = 0; i < 1; i++) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30292 110377/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_18.c Buffer_Overflow_Indexes 33 data = -1; goto source; source: char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30293 110378/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_21.c Buffer_Overflow_Indexes 33 static int badStatic = 0; data = -1; badStatic = 1; data = badSource(data); static int badSource(int data) if(badStatic) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30294 110379/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22.c Buffer_Overflow_Indexes 175 data = -1; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22_badGlobal = 1; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22_badSource(data); int CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22_badSource(int data) if(CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_22_badGlobal) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30295 110381/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_32.c Buffer_Overflow_Indexes 35 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30296 110383/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_34.c Buffer_Overflow_Indexes 38 typedef union int unionFirst; int unionSecond; } CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_34_unionType; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_34_unionType myUnion; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30297 110384/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_41.c Buffer_Overflow_Indexes 48 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_41_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_41_badSink(int data) int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30298 110385/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_42.c Buffer_Overflow_Indexes 28 data = -1; data = badSource(data); static int badSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30299 110387/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_44.c Buffer_Overflow_Indexes 50 void (*funcPtr) (int) = badSink; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); funcPtr(data); static void badSink(int data) int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30300 110388/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_45.c Buffer_Overflow_Indexes 52 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_45_badData = data; badSink(); static void badSink() int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_45_badData; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30301 110389/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_51.c Buffer_Overflow_Indexes 34 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_51b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_51b_badSink(int data) int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30302 110390/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_52.c Buffer_Overflow_Indexes 34 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_52b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_52b_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_52c_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_52c_badSink(int data) int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30303 110391/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53.c Buffer_Overflow_Indexes 34 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53b_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53c_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53c_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53d_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_53d_badSink(int data) int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30304 110392/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54.c Buffer_Overflow_Indexes 34 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54b_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54c_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54c_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54d_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54d_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54e_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_54e_badSink(int data) int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30305 110393/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_61.c Buffer_Overflow_Indexes 138 data = -1; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_61b_badSource(data); int CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_61b_badSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30306 110395/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_63.c Buffer_Overflow_Indexes 34 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_63b_badSink(&data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_63b_badSink(int * dataPtr) int data = *dataPtr; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30307 110396/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_64.c Buffer_Overflow_Indexes 34 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_64b_badSink(&data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30308 110397/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_65.c Buffer_Overflow_Indexes 36 void (*funcPtr) (int) = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_65b_badSink; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); funcPtr(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_65b_badSink(int data) int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30309 110398/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_66.c Buffer_Overflow_Indexes 35 int dataArray[5]; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); dataArray[2] = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_66b_badSink(dataArray); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_66b_badSink(int dataArray[]) int data = dataArray[2]; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30310 110399/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67.c Buffer_Overflow_Indexes 40 typedef struct _CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67_structType int structFirst; } CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67_structType; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67_structType myStruct; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); myStruct.structFirst = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67b_badSink(myStruct); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67b_badSink(CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_67_structType myStruct) int data = myStruct.structFirst; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30311 110400/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_68.c Buffer_Overflow_Indexes 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_68_badData = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_68b_badSink(); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_68b_badSink() int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fgets_68_badData; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30312 110456/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_01.c Buffer_Overflow_Indexes 27 data = -1; fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30313 110457/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_02.c Buffer_Overflow_Indexes 29 data = -1; if(1) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30314 110458/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_03.c Buffer_Overflow_Indexes 29 data = -1; if(5==5) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30315 110459/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_04.c Buffer_Overflow_Indexes 36 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30316 110460/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_05.c Buffer_Overflow_Indexes 36 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30317 110461/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_06.c Buffer_Overflow_Indexes 33 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30318 110462/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_07.c Buffer_Overflow_Indexes 35 static int staticFive = 5; data = -1; if(staticFive==5) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30319 110463/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_08.c Buffer_Overflow_Indexes 43 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30320 110464/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_09.c Buffer_Overflow_Indexes 29 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30321 110465/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_10.c Buffer_Overflow_Indexes 29 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30322 110468/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_13.c Buffer_Overflow_Indexes 29 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30323 110469/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_14.c Buffer_Overflow_Indexes 29 int globalFive = 5;  data = -1; if(globalFive==5) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30324 110470/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_15.c Buffer_Overflow_Indexes 30 data = -1; switch(6) case 6: fscanf(stdin, "%d", &data); break; default: break; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30325 110471/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_16.c Buffer_Overflow_Indexes 29 data = -1; while(1) fscanf(stdin, "%d", &data); break; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30326 110472/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_17.c Buffer_Overflow_Indexes 30 data = -1; for(i = 0; i < 1; i++) fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30327 110473/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_18.c Buffer_Overflow_Indexes 29 data = -1; goto source; source: fscanf(stdin, "%d", &data); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30328 110475/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22.c Buffer_Overflow_Indexes 171 data = -1; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22_badGlobal = 1; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22_badSource(data); int CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22_badSource(int data) if(CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_22_badGlobal) fscanf(stdin, "%d", &data); return data; int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30329 110476/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_31.c Buffer_Overflow_Indexes 27 data = -1; fscanf(stdin, "%d", &data); int dataCopy = data; int data = dataCopy; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30330 110477/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_32.c Buffer_Overflow_Indexes 31 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; fscanf(stdin, "%d", &data); *dataPtr1 = data; int data = *dataPtr2; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30331 110479/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_34.c Buffer_Overflow_Indexes 34 typedef union int unionFirst; int unionSecond; } CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_34_unionType; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_34_unionType myUnion; data = -1; fscanf(stdin, "%d", &data); myUnion.unionFirst = data; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30332 110480/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_41.c Buffer_Overflow_Indexes 44 data = -1; fscanf(stdin, "%d", &data); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_41_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_41_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30333 110481/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_42.c Buffer_Overflow_Indexes 24 data = -1; data = badSource(data); static int badSource(int data) fscanf(stdin, "%d", &data); return data; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30334 110483/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_44.c Buffer_Overflow_Indexes 46 void (*funcPtr) (int) = badSink; data = -1; fscanf(stdin, "%d", &data); funcPtr(data); static void badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30335 110484/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_45.c Buffer_Overflow_Indexes 48 data = -1; fscanf(stdin, "%d", &data); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_45_badData = data; badSink(); static void badSink() int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_45_badData; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30336 110485/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_51.c Buffer_Overflow_Indexes 30 data = -1; fscanf(stdin, "%d", &data); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_51b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_51b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30337 110486/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_52.c Buffer_Overflow_Indexes 30 data = -1; fscanf(stdin, "%d", &data); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_52b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_52b_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_52c_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_52c_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30338 110487/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53.c Buffer_Overflow_Indexes 30 data = -1; fscanf(stdin, "%d", &data); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53b_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53c_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53c_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53d_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_53d_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30339 110488/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54.c Buffer_Overflow_Indexes 30 data = -1; fscanf(stdin, "%d", &data); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54b_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54c_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54c_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54d_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54d_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54e_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_54e_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30340 110489/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_61.c Buffer_Overflow_Indexes 132 data = -1; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_61b_badSource(data); int CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_61b_badSource(int data) fscanf(stdin, "%d", &data); return data; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30341 110491/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_63.c Buffer_Overflow_Indexes 30 data = -1; fscanf(stdin, "%d", &data); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_63b_badSink(&data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_63b_badSink(int * dataPtr) int data = *dataPtr; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30342 110492/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_64.c Buffer_Overflow_Indexes 30 data = -1; fscanf(stdin, "%d", &data); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_64b_badSink(&data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30343 110493/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_65.c Buffer_Overflow_Indexes 32 void (*funcPtr) (int) = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_65b_badSink; data = -1; fscanf(stdin, "%d", &data); funcPtr(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_65b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30344 110494/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_66.c Buffer_Overflow_Indexes 31 int dataArray[5]; data = -1; fscanf(stdin, "%d", &data); dataArray[2] = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_66b_badSink(dataArray); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_66b_badSink(int dataArray[]) int data = dataArray[2]; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30345 110496/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_68.c Buffer_Overflow_Indexes 33 data = -1; fscanf(stdin, "%d", &data); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_68_badData = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_68b_badSink(); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_68b_badSink() int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_fscanf_68_badData; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30346 110504/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_01.c Buffer_Overflow_Indexes 91 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int *intPointer; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30347 110505/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_02.c Buffer_Overflow_Indexes 93 data = -1; if(1){ do recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); while (0); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30348 110506/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_03.c Buffer_Overflow_Indexes 93 data = -1; if(5==5) { do{ recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); } while (0); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30349 110507/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_04.c Buffer_Overflow_Indexes 100 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE){ recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30350 110508/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_05.c Buffer_Overflow_Indexes 100 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) { do recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); while (0); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30351 110509/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_06.c Buffer_Overflow_Indexes 97 static const int STATIC_CONST_FIVE = 5;     data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30352 110510/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_07.c Buffer_Overflow_Indexes 99 static int staticFive = 5; data = -1; if(staticFive==5) { recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30353 110511/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_08.c Buffer_Overflow_Indexes 107 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()){ recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30354 110512/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_09.c Buffer_Overflow_Indexes 93 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30355 110513/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_10.c Buffer_Overflow_Indexes 93 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) { recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30356 110514/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_11.c Buffer_Overflow_Indexes 93 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30357 110516/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_13.c Buffer_Overflow_Indexes 93 const int GLOBAL_CONST_FIVE = 5; data = -1; if(GLOBAL_CONST_FIVE==5) { recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30358 110517/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_14.c Buffer_Overflow_Indexes 93 int globalFive = 5; data = -1; if(globalFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30359 110518/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_15.c Buffer_Overflow_Indexes 94 data = -1; switch(6) case 6: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30360 110519/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_16.c Buffer_Overflow_Indexes 93 data = -1; while(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30361 110520/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_17.c Buffer_Overflow_Indexes 94 data = -1; for(i = 0; i < 1; i++) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30362 110521/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_18.c Buffer_Overflow_Indexes 93 data = -1; goto source; source: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30363 110522/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_21.c Buffer_Overflow_Indexes 93 static int badStatic = 0; data = -1; badStatic = 1; data = badSource(data); static int badSource(int data) if(badStatic){ recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30364 110523/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22.c Buffer_Overflow_Indexes 235 data = -1; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22_badGlobal = 1; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22_badSource(data); int CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22_badSource(int data) if(CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_22_badGlobal) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30365 110524/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_31.c Buffer_Overflow_Indexes 91 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30366 110525/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_32.c Buffer_Overflow_Indexes 95 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30367 110527/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_34.c Buffer_Overflow_Indexes 98 typedef union int unionFirst; int unionSecond; } CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_34_unionType; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_34_unionType myUnion; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30368 110528/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_41.c Buffer_Overflow_Indexes 108 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_41_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_41_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30369 110529/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_42.c Buffer_Overflow_Indexes 88 data = -1; data = badSource(data); static int badSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30370 110531/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_44.c Buffer_Overflow_Indexes 110 void (*funcPtr) (int) = badSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30371 110532/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_45.c Buffer_Overflow_Indexes 112 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_45_badData = data; badSink(); static void badSink() int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_45_badData; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30372 110533/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_51.c Buffer_Overflow_Indexes 94 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_51b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_51b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30373 110534/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_52.c Buffer_Overflow_Indexes 94 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_52b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_52b_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_52c_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_52c_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30374 110535/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53.c Buffer_Overflow_Indexes 94 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53b_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53c_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53c_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53d_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_53d_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30375 110536/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54.c Buffer_Overflow_Indexes 94 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54b_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54b_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54c_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54c_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54d_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54d_badSink(int data) CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54e_badSink(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_54e_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30376 110537/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_61.c Buffer_Overflow_Indexes 218 data = -1; data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_61b_badSource(data); int CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_61b_badSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30377 110539/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_63.c Buffer_Overflow_Indexes 94 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_63b_badSink(&data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_63b_badSink(int * dataPtr) int data = *dataPtr; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30378 110540/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_64.c Buffer_Overflow_Indexes 94 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_64b_badSink(&data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30379 110541/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_65.c Buffer_Overflow_Indexes 96 void (*funcPtr) (int) = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_65b_badSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_65b_badSink(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30380 110542/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_66.c Buffer_Overflow_Indexes 95 int dataArray[5]; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_66b_badSink(dataArray); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_66b_badSink(int dataArray[]) int data = dataArray[2]; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30381 110543/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67.c Buffer_Overflow_Indexes 100 typedef struct _CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67_structType int structFirst; } CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67_structType; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67_structType myStruct; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67b_badSink(myStruct); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67b_badSink(CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_67_structType myStruct) int data = myStruct.structFirst; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30382 110544/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_68.c Buffer_Overflow_Indexes 97 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_68_badData = data; CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_68b_badSink(); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_68b_badSink() int data = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_68_badData; intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30383 110548/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_81a.cpp Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); const CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_81_base& baseObject = CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_81_bad(); baseObject.action(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_81_bad::action(int data) const intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30384 110549/CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_82a.cpp Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_82_base* baseObject = new CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_82_bad; baseObject->action(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__malloc_listen_socket_82_bad::action(int data) intPointer = (int*)malloc(data * sizeof(int)); for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; delete baseObject; 1 --------------------------------- 30385 110644/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_81a.cpp Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); const CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_81_base& baseObject = CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_81_bad(); baseObject.action(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_81_bad::action(int data) const dataBytes = data * sizeof(int); intPointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30386 110645/CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_82a.cpp Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_82_base* baseObject = new CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_82_bad; baseObject->action(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__new_connect_socket_82_bad::action(int data) dataBytes = data * sizeof(int); intPointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; delete baseObject; 1 --------------------------------- 30387 110692/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_81a.cpp Buffer_Overflow_fgets 35 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); const CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_81_base& baseObject = CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_81_bad(); baseObject.action(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_81_bad::action(int data) const dataBytes = data * sizeof(int); intPointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30388 110693/CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_82a.cpp Buffer_Overflow_fgets 35 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_82_base* baseObject = new CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_82_bad; baseObject->action(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__new_fgets_82_bad::action(int data) dataBytes = data * sizeof(int); intPointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; delete baseObject; 1 --------------------------------- 30389 110836/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_81a.cpp Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); const CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_81_base& baseObject = CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_81_bad(); baseObject.action(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_81_bad::action(int data) const dataBytes = data * sizeof(int); intPointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; 1 --------------------------------- 30390 110837/CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_82a.cpp Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_82_base* baseObject = new CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_82_bad; baseObject->action(data); void CWE680_Integer_Overflow_to_Buffer_Overflow__new_listen_socket_82_bad::action(int data) dataBytes = data * sizeof(int); intPointer = (int*)new char[dataBytes]; for (i = 0; i < (size_t)data; i++) intPointer[i] = 0; delete baseObject; 1 --------------------------------- 30391 62516/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_01.c Buffer_Overflow_Indexes 83 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30392 62517/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_02.c Buffer_Overflow_Indexes 85 data = -1; if(1) { recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(1) { int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30393 62517/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_02.c Buffer_Overflow_Indexes 271 data = -1; if(1) { recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(0){  } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30394 62517/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_02.c Buffer_Overflow_Indexes 178 data = -1; if(1) { recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(1) { int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30395 62518/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_03.c Buffer_Overflow_Indexes 85 data = -1; if(5==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30396 62518/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_03.c Buffer_Overflow_Indexes 271 data = -1; if(5==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5!=5){ } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30397 62518/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_03.c Buffer_Overflow_Indexes 178 data = -1; if(5==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30398 62519/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_04.c Buffer_Overflow_Indexes 91 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30399 62519/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_04.c Buffer_Overflow_Indexes 277 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FALSE){ } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30400 62519/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_04.c Buffer_Overflow_Indexes 184 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30401 62520/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_05.c Buffer_Overflow_Indexes 91 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticTrue) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30402 62520/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_05.c Buffer_Overflow_Indexes 277 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFalse) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30403 62520/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_05.c Buffer_Overflow_Indexes 184 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticTrue) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30404 62521/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_06.c Buffer_Overflow_Indexes 276 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30405 62521/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_06.c Buffer_Overflow_Indexes 183 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE!=5){ } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30406 62521/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_06.c Buffer_Overflow_Indexes 90 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30407 62522/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_07.c Buffer_Overflow_Indexes 276 static int staticFive = 5; data = -1; if(staticFive==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30408 62522/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_07.c Buffer_Overflow_Indexes 183 static int staticFive = 5; data = -1; if(staticFive==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30409 62522/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_07.c Buffer_Overflow_Indexes 90 static int staticFive = 5; data = -1; if(staticFive==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30410 62523/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_08.c Buffer_Overflow_Indexes 284 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30411 62523/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_08.c Buffer_Overflow_Indexes 191 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsFalse()){ } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30412 62523/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_08.c Buffer_Overflow_Indexes 98 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30413 62524/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_09.c Buffer_Overflow_Indexes 85 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30414 62524/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_09.c Buffer_Overflow_Indexes 271 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FALSE){ } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30415 62524/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_09.c Buffer_Overflow_Indexes 178 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30416 62525/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_10.c Buffer_Overflow_Indexes 85 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalTrue) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30417 62525/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_10.c Buffer_Overflow_Indexes 271 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFalse) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30418 62525/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_10.c Buffer_Overflow_Indexes 178 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalTrue) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30419 62526/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_11.c Buffer_Overflow_Indexes 85 int globalReturnsTrue()  return 1; }   int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30420 62526/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_11.c Buffer_Overflow_Indexes 271 int globalReturnsTrue()  return 1; }   int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsFalse()){} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30421 62526/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_11.c Buffer_Overflow_Indexes 178 int globalReturnsTrue()  return 1; }   int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30422 62528/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_13.c Buffer_Overflow_Indexes 85 const int GLOBAL_CONST_FIVE = 5; data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30423 62528/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_13.c Buffer_Overflow_Indexes 271 const int GLOBAL_CONST_FIVE = 5; data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE!=5){ } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30424 62528/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_13.c Buffer_Overflow_Indexes 178 const int GLOBAL_CONST_FIVE = 5; data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30425 62529/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_14.c Buffer_Overflow_Indexes 85 int globalFive = 5;  data = -1; if(globalFive==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30426 62529/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_14.c Buffer_Overflow_Indexes 271 int globalFive = 5;  data = -1; if(globalFive==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive!=5) {} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30427 62529/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_14.c Buffer_Overflow_Indexes 178 int globalFive = 5;  data = -1; if(globalFive==5) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30428 62530/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_15.c Buffer_Overflow_Indexes 291 data = -1; switch(6) case 6: recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(7) case 7: int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; break; default: break; 1 --------------------------------- 30429 62530/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_15.c Buffer_Overflow_Indexes 86 data = -1; switch(6) case 6: recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(8) case 7: break; default: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; break; 0 --------------------------------- 30430 62530/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_15.c Buffer_Overflow_Indexes 191 data = -1; switch(6) case 6: recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(7) case 7: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; break; default: break; 0 --------------------------------- 30431 62531/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_16.c Buffer_Overflow_Indexes 85 data = -1; while(1) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; while(1) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; break; 1 --------------------------------- 30432 62532/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_17.c Buffer_Overflow_Indexes 180 data = -1; while(1) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; while(1) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; break; 0 --------------------------------- 30433 62532/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_17.c Buffer_Overflow_Indexes 86 data = -1; for(i = 0; i < 1; i++) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); for(j = 0; j < 1; j++) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30434 62532/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_17.c Buffer_Overflow_Indexes 86 data = -1; for(i = 0; i < 1; i++) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); for(k = 0; k < 1; k++) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30435 62533/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_18.c Buffer_Overflow_Indexes 85 data = -1; goto source; source: recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goto sink; sink: int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30436 62533/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_18.c Buffer_Overflow_Indexes 176 data = -1; goto source; source: recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goto sink; sink: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30437 62534/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_21.c Buffer_Overflow_Indexes 308 static int badStatic = 0; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badStatic = 1; badSink(data); static void badSink(int data) if(badStatic) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30438 62534/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_21.c Buffer_Overflow_Indexes 112 static int goodB2G1Static = 0; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2G1Static = 0; goodB2G1Sink(data); static void goodB2G1Sink(int data) if(goodB2G1Static){ } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30439 62534/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_21.c Buffer_Overflow_Indexes 217 static int goodB2G2Static = 0; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2G2Static = 1; goodB2G2Sink(data); static void goodB2G2Sink(int data) if(goodB2G2Static) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30440 62535/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22.c Buffer_Overflow_Indexes 165 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22_badGlobal = 1; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22_badSink(int data) if(CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22_badGlobal) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30441 62535/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22.c Buffer_Overflow_Indexes 88 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22_goodB2G1Global = 0; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22_goodB2G1Sink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22_goodB2G1Sink(int data) if(CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22_goodB2G1Global){} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30442 62535/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22.c Buffer_Overflow_Indexes 233 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22_goodB2G2Global = 1; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22_goodB2G2Sink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22_goodB2G2Sink(int data) if(CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_22_goodB2G2Global) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30443 62536/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_31.c Buffer_Overflow_Indexes 83 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30444 62536/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_31.c Buffer_Overflow_Indexes 208 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30445 62537/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_32.c Buffer_Overflow_Indexes 222 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30446 62537/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_32.c Buffer_Overflow_Indexes 87 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30447 62539/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_34.c Buffer_Overflow_Indexes 90 typedef union int unionFirst; int unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_34_unionType; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_34_unionType myUnion; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30448 62539/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_34.c Buffer_Overflow_Indexes 217 typedef union int unionFirst; int unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_34_unionType; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_34_unionType myUnion; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30449 62540/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_41.c Buffer_Overflow_Indexes 232 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badSink(data); static void badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30450 62540/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_41.c Buffer_Overflow_Indexes 106 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2GSink(data); static void goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30451 62541/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_42.c Buffer_Overflow_Indexes 80 data = -1; data = badSource(data); static int badSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30452 62541/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_42.c Buffer_Overflow_Indexes 209 data = -1; data = goodB2GSource(data); static int goodB2GSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30453 62543/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_44.c Buffer_Overflow_Indexes 108 void (*funcPtr) (int) = badSink; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30454 62543/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_44.c Buffer_Overflow_Indexes 237 void (*funcPtr) (int) = goodB2GSink; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30455 62544/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_45.c Buffer_Overflow_Indexes 111 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_45_badData = data; badSink(); static void badSink() int data = CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_45_badData; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30456 62544/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_45.c Buffer_Overflow_Indexes 241 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() int data = CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_45_goodB2GData; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30457 62545/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_51.c Buffer_Overflow_Indexes 171 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_51b_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30458 62545/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_51.c Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_51b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_51b_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30459 62546/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_52.c Buffer_Overflow_Indexes 171 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_52b_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_52c_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30460 62546/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_52.c Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_52b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_52b_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_52c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_52c_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30461 62547/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53.c Buffer_Overflow_Indexes 171 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53b_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53c_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53d_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30462 62547/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53.c Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53b_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53c_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53d_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_53d_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30463 62548/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54.c Buffer_Overflow_Indexes 171 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54b_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54c_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54d_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54e_badSink(data);    void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54e_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30464 62548/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54.c Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54b_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54c_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54d_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54d_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54e_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_54e_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30465 62549/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_61.c Buffer_Overflow_Indexes 252 data = -1; data = CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_61b_badSource(data); int CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_61b_badSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30466 62549/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_61.c Buffer_Overflow_Indexes 327 data = -1; data = CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_61b_goodB2GSource(data); int CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_61b_goodB2GSource(int data) recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30467 62551/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_63.c Buffer_Overflow_Indexes 171 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_63b_badSink(int * dataPtr) int data = *dataPtr; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30468 62551/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_63.c Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_63b_goodB2GSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_63b_goodB2GSink(int * dataPtr) int data = *dataPtr; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30469 62552/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_64.c Buffer_Overflow_Indexes 171 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30470 62552/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_64.c Buffer_Overflow_Indexes 86 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_64b_goodB2GSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_64b_goodB2GSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30471 62553/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_65.c Buffer_Overflow_Indexes 88 void (*funcPtr) (int) = CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_65b_badSink; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_65b_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30472 62553/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_65.c Buffer_Overflow_Indexes 176 void (*funcPtr) (int) = CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_65b_goodB2GSink; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_65b_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30473 62554/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_66.c Buffer_Overflow_Indexes 87 int dataArray[5]; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_66b_badSink(int dataArray[]) int data = dataArray[2]; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30474 62554/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_66.c Buffer_Overflow_Indexes 177 int dataArray[5]; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_66b_goodB2GSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_66b_goodB2GSink(int dataArray[]) int data = dataArray[2]; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30475 62555/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67.c Buffer_Overflow_Indexes 92 typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67_structType int structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67_structType; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67_structType myStruct; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67_structType myStruct) int data = myStruct.structFirst; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30476 62555/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67.c Buffer_Overflow_Indexes 181 typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67_structType int structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67_structType; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67_structType myStruct; data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67b_goodB2GSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67b_goodB2GSink(CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_67_structType myStruct) int data = myStruct.structFirst; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30477 62556/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_68.c Buffer_Overflow_Indexes 90 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_68b_badSink() int data = CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_68_badData; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30478 62556/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_68.c Buffer_Overflow_Indexes 177 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_68_goodB2GData = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_68b_goodB2GSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_68b_goodB2GSink() int data = CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_68_goodB2GData; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30479 62560/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_81a.cpp Buffer_Overflow_Indexes 87 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); const CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_81_bad::action(int data) const int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30480 62560/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_81a.cpp Buffer_Overflow_Indexes 170 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); const CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_81_goodB2G(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_81_goodB2G::action(int data) const int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30481 62561/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_82a.cpp Buffer_Overflow_Indexes 172 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_82_bad::action(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; delete baseObject; 1 --------------------------------- 30482 62561/CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_82a.cpp Buffer_Overflow_Indexes 87 data = -1; recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_82_goodB2G; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_connect_socket_82_goodB2G::action(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; delete baseObject; 0 --------------------------------- 30483 62564/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_01.c Buffer_Overflow_fgets 32 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30484 62564/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_01.c Buffer_Overflow_fgets 106 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30485 62565/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_02.c Buffer_Overflow_fgets 134 data = -1; if(1){ char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(0){} else{ int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 1 --------------------------------- 30486 62565/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_02.c Buffer_Overflow_fgets 134 data = -1; if(1){ char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(1){ int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30487 62565/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_02.c Buffer_Overflow_fgets 34 data = -1; if(1){ char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(1){ int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 0 --------------------------------- 30488 62566/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_03.c Buffer_Overflow_fgets 134 data = -1; if(5==5){ char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(5!=5){} else{ int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30489 62566/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_03.c Buffer_Overflow_fgets 134 data = -1; if(5==5){ char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(5==5){ int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30490 62566/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_03.c Buffer_Overflow_fgets 54 data = -1; if(5==5){ char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(5==5){ int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30491 62567/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_04.c Buffer_Overflow_fgets 40 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) { char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(STATIC_CONST_TRUE) { int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30492 62567/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_04.c Buffer_Overflow_fgets 140 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30493 62567/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_04.c Buffer_Overflow_fgets 140 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30494 62568/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_05.c Buffer_Overflow_fgets 40 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticTrue) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30495 62568/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_05.c Buffer_Overflow_fgets 140 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticFalse) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30496 62568/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_05.c Buffer_Overflow_fgets 140 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticTrue) { int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30497 62569/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_06.c Buffer_Overflow_fgets 39 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30498 62569/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_06.c Buffer_Overflow_fgets 139 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(STATIC_CONST_FIVE!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30499 62569/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_06.c Buffer_Overflow_fgets 139 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30500 62570/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_07.c Buffer_Overflow_fgets 39 static int staticFive = 5; data = -1; if(staticFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticFive==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30501 62570/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_07.c Buffer_Overflow_fgets 139 static int staticFive = 5; data = -1; if(staticFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticFive!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30502 62570/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_07.c Buffer_Overflow_fgets 139 static int staticFive = 5; data = -1; if(staticFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticFive==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30503 62571/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_08.c Buffer_Overflow_fgets 47 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30504 62571/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_08.c Buffer_Overflow_fgets 147 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticReturnsFalse()) {} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30505 62571/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_08.c Buffer_Overflow_fgets 147 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(staticReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30506 62572/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_09.c Buffer_Overflow_fgets 134 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(GLOBAL_CONST_FALSE) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30507 62572/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_09.c Buffer_Overflow_fgets 134 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30508 62572/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_09.c Buffer_Overflow_fgets 34 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30509 62573/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_10.c Buffer_Overflow_fgets 134 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalFalse) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30510 62573/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_10.c Buffer_Overflow_fgets 134 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalTrue) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30511 62573/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_10.c Buffer_Overflow_fgets 34 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalTrue) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30512 62574/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_11.c Buffer_Overflow_fgets 134 int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; data = -1; if(globalReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalReturnsFalse()) {} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30513 62574/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_11.c Buffer_Overflow_fgets 134 int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; data = -1; if(globalReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalReturnsFalse()) {} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30514 62574/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_11.c Buffer_Overflow_fgets 34 int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; data = -1; if(globalReturnsTrue()) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30515 62576/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_13.c Buffer_Overflow_fgets 134 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30516 62576/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_13.c Buffer_Overflow_fgets 134 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30517 62576/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_13.c Buffer_Overflow_fgets 34 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30518 62577/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_14.c Buffer_Overflow_fgets 134 int globalFive = 5;  data = -1; if(globalFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalFive!=5) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30519 62577/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_14.c Buffer_Overflow_fgets 134 int globalFive = 5;  data = -1; if(globalFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalFive==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30520 62577/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_14.c Buffer_Overflow_fgets 34 int globalFive = 5;  data = -1; if(globalFive==5) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); if(globalFive==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30521 62578/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_15.c Buffer_Overflow_fgets 35 data = -1; switch(6) case 6: char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); break; default: break; switch(7) case 7: int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; break; default: break; 1 --------------------------------- 30522 62578/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_15.c Buffer_Overflow_fgets 154 data = -1; switch(6) case 6: char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); break; default: break; switch(8) case 7: break; default: int i; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30523 62578/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_15.c Buffer_Overflow_fgets 154 data = -1; switch(6) case 6: char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); break; default: break; switch(7) case 7: int i; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; default: break; 0 --------------------------------- 30524 62579/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_16.c Buffer_Overflow_fgets 34 data = -1; while(1) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); break; while(1) int i; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; break; 1 --------------------------------- 30525 62579/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_16.c Buffer_Overflow_fgets 86 data = -1; while(1) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); break; while(1) int i; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; break; 0 --------------------------------- 30526 62580/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_17.c Buffer_Overflow_fgets 86 data = -1; for(i = 0; i < 1; i++) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); for(k = 0; k < 1; k++) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30527 62580/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_17.c Buffer_Overflow_fgets 35 data = -1; for(i = 0; i < 1; i++) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); for(j = 0; j < 1; j++) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30528 62581/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_18.c Buffer_Overflow_fgets 82 data = -1; goto source; source: char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); goto sink; sink: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30529 62581/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_18.c Buffer_Overflow_fgets 34 data = -1; goto source; source: char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); goto sink; sink: int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30530 62582/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_21.c Buffer_Overflow_fgets 123 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); goodB2G2Static = 1; goodB2G2Sink(data); static void goodB2G2Sink(int data) if(goodB2G2Static) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30531 62582/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_21.c Buffer_Overflow_fgets 61 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); badStatic = 1; badSink(data); static void badSink(int data) if(badStatic) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30532 62582/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_21.c Buffer_Overflow_fgets 171 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); goodB2G1Static = 0; goodB2G1Sink(data); static void goodB2G1Sink(int data) if(goodB2G1Static){ } else{ int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30533 62583/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22.c Buffer_Overflow_fgets 71 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_goodB2G1Global = 0; CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_goodB2G1Sink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_goodB2G1Sink(int data) if(CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_goodB2G1Global) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30534 62583/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22.c Buffer_Overflow_fgets 71 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_goodB2G2Global = 1; CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_goodB2G2Sink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_goodB2G2Sink(int data) if(CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_goodB2G2Global) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30535 62583/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22.c Buffer_Overflow_fgets 37 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_badGlobal = 1; CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_badSink(int data) if(CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_22_badGlobal) int i; buffer[data] = 1; 1 --------------------------------- 30536 62584/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_31.c Buffer_Overflow_fgets 32 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30537 62584/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_31.c Buffer_Overflow_fgets 114 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30538 62585/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_32.c Buffer_Overflow_fgets 36 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30539 62585/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_32.c Buffer_Overflow_fgets 36 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30540 62587/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_34.c Buffer_Overflow_fgets 39 typedef union int unionFirst; int unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_34_unionType; CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_34_unionType myUnion; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30541 62587/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_34.c Buffer_Overflow_fgets 123 typedef union int unionFirst; int unionSecond; }CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_34_unionType; CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_34_unionType myUnion; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30542 62588/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_41.c Buffer_Overflow_fgets 55 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); badSink(data); static void badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30543 62588/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_41.c Buffer_Overflow_fgets 138 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); goodB2GSink(data); static void goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30544 62589/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_42.c Buffer_Overflow_fgets 29 data = -1; data = badSource(data); static int badSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30545 62589/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_42.c Buffer_Overflow_fgets 115 data = -1; data = goodB2GSource(data); static int goodB2GSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30546 62591/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_44.c Buffer_Overflow_fgets 143 void (*funcPtr) (int) = goodB2GSink; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); funcPtr(data); static void goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30547 62591/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_44.c Buffer_Overflow_fgets 57 void (*funcPtr) (int) = badSink; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); funcPtr(data); static void badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30548 62592/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_45.c Buffer_Overflow_fgets 147 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() int data = CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_45_goodB2GData; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30549 62592/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_45.c Buffer_Overflow_fgets 60 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_45_badData = data; badSink(); static void badSink() int data = CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_45_badData; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30550 62593/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_51.c Buffer_Overflow_Indexes 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_51b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_51b_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30551 62593/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_51.c Buffer_Overflow_fgets 35 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_51b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_51b_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30552 62594/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_52.c Buffer_Overflow_Indexes 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_52b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_52b_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_52c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_52c_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30553 62594/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_52.c Buffer_Overflow_fgets 35 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_52b_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_52c_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30554 62595/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53.c Buffer_Overflow_fgets 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer);  CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53b_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53c_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53d_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53d_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30555 62595/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53.c Buffer_Overflow_fgets 35 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53b_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53c_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_53d_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30556 62596/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54.c Buffer_Overflow_fgets 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54b_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54c_goodB2GSink(data);    void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54c_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54d_goodB2GSink(data);   void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54d_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54e_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54e_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30557 62596/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54.c Buffer_Overflow_fgets 35 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54b_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54c_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54d_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_54e_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30558 62597/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_61.c Buffer_Overflow_fgets 213 data = -1; data = CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_61b_goodB2GSource(data); int CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_61b_goodB2GSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30559 62597/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_61.c Buffer_Overflow_fgets 181 data = -1; data = CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_61b_badSource(data); int CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_61b_badSource(int data) char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30560 62599/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_63.c Buffer_Overflow_Indexes 77 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_63b_goodB2GSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_63b_goodB2GSink(int * dataPtr) int data = *dataPtr; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30561 62599/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_63.c Buffer_Overflow_Indexes 35 data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_63b_badSink(int * dataPtr) int data = *dataPtr; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30562 62601/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_65.c Buffer_Overflow_Indexes 37 void (*funcPtr) (int) = CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_65b_badSink; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_65b_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30563 62601/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_65.c Buffer_Overflow_fgets 82 void (*funcPtr) (int) = CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_65b_goodB2GSink; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_65b_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30564 62602/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_66.c Buffer_Overflow_fgets 83 int dataArray[5]; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_66b_goodB2GSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_66b_goodB2GSink(int dataArray[]) int data = dataArray[2]; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30565 62602/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_66.c Buffer_Overflow_fgets 36 int dataArray[5]; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_66b_badSink(int dataArray[]) int data = dataArray[2]; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30566 62603/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67.c Buffer_Overflow_fgets 87 typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67_structType int structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67_structType; CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67_structType myStruct; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67b_goodB2GSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67b_goodB2GSink(CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67_structType myStruct) int data = myStruct.structFirst; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30567 62603/CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67.c Buffer_Overflow_fgets 41 typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67_structType int structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67_structType; CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67_structType myStruct; data = -1; char inputBuffer[CHAR_ARRAY_SIZE] = ""; if (fgets(inputBuffer, CHAR_ARRAY_SIZE, stdin) != NULL) data = atoi(inputBuffer); myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE129_fgets_67_structType myStruct) int data = myStruct.structFirst; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30568 62708/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_01.c Buffer_Overflow_Indexes 92 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30569 62708/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_01.c Buffer_Overflow_Indexes 222 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30570 62709/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_02.c Buffer_Overflow_Indexes 306 data = -1; if(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(1) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30571 62709/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_02.c Buffer_Overflow_Indexes 200 data = -1; if(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(0){ } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30572 62709/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_02.c Buffer_Overflow_Indexes 94 data = -1; if(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(1) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30573 62710/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_03.c Buffer_Overflow_Indexes 306 data = -1; if(5==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30574 62710/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_03.c Buffer_Overflow_Indexes 200 data = -1; if(5==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5!=5){} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30575 62710/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_03.c Buffer_Overflow_Indexes 94 data = -1; if(5==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(5==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30576 62711/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_04.c Buffer_Overflow_Indexes 100 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30577 62711/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_04.c Buffer_Overflow_Indexes 312 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FALSE){ } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30578 62711/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_04.c Buffer_Overflow_Indexes 206 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; data = -1; if(STATIC_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30579 62712/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_05.c Buffer_Overflow_Indexes 100 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticTrue) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30580 62712/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_05.c Buffer_Overflow_Indexes 312 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFalse){ } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30581 62712/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_05.c Buffer_Overflow_Indexes 206 static int staticTrue = 1; static int staticFalse = 0; data = -1; if(staticTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticTrue) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30582 62713/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_06.c Buffer_Overflow_Indexes 99 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30583 62713/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_06.c Buffer_Overflow_Indexes 311 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE!=5){} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30584 62713/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_06.c Buffer_Overflow_Indexes 205 static const int STATIC_CONST_FIVE = 5; data = -1; if(STATIC_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(STATIC_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30585 62714/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_07.c Buffer_Overflow_Indexes 99 static int staticFive = 5; data = -1; if(staticFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30586 62714/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_07.c Buffer_Overflow_Indexes 311 static int staticFive = 5; data = -1; if(staticFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive!=5){} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30587 62714/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_07.c Buffer_Overflow_Indexes 205 static int staticFive = 5; data = -1; if(staticFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticFive==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30588 62715/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_08.c Buffer_Overflow_Indexes 107 static int staticReturnsTrue() return 1; }   static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30589 62715/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_08.c Buffer_Overflow_Indexes 319 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsFalse()) {} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30590 62715/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_08.c Buffer_Overflow_Indexes 319 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = -1; if(staticReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(staticReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30591 62716/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_09.c Buffer_Overflow_Indexes 306 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30592 62716/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_09.c Buffer_Overflow_Indexes 200 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FALSE){} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30593 62716/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_09.c Buffer_Overflow_Indexes 94 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = -1; if(GLOBAL_CONST_TRUE) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_TRUE) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30594 62717/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_10.c Buffer_Overflow_Indexes 306 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalTrue) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30595 62717/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_10.c Buffer_Overflow_Indexes 200 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFalse) {} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30596 62717/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_10.c Buffer_Overflow_Indexes 94 int globalTrue = 1; int globalFalse = 0; data = -1; if(globalTrue) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalTrue) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30597 62718/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_11.c Buffer_Overflow_Indexes 306 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30598 62718/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_11.c Buffer_Overflow_Indexes 200 int globalReturnsTrue()  return 1; }   int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsFalse()){ } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30599 62718/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_11.c Buffer_Overflow_Indexes 94 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; data = -1; if(globalReturnsTrue()) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalReturnsTrue()) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30600 62720/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_13.c Buffer_Overflow_Indexes 306 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30601 62720/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_13.c Buffer_Overflow_Indexes 200 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE!=5) {} else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30602 62720/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_13.c Buffer_Overflow_Indexes 94 const int GLOBAL_CONST_FIVE = 5;  data = -1; if(GLOBAL_CONST_FIVE==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(GLOBAL_CONST_FIVE==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30603 62721/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_14.c Buffer_Overflow_Indexes 306 int globalFive = 5;  data = -1; if(globalFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive==5) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30604 62721/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_14.c Buffer_Overflow_Indexes 200 int globalFive = 5;  data = -1; if(globalFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive!=5){ } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30605 62721/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_14.c Buffer_Overflow_Indexes 94 int globalFive = 5;  data = -1; if(globalFive==5) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if(globalFive==5) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30606 62722/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_15.c Buffer_Overflow_Indexes 95 data = -1; switch(6) case 6: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(7) case 7: int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; break; default: break; 1 --------------------------------- 30607 62722/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_15.c Buffer_Overflow_Indexes 213 data = -1; switch(6) case 6: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(8) case 7: break; default: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; break; 0 --------------------------------- 30608 62722/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_15.c Buffer_Overflow_Indexes 326 data = -1; switch(6) case 6: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; default: break; switch(7) case 7: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; break; default: break; 0 --------------------------------- 30609 62723/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_16.c Buffer_Overflow_Indexes 202 data = -1; while(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; while(1) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; break; 1 --------------------------------- 30610 62723/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_16.c Buffer_Overflow_Indexes 94 data = -1; while(1) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); break; while(1) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; break; 0 --------------------------------- 30611 62724/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_17.c Buffer_Overflow_Indexes 202 data = -1; for(i = 0; i < 1; i++) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); for(j = 0; j < 1; j++) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30612 62724/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_17.c Buffer_Overflow_Indexes 95 data = -1; for(i = 0; i < 1; i++) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); for(k = 0; k < 1; k++) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30613 62725/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_18.c Buffer_Overflow_Indexes 94 data = -1; goto source; source: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goto sink; sink: int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30614 62725/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_18.c Buffer_Overflow_Indexes 198 data = -1; goto source; source: recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goto sink; sink: int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] =1; 0 --------------------------------- 30615 62726/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_21.c Buffer_Overflow_Indexes 239 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badStatic = 1; badSink(data); static void badSink(int data) if(badStatic) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30616 62726/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_21.c Buffer_Overflow_Indexes 121 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2G1Static = 0; goodB2G1Sink(data); static void goodB2G1Sink(int data) if(goodB2G1Static) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30617 62726/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_21.c Buffer_Overflow_Indexes 343 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2G2Static = 1; goodB2G2Sink(data); static void goodB2G2Sink(int data) if(goodB2G2Static) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30618 62727/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22.c Buffer_Overflow_Indexes 187 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22_badGlobal = 1; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22_badSink(int data) if(CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22_badGlobal) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30619 62727/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22.c Buffer_Overflow_Indexes 268 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22_goodB2G1Global = 0; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22_goodB2G1Sink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22_goodB2G1Sink(int data) if(CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22_goodB2G1Global) { } else int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30620 62727/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22.c Buffer_Overflow_Indexes 97 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22_goodB2G2Global = 1; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22_goodB2G2Sink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22_goodB2G2Sink(int data) if(CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_22_goodB2G2Global) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30621 62728/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_31.c Buffer_Overflow_Indexes 92 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30622 62728/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_31.c Buffer_Overflow_Indexes 230 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30623 62729/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_32.c Buffer_Overflow_Indexes 244 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30624 62729/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_32.c Buffer_Overflow_Indexes 96 int *dataPtr1 = &data; int *dataPtr2 = &data; data = -1; int data = *dataPtr1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); *dataPtr1 = data; int data = *dataPtr2; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30625 62731/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_34.c Buffer_Overflow_Indexes 99 typedef union int unionFirst; int unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_34_unionType; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_34_unionType myUnion; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30626 62731/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_34.c Buffer_Overflow_Indexes 239 typedef union int unionFirst; int unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_34_unionType; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_34_unionType myUnion; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myUnion.unionFirst = data; int data = myUnion.unionSecond; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30627 62732/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_41.c Buffer_Overflow_Indexes 115 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badSink(data); static void badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30628 62732/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_41.c Buffer_Overflow_Indexes 254 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2GSink(data); static void goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30629 62733/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_42.c Buffer_Overflow_Indexes 89 data = -1; data = badSource(data); static int badSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30630 62733/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_42.c Buffer_Overflow_Indexes 231 data = -1; data = goodB2GSource(data); static int goodB2GSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30631 62735/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_44.c Buffer_Overflow_Indexes 259 void (*funcPtr) (int) = badSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30632 62735/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_44.c Buffer_Overflow_Indexes 117 void (*funcPtr) (int) = goodB2GSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); static void goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30633 62736/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_45.c Buffer_Overflow_Indexes 263 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_45_badData = data; badSink(); static void badSink() int data = CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_45_badData; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30634 62736/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_45.c Buffer_Overflow_Indexes 120 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() int data = CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_45_goodB2GData; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30635 62737/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_51.c Buffer_Overflow_Indexes 193 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_51b_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30636 62737/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_51.c Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_51b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_51b_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30637 62738/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_52.c Buffer_Overflow_Indexes 193 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_52b_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_52c_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30638 62738/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_52.c Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_52b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_52b_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_52c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_52c_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30639 62739/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53.c Buffer_Overflow_Indexes 193 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53b_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53c_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53d_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30640 62739/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53.c Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53b_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53c_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53d_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_53d_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30641 62740/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54.c Buffer_Overflow_Indexes 193 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54b_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54c_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54d_badSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54e_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30642 62740/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54.c Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54b_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54c_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54d_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54d_goodB2GSink(int data) CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54e_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_54e_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30643 62741/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_61.c Buffer_Overflow_Indexes 349 data = -1; data = CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_61b_badSource(data); int CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_61b_badSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30644 62741/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_61.c Buffer_Overflow_Indexes 261 data = -1; data = CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_61b_goodB2GSource(data); int CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_61b_goodB2GSource(int data) recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); return data; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30645 62743/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_63.c Buffer_Overflow_Indexes 193 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_63b_badSink(int * dataPtr) int data = *dataPtr; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30646 62743/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_63.c Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_63b_goodB2GSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_63b_goodB2GSink(int * dataPtr) int data = *dataPtr; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30647 62744/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_64.c Buffer_Overflow_Indexes 193 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_64b_badSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30648 62744/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_64.c Buffer_Overflow_Indexes 95 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_64b_goodB2GSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_64b_goodB2GSink(void * dataVoidPtr) int * dataPtr = (int *)dataVoidPtr; int data = (*dataPtr); int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30649 62745/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_65.c Buffer_Overflow_Indexes 97 void (*funcPtr) (int) = CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_65b_badSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_65b_badSink(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30650 62745/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_65.c Buffer_Overflow_Indexes 198 void (*funcPtr) (int) = CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_65b_goodB2GSink; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_65b_goodB2GSink(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30651 62746/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_66.c Buffer_Overflow_Indexes 199 int dataArray[5]; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_66b_badSink(int dataArray[]) int data = dataArray[2]; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30652 62746/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_66.c Buffer_Overflow_Indexes 96 int dataArray[5]; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_66b_goodB2GSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_66b_goodB2GSink(int dataArray[]) int data = dataArray[2]; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30653 62747/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67.c Buffer_Overflow_Indexes 203 typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67_structType int structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67_structType; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67_structType myStruct; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67_structType myStruct) int data = myStruct.structFirst; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30654 62747/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67.c Buffer_Overflow_Indexes 101 typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67_structType int structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67_structType; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67_structType myStruct; data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67b_goodB2GSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67b_goodB2GSink(CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_67_structType myStruct) int data = myStruct.structFirst; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30655 62748/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_68.c Buffer_Overflow_Indexes 99 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_68b_badSink() int data = CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_68_badData; int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30656 62748/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_68.c Buffer_Overflow_Indexes 199 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_68_goodB2GData = data; CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_68b_goodB2GSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_68b_goodB2GSink() int data = CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_68_goodB2GData; int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30657 62752/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_81a.cpp Buffer_Overflow_Indexes 96 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); const CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_81_bad::action(int data) const int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 30658 62752/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_81a.cpp Buffer_Overflow_Indexes 192 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); const CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_81_goodB2G(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_81_goodB2G::action(int data) const int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 30659 62753/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_82a.cpp Buffer_Overflow_Indexes 194 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_82_bad::action(int data) int buffer[10] = { 0 }; if (data >= 0) buffer[data] = 1; delete baseObject; 1 --------------------------------- 30660 62753/CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_82a.cpp Buffer_Overflow_Indexes 96 data = -1; recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_82_goodB2G; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE129_listen_socket_82_goodB2G::action(int data) int buffer[10] = { 0 }; if (data >= 0 && data < (10)) buffer[data] = 1; delete baseObject; 0 --------------------------------- 30661 62948/CWE121_Stack_Based_Buffer_Overflow__CWE135_01.c String_Termination_Error 56 #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30662 62948/CWE121_Stack_Based_Buffer_Overflow__CWE135_01.c String_Termination_Error 35 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30663 62948/CWE121_Stack_Based_Buffer_Overflow__CWE135_01.c String_Termination_Error 35 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = (void *)WIDE_STRING; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30664 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c String_Termination_Error 146 #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(1) data = (void *)CHAR_STRING; if(1) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30665 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c String_Termination_Error 123 #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(0){} else{ data = (void *)CHAR_STRING; if(1) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30666 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c String_Termination_Error 95 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(1) data = (void *)WIDE_STRING; if(1) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30667 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c String_Termination_Error 72 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(1) data = (void *)WIDE_STRING; if(0){} else{ size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30668 62949/CWE121_Stack_Based_Buffer_Overflow__CWE135_02.c String_Termination_Error 40 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30669 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c String_Termination_Error 146 #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(5==5) data = (void *)CHAR_STRING; if(5==5) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30670 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c String_Termination_Error 40 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30671 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c String_Termination_Error 123 #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(5!=5) {} else{ data = (void *)CHAR_STRING; if(5==5) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30672 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c String_Termination_Error 72 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(5==5) data = (void *)WIDE_STRING; if(5!=5){} else{ size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30673 62950/CWE121_Stack_Based_Buffer_Overflow__CWE135_03.c String_Termination_Error 95 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(5==5) data = (void *)WIDE_STRING; if(5==5) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30674 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c String_Termination_Error 152 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(STATIC_CONST_TRUE) data = (void *)CHAR_STRING; if(STATIC_CONST_TRUE) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30675 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c String_Termination_Error 46 static const int STATIC_CONST_TRUE = 1; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(STATIC_CONST_TRUE) data = (void *)WIDE_STRING; if(STATIC_CONST_TRUE) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30676 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c String_Termination_Error 78 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(STATIC_CONST_TRUE) data = (void *)WIDE_STRING; if(STATIC_CONST_FALSE) {} else{ size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30677 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c String_Termination_Error 101 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(STATIC_CONST_TRUE) data = (void *)WIDE_STRING; if(STATIC_CONST_TRUE) else{ size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30678 62951/CWE121_Stack_Based_Buffer_Overflow__CWE135_04.c String_Termination_Error 129 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(STATIC_CONST_FALSE) {} else{ data = (void *)CHAR_STRING; if(STATIC_CONST_TRUE) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30679 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c String_Termination_Error 152 static int staticTrue = 1; static int staticFalse = 0; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(staticTrue) data = (void *)CHAR_STRING; if(staticTrue) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30680 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c String_Termination_Error 46 static int staticTrue = 1; static int staticFalse = 0; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(staticTrue) data = (void *)WIDE_STRING; if(staticTrue) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30681 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c String_Termination_Error 80 static int staticTrue = 1; static int staticFalse = 0; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(staticTrue) data = (void *)WIDE_STRING; if(staticFalse) {} else{ size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30682 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c String_Termination_Error 103 static int staticTrue = 1; static int staticFalse = 0; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(staticTrue) data = (void *)WIDE_STRING; if(staticTrue) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30683 62952/CWE121_Stack_Based_Buffer_Overflow__CWE135_05.c String_Termination_Error 129 static int staticTrue = 1; static int staticFalse = 0; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(staticFalse) {} else{ data = (void *)CHAR_STRING; if(staticTrue) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30684 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c String_Termination_Error 45 static const int STATIC_CONST_FIVE = 5; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(STATIC_CONST_FIVE==5) data = (void *)WIDE_STRING; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30685 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c String_Termination_Error 79 static const int STATIC_CONST_FIVE = 5; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(STATIC_CONST_FIVE==5) data = (void *)WIDE_STRING; if(STATIC_CONST_FIVE!=5){} else{ size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30686 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c String_Termination_Error 102 static const int STATIC_CONST_FIVE = 5; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(STATIC_CONST_FIVE==5) data = (void *)WIDE_STRING; if(STATIC_CONST_FIVE==5){ size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30687 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c String_Termination_Error 128 static const int STATIC_CONST_FIVE = 5; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30688 62953/CWE121_Stack_Based_Buffer_Overflow__CWE135_06.c String_Termination_Error 151 static const int STATIC_CONST_FIVE = 5; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30689 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c String_Termination_Error 45 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int staticFive = 5; data = NULL; if(staticFive==5) data = (void *)WIDE_STRING; if(staticFive==5) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30690 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c String_Termination_Error 77 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int staticFive = 5; data = NULL; if(staticFive==5) data = (void *)WIDE_STRING; if(staticFive!=5){} else{ size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30691 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c String_Termination_Error 77 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int staticFive = 5; data = NULL; if(staticFive==5) data = (void *)WIDE_STRING; if(staticFive==5){} else{ size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30692 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c String_Termination_Error 128 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int staticFive = 5; data = NULL; if(staticFive!=5) {} else{ data = (void *)CHAR_STRING; if(staticFive==5) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30693 62954/CWE121_Stack_Based_Buffer_Overflow__CWE135_07.c String_Termination_Error 151 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int staticFive = 5; data = NULL; if(staticFive==5) data = (void *)CHAR_STRING; if(staticFive==5) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30694 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c String_Termination_Error 53 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = NULL; if(staticReturnsTrue()) data = (void *)WIDE_STRING; if(staticReturnsTrue()) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30695 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c String_Termination_Error 87 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = NULL; if(staticReturnsTrue()) data = (void *)WIDE_STRING; if(staticReturnsFalse()){ } else size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30696 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c String_Termination_Error 110 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = NULL; if(staticReturnsFalse()){ } else data = (void *)CHAR_STRING; if(staticReturnsTrue()) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30697 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c String_Termination_Error 136 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = NULL; if(staticReturnsFalse()){ } else data = (void *)CHAR_STRING; if(staticReturnsTrue()) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30698 62955/CWE121_Stack_Based_Buffer_Overflow__CWE135_08.c String_Termination_Error 159 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; data = NULL; if(staticReturnsTrue()) data = (void *)CHAR_STRING; if(staticReturnsTrue()) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30699 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c String_Termination_Error 40 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = NULL; if(GLOBAL_CONST_TRUE) data = (void *)WIDE_STRING; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30700 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c String_Termination_Error 74 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = NULL; if(GLOBAL_CONST_TRUE) data = (void *)WIDE_STRING; if(GLOBAL_CONST_FALSE) { } else size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30701 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c String_Termination_Error 97 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = NULL; if(GLOBAL_CONST_TRUE) data = (void *)WIDE_STRING; if(GLOBAL_CONST_TRUE) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30702 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c String_Termination_Error 123 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = NULL; if(GLOBAL_CONST_FALSE) { } else data = (void *)CHAR_STRING; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30703 62956/CWE121_Stack_Based_Buffer_Overflow__CWE135_09.c String_Termination_Error 146 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; data = NULL; if(GLOBAL_CONST_TRUE) data = (void *)CHAR_STRING; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30704 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c String_Termination_Error 97 int globalTrue = 1; int globalFalse = 0; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(globalTrue) data = (void *)WIDE_STRING; if(globalTrue) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30705 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c String_Termination_Error 74 int globalTrue = 1; int globalFalse = 0; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(globalTrue) data = (void *)WIDE_STRING; if(globalFalse) {} else size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30706 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c String_Termination_Error 146 int globalTrue = 1; int globalFalse = 0; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(globalTrue) data = (void *)CHAR_STRING; if(globalTrue) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30707 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c String_Termination_Error 40 int globalTrue = 1; int globalFalse = 0; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(globalTrue) data = (void *)WIDE_STRING; if(globalTrue) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30708 62957/CWE121_Stack_Based_Buffer_Overflow__CWE135_10.c String_Termination_Error 123 int globalTrue = 1; int globalFalse = 0; #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; if(globalFalse) { } else data = (void *)CHAR_STRING; if(globalTrue) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30709 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c String_Termination_Error 74 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; data = NULL; if(globalReturnsTrue()) data = (void *)WIDE_STRING; if(globalReturnsFalse()) {} else size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30710 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c String_Termination_Error 97 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; data = NULL; if(globalReturnsTrue()) data = (void *)WIDE_STRING; if(globalReturnsTrue()) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30711 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c String_Termination_Error 146 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; data = NULL; if(globalReturnsTrue()) data = (void *)CHAR_STRING; if(globalReturnsTrue()) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30712 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c String_Termination_Error 40 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; data = NULL; if(globalReturnsTrue()) data = (void *)WIDE_STRING; if(globalReturnsTrue()) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30713 62958/CWE121_Stack_Based_Buffer_Overflow__CWE135_11.c String_Termination_Error 123 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" int globalReturnsTrue() return 1; int globalReturnsFalse() return 0; data = NULL; if(globalReturnsFalse()) { } else data = (void *)CHAR_STRING; if(globalReturnsTrue()) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30714 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c String_Termination_Error 74 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (void *)WIDE_STRING; if(GLOBAL_CONST_FIVE!=5) {} else size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30715 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c String_Termination_Error 97 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (void *)WIDE_STRING; if(GLOBAL_CONST_FIVE==5) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30716 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c String_Termination_Error 146 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (void *)CHAR_STRING; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30717 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c String_Termination_Error 40 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; data = NULL; if(GLOBAL_CONST_FIVE==5) data = (void *)WIDE_STRING; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30718 62960/CWE121_Stack_Based_Buffer_Overflow__CWE135_13.c String_Termination_Error 123 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; data = NULL; if(GLOBAL_CONST_FIVE!=5) {} else data = (void *)CHAR_STRING; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30719 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c String_Termination_Error 74 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" int globalFive = 5; data = NULL; if(globalFive==5) data = (void *)WIDE_STRING; if(globalFive!=5) {} else size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30720 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c String_Termination_Error 97 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" int globalFive = 5; data = NULL; if(globalFive==5) data = (void *)WIDE_STRING; if(globalFive==5) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30721 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c String_Termination_Error 146 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" int globalFive = 5; data = NULL; if(globalFive==5) data = (void *)CHAR_STRING; if(globalFive==5) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30722 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c String_Termination_Error 40 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" int globalFive = 5; data = NULL; if(globalFive==5) data = (void *)WIDE_STRING; if(globalFive==5) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30723 62961/CWE121_Stack_Based_Buffer_Overflow__CWE135_14.c String_Termination_Error 123 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" int globalFive = 5; data = NULL; if(globalFive!=5) { } else data = (void *)CHAR_STRING; if(globalFive==5) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30724 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c String_Termination_Error 193 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; switch(6) case 6: data = (void *)CHAR_STRING; break; default: break; switch(7) case 7: size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30725 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c String_Termination_Error 158 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; switch(5) case 6: break; default: data = (void *)CHAR_STRING; break; switch(7) case 7: size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30726 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c String_Termination_Error 47 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; switch(6) case 6: data = (void *)WIDE_STRING; break; default: break; switch(7) case 7: size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30727 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c String_Termination_Error 92 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; switch(6) case 6: data = (void *)WIDE_STRING; break; default: break; switch(8) case 7: break; default: size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30728 62962/CWE121_Stack_Based_Buffer_Overflow__CWE135_15.c String_Termination_Error 123 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; switch(6) case 6: data = (void *)WIDE_STRING; break; default: break; switch(7) case 7: size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30729 62963/CWE121_Stack_Based_Buffer_Overflow__CWE135_16.c String_Termination_Error 41 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; while(1) data = (void *)WIDE_STRING; break; while(1) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30730 62963/CWE121_Stack_Based_Buffer_Overflow__CWE135_16.c String_Termination_Error 72 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; while(1) data = (void *)WIDE_STRING; break; while(1) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30731 62963/CWE121_Stack_Based_Buffer_Overflow__CWE135_16.c String_Termination_Error 95 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; while(1) data = (void *)CHAR_STRING; break; while(1) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30732 62964/CWE121_Stack_Based_Buffer_Overflow__CWE135_17.c String_Termination_Error 71 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; for(i = 0; i < 1; i++) data = (void *)WIDE_STRING; for(k = 0; k < 1; k++) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30733 62964/CWE121_Stack_Based_Buffer_Overflow__CWE135_17.c String_Termination_Error 93 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; for(h = 0; h < 1; h++) data = (void *)CHAR_STRING; for(j = 0; j < 1; j++) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30734 62964/CWE121_Stack_Based_Buffer_Overflow__CWE135_17.c String_Termination_Error 41 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; for(i = 0; i < 1; i++) data = (void *)WIDE_STRING; for(j = 0; j < 1; j++) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30735 62965/CWE121_Stack_Based_Buffer_Overflow__CWE135_18.c String_Termination_Error 66 data = NULL; goto source; source: data = (void *)WIDE_STRING; goto sink; sink: size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30736 62965/CWE121_Stack_Based_Buffer_Overflow__CWE135_18.c String_Termination_Error 85 data = NULL; goto source; source: data = (void *)CHAR_STRING; goto sink; sink: size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30737 62965/CWE121_Stack_Based_Buffer_Overflow__CWE135_18.c String_Termination_Error 39 data = NULL; goto source; source: data = (void *)WIDE_STRING; goto sink; sink: size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30738 62966/CWE121_Stack_Based_Buffer_Overflow__CWE135_21.c String_Termination_Error 78 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int goodB2G1Static = 0; data = NULL; data = (void *)WIDE_STRING; goodB2G1Static = 0; goodB2G1Sink(data); static void goodB2G1Sink(void * data) if(goodB2G1Static) { } else size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30739 62966/CWE121_Stack_Based_Buffer_Overflow__CWE135_21.c String_Termination_Error 104 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int goodB2G2Static = 0; data = NULL; data = (void *)WIDE_STRING; goodB2G2Static = 1; goodB2G2Sink(data); static void goodB2G2Sink(void * data) if(goodB2G2Static) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30740 62966/CWE121_Stack_Based_Buffer_Overflow__CWE135_21.c String_Termination_Error 128 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int goodG2BStatic = 0; data = NULL; data = (void *)CHAR_STRING; goodG2BStatic = 1; goodG2BSink(data); static void goodG2BSink(void * data) if(goodG2BStatic) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30741 62966/CWE121_Stack_Based_Buffer_Overflow__CWE135_21.c String_Termination_Error 36 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" static int badStatic = 0; data = NULL; data = (void *)WIDE_STRING; badStatic = 1; badSink(data); static void badSink(void * data) if(badStatic) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30742 62967/CWE121_Stack_Based_Buffer_Overflow__CWE135_22.c String_Termination_Error 221 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_22_badGlobal = 1; CWE121_Stack_Based_Buffer_Overflow__CWE135_22_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_22_badSink(void * data) if(CWE121_Stack_Based_Buffer_Overflow__CWE135_22_badGlobal) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30743 62967/CWE121_Stack_Based_Buffer_Overflow__CWE135_22.c String_Termination_Error 221 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodB2G1Global = 0; CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodB2G1Sink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodB2G1Sink(void * data) if(CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodB2G1Global) {} else size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30744 62967/CWE121_Stack_Based_Buffer_Overflow__CWE135_22.c String_Termination_Error 221 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodB2G2Global = 1; CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodB2G2Sink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodB2G2Sink(void * data) if(CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodB2G2Global) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30745 62967/CWE121_Stack_Based_Buffer_Overflow__CWE135_22.c String_Termination_Error 159 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodG2BGlobal = 1; CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodG2BSink(void * data) if(CWE121_Stack_Based_Buffer_Overflow__CWE135_22_goodG2BGlobal) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30746 62968/CWE121_Stack_Based_Buffer_Overflow__CWE135_31.c String_Termination_Error 38 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; void * dataCopy = data; void * data = dataCopy; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30747 62968/CWE121_Stack_Based_Buffer_Overflow__CWE135_31.c String_Termination_Error 63 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; void * dataCopy = data; void * data = dataCopy; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30748 62968/CWE121_Stack_Based_Buffer_Overflow__CWE135_31.c String_Termination_Error 63 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; void * dataCopy = data; void * data = dataCopy; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30749 62969/CWE121_Stack_Based_Buffer_Overflow__CWE135_32.c String_Termination_Error 43 void * *dataPtr1 = &data; void * *dataPtr2 = &data; data = NULL; void * data = *dataPtr1; data = (void *)WIDE_STRING; *dataPtr1 = data; void * data = *dataPtr2; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30750 62969/CWE121_Stack_Based_Buffer_Overflow__CWE135_32.c String_Termination_Error 73 void * *dataPtr1 = &data; void * *dataPtr2 = &data; data = NULL; void * data = *dataPtr1; data = (void *)CHAR_STRING; *dataPtr1 = data; void * data = *dataPtr2; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30751 62969/CWE121_Stack_Based_Buffer_Overflow__CWE135_32.c String_Termination_Error 73 void * *dataPtr1 = &data; void * *dataPtr2 = &data; data = NULL; void * data = *dataPtr1; data = (void *)WIDE_STRING; *dataPtr1 = data; void * data = *dataPtr2; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30752 62971/CWE121_Stack_Based_Buffer_Overflow__CWE135_34.c String_Termination_Error 45 typedef union void * unionFirst; void * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE135_34_unionType; CWE121_Stack_Based_Buffer_Overflow__CWE135_34_unionType myUnion; data = NULL; data = (void *)WIDE_STRING; myUnion.unionFirst = data; void * data = myUnion.unionSecond; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30753 62971/CWE121_Stack_Based_Buffer_Overflow__CWE135_34.c String_Termination_Error 71 typedef union void * unionFirst; void * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE135_34_unionType; CWE121_Stack_Based_Buffer_Overflow__CWE135_34_unionType myUnion; data = NULL; data = (void *)CHAR_STRING; myUnion.unionFirst = data; void * data = myUnion.unionSecond; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30754 62971/CWE121_Stack_Based_Buffer_Overflow__CWE135_34.c String_Termination_Error 71 typedef union void * unionFirst; void * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE135_34_unionType; CWE121_Stack_Based_Buffer_Overflow__CWE135_34_unionType myUnion; data = NULL; data = (void *)WIDE_STRING; myUnion.unionFirst = data; void * data = myUnion.unionSecond; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30755 62972/CWE121_Stack_Based_Buffer_Overflow__CWE135_41.c String_Termination_Error 57 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; badSink(data); static void badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30756 62972/CWE121_Stack_Based_Buffer_Overflow__CWE135_41.c String_Termination_Error 31 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; goodG2BSink(data); static void goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30757 62972/CWE121_Stack_Based_Buffer_Overflow__CWE135_41.c String_Termination_Error 31 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; goodB2GSink(data); static void goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30758 62973/CWE121_Stack_Based_Buffer_Overflow__CWE135_42.c String_Termination_Error 41 data = NULL; data = badSource(data); static void * badSource(void * data) data = (void *)WIDE_STRING; return data; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30759 62973/CWE121_Stack_Based_Buffer_Overflow__CWE135_42.c String_Termination_Error 68 data = NULL; data = goodG2BSource(data); static void * goodG2BSource(void * data) data = (void *)CHAR_STRING; return data; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30760 62973/CWE121_Stack_Based_Buffer_Overflow__CWE135_42.c String_Termination_Error 68 data = NULL; data = goodB2GSource(data); static void * goodB2GSource(void * data) data = (void *)WIDE_STRING; return data; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30761 62975/CWE121_Stack_Based_Buffer_Overflow__CWE135_44.c String_Termination_Error 60 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" void (*funcPtr) (void *) = badSink; data = NULL; data = (void *)WIDE_STRING; funcPtr(data); static void badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30762 62975/CWE121_Stack_Based_Buffer_Overflow__CWE135_44.c String_Termination_Error 31 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" void (*funcPtr) (void *) = goodG2BSink; data = NULL; data = (void *)CHAR_STRING; funcPtr(data); static void goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30763 62975/CWE121_Stack_Based_Buffer_Overflow__CWE135_44.c String_Termination_Error 31 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" void (*funcPtr) (void *) = goodB2GSink; data = NULL; data = (void *)WIDE_STRING; funcPtr(data); static void goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30764 62976/CWE121_Stack_Based_Buffer_Overflow__CWE135_45.c String_Termination_Error 64 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_45_badData = data; badSink(); static void badSink() void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_45_badData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30765 62976/CWE121_Stack_Based_Buffer_Overflow__CWE135_45.c String_Termination_Error 36 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_45_goodG2BData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30766 62976/CWE121_Stack_Based_Buffer_Overflow__CWE135_45.c String_Termination_Error 36 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_45_goodB2GData; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30767 62977/CWE121_Stack_Based_Buffer_Overflow__CWE135_51.c String_Termination_Error 133 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30768 62977/CWE121_Stack_Based_Buffer_Overflow__CWE135_51.c String_Termination_Error 150 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30769 62977/CWE121_Stack_Based_Buffer_Overflow__CWE135_51.c String_Termination_Error 150 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_51b_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30770 62978/CWE121_Stack_Based_Buffer_Overflow__CWE135_52.c String_Termination_Error 208 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_52b_badSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30771 62978/CWE121_Stack_Based_Buffer_Overflow__CWE135_52.c String_Termination_Error 191 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_52b_goodG2BSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30772 62978/CWE121_Stack_Based_Buffer_Overflow__CWE135_52.c String_Termination_Error 191 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_52b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_52b_goodB2GSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_52c_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30773 62979/CWE121_Stack_Based_Buffer_Overflow__CWE135_53.c String_Termination_Error 266 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_53b_badSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_53c_badSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30774 62979/CWE121_Stack_Based_Buffer_Overflow__CWE135_53.c String_Termination_Error 249 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_53b_goodG2BSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_53c_goodG2BSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30775 62979/CWE121_Stack_Based_Buffer_Overflow__CWE135_53.c String_Termination_Error 249 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_53b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_53b_goodB2GSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_53c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_53c_goodB2GSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_53d_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30776 62980/CWE121_Stack_Based_Buffer_Overflow__CWE135_54.c String_Termination_Error 307 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54b_badSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54c_badSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54d_badSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30777 62980/CWE121_Stack_Based_Buffer_Overflow__CWE135_54.c String_Termination_Error 324 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54b_goodG2BSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54c_goodG2BSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54d_goodG2BSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30778 62980/CWE121_Stack_Based_Buffer_Overflow__CWE135_54.c String_Termination_Error 324 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_54b_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54b_goodB2GSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_54c_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54c_goodB2GSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_54d_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54d_goodB2GSink(void * data) CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_goodB2GSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_54e_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30779 62981/CWE121_Stack_Based_Buffer_Overflow__CWE135_61.c String_Termination_Error 37 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = CWE121_Stack_Based_Buffer_Overflow__CWE135_61b_badSource(data); void * CWE121_Stack_Based_Buffer_Overflow__CWE135_61b_badSource(void * data) data = (void *)WIDE_STRING; return data; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30780 62981/CWE121_Stack_Based_Buffer_Overflow__CWE135_61.c String_Termination_Error 59 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = CWE121_Stack_Based_Buffer_Overflow__CWE135_61b_goodG2BSource(data); void * CWE121_Stack_Based_Buffer_Overflow__CWE135_61b_goodG2BSource(void * data) data = (void *)CHAR_STRING; return data; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30781 62981/CWE121_Stack_Based_Buffer_Overflow__CWE135_61.c String_Termination_Error 59 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = CWE121_Stack_Based_Buffer_Overflow__CWE135_61b_goodB2GSource(data); void * CWE121_Stack_Based_Buffer_Overflow__CWE135_61b_goodB2GSource(void * data) data = (void *)WIDE_STRING; return data; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30782 62983/CWE121_Stack_Based_Buffer_Overflow__CWE135_63.c String_Termination_Error 152 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_badSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30783 62983/CWE121_Stack_Based_Buffer_Overflow__CWE135_63.c String_Termination_Error 134 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_goodG2BSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30784 62983/CWE121_Stack_Based_Buffer_Overflow__CWE135_63.c String_Termination_Error 134 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_goodB2GSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_63b_goodB2GSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30785 62984/CWE121_Stack_Based_Buffer_Overflow__CWE135_64.c String_Termination_Error 158 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_badSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30786 62984/CWE121_Stack_Based_Buffer_Overflow__CWE135_64.c String_Termination_Error 137 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_goodG2BSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30787 62984/CWE121_Stack_Based_Buffer_Overflow__CWE135_64.c String_Termination_Error 137 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_goodB2GSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_64b_goodB2GSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30788 62985/CWE121_Stack_Based_Buffer_Overflow__CWE135_65.c String_Termination_Error 138 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" void (*funcPtr) (void *) = CWE121_Stack_Based_Buffer_Overflow__CWE135_65b_badSink; data = NULL; data = (void *)WIDE_STRING; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_65b_badSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30789 62985/CWE121_Stack_Based_Buffer_Overflow__CWE135_65.c String_Termination_Error 155 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" void (*funcPtr) (void *) = CWE121_Stack_Based_Buffer_Overflow__CWE135_65b_goodG2BSink; data = NULL; data = (void *)CHAR_STRING; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_65b_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30790 62985/CWE121_Stack_Based_Buffer_Overflow__CWE135_65.c String_Termination_Error 155 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" void (*funcPtr) (void *) = CWE121_Stack_Based_Buffer_Overflow__CWE135_65b_goodB2GSink; data = NULL; data = (void *)WIDE_STRING; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_65b_goodB2GSink(void * data) size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30791 62986/CWE121_Stack_Based_Buffer_Overflow__CWE135_66.c String_Termination_Error 160 void * dataArray[5]; data = NULL; data = (void *)WIDE_STRING; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_badSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30792 62986/CWE121_Stack_Based_Buffer_Overflow__CWE135_66.c String_Termination_Error 142 void * dataArray[5]; data = NULL; data = (void *)CHAR_STRING; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_goodG2BSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30793 62986/CWE121_Stack_Based_Buffer_Overflow__CWE135_66.c String_Termination_Error 142 void * dataArray[5]; data = NULL; data = (void *)WIDE_STRING; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_goodB2GSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE135_66b_goodB2GSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30794 62987/CWE121_Stack_Based_Buffer_Overflow__CWE135_67.c String_Termination_Error 168 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType void * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType; CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct; data = NULL; data = (void *)WIDE_STRING; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30795 62987/CWE121_Stack_Based_Buffer_Overflow__CWE135_67.c String_Termination_Error 150 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType void * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType; CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct; data = NULL; data = (void *)CHAR_STRING; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30796 62987/CWE121_Stack_Based_Buffer_Overflow__CWE135_67.c String_Termination_Error 150 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType void * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType; CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct; data = NULL; data = (void *)WIDE_STRING; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_goodB2GSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE135_67b_goodB2GSink(CWE121_Stack_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30797 62988/CWE121_Stack_Based_Buffer_Overflow__CWE135_68.c String_Termination_Error 163 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE135_68b_badSink() void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_68_badData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30798 62988/CWE121_Stack_Based_Buffer_Overflow__CWE135_68.c String_Termination_Error 145 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE135_68b_goodG2BSink() void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_68_goodG2BData; size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30799 62988/CWE121_Stack_Based_Buffer_Overflow__CWE135_68.c String_Termination_Error 145 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; CWE121_Stack_Based_Buffer_Overflow__CWE135_68_goodB2GData = data; CWE121_Stack_Based_Buffer_Overflow__CWE135_68b_goodB2GSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE135_68b_goodB2GSink() void * data = CWE121_Stack_Based_Buffer_Overflow__CWE135_68_goodB2GData; size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30800 62992/CWE121_Stack_Based_Buffer_Overflow__CWE135_81_bad.cpp String_Termination_Error 29 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; const CWE121_Stack_Based_Buffer_Overflow__CWE135_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE135_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_81_bad::action(void * data) const size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 1 --------------------------------- 30801 62992/CWE121_Stack_Based_Buffer_Overflow__CWE135_81_goodG2B.cpp String_Termination_Error 29 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)CHAR_STRING; const CWE121_Stack_Based_Buffer_Overflow__CWE135_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE135_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_81_goodG2B::action(void * data) const size_t dataLen = strlen((char *)data); void * dest = (void *)calloc(dataLen+1, 1); memcpy(dest, data, (dataLen+1)); 0 --------------------------------- 30802 62992/CWE121_Stack_Based_Buffer_Overflow__CWE135_81_goodG2B.cpp String_Termination_Error 29 #define WIDE_STRING L"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" #define CHAR_STRING "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" data = NULL; data = (void *)WIDE_STRING; const CWE121_Stack_Based_Buffer_Overflow__CWE135_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE135_81_goodB2G(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE135_81_goodB2G::action(void * data) const size_t dataLen = wcslen((wchar_t *)data); void * dest = (void *)calloc(dataLen+1, sizeof(wchar_t)); memcpy(dest, data, (dataLen+1)*sizeof(wchar_t)); 0 --------------------------------- 30803 62996/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_01.c Buffer_Overflow_cpycat 40 #define SRC_STRING "AAAAAAAAAA" char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30804 62996/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_01.c Buffer_Overflow_cpycat 62 #define SRC_STRING "AAAAAAAAAA" char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30805 62997/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_02.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(1) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30806 62997/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_02.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(0) { } else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30807 62997/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_02.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(1) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30808 62998/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_03.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30809 62998/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_03.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(5!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30810 62998/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_03.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(5==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30811 62999/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_04.c Buffer_Overflow_cpycat 50 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30812 62999/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_04.c Buffer_Overflow_cpycat 101 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FALSE) { } else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30813 62999/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_04.c Buffer_Overflow_cpycat 80 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30814 63000/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_05.c Buffer_Overflow_cpycat 50 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30815 63000/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_05.c Buffer_Overflow_cpycat 101 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFalse) { } else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30816 63000/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_05.c Buffer_Overflow_cpycat 80 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30817 63001/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_06.c Buffer_Overflow_cpycat 98 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30818 63001/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_06.c Buffer_Overflow_cpycat 77 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FIVE!=5) { } else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30819 63001/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_06.c Buffer_Overflow_cpycat 47 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30820 63002/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_07.c Buffer_Overflow_cpycat 49 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30821 63002/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_07.c Buffer_Overflow_cpycat 100 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFive!=5) { } else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30822 63002/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_07.c Buffer_Overflow_cpycat 79 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30823 63003/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_08.c Buffer_Overflow_cpycat 57 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30824 63003/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_08.c Buffer_Overflow_cpycat 108 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticReturnsFalse()) { } else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30825 63003/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_08.c Buffer_Overflow_cpycat 87 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30826 63004/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_09.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30827 63004/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_09.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30828 63004/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_09.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30829 63005/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_10.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30830 63005/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_10.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30831 63005/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_10.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30832 63006/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_11.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30833 63006/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_11.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30834 63006/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_11.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30835 63008/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_13.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5;  char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30836 63008/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_13.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5;  char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30837 63008/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_13.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5;  char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30838 63009/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_14.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30839 63009/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_14.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30840 63009/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_14.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30841 63010/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_15.c Buffer_Overflow_cpycat 80 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; break; default: printLine("Benign, fixed string"); break; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30842 63010/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_15.c Buffer_Overflow_cpycat 107 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); switch(5) case 6:break; default: data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30843 63010/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_15.c Buffer_Overflow_cpycat 49 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); switch(6) case 6: data = dataGoodBuffer; data[0] = '\0'; break; default:break; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30844 63011/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_16.c Buffer_Overflow_cpycat 70 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); while(1) data = dataBadBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30845 63011/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_16.c Buffer_Overflow_cpycat 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); while(1) data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30846 63012/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_17.c Buffer_Overflow_cpycat 70 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30847 63012/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_17.c Buffer_Overflow_cpycat 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30848 63013/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_18.c Buffer_Overflow_cpycat 42 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30849 63013/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_18.c Buffer_Overflow_cpycat 66 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30850 63014/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_31.c Buffer_Overflow_cpycat 69 #define SRC_STRING "AAAAAAAAAA" char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30851 63014/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_31.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30852 63015/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_32.c Buffer_Overflow_cpycat 48 #define SRC_STRING "AAAAAAAAAA" char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30853 63015/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_32.c Buffer_Overflow_cpycat 79 #define SRC_STRING "AAAAAAAAAA" char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30854 63017/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_34.c Buffer_Overflow_cpycat 50 #define SRC_STRING "AAAAAAAAAA"   typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_34_unionType; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30855 63017/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_34.c Buffer_Overflow_cpycat 77 #define SRC_STRING "AAAAAAAAAA"   typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_34_unionType; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30856 63018/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_41.c Buffer_Overflow_cpycat 59 #define SRC_STRING "AAAAAAAAAA" char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_41_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30857 63018/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_41.c Buffer_Overflow_cpycat 33 #define SRC_STRING "AAAAAAAAAA" char source[10+1] = SRC_STRING; strcpy(data, source); data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_41_badSink(char * data) strcpy(data, source); 0 --------------------------------- 30858 63019/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_44.c Buffer_Overflow_cpycat 33 #define SRC_STRING "AAAAAAAAAA" void (*funcPtr) (char *) = badSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30859 63019/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_44.c Buffer_Overflow_cpycat 63 #define SRC_STRING "AAAAAAAAAA" void (*funcPtr) (char *) = goodG2BSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30860 63020/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_45.c Buffer_Overflow_cpycat 66 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_45_badData; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30861 63020/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_45.c Buffer_Overflow_cpycat 37 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_45_goodG2BData; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30862 63021/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_51.c Buffer_Overflow_cpycat 133 #define SRC_STRING "AAAAAAAAAA" char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_51b_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30863 63021/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_51.c Buffer_Overflow_cpycat 148 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_51b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30864 63022/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_52.c Buffer_Overflow_cpycat 202 #define SRC_STRING "AAAAAAAAAA" char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_52c_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30865 63022/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_52.c Buffer_Overflow_cpycat 187 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_52c_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30866 63023/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53.c Buffer_Overflow_cpycat 256 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53d_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30867 63023/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53.c Buffer_Overflow_cpycat 241 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_53d_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30868 63024/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54.c Buffer_Overflow_cpycat 310 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54e_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30869 63024/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54.c Buffer_Overflow_cpycat 295 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_54e_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30870 63025/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_63.c Buffer_Overflow_cpycat 131 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30871 63025/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_63.c Buffer_Overflow_cpycat 147 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30872 63026/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_64.c Buffer_Overflow_cpycat 134 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30873 63026/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_64.c Buffer_Overflow_cpycat 153 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30874 63027/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_65.c Buffer_Overflow_cpycat 149 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_65b_badSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_65b_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30875 63027/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_65.c Buffer_Overflow_cpycat 134 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_65b_goodG2BSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_65b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30876 63028/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_66.c Buffer_Overflow_cpycat 153 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30877 63028/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_66.c Buffer_Overflow_cpycat 137 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30878 63029/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67.c Buffer_Overflow_cpycat 145 #define SRC_STRING "AAAAAAAAAA"   typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30879 63029/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67.c Buffer_Overflow_cpycat 161 #define SRC_STRING "AAAAAAAAAA"   typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30880 63030/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_68.c Buffer_Overflow_cpycat 142 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_68_badData; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30881 63030/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_68.c Buffer_Overflow_cpycat 158 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_68_goodG2BData; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30882 63034/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_81_bad::action(char * data) const char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 30883 63034/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_81_goodG2B::action(char * data) const char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 30884 63035/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_82_bad.cpp Buffer_Overflow_cpycat 29 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_82_bad::action(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); delete baseObject; 1 --------------------------------- 30885 63035/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 29 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_cpy_82_goodG2B::action(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); delete baseObject; 0 --------------------------------- 30886 63112/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_01.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30887 63112/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_01.c String_Termination_Error 64 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30888 63113/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_02.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(1) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30889 63113/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_02.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(0) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30890 63113/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_02.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(1) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30891 63114/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_03.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30892 63114/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_03.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(5!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30893 63114/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_03.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(5==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30894 63115/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_04.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30895 63115/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_04.c String_Termination_Error 104 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30896 63115/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_04.c String_Termination_Error 82 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30897 63116/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_05.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30898 63116/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_05.c String_Termination_Error 104 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30899 63116/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_05.c String_Termination_Error 82 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30900 63117/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_06.c String_Termination_Error 48 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30901 63117/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_06.c String_Termination_Error 101 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30902 63117/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_06.c String_Termination_Error 79 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30903 63118/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_07.c String_Termination_Error 81 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30904 63118/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_07.c String_Termination_Error 50 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30905 63118/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_07.c String_Termination_Error 103 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30906 63119/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_08.c String_Termination_Error 89 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30907 63119/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_08.c String_Termination_Error 58 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30908 63119/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_08.c String_Termination_Error 111 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30909 63120/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_09.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30910 63120/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_09.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30911 63120/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_09.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30912 63121/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_10.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30913 63121/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_10.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30914 63121/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_10.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30915 63122/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_11.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30916 63122/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_11.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30917 63122/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_11.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; }   int globalReturnsFalse()  return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30918 63124/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_13.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5;  char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30919 63124/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_13.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5;  char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30920 63124/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_13.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5;  char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30921 63125/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_14.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30922 63125/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_14.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30923 63125/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_14.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30924 63126/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_15.c String_Termination_Error 110 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; break; default: printLine("Benign, fixed string"); break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30925 63126/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_15.c String_Termination_Error 82 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); switch(5) case 6:break; default: data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30926 63126/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_15.c String_Termination_Error 50 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); switch(6) case 6: data = dataGoodBuffer; data[0] = '\0'; break; default:break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30927 63127/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_16.c String_Termination_Error 72 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); while(1) data = dataBadBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30928 63127/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_16.c String_Termination_Error 45 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); while(1) data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30929 63128/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_17.c String_Termination_Error 72 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30930 63128/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_17.c String_Termination_Error 45 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30931 63129/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_18.c String_Termination_Error 43 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30932 63129/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_18.c String_Termination_Error 68 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30933 63130/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_31.c String_Termination_Error 71 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30934 63130/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_31.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30935 63131/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_32.c String_Termination_Error 81 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30936 63131/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_32.c String_Termination_Error 49 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30937 63133/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_34.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_34_unionType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30938 63133/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_34.c String_Termination_Error 79 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_34_unionType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30939 63134/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_41.c String_Termination_Error 61 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_41_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30940 63134/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_41.c String_Termination_Error 34 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_41_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30941 63135/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_44.c String_Termination_Error 65 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = badSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30942 63135/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_44.c String_Termination_Error 34 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = goodG2BSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30943 63136/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_45.c String_Termination_Error 38 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_45_badData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30944 63136/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_45.c String_Termination_Error 68 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_45_goodG2BData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30945 63137/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_51.c String_Termination_Error 134 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_51b_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30946 63137/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_51.c String_Termination_Error 150 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_51b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30947 63138/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_52.c String_Termination_Error 204 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_52c_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30948 63138/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_52.c String_Termination_Error 188 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_52c_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30949 63139/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53.c String_Termination_Error 242 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53d_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30950 63139/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53.c String_Termination_Error 258 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_53d_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30951 63141/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_63.c String_Termination_Error 149 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30952 63141/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_63.c String_Termination_Error 132 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30953 63142/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_64.c String_Termination_Error 155 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30954 63142/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_64.c String_Termination_Error 135 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30955 63143/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_65.c String_Termination_Error 135 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_65b_badSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_65b_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30956 63143/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_65.c String_Termination_Error 151 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_65b_goodG2BSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_65b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30957 63144/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_66.c String_Termination_Error 155 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30958 63144/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_66.c String_Termination_Error 138 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30959 63145/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67.c String_Termination_Error 163 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30960 63145/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67.c String_Termination_Error 146 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30961 63146/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_68.c String_Termination_Error 160 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_68_badData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30962 63146/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_68.c String_Termination_Error 143 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memcpy_68_goodG2BData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30963 63152/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_01.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30964 63152/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_01.c String_Termination_Error 64 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30965 63153/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_02.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(1) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30966 63153/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_02.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(0) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30967 63153/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_02.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(1) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30968 63154/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_03.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30969 63154/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_03.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(5!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30970 63154/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_03.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(5==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30971 63155/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_04.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30972 63155/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_04.c String_Termination_Error 82 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30973 63155/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_04.c String_Termination_Error 104 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30974 63156/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_05.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30975 63156/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_05.c String_Termination_Error 82 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30976 63156/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_05.c String_Termination_Error 104 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30977 63157/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_06.c String_Termination_Error 79 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30978 63157/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_06.c String_Termination_Error 48 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30979 63157/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_06.c String_Termination_Error 101 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30980 63158/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_07.c String_Termination_Error 81 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30981 63158/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_07.c String_Termination_Error 50 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30982 63158/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_07.c String_Termination_Error 103 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30983 63159/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_08.c String_Termination_Error 89 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30984 63159/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_08.c String_Termination_Error 58 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30985 63159/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_08.c String_Termination_Error 111 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30986 63160/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_09.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30987 63160/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_09.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30988 63160/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_09.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30989 63161/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_10.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30990 63161/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_10.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30991 63161/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_10.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30992 63162/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_11.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; }   int globalReturnsFalse()  return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30993 63162/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_11.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30994 63162/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_11.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30995 63164/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_13.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30996 63164/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_13.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30997 63164/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_13.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 30998 63165/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_14.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 30999 63165/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_14.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31000 63165/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_14.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31001 63166/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_15.c String_Termination_Error 82 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; break; default: printLine("Benign, fixed string"); break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31002 63166/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_15.c String_Termination_Error 50 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); switch(5) case 6:break; default: data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31003 63166/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_15.c String_Termination_Error 110 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); switch(6) case 6: data = dataGoodBuffer; data[0] = '\0'; break; default:break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31004 63167/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_16.c String_Termination_Error 72 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); while(1) data = dataBadBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31005 63167/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_16.c String_Termination_Error 45 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); while(1) data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31006 63168/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_17.c String_Termination_Error 72 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31007 63168/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_17.c String_Termination_Error 45 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31008 63169/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_18.c String_Termination_Error 43 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31009 63169/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_18.c String_Termination_Error 68 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31010 63170/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_31.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31011 63170/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_31.c String_Termination_Error 71 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31012 63171/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_32.c String_Termination_Error 81 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31013 63171/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_32.c String_Termination_Error 49 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31014 63173/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_34.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_34_unionType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31015 63173/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_34.c String_Termination_Error 79 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_34_unionType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31016 63174/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_41.c String_Termination_Error 34 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_41_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31017 63174/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_41.c String_Termination_Error 61 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_41_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31018 63175/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_44.c String_Termination_Error 65 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = badSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31019 63175/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_44.c String_Termination_Error 34 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = goodG2BSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31020 63176/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_45.c String_Termination_Error 68 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_45_badData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31021 63176/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_45.c String_Termination_Error 38 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_45_goodG2BData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31022 63177/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_51.c String_Termination_Error 150 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_51b_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31023 63177/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_51.c String_Termination_Error 134 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_51b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31024 63178/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_52.c String_Termination_Error 188 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_52c_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31025 63178/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_52.c String_Termination_Error 204 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_52c_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31026 63179/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53.c String_Termination_Error 258 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53d_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31027 63179/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53.c String_Termination_Error 242 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_53d_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31028 63181/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_63.c String_Termination_Error 132 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31029 63181/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_63.c String_Termination_Error 149 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31030 63182/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_64.c String_Termination_Error 155 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31031 63182/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_64.c String_Termination_Error 135 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31032 63183/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_65.c String_Termination_Error 135 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_65b_badSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_65b_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31033 63183/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_65.c String_Termination_Error 151 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_65b_goodG2BSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_65b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31034 63184/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_66.c String_Termination_Error 155 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31035 63184/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_66.c String_Termination_Error 138 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31036 63185/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67.c String_Termination_Error 163 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31037 63185/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67.c String_Termination_Error 146 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31038 63186/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_68.c String_Termination_Error 143 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_68_badData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31039 63186/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_68.c String_Termination_Error 160 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_68_goodG2BData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31040 63190/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_81_bad.cpp String_Termination_Error 30 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_81_bad::action(char * data) const char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31041 63190/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_81_goodG2B.cpp String_Termination_Error 30 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_81_goodG2B::action(char * data) const char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31042 63191/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_82_bad.cpp String_Termination_Error 30 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_82_bad::action(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); delete baseObject; 1 --------------------------------- 31043 63191/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_82_goodG2B.cpp String_Termination_Error 30 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_memmove_82_goodG2B::action(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); delete baseObject; 0 --------------------------------- 31044 63192/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_01.c Buffer_Overflow_LowBound 64 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31045 63192/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_01.c Buffer_Overflow_LowBound 41 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31046 63193/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_02.c Buffer_Overflow_LowBound 75 #define SRC_STRING "AAAAAAAAAA char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(1) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31047 63193/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_02.c Buffer_Overflow_LowBound 44 #define SRC_STRING "AAAAAAAAAA char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(0) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31048 63193/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_02.c Buffer_Overflow_LowBound 97 #define SRC_STRING "AAAAAAAAAA char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(1) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31049 63194/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_03.c Buffer_Overflow_LowBound 75 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31050 63194/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_03.c Buffer_Overflow_LowBound 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(5!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31051 63194/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_03.c Buffer_Overflow_LowBound 97 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(5==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31052 63195/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_04.c Buffer_Overflow_LowBound 104 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31053 63195/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_04.c Buffer_Overflow_LowBound 51 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31054 63195/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_04.c Buffer_Overflow_LowBound 82 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31055 63196/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_05.c Buffer_Overflow_LowBound 104 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31056 63196/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_05.c Buffer_Overflow_LowBound 51 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31057 63196/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_05.c Buffer_Overflow_LowBound 82 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31058 63197/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_06.c Buffer_Overflow_LowBound 79 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31059 63197/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_06.c Buffer_Overflow_LowBound 48 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31060 63197/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_06.c Buffer_Overflow_LowBound 101 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(STATIC_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31061 63198/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_07.c Buffer_Overflow_LowBound 103 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31062 63198/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_07.c Buffer_Overflow_LowBound 81 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31063 63198/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_07.c Buffer_Overflow_LowBound 50 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31064 63199/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_08.c Buffer_Overflow_LowBound 111 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31065 63199/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_08.c Buffer_Overflow_LowBound 89 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31066 63199/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_08.c Buffer_Overflow_LowBound 58 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31067 63200/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_09.c Buffer_Overflow_LowBound 75 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31068 63200/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_09.c Buffer_Overflow_LowBound 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31069 63200/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_09.c Buffer_Overflow_LowBound 97 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31070 63201/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_10.c Buffer_Overflow_LowBound 75 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31071 63201/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_10.c Buffer_Overflow_LowBound 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31072 63201/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_10.c Buffer_Overflow_LowBound 97 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31073 63202/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_11.c Buffer_Overflow_LowBound 75 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31074 63202/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_11.c Buffer_Overflow_LowBound 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31075 63202/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_11.c Buffer_Overflow_LowBound 97 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31076 63203/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_12.c Buffer_Overflow_LowBound 85 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = '\0'; else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31077 63203/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_12.c Buffer_Overflow_LowBound 51 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = '\0'; else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31078 63204/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_13.c Buffer_Overflow_LowBound 75 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31079 63204/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_13.c Buffer_Overflow_LowBound 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31080 63204/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_13.c Buffer_Overflow_LowBound 97 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31081 63205/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_14.c Buffer_Overflow_LowBound 75 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31082 63205/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_14.c Buffer_Overflow_LowBound 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31083 63205/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_14.c Buffer_Overflow_LowBound 97 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); if(globalFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31084 63206/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_15.c Buffer_Overflow_LowBound 110 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; break; default: printLine("Benign, fixed string"); break; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31085 63206/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_15.c Buffer_Overflow_LowBound 50 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); switch(5) case 6:break; default: data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31086 63206/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_15.c Buffer_Overflow_LowBound 82 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); switch(6) case 6: data = dataGoodBuffer; data[0] = '\0'; break; default:break; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31087 63207/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_16.c Buffer_Overflow_LowBound 72 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); while(1) data = dataBadBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31088 63207/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_16.c Buffer_Overflow_LowBound 45 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); while(1) data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31089 63208/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_17.c Buffer_Overflow_LowBound 72 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31090 63208/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_17.c Buffer_Overflow_LowBound 45 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31091 63209/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_18.c Buffer_Overflow_LowBound 43 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31092 63209/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_18.c Buffer_Overflow_LowBound 68 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31093 63210/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_31.c Buffer_Overflow_LowBound 71 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31094 63210/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_31.c Buffer_Overflow_LowBound 44 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31095 63211/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_32.c Buffer_Overflow_LowBound 81 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31096 63211/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_32.c Buffer_Overflow_LowBound 49 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31097 63213/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_34.c Buffer_Overflow_LowBound 79 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_34_unionType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31098 63213/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_34.c Buffer_Overflow_LowBound 51 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_34_unionType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31099 63214/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_41.c Buffer_Overflow_LowBound 61 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_41_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31100 63214/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_41.c Buffer_Overflow_LowBound 34 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_41_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31101 63215/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_44.c Buffer_Overflow_LowBound 65 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = badSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31102 63215/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_44.c Buffer_Overflow_LowBound 34 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = goodG2BSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31103 63216/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_45.c Buffer_Overflow_LowBound 38 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_45_badData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31104 63216/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_45.c Buffer_Overflow_LowBound 68 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_45_goodG2BData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31105 63217/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_51.c Buffer_Overflow_LowBound 150 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_51b_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31106 63217/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_51.c Buffer_Overflow_LowBound 134 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_51b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31107 63218/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_52.c Buffer_Overflow_LowBound 204 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_52c_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31108 63218/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_52.c Buffer_Overflow_LowBound 188 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_52c_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31109 63219/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53.c Buffer_Overflow_LowBound 258 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53d_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31110 63219/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53.c Buffer_Overflow_LowBound 242 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_53d_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31111 63220/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54.c Buffer_Overflow_LowBound 312 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54e_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31112 63220/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54.c Buffer_Overflow_LowBound 296 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_54e_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31113 63221/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_63.c Buffer_Overflow_LowBound 149 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31114 63221/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_63.c Buffer_Overflow_LowBound 132 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31115 63222/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_64.c Buffer_Overflow_LowBound 135 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31116 63222/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_64.c Buffer_Overflow_LowBound 155 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31117 63223/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_65.c Buffer_Overflow_LowBound 151 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_65b_badSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_65b_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31118 63223/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_65.c Buffer_Overflow_LowBound 135 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_65b_goodG2BSink; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_65b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31119 63224/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_66.c Buffer_Overflow_LowBound 155 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31120 63224/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_66.c Buffer_Overflow_LowBound 138 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31121 63225/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67.c Buffer_Overflow_LowBound 163 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31122 63225/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67.c Buffer_Overflow_LowBound 146 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31123 63226/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_68.c Buffer_Overflow_LowBound 143 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_68_badData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31124 63226/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_68.c Buffer_Overflow_LowBound 160 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_68_goodG2BData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31125 63230/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_81_bad.cpp Buffer_Overflow_LowBound 30 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_81_bad::action(char * data) const char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31126 63230/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 30 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_81_goodG2B::action(char * data) const char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31127 63231/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_82_bad.cpp Buffer_Overflow_LowBound 30 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_82_bad::action(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); delete baseObject; 1 --------------------------------- 31128 63231/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 30 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataBadBuffer = (char *)ALLOCA((10)*sizeof(char)); char * dataGoodBuffer = (char *)ALLOCA((10+1)*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_alloca_ncpy_82_goodG2B::action(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); delete baseObject; 0 --------------------------------- 31129 63232/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_01.c Buffer_Overflow_cpycat 40 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31130 63232/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_01.c Buffer_Overflow_cpycat 62 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31131 63233/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_02.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(1) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31132 63233/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_02.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(0) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31133 63233/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_02.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(1) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31134 63234/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_03.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31135 63234/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_03.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(5!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31136 63234/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_03.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(5==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31137 63235/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_04.c Buffer_Overflow_cpycat 50 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31138 63235/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_04.c Buffer_Overflow_cpycat 101 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31139 63235/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_04.c Buffer_Overflow_cpycat 80 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31140 63236/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_05.c Buffer_Overflow_cpycat 50 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31141 63236/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_05.c Buffer_Overflow_cpycat 101 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31142 63236/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_05.c Buffer_Overflow_cpycat 80 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31143 63237/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_06.c Buffer_Overflow_cpycat 98 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31144 63237/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_06.c Buffer_Overflow_cpycat 77 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31145 63237/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_06.c Buffer_Overflow_cpycat 47 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31146 63238/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_07.c Buffer_Overflow_cpycat 49 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31147 63238/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_07.c Buffer_Overflow_cpycat 100 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31148 63238/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_07.c Buffer_Overflow_cpycat 79 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31149 63239/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_08.c Buffer_Overflow_cpycat 57 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31150 63239/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_08.c Buffer_Overflow_cpycat 108 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31151 63239/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_08.c Buffer_Overflow_cpycat 87 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31152 63240/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_09.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31153 63240/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_09.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31154 63240/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_09.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31155 63241/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_10.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31156 63241/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_10.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31157 63241/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_10.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31158 63242/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_11.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; }  int globalReturnsFalse()  return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31159 63242/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_11.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; }  int globalReturnsFalse()  return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31160 63242/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_11.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; }  int globalReturnsFalse()  return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31161 63244/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_13.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31162 63244/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_13.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31163 63244/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_13.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31164 63245/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_14.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31165 63245/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_14.c Buffer_Overflow_cpycat 94 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31166 63245/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_14.c Buffer_Overflow_cpycat 73 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5;  char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31167 63246/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_15.c Buffer_Overflow_cpycat 80 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; break; default: printLine("Benign, fixed string"); break; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31168 63246/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_15.c Buffer_Overflow_cpycat 107 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; switch(5) case 6:break; default: data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31169 63246/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_15.c Buffer_Overflow_cpycat 49 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; switch(6) case 6: data = dataGoodBuffer; data[0] = '\0'; break; default:break; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31170 63247/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_16.c Buffer_Overflow_cpycat 70 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; while(1) data = dataBadBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31171 63247/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_16.c Buffer_Overflow_cpycat 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; while(1) data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31172 63248/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_17.c Buffer_Overflow_cpycat 70 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31173 63248/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_17.c Buffer_Overflow_cpycat 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31174 63249/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_18.c Buffer_Overflow_cpycat 42 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31175 63249/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_18.c Buffer_Overflow_cpycat 66 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31176 63250/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_31.c Buffer_Overflow_cpycat 69 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31177 63250/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_31.c Buffer_Overflow_cpycat 43 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31178 63251/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_32.c Buffer_Overflow_cpycat 48 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31179 63251/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_32.c Buffer_Overflow_cpycat 79 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31180 63253/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_34.c Buffer_Overflow_cpycat 50 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_34_unionType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_34_unionType myUnion; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31181 63253/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_34.c Buffer_Overflow_cpycat 77 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_34_unionType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_34_unionType myUnion; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31182 63254/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_41.c Buffer_Overflow_cpycat 59 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_41_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31183 63254/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_41.c Buffer_Overflow_cpycat 33 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_41_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31184 63255/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_44.c Buffer_Overflow_cpycat 33 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = badSink; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31185 63255/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_44.c Buffer_Overflow_cpycat 63 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = goodG2BSink; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31186 63256/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_45.c Buffer_Overflow_cpycat 66 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_45_badData; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31187 63256/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_45.c Buffer_Overflow_cpycat 37 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_45_goodG2BData; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31188 63257/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_51.c Buffer_Overflow_cpycat 133 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_51b_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31189 63257/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_51.c Buffer_Overflow_cpycat 148 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_51b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31190 63258/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_52.c Buffer_Overflow_cpycat 202 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_52c_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31191 63258/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_52.c Buffer_Overflow_cpycat 187 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_52c_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31192 63259/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53.c Buffer_Overflow_cpycat 256 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53d_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31193 63259/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53.c Buffer_Overflow_cpycat 241 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_53d_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31194 63260/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54.c Buffer_Overflow_cpycat 310 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54e_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31195 63260/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54.c Buffer_Overflow_cpycat 295 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_54e_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31196 63261/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_63.c Buffer_Overflow_cpycat 131 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31197 63261/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_63.c Buffer_Overflow_cpycat 147 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31198 63262/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_64.c Buffer_Overflow_cpycat 134 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31199 63262/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_64.c Buffer_Overflow_cpycat 153 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31200 63263/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_65.c Buffer_Overflow_cpycat 149 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_65b_badSink; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_65b_badSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31201 63263/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_65.c Buffer_Overflow_cpycat 134 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_65b_goodG2BSink; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_65b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31202 63264/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_66.c Buffer_Overflow_cpycat 153 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31203 63264/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_66.c Buffer_Overflow_cpycat 137 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31204 63265/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67.c Buffer_Overflow_cpycat 145 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67_structType myStruct; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31205 63265/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67.c Buffer_Overflow_cpycat 161 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67_structType myStruct; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31206 63266/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_68.c Buffer_Overflow_cpycat 142 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_68_badData; char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31207 63266/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_68.c Buffer_Overflow_cpycat 158 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_68_goodG2BData; char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31208 63270/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_81_bad::action(char * data) const char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 31209 63270/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_cpy_81_goodG2B::action(char * data) const char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 31210 63312/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_01.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31211 63312/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_01.c String_Termination_Error 64 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31212 63313/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_02.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(1) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31213 63313/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_02.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(0) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31214 63313/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_02.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(1) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31215 63314/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_03.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31216 63314/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_03.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(5!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31217 63314/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_03.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(5==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31218 63315/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_04.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31219 63315/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_04.c String_Termination_Error 104 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31220 63315/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_04.c String_Termination_Error 82 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31221 63316/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_05.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31222 63316/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_05.c String_Termination_Error 104 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31223 63316/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_05.c String_Termination_Error 82 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31224 63317/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_06.c String_Termination_Error 48 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31225 63317/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_06.c String_Termination_Error 101 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31226 63317/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_06.c String_Termination_Error 79 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31227 63318/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_07.c String_Termination_Error 81 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31228 63318/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_07.c String_Termination_Error 50 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31229 63318/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_07.c String_Termination_Error 103 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31230 63319/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_08.c String_Termination_Error 89 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31231 63319/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_08.c String_Termination_Error 58 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31232 63319/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_08.c String_Termination_Error 111 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31233 63320/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_09.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31234 63320/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_09.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31235 63320/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_09.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31236 63321/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_10.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31237 63321/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_10.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31238 63321/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_10.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31239 63322/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_11.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31240 63322/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_11.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31241 63322/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_11.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31242 63323/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_12.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = '\0'; else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31243 63323/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_12.c String_Termination_Error 85 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = '\0'; else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31244 63324/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_13.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31245 63324/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_13.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31246 63324/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_13.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31247 63325/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_14.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31248 63325/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_14.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31249 63325/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_14.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31250 63326/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_15.c String_Termination_Error 110 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; break; default: printLine("Benign, fixed string"); break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31251 63326/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_15.c String_Termination_Error 82 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; switch(5) case 6:break; default: data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31252 63326/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_15.c String_Termination_Error 50 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; switch(6) case 6: data = dataGoodBuffer; data[0] = '\0'; break; default:break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31253 63327/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_16.c String_Termination_Error 72 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; while(1) data = dataBadBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31254 63327/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_16.c String_Termination_Error 45 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; while(1) data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31255 63328/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_17.c String_Termination_Error 72 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31256 63328/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_17.c String_Termination_Error 45 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31257 63329/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_18.c String_Termination_Error 43 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31258 63329/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_18.c String_Termination_Error 68 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31259 63330/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_31.c String_Termination_Error 71 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31260 63330/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_31.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31261 63331/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_32.c String_Termination_Error 81 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31262 63331/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_32.c String_Termination_Error 49 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31263 63333/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_34.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_34_unionType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_34_unionType myUnion; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31264 63333/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_34.c String_Termination_Error 79 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_34_unionType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_34_unionType myUnion; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31265 63334/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_41.c String_Termination_Error 61 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_41_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31266 63334/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_41.c String_Termination_Error 34 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_41_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31267 63335/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_44.c String_Termination_Error 65 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = badSink; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31268 63335/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_44.c String_Termination_Error 34 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = goodG2BSink; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31269 63336/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_45.c String_Termination_Error 38 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_45_badData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31270 63336/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_45.c String_Termination_Error 68 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_45_goodG2BData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31271 63337/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_51.c String_Termination_Error 134 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_51b_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31272 63337/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_51.c String_Termination_Error 150 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_51b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31273 63338/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_52.c String_Termination_Error 204 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_52c_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31274 63338/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_52.c String_Termination_Error 188 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_52c_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31275 63339/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53.c String_Termination_Error 242 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53d_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31276 63339/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53.c String_Termination_Error 258 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_53d_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31277 63340/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54.c String_Termination_Error 312 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54e_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31278 63340/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54.c String_Termination_Error 296 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_54e_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31279 63341/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_63.c String_Termination_Error 149 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31280 63341/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_63.c String_Termination_Error 132 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31281 63342/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_64.c String_Termination_Error 155 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31282 63342/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_64.c String_Termination_Error 135 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31283 63343/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_65.c String_Termination_Error 135 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_65b_badSink; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_65b_badSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31284 63343/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_65.c String_Termination_Error 151 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_65b_goodG2BSink; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_65b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31285 63344/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_66.c String_Termination_Error 155 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31286 63344/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_66.c String_Termination_Error 138 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31287 63345/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67.c String_Termination_Error 163 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67_structType myStruct; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31288 63345/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67.c String_Termination_Error 146 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67_structType myStruct; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31289 63346/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_68.c String_Termination_Error 160 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_68_badData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31290 63346/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_68.c String_Termination_Error 143 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_68_goodG2BData; char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31291 63350/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_81_bad.cpp String_Termination_Error 30 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_81_bad::action(char * data) const char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31292 63350/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_81_goodG2B.cpp String_Termination_Error 30 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_81_goodG2B::action(char * data) const char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31293 63351/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_82_bad.cpp String_Termination_Error 30 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_82_bad::action(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); delete baseObject; 1 --------------------------------- 31294 63351/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_82_goodG2B.cpp String_Termination_Error 30 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memcpy_82_goodG2B::action(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); delete baseObject; 0 --------------------------------- 31295 63352/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_01.c String_Termination_Error 41 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31296 63352/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_01.c String_Termination_Error 64 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31297 63353/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_02.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(1) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31298 63353/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_02.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(0) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31299 63353/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_02.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(1) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31300 63354/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_03.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31301 63354/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_03.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(5!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31302 63354/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_03.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(5==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31303 63355/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_04.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31304 63355/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_04.c String_Termination_Error 82 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31305 63355/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_04.c String_Termination_Error 104 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31306 63356/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_05.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31307 63356/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_05.c String_Termination_Error 82 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31308 63356/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_05.c String_Termination_Error 104 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31309 63357/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_06.c String_Termination_Error 79 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31310 63357/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_06.c String_Termination_Error 48 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31311 63357/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_06.c String_Termination_Error 101 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_FIVE = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31312 63358/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_07.c String_Termination_Error 81 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31313 63358/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_07.c String_Termination_Error 50 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31314 63358/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_07.c String_Termination_Error 103 #define SRC_STRING "AAAAAAAAAA" static int staticFive = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31315 63359/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_08.c String_Termination_Error 89 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31316 63359/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_08.c String_Termination_Error 58 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31317 63359/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_08.c String_Termination_Error 111 #define SRC_STRING "AAAAAAAAAA" static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31318 63360/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_09.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31319 63360/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_09.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31320 63360/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_09.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31321 63361/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_10.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31322 63361/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_10.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31323 63361/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_10.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" int globalTrue = 1; int globalFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31324 63362/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_11.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31325 63362/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_11.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalReturnsFalse()) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31326 63362/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_11.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31327 63364/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_13.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31328 63364/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_13.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31329 63364/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_13.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" const int GLOBAL_CONST_FIVE = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31330 63365/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_14.c String_Termination_Error 75 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31331 63365/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_14.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalFive!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31332 63365/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_14.c String_Termination_Error 97 #define SRC_STRING "AAAAAAAAAA" int globalFive = 5; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(globalFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31333 63366/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_15.c String_Termination_Error 82 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; break; default: printLine("Benign, fixed string"); break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31334 63366/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_15.c String_Termination_Error 50 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; switch(5) case 6:break; default: data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31335 63366/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_15.c String_Termination_Error 110 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; switch(6) case 6: data = dataGoodBuffer; data[0] = '\0'; break; default:break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31336 63367/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_16.c String_Termination_Error 72 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; while(1) data = dataBadBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31337 63367/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_16.c String_Termination_Error 45 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; while(1) data = dataGoodBuffer; data[0] = '\0'; break; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31338 63368/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_17.c String_Termination_Error 72 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31339 63368/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_17.c String_Termination_Error 45 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31340 63369/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_18.c String_Termination_Error 43 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31341 63369/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_18.c String_Termination_Error 68 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31342 63370/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_31.c String_Termination_Error 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31343 63370/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_31.c String_Termination_Error 71 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31344 63371/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_32.c String_Termination_Error 81 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31345 63371/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_32.c String_Termination_Error 49 #define SRC_STRING "AAAAAAAAAA" char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31346 63373/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_34.c String_Termination_Error 51 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_34_unionType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_34_unionType myUnion; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31347 63373/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_34.c String_Termination_Error 79 #define SRC_STRING "AAAAAAAAAA" typedef union char * unionFirst; char * unionSecond; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_34_unionType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_34_unionType myUnion; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31348 63374/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_41.c String_Termination_Error 34 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_41_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31349 63374/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_41.c String_Termination_Error 61 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_41_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31350 63375/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_44.c String_Termination_Error 65 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = badSink; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31351 63375/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_44.c String_Termination_Error 34 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = goodG2BSink; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31352 63376/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_45.c String_Termination_Error 68 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_45_badData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31353 63376/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_45.c String_Termination_Error 38 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_45_goodG2BData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31354 63377/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_51.c String_Termination_Error 150 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_51b_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31355 63377/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_51.c String_Termination_Error 134 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_51b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31356 63378/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_52.c String_Termination_Error 188 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_52c_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31357 63378/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_52.c String_Termination_Error 204 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_52c_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31358 63379/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53.c String_Termination_Error 258 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53d_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31359 63379/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53.c String_Termination_Error 242 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_53d_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31360 63380/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54.c String_Termination_Error 296 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54e_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31361 63380/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54.c String_Termination_Error 312 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_54e_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31362 63381/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_63.c String_Termination_Error 132 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31363 63381/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_63.c String_Termination_Error 149 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31364 63382/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_64.c String_Termination_Error 155 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31365 63382/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_64.c String_Termination_Error 135 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31366 63383/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_65.c String_Termination_Error 135 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_65b_badSink; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_65b_badSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31367 63383/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_65.c String_Termination_Error 151 #define SRC_STRING "AAAAAAAAAA" char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_65b_goodG2BSink; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_65b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31368 63384/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_66.c String_Termination_Error 155 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31369 63384/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_66.c String_Termination_Error 138 #define SRC_STRING "AAAAAAAAAA" char * data; char * dataArray[5]; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31370 63385/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67.c String_Termination_Error 163 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67_structType myStruct; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31371 63385/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67.c String_Termination_Error 146 #define SRC_STRING "AAAAAAAAAA" typedef struct _CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67_structType char * structFirst; } CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67_structType; char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67_structType myStruct; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31372 63386/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_68.c String_Termination_Error 143 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_68_badData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 31373 63386/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_68.c String_Termination_Error 160 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_memmove_68_goodG2BData; char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 31374 63392/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_01.c Buffer_Overflow_LowBound 64 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31375 63392/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_01.c Buffer_Overflow_LowBound 41 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31376 63393/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_02.c Buffer_Overflow_LowBound 75 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(1) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31377 63393/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_02.c Buffer_Overflow_LowBound 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(0) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31378 63393/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_02.c Buffer_Overflow_LowBound 97 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(1) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31379 63394/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_03.c Buffer_Overflow_LowBound 75 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31380 63394/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_03.c Buffer_Overflow_LowBound 44 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(5!=5) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31381 63394/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_03.c Buffer_Overflow_LowBound 97 #define SRC_STRING "AAAAAAAAAA" char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(5==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31382 63395/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_04.c Buffer_Overflow_LowBound 104 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31383 63395/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_04.c Buffer_Overflow_LowBound 51 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_FALSE) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31384 63395/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_04.c Buffer_Overflow_LowBound 82 #define SRC_STRING "AAAAAAAAAA" static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31385 63396/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_05.c Buffer_Overflow_LowBound 104 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 31386 63396/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_05.c Buffer_Overflow_LowBound 51 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticFalse) {} else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31387 63396/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_05.c Buffer_Overflow_LowBound 82 #define SRC_STRING "AAAAAAAAAA" static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBadBuffer[10]; char dataGoodBuffer[10+1]; if(staticTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 31388 77247/CWE127_Buffer_Underread__char_alloca_cpy_06.c Buffer_Overflow_cpycat 43 static const int STATIC_CONST_FIVE = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31389 77247/CWE127_Buffer_Underread__char_alloca_cpy_06.c Buffer_Overflow_cpycat 96 static const int STATIC_CONST_FIVE = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE!=5){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31390 77247/CWE127_Buffer_Underread__char_alloca_cpy_06.c Buffer_Overflow_cpycat 74 static const int STATIC_CONST_FIVE = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31391 77248/CWE127_Buffer_Underread__char_alloca_cpy_07.c Buffer_Overflow_cpycat 45 static int staticFive = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31392 77248/CWE127_Buffer_Underread__char_alloca_cpy_07.c Buffer_Overflow_cpycat 98 static int staticFive = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive!=5){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31393 77248/CWE127_Buffer_Underread__char_alloca_cpy_07.c Buffer_Overflow_cpycat 76 static int staticFive = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31394 77249/CWE127_Buffer_Underread__char_alloca_cpy_08.c Buffer_Overflow_cpycat 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31395 77249/CWE127_Buffer_Underread__char_alloca_cpy_08.c Buffer_Overflow_cpycat 106 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsFalse()){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31396 77249/CWE127_Buffer_Underread__char_alloca_cpy_08.c Buffer_Overflow_cpycat 84 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31397 77250/CWE127_Buffer_Underread__char_alloca_cpy_09.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31398 77250/CWE127_Buffer_Underread__char_alloca_cpy_09.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FALSE){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31399 77250/CWE127_Buffer_Underread__char_alloca_cpy_09.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31400 77251/CWE127_Buffer_Underread__char_alloca_cpy_10.c Buffer_Overflow_cpycat 70 int globalTrue = 1; int globalFalse = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31401 77251/CWE127_Buffer_Underread__char_alloca_cpy_10.c Buffer_Overflow_cpycat 39 int globalTrue = 1; int globalFalse = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFalse){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31402 77251/CWE127_Buffer_Underread__char_alloca_cpy_10.c Buffer_Overflow_cpycat 92 int globalTrue = 1; int globalFalse = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31403 77252/CWE127_Buffer_Underread__char_alloca_cpy_11.c Buffer_Overflow_cpycat 70 int globalReturnsTrue()? return 1; int globalReturnsFalse()? return 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31404 77252/CWE127_Buffer_Underread__char_alloca_cpy_11.c Buffer_Overflow_cpycat 39 int globalReturnsTrue()? return 1; int globalReturnsFalse()? return 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsFalse()){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31405 77252/CWE127_Buffer_Underread__char_alloca_cpy_11.c Buffer_Overflow_cpycat 92 int globalReturnsTrue()? return 1; int globalReturnsFalse()? return 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31406 77254/CWE127_Buffer_Underread__char_alloca_cpy_13.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_FIVE = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31407 77254/CWE127_Buffer_Underread__char_alloca_cpy_13.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_FIVE = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE!=5){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31408 77254/CWE127_Buffer_Underread__char_alloca_cpy_13.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_FIVE = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31409 77255/CWE127_Buffer_Underread__char_alloca_cpy_14.c Buffer_Overflow_cpycat 70 int globalFive = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31410 77255/CWE127_Buffer_Underread__char_alloca_cpy_14.c Buffer_Overflow_cpycat 39 int globalFive = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive!=5){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31411 77255/CWE127_Buffer_Underread__char_alloca_cpy_14.c Buffer_Overflow_cpycat 92 int globalFive = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31412 77256/CWE127_Buffer_Underread__char_alloca_cpy_15.c Buffer_Overflow_cpycat 105 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31413 77256/CWE127_Buffer_Underread__char_alloca_cpy_15.c Buffer_Overflow_cpycat 45 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(5) case 6: break; default: data = dataBuffer; break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31414 77256/CWE127_Buffer_Underread__char_alloca_cpy_15.c Buffer_Overflow_cpycat 77 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer; break; default: break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31415 77257/CWE127_Buffer_Underread__char_alloca_cpy_16.c Buffer_Overflow_cpycat 67 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer - 8; break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31416 77257/CWE127_Buffer_Underread__char_alloca_cpy_16.c Buffer_Overflow_cpycat 40 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer; break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31417 77258/CWE127_Buffer_Underread__char_alloca_cpy_17.c Buffer_Overflow_cpycat 67 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31418 77258/CWE127_Buffer_Underread__char_alloca_cpy_17.c Buffer_Overflow_cpycat 40 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(h = 0; h < 1; h++) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31419 77259/CWE127_Buffer_Underread__char_alloca_cpy_18.c Buffer_Overflow_cpycat 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31420 77259/CWE127_Buffer_Underread__char_alloca_cpy_18.c Buffer_Overflow_cpycat 63 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31421 77260/CWE127_Buffer_Underread__char_alloca_cpy_31.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31422 77260/CWE127_Buffer_Underread__char_alloca_cpy_31.c Buffer_Overflow_cpycat 39 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31423 77261/CWE127_Buffer_Underread__char_alloca_cpy_32.c Buffer_Overflow_cpycat 44 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31424 77261/CWE127_Buffer_Underread__char_alloca_cpy_32.c Buffer_Overflow_cpycat 76 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31425 77263/CWE127_Buffer_Underread__char_alloca_cpy_34.c Buffer_Overflow_cpycat 46 typedef union char * unionFirst; char * unionSecond; } CWE127_Buffer_Underread__char_alloca_cpy_34_unionType; char * data; CWE127_Buffer_Underread__char_alloca_cpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31426 77263/CWE127_Buffer_Underread__char_alloca_cpy_34.c Buffer_Overflow_cpycat 74 typedef union char * unionFirst; char * unionSecond; } CWE127_Buffer_Underread__char_alloca_cpy_34_unionType; char * data; CWE127_Buffer_Underread__char_alloca_cpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31427 77264/CWE127_Buffer_Underread__char_alloca_cpy_41.c Buffer_Overflow_cpycat 57 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_cpy_41_badSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_41_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31428 77264/CWE127_Buffer_Underread__char_alloca_cpy_41.c Buffer_Overflow_cpycat 30 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_cpy_41_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_41_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31429 77265/CWE127_Buffer_Underread__char_alloca_cpy_44.c Buffer_Overflow_cpycat 30 char * data; void (*funcPtr) (char *) = badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31430 77265/CWE127_Buffer_Underread__char_alloca_cpy_44.c Buffer_Overflow_cpycat 61 char * data; void (*funcPtr) (char *) = goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31431 77266/CWE127_Buffer_Underread__char_alloca_cpy_45.c Buffer_Overflow_cpycat 64 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_cpy_45_badData = data; badSink(); static void badSink() char * data = CWE127_Buffer_Underread__char_alloca_cpy_45_badData; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31432 77266/CWE127_Buffer_Underread__char_alloca_cpy_45.c Buffer_Overflow_cpycat 34 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE127_Buffer_Underread__char_alloca_cpy_45_goodG2BData; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31433 77267/CWE127_Buffer_Underread__char_alloca_cpy_51.c Buffer_Overflow_cpycat 123 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_cpy_51b_badSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_51b_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31434 77267/CWE127_Buffer_Underread__char_alloca_cpy_51.c Buffer_Overflow_cpycat 140 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_cpy_51b_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_51b_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31435 77268/CWE127_Buffer_Underread__char_alloca_cpy_52.c Buffer_Overflow_cpycat 189 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_cpy_52b_badSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_52b_badSink(char * data) CWE127_Buffer_Underread__char_alloca_cpy_52c_badSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_52c_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31436 77268/CWE127_Buffer_Underread__char_alloca_cpy_52.c Buffer_Overflow_cpycat 172 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_cpy_52b_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_52b_goodG2BSink(char * data) CWE127_Buffer_Underread__char_alloca_cpy_52c_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_52c_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31437 77269/CWE127_Buffer_Underread__char_alloca_cpy_53.c Buffer_Overflow_cpycat 238 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_cpy_53b_badSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_53b_badSink(char * data) CWE127_Buffer_Underread__char_alloca_cpy_53c_badSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_53c_badSink(char * data) CWE127_Buffer_Underread__char_alloca_cpy_53d_badSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_53d_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31438 77269/CWE127_Buffer_Underread__char_alloca_cpy_53.c Buffer_Overflow_cpycat 221 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_cpy_53b_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_53b_goodG2BSink(char * data) CWE127_Buffer_Underread__char_alloca_cpy_53c_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_53c_goodG2BSink(char * data) CWE127_Buffer_Underread__char_alloca_cpy_53d_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_53d_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31439 77270/CWE127_Buffer_Underread__char_alloca_cpy_54.c Buffer_Overflow_cpycat 270 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_cpy_54b_badSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_54b_badSink(char * data) CWE127_Buffer_Underread__char_alloca_cpy_54c_badSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_54c_badSink(char * data) CWE127_Buffer_Underread__char_alloca_cpy_54d_badSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_54d_badSink(char * data) CWE127_Buffer_Underread__char_alloca_cpy_54e_badSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_54e_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31440 77270/CWE127_Buffer_Underread__char_alloca_cpy_54.c Buffer_Overflow_cpycat 287 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_cpy_54b_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_54b_goodG2BSink(char * data) CWE127_Buffer_Underread__char_alloca_cpy_54c_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_54c_goodG2BSink(char * data) CWE127_Buffer_Underread__char_alloca_cpy_54d_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_54d_goodG2BSink(char * data) CWE127_Buffer_Underread__char_alloca_cpy_54e_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_cpy_54e_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31441 77271/CWE127_Buffer_Underread__char_alloca_cpy_63.c Buffer_Overflow_cpycat 121 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_cpy_63b_badSink(&data); void CWE127_Buffer_Underread__char_alloca_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31442 77271/CWE127_Buffer_Underread__char_alloca_cpy_63.c Buffer_Overflow_cpycat 139 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_cpy_63b_goodG2BSink(&data); void CWE127_Buffer_Underread__char_alloca_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31443 77272/CWE127_Buffer_Underread__char_alloca_cpy_64.c Buffer_Overflow_cpycat 145 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_cpy_64b_badSink(&data); void CWE127_Buffer_Underread__char_alloca_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31444 77272/CWE127_Buffer_Underread__char_alloca_cpy_64.c Buffer_Overflow_cpycat 124 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_cpy_64b_goodG2BSink(&data); void CWE127_Buffer_Underread__char_alloca_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31445 77273/CWE127_Buffer_Underread__char_alloca_cpy_65.c Buffer_Overflow_cpycat 141 char * data; void (*funcPtr) (char *) = CWE127_Buffer_Underread__char_alloca_cpy_65b_badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void CWE127_Buffer_Underread__char_alloca_cpy_65b_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31446 77273/CWE127_Buffer_Underread__char_alloca_cpy_65.c Buffer_Overflow_cpycat 124 char * data; void (*funcPtr) (char *) = CWE127_Buffer_Underread__char_alloca_cpy_65b_goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void CWE127_Buffer_Underread__char_alloca_cpy_65b_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31447 77274/CWE127_Buffer_Underread__char_alloca_cpy_66.c Buffer_Overflow_cpycat 145 char * data; char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; CWE127_Buffer_Underread__char_alloca_cpy_66b_badSink(dataArray); void CWE127_Buffer_Underread__char_alloca_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31448 77274/CWE127_Buffer_Underread__char_alloca_cpy_66.c Buffer_Overflow_cpycat 127 char * data; char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; CWE127_Buffer_Underread__char_alloca_cpy_66b_goodG2BSink(dataArray); void CWE127_Buffer_Underread__char_alloca_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31449 77275/CWE127_Buffer_Underread__char_alloca_cpy_67.c Buffer_Overflow_cpycat 153 typedef struct _CWE127_Buffer_Underread__char_alloca_cpy_67_structType char * structFirst; } CWE127_Buffer_Underread__char_alloca_cpy_67_structType; char * data; CWE127_Buffer_Underread__char_alloca_cpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE127_Buffer_Underread__char_alloca_cpy_67b_badSink(myStruct); void CWE127_Buffer_Underread__char_alloca_cpy_67b_badSink(CWE127_Buffer_Underread__char_alloca_cpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31450 77275/CWE127_Buffer_Underread__char_alloca_cpy_67.c Buffer_Overflow_cpycat 135 typedef struct _CWE127_Buffer_Underread__char_alloca_cpy_67_structType char * structFirst; } CWE127_Buffer_Underread__char_alloca_cpy_67_structType; char * data; CWE127_Buffer_Underread__char_alloca_cpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; CWE127_Buffer_Underread__char_alloca_cpy_67b_goodG2BSink(myStruct); void CWE127_Buffer_Underread__char_alloca_cpy_67b_goodG2BSink(CWE127_Buffer_Underread__char_alloca_cpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31451 77276/CWE127_Buffer_Underread__char_alloca_cpy_68.c Buffer_Overflow_cpycat 150 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_cpy_68_badData = data; CWE127_Buffer_Underread__char_alloca_cpy_68b_badSink(); void CWE127_Buffer_Underread__char_alloca_cpy_68b_badSink() char * data = CWE127_Buffer_Underread__char_alloca_cpy_68_badData; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31452 77276/CWE127_Buffer_Underread__char_alloca_cpy_68.c Buffer_Overflow_cpycat 132 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_cpy_68_goodG2BData = data; CWE127_Buffer_Underread__char_alloca_cpy_68b_goodG2BSink(); void CWE127_Buffer_Underread__char_alloca_cpy_68b_goodG2BSink() char * data = CWE127_Buffer_Underread__char_alloca_cpy_68_goodG2BData; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31453 77280/CWE127_Buffer_Underread__char_alloca_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__char_alloca_cpy_81_base& baseObject = CWE127_Buffer_Underread__char_alloca_cpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__char_alloca_cpy_81_bad::action(char * data) const char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31454 77280/CWE127_Buffer_Underread__char_alloca_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE127_Buffer_Underread__char_alloca_cpy_81_base& baseObject = CWE127_Buffer_Underread__char_alloca_cpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__char_alloca_cpy_81_goodG2B::action(char * data) const char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31455 77281/CWE127_Buffer_Underread__char_alloca_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_cpy_82_base* baseObject = new CWE127_Buffer_Underread__char_alloca_cpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__char_alloca_cpy_82_bad::action(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); delete baseObject; 1 --------------------------------- 31456 77281/CWE127_Buffer_Underread__char_alloca_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_cpy_82_base* baseObject = new CWE127_Buffer_Underread__char_alloca_cpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__char_alloca_cpy_82_goodG2B::action(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); delete baseObject; 0 --------------------------------- 31457 77402/CWE127_Buffer_Underread__char_alloca_ncpy_01.c Off_by_One_Error_in_Methods 61 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31458 77402/CWE127_Buffer_Underread__char_alloca_ncpy_01.c Off_by_One_Error_in_Methods 36 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31459 77403/CWE127_Buffer_Underread__char_alloca_ncpy_02.c Off_by_One_Error_in_Methods 39 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31460 77403/CWE127_Buffer_Underread__char_alloca_ncpy_02.c Off_by_One_Error_in_Methods 96 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(0){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31461 77403/CWE127_Buffer_Underread__char_alloca_ncpy_02.c Off_by_One_Error_in_Methods 72 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31462 77404/CWE127_Buffer_Underread__char_alloca_ncpy_03.c Off_by_One_Error_in_Methods 39 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31463 77404/CWE127_Buffer_Underread__char_alloca_ncpy_03.c Off_by_One_Error_in_Methods 96 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5!=5){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31464 77404/CWE127_Buffer_Underread__char_alloca_ncpy_03.c Off_by_One_Error_in_Methods 72 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31465 77405/CWE127_Buffer_Underread__char_alloca_ncpy_04.c Off_by_One_Error_in_Methods 103 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31466 77405/CWE127_Buffer_Underread__char_alloca_ncpy_04.c Off_by_One_Error_in_Methods 79 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FALSE){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31467 77405/CWE127_Buffer_Underread__char_alloca_ncpy_04.c Off_by_One_Error_in_Methods 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31468 77406/CWE127_Buffer_Underread__char_alloca_ncpy_05.c Off_by_One_Error_in_Methods 103 static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31469 77406/CWE127_Buffer_Underread__char_alloca_ncpy_05.c Off_by_One_Error_in_Methods 79 static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFalse){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31470 77406/CWE127_Buffer_Underread__char_alloca_ncpy_05.c Off_by_One_Error_in_Methods 46 static int staticTrue = 1; static int staticFalse = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31471 77407/CWE127_Buffer_Underread__char_alloca_ncpy_06.c Off_by_One_Error_in_Methods 43 static const int STATIC_CONST_FIVE = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31472 77407/CWE127_Buffer_Underread__char_alloca_ncpy_06.c Off_by_One_Error_in_Methods 100 static const int STATIC_CONST_FIVE = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE!=5){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31473 77407/CWE127_Buffer_Underread__char_alloca_ncpy_06.c Off_by_One_Error_in_Methods 76 static const int STATIC_CONST_FIVE = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31474 77408/CWE127_Buffer_Underread__char_alloca_ncpy_07.c Off_by_One_Error_in_Methods 78 static int staticFive = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31475 77408/CWE127_Buffer_Underread__char_alloca_ncpy_07.c Off_by_One_Error_in_Methods 45 static int staticFive = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive!=5){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31476 77408/CWE127_Buffer_Underread__char_alloca_ncpy_07.c Off_by_One_Error_in_Methods 102 static int staticFive = 5; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31477 77409/CWE127_Buffer_Underread__char_alloca_ncpy_08.c Off_by_One_Error_in_Methods 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31478 77409/CWE127_Buffer_Underread__char_alloca_ncpy_08.c Off_by_One_Error_in_Methods 86 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsFalse()){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31479 77409/CWE127_Buffer_Underread__char_alloca_ncpy_08.c Off_by_One_Error_in_Methods 110 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31480 77410/CWE127_Buffer_Underread__char_alloca_ncpy_09.c Off_by_One_Error_in_Methods 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31481 77410/CWE127_Buffer_Underread__char_alloca_ncpy_09.c Off_by_One_Error_in_Methods 96 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FALSE){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31482 77410/CWE127_Buffer_Underread__char_alloca_ncpy_09.c Off_by_One_Error_in_Methods 72 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31483 77411/CWE127_Buffer_Underread__char_alloca_ncpy_10.c Off_by_One_Error_in_Methods 39 int globalTrue = 1; int globalFalse = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31484 77411/CWE127_Buffer_Underread__char_alloca_ncpy_10.c Off_by_One_Error_in_Methods 96 int globalTrue = 1; int globalFalse = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFalse){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31485 77411/CWE127_Buffer_Underread__char_alloca_ncpy_10.c Off_by_One_Error_in_Methods 72 int globalTrue = 1; int globalFalse = 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31486 77412/CWE127_Buffer_Underread__char_alloca_ncpy_11.c Off_by_One_Error_in_Methods 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31487 77412/CWE127_Buffer_Underread__char_alloca_ncpy_11.c Off_by_One_Error_in_Methods 96 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsFalse()){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31488 77412/CWE127_Buffer_Underread__char_alloca_ncpy_11.c Off_by_One_Error_in_Methods 72 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31489 77414/CWE127_Buffer_Underread__char_alloca_ncpy_13.c Off_by_One_Error_in_Methods 39 const int GLOBAL_CONST_FIVE = 5;  char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31490 77414/CWE127_Buffer_Underread__char_alloca_ncpy_13.c Off_by_One_Error_in_Methods 96 const int GLOBAL_CONST_FIVE = 5;  char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE!=5){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31491 77414/CWE127_Buffer_Underread__char_alloca_ncpy_13.c Off_by_One_Error_in_Methods 72 const int GLOBAL_CONST_FIVE = 5;  char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31492 77415/CWE127_Buffer_Underread__char_alloca_ncpy_14.c Off_by_One_Error_in_Methods 39 int globalFive = 5;  char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31493 77415/CWE127_Buffer_Underread__char_alloca_ncpy_14.c Off_by_One_Error_in_Methods 96 int globalFive = 5;  char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive!=5){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31494 77415/CWE127_Buffer_Underread__char_alloca_ncpy_14.c Off_by_One_Error_in_Methods 72 int globalFive = 5;  char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31495 77416/CWE127_Buffer_Underread__char_alloca_ncpy_15.c Off_by_One_Error_in_Methods 79 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31496 77416/CWE127_Buffer_Underread__char_alloca_ncpy_15.c Off_by_One_Error_in_Methods 109 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(5) case 6: break; default: data = dataBuffer; break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31497 77416/CWE127_Buffer_Underread__char_alloca_ncpy_15.c Off_by_One_Error_in_Methods 45 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer; break; default: break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31498 77417/CWE127_Buffer_Underread__char_alloca_ncpy_16.c Off_by_One_Error_in_Methods 40 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer - 8; break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31499 77417/CWE127_Buffer_Underread__char_alloca_ncpy_16.c Off_by_One_Error_in_Methods 69 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer; break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31500 77418/CWE127_Buffer_Underread__char_alloca_ncpy_17.c Off_by_One_Error_in_Methods 40 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31501 77418/CWE127_Buffer_Underread__char_alloca_ncpy_17.c Off_by_One_Error_in_Methods 69 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(h = 0; h < 1; h++) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31502 77419/CWE127_Buffer_Underread__char_alloca_ncpy_18.c Off_by_One_Error_in_Methods 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31503 77419/CWE127_Buffer_Underread__char_alloca_ncpy_18.c Off_by_One_Error_in_Methods 65 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31504 77420/CWE127_Buffer_Underread__char_alloca_ncpy_31.c Off_by_One_Error_in_Methods 39 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31505 77420/CWE127_Buffer_Underread__char_alloca_ncpy_31.c Off_by_One_Error_in_Methods 68 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31506 77421/CWE127_Buffer_Underread__char_alloca_ncpy_32.c Off_by_One_Error_in_Methods 78 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31507 77421/CWE127_Buffer_Underread__char_alloca_ncpy_32.c Off_by_One_Error_in_Methods 44 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31508 77423/CWE127_Buffer_Underread__char_alloca_ncpy_34.c Off_by_One_Error_in_Methods 46 typedef union char * unionFirst; char * unionSecond; } CWE127_Buffer_Underread__char_alloca_ncpy_34_unionType; char * data; CWE127_Buffer_Underread__char_alloca_ncpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31509 77423/CWE127_Buffer_Underread__char_alloca_ncpy_34.c Off_by_One_Error_in_Methods 76 typedef union char * unionFirst; char * unionSecond; } CWE127_Buffer_Underread__char_alloca_ncpy_34_unionType; char * data; CWE127_Buffer_Underread__char_alloca_ncpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31510 77424/CWE127_Buffer_Underread__char_alloca_ncpy_41.c Off_by_One_Error_in_Methods 30 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_ncpy_41_badSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_41_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31511 77424/CWE127_Buffer_Underread__char_alloca_ncpy_41.c Off_by_One_Error_in_Methods 59 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_ncpy_41_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_41_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31512 77425/CWE127_Buffer_Underread__char_alloca_ncpy_44.c Off_by_One_Error_in_Methods 63 char * data; void (*funcPtr) (char *) = badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31513 77425/CWE127_Buffer_Underread__char_alloca_ncpy_44.c Off_by_One_Error_in_Methods 30 char * data; void (*funcPtr) (char *) = goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31514 77426/CWE127_Buffer_Underread__char_alloca_ncpy_45.c Off_by_One_Error_in_Methods 34 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE127_Buffer_Underread__char_alloca_ncpy_45_badData; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31515 77426/CWE127_Buffer_Underread__char_alloca_ncpy_45.c Off_by_One_Error_in_Methods 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE127_Buffer_Underread__char_alloca_ncpy_45_goodG2BData; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31516 77427/CWE127_Buffer_Underread__char_alloca_ncpy_51.c Off_by_One_Error_in_Methods 142 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_ncpy_51b_badSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_51b_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31517 77427/CWE127_Buffer_Underread__char_alloca_ncpy_51.c Off_by_One_Error_in_Methods 123 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_ncpy_51b_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_51b_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31518 77428/CWE127_Buffer_Underread__char_alloca_ncpy_52.c Off_by_One_Error_in_Methods 191 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_ncpy_52b_badSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_52b_badSink(char * data) CWE127_Buffer_Underread__char_alloca_ncpy_52c_badSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_52c_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31519 77428/CWE127_Buffer_Underread__char_alloca_ncpy_52.c Off_by_One_Error_in_Methods 172 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_ncpy_52b_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_52b_goodG2BSink(char * data) CWE127_Buffer_Underread__char_alloca_ncpy_52c_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_52c_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31520 77429/CWE127_Buffer_Underread__char_alloca_ncpy_53.c Off_by_One_Error_in_Methods 240 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_ncpy_53b_badSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_53b_badSink(char * data) CWE127_Buffer_Underread__char_alloca_ncpy_53c_badSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_53c_badSink(char * data) CWE127_Buffer_Underread__char_alloca_ncpy_53d_badSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_53d_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31521 77429/CWE127_Buffer_Underread__char_alloca_ncpy_53.c Off_by_One_Error_in_Methods 221 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_ncpy_53b_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_53b_goodG2BSink(char * data) CWE127_Buffer_Underread__char_alloca_ncpy_53c_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_53c_goodG2BSink(char * data) CWE127_Buffer_Underread__char_alloca_ncpy_53d_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_53d_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31522 77430/CWE127_Buffer_Underread__char_alloca_ncpy_54.c Off_by_One_Error_in_Methods 270 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_ncpy_54b_badSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_54b_badSink(char * data) CWE127_Buffer_Underread__char_alloca_ncpy_54c_badSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_54c_badSink(char * data) CWE127_Buffer_Underread__char_alloca_ncpy_54d_badSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_54d_badSink(char * data) CWE127_Buffer_Underread__char_alloca_ncpy_54e_badSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_54e_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31523 77430/CWE127_Buffer_Underread__char_alloca_ncpy_54.c Off_by_One_Error_in_Methods 289 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_ncpy_54b_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_54b_goodG2BSink(char * data) CWE127_Buffer_Underread__char_alloca_ncpy_54c_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_54c_goodG2BSink(char * data) CWE127_Buffer_Underread__char_alloca_ncpy_54d_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_54d_goodG2BSink(char * data) CWE127_Buffer_Underread__char_alloca_ncpy_54e_goodG2BSink(data); void CWE127_Buffer_Underread__char_alloca_ncpy_54e_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31524 77431/CWE127_Buffer_Underread__char_alloca_ncpy_63.c Off_by_One_Error_in_Methods 141 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_ncpy_63b_badSink(&data); void CWE127_Buffer_Underread__char_alloca_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31525 77431/CWE127_Buffer_Underread__char_alloca_ncpy_63.c Off_by_One_Error_in_Methods 121 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_ncpy_63b_goodG2BSink(&data); void CWE127_Buffer_Underread__char_alloca_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31526 77432/CWE127_Buffer_Underread__char_alloca_ncpy_64.c Off_by_One_Error_in_Methods 147 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_ncpy_64b_badSink(&data); void CWE127_Buffer_Underread__char_alloca_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31527 77432/CWE127_Buffer_Underread__char_alloca_ncpy_64.c Off_by_One_Error_in_Methods 124 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_ncpy_64b_goodG2BSink(&data); void CWE127_Buffer_Underread__char_alloca_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31528 77433/CWE127_Buffer_Underread__char_alloca_ncpy_65.c Off_by_One_Error_in_Methods 143 char * data; void (*funcPtr) (char *) = CWE127_Buffer_Underread__char_alloca_ncpy_65b_badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void CWE127_Buffer_Underread__char_alloca_ncpy_65b_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31529 77433/CWE127_Buffer_Underread__char_alloca_ncpy_65.c Off_by_One_Error_in_Methods 124 char * data; void (*funcPtr) (char *) = CWE127_Buffer_Underread__char_alloca_ncpy_65b_goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void CWE127_Buffer_Underread__char_alloca_ncpy_65b_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31530 77434/CWE127_Buffer_Underread__char_alloca_ncpy_66.c Off_by_One_Error_in_Methods 127 char * data; char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; CWE127_Buffer_Underread__char_alloca_ncpy_66b_badSink(dataArray); void CWE127_Buffer_Underread__char_alloca_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31531 77434/CWE127_Buffer_Underread__char_alloca_ncpy_66.c Off_by_One_Error_in_Methods 147 char * data; char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; CWE127_Buffer_Underread__char_alloca_ncpy_66b_goodG2BSink(dataArray); void CWE127_Buffer_Underread__char_alloca_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31532 77435/CWE127_Buffer_Underread__char_alloca_ncpy_67.c Off_by_One_Error_in_Methods 135 typedef struct _CWE127_Buffer_Underread__char_alloca_ncpy_67_structType char * structFirst; } CWE127_Buffer_Underread__char_alloca_ncpy_67_structType; char * data; CWE127_Buffer_Underread__char_alloca_ncpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE127_Buffer_Underread__char_alloca_ncpy_67b_badSink(myStruct); void CWE127_Buffer_Underread__char_alloca_ncpy_67b_badSink(CWE127_Buffer_Underread__char_alloca_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31533 77435/CWE127_Buffer_Underread__char_alloca_ncpy_67.c Off_by_One_Error_in_Methods 155 typedef struct _CWE127_Buffer_Underread__char_alloca_ncpy_67_structType char * structFirst; } CWE127_Buffer_Underread__char_alloca_ncpy_67_structType; char * data; CWE127_Buffer_Underread__char_alloca_ncpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; CWE127_Buffer_Underread__char_alloca_ncpy_67b_goodG2BSink(myStruct); void CWE127_Buffer_Underread__char_alloca_ncpy_67b_goodG2BSink(CWE127_Buffer_Underread__char_alloca_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31534 77436/CWE127_Buffer_Underread__char_alloca_ncpy_68.c Off_by_One_Error_in_Methods 152 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_ncpy_68_badData = data; CWE127_Buffer_Underread__char_alloca_ncpy_68b_badSink(); void CWE127_Buffer_Underread__char_alloca_ncpy_68b_badSink() char * data = CWE127_Buffer_Underread__char_alloca_ncpy_68_badData; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31535 77436/CWE127_Buffer_Underread__char_alloca_ncpy_68.c Off_by_One_Error_in_Methods 132 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_ncpy_68_goodG2BData = data; CWE127_Buffer_Underread__char_alloca_ncpy_68b_goodG2BSink(); void CWE127_Buffer_Underread__char_alloca_ncpy_68b_goodG2BSink() char * data = CWE127_Buffer_Underread__char_alloca_ncpy_68_goodG2BData; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31536 77440/CWE127_Buffer_Underread__char_alloca_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__char_alloca_ncpy_81_base& baseObject = CWE127_Buffer_Underread__char_alloca_ncpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__char_alloca_ncpy_81_bad::action(char * data) const char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31537 77440/CWE127_Buffer_Underread__char_alloca_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE127_Buffer_Underread__char_alloca_ncpy_81_base& baseObject = CWE127_Buffer_Underread__char_alloca_ncpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__char_alloca_ncpy_81_goodG2B::action(char * data) const char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31538 77441/CWE127_Buffer_Underread__char_alloca_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_alloca_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__char_alloca_ncpy_82_bad; baseObject->action(data); delete baseObject; void CWE127_Buffer_Underread__char_alloca_ncpy_82_bad::action(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31539 77441/CWE127_Buffer_Underread__char_alloca_ncpy_82_goodG2B.cpp Off_by_One_Error_in_Methods 31 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_alloca_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__char_alloca_ncpy_82_goodG2B; baseObject->action(data); delete baseObject; void CWE127_Buffer_Underread__char_alloca_ncpy_82_goodG2B::action(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31540 77442/CWE127_Buffer_Underread__char_declare_cpy_01.c Buffer_Overflow_cpycat 59 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31541 77442/CWE127_Buffer_Underread__char_declare_cpy_01.c Buffer_Overflow_cpycat 36 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31542 77443/CWE127_Buffer_Underread__char_declare_cpy_02.c Buffer_Overflow_cpycat 70 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31543 77443/CWE127_Buffer_Underread__char_declare_cpy_02.c Buffer_Overflow_cpycat 39 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(0){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31544 77443/CWE127_Buffer_Underread__char_declare_cpy_02.c Buffer_Overflow_cpycat 92 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31545 77444/CWE127_Buffer_Underread__char_declare_cpy_03.c Buffer_Overflow_cpycat 70 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31546 77444/CWE127_Buffer_Underread__char_declare_cpy_03.c Buffer_Overflow_cpycat 39 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5!=5){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31547 77444/CWE127_Buffer_Underread__char_declare_cpy_03.c Buffer_Overflow_cpycat 92 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31548 77445/CWE127_Buffer_Underread__char_declare_cpy_04.c Buffer_Overflow_cpycat 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31549 77445/CWE127_Buffer_Underread__char_declare_cpy_04.c Buffer_Overflow_cpycat 99 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FALSE){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31550 77445/CWE127_Buffer_Underread__char_declare_cpy_04.c Buffer_Overflow_cpycat 77 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31551 77446/CWE127_Buffer_Underread__char_declare_cpy_05.c Buffer_Overflow_cpycat 46 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31552 77446/CWE127_Buffer_Underread__char_declare_cpy_05.c Buffer_Overflow_cpycat 99 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFalse){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31553 77446/CWE127_Buffer_Underread__char_declare_cpy_05.c Buffer_Overflow_cpycat 77 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31554 77447/CWE127_Buffer_Underread__char_declare_cpy_06.c Buffer_Overflow_cpycat 43 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31555 77447/CWE127_Buffer_Underread__char_declare_cpy_06.c Buffer_Overflow_cpycat 96 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE!=5){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31556 77447/CWE127_Buffer_Underread__char_declare_cpy_06.c Buffer_Overflow_cpycat 74 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31557 77448/CWE127_Buffer_Underread__char_declare_cpy_07.c Buffer_Overflow_cpycat 45 static int staticFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31558 77448/CWE127_Buffer_Underread__char_declare_cpy_07.c Buffer_Overflow_cpycat 98 static int staticFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive!=5){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31559 77448/CWE127_Buffer_Underread__char_declare_cpy_07.c Buffer_Overflow_cpycat 76 static int staticFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31560 77449/CWE127_Buffer_Underread__char_declare_cpy_08.c Buffer_Overflow_cpycat 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31561 77449/CWE127_Buffer_Underread__char_declare_cpy_08.c Buffer_Overflow_cpycat 106 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsFalse()){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31562 77449/CWE127_Buffer_Underread__char_declare_cpy_08.c Buffer_Overflow_cpycat 84 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31563 77450/CWE127_Buffer_Underread__char_declare_cpy_09.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31564 77450/CWE127_Buffer_Underread__char_declare_cpy_09.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FALSE){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31565 77450/CWE127_Buffer_Underread__char_declare_cpy_09.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31566 77451/CWE127_Buffer_Underread__char_declare_cpy_10.c Buffer_Overflow_cpycat 70 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31567 77451/CWE127_Buffer_Underread__char_declare_cpy_10.c Buffer_Overflow_cpycat 39 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFalse){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31568 77451/CWE127_Buffer_Underread__char_declare_cpy_10.c Buffer_Overflow_cpycat 92 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31569 77452/CWE127_Buffer_Underread__char_declare_cpy_11.c Buffer_Overflow_cpycat 70 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31570 77452/CWE127_Buffer_Underread__char_declare_cpy_11.c Buffer_Overflow_cpycat 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsFalse()){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31571 77452/CWE127_Buffer_Underread__char_declare_cpy_11.c Buffer_Overflow_cpycat 92 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31572 77454/CWE127_Buffer_Underread__char_declare_cpy_13.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31573 77454/CWE127_Buffer_Underread__char_declare_cpy_13.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE!=5){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31574 77454/CWE127_Buffer_Underread__char_declare_cpy_13.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31575 77455/CWE127_Buffer_Underread__char_declare_cpy_14.c Buffer_Overflow_cpycat 70 int globalFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31576 77455/CWE127_Buffer_Underread__char_declare_cpy_14.c Buffer_Overflow_cpycat 39 int globalFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive!=5){} else data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31577 77455/CWE127_Buffer_Underread__char_declare_cpy_14.c Buffer_Overflow_cpycat 92 int globalFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31578 77456/CWE127_Buffer_Underread__char_declare_cpy_15.c Buffer_Overflow_cpycat 105 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31579 77456/CWE127_Buffer_Underread__char_declare_cpy_15.c Buffer_Overflow_cpycat 45 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(5) case 6: break; default: data = dataBuffer; break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31580 77456/CWE127_Buffer_Underread__char_declare_cpy_15.c Buffer_Overflow_cpycat 77 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer; break; default: break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31581 77457/CWE127_Buffer_Underread__char_declare_cpy_16.c Buffer_Overflow_cpycat 67 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer - 8; break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31582 77457/CWE127_Buffer_Underread__char_declare_cpy_16.c Buffer_Overflow_cpycat 40 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer; break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31583 77458/CWE127_Buffer_Underread__char_declare_cpy_17.c Buffer_Overflow_cpycat 67 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31584 77458/CWE127_Buffer_Underread__char_declare_cpy_17.c Buffer_Overflow_cpycat 40 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(h = 0; h < 1; h++) data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31585 77459/CWE127_Buffer_Underread__char_declare_cpy_18.c Buffer_Overflow_cpycat 38 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31586 77459/CWE127_Buffer_Underread__char_declare_cpy_18.c Buffer_Overflow_cpycat 63 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31587 77460/CWE127_Buffer_Underread__char_declare_cpy_31.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31588 77460/CWE127_Buffer_Underread__char_declare_cpy_31.c Buffer_Overflow_cpycat 39 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31589 77461/CWE127_Buffer_Underread__char_declare_cpy_32.c Buffer_Overflow_cpycat 44 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31590 77461/CWE127_Buffer_Underread__char_declare_cpy_32.c Buffer_Overflow_cpycat 76 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31591 77463/CWE127_Buffer_Underread__char_declare_cpy_34.c Buffer_Overflow_cpycat 46 typedef union char * unionFirst; char * unionSecond; } CWE127_Buffer_Underread__char_declare_cpy_34_unionType; char * data; CWE127_Buffer_Underread__char_declare_cpy_34_unionType myUnion; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31592 77463/CWE127_Buffer_Underread__char_declare_cpy_34.c Buffer_Overflow_cpycat 74 typedef union char * unionFirst; char * unionSecond; } CWE127_Buffer_Underread__char_declare_cpy_34_unionType; char * data; CWE127_Buffer_Underread__char_declare_cpy_34_unionType myUnion; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31593 77464/CWE127_Buffer_Underread__char_declare_cpy_41.c Buffer_Overflow_cpycat 57 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_cpy_41_badSink(data); void CWE127_Buffer_Underread__char_declare_cpy_41_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31594 77464/CWE127_Buffer_Underread__char_declare_cpy_41.c Buffer_Overflow_cpycat 30 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_cpy_41_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_cpy_41_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31595 77465/CWE127_Buffer_Underread__char_declare_cpy_44.c Buffer_Overflow_cpycat 30 char * data; void (*funcPtr) (char *) = badSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31596 77465/CWE127_Buffer_Underread__char_declare_cpy_44.c Buffer_Overflow_cpycat 61 char * data; void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31597 77466/CWE127_Buffer_Underread__char_declare_cpy_45.c Buffer_Overflow_cpycat 64 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_cpy_45_badData = data; badSink(); static void badSink() char * data = CWE127_Buffer_Underread__char_declare_cpy_45_badData; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31598 77466/CWE127_Buffer_Underread__char_declare_cpy_45.c Buffer_Overflow_cpycat 34 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE127_Buffer_Underread__char_declare_cpy_45_goodG2BData; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31599 77467/CWE127_Buffer_Underread__char_declare_cpy_51.c Buffer_Overflow_cpycat 123 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_cpy_51b_badSink(data); void CWE127_Buffer_Underread__char_declare_cpy_51b_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31600 77467/CWE127_Buffer_Underread__char_declare_cpy_51.c Buffer_Overflow_cpycat 140 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_cpy_51b_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_cpy_51b_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31601 77468/CWE127_Buffer_Underread__char_declare_cpy_52.c Buffer_Overflow_cpycat 189 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_cpy_52b_badSink(data); void CWE127_Buffer_Underread__char_declare_cpy_52b_badSink(char * data) CWE127_Buffer_Underread__char_declare_cpy_52c_badSink(data); void CWE127_Buffer_Underread__char_declare_cpy_52c_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31602 77468/CWE127_Buffer_Underread__char_declare_cpy_52.c Buffer_Overflow_cpycat 172 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_cpy_52b_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_cpy_52b_goodG2BSink(char * data) CWE127_Buffer_Underread__char_declare_cpy_52c_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_cpy_52c_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31603 77469/CWE127_Buffer_Underread__char_declare_cpy_53.c Buffer_Overflow_cpycat 238 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_cpy_53b_badSink(data); void CWE127_Buffer_Underread__char_declare_cpy_53b_badSink(char * data) CWE127_Buffer_Underread__char_declare_cpy_53c_badSink(data); void CWE127_Buffer_Underread__char_declare_cpy_53c_badSink(char * data) CWE127_Buffer_Underread__char_declare_cpy_53d_badSink(data); void CWE127_Buffer_Underread__char_declare_cpy_53d_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31604 77469/CWE127_Buffer_Underread__char_declare_cpy_53.c Buffer_Overflow_cpycat 221 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_cpy_53b_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_cpy_53b_goodG2BSink(char * data) CWE127_Buffer_Underread__char_declare_cpy_53c_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_cpy_53c_goodG2BSink(char * data) CWE127_Buffer_Underread__char_declare_cpy_53d_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_cpy_53d_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31605 77470/CWE127_Buffer_Underread__char_declare_cpy_54.c Buffer_Overflow_cpycat 270 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_cpy_54b_badSink(data); void CWE127_Buffer_Underread__char_declare_cpy_54b_badSink(char * data) CWE127_Buffer_Underread__char_declare_cpy_54c_badSink(data); void CWE127_Buffer_Underread__char_declare_cpy_54c_badSink(char * data) CWE127_Buffer_Underread__char_declare_cpy_54d_badSink(data); void CWE127_Buffer_Underread__char_declare_cpy_54d_badSink(char * data) CWE127_Buffer_Underread__char_declare_cpy_54e_badSink(data); void CWE127_Buffer_Underread__char_declare_cpy_54e_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31606 77470/CWE127_Buffer_Underread__char_declare_cpy_54.c Buffer_Overflow_cpycat 287 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_cpy_54b_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_cpy_54b_goodG2BSink(char * data) CWE127_Buffer_Underread__char_declare_cpy_54c_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_cpy_54c_goodG2BSink(char * data) CWE127_Buffer_Underread__char_declare_cpy_54d_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_cpy_54d_goodG2BSink(char * data) CWE127_Buffer_Underread__char_declare_cpy_54e_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_cpy_54e_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31607 77471/CWE127_Buffer_Underread__char_declare_cpy_63.c Buffer_Overflow_cpycat 121 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_cpy_63b_badSink(&data); void CWE127_Buffer_Underread__char_declare_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31608 77471/CWE127_Buffer_Underread__char_declare_cpy_63.c Buffer_Overflow_cpycat 139 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_cpy_63b_goodG2BSink(&data); void CWE127_Buffer_Underread__char_declare_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31609 77472/CWE127_Buffer_Underread__char_declare_cpy_64.c Buffer_Overflow_cpycat 145 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_cpy_64b_badSink(&data); void CWE127_Buffer_Underread__char_declare_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31610 77472/CWE127_Buffer_Underread__char_declare_cpy_64.c Buffer_Overflow_cpycat 124 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_cpy_64b_goodG2BSink(&data); void CWE127_Buffer_Underread__char_declare_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31611 77473/CWE127_Buffer_Underread__char_declare_cpy_65.c Buffer_Overflow_cpycat 141 char * data; void (*funcPtr) (char *) = CWE127_Buffer_Underread__char_declare_cpy_65b_badSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void CWE127_Buffer_Underread__char_declare_cpy_65b_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31612 77473/CWE127_Buffer_Underread__char_declare_cpy_65.c Buffer_Overflow_cpycat 124 char * data; void (*funcPtr) (char *) = CWE127_Buffer_Underread__char_declare_cpy_65b_goodG2BSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void CWE127_Buffer_Underread__char_declare_cpy_65b_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31613 77474/CWE127_Buffer_Underread__char_declare_cpy_66.c Buffer_Overflow_cpycat 145 char * data; char * dataArray[5]; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; CWE127_Buffer_Underread__char_declare_cpy_66b_badSink(dataArray); void CWE127_Buffer_Underread__char_declare_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31614 77474/CWE127_Buffer_Underread__char_declare_cpy_66.c Buffer_Overflow_cpycat 127 char * data; char * dataArray[5]; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; CWE127_Buffer_Underread__char_declare_cpy_66b_goodG2BSink(dataArray); void CWE127_Buffer_Underread__char_declare_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31615 77475/CWE127_Buffer_Underread__char_declare_cpy_67.c Buffer_Overflow_cpycat 153 typedef struct _CWE127_Buffer_Underread__char_declare_cpy_67_structType char * structFirst; } CWE127_Buffer_Underread__char_declare_cpy_67_structType; char * data; CWE127_Buffer_Underread__char_declare_cpy_67_structType myStruct; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE127_Buffer_Underread__char_declare_cpy_67b_badSink(myStruct); void CWE127_Buffer_Underread__char_declare_cpy_67b_badSink(CWE127_Buffer_Underread__char_declare_cpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31616 77475/CWE127_Buffer_Underread__char_declare_cpy_67.c Buffer_Overflow_cpycat 135 typedef struct _CWE127_Buffer_Underread__char_declare_cpy_67_structType char * structFirst; } CWE127_Buffer_Underread__char_declare_cpy_67_structType; char * data; CWE127_Buffer_Underread__char_declare_cpy_67_structType myStruct; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; CWE127_Buffer_Underread__char_declare_cpy_67b_goodG2BSink(myStruct); void CWE127_Buffer_Underread__char_declare_cpy_67b_goodG2BSink(CWE127_Buffer_Underread__char_declare_cpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31617 77476/CWE127_Buffer_Underread__char_declare_cpy_68.c Buffer_Overflow_cpycat 150 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_cpy_68_badData = data; CWE127_Buffer_Underread__char_declare_cpy_68b_badSink(); void CWE127_Buffer_Underread__char_declare_cpy_68b_badSink() char * data = CWE127_Buffer_Underread__char_declare_cpy_68_badData; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31618 77476/CWE127_Buffer_Underread__char_declare_cpy_68.c Buffer_Overflow_cpycat 132 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_cpy_68_goodG2BData = data; CWE127_Buffer_Underread__char_declare_cpy_68b_goodG2BSink(); void CWE127_Buffer_Underread__char_declare_cpy_68b_goodG2BSink() char * data = CWE127_Buffer_Underread__char_declare_cpy_68_goodG2BData; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31619 77480/CWE127_Buffer_Underread__char_declare_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__char_declare_cpy_81_base& baseObject = CWE127_Buffer_Underread__char_declare_cpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__char_declare_cpy_81_bad::action(char * data) const char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31620 77480/CWE127_Buffer_Underread__char_declare_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE127_Buffer_Underread__char_declare_cpy_81_base& baseObject = CWE127_Buffer_Underread__char_declare_cpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__char_declare_cpy_81_goodG2B::action(char * data) const char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31621 77481/CWE127_Buffer_Underread__char_declare_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_cpy_82_base* baseObject = new CWE127_Buffer_Underread__char_declare_cpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__char_declare_cpy_82_bad::action(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); delete baseObject; 1 --------------------------------- 31622 77481/CWE127_Buffer_Underread__char_declare_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_cpy_82_base* baseObject = new CWE127_Buffer_Underread__char_declare_cpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__char_declare_cpy_82_goodG2B::action(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); delete baseObject; 0 --------------------------------- 31623 77602/CWE127_Buffer_Underread__char_declare_ncpy_01.c Off_by_One_Error_in_Methods 61 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31624 77602/CWE127_Buffer_Underread__char_declare_ncpy_01.c Off_by_One_Error_in_Methods 36 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31625 77603/CWE127_Buffer_Underread__char_declare_ncpy_02.c Off_by_One_Error_in_Methods 39 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31626 77603/CWE127_Buffer_Underread__char_declare_ncpy_02.c Off_by_One_Error_in_Methods 96 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(0){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31627 77603/CWE127_Buffer_Underread__char_declare_ncpy_02.c Off_by_One_Error_in_Methods 72 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(1) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31628 77604/CWE127_Buffer_Underread__char_declare_ncpy_03.c Off_by_One_Error_in_Methods 39 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31629 77604/CWE127_Buffer_Underread__char_declare_ncpy_03.c Off_by_One_Error_in_Methods 96 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5!=5){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31630 77604/CWE127_Buffer_Underread__char_declare_ncpy_03.c Off_by_One_Error_in_Methods 72 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(5==5) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31631 77605/CWE127_Buffer_Underread__char_declare_ncpy_04.c Off_by_One_Error_in_Methods 103 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31632 77605/CWE127_Buffer_Underread__char_declare_ncpy_04.c Off_by_One_Error_in_Methods 79 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FALSE){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31633 77605/CWE127_Buffer_Underread__char_declare_ncpy_04.c Off_by_One_Error_in_Methods 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_TRUE) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31634 77606/CWE127_Buffer_Underread__char_declare_ncpy_05.c Off_by_One_Error_in_Methods 103 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31635 77606/CWE127_Buffer_Underread__char_declare_ncpy_05.c Off_by_One_Error_in_Methods 79 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFalse){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31636 77606/CWE127_Buffer_Underread__char_declare_ncpy_05.c Off_by_One_Error_in_Methods 46 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticTrue) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31637 77607/CWE127_Buffer_Underread__char_declare_ncpy_06.c Off_by_One_Error_in_Methods 43 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31638 77607/CWE127_Buffer_Underread__char_declare_ncpy_06.c Off_by_One_Error_in_Methods 100 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE!=5){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31639 77607/CWE127_Buffer_Underread__char_declare_ncpy_06.c Off_by_One_Error_in_Methods 76 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31640 77608/CWE127_Buffer_Underread__char_declare_ncpy_07.c Off_by_One_Error_in_Methods 78 static int staticFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31641 77608/CWE127_Buffer_Underread__char_declare_ncpy_07.c Off_by_One_Error_in_Methods 45 static int staticFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive!=5){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31642 77608/CWE127_Buffer_Underread__char_declare_ncpy_07.c Off_by_One_Error_in_Methods 102 static int staticFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticFive==5) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31643 77609/CWE127_Buffer_Underread__char_declare_ncpy_08.c Off_by_One_Error_in_Methods 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31644 77609/CWE127_Buffer_Underread__char_declare_ncpy_08.c Off_by_One_Error_in_Methods 86 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsFalse()){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31645 77609/CWE127_Buffer_Underread__char_declare_ncpy_08.c Off_by_One_Error_in_Methods 110 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(staticReturnsTrue()) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31646 77610/CWE127_Buffer_Underread__char_declare_ncpy_09.c Off_by_One_Error_in_Methods 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31647 77610/CWE127_Buffer_Underread__char_declare_ncpy_09.c Off_by_One_Error_in_Methods 96 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FALSE){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31648 77610/CWE127_Buffer_Underread__char_declare_ncpy_09.c Off_by_One_Error_in_Methods 72 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31649 77611/CWE127_Buffer_Underread__char_declare_ncpy_10.c Off_by_One_Error_in_Methods 39 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31650 77611/CWE127_Buffer_Underread__char_declare_ncpy_10.c Off_by_One_Error_in_Methods 96 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFalse){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31651 77611/CWE127_Buffer_Underread__char_declare_ncpy_10.c Off_by_One_Error_in_Methods 72 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalTrue) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31652 77612/CWE127_Buffer_Underread__char_declare_ncpy_11.c Off_by_One_Error_in_Methods 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31653 77612/CWE127_Buffer_Underread__char_declare_ncpy_11.c Off_by_One_Error_in_Methods 96 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsFalse()){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31654 77612/CWE127_Buffer_Underread__char_declare_ncpy_11.c Off_by_One_Error_in_Methods 72 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalReturnsTrue()) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31655 77614/CWE127_Buffer_Underread__char_declare_ncpy_13.c Off_by_One_Error_in_Methods 39 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31656 77614/CWE127_Buffer_Underread__char_declare_ncpy_13.c Off_by_One_Error_in_Methods 96 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE!=5){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31657 77614/CWE127_Buffer_Underread__char_declare_ncpy_13.c Off_by_One_Error_in_Methods 72 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31658 77615/CWE127_Buffer_Underread__char_declare_ncpy_14.c Off_by_One_Error_in_Methods 39 int globalFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31659 77615/CWE127_Buffer_Underread__char_declare_ncpy_14.c Off_by_One_Error_in_Methods 96 int globalFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive!=5){} else data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31660 77615/CWE127_Buffer_Underread__char_declare_ncpy_14.c Off_by_One_Error_in_Methods 72 int globalFive = 5; char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; if(globalFive==5) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31661 77616/CWE127_Buffer_Underread__char_declare_ncpy_15.c Off_by_One_Error_in_Methods 79 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31662 77616/CWE127_Buffer_Underread__char_declare_ncpy_15.c Off_by_One_Error_in_Methods 109 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(5) case 6: break; default: data = dataBuffer; break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31663 77616/CWE127_Buffer_Underread__char_declare_ncpy_15.c Off_by_One_Error_in_Methods 45 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; switch(6) case 6: data = dataBuffer; break; default: break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31664 77617/CWE127_Buffer_Underread__char_declare_ncpy_16.c Off_by_One_Error_in_Methods 40 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer - 8; break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31665 77617/CWE127_Buffer_Underread__char_declare_ncpy_16.c Off_by_One_Error_in_Methods 69 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; while(1) data = dataBuffer; break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31666 77618/CWE127_Buffer_Underread__char_declare_ncpy_17.c Off_by_One_Error_in_Methods 40 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31667 77618/CWE127_Buffer_Underread__char_declare_ncpy_17.c Off_by_One_Error_in_Methods 69 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; for(h = 0; h < 1; h++) data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31668 77619/CWE127_Buffer_Underread__char_declare_ncpy_18.c Off_by_One_Error_in_Methods 38 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31669 77619/CWE127_Buffer_Underread__char_declare_ncpy_18.c Off_by_One_Error_in_Methods 65 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; goto source; source: data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31670 77620/CWE127_Buffer_Underread__char_declare_ncpy_31.c Off_by_One_Error_in_Methods 39 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31671 77620/CWE127_Buffer_Underread__char_declare_ncpy_31.c Off_by_One_Error_in_Methods 68 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31672 77621/CWE127_Buffer_Underread__char_declare_ncpy_32.c Off_by_One_Error_in_Methods 78 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31673 77621/CWE127_Buffer_Underread__char_declare_ncpy_32.c Off_by_One_Error_in_Methods 44 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; char * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31674 77623/CWE127_Buffer_Underread__char_declare_ncpy_34.c Off_by_One_Error_in_Methods 46 typedef union char * unionFirst; char * unionSecond; } CWE127_Buffer_Underread__char_declare_ncpy_34_unionType; char * data; CWE127_Buffer_Underread__char_declare_ncpy_34_unionType myUnion; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31675 77623/CWE127_Buffer_Underread__char_declare_ncpy_34.c Off_by_One_Error_in_Methods 76 typedef union char * unionFirst; char * unionSecond; } CWE127_Buffer_Underread__char_declare_ncpy_34_unionType; char * data; CWE127_Buffer_Underread__char_declare_ncpy_34_unionType myUnion; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31676 77624/CWE127_Buffer_Underread__char_declare_ncpy_41.c Off_by_One_Error_in_Methods 30 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_ncpy_41_badSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_41_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31677 77624/CWE127_Buffer_Underread__char_declare_ncpy_41.c Off_by_One_Error_in_Methods 59 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_ncpy_41_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_41_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31678 77625/CWE127_Buffer_Underread__char_declare_ncpy_44.c Off_by_One_Error_in_Methods 63 char * data; void (*funcPtr) (char *) = badSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31679 77625/CWE127_Buffer_Underread__char_declare_ncpy_44.c Off_by_One_Error_in_Methods 30 char * data; void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31680 77626/CWE127_Buffer_Underread__char_declare_ncpy_45.c Off_by_One_Error_in_Methods 34 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE127_Buffer_Underread__char_declare_ncpy_45_badData; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31681 77626/CWE127_Buffer_Underread__char_declare_ncpy_45.c Off_by_One_Error_in_Methods 66 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE127_Buffer_Underread__char_declare_ncpy_45_goodG2BData; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31682 77627/CWE127_Buffer_Underread__char_declare_ncpy_51.c Off_by_One_Error_in_Methods 142 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_ncpy_51b_badSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_51b_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31683 77627/CWE127_Buffer_Underread__char_declare_ncpy_51.c Off_by_One_Error_in_Methods 123 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_ncpy_51b_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_51b_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31684 77628/CWE127_Buffer_Underread__char_declare_ncpy_52.c Off_by_One_Error_in_Methods 191 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_ncpy_52b_badSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_52b_badSink(char * data) CWE127_Buffer_Underread__char_declare_ncpy_52c_badSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_52c_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31685 77628/CWE127_Buffer_Underread__char_declare_ncpy_52.c Off_by_One_Error_in_Methods 172 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_ncpy_52b_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_52b_goodG2BSink(char * data) CWE127_Buffer_Underread__char_declare_ncpy_52c_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_52c_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31686 77629/CWE127_Buffer_Underread__char_declare_ncpy_53.c Off_by_One_Error_in_Methods 240 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_ncpy_53b_badSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_53b_badSink(char * data) CWE127_Buffer_Underread__char_declare_ncpy_53c_badSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_53c_badSink(char * data) CWE127_Buffer_Underread__char_declare_ncpy_53d_badSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_53d_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31687 77629/CWE127_Buffer_Underread__char_declare_ncpy_53.c Off_by_One_Error_in_Methods 221 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_ncpy_53b_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_53b_goodG2BSink(char * data) CWE127_Buffer_Underread__char_declare_ncpy_53c_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_53c_goodG2BSink(char * data) CWE127_Buffer_Underread__char_declare_ncpy_53d_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_53d_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31688 77630/CWE127_Buffer_Underread__char_declare_ncpy_54.c Off_by_One_Error_in_Methods 270 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_ncpy_54b_badSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_54b_badSink(char * data) CWE127_Buffer_Underread__char_declare_ncpy_54c_badSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_54c_badSink(char * data) CWE127_Buffer_Underread__char_declare_ncpy_54d_badSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_54d_badSink(char * data) CWE127_Buffer_Underread__char_declare_ncpy_54e_badSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_54e_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31689 77630/CWE127_Buffer_Underread__char_declare_ncpy_54.c Off_by_One_Error_in_Methods 289 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_ncpy_54b_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_54b_goodG2BSink(char * data) CWE127_Buffer_Underread__char_declare_ncpy_54c_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_54c_goodG2BSink(char * data) CWE127_Buffer_Underread__char_declare_ncpy_54d_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_54d_goodG2BSink(char * data) CWE127_Buffer_Underread__char_declare_ncpy_54e_goodG2BSink(data); void CWE127_Buffer_Underread__char_declare_ncpy_54e_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31690 77631/CWE127_Buffer_Underread__char_declare_ncpy_63.c Off_by_One_Error_in_Methods 141 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_ncpy_63b_badSink(&data); void CWE127_Buffer_Underread__char_declare_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31691 77631/CWE127_Buffer_Underread__char_declare_ncpy_63.c Off_by_One_Error_in_Methods 121 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_ncpy_63b_goodG2BSink(&data); void CWE127_Buffer_Underread__char_declare_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31692 77632/CWE127_Buffer_Underread__char_declare_ncpy_64.c Off_by_One_Error_in_Methods 147 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_ncpy_64b_badSink(&data); void CWE127_Buffer_Underread__char_declare_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31693 77632/CWE127_Buffer_Underread__char_declare_ncpy_64.c Off_by_One_Error_in_Methods 124 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_ncpy_64b_goodG2BSink(&data); void CWE127_Buffer_Underread__char_declare_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31694 77633/CWE127_Buffer_Underread__char_declare_ncpy_65.c Off_by_One_Error_in_Methods 143 char * data; void (*funcPtr) (char *) = CWE127_Buffer_Underread__char_declare_ncpy_65b_badSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void CWE127_Buffer_Underread__char_declare_ncpy_65b_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31695 77633/CWE127_Buffer_Underread__char_declare_ncpy_65.c Off_by_One_Error_in_Methods 124 char * data; void (*funcPtr) (char *) = CWE127_Buffer_Underread__char_declare_ncpy_65b_goodG2BSink; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void CWE127_Buffer_Underread__char_declare_ncpy_65b_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31696 77634/CWE127_Buffer_Underread__char_declare_ncpy_66.c Off_by_One_Error_in_Methods 127 char * data; char * dataArray[5]; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; CWE127_Buffer_Underread__char_declare_ncpy_66b_badSink(dataArray); void CWE127_Buffer_Underread__char_declare_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31697 77634/CWE127_Buffer_Underread__char_declare_ncpy_66.c Off_by_One_Error_in_Methods 147 char * data; char * dataArray[5]; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; CWE127_Buffer_Underread__char_declare_ncpy_66b_goodG2BSink(dataArray); void CWE127_Buffer_Underread__char_declare_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31698 77635/CWE127_Buffer_Underread__char_declare_ncpy_67.c Off_by_One_Error_in_Methods 135 typedef struct _CWE127_Buffer_Underread__char_declare_ncpy_67_structType char * structFirst; } CWE127_Buffer_Underread__char_declare_ncpy_67_structType; char * data; CWE127_Buffer_Underread__char_declare_ncpy_67_structType myStruct; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE127_Buffer_Underread__char_declare_ncpy_67b_badSink(myStruct); void CWE127_Buffer_Underread__char_declare_ncpy_67b_badSink(CWE127_Buffer_Underread__char_declare_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31699 77635/CWE127_Buffer_Underread__char_declare_ncpy_67.c Off_by_One_Error_in_Methods 155 typedef struct _CWE127_Buffer_Underread__char_declare_ncpy_67_structType char * structFirst; } CWE127_Buffer_Underread__char_declare_ncpy_67_structType; char * data; CWE127_Buffer_Underread__char_declare_ncpy_67_structType myStruct; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; CWE127_Buffer_Underread__char_declare_ncpy_67b_goodG2BSink(myStruct); void CWE127_Buffer_Underread__char_declare_ncpy_67b_goodG2BSink(CWE127_Buffer_Underread__char_declare_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31700 77636/CWE127_Buffer_Underread__char_declare_ncpy_68.c Off_by_One_Error_in_Methods 152 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_ncpy_68_badData = data; CWE127_Buffer_Underread__char_declare_ncpy_68b_badSink(); void CWE127_Buffer_Underread__char_declare_ncpy_68b_badSink() char * data = CWE127_Buffer_Underread__char_declare_ncpy_68_badData; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31701 77636/CWE127_Buffer_Underread__char_declare_ncpy_68.c Off_by_One_Error_in_Methods 132 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_ncpy_68_goodG2BData = data; CWE127_Buffer_Underread__char_declare_ncpy_68b_goodG2BSink(); void CWE127_Buffer_Underread__char_declare_ncpy_68b_goodG2BSink() char * data = CWE127_Buffer_Underread__char_declare_ncpy_68_goodG2BData; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31702 77640/CWE127_Buffer_Underread__char_declare_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__char_declare_ncpy_81_base& baseObject = CWE127_Buffer_Underread__char_declare_ncpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__char_declare_ncpy_81_bad::action(char * data) const char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31703 77640/CWE127_Buffer_Underread__char_declare_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE127_Buffer_Underread__char_declare_ncpy_81_base& baseObject = CWE127_Buffer_Underread__char_declare_ncpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__char_declare_ncpy_81_goodG2B::action(char * data) const char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31704 77641/CWE127_Buffer_Underread__char_declare_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__char_declare_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__char_declare_ncpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__char_declare_ncpy_82_bad::action(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; delete baseObject; 1 --------------------------------- 31705 77641/CWE127_Buffer_Underread__char_declare_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; char dataBuffer[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__char_declare_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__char_declare_ncpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__char_declare_ncpy_82_goodG2B::action(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; delete baseObject; 0 --------------------------------- 31706 77738/CWE127_Buffer_Underread__malloc_char_cpy_01.c Buffer_Overflow_cpycat 67 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31707 77738/CWE127_Buffer_Underread__malloc_char_cpy_01.c Buffer_Overflow_cpycat 39 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31708 77739/CWE127_Buffer_Underread__malloc_char_cpy_02.c Buffer_Overflow_cpycat 105 char * data; data = NULL; if(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31709 77739/CWE127_Buffer_Underread__malloc_char_cpy_02.c Buffer_Overflow_cpycat 78 char * data; data = NULL; if(0){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31710 77739/CWE127_Buffer_Underread__malloc_char_cpy_02.c Buffer_Overflow_cpycat 42 char * data; data = NULL; if(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31711 77740/CWE127_Buffer_Underread__malloc_char_cpy_03.c Buffer_Overflow_cpycat 105 char * data; data = NULL; if(5==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31712 77740/CWE127_Buffer_Underread__malloc_char_cpy_03.c Buffer_Overflow_cpycat 78 char * data; data = NULL; if(5!=5){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31713 77740/CWE127_Buffer_Underread__malloc_char_cpy_03.c Buffer_Overflow_cpycat 42 char * data; data = NULL; if(5==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31714 77741/CWE127_Buffer_Underread__malloc_char_cpy_04.c Buffer_Overflow_cpycat 49 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31715 77741/CWE127_Buffer_Underread__malloc_char_cpy_04.c Buffer_Overflow_cpycat 112 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31716 77741/CWE127_Buffer_Underread__malloc_char_cpy_04.c Buffer_Overflow_cpycat 85 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31717 77742/CWE127_Buffer_Underread__malloc_char_cpy_05.c Buffer_Overflow_cpycat 49 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31718 77742/CWE127_Buffer_Underread__malloc_char_cpy_05.c Buffer_Overflow_cpycat 112 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31719 77742/CWE127_Buffer_Underread__malloc_char_cpy_05.c Buffer_Overflow_cpycat 85 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31720 77743/CWE127_Buffer_Underread__malloc_char_cpy_06.c Buffer_Overflow_cpycat 46 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31721 77743/CWE127_Buffer_Underread__malloc_char_cpy_06.c Buffer_Overflow_cpycat 109 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31722 77743/CWE127_Buffer_Underread__malloc_char_cpy_06.c Buffer_Overflow_cpycat 82 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31723 77744/CWE127_Buffer_Underread__malloc_char_cpy_07.c Buffer_Overflow_cpycat 48 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31724 77744/CWE127_Buffer_Underread__malloc_char_cpy_07.c Buffer_Overflow_cpycat 111 static int staticFive = 5; char * data; data = NULL; if(staticFive!=5){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31725 77744/CWE127_Buffer_Underread__malloc_char_cpy_07.c Buffer_Overflow_cpycat 84 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31726 77745/CWE127_Buffer_Underread__malloc_char_cpy_08.c Buffer_Overflow_cpycat 56 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31727 77745/CWE127_Buffer_Underread__malloc_char_cpy_08.c Buffer_Overflow_cpycat 119 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31728 77745/CWE127_Buffer_Underread__malloc_char_cpy_08.c Buffer_Overflow_cpycat 92 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31729 77746/CWE127_Buffer_Underread__malloc_char_cpy_09.c Buffer_Overflow_cpycat 105 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31730 77746/CWE127_Buffer_Underread__malloc_char_cpy_09.c Buffer_Overflow_cpycat 78 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31731 77746/CWE127_Buffer_Underread__malloc_char_cpy_09.c Buffer_Overflow_cpycat 42 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31732 77747/CWE127_Buffer_Underread__malloc_char_cpy_10.c Buffer_Overflow_cpycat 105 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31733 77747/CWE127_Buffer_Underread__malloc_char_cpy_10.c Buffer_Overflow_cpycat 78 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31734 77747/CWE127_Buffer_Underread__malloc_char_cpy_10.c Buffer_Overflow_cpycat 42 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31735 77748/CWE127_Buffer_Underread__malloc_char_cpy_11.c Buffer_Overflow_cpycat 105 char * data; data = NULL; if(globalReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31736 77748/CWE127_Buffer_Underread__malloc_char_cpy_11.c Buffer_Overflow_cpycat 78 char * data; data = NULL; if(globalReturnsFalse()){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31737 77748/CWE127_Buffer_Underread__malloc_char_cpy_11.c Buffer_Overflow_cpycat 42 char * data; data = NULL; if(globalReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31738 77750/CWE127_Buffer_Underread__malloc_char_cpy_13.c Buffer_Overflow_cpycat 105 const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31739 77750/CWE127_Buffer_Underread__malloc_char_cpy_13.c Buffer_Overflow_cpycat 78 const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31740 77750/CWE127_Buffer_Underread__malloc_char_cpy_13.c Buffer_Overflow_cpycat 42 const int GLOBAL_CONST_FIVE = 5; char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31741 77751/CWE127_Buffer_Underread__malloc_char_cpy_14.c Buffer_Overflow_cpycat 105 int globalFive = 5;  char * data; data = NULL; if(globalFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31742 77751/CWE127_Buffer_Underread__malloc_char_cpy_14.c Buffer_Overflow_cpycat 78 int globalFive = 5;  char * data; data = NULL; if(globalFive!=5){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31743 77751/CWE127_Buffer_Underread__malloc_char_cpy_14.c Buffer_Overflow_cpycat 42 int globalFive = 5;  char * data; data = NULL; if(globalFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31744 77752/CWE127_Buffer_Underread__malloc_char_cpy_15.c Buffer_Overflow_cpycat 118 char * data; data = NULL; switch(6) case 6: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; break; default: break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31745 77752/CWE127_Buffer_Underread__malloc_char_cpy_15.c Buffer_Overflow_cpycat 48 char * data; data = NULL; switch(5) case 6: break; default: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31746 77752/CWE127_Buffer_Underread__malloc_char_cpy_15.c Buffer_Overflow_cpycat 85 char * data; data = NULL; switch(6) case 6: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; break; default: break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31747 77753/CWE127_Buffer_Underread__malloc_char_cpy_16.c Buffer_Overflow_cpycat 75 char * data; data = NULL; while(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31748 77753/CWE127_Buffer_Underread__malloc_char_cpy_16.c Buffer_Overflow_cpycat 43 char * data; data = NULL; while(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; break; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31749 77754/CWE127_Buffer_Underread__malloc_char_cpy_17.c Buffer_Overflow_cpycat 43 char * data; data = NULL; for(i = 0; i < 1; i++) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31750 77754/CWE127_Buffer_Underread__malloc_char_cpy_17.c Buffer_Overflow_cpycat 75 char * data; data = NULL; for(h = 0; h < 1; h++) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31751 77755/CWE127_Buffer_Underread__malloc_char_cpy_18.c Buffer_Overflow_cpycat 41 char * data; data = NULL; goto source; source: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31752 77755/CWE127_Buffer_Underread__malloc_char_cpy_18.c Buffer_Overflow_cpycat 71 char * data; data = NULL; goto source; source: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31753 77756/CWE127_Buffer_Underread__malloc_char_cpy_21.c Buffer_Overflow_cpycat 99 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31754 77756/CWE127_Buffer_Underread__malloc_char_cpy_21.c Buffer_Overflow_cpycat 133 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31755 77756/CWE127_Buffer_Underread__malloc_char_cpy_21.c Buffer_Overflow_cpycat 52 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31756 77757/CWE127_Buffer_Underread__malloc_char_cpy_22.c Buffer_Overflow_cpycat 89 char * data; data = NULL; CWE127_Buffer_Underread__malloc_char_cpy_22_badGlobal = 1; data = CWE127_Buffer_Underread__malloc_char_cpy_22_badSource(data); char * CWE127_Buffer_Underread__malloc_char_cpy_22_badSource(char * data) if(CWE127_Buffer_Underread__malloc_char_cpy_22_badGlobal) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31757 77757/CWE127_Buffer_Underread__malloc_char_cpy_22.c Buffer_Overflow_cpycat 39 char * data; data = NULL; CWE127_Buffer_Underread__malloc_char_cpy_22_goodG2B1Global = 0; data = CWE127_Buffer_Underread__malloc_char_cpy_22_goodG2B1Source(data); char * CWE127_Buffer_Underread__malloc_char_cpy_22_goodG2B1Source(char * data) if(CWE127_Buffer_Underread__malloc_char_cpy_22_goodG2B1Global){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31758 77757/CWE127_Buffer_Underread__malloc_char_cpy_22.c Buffer_Overflow_cpycat 68 char * data; data = NULL; CWE127_Buffer_Underread__malloc_char_cpy_22_goodG2B2Global = 1; data = CWE127_Buffer_Underread__malloc_char_cpy_22_goodG2B2Source(data); char * CWE127_Buffer_Underread__malloc_char_cpy_22_goodG2B2Source(char * data) if(CWE127_Buffer_Underread__malloc_char_cpy_22_goodG2B2Global) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31759 77758/CWE127_Buffer_Underread__malloc_char_cpy_31.c Buffer_Overflow_cpycat 74 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31760 77758/CWE127_Buffer_Underread__malloc_char_cpy_31.c Buffer_Overflow_cpycat 42 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31761 77759/CWE127_Buffer_Underread__malloc_char_cpy_32.c Buffer_Overflow_cpycat 47 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31762 77759/CWE127_Buffer_Underread__malloc_char_cpy_32.c Buffer_Overflow_cpycat 84 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31763 77761/CWE127_Buffer_Underread__malloc_char_cpy_34.c Buffer_Overflow_cpycat 49 typedef union char * unionFirst; char * unionSecond; } CWE127_Buffer_Underread__malloc_char_cpy_34_unionType; char * data; CWE127_Buffer_Underread__malloc_char_cpy_34_unionType myUnion; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31764 77761/CWE127_Buffer_Underread__malloc_char_cpy_34.c Buffer_Overflow_cpycat 82 typedef union char * unionFirst; char * unionSecond; } CWE127_Buffer_Underread__malloc_char_cpy_34_unionType; char * data; CWE127_Buffer_Underread__malloc_char_cpy_34_unionType myUnion; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31765 77762/CWE127_Buffer_Underread__malloc_char_cpy_41.c Buffer_Overflow_cpycat 30 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_cpy_41_badSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_41_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31766 77762/CWE127_Buffer_Underread__malloc_char_cpy_41.c Buffer_Overflow_cpycat 62 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_cpy_41_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_41_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31767 77763/CWE127_Buffer_Underread__malloc_char_cpy_42.c Buffer_Overflow_cpycat 45 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31768 77763/CWE127_Buffer_Underread__malloc_char_cpy_42.c Buffer_Overflow_cpycat 79 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31769 77765/CWE127_Buffer_Underread__malloc_char_cpy_44.c Buffer_Overflow_cpycat 30 char * data; void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31770 77765/CWE127_Buffer_Underread__malloc_char_cpy_44.c Buffer_Overflow_cpycat 66 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31771 77766/CWE127_Buffer_Underread__malloc_char_cpy_45.c Buffer_Overflow_cpycat 69 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_cpy_45_badData = data; badSink(); static void badSink() char * data = CWE127_Buffer_Underread__malloc_char_cpy_45_badData; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31772 77766/CWE127_Buffer_Underread__malloc_char_cpy_45.c Buffer_Overflow_cpycat 34 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE127_Buffer_Underread__malloc_char_cpy_45_goodG2BData; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31773 77767/CWE127_Buffer_Underread__malloc_char_cpy_51.c Buffer_Overflow_cpycat 129 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_cpy_51b_badSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_51b_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31774 77767/CWE127_Buffer_Underread__malloc_char_cpy_51.c Buffer_Overflow_cpycat 148 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_cpy_51b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_51b_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31775 77768/CWE127_Buffer_Underread__malloc_char_cpy_52.c Buffer_Overflow_cpycat 197 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_cpy_52b_badSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_52b_badSink(char * data) CWE127_Buffer_Underread__malloc_char_cpy_52c_badSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_52c_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31776 77768/CWE127_Buffer_Underread__malloc_char_cpy_52.c Buffer_Overflow_cpycat 178 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_cpy_52b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_52b_goodG2BSink(char * data) CWE127_Buffer_Underread__malloc_char_cpy_52c_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_52c_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31777 77769/CWE127_Buffer_Underread__malloc_char_cpy_53.c Buffer_Overflow_cpycat 246 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_cpy_53b_badSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_53b_badSink(char * data) CWE127_Buffer_Underread__malloc_char_cpy_53c_badSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_53c_badSink(char * data) CWE127_Buffer_Underread__malloc_char_cpy_53d_badSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_53d_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31778 77769/CWE127_Buffer_Underread__malloc_char_cpy_53.c Buffer_Overflow_cpycat 227 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_cpy_53b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_53b_goodG2BSink(char * data) CWE127_Buffer_Underread__malloc_char_cpy_53c_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_53c_goodG2BSink(char * data) CWE127_Buffer_Underread__malloc_char_cpy_53d_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_53d_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31779 77770/CWE127_Buffer_Underread__malloc_char_cpy_54.c Buffer_Overflow_cpycat 295 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_cpy_54b_badSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_54b_badSink(char * data) CWE127_Buffer_Underread__malloc_char_cpy_54c_badSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_54c_badSink(char * data) CWE127_Buffer_Underread__malloc_char_cpy_54d_badSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_54d_badSink(char * data) CWE127_Buffer_Underread__malloc_char_cpy_54e_badSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_54e_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31780 77770/CWE127_Buffer_Underread__malloc_char_cpy_54.c Buffer_Overflow_cpycat 276 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_cpy_54b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_54b_goodG2BSink(char * data) CWE127_Buffer_Underread__malloc_char_cpy_54c_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_54c_goodG2BSink(char * data) CWE127_Buffer_Underread__malloc_char_cpy_54d_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_54d_goodG2BSink(char * data) CWE127_Buffer_Underread__malloc_char_cpy_54e_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_cpy_54e_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31781 77771/CWE127_Buffer_Underread__malloc_char_cpy_61.c Buffer_Overflow_cpycat 36 char * data; data = NULL; data = CWE127_Buffer_Underread__malloc_char_cpy_61b_badSource(data); char * CWE127_Buffer_Underread__malloc_char_cpy_61b_badSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31782 77771/CWE127_Buffer_Underread__malloc_char_cpy_61.c Buffer_Overflow_cpycat 60 char * data; data = NULL; data = CWE127_Buffer_Underread__malloc_char_cpy_61b_goodG2BSource(data); char * CWE127_Buffer_Underread__malloc_char_cpy_61b_goodG2BSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31783 77773/CWE127_Buffer_Underread__malloc_char_cpy_63.c Buffer_Overflow_cpycat 147 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_cpy_63b_badSink(&data); void CWE127_Buffer_Underread__malloc_char_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31784 77773/CWE127_Buffer_Underread__malloc_char_cpy_63.c Buffer_Overflow_cpycat 127 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_cpy_63b_goodG2BSink(&data); void CWE127_Buffer_Underread__malloc_char_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31785 77774/CWE127_Buffer_Underread__malloc_char_cpy_64.c Buffer_Overflow_cpycat 153 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_cpy_64b_badSink(&data); void CWE127_Buffer_Underread__malloc_char_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31786 77774/CWE127_Buffer_Underread__malloc_char_cpy_64.c Buffer_Overflow_cpycat 130 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_cpy_64b_goodG2BSink(&data); void CWE127_Buffer_Underread__malloc_char_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31787 77775/CWE127_Buffer_Underread__malloc_char_cpy_65.c Buffer_Overflow_cpycat 149 char * data; void (*funcPtr) (char *) = CWE127_Buffer_Underread__malloc_char_cpy_65b_badSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void CWE127_Buffer_Underread__malloc_char_cpy_65b_badSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31788 77775/CWE127_Buffer_Underread__malloc_char_cpy_65.c Buffer_Overflow_cpycat 130 char * data; void (*funcPtr) (char *) = CWE127_Buffer_Underread__malloc_char_cpy_65b_goodG2BSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void CWE127_Buffer_Underread__malloc_char_cpy_65b_goodG2BSink(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31789 77776/CWE127_Buffer_Underread__malloc_char_cpy_66.c Buffer_Overflow_cpycat 153 char * data; char * dataArray[5]; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; CWE127_Buffer_Underread__malloc_char_cpy_66b_badSink(dataArray); void CWE127_Buffer_Underread__malloc_char_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31790 77776/CWE127_Buffer_Underread__malloc_char_cpy_66.c Buffer_Overflow_cpycat 133 char * data; char * dataArray[5]; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; CWE127_Buffer_Underread__malloc_char_cpy_66b_goodG2BSink(dataArray); void CWE127_Buffer_Underread__malloc_char_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31791 77777/CWE127_Buffer_Underread__malloc_char_cpy_67.c Buffer_Overflow_cpycat 161 typedef struct _CWE127_Buffer_Underread__malloc_char_cpy_67_structType char * structFirst; } CWE127_Buffer_Underread__malloc_char_cpy_67_structType; char * data; CWE127_Buffer_Underread__malloc_char_cpy_67_structType myStruct; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE127_Buffer_Underread__malloc_char_cpy_67b_badSink(myStruct); void CWE127_Buffer_Underread__malloc_char_cpy_67b_badSink(CWE127_Buffer_Underread__malloc_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31792 77777/CWE127_Buffer_Underread__malloc_char_cpy_67.c Buffer_Overflow_cpycat 141 typedef struct _CWE127_Buffer_Underread__malloc_char_cpy_67_structType char * structFirst; } CWE127_Buffer_Underread__malloc_char_cpy_67_structType; char * data; CWE127_Buffer_Underread__malloc_char_cpy_67_structType myStruct; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; CWE127_Buffer_Underread__malloc_char_cpy_67b_goodG2BSink(myStruct); void CWE127_Buffer_Underread__malloc_char_cpy_67b_goodG2BSink(CWE127_Buffer_Underread__malloc_char_cpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31793 77778/CWE127_Buffer_Underread__malloc_char_cpy_68.c Buffer_Overflow_cpycat 158 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_cpy_68_badData = data; CWE127_Buffer_Underread__malloc_char_cpy_68b_badSink(); void CWE127_Buffer_Underread__malloc_char_cpy_68b_badSink() char * data = CWE127_Buffer_Underread__malloc_char_cpy_68_badData; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31794 77778/CWE127_Buffer_Underread__malloc_char_cpy_68.c Buffer_Overflow_cpycat 138 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_cpy_68_goodG2BData = data; CWE127_Buffer_Underread__malloc_char_cpy_68b_goodG2BSink(); void CWE127_Buffer_Underread__malloc_char_cpy_68b_goodG2BSink() char * data = CWE127_Buffer_Underread__malloc_char_cpy_68_goodG2BData; char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31795 77782/CWE127_Buffer_Underread__malloc_char_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__malloc_char_cpy_81_base& baseObject = CWE127_Buffer_Underread__malloc_char_cpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__malloc_char_cpy_81_bad::action(char * data) const char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 31796 77782/CWE127_Buffer_Underread__malloc_char_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE127_Buffer_Underread__malloc_char_cpy_81_base& baseObject = CWE127_Buffer_Underread__malloc_char_cpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__malloc_char_cpy_81_goodG2B::action(char * data) const char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 31797 77783/CWE127_Buffer_Underread__malloc_char_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_cpy_82_base* baseObject = new CWE127_Buffer_Underread__malloc_char_cpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__malloc_char_cpy_82_bad::action(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); delete baseObject; 1 --------------------------------- 31798 77783/CWE127_Buffer_Underread__malloc_char_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_cpy_82_base* baseObject = new CWE127_Buffer_Underread__malloc_char_cpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__malloc_char_cpy_82_goodG2B::action(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); delete baseObject; 0 --------------------------------- 31799 77930/CWE127_Buffer_Underread__malloc_char_ncpy_01.c Off_by_One_Error_in_Methods 39 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31800 77930/CWE127_Buffer_Underread__malloc_char_ncpy_01.c Off_by_One_Error_in_Methods 69 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31801 77931/CWE127_Buffer_Underread__malloc_char_ncpy_02.c Off_by_One_Error_in_Methods 80 char * data; data = NULL; if(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31802 77931/CWE127_Buffer_Underread__malloc_char_ncpy_02.c Off_by_One_Error_in_Methods 109 char * data; data = NULL; if(0){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31803 77931/CWE127_Buffer_Underread__malloc_char_ncpy_02.c Off_by_One_Error_in_Methods 42 char * data; data = NULL; if(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31804 77932/CWE127_Buffer_Underread__malloc_char_ncpy_03.c Off_by_One_Error_in_Methods 80 char * data; data = NULL; if(5==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31805 77932/CWE127_Buffer_Underread__malloc_char_ncpy_03.c Off_by_One_Error_in_Methods 109 char * data; data = NULL; if(5!=5){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31806 77932/CWE127_Buffer_Underread__malloc_char_ncpy_03.c Off_by_One_Error_in_Methods 42 char * data; data = NULL; if(5==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31807 77933/CWE127_Buffer_Underread__malloc_char_ncpy_04.c Off_by_One_Error_in_Methods 87 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31808 77933/CWE127_Buffer_Underread__malloc_char_ncpy_04.c Off_by_One_Error_in_Methods 116 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_FALSE){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31809 77933/CWE127_Buffer_Underread__malloc_char_ncpy_04.c Off_by_One_Error_in_Methods 49 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; data = NULL; if(STATIC_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31810 77934/CWE127_Buffer_Underread__malloc_char_ncpy_05.c Off_by_One_Error_in_Methods 87 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31811 77934/CWE127_Buffer_Underread__malloc_char_ncpy_05.c Off_by_One_Error_in_Methods 116 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticFalse){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31812 77934/CWE127_Buffer_Underread__malloc_char_ncpy_05.c Off_by_One_Error_in_Methods 49 static int staticTrue = 1; static int staticFalse = 0; char * data; data = NULL; if(staticTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31813 77935/CWE127_Buffer_Underread__malloc_char_ncpy_06.c Off_by_One_Error_in_Methods 46 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31814 77935/CWE127_Buffer_Underread__malloc_char_ncpy_06.c Off_by_One_Error_in_Methods 84 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE!=5){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31815 77935/CWE127_Buffer_Underread__malloc_char_ncpy_06.c Off_by_One_Error_in_Methods 113 static const int STATIC_CONST_FIVE = 5; char * data; data = NULL; if(STATIC_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31816 77936/CWE127_Buffer_Underread__malloc_char_ncpy_07.c Off_by_One_Error_in_Methods 48 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31817 77936/CWE127_Buffer_Underread__malloc_char_ncpy_07.c Off_by_One_Error_in_Methods 86 static int staticFive = 5; char * data; data = NULL; if(staticFive!=5){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31818 77936/CWE127_Buffer_Underread__malloc_char_ncpy_07.c Off_by_One_Error_in_Methods 115 static int staticFive = 5; char * data; data = NULL; if(staticFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31819 77937/CWE127_Buffer_Underread__malloc_char_ncpy_08.c Off_by_One_Error_in_Methods 56 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31820 77937/CWE127_Buffer_Underread__malloc_char_ncpy_08.c Off_by_One_Error_in_Methods 94 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsFalse()){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31821 77937/CWE127_Buffer_Underread__malloc_char_ncpy_08.c Off_by_One_Error_in_Methods 123 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; data = NULL; if(staticReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31822 77938/CWE127_Buffer_Underread__malloc_char_ncpy_09.c Off_by_One_Error_in_Methods 80 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31823 77938/CWE127_Buffer_Underread__malloc_char_ncpy_09.c Off_by_One_Error_in_Methods 109 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_FALSE){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31824 77938/CWE127_Buffer_Underread__malloc_char_ncpy_09.c Off_by_One_Error_in_Methods 42 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; data = NULL; if(GLOBAL_CONST_TRUE) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31825 77939/CWE127_Buffer_Underread__malloc_char_ncpy_10.c Off_by_One_Error_in_Methods 80 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31826 77939/CWE127_Buffer_Underread__malloc_char_ncpy_10.c Off_by_One_Error_in_Methods 109 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalFalse){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31827 77939/CWE127_Buffer_Underread__malloc_char_ncpy_10.c Off_by_One_Error_in_Methods 42 int globalTrue = 1; int globalFalse = 0; char * data; data = NULL; if(globalTrue) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31828 77940/CWE127_Buffer_Underread__malloc_char_ncpy_11.c Off_by_One_Error_in_Methods 80 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31829 77940/CWE127_Buffer_Underread__malloc_char_ncpy_11.c Off_by_One_Error_in_Methods 109 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsFalse()){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31830 77940/CWE127_Buffer_Underread__malloc_char_ncpy_11.c Off_by_One_Error_in_Methods 42 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; data = NULL; if(globalReturnsTrue()) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31831 77942/CWE127_Buffer_Underread__malloc_char_ncpy_13.c Off_by_One_Error_in_Methods 80 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31832 77942/CWE127_Buffer_Underread__malloc_char_ncpy_13.c Off_by_One_Error_in_Methods 109 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31833 77942/CWE127_Buffer_Underread__malloc_char_ncpy_13.c Off_by_One_Error_in_Methods 42 const int GLOBAL_CONST_FIVE = 5;  char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31834 77943/CWE127_Buffer_Underread__malloc_char_ncpy_14.c Off_by_One_Error_in_Methods 80 int globalFive = 5; char * data; data = NULL; if(globalFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31835 77943/CWE127_Buffer_Underread__malloc_char_ncpy_14.c Off_by_One_Error_in_Methods 109 int globalFive = 5; char * data; data = NULL; if(globalFive!=5){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31836 77943/CWE127_Buffer_Underread__malloc_char_ncpy_14.c Off_by_One_Error_in_Methods 42 int globalFive = 5; char * data; data = NULL; if(globalFive==5) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31837 77944/CWE127_Buffer_Underread__malloc_char_ncpy_15.c Off_by_One_Error_in_Methods 87 char * data; data = NULL; switch(6) case 6: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; break; default: break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31838 77944/CWE127_Buffer_Underread__malloc_char_ncpy_15.c Off_by_One_Error_in_Methods 48 char * data; data = NULL; switch(5) case 6: break; default: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31839 77944/CWE127_Buffer_Underread__malloc_char_ncpy_15.c Off_by_One_Error_in_Methods 122 char * data; data = NULL; switch(6) case 6: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; break; default: break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31840 77945/CWE127_Buffer_Underread__malloc_char_ncpy_16.c Off_by_One_Error_in_Methods 77 char * data; data = NULL; while(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31841 77945/CWE127_Buffer_Underread__malloc_char_ncpy_16.c Off_by_One_Error_in_Methods 43 char * data; data = NULL; while(1) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; break; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31842 77946/CWE127_Buffer_Underread__malloc_char_ncpy_17.c Off_by_One_Error_in_Methods 77 char * data; data = NULL; for(i = 0; i < 1; i++) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31843 77946/CWE127_Buffer_Underread__malloc_char_ncpy_17.c Off_by_One_Error_in_Methods 43 char * data; data = NULL; for(h = 0; h < 1; h++) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31844 77947/CWE127_Buffer_Underread__malloc_char_ncpy_18.c Off_by_One_Error_in_Methods 73 char * data; data = NULL; goto source; source: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31845 77947/CWE127_Buffer_Underread__malloc_char_ncpy_18.c Off_by_One_Error_in_Methods 41 char * data; data = NULL; goto source; source: char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31846 77948/CWE127_Buffer_Underread__malloc_char_ncpy_21.c Off_by_One_Error_in_Methods 101 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31847 77948/CWE127_Buffer_Underread__malloc_char_ncpy_21.c Off_by_One_Error_in_Methods 52 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31848 77948/CWE127_Buffer_Underread__malloc_char_ncpy_21.c Off_by_One_Error_in_Methods 137 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31849 77949/CWE127_Buffer_Underread__malloc_char_ncpy_22.c Off_by_One_Error_in_Methods 39 char * data; data = NULL; CWE127_Buffer_Underread__malloc_char_ncpy_22_badGlobal = 1; data = CWE127_Buffer_Underread__malloc_char_ncpy_22_badSource(data); char * CWE127_Buffer_Underread__malloc_char_ncpy_22_badSource(char * data) if(CWE127_Buffer_Underread__malloc_char_ncpy_22_badGlobal) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31850 77949/CWE127_Buffer_Underread__malloc_char_ncpy_22.c Off_by_One_Error_in_Methods 93 char * data; data = NULL; CWE127_Buffer_Underread__malloc_char_ncpy_22_goodG2B1Global = 0; data = CWE127_Buffer_Underread__malloc_char_ncpy_22_goodG2B1Source(data); char * CWE127_Buffer_Underread__malloc_char_ncpy_22_goodG2B1Source(char * data) if(CWE127_Buffer_Underread__malloc_char_ncpy_22_goodG2B1Global){} else char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31851 77949/CWE127_Buffer_Underread__malloc_char_ncpy_22.c Off_by_One_Error_in_Methods 70 char * data; data = NULL; CWE127_Buffer_Underread__malloc_char_ncpy_22_goodG2B2Global = 1; data = CWE127_Buffer_Underread__malloc_char_ncpy_22_goodG2B2Source(data); char * CWE127_Buffer_Underread__malloc_char_ncpy_22_goodG2B2Source(char * data) if(CWE127_Buffer_Underread__malloc_char_ncpy_22_goodG2B2Global) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31852 77950/CWE127_Buffer_Underread__malloc_char_ncpy_31.c Off_by_One_Error_in_Methods 76 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; char * dataCopy = data; char * data = dataCopy; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31853 77950/CWE127_Buffer_Underread__malloc_char_ncpy_31.c Off_by_One_Error_in_Methods 42 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; char * dataCopy = data; char * data = dataCopy; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31854 77951/CWE127_Buffer_Underread__malloc_char_ncpy_32.c Off_by_One_Error_in_Methods 47 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; *dataPtr1 = data; char * data = *dataPtr2; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31855 77951/CWE127_Buffer_Underread__malloc_char_ncpy_32.c Off_by_One_Error_in_Methods 86 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; *dataPtr1 = data; char * data = *dataPtr2; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31856 77953/CWE127_Buffer_Underread__malloc_char_ncpy_34.c Off_by_One_Error_in_Methods 84 typedef union char * unionFirst; char * unionSecond; } CWE127_Buffer_Underread__malloc_char_ncpy_34_unionType; char * data; CWE127_Buffer_Underread__malloc_char_ncpy_34_unionType myUnion; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31857 77953/CWE127_Buffer_Underread__malloc_char_ncpy_34.c Off_by_One_Error_in_Methods 49 typedef union char * unionFirst; char * unionSecond; } CWE127_Buffer_Underread__malloc_char_ncpy_34_unionType; char * data; CWE127_Buffer_Underread__malloc_char_ncpy_34_unionType myUnion; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31858 77954/CWE127_Buffer_Underread__malloc_char_ncpy_41.c Off_by_One_Error_in_Methods 64 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_ncpy_41_badSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_41_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31859 77954/CWE127_Buffer_Underread__malloc_char_ncpy_41.c Off_by_One_Error_in_Methods 30 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_ncpy_41_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_41_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31860 77955/CWE127_Buffer_Underread__malloc_char_ncpy_42.c Off_by_One_Error_in_Methods 45 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31861 77955/CWE127_Buffer_Underread__malloc_char_ncpy_42.c Off_by_One_Error_in_Methods 81 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31862 77957/CWE127_Buffer_Underread__malloc_char_ncpy_44.c Off_by_One_Error_in_Methods 30 char * data; void (*funcPtr) (char *) = badSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31863 77957/CWE127_Buffer_Underread__malloc_char_ncpy_44.c Off_by_One_Error_in_Methods 68 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31864 77958/CWE127_Buffer_Underread__malloc_char_ncpy_45.c Off_by_One_Error_in_Methods 71 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE127_Buffer_Underread__malloc_char_ncpy_45_badData; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31865 77958/CWE127_Buffer_Underread__malloc_char_ncpy_45.c Off_by_One_Error_in_Methods 34 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE127_Buffer_Underread__malloc_char_ncpy_45_goodG2BData; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31866 77959/CWE127_Buffer_Underread__malloc_char_ncpy_51.c Off_by_One_Error_in_Methods 150 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_ncpy_51b_badSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_51b_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31867 77959/CWE127_Buffer_Underread__malloc_char_ncpy_51.c Off_by_One_Error_in_Methods 129 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_ncpy_51b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_51b_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31868 77960/CWE127_Buffer_Underread__malloc_char_ncpy_52.c Off_by_One_Error_in_Methods 199 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_ncpy_52b_badSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_52b_badSink(char * data) CWE127_Buffer_Underread__malloc_char_ncpy_52c_badSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_52c_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31869 77960/CWE127_Buffer_Underread__malloc_char_ncpy_52.c Off_by_One_Error_in_Methods 178 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_ncpy_52b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_52b_goodG2BSink(char * data) CWE127_Buffer_Underread__malloc_char_ncpy_52c_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_52c_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31870 77961/CWE127_Buffer_Underread__malloc_char_ncpy_53.c Off_by_One_Error_in_Methods 248 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_ncpy_53b_badSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_53b_badSink(char * data) CWE127_Buffer_Underread__malloc_char_ncpy_53c_badSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_53c_badSink(char * data) CWE127_Buffer_Underread__malloc_char_ncpy_53d_badSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_53d_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31871 77961/CWE127_Buffer_Underread__malloc_char_ncpy_53.c Off_by_One_Error_in_Methods 227 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_ncpy_53b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_53b_goodG2BSink(char * data) CWE127_Buffer_Underread__malloc_char_ncpy_53c_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_53c_goodG2BSink(char * data) CWE127_Buffer_Underread__malloc_char_ncpy_53d_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_53d_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31872 77962/CWE127_Buffer_Underread__malloc_char_ncpy_54.c Off_by_One_Error_in_Methods 276 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_ncpy_54b_badSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_54b_badSink(char * data) CWE127_Buffer_Underread__malloc_char_ncpy_54c_badSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_54c_badSink(char * data) CWE127_Buffer_Underread__malloc_char_ncpy_54d_badSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_54d_badSink(char * data) CWE127_Buffer_Underread__malloc_char_ncpy_54e_badSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_54e_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31873 77962/CWE127_Buffer_Underread__malloc_char_ncpy_54.c Off_by_One_Error_in_Methods 297 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_ncpy_54b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_54b_goodG2BSink(char * data) CWE127_Buffer_Underread__malloc_char_ncpy_54c_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_54c_goodG2BSink(char * data) CWE127_Buffer_Underread__malloc_char_ncpy_54d_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_54d_goodG2BSink(char * data) CWE127_Buffer_Underread__malloc_char_ncpy_54e_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_char_ncpy_54e_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31874 77963/CWE127_Buffer_Underread__malloc_char_ncpy_61.c Off_by_One_Error_in_Methods 62 char * data; data = NULL; data = CWE127_Buffer_Underread__malloc_char_ncpy_61b_badSource(data); char * CWE127_Buffer_Underread__malloc_char_ncpy_61b_badSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; return data; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 1 --------------------------------- 31875 77963/CWE127_Buffer_Underread__malloc_char_ncpy_61.c Off_by_One_Error_in_Methods 36 char * data; data = NULL; data = CWE127_Buffer_Underread__malloc_char_ncpy_61b_goodG2BSource(data); char * CWE127_Buffer_Underread__malloc_char_ncpy_61b_goodG2BSource(char * data) char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; return data; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); 0 --------------------------------- 31876 77965/CWE127_Buffer_Underread__malloc_char_ncpy_63.c Off_by_One_Error_in_Methods 127 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_ncpy_63b_badSink(&data); void CWE127_Buffer_Underread__malloc_char_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31877 77965/CWE127_Buffer_Underread__malloc_char_ncpy_63.c Off_by_One_Error_in_Methods 149 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_ncpy_63b_goodG2BSink(&data); void CWE127_Buffer_Underread__malloc_char_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31878 77966/CWE127_Buffer_Underread__malloc_char_ncpy_64.c Off_by_One_Error_in_Methods 155 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_ncpy_64b_badSink(&data); void CWE127_Buffer_Underread__malloc_char_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31879 77966/CWE127_Buffer_Underread__malloc_char_ncpy_64.c Off_by_One_Error_in_Methods 130 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_ncpy_64b_goodG2BSink(&data); void CWE127_Buffer_Underread__malloc_char_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31880 77967/CWE127_Buffer_Underread__malloc_char_ncpy_65.c Off_by_One_Error_in_Methods 151 char * data; void (*funcPtr) (char *) = CWE127_Buffer_Underread__malloc_char_ncpy_65b_badSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; funcPtr(data); void CWE127_Buffer_Underread__malloc_char_ncpy_65b_badSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31881 77967/CWE127_Buffer_Underread__malloc_char_ncpy_65.c Off_by_One_Error_in_Methods 130 char * data; void (*funcPtr) (char *) = CWE127_Buffer_Underread__malloc_char_ncpy_65b_goodG2BSink; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; funcPtr(data); void CWE127_Buffer_Underread__malloc_char_ncpy_65b_goodG2BSink(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31882 77968/CWE127_Buffer_Underread__malloc_char_ncpy_66.c Off_by_One_Error_in_Methods 133 char * data; char * dataArray[5]; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; dataArray[2] = data; CWE127_Buffer_Underread__malloc_char_ncpy_66b_badSink(dataArray); void CWE127_Buffer_Underread__malloc_char_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31883 77968/CWE127_Buffer_Underread__malloc_char_ncpy_66.c Off_by_One_Error_in_Methods 155 char * data; char * dataArray[5]; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; dataArray[2] = data; CWE127_Buffer_Underread__malloc_char_ncpy_66b_goodG2BSink(dataArray); void CWE127_Buffer_Underread__malloc_char_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31884 77969/CWE127_Buffer_Underread__malloc_char_ncpy_67.c Off_by_One_Error_in_Methods 141 typedef struct _CWE127_Buffer_Underread__malloc_char_ncpy_67_structType char * structFirst; } CWE127_Buffer_Underread__malloc_char_ncpy_67_structType; char * data; CWE127_Buffer_Underread__malloc_char_ncpy_67_structType myStruct; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE127_Buffer_Underread__malloc_char_ncpy_67b_badSink(myStruct); void CWE127_Buffer_Underread__malloc_char_ncpy_67b_badSink(CWE127_Buffer_Underread__malloc_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31885 77969/CWE127_Buffer_Underread__malloc_char_ncpy_67.c Off_by_One_Error_in_Methods 163 typedef struct _CWE127_Buffer_Underread__malloc_char_ncpy_67_structType char * structFirst; } CWE127_Buffer_Underread__malloc_char_ncpy_67_structType; char * data; CWE127_Buffer_Underread__malloc_char_ncpy_67_structType myStruct; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; myStruct.structFirst = data; CWE127_Buffer_Underread__malloc_char_ncpy_67b_goodG2BSink(myStruct); void CWE127_Buffer_Underread__malloc_char_ncpy_67b_goodG2BSink(CWE127_Buffer_Underread__malloc_char_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31886 77970/CWE127_Buffer_Underread__malloc_char_ncpy_68.c Off_by_One_Error_in_Methods 160 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_ncpy_68_badData = data; CWE127_Buffer_Underread__malloc_char_ncpy_68b_badSink(); void CWE127_Buffer_Underread__malloc_char_ncpy_68b_badSink() char * data = CWE127_Buffer_Underread__malloc_char_ncpy_68_badData; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31887 77970/CWE127_Buffer_Underread__malloc_char_ncpy_68.c Off_by_One_Error_in_Methods 138 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_ncpy_68_goodG2BData = data; CWE127_Buffer_Underread__malloc_char_ncpy_68b_goodG2BSink(); void CWE127_Buffer_Underread__malloc_char_ncpy_68b_goodG2BSink() char * data = CWE127_Buffer_Underread__malloc_char_ncpy_68_goodG2BData; char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31888 77974/CWE127_Buffer_Underread__malloc_char_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__malloc_char_ncpy_81_base& baseObject = CWE127_Buffer_Underread__malloc_char_ncpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__malloc_char_ncpy_81_bad::action(char * data) const char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 31889 77974/CWE127_Buffer_Underread__malloc_char_ncpy_81_goodG2B.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE127_Buffer_Underread__malloc_char_ncpy_81_base& baseObject = CWE127_Buffer_Underread__malloc_char_ncpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__malloc_char_ncpy_81_goodG2B::action(char * data) const char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 31890 77975/CWE127_Buffer_Underread__malloc_char_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_char_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__malloc_char_ncpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__malloc_char_ncpy_82_bad::action(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; delete baseObject; 1 --------------------------------- 31891 77975/CWE127_Buffer_Underread__malloc_char_ncpy_82_goodG2B.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; char * dataBuffer = (char *)malloc(100*sizeof(char)); memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_char_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__malloc_char_ncpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__malloc_char_ncpy_82_goodG2B::action(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; delete baseObject; 0 --------------------------------- 31892 77978/CWE127_Buffer_Underread__malloc_wchar_t_cpy_01.c Buffer_Overflow_cpycat 39 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31893 77978/CWE127_Buffer_Underread__malloc_wchar_t_cpy_01.c Buffer_Overflow_cpycat 67 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31894 77979/CWE127_Buffer_Underread__malloc_wchar_t_cpy_02.c Buffer_Overflow_cpycat 42 wchar_t * data; data = NULL; if(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31895 77979/CWE127_Buffer_Underread__malloc_wchar_t_cpy_02.c Buffer_Overflow_cpycat 105 wchar_t * data; data = NULL; if(0){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31896 77979/CWE127_Buffer_Underread__malloc_wchar_t_cpy_02.c Buffer_Overflow_cpycat 78 wchar_t * data; data = NULL; if(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31897 77980/CWE127_Buffer_Underread__malloc_wchar_t_cpy_03.c Buffer_Overflow_cpycat 42 wchar_t * data; data = NULL; if(5==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31898 77980/CWE127_Buffer_Underread__malloc_wchar_t_cpy_03.c Buffer_Overflow_cpycat 105 wchar_t * data; data = NULL; if(5!=5){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31899 77980/CWE127_Buffer_Underread__malloc_wchar_t_cpy_03.c Buffer_Overflow_cpycat 78 wchar_t * data; data = NULL; if(5==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31900 77981/CWE127_Buffer_Underread__malloc_wchar_t_cpy_04.c Buffer_Overflow_cpycat 85 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31901 77981/CWE127_Buffer_Underread__malloc_wchar_t_cpy_04.c Buffer_Overflow_cpycat 49 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_FALSE){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31902 77981/CWE127_Buffer_Underread__malloc_wchar_t_cpy_04.c Buffer_Overflow_cpycat 112 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31903 77982/CWE127_Buffer_Underread__malloc_wchar_t_cpy_05.c Buffer_Overflow_cpycat 85 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31904 77982/CWE127_Buffer_Underread__malloc_wchar_t_cpy_05.c Buffer_Overflow_cpycat 49 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticFalse){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31905 77982/CWE127_Buffer_Underread__malloc_wchar_t_cpy_05.c Buffer_Overflow_cpycat 112 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31906 77983/CWE127_Buffer_Underread__malloc_wchar_t_cpy_06.c Buffer_Overflow_cpycat 109 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31907 77983/CWE127_Buffer_Underread__malloc_wchar_t_cpy_06.c Buffer_Overflow_cpycat 82 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE!=5){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31908 77983/CWE127_Buffer_Underread__malloc_wchar_t_cpy_06.c Buffer_Overflow_cpycat 46 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31909 77984/CWE127_Buffer_Underread__malloc_wchar_t_cpy_07.c Buffer_Overflow_cpycat 111 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31910 77984/CWE127_Buffer_Underread__malloc_wchar_t_cpy_07.c Buffer_Overflow_cpycat 84 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive!=5){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31911 77984/CWE127_Buffer_Underread__malloc_wchar_t_cpy_07.c Buffer_Overflow_cpycat 48 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31912 77985/CWE127_Buffer_Underread__malloc_wchar_t_cpy_08.c Buffer_Overflow_cpycat 119 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31913 77985/CWE127_Buffer_Underread__malloc_wchar_t_cpy_08.c Buffer_Overflow_cpycat 92 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsFalse()){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31914 77985/CWE127_Buffer_Underread__malloc_wchar_t_cpy_08.c Buffer_Overflow_cpycat 56 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31915 77986/CWE127_Buffer_Underread__malloc_wchar_t_cpy_09.c Buffer_Overflow_cpycat 42 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31916 77986/CWE127_Buffer_Underread__malloc_wchar_t_cpy_09.c Buffer_Overflow_cpycat 105 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_FALSE){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31917 77986/CWE127_Buffer_Underread__malloc_wchar_t_cpy_09.c Buffer_Overflow_cpycat 78 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31918 77987/CWE127_Buffer_Underread__malloc_wchar_t_cpy_10.c Buffer_Overflow_cpycat 42 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31919 77987/CWE127_Buffer_Underread__malloc_wchar_t_cpy_10.c Buffer_Overflow_cpycat 105 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalFalse){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31920 77987/CWE127_Buffer_Underread__malloc_wchar_t_cpy_10.c Buffer_Overflow_cpycat 78 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31921 77988/CWE127_Buffer_Underread__malloc_wchar_t_cpy_11.c Buffer_Overflow_cpycat 42 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31922 77988/CWE127_Buffer_Underread__malloc_wchar_t_cpy_11.c Buffer_Overflow_cpycat 105 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsFalse()){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31923 77988/CWE127_Buffer_Underread__malloc_wchar_t_cpy_11.c Buffer_Overflow_cpycat 78 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31924 77990/CWE127_Buffer_Underread__malloc_wchar_t_cpy_13.c Buffer_Overflow_cpycat 42 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31925 77990/CWE127_Buffer_Underread__malloc_wchar_t_cpy_13.c Buffer_Overflow_cpycat 105 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE!=5){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31926 77990/CWE127_Buffer_Underread__malloc_wchar_t_cpy_13.c Buffer_Overflow_cpycat 78 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31927 77991/CWE127_Buffer_Underread__malloc_wchar_t_cpy_14.c Buffer_Overflow_cpycat 42 int globalFive = 5;  wchar_t * data; data = NULL; if(globalFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31928 77991/CWE127_Buffer_Underread__malloc_wchar_t_cpy_14.c Buffer_Overflow_cpycat 105 int globalFive = 5;  wchar_t * data; data = NULL; if(globalFive!=5){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31929 77991/CWE127_Buffer_Underread__malloc_wchar_t_cpy_14.c Buffer_Overflow_cpycat 78 int globalFive = 5;  wchar_t * data; data = NULL; if(globalFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31930 77992/CWE127_Buffer_Underread__malloc_wchar_t_cpy_15.c Buffer_Overflow_cpycat 85 wchar_t * data; data = NULL; switch(6) case 6: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; break; default: break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31931 77992/CWE127_Buffer_Underread__malloc_wchar_t_cpy_15.c Buffer_Overflow_cpycat 118 wchar_t * data; data = NULL; switch(5) case 6: break; default: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31932 77992/CWE127_Buffer_Underread__malloc_wchar_t_cpy_15.c Buffer_Overflow_cpycat 48 wchar_t * data; data = NULL; switch(6) case 6: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; break; default: break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31933 77993/CWE127_Buffer_Underread__malloc_wchar_t_cpy_16.c Buffer_Overflow_cpycat 43 wchar_t * data; data = NULL; while(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31934 77993/CWE127_Buffer_Underread__malloc_wchar_t_cpy_16.c Buffer_Overflow_cpycat 75 wchar_t * data; data = NULL; while(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31935 77994/CWE127_Buffer_Underread__malloc_wchar_t_cpy_17.c Buffer_Overflow_cpycat 75 wchar_t * data; data = NULL; for(i = 0; i < 1; i++) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31936 77994/CWE127_Buffer_Underread__malloc_wchar_t_cpy_17.c Buffer_Overflow_cpycat 43 wchar_t * data; data = NULL; for(h = 0; h < 1; h++) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31937 77995/CWE127_Buffer_Underread__malloc_wchar_t_cpy_18.c Buffer_Overflow_cpycat 71 wchar_t * data; data = NULL; goto source; source: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31938 77995/CWE127_Buffer_Underread__malloc_wchar_t_cpy_18.c Buffer_Overflow_cpycat 41 wchar_t * data; data = NULL; goto source; source: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31939 77996/CWE127_Buffer_Underread__malloc_wchar_t_cpy_21.c Buffer_Overflow_cpycat 133 wchar_t * data; data = NULL; badStatic = 1; data = badSource(data); static wchar_t * badSource(wchar_t * data) if(badStatic) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31940 77996/CWE127_Buffer_Underread__malloc_wchar_t_cpy_21.c Buffer_Overflow_cpycat 52 wchar_t * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Static){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31941 77996/CWE127_Buffer_Underread__malloc_wchar_t_cpy_21.c Buffer_Overflow_cpycat 99 wchar_t * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Static) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31942 77997/CWE127_Buffer_Underread__malloc_wchar_t_cpy_22.c Buffer_Overflow_cpycat 39 wchar_t * data; data = NULL; CWE127_Buffer_Underread__malloc_wchar_t_cpy_22_badGlobal = 1; data = CWE127_Buffer_Underread__malloc_wchar_t_cpy_22_badSource(data); wchar_t * CWE127_Buffer_Underread__malloc_wchar_t_cpy_22_badSource(wchar_t * data) if(CWE127_Buffer_Underread__malloc_wchar_t_cpy_22_badGlobal) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31943 77997/CWE127_Buffer_Underread__malloc_wchar_t_cpy_22.c Buffer_Overflow_cpycat 68 wchar_t * data; data = NULL; CWE127_Buffer_Underread__malloc_wchar_t_cpy_22_goodG2B1Global = 0; data = CWE127_Buffer_Underread__malloc_wchar_t_cpy_22_goodG2B1Source(data); wchar_t * CWE127_Buffer_Underread__malloc_wchar_t_cpy_22_goodG2B1Source(wchar_t * data) if(CWE127_Buffer_Underread__malloc_wchar_t_cpy_22_goodG2B1Global){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31944 77997/CWE127_Buffer_Underread__malloc_wchar_t_cpy_22.c Buffer_Overflow_cpycat 89 wchar_t * data; data = NULL; CWE127_Buffer_Underread__malloc_wchar_t_cpy_22_goodG2B2Global = 1; data = CWE127_Buffer_Underread__malloc_wchar_t_cpy_22_goodG2B2Source(data); wchar_t * CWE127_Buffer_Underread__malloc_wchar_t_cpy_22_goodG2B2Source(wchar_t * data) if(CWE127_Buffer_Underread__malloc_wchar_t_cpy_22_goodG2B2Global) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31945 77998/CWE127_Buffer_Underread__malloc_wchar_t_cpy_31.c Buffer_Overflow_cpycat 74 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31946 77998/CWE127_Buffer_Underread__malloc_wchar_t_cpy_31.c Buffer_Overflow_cpycat 42 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31947 77999/CWE127_Buffer_Underread__malloc_wchar_t_cpy_32.c Buffer_Overflow_cpycat 47 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31948 77999/CWE127_Buffer_Underread__malloc_wchar_t_cpy_32.c Buffer_Overflow_cpycat 84 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31949 78001/CWE127_Buffer_Underread__malloc_wchar_t_cpy_34.c Buffer_Overflow_cpycat 82 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE127_Buffer_Underread__malloc_wchar_t_cpy_34_unionType; wchar_t * data; CWE127_Buffer_Underread__malloc_wchar_t_cpy_34_unionType myUnion; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31950 78001/CWE127_Buffer_Underread__malloc_wchar_t_cpy_34.c Buffer_Overflow_cpycat 49 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE127_Buffer_Underread__malloc_wchar_t_cpy_34_unionType; wchar_t * data; CWE127_Buffer_Underread__malloc_wchar_t_cpy_34_unionType myUnion; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31951 78002/CWE127_Buffer_Underread__malloc_wchar_t_cpy_41.c Buffer_Overflow_cpycat 30 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_cpy_41_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_41_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31952 78002/CWE127_Buffer_Underread__malloc_wchar_t_cpy_41.c Buffer_Overflow_cpycat 62 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_cpy_41_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_41_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31953 78003/CWE127_Buffer_Underread__malloc_wchar_t_cpy_42.c Buffer_Overflow_cpycat 45 wchar_t * data; data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31954 78003/CWE127_Buffer_Underread__malloc_wchar_t_cpy_42.c Buffer_Overflow_cpycat 79 wchar_t * data; data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31955 78005/CWE127_Buffer_Underread__malloc_wchar_t_cpy_44.c Buffer_Overflow_cpycat 66 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31956 78005/CWE127_Buffer_Underread__malloc_wchar_t_cpy_44.c Buffer_Overflow_cpycat 30 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31957 78006/CWE127_Buffer_Underread__malloc_wchar_t_cpy_45.c Buffer_Overflow_cpycat 69 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_cpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE127_Buffer_Underread__malloc_wchar_t_cpy_45_badData; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31958 78006/CWE127_Buffer_Underread__malloc_wchar_t_cpy_45.c Buffer_Overflow_cpycat 34 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE127_Buffer_Underread__malloc_wchar_t_cpy_45_goodG2BData; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31959 78007/CWE127_Buffer_Underread__malloc_wchar_t_cpy_51.c Buffer_Overflow_cpycat 148 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_cpy_51b_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_51b_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31960 78007/CWE127_Buffer_Underread__malloc_wchar_t_cpy_51.c Buffer_Overflow_cpycat 129 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_cpy_51b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_51b_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31961 78008/CWE127_Buffer_Underread__malloc_wchar_t_cpy_52.c Buffer_Overflow_cpycat 197 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_cpy_52b_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_52b_badSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_cpy_52c_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_52c_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31962 78008/CWE127_Buffer_Underread__malloc_wchar_t_cpy_52.c Buffer_Overflow_cpycat 178 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_cpy_52b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_52b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_cpy_52c_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_52c_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31963 78009/CWE127_Buffer_Underread__malloc_wchar_t_cpy_53.c Buffer_Overflow_cpycat 246 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_cpy_53b_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_53b_badSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_cpy_53c_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_53c_badSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_cpy_53d_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_53d_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31964 78009/CWE127_Buffer_Underread__malloc_wchar_t_cpy_53.c Buffer_Overflow_cpycat 227 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_cpy_53b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_53b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_cpy_53c_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_53c_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_cpy_53d_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_53d_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31965 78010/CWE127_Buffer_Underread__malloc_wchar_t_cpy_54.c Buffer_Overflow_cpycat 295 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_cpy_54b_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_54b_badSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_cpy_54c_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_54c_badSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_cpy_54d_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_54d_badSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_cpy_54e_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_54e_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31966 78010/CWE127_Buffer_Underread__malloc_wchar_t_cpy_54.c Buffer_Overflow_cpycat 276 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_cpy_54b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_54b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_cpy_54c_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_54c_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_cpy_54d_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_54d_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_cpy_54e_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_54e_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31967 78011/CWE127_Buffer_Underread__malloc_wchar_t_cpy_61.c Buffer_Overflow_cpycat 60 wchar_t * data; data = NULL; data = CWE127_Buffer_Underread__malloc_wchar_t_cpy_61b_badSource(data); wchar_t * CWE127_Buffer_Underread__malloc_wchar_t_cpy_61b_badSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31968 78011/CWE127_Buffer_Underread__malloc_wchar_t_cpy_61.c Buffer_Overflow_cpycat 36 wchar_t * data; data = NULL; data = CWE127_Buffer_Underread__malloc_wchar_t_cpy_61b_goodG2BSource(data); wchar_t * CWE127_Buffer_Underread__malloc_wchar_t_cpy_61b_goodG2BSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31969 78013/CWE127_Buffer_Underread__malloc_wchar_t_cpy_63.c Buffer_Overflow_cpycat 127 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_cpy_63b_badSink(&data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31970 78013/CWE127_Buffer_Underread__malloc_wchar_t_cpy_63.c Buffer_Overflow_cpycat 147 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_cpy_63b_goodG2BSink(&data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31971 78014/CWE127_Buffer_Underread__malloc_wchar_t_cpy_64.c Buffer_Overflow_cpycat 130 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_cpy_64b_badSink(&data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31972 78014/CWE127_Buffer_Underread__malloc_wchar_t_cpy_64.c Buffer_Overflow_cpycat 153 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_cpy_64b_goodG2BSink(&data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31973 78015/CWE127_Buffer_Underread__malloc_wchar_t_cpy_65.c Buffer_Overflow_cpycat 149 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE127_Buffer_Underread__malloc_wchar_t_cpy_65b_badSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_65b_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31974 78015/CWE127_Buffer_Underread__malloc_wchar_t_cpy_65.c Buffer_Overflow_cpycat 130 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE127_Buffer_Underread__malloc_wchar_t_cpy_65b_goodG2BSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_65b_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31975 78016/CWE127_Buffer_Underread__malloc_wchar_t_cpy_66.c Buffer_Overflow_cpycat 133 wchar_t * data; wchar_t * dataArray[5]; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataArray[2] = data; CWE127_Buffer_Underread__malloc_wchar_t_cpy_66b_badSink(dataArray); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31976 78016/CWE127_Buffer_Underread__malloc_wchar_t_cpy_66.c Buffer_Overflow_cpycat 153 wchar_t * data; wchar_t * dataArray[5]; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataArray[2] = data; CWE127_Buffer_Underread__malloc_wchar_t_cpy_66b_goodG2BSink(dataArray); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31977 78017/CWE127_Buffer_Underread__malloc_wchar_t_cpy_67.c Buffer_Overflow_cpycat 141 typedef struct _CWE127_Buffer_Underread__malloc_wchar_t_cpy_67_structType wchar_t * structFirst; } CWE127_Buffer_Underread__malloc_wchar_t_cpy_67_structType; wchar_t * data; CWE127_Buffer_Underread__malloc_wchar_t_cpy_67_structType myStruct; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE127_Buffer_Underread__malloc_wchar_t_cpy_67b_badSink(myStruct); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_67b_badSink(CWE127_Buffer_Underread__malloc_wchar_t_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31978 78017/CWE127_Buffer_Underread__malloc_wchar_t_cpy_67.c Buffer_Overflow_cpycat 161 typedef struct _CWE127_Buffer_Underread__malloc_wchar_t_cpy_67_structType wchar_t * structFirst; } CWE127_Buffer_Underread__malloc_wchar_t_cpy_67_structType; wchar_t * data; CWE127_Buffer_Underread__malloc_wchar_t_cpy_67_structType myStruct; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myStruct.structFirst = data; CWE127_Buffer_Underread__malloc_wchar_t_cpy_67b_goodG2BSink(myStruct); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_67b_goodG2BSink(CWE127_Buffer_Underread__malloc_wchar_t_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31979 78018/CWE127_Buffer_Underread__malloc_wchar_t_cpy_68.c Buffer_Overflow_cpycat 138 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_cpy_68_badData = data; CWE127_Buffer_Underread__malloc_wchar_t_cpy_68b_badSink(); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_68b_badSink() wchar_t * data = CWE127_Buffer_Underread__malloc_wchar_t_cpy_68_badData; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31980 78018/CWE127_Buffer_Underread__malloc_wchar_t_cpy_68.c Buffer_Overflow_cpycat 158 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_cpy_68_goodG2BData = data; CWE127_Buffer_Underread__malloc_wchar_t_cpy_68b_goodG2BSink(); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_68b_goodG2BSink() wchar_t * data = CWE127_Buffer_Underread__malloc_wchar_t_cpy_68_goodG2BData; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31981 78022/CWE127_Buffer_Underread__malloc_wchar_t_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__malloc_wchar_t_cpy_81_base& baseObject = CWE127_Buffer_Underread__malloc_wchar_t_cpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_81_bad::action(wchar_t * data) const wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 31982 78022/CWE127_Buffer_Underread__malloc_wchar_t_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE127_Buffer_Underread__malloc_wchar_t_cpy_81_base& baseObject = CWE127_Buffer_Underread__malloc_wchar_t_cpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 31983 78023/CWE127_Buffer_Underread__malloc_wchar_t_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_cpy_82_base* baseObject = new CWE127_Buffer_Underread__malloc_wchar_t_cpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_82_bad::action(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); delete baseObject; 1 --------------------------------- 31984 78023/CWE127_Buffer_Underread__malloc_wchar_t_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_cpy_82_base* baseObject = new CWE127_Buffer_Underread__malloc_wchar_t_cpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__malloc_wchar_t_cpy_82_goodG2B::action(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); delete baseObject; 0 --------------------------------- 31985 78170/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_01.c Buffer_Overflow_LowBound 39 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 31986 78170/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_01.c Buffer_Overflow_LowBound 69 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 31987 78171/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_02.c Buffer_Overflow_LowBound 80 wchar_t * data; data = NULL; if(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 31988 78171/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_02.c Buffer_Overflow_LowBound 109 wchar_t * data; data = NULL; if(0){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 31989 78171/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_02.c Buffer_Overflow_LowBound 42 wchar_t * data; data = NULL; if(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 31990 78172/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_03.c Buffer_Overflow_LowBound 80 wchar_t * data; data = NULL; if(5==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 31991 78172/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_03.c Buffer_Overflow_LowBound 109 wchar_t * data; data = NULL; if(5!=5){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 31992 78172/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_03.c Buffer_Overflow_LowBound 42 wchar_t * data; data = NULL; if(5==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 31993 78173/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_04.c Buffer_Overflow_LowBound 87 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 31994 78173/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_04.c Buffer_Overflow_LowBound 116 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_FALSE){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 31995 78173/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_04.c Buffer_Overflow_LowBound 49 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 31996 78174/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_05.c Buffer_Overflow_LowBound 87 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 31997 78174/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_05.c Buffer_Overflow_LowBound 116 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticFalse){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 31998 78174/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_05.c Buffer_Overflow_LowBound 49 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; data = NULL; if(staticTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 31999 78175/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_06.c Buffer_Overflow_LowBound 46 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32000 78175/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_06.c Buffer_Overflow_LowBound 84 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE!=5){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32001 78175/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_06.c Buffer_Overflow_LowBound 113 static const int STATIC_CONST_FIVE = 5; wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32002 78176/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_07.c Buffer_Overflow_LowBound 48 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32003 78176/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_07.c Buffer_Overflow_LowBound 86 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive!=5){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32004 78176/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_07.c Buffer_Overflow_LowBound 115 static int staticFive = 5; wchar_t * data; data = NULL; if(staticFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32005 78177/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 56 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32006 78177/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 94 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsFalse()){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32007 78177/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 123 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; data = NULL; if(staticReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32008 78178/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 80 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32009 78178/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 109 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_FALSE){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32010 78178/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 42 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32011 78179/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 80 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32012 78179/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 109 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalFalse){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32013 78179/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 42 int globalTrue = 1; int globalFalse = 0; wchar_t * data; data = NULL; if(globalTrue) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32014 78180/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 80 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32015 78180/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 109 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsFalse()){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32016 78180/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 42 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; data = NULL; if(globalReturnsTrue()) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32017 78182/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 80 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32018 78182/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 109 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE!=5){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32019 78182/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 42 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32020 78183/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 80 int globalFive = 5;  wchar_t * data; data = NULL; if(globalFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32021 78183/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 109 int globalFive = 5;  wchar_t * data; data = NULL; if(globalFive!=5){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32022 78183/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 42 int globalFive = 5;  wchar_t * data; data = NULL; if(globalFive==5) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32023 78184/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 87 wchar_t * data; data = NULL; switch(6) case 6: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; break; default: break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32024 78184/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 48 wchar_t * data; data = NULL; switch(5) case 6: break; default: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32025 78184/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 122 wchar_t * data; data = NULL; switch(6) case 6: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; break; default: break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32026 78185/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_16.c Buffer_Overflow_LowBound 77 wchar_t * data; data = NULL; while(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32027 78185/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_16.c Buffer_Overflow_LowBound 43 wchar_t * data; data = NULL; while(1) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32028 78186/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_17.c Buffer_Overflow_LowBound 77 wchar_t * data; data = NULL; for(i = 0; i < 1; i++) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32029 78186/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_17.c Buffer_Overflow_LowBound 43 wchar_t * data; data = NULL; for(h = 0; h < 1; h++) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32030 78187/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_18.c Buffer_Overflow_LowBound 73 wchar_t * data; data = NULL; goto source; source: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32031 78187/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_18.c Buffer_Overflow_LowBound 41 wchar_t * data; data = NULL; goto source; source: wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32032 78188/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 101 wchar_t * data; data = NULL; badStatic = 1; data = badSource(data); static wchar_t * badSource(wchar_t * data) if(badStatic) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32033 78188/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 52 wchar_t * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Static){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32034 78188/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 137 wchar_t * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Static) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32035 78189/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 39 wchar_t * data; data = NULL; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22_badGlobal = 1; data = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22_badSource(data); wchar_t * CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22_badSource(wchar_t * data) if(CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22_badGlobal) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32036 78189/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 93 wchar_t * data; data = NULL; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22_goodG2B1Global = 0; data = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22_goodG2B1Source(data); wchar_t * CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22_goodG2B1Source(wchar_t * data) if(CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22_goodG2B1Global){} else wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32037 78189/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 70 wchar_t * data; data = NULL; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22_goodG2B2Global = 1; data = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22_goodG2B2Source(data); wchar_t * CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22_goodG2B2Source(wchar_t * data) if(CWE127_Buffer_Underread__malloc_wchar_t_ncpy_22_goodG2B2Global) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32038 78190/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_31.c Buffer_Overflow_LowBound 76 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32039 78190/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_31.c Buffer_Overflow_LowBound 42 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32040 78191/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_32.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32041 78191/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_32.c Buffer_Overflow_LowBound 86 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32042 78193/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_34.c Buffer_Overflow_LowBound 84 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE127_Buffer_Underread__malloc_wchar_t_ncpy_34_unionType; wchar_t * data; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_34_unionType myUnion; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32043 78193/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_34.c Buffer_Overflow_LowBound 49 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE127_Buffer_Underread__malloc_wchar_t_ncpy_34_unionType; wchar_t * data; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_34_unionType myUnion; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32044 78194/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_41.c Buffer_Overflow_LowBound 64 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_41_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_41_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32045 78194/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_41.c Buffer_Overflow_LowBound 30 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_41_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_41_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32046 78195/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_42.c Buffer_Overflow_LowBound 45 wchar_t * data; data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32047 78195/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_42.c Buffer_Overflow_LowBound 81 wchar_t * data; data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32048 78197/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_44.c Buffer_Overflow_LowBound 30 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32049 78197/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_44.c Buffer_Overflow_LowBound 68 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32050 78198/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_45.c Buffer_Overflow_LowBound 71 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_45_badData; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32051 78198/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_45.c Buffer_Overflow_LowBound 34 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_45_goodG2BData; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32052 78199/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_51.c Buffer_Overflow_LowBound 150 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_51b_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_51b_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32053 78199/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_51.c Buffer_Overflow_LowBound 129 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_51b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32054 78200/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_52.c Buffer_Overflow_LowBound 199 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_52b_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_52b_badSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_ncpy_52c_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_52c_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32055 78200/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_52.c Buffer_Overflow_LowBound 178 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_52b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_52b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_ncpy_52c_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32056 78201/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53.c Buffer_Overflow_LowBound 248 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53b_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53b_badSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53c_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53c_badSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53d_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53d_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32057 78201/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53.c Buffer_Overflow_LowBound 227 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53c_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53c_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53d_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32058 78202/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54.c Buffer_Overflow_LowBound 276 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54b_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54b_badSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54c_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54c_badSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54d_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54d_badSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54e_badSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54e_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32059 78202/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54.c Buffer_Overflow_LowBound 297 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54b_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54c_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54c_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54d_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54d_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54e_goodG2BSink(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32060 78203/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_61.c Buffer_Overflow_LowBound 62 wchar_t * data; data = NULL; data = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_61b_badSource(data); wchar_t * CWE127_Buffer_Underread__malloc_wchar_t_ncpy_61b_badSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; return data; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32061 78203/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_61.c Buffer_Overflow_LowBound 36 wchar_t * data; data = NULL; data = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_61b_goodG2BSource(data); wchar_t * CWE127_Buffer_Underread__malloc_wchar_t_ncpy_61b_goodG2BSource(wchar_t * data) wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; return data; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32062 78205/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_63.c Buffer_Overflow_LowBound 127 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_63b_badSink(&data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32063 78205/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_63.c Buffer_Overflow_LowBound 149 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_63b_goodG2BSink(&data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32064 78206/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_64.c Buffer_Overflow_LowBound 155 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_64b_badSink(&data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32065 78206/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_64.c Buffer_Overflow_LowBound 130 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_64b_goodG2BSink(&data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32066 78207/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_65.c Buffer_Overflow_LowBound 151 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_65b_badSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_65b_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32067 78207/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_65.c Buffer_Overflow_LowBound 130 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_65b_goodG2BSink; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32068 78208/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_66.c Buffer_Overflow_LowBound 133 wchar_t * data; wchar_t * dataArray[5]; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataArray[2] = data; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_66b_badSink(dataArray); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32069 78208/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_66.c Buffer_Overflow_LowBound 155 wchar_t * data; wchar_t * dataArray[5]; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataArray[2] = data; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_66b_goodG2BSink(dataArray); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32070 78209/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_67.c Buffer_Overflow_LowBound 141 wchar_t * data; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_67_structType myStruct; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_67b_badSink(myStruct); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_67b_badSink(CWE127_Buffer_Underread__malloc_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32071 78209/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_67.c Buffer_Overflow_LowBound 163 wchar_t * data; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_67_structType myStruct; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myStruct.structFirst = data; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_67b_goodG2BSink(myStruct); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_67b_goodG2BSink(CWE127_Buffer_Underread__malloc_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32072 78210/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_68.c Buffer_Overflow_LowBound 160 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_68_badData = data; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_68b_badSink(); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_68b_badSink() wchar_t * data = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_68_badData; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32073 78210/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_68.c Buffer_Overflow_LowBound 138 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_68_goodG2BData = data; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_68b_goodG2BSink(); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_68b_goodG2BSink() wchar_t * data = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_68_goodG2BData; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32074 78214/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__malloc_wchar_t_ncpy_81_base& baseObject = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_81_bad::action(wchar_t * data) const wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32075 78214/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE127_Buffer_Underread__malloc_wchar_t_ncpy_81_base& baseObject = CWE127_Buffer_Underread__malloc_wchar_t_ncpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32076 78215/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__malloc_wchar_t_ncpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_82_bad::action(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; delete baseObject; 1 --------------------------------- 32077 78215/CWE127_Buffer_Underread__malloc_wchar_t_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = (wchar_t *)malloc(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__malloc_wchar_t_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__malloc_wchar_t_ncpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__malloc_wchar_t_ncpy_82_goodG2B::action(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; delete baseObject; 0 --------------------------------- 32078 78262/CWE127_Buffer_Underread__new_char_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__new_char_cpy_81_base& baseObject = CWE127_Buffer_Underread__new_char_cpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__new_char_cpy_81_bad::action(char * data) const char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 1 --------------------------------- 32079 78262/CWE127_Buffer_Underread__new_char_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE127_Buffer_Underread__new_char_cpy_81_base& baseObject = CWE127_Buffer_Underread__new_char_cpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__new_char_cpy_81_goodG2B::action(char * data) const char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); 0 --------------------------------- 32080 78263/CWE127_Buffer_Underread__new_char_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__new_char_cpy_82_base* baseObject = new CWE127_Buffer_Underread__new_char_cpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__new_char_cpy_82_bad::action(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); delete baseObject; 1 --------------------------------- 32081 78263/CWE127_Buffer_Underread__new_char_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__new_char_cpy_82_base* baseObject = new CWE127_Buffer_Underread__new_char_cpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__new_char_cpy_82_goodG2B::action(char * data) char dest[100*2]; memset(dest, 'C', 100*2-1); dest[100*2-1] = '\0'; strcpy(dest, data); delete baseObject; 0 --------------------------------- 32082 78454/CWE127_Buffer_Underread__new_char_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__new_char_ncpy_81_base& baseObject = CWE127_Buffer_Underread__new_char_ncpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__new_char_ncpy_81_bad::action(char * data) const char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 1 --------------------------------- 32083 78454/CWE127_Buffer_Underread__new_char_ncpy_81_goodG2B.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; const CWE127_Buffer_Underread__new_char_ncpy_81_base& baseObject = CWE127_Buffer_Underread__new_char_ncpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__new_char_ncpy_81_goodG2B::action(char * data) const char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; 0 --------------------------------- 32084 78455/CWE127_Buffer_Underread__new_char_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__new_char_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__new_char_ncpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__new_char_ncpy_82_bad::action(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; delete baseObject; 1 --------------------------------- 32085 78455/CWE127_Buffer_Underread__new_char_ncpy_82_goodG2B.cpp Off_by_One_Error_in_Methods 31 char * data; data = NULL; char * dataBuffer = new char[100]; memset(dataBuffer, 'A', 100-1); dataBuffer[100-1] = '\0'; data = dataBuffer; CWE127_Buffer_Underread__new_char_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__new_char_ncpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__new_char_ncpy_82_goodG2B::action(char * data) char dest[100]; memset(dest, 'C', 100-1); dest[100-1] = '\0'; strncpy(dest, data, strlen(dest)); dest[100-1] = '\0'; delete baseObject; 0 --------------------------------- 32086 78502/CWE127_Buffer_Underread__new_wchar_t_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__new_wchar_t_cpy_81_base& baseObject = CWE127_Buffer_Underread__new_wchar_t_cpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__new_wchar_t_cpy_81_bad::action(wchar_t * data) const wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32087 78502/CWE127_Buffer_Underread__new_wchar_t_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE127_Buffer_Underread__new_wchar_t_cpy_81_base& baseObject = CWE127_Buffer_Underread__new_wchar_t_cpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__new_wchar_t_cpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32088 78503/CWE127_Buffer_Underread__new_wchar_t_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__new_wchar_t_cpy_82_base* baseObject = new CWE127_Buffer_Underread__new_wchar_t_cpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__new_wchar_t_cpy_82_bad::action(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); delete baseObject; 1 --------------------------------- 32089 78503/CWE127_Buffer_Underread__new_wchar_t_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__new_wchar_t_cpy_82_base* baseObject = new CWE127_Buffer_Underread__new_wchar_t_cpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__new_wchar_t_cpy_82_goodG2B::action(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); delete baseObject; 0 --------------------------------- 32090 78694/CWE127_Buffer_Underread__new_wchar_t_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__new_wchar_t_ncpy_81_base& baseObject = CWE127_Buffer_Underread__new_wchar_t_ncpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__new_wchar_t_ncpy_81_bad::action(wchar_t * data) const wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32091 78694/CWE127_Buffer_Underread__new_wchar_t_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE127_Buffer_Underread__new_wchar_t_ncpy_81_base& baseObject = CWE127_Buffer_Underread__new_wchar_t_ncpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__new_wchar_t_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32092 78695/CWE127_Buffer_Underread__new_wchar_t_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__new_wchar_t_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__new_wchar_t_ncpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__new_wchar_t_ncpy_82_bad::action(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; delete baseObject; 1 --------------------------------- 32093 78695/CWE127_Buffer_Underread__new_wchar_t_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; wchar_t * dataBuffer = new wchar_t[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__new_wchar_t_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__new_wchar_t_ncpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__new_wchar_t_ncpy_82_goodG2B::action(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; delete baseObject; 0 --------------------------------- 32094 78698/CWE127_Buffer_Underread__wchar_t_alloca_cpy_01.c Buffer_Overflow_cpycat 36 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32095 78698/CWE127_Buffer_Underread__wchar_t_alloca_cpy_01.c Buffer_Overflow_cpycat 59 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32096 78699/CWE127_Buffer_Underread__wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32097 78699/CWE127_Buffer_Underread__wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 92 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(0){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32098 78699/CWE127_Buffer_Underread__wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32099 78700/CWE127_Buffer_Underread__wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32100 78700/CWE127_Buffer_Underread__wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 92 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5!=5){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32101 78700/CWE127_Buffer_Underread__wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32102 78701/CWE127_Buffer_Underread__wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 77 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32103 78701/CWE127_Buffer_Underread__wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FALSE){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32104 78701/CWE127_Buffer_Underread__wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 99 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32105 78702/CWE127_Buffer_Underread__wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 77 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32106 78702/CWE127_Buffer_Underread__wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 46 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFalse){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32107 78702/CWE127_Buffer_Underread__wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 99 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32108 78703/CWE127_Buffer_Underread__wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 74 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32109 78703/CWE127_Buffer_Underread__wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 43 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE!=5){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32110 78703/CWE127_Buffer_Underread__wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 96 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32111 78704/CWE127_Buffer_Underread__wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 45 static int staticFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32112 78704/CWE127_Buffer_Underread__wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 98 static int staticFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive!=5){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32113 78704/CWE127_Buffer_Underread__wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 76 static int staticFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32114 78705/CWE127_Buffer_Underread__wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32115 78705/CWE127_Buffer_Underread__wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 106 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsFalse()){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32116 78705/CWE127_Buffer_Underread__wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 84 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32117 78706/CWE127_Buffer_Underread__wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32118 78706/CWE127_Buffer_Underread__wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FALSE){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32119 78706/CWE127_Buffer_Underread__wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32120 78707/CWE127_Buffer_Underread__wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32121 78707/CWE127_Buffer_Underread__wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 92 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFalse){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32122 78707/CWE127_Buffer_Underread__wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32123 78708/CWE127_Buffer_Underread__wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32124 78708/CWE127_Buffer_Underread__wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 92 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsFalse()){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32125 78708/CWE127_Buffer_Underread__wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 70 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32126 78710/CWE127_Buffer_Underread__wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32127 78710/CWE127_Buffer_Underread__wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE!=5){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32128 78710/CWE127_Buffer_Underread__wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_FIVE = 5;  wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32129 78711/CWE127_Buffer_Underread__wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 39 int globalFive = 5;  wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32130 78711/CWE127_Buffer_Underread__wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 92 int globalFive = 5;  wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive!=5){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32131 78711/CWE127_Buffer_Underread__wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 70 int globalFive = 5;  wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32132 78712/CWE127_Buffer_Underread__wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 77 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32133 78712/CWE127_Buffer_Underread__wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 45 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(5) case 6: break; default: data = dataBuffer; break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32134 78712/CWE127_Buffer_Underread__wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 105 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer; break; default: break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32135 78713/CWE127_Buffer_Underread__wchar_t_alloca_cpy_16.c Buffer_Overflow_cpycat 67 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer - 8; break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32136 78713/CWE127_Buffer_Underread__wchar_t_alloca_cpy_16.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer; break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32137 78714/CWE127_Buffer_Underread__wchar_t_alloca_cpy_17.c Buffer_Overflow_cpycat 67 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32138 78714/CWE127_Buffer_Underread__wchar_t_alloca_cpy_17.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(h = 0; h < 1; h++) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32139 78715/CWE127_Buffer_Underread__wchar_t_alloca_cpy_18.c Buffer_Overflow_cpycat 63 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32140 78715/CWE127_Buffer_Underread__wchar_t_alloca_cpy_18.c Buffer_Overflow_cpycat 38 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32141 78716/CWE127_Buffer_Underread__wchar_t_alloca_cpy_31.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32142 78716/CWE127_Buffer_Underread__wchar_t_alloca_cpy_31.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32143 78717/CWE127_Buffer_Underread__wchar_t_alloca_cpy_32.c Buffer_Overflow_cpycat 76 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32144 78717/CWE127_Buffer_Underread__wchar_t_alloca_cpy_32.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32145 78719/CWE127_Buffer_Underread__wchar_t_alloca_cpy_34.c Buffer_Overflow_cpycat 74 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE127_Buffer_Underread__wchar_t_alloca_cpy_34_unionType; wchar_t * data; CWE127_Buffer_Underread__wchar_t_alloca_cpy_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32146 78719/CWE127_Buffer_Underread__wchar_t_alloca_cpy_34.c Buffer_Overflow_cpycat 46 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE127_Buffer_Underread__wchar_t_alloca_cpy_34_unionType; wchar_t * data; CWE127_Buffer_Underread__wchar_t_alloca_cpy_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32147 78720/CWE127_Buffer_Underread__wchar_t_alloca_cpy_41.c Buffer_Overflow_cpycat 57 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_cpy_41_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_41_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32148 78720/CWE127_Buffer_Underread__wchar_t_alloca_cpy_41.c Buffer_Overflow_cpycat 30 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_cpy_41_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_41_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32149 78721/CWE127_Buffer_Underread__wchar_t_alloca_cpy_44.c Buffer_Overflow_cpycat 61 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32150 78721/CWE127_Buffer_Underread__wchar_t_alloca_cpy_44.c Buffer_Overflow_cpycat 30 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32151 78722/CWE127_Buffer_Underread__wchar_t_alloca_cpy_45.c Buffer_Overflow_cpycat 34 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_cpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_alloca_cpy_45_badData; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32152 78722/CWE127_Buffer_Underread__wchar_t_alloca_cpy_45.c Buffer_Overflow_cpycat 64 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_alloca_cpy_45_goodG2BData; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32153 78723/CWE127_Buffer_Underread__wchar_t_alloca_cpy_51.c Buffer_Overflow_cpycat 140 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_cpy_51b_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_51b_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32154 78723/CWE127_Buffer_Underread__wchar_t_alloca_cpy_51.c Buffer_Overflow_cpycat 123 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_cpy_51b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_51b_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32155 78724/CWE127_Buffer_Underread__wchar_t_alloca_cpy_52.c Buffer_Overflow_cpycat 189 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_cpy_52b_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_52b_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_cpy_52c_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_52c_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32156 78724/CWE127_Buffer_Underread__wchar_t_alloca_cpy_52.c Buffer_Overflow_cpycat 172 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_cpy_52b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_52b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_cpy_52c_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_52c_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32157 78725/CWE127_Buffer_Underread__wchar_t_alloca_cpy_53.c Buffer_Overflow_cpycat 221 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_cpy_53b_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_53b_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_cpy_53c_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_53c_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_cpy_53d_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_53d_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32158 78725/CWE127_Buffer_Underread__wchar_t_alloca_cpy_53.c Buffer_Overflow_cpycat 238 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_cpy_53b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_53b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_cpy_53c_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_53c_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_cpy_53d_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_53d_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32159 78726/CWE127_Buffer_Underread__wchar_t_alloca_cpy_54.c Buffer_Overflow_cpycat 287 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_cpy_54b_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_54b_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_cpy_54c_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_54c_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_cpy_54d_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_54d_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_cpy_54e_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_54e_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32160 78726/CWE127_Buffer_Underread__wchar_t_alloca_cpy_54.c Buffer_Overflow_cpycat 270 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_cpy_54b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_54b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_cpy_54c_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_54c_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_cpy_54d_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_54d_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_cpy_54e_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_54e_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32161 78727/CWE127_Buffer_Underread__wchar_t_alloca_cpy_63.c Buffer_Overflow_cpycat 121 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_cpy_63b_badSink(&data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32162 78727/CWE127_Buffer_Underread__wchar_t_alloca_cpy_63.c Buffer_Overflow_cpycat 139 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_cpy_63b_goodG2BSink(&data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32163 78728/CWE127_Buffer_Underread__wchar_t_alloca_cpy_64.c Buffer_Overflow_cpycat 124 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_cpy_64b_badSink(&data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32164 78728/CWE127_Buffer_Underread__wchar_t_alloca_cpy_64.c Buffer_Overflow_cpycat 145 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_cpy_64b_goodG2BSink(&data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32165 78729/CWE127_Buffer_Underread__wchar_t_alloca_cpy_65.c Buffer_Overflow_cpycat 141 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE127_Buffer_Underread__wchar_t_alloca_cpy_65b_badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_65b_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32166 78729/CWE127_Buffer_Underread__wchar_t_alloca_cpy_65.c Buffer_Overflow_cpycat 124 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE127_Buffer_Underread__wchar_t_alloca_cpy_65b_goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_65b_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32167 78730/CWE127_Buffer_Underread__wchar_t_alloca_cpy_66.c Buffer_Overflow_cpycat 127 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataArray[2] = data; CWE127_Buffer_Underread__wchar_t_alloca_cpy_66b_badSink(dataArray); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32168 78730/CWE127_Buffer_Underread__wchar_t_alloca_cpy_66.c Buffer_Overflow_cpycat 145 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataArray[2] = data; CWE127_Buffer_Underread__wchar_t_alloca_cpy_66b_goodG2BSink(dataArray); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32169 78731/CWE127_Buffer_Underread__wchar_t_alloca_cpy_67.c Buffer_Overflow_cpycat 135 wchar_t * data; CWE127_Buffer_Underread__wchar_t_alloca_cpy_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE127_Buffer_Underread__wchar_t_alloca_cpy_67b_badSink(myStruct); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_67b_badSink(CWE127_Buffer_Underread__wchar_t_alloca_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32170 78731/CWE127_Buffer_Underread__wchar_t_alloca_cpy_67.c Buffer_Overflow_cpycat 153 wchar_t * data; CWE127_Buffer_Underread__wchar_t_alloca_cpy_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myStruct.structFirst = data; CWE127_Buffer_Underread__wchar_t_alloca_cpy_67b_goodG2BSink(myStruct); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_67b_goodG2BSink(CWE127_Buffer_Underread__wchar_t_alloca_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32171 78732/CWE127_Buffer_Underread__wchar_t_alloca_cpy_68.c Buffer_Overflow_cpycat 132 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_cpy_68_badData = data; CWE127_Buffer_Underread__wchar_t_alloca_cpy_68b_badSink(); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_68b_badSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_alloca_cpy_68_badData; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32172 78732/CWE127_Buffer_Underread__wchar_t_alloca_cpy_68.c Buffer_Overflow_cpycat 150 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_cpy_68_goodG2BData = data; CWE127_Buffer_Underread__wchar_t_alloca_cpy_68b_goodG2BSink(); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_68b_goodG2BSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_alloca_cpy_68_goodG2BData; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32173 78736/CWE127_Buffer_Underread__wchar_t_alloca_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__wchar_t_alloca_cpy_81_base& baseObject = CWE127_Buffer_Underread__wchar_t_alloca_cpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_81_bad::action(wchar_t * data) const wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32174 78736/CWE127_Buffer_Underread__wchar_t_alloca_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE127_Buffer_Underread__wchar_t_alloca_cpy_81_base& baseObject = CWE127_Buffer_Underread__wchar_t_alloca_cpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32175 78737/CWE127_Buffer_Underread__wchar_t_alloca_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_cpy_82_base* baseObject = new CWE127_Buffer_Underread__wchar_t_alloca_cpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_82_bad::action(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); delete baseObject; 1 --------------------------------- 32176 78737/CWE127_Buffer_Underread__wchar_t_alloca_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_cpy_82_base* baseObject = new CWE127_Buffer_Underread__wchar_t_alloca_cpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__wchar_t_alloca_cpy_82_goodG2B::action(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); delete baseObject; 0 --------------------------------- 32177 78858/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_01.c Buffer_Overflow_LowBound 61 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32178 78858/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_01.c Buffer_Overflow_LowBound 36 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32179 78859/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32180 78859/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 96 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(0){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32181 78859/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32182 78860/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32183 78860/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 96 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5!=5){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32184 78860/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32185 78861/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 103 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32186 78861/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 79 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FALSE){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32187 78861/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32188 78862/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 103 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32189 78862/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 79 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFalse){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32190 78862/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 46 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32191 78863/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 43 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32192 78863/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 100 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE!=5){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32193 78863/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 76 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32194 78864/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 78 static int staticFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32195 78864/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 45 static int staticFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive!=5){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32196 78864/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 102 static int staticFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32197 78865/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32198 78865/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 86 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsFalse()){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32199 78865/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 110 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32200 78866/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32201 78866/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 96 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FALSE){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32202 78866/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 72 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32203 78867/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 39 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32204 78867/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 96 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFalse){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32205 78867/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 72 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32206 78868/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32207 78868/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 96 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsFalse()){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32208 78868/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 72 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32209 78870/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 39 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32210 78870/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 96 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE!=5){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32211 78870/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 72 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32212 78871/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 39 int globalFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32213 78871/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 96 int globalFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive!=5){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32214 78871/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 72 int globalFive = 5; wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32215 78872/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 79 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32216 78872/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 109 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(5) case 6: break; default: data = dataBuffer; break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32217 78872/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 45 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer; break; default: break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32218 78873/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_16.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer - 8; break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32219 78873/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_16.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer; break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32220 78874/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_17.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32221 78874/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_17.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(h = 0; h < 1; h++) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32222 78875/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_18.c Buffer_Overflow_LowBound 38 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32223 78875/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_18.c Buffer_Overflow_LowBound 65 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32224 78876/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_31.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32225 78876/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_31.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32226 78877/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_32.c Buffer_Overflow_LowBound 78 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32227 78877/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_32.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32228 78879/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_34.c Buffer_Overflow_LowBound 46 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE127_Buffer_Underread__wchar_t_alloca_ncpy_34_unionType; wchar_t * data; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32229 78879/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_34.c Buffer_Overflow_LowBound 76 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE127_Buffer_Underread__wchar_t_alloca_ncpy_34_unionType; wchar_t * data; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32230 78880/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_41.c Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_41_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_41_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32231 78880/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_41.c Buffer_Overflow_LowBound 59 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_41_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_41_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32232 78881/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_44.c Buffer_Overflow_LowBound 63 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32233 78881/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_44.c Buffer_Overflow_LowBound 30 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32234 78882/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_45.c Buffer_Overflow_LowBound 34 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_alloca_ncpy_45_badData; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32235 78882/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_45.c Buffer_Overflow_LowBound 66 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_alloca_ncpy_45_goodG2BData; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32236 78883/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_51.c Buffer_Overflow_LowBound 142 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_51b_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_51b_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32237 78883/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_51.c Buffer_Overflow_LowBound 123 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_51b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32238 78884/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_52.c Buffer_Overflow_LowBound 191 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_52b_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_52b_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_ncpy_52c_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_52c_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32239 78884/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_52.c Buffer_Overflow_LowBound 172 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_52b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_52b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_ncpy_52c_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32240 78885/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53.c Buffer_Overflow_LowBound 240 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53b_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53b_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53c_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53c_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53d_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53d_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32241 78885/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53.c Buffer_Overflow_LowBound 221 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53c_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53c_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53d_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32242 78886/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54.c Buffer_Overflow_LowBound 270 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54b_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54b_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54c_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54c_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54d_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54d_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54e_badSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54e_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32243 78886/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54.c Buffer_Overflow_LowBound 289 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54c_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54c_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54d_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54d_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54e_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32244 78887/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_63.c Buffer_Overflow_LowBound 141 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_63b_badSink(&data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32245 78887/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_63.c Buffer_Overflow_LowBound 121 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_63b_goodG2BSink(&data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32246 78888/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_64.c Buffer_Overflow_LowBound 147 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_64b_badSink(&data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32247 78888/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_64.c Buffer_Overflow_LowBound 124 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_64b_goodG2BSink(&data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32248 78889/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_65.c Buffer_Overflow_LowBound 143 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE127_Buffer_Underread__wchar_t_alloca_ncpy_65b_badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_65b_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32249 78889/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_65.c Buffer_Overflow_LowBound 124 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE127_Buffer_Underread__wchar_t_alloca_ncpy_65b_goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32250 78890/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_66.c Buffer_Overflow_LowBound 127 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataArray[2] = data; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_66b_badSink(dataArray); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32251 78890/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_66.c Buffer_Overflow_LowBound 147 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataArray[2] = data; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_66b_goodG2BSink(dataArray); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32252 78891/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67.c Buffer_Overflow_LowBound 135 typedef struct _CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67_structType wchar_t * structFirst; } CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67_structType; wchar_t * data; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67b_badSink(myStruct); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67b_badSink(CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32253 78891/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67.c Buffer_Overflow_LowBound 155 typedef struct _CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67_structType wchar_t * structFirst; } CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67_structType; wchar_t * data; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myStruct.structFirst = data; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67b_goodG2BSink(myStruct); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67b_goodG2BSink(CWE127_Buffer_Underread__wchar_t_alloca_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32254 78892/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_68.c Buffer_Overflow_LowBound 152 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_68_badData = data; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_68b_badSink(); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_68b_badSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_alloca_ncpy_68_badData; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32255 78892/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_68.c Buffer_Overflow_LowBound 132 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_68_goodG2BData = data; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_68b_goodG2BSink(); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_68b_goodG2BSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_alloca_ncpy_68_goodG2BData; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32256 78896/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__wchar_t_alloca_ncpy_81_base& baseObject = CWE127_Buffer_Underread__wchar_t_alloca_ncpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_81_bad::action(wchar_t * data) const wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32257 78896/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE127_Buffer_Underread__wchar_t_alloca_ncpy_81_base& baseObject = CWE127_Buffer_Underread__wchar_t_alloca_ncpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32258 78897/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__wchar_t_alloca_ncpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_82_bad::action(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; delete baseObject; 1 --------------------------------- 32259 78897/CWE127_Buffer_Underread__wchar_t_alloca_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_alloca_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__wchar_t_alloca_ncpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__wchar_t_alloca_ncpy_82_goodG2B::action(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; delete baseObject; 0 --------------------------------- 32260 78898/CWE127_Buffer_Underread__wchar_t_declare_cpy_01.c Buffer_Overflow_cpycat 36 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32261 78898/CWE127_Buffer_Underread__wchar_t_declare_cpy_01.c Buffer_Overflow_cpycat 59 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32262 78899/CWE127_Buffer_Underread__wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32263 78899/CWE127_Buffer_Underread__wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 92 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(0){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32264 78899/CWE127_Buffer_Underread__wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32265 78900/CWE127_Buffer_Underread__wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32266 78900/CWE127_Buffer_Underread__wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 92 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5!=5){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32267 78900/CWE127_Buffer_Underread__wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32268 78901/CWE127_Buffer_Underread__wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 77 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32269 78901/CWE127_Buffer_Underread__wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FALSE){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32270 78901/CWE127_Buffer_Underread__wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 99 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32271 78902/CWE127_Buffer_Underread__wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 77 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32272 78902/CWE127_Buffer_Underread__wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 46 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFalse){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32273 78902/CWE127_Buffer_Underread__wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 99 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32274 78903/CWE127_Buffer_Underread__wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 74 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32275 78903/CWE127_Buffer_Underread__wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 43 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE!=5){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32276 78903/CWE127_Buffer_Underread__wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 96 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32277 78904/CWE127_Buffer_Underread__wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 45 static int staticFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32278 78904/CWE127_Buffer_Underread__wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 98 static int staticFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive!=5){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32279 78904/CWE127_Buffer_Underread__wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 76 static int staticFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32280 78905/CWE127_Buffer_Underread__wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32281 78905/CWE127_Buffer_Underread__wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 106 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsFalse()){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32282 78905/CWE127_Buffer_Underread__wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 84 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32283 78906/CWE127_Buffer_Underread__wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32284 78906/CWE127_Buffer_Underread__wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FALSE){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32285 78906/CWE127_Buffer_Underread__wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32286 78907/CWE127_Buffer_Underread__wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 39 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32287 78907/CWE127_Buffer_Underread__wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 92 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFalse){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32288 78907/CWE127_Buffer_Underread__wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 70 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32289 78908/CWE127_Buffer_Underread__wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32290 78908/CWE127_Buffer_Underread__wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 92 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsFalse()){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32291 78908/CWE127_Buffer_Underread__wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 70 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32292 78910/CWE127_Buffer_Underread__wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 39 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32293 78910/CWE127_Buffer_Underread__wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 92 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE!=5){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32294 78910/CWE127_Buffer_Underread__wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 70 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32295 78911/CWE127_Buffer_Underread__wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 39 int globalFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32296 78911/CWE127_Buffer_Underread__wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 92 int globalFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive!=5){} else data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32297 78911/CWE127_Buffer_Underread__wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 70 int globalFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32298 78912/CWE127_Buffer_Underread__wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 77 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32299 78912/CWE127_Buffer_Underread__wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 45 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(5) case 6: break; default: data = dataBuffer; break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32300 78912/CWE127_Buffer_Underread__wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 105 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer; break; default: break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32301 78913/CWE127_Buffer_Underread__wchar_t_declare_cpy_16.c Buffer_Overflow_cpycat 67 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer - 8; break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32302 78913/CWE127_Buffer_Underread__wchar_t_declare_cpy_16.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer; break; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32303 78914/CWE127_Buffer_Underread__wchar_t_declare_cpy_17.c Buffer_Overflow_cpycat 67 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32304 78914/CWE127_Buffer_Underread__wchar_t_declare_cpy_17.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(h = 0; h < 1; h++) data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32305 78915/CWE127_Buffer_Underread__wchar_t_declare_cpy_18.c Buffer_Overflow_cpycat 63 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer - 8; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32306 78915/CWE127_Buffer_Underread__wchar_t_declare_cpy_18.c Buffer_Overflow_cpycat 38 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32307 78916/CWE127_Buffer_Underread__wchar_t_declare_cpy_31.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32308 78916/CWE127_Buffer_Underread__wchar_t_declare_cpy_31.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32309 78917/CWE127_Buffer_Underread__wchar_t_declare_cpy_32.c Buffer_Overflow_cpycat 76 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32310 78917/CWE127_Buffer_Underread__wchar_t_declare_cpy_32.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32311 78919/CWE127_Buffer_Underread__wchar_t_declare_cpy_34.c Buffer_Overflow_cpycat 74 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE127_Buffer_Underread__wchar_t_declare_cpy_34_unionType; wchar_t * data; CWE127_Buffer_Underread__wchar_t_declare_cpy_34_unionType myUnion; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32312 78919/CWE127_Buffer_Underread__wchar_t_declare_cpy_34.c Buffer_Overflow_cpycat 46 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE127_Buffer_Underread__wchar_t_declare_cpy_34_unionType; wchar_t * data; CWE127_Buffer_Underread__wchar_t_declare_cpy_34_unionType myUnion; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32313 78920/CWE127_Buffer_Underread__wchar_t_declare_cpy_41.c Buffer_Overflow_cpycat 57 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_cpy_41_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_41_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32314 78920/CWE127_Buffer_Underread__wchar_t_declare_cpy_41.c Buffer_Overflow_cpycat 30 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_cpy_41_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_41_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32315 78921/CWE127_Buffer_Underread__wchar_t_declare_cpy_44.c Buffer_Overflow_cpycat 61 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32316 78921/CWE127_Buffer_Underread__wchar_t_declare_cpy_44.c Buffer_Overflow_cpycat 30 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32317 78922/CWE127_Buffer_Underread__wchar_t_declare_cpy_45.c Buffer_Overflow_cpycat 34 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_cpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_declare_cpy_45_badData; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32318 78922/CWE127_Buffer_Underread__wchar_t_declare_cpy_45.c Buffer_Overflow_cpycat 64 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_declare_cpy_45_goodG2BData; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32319 78923/CWE127_Buffer_Underread__wchar_t_declare_cpy_51.c Buffer_Overflow_cpycat 140 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_cpy_51b_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_51b_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32320 78923/CWE127_Buffer_Underread__wchar_t_declare_cpy_51.c Buffer_Overflow_cpycat 123 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_cpy_51b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_51b_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32321 78924/CWE127_Buffer_Underread__wchar_t_declare_cpy_52.c Buffer_Overflow_cpycat 189 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_cpy_52b_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_52b_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_cpy_52c_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_52c_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32322 78924/CWE127_Buffer_Underread__wchar_t_declare_cpy_52.c Buffer_Overflow_cpycat 172 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_cpy_52b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_52b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_cpy_52c_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_52c_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32323 78925/CWE127_Buffer_Underread__wchar_t_declare_cpy_53.c Buffer_Overflow_cpycat 221 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_cpy_53b_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_53b_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_cpy_53c_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_53c_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_cpy_53d_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_53d_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32324 78925/CWE127_Buffer_Underread__wchar_t_declare_cpy_53.c Buffer_Overflow_cpycat 238 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_cpy_53b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_53b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_cpy_53c_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_53c_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_cpy_53d_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_53d_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32325 78926/CWE127_Buffer_Underread__wchar_t_declare_cpy_54.c Buffer_Overflow_cpycat 287 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_cpy_54b_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_54b_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_cpy_54c_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_54c_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_cpy_54d_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_54d_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_cpy_54e_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_54e_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32326 78926/CWE127_Buffer_Underread__wchar_t_declare_cpy_54.c Buffer_Overflow_cpycat 270 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_cpy_54b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_54b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_cpy_54c_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_54c_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_cpy_54d_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_54d_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_cpy_54e_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_54e_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32327 78927/CWE127_Buffer_Underread__wchar_t_declare_cpy_63.c Buffer_Overflow_cpycat 121 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_cpy_63b_badSink(&data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32328 78927/CWE127_Buffer_Underread__wchar_t_declare_cpy_63.c Buffer_Overflow_cpycat 139 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_cpy_63b_goodG2BSink(&data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32329 78928/CWE127_Buffer_Underread__wchar_t_declare_cpy_64.c Buffer_Overflow_cpycat 124 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_cpy_64b_badSink(&data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32330 78928/CWE127_Buffer_Underread__wchar_t_declare_cpy_64.c Buffer_Overflow_cpycat 145 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_cpy_64b_goodG2BSink(&data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32331 78929/CWE127_Buffer_Underread__wchar_t_declare_cpy_65.c Buffer_Overflow_cpycat 141 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE127_Buffer_Underread__wchar_t_declare_cpy_65b_badSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_65b_badSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32332 78929/CWE127_Buffer_Underread__wchar_t_declare_cpy_65.c Buffer_Overflow_cpycat 124 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE127_Buffer_Underread__wchar_t_declare_cpy_65b_goodG2BSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_65b_goodG2BSink(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32333 78930/CWE127_Buffer_Underread__wchar_t_declare_cpy_66.c Buffer_Overflow_cpycat 127 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataArray[2] = data; CWE127_Buffer_Underread__wchar_t_declare_cpy_66b_badSink(dataArray); void CWE127_Buffer_Underread__wchar_t_declare_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32334 78930/CWE127_Buffer_Underread__wchar_t_declare_cpy_66.c Buffer_Overflow_cpycat 145 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataArray[2] = data; CWE127_Buffer_Underread__wchar_t_declare_cpy_66b_goodG2BSink(dataArray); void CWE127_Buffer_Underread__wchar_t_declare_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32335 78931/CWE127_Buffer_Underread__wchar_t_declare_cpy_67.c Buffer_Overflow_cpycat 135 wchar_t * data; CWE127_Buffer_Underread__wchar_t_declare_cpy_67_structType myStruct; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE127_Buffer_Underread__wchar_t_declare_cpy_67b_badSink(myStruct); void CWE127_Buffer_Underread__wchar_t_declare_cpy_67b_badSink(CWE127_Buffer_Underread__wchar_t_declare_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32336 78931/CWE127_Buffer_Underread__wchar_t_declare_cpy_67.c Buffer_Overflow_cpycat 153 wchar_t * data; CWE127_Buffer_Underread__wchar_t_declare_cpy_67_structType myStruct; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myStruct.structFirst = data; CWE127_Buffer_Underread__wchar_t_declare_cpy_67b_goodG2BSink(myStruct); void CWE127_Buffer_Underread__wchar_t_declare_cpy_67b_goodG2BSink(CWE127_Buffer_Underread__wchar_t_declare_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32337 78932/CWE127_Buffer_Underread__wchar_t_declare_cpy_68.c Buffer_Overflow_cpycat 132 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_cpy_68_badData = data; CWE127_Buffer_Underread__wchar_t_declare_cpy_68b_badSink(); void CWE127_Buffer_Underread__wchar_t_declare_cpy_68b_badSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_declare_cpy_68_badData; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32338 78932/CWE127_Buffer_Underread__wchar_t_declare_cpy_68.c Buffer_Overflow_cpycat 150 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_cpy_68_goodG2BData = data; CWE127_Buffer_Underread__wchar_t_declare_cpy_68b_goodG2BSink(); void CWE127_Buffer_Underread__wchar_t_declare_cpy_68b_goodG2BSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_declare_cpy_68_goodG2BData; wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32339 78936/CWE127_Buffer_Underread__wchar_t_declare_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__wchar_t_declare_cpy_81_base& baseObject = CWE127_Buffer_Underread__wchar_t_declare_cpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_81_bad::action(wchar_t * data) const wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 1 --------------------------------- 32340 78936/CWE127_Buffer_Underread__wchar_t_declare_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE127_Buffer_Underread__wchar_t_declare_cpy_81_base& baseObject = CWE127_Buffer_Underread__wchar_t_declare_cpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); 0 --------------------------------- 32341 78937/CWE127_Buffer_Underread__wchar_t_declare_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_cpy_82_base* baseObject = new CWE127_Buffer_Underread__wchar_t_declare_cpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_82_bad::action(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); delete baseObject; 1 --------------------------------- 32342 78937/CWE127_Buffer_Underread__wchar_t_declare_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_cpy_82_base* baseObject = new CWE127_Buffer_Underread__wchar_t_declare_cpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__wchar_t_declare_cpy_82_goodG2B::action(wchar_t * data) wchar_t dest[100*2]; wmemset(dest, L'C', 100*2-1); dest[100*2-1] = L'\0'; wcscpy(dest, data); delete baseObject; 0 --------------------------------- 32343 79058/CWE127_Buffer_Underread__wchar_t_declare_ncpy_01.c Buffer_Overflow_LowBound 61 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32344 79058/CWE127_Buffer_Underread__wchar_t_declare_ncpy_01.c Buffer_Overflow_LowBound 36 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32345 79059/CWE127_Buffer_Underread__wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32346 79059/CWE127_Buffer_Underread__wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 96 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(0){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32347 79059/CWE127_Buffer_Underread__wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(1) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32348 79060/CWE127_Buffer_Underread__wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32349 79060/CWE127_Buffer_Underread__wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 96 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5!=5){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32350 79060/CWE127_Buffer_Underread__wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(5==5) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32351 79061/CWE127_Buffer_Underread__wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 103 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32352 79061/CWE127_Buffer_Underread__wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 79 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FALSE){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32353 79061/CWE127_Buffer_Underread__wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 46 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_TRUE) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32354 79062/CWE127_Buffer_Underread__wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 103 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32355 79062/CWE127_Buffer_Underread__wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 79 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFalse){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32356 79062/CWE127_Buffer_Underread__wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 46 static int staticTrue = 1; static int staticFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticTrue) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32357 79063/CWE127_Buffer_Underread__wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 43 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32358 79063/CWE127_Buffer_Underread__wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 100 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE!=5){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32359 79063/CWE127_Buffer_Underread__wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 76 static const int STATIC_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(STATIC_CONST_FIVE==5) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32360 79064/CWE127_Buffer_Underread__wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 78 static int staticFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32361 79064/CWE127_Buffer_Underread__wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 45 static int staticFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive!=5){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32362 79064/CWE127_Buffer_Underread__wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 102 static int staticFive = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticFive==5) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32363 79065/CWE127_Buffer_Underread__wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 53 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32364 79065/CWE127_Buffer_Underread__wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 86 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsFalse()){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32365 79065/CWE127_Buffer_Underread__wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 110 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(staticReturnsTrue()) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32366 79066/CWE127_Buffer_Underread__wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 39 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32367 79066/CWE127_Buffer_Underread__wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 96 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FALSE){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32368 79066/CWE127_Buffer_Underread__wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 72 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_TRUE) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32369 79067/CWE127_Buffer_Underread__wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 39 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32370 79067/CWE127_Buffer_Underread__wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 96 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFalse){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32371 79067/CWE127_Buffer_Underread__wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 72 int globalTrue = 1; int globalFalse = 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalTrue) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32372 79068/CWE127_Buffer_Underread__wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 39 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32373 79068/CWE127_Buffer_Underread__wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 96 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsFalse()){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32374 79068/CWE127_Buffer_Underread__wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 72 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalReturnsTrue()) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32375 79070/CWE127_Buffer_Underread__wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 39 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32376 79070/CWE127_Buffer_Underread__wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 96 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE!=5){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32377 79070/CWE127_Buffer_Underread__wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 72 const int GLOBAL_CONST_FIVE = 5; wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(GLOBAL_CONST_FIVE==5) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32378 79071/CWE127_Buffer_Underread__wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 39 int globalFive = 5;  wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32379 79071/CWE127_Buffer_Underread__wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 96 int globalFive = 5;  wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive!=5){} else data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32380 79071/CWE127_Buffer_Underread__wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 72 int globalFive = 5;  wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; if(globalFive==5) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32381 79072/CWE127_Buffer_Underread__wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 79 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer - 8; break; default: break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32382 79072/CWE127_Buffer_Underread__wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 109 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(5) case 6: break; default: data = dataBuffer; break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32383 79072/CWE127_Buffer_Underread__wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 45 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; switch(6) case 6: data = dataBuffer; break; default: break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32384 79073/CWE127_Buffer_Underread__wchar_t_declare_ncpy_16.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer - 8; break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32385 79073/CWE127_Buffer_Underread__wchar_t_declare_ncpy_16.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; while(1) data = dataBuffer; break; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32386 79074/CWE127_Buffer_Underread__wchar_t_declare_ncpy_17.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(i = 0; i < 1; i++) data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32387 79074/CWE127_Buffer_Underread__wchar_t_declare_ncpy_17.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; for(h = 0; h < 1; h++) data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32388 79075/CWE127_Buffer_Underread__wchar_t_declare_ncpy_18.c Buffer_Overflow_LowBound 38 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer - 8; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32389 79075/CWE127_Buffer_Underread__wchar_t_declare_ncpy_18.c Buffer_Overflow_LowBound 65 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; goto source; source: data = dataBuffer; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32390 79076/CWE127_Buffer_Underread__wchar_t_declare_ncpy_31.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32391 79076/CWE127_Buffer_Underread__wchar_t_declare_ncpy_31.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32392 79077/CWE127_Buffer_Underread__wchar_t_declare_ncpy_32.c Buffer_Overflow_LowBound 78 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer - 8; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32393 79077/CWE127_Buffer_Underread__wchar_t_declare_ncpy_32.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; wchar_t * data = *dataPtr1; data = dataBuffer; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32394 79079/CWE127_Buffer_Underread__wchar_t_declare_ncpy_34.c Buffer_Overflow_LowBound 46 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE127_Buffer_Underread__wchar_t_declare_ncpy_34_unionType; wchar_t * data; CWE127_Buffer_Underread__wchar_t_declare_ncpy_34_unionType myUnion; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 1 --------------------------------- 32395 79079/CWE127_Buffer_Underread__wchar_t_declare_ncpy_34.c Buffer_Overflow_LowBound 76 typedef union wchar_t * unionFirst; wchar_t * unionSecond; } CWE127_Buffer_Underread__wchar_t_declare_ncpy_34_unionType; wchar_t * data; CWE127_Buffer_Underread__wchar_t_declare_ncpy_34_unionType myUnion; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); 0 --------------------------------- 32396 79080/CWE127_Buffer_Underread__wchar_t_declare_ncpy_41.c Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_ncpy_41_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_41_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32397 79080/CWE127_Buffer_Underread__wchar_t_declare_ncpy_41.c Buffer_Overflow_LowBound 59 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_ncpy_41_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_41_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32398 79081/CWE127_Buffer_Underread__wchar_t_declare_ncpy_44.c Buffer_Overflow_LowBound 63 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32399 79081/CWE127_Buffer_Underread__wchar_t_declare_ncpy_44.c Buffer_Overflow_LowBound 30 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32400 79082/CWE127_Buffer_Underread__wchar_t_declare_ncpy_45.c Buffer_Overflow_LowBound 34 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_declare_ncpy_45_badData; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32401 79082/CWE127_Buffer_Underread__wchar_t_declare_ncpy_45.c Buffer_Overflow_LowBound 66 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_declare_ncpy_45_goodG2BData; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32402 79083/CWE127_Buffer_Underread__wchar_t_declare_ncpy_51.c Buffer_Overflow_LowBound 142 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_ncpy_51b_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_51b_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32403 79083/CWE127_Buffer_Underread__wchar_t_declare_ncpy_51.c Buffer_Overflow_LowBound 123 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_ncpy_51b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32404 79084/CWE127_Buffer_Underread__wchar_t_declare_ncpy_52.c Buffer_Overflow_LowBound 191 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_ncpy_52b_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_52b_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_ncpy_52c_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_52c_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32405 79084/CWE127_Buffer_Underread__wchar_t_declare_ncpy_52.c Buffer_Overflow_LowBound 172 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_ncpy_52b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_52b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_ncpy_52c_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32406 79085/CWE127_Buffer_Underread__wchar_t_declare_ncpy_53.c Buffer_Overflow_LowBound 240 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_ncpy_53b_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_53b_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_ncpy_53c_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_53c_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_ncpy_53d_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_53d_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32407 79085/CWE127_Buffer_Underread__wchar_t_declare_ncpy_53.c Buffer_Overflow_LowBound 221 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_ncpy_53b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_53b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_ncpy_53c_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_53c_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_ncpy_53d_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32408 79086/CWE127_Buffer_Underread__wchar_t_declare_ncpy_54.c Buffer_Overflow_LowBound 270 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_ncpy_54b_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_54b_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_ncpy_54c_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_54c_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_ncpy_54d_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_54d_badSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_ncpy_54e_badSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_54e_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32409 79086/CWE127_Buffer_Underread__wchar_t_declare_ncpy_54.c Buffer_Overflow_LowBound 289 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_ncpy_54b_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_54b_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_ncpy_54c_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_54c_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_ncpy_54d_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_54d_goodG2BSink(wchar_t * data) CWE127_Buffer_Underread__wchar_t_declare_ncpy_54e_goodG2BSink(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32410 79087/CWE127_Buffer_Underread__wchar_t_declare_ncpy_63.c Buffer_Overflow_LowBound 141 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_ncpy_63b_badSink(&data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32411 79087/CWE127_Buffer_Underread__wchar_t_declare_ncpy_63.c Buffer_Overflow_LowBound 121 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_ncpy_63b_goodG2BSink(&data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32412 79088/CWE127_Buffer_Underread__wchar_t_declare_ncpy_64.c Buffer_Overflow_LowBound 147 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_ncpy_64b_badSink(&data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32413 79088/CWE127_Buffer_Underread__wchar_t_declare_ncpy_64.c Buffer_Overflow_LowBound 124 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_ncpy_64b_goodG2BSink(&data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32414 79089/CWE127_Buffer_Underread__wchar_t_declare_ncpy_65.c Buffer_Overflow_LowBound 143 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE127_Buffer_Underread__wchar_t_declare_ncpy_65b_badSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; funcPtr(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_65b_badSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32415 79089/CWE127_Buffer_Underread__wchar_t_declare_ncpy_65.c Buffer_Overflow_LowBound 124 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE127_Buffer_Underread__wchar_t_declare_ncpy_65b_goodG2BSink; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; funcPtr(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32416 79090/CWE127_Buffer_Underread__wchar_t_declare_ncpy_66.c Buffer_Overflow_LowBound 127 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; dataArray[2] = data; CWE127_Buffer_Underread__wchar_t_declare_ncpy_66b_badSink(dataArray); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32417 79090/CWE127_Buffer_Underread__wchar_t_declare_ncpy_66.c Buffer_Overflow_LowBound 147 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; dataArray[2] = data; CWE127_Buffer_Underread__wchar_t_declare_ncpy_66b_goodG2BSink(dataArray); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32418 79091/CWE127_Buffer_Underread__wchar_t_declare_ncpy_67.c Buffer_Overflow_LowBound 135 typedef struct _CWE127_Buffer_Underread__wchar_t_declare_ncpy_67_structType wchar_t * structFirst; } CWE127_Buffer_Underread__wchar_t_declare_ncpy_67_structType; wchar_t * data; CWE127_Buffer_Underread__wchar_t_declare_ncpy_67_structType myStruct; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; myStruct.structFirst = data; CWE127_Buffer_Underread__wchar_t_declare_ncpy_67b_badSink(myStruct); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_67b_badSink(CWE127_Buffer_Underread__wchar_t_declare_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32419 79091/CWE127_Buffer_Underread__wchar_t_declare_ncpy_67.c Buffer_Overflow_LowBound 155 typedef struct _CWE127_Buffer_Underread__wchar_t_declare_ncpy_67_structType wchar_t * structFirst; } CWE127_Buffer_Underread__wchar_t_declare_ncpy_67_structType; wchar_t * data; CWE127_Buffer_Underread__wchar_t_declare_ncpy_67_structType myStruct; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; myStruct.structFirst = data; CWE127_Buffer_Underread__wchar_t_declare_ncpy_67b_goodG2BSink(myStruct); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_67b_goodG2BSink(CWE127_Buffer_Underread__wchar_t_declare_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32420 79092/CWE127_Buffer_Underread__wchar_t_declare_ncpy_68.c Buffer_Overflow_LowBound 152 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_ncpy_68_badData = data; CWE127_Buffer_Underread__wchar_t_declare_ncpy_68b_badSink(); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_68b_badSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_declare_ncpy_68_badData; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32421 79092/CWE127_Buffer_Underread__wchar_t_declare_ncpy_68.c Buffer_Overflow_LowBound 132 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_ncpy_68_goodG2BData = data; CWE127_Buffer_Underread__wchar_t_declare_ncpy_68b_goodG2BSink(); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_68b_goodG2BSink() wchar_t * data = CWE127_Buffer_Underread__wchar_t_declare_ncpy_68_goodG2BData; wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32422 79096/CWE127_Buffer_Underread__wchar_t_declare_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; const CWE127_Buffer_Underread__wchar_t_declare_ncpy_81_base& baseObject = CWE127_Buffer_Underread__wchar_t_declare_ncpy_81_bad(); baseObject.action(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_81_bad::action(wchar_t * data) const wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 1 --------------------------------- 32423 79096/CWE127_Buffer_Underread__wchar_t_declare_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; const CWE127_Buffer_Underread__wchar_t_declare_ncpy_81_base& baseObject = CWE127_Buffer_Underread__wchar_t_declare_ncpy_81_goodG2B(); baseObject.action(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; 0 --------------------------------- 32424 79097/CWE127_Buffer_Underread__wchar_t_declare_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer - 8; CWE127_Buffer_Underread__wchar_t_declare_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__wchar_t_declare_ncpy_82_bad; baseObject->action(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_82_bad::action(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; delete baseObject; 1 --------------------------------- 32425 79097/CWE127_Buffer_Underread__wchar_t_declare_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t dataBuffer[100]; wmemset(dataBuffer, L'A', 100-1); dataBuffer[100-1] = L'\0'; data = dataBuffer; CWE127_Buffer_Underread__wchar_t_declare_ncpy_82_base* baseObject = new CWE127_Buffer_Underread__wchar_t_declare_ncpy_82_goodG2B; baseObject->action(data); void CWE127_Buffer_Underread__wchar_t_declare_ncpy_82_goodG2B::action(wchar_t * data) wchar_t dest[100]; wmemset(dest, L'C', 100-1); dest[100-1] = L'\0'; wcsncpy(dest, data, wcslen(dest)); dest[100-1] = L'\0'; delete baseObject; 0 --------------------------------- 32426 79098/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_01.c Format_String_Attack 213 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; fprintf(stdout, data); 1 --------------------------------- 32427 79098/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_01.c Format_String_Attack 120 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); fprintf(stdout, data); 0 --------------------------------- 32428 79098/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_01.c Format_String_Attack 136 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 32429 79099/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_02.c Format_String_Attack 323 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(1) fprintf(stdout, data); 1 --------------------------------- 32430 79099/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_02.c Format_String_Attack 300 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(0){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 32431 79099/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_02.c Format_String_Attack 217 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(1) fprintf(stdout, "%s\n", data); 0 --------------------------------- 32432 79099/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_02.c Format_String_Attack 125 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(0){} else strcpy(data, "fixedstringtest"); if(1) fprintf(stdout, data); 0 --------------------------------- 32433 79099/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_02.c Format_String_Attack 341 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) strcpy(data, "fixedstringtest"); if(1) fprintf(stdout, data); 0 --------------------------------- 32434 79100/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_03.c Format_String_Attack 323 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(5==5) fprintf(stdout, data); 1 --------------------------------- 32435 79100/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_03.c Format_String_Attack 300 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(5!=5){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 32436 79100/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_03.c Format_String_Attack 217 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(5==5) fprintf(stdout, "%s\n", data); 0 --------------------------------- 32437 79100/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_03.c Format_String_Attack 125 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5!=5){} else strcpy(data, "fixedstringtest"); if(5==5) fprintf(stdout, data); 0 --------------------------------- 32438 79100/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_03.c Format_String_Attack 341 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) strcpy(data, "fixedstringtest"); if(5==5) fprintf(stdout, data); 0 --------------------------------- 32439 79101/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_04.c Format_String_Attack 131 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(STATIC_CONST_TRUE) fprintf(stdout, data); 1 --------------------------------- 32440 79101/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_04.c Format_String_Attack 306 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(STATIC_CONST_FALSE){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 32441 79101/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_04.c Format_String_Attack 329 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(STATIC_CONST_TRUE) fprintf(stdout, "%s\n", data); 0 --------------------------------- 32442 79101/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_04.c Format_String_Attack 347 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FALSE){} else strcpy(data, "fixedstringtest"); if(STATIC_CONST_TRUE) fprintf(stdout, data); 0 --------------------------------- 32443 79101/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_04.c Format_String_Attack 223 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) strcpy(data, "fixedstringtest"); if(STATIC_CONST_TRUE) fprintf(stdout, data); 0 --------------------------------- 32444 79102/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_05.c Format_String_Attack 131 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticTrue) fprintf(stdout, data); 1 --------------------------------- 32445 79102/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_05.c Format_String_Attack 306 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticFalse){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 32446 79102/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_05.c Format_String_Attack 329 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticTrue) fprintf(stdout, "%s\n", data); 0 --------------------------------- 32447 79102/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_05.c Format_String_Attack 347 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFalse){} else strcpy(data, "fixedstringtest"); if(staticTrue) fprintf(stdout, data); 0 --------------------------------- 32448 79102/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_05.c Format_String_Attack 223 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) strcpy(data, "fixedstringtest"); if(staticTrue) fprintf(stdout, data); 0 --------------------------------- 32449 79103/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_06.c Format_String_Attack 130 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(STATIC_CONST_FIVE==5) fprintf(stdout, data); 1 --------------------------------- 32450 79103/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_06.c Format_String_Attack 346 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(STATIC_CONST_FIVE!=5){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 32451 79103/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_06.c Format_String_Attack 305 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(STATIC_CONST_FIVE==5) fprintf(stdout, "%s\n", data); 0 --------------------------------- 32452 79103/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_06.c Format_String_Attack 328 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE!=5){} else strcpy(data, "fixedstringtest"); if(STATIC_CONST_FIVE==5) fprintf(stdout, data); 0 --------------------------------- 32453 79103/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_06.c Format_String_Attack 222 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) strcpy(data, "fixedstringtest"); if(STATIC_CONST_FIVE==5) fprintf(stdout, data); 0 --------------------------------- 32454 79104/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_07.c Format_String_Attack 130 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticFive==5) fprintf(stdout, data); 1 --------------------------------- 32455 79104/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_07.c Format_String_Attack 346 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticFive!=5){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 32456 79104/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_07.c Format_String_Attack 305 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticFive==5) fprintf(stdout, "%s\n", data); 0 --------------------------------- 32457 79104/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_07.c Format_String_Attack 328 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive!=5){} else strcpy(data, "fixedstringtest"); if(staticFive==5) fprintf(stdout, data); 0 --------------------------------- 32458 79104/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_07.c Format_String_Attack 222 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) strcpy(data, "fixedstringtest"); if(staticFive==5) fprintf(stdout, data); 0 --------------------------------- 32459 79105/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_08.c Format_String_Attack 138 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticReturnsTrue()) fprintf(stdout, data); 1 --------------------------------- 32460 79105/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_08.c Format_String_Attack 354 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticReturnsFalse()){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 32461 79105/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_08.c Format_String_Attack 313 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticReturnsTrue()) fprintf(stdout, "%s\n", data); 0 --------------------------------- 32462 79105/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_08.c Format_String_Attack 336 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsFalse()){} else strcpy(data, "fixedstringtest"); if(staticReturnsTrue()) fprintf(stdout, data); 0 --------------------------------- 32463 79105/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_08.c Format_String_Attack 230 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) strcpy(data, "fixedstringtest"); if(staticReturnsTrue()) fprintf(stdout, data); 0 --------------------------------- 32464 79106/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_09.c Format_String_Attack 323 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(GLOBAL_CONST_TRUE) fprintf(stdout, data); 1 --------------------------------- 32465 79106/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_09.c Format_String_Attack 300 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(GLOBAL_CONST_FALSE){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 32466 79106/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_09.c Format_String_Attack 217 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(GLOBAL_CONST_TRUE) fprintf(stdout, "%s\n", data); 0 --------------------------------- 32467 79106/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_09.c Format_String_Attack 125 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FALSE){} else strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_TRUE) fprintf(stdout, data); 0 --------------------------------- 32468 79106/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_09.c Format_String_Attack 341 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_TRUE) fprintf(stdout, data); 0 --------------------------------- 32469 79107/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_10.c Format_String_Attack 323 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalTrue) fprintf(stdout, data); 1 --------------------------------- 32470 79107/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_10.c Format_String_Attack 300 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalFalse){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 32471 79107/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_10.c Format_String_Attack 217 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalTrue) fprintf(stdout, "%s\n", data); 0 --------------------------------- 32472 79107/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_10.c Format_String_Attack 125 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFalse){} else strcpy(data, "fixedstringtest"); if(globalTrue) fprintf(stdout, data); 0 --------------------------------- 32473 79107/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_10.c Format_String_Attack 341 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) strcpy(data, "fixedstringtest"); if(globalTrue) fprintf(stdout, data); 0 --------------------------------- 32474 79108/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_11.c Format_String_Attack 323 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalReturnsTrue()) fprintf(stdout, data); 1 --------------------------------- 32475 79108/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_11.c Format_String_Attack 300 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalReturnsFalse()){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 32476 79108/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_11.c Format_String_Attack 217 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalReturnsTrue()) fprintf(stdout, "%s\n", data); 0 --------------------------------- 32477 79108/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_11.c Format_String_Attack 125 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsFalse()){} else strcpy(data, "fixedstringtest"); if(globalReturnsTrue()) fprintf(stdout, data); 0 --------------------------------- 32478 79108/CWE134_Uncontrolled_Format_String__char_connect_socket_fprintf_11.c Format_String_Attack 341 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) strcpy(data, "fixedstringtest"); if(globalReturnsTrue()) fprintf(stdout, data); 0 --------------------------------- 32479 63397/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_06.c Buffer_Overflow_LowBound 79 char * data; char dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE!=5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32480 63397/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_06.c Buffer_Overflow_LowBound 48 char * data; char dataBadBuffer[10]; if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32481 63397/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_06.c Buffer_Overflow_LowBound 101 char * data; char dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32482 63398/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_07.c Buffer_Overflow_LowBound 103 char * data; char dataGoodBuffer[10+1]; if(staticFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32483 63398/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_07.c Buffer_Overflow_LowBound 81 char * data; char dataGoodBuffer[10+1]; if(staticFive!=5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32484 63398/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_07.c Buffer_Overflow_LowBound 50 char * data; char dataBadBuffer[10]; if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32485 63399/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_08.c Buffer_Overflow_LowBound 111 char * data; char dataGoodBuffer[10+1]; if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32486 63399/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_08.c Buffer_Overflow_LowBound 89 char * data; char dataGoodBuffer[10+1]; if(staticReturnsFalse()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32487 63399/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_08.c Buffer_Overflow_LowBound 58 char * data; char dataBadBuffer[10]; if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32488 63400/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_09.c Buffer_Overflow_LowBound 75 char * data; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FALSE) else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32489 63400/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_09.c Buffer_Overflow_LowBound 44 char * data; char dataBadBuffer[10]; if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32490 63400/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_09.c Buffer_Overflow_LowBound 97 char * data; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32491 63401/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_10.c Buffer_Overflow_LowBound 75 char * data; char dataGoodBuffer[10+1]; if(globalFalse) else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32492 63401/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_10.c Buffer_Overflow_LowBound 44 char * data; char dataBadBuffer[10]; if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32493 63401/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_10.c Buffer_Overflow_LowBound 97 char * data; char dataGoodBuffer[10+1]; if(globalTrue) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32494 63402/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_11.c Buffer_Overflow_LowBound 75 char * data; char dataGoodBuffer[10+1]; if(globalReturnsFalse()) else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32495 63402/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_11.c Buffer_Overflow_LowBound 44 char * data; char dataBadBuffer[10]; if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32496 63402/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_11.c Buffer_Overflow_LowBound 97 char * data; char dataGoodBuffer[10+1]; if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32497 63403/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_12.c Buffer_Overflow_LowBound 85 char * data; char dataGoodBuffer[10+1]; if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = '\0'; else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32498 63403/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_12.c Buffer_Overflow_LowBound 51 char * data; char dataBadBuffer[10]; if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = '\0'; else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32499 63404/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_13.c Buffer_Overflow_LowBound 75 char * data; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32500 63404/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_13.c Buffer_Overflow_LowBound 44 char * data; char dataBadBuffer[10]; if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32501 63404/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_13.c Buffer_Overflow_LowBound 97 char * data; char dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32502 63405/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_14.c Buffer_Overflow_LowBound 75 char * data; char dataGoodBuffer[10+1]; if(globalFive!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32503 63405/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_14.c Buffer_Overflow_LowBound 44 char * data; char dataBadBuffer[10]; if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32504 63405/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_14.c Buffer_Overflow_LowBound 97 char * data; char dataGoodBuffer[10+1]; if(globalFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32505 63406/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_15.c Buffer_Overflow_LowBound 110 char * data; char dataGoodBuffer[10+1]; switch(6) case 6: data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32506 63406/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_15.c Buffer_Overflow_LowBound 50 char * data; char dataBadBuffer[10]; switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32507 63406/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_15.c Buffer_Overflow_LowBound 82 char * data; char dataGoodBuffer[10+1]; switch(5) default: data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32508 63407/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_16.c Buffer_Overflow_LowBound 72 char * data; char dataGoodBuffer[10+1]; while(1) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32509 63407/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_16.c Buffer_Overflow_LowBound 45 char * data; char dataBadBuffer[10]; while(1) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32510 63408/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_17.c Buffer_Overflow_LowBound 72 char * data; char dataGoodBuffer[10+1]; for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32511 63408/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_17.c Buffer_Overflow_LowBound 45 char * data; char dataBadBuffer[10]; for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32512 63409/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_18.c Buffer_Overflow_LowBound 43 char * data; char dataBadBuffer[10]; goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32513 63409/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_18.c Buffer_Overflow_LowBound 68 char * data; char dataGoodBuffer[10+1]; goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32514 63410/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_31.c Buffer_Overflow_LowBound 71 char * data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32515 63410/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_31.c Buffer_Overflow_LowBound 44 char * data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32516 63411/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_32.c Buffer_Overflow_LowBound 81 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataGoodBuffer[10+1]; char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32517 63411/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_32.c Buffer_Overflow_LowBound 49 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBadBuffer[10]; char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32518 63413/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_34.c Buffer_Overflow_LowBound 79 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_34_unionType myUnion; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32519 63413/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_34.c Buffer_Overflow_LowBound 51 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_34_unionType myUnion; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32520 63414/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_41.c Buffer_Overflow_LowBound 61 char * data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_41_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32521 63414/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_41.c Buffer_Overflow_LowBound 34 char * data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_41_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32522 63415/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_44.c Buffer_Overflow_LowBound 65 char * data; void (*funcPtr) (char *) = goodG2BSink; static void goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; 0 --------------------------------- 32523 63415/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_44.c Buffer_Overflow_LowBound 34 char * data; void (*funcPtr) (char *) = badSink; static void badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; 1 --------------------------------- 32524 63416/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_45.c Buffer_Overflow_LowBound 38 char * data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_45_badData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32525 63416/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_45.c Buffer_Overflow_LowBound 68 char * data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_45_goodG2BData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32526 63417/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_51.c Buffer_Overflow_LowBound 150 char * data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_51b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32527 63417/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_51.c Buffer_Overflow_LowBound 134 char * data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_51b_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32528 63418/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_52.c Buffer_Overflow_LowBound 204 char * data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_52c_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32529 63418/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_52.c Buffer_Overflow_LowBound 188 char * data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_52c_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32530 63419/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53.c Buffer_Overflow_LowBound 258 char * data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53d_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32531 63419/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53.c Buffer_Overflow_LowBound 242 char * data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_53d_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32532 63420/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54.c Buffer_Overflow_LowBound 312 char * data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54e_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32533 63420/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54.c Buffer_Overflow_LowBound 296 char * data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_54e_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32534 63421/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_63.c Buffer_Overflow_LowBound 149 char * data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32535 63421/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_63.c Buffer_Overflow_LowBound 132 char * data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32536 63422/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_64.c Buffer_Overflow_LowBound 135 char * data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32537 63422/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_64.c Buffer_Overflow_LowBound 155 char * data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32538 63423/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_65.c Buffer_Overflow_LowBound 151 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_65b_goodG2BSink; void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_65b_goodG2BSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); printLine(data); char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); 0 --------------------------------- 32539 63423/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_65.c Buffer_Overflow_LowBound 135 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_65b_badSink; void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_65b_badSink(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); printLine(data); char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; funcPtr(data); 1 --------------------------------- 32540 63424/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_66.c Buffer_Overflow_LowBound 155 char * data; char * dataArray[5]; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32541 63424/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_66.c Buffer_Overflow_LowBound 138 char * data; char * dataArray[5]; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32542 63425/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_67.c Buffer_Overflow_LowBound 163 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_67_structType myStruct; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32543 63425/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_67.c Buffer_Overflow_LowBound 146 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_67_structType myStruct; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32544 63426/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_68.c Buffer_Overflow_LowBound 143 char * data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_68_badData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32545 63426/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_68.c Buffer_Overflow_LowBound 160 char * data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_68_goodG2BData; char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32546 63430/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_81_bad.cpp Buffer_Overflow_LowBound 30 char * data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_81_bad(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_81_bad::action(char * data) const char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32547 63430/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 30 char * data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_81_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_81_goodG2B::action(char * data) const char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32548 63431/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_82_bad.cpp Buffer_Overflow_LowBound 30 char * data; char dataBadBuffer[10]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_82_bad; void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_82_bad::action(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 32549 63431/CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 30 char * data; char dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_82_goodG2B; void CWE121_Stack_Based_Buffer_Overflow__CWE193_char_declare_ncpy_82_goodG2B::action(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 32550 63432/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_01.c Buffer_Overflow_cpycat 62 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32551 63432/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_01.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32552 63433/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 94 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(1) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32553 63433/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(1) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32554 63434/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(5!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32555 63434/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(5==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32556 63435/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 50 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32557 63435/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 80 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(STATIC_CONST_FALSE) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32558 63436/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 50 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32559 63436/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 80 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32560 63437/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(staticTrue) data = dataBadBuffer data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32561 63437/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(staticFalse) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32562 63438/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 49 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(staticFive==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32563 63438/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 100 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(staticFive==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32564 63439/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 57 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(staticReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32565 63439/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 108 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32566 63440/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(GLOBAL_CONST_FALSE) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32567 63440/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32568 63441/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(globalFalse) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32569 63441/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(globalTrue) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32570 63442/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(globalReturnsFalse()) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32571 63442/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(globalReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32572 63443/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_12.c Buffer_Overflow_cpycat 50 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32573 63443/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_12.c Buffer_Overflow_cpycat 83 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32574 63444/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32575 63444/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32576 63445/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(globalFive!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32577 63445/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(globalFive==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32578 63446/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 49 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); switch(6) case 6: data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32579 63446/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 107 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); switch(6) case 6: data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32580 63447/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_16.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); while(1) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32581 63447/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_16.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); while(1) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32582 63448/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_17.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32583 63448/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_17.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32584 63449/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_18.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); goto source; source: data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32585 63449/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_18.c Buffer_Overflow_cpycat 42 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); goto source; source: data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32586 63450/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_31.c Buffer_Overflow_cpycat 69 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32587 63450/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_31.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32588 63451/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_32.c Buffer_Overflow_cpycat 79 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); wchar_t * data = *dataPtr1; data = dataGoodBuffer; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32589 63451/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_32.c Buffer_Overflow_cpycat 48 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); wchar_t * data = *dataPtr1; data = dataBadBuffer; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32590 63453/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_34.c Buffer_Overflow_cpycat 50 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_34_unionType myUnion; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32591 63453/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_34.c Buffer_Overflow_cpycat 77 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_34_unionType myUnion; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32592 63454/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_41.c Buffer_Overflow_cpycat 33 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_41_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32593 63454/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_41.c Buffer_Overflow_cpycat 59 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_41_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32594 63455/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_44.c Buffer_Overflow_cpycat 33 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; static void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; 1 --------------------------------- 32595 63455/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_44.c Buffer_Overflow_cpycat 63 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; static void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; 0 --------------------------------- 32596 63456/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_45.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_45_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32597 63456/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_45.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_45_badData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32598 63457/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_51.c Buffer_Overflow_cpycat 148 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_51b_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32599 63457/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_51.c Buffer_Overflow_cpycat 133 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_51b_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32600 63458/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_52.c Buffer_Overflow_cpycat 202 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_52c_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32601 63458/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_52.c Buffer_Overflow_cpycat 187 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_52c_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32602 63459/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53.c Buffer_Overflow_cpycat 241 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53d_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32603 63459/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53.c Buffer_Overflow_cpycat 256 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_53d_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32604 63460/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54.c Buffer_Overflow_cpycat 310 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0' CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54e_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32605 63460/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54.c Buffer_Overflow_cpycat 295 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0' CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_54e_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32606 63461/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_63.c Buffer_Overflow_cpycat 131 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32607 63461/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_63.c Buffer_Overflow_cpycat 147 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32608 63462/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_64.c Buffer_Overflow_cpycat 134 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32609 63462/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_64.c Buffer_Overflow_cpycat 153 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32610 63463/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_65.c Buffer_Overflow_cpycat 134 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_65b_badSink; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_65b_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; 1 --------------------------------- 32611 63463/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_65.c Buffer_Overflow_cpycat 149 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_65b_goodG2BSink; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_65b_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; 0 --------------------------------- 32612 63464/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_66.c Buffer_Overflow_cpycat 153 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32613 63464/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_66.c Buffer_Overflow_cpycat 137 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32614 63465/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_67.c Buffer_Overflow_cpycat 145 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_67_structType myStruct; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32615 63465/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_67.c Buffer_Overflow_cpycat 161 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_67_structType myStruct; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32616 63466/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_68.c Buffer_Overflow_cpycat 158 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_68b_goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_68_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32617 63466/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_68.c Buffer_Overflow_cpycat 142 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_68b_badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_68_badData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32618 63470/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_81_bad(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_81_bad::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32619 63470/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_81_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_81_goodG2B::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32620 63471/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_82_bad.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_82_bad; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_82_bad::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32621 63471/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_82_goodG2B; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_cpy_82_goodG2B::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32622 63592/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_01.c Buffer_Overflow_LowBound 64 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32623 63592/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_01.c Buffer_Overflow_LowBound 41 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32624 63593/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(1) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32625 63593/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 97 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(1) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32626 63594/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(5==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32627 63594/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 97 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(5==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32628 63595/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 51 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32629 63595/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 82 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(STATIC_CONST_FALSE) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32630 63596/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 51 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(staticTrue) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32631 63596/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 82 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(staticFalse) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32632 63597/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 48 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32633 63597/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 101 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(STATIC_CONST_FIVE==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32634 63598/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 81 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(staticFive!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32635 63598/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 50 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(staticFive==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32636 63599/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 89 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(staticReturnsFalse()) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32637 63599/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 58 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(staticReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32638 63600/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32639 63600/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 97 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32640 63601/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(globalTrue) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32641 63601/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 97 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(globalTrue) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32642 63602/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(globalReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32643 63602/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 97 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32644 63603/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_12.c Buffer_Overflow_LowBound 85 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32645 63603/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_12.c Buffer_Overflow_LowBound 51 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32646 63604/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32647 63604/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 97 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32648 63605/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); if(globalFive==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32649 63605/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 97 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); if(globalFive==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32650 63606/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 50 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); switch(6) case 6: data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32651 63606/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 82 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); switch(6) default: data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32652 63607/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_16.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); while(1) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32653 63607/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_16.c Buffer_Overflow_LowBound 45 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); while(1) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32654 63608/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_17.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32655 63608/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_17.c Buffer_Overflow_LowBound 45 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32656 63609/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_18.c Buffer_Overflow_LowBound 43 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); goto source; source: data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32657 63609/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_18.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); goto source; source: data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32658 63610/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_31.c Buffer_Overflow_LowBound 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32659 63610/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_31.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32660 63611/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_32.c Buffer_Overflow_LowBound 81 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); wchar_t * data = *dataPtr1; data = dataGoodBuffer; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32661 63611/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_32.c Buffer_Overflow_LowBound 49 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); wchar_t * data = *dataPtr1; data = dataBadBuffer; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32662 63613/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_34.c Buffer_Overflow_LowBound 79 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_34_unionType myUnion; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32663 63613/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_34.c Buffer_Overflow_LowBound 51 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_34_unionType myUnion; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32664 63614/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_41.c Buffer_Overflow_LowBound 61 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_41_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32665 63614/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_41.c Buffer_Overflow_LowBound 34 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_41_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32666 63615/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_44.c Buffer_Overflow_LowBound 65 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; static void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; 0 --------------------------------- 32667 63615/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_44.c Buffer_Overflow_LowBound 34 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; static void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; 1 --------------------------------- 32668 63616/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_45.c Buffer_Overflow_LowBound 38 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_45_badData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32669 63616/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_45.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_45_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32670 63617/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_51.c Buffer_Overflow_LowBound 150 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32671 63617/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_51.c Buffer_Overflow_LowBound 134 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_51b_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32672 63618/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_52.c Buffer_Overflow_LowBound 204 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32673 63618/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_52.c Buffer_Overflow_LowBound 188 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_52c_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32674 63619/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53.c Buffer_Overflow_LowBound 258 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32675 63619/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53.c Buffer_Overflow_LowBound 242 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_53d_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32676 63620/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54.c Buffer_Overflow_LowBound 312 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32677 63620/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54.c Buffer_Overflow_LowBound 296 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_54e_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32678 63621/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_63.c Buffer_Overflow_LowBound 149 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32679 63621/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_63.c Buffer_Overflow_LowBound 132 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32680 63622/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_64.c Buffer_Overflow_LowBound 135 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32681 63622/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_64.c Buffer_Overflow_LowBound 155 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32682 63623/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_65.c Buffer_Overflow_LowBound 151 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_65b_goodG2BSink; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; 0 --------------------------------- 32683 63623/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_65.c Buffer_Overflow_LowBound 135 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_65b_badSink; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_65b_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); data = dataBadBuffer; data[0] = L'\0'; 1 --------------------------------- 32684 63624/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_66.c Buffer_Overflow_LowBound 155 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32685 63624/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_66.c Buffer_Overflow_LowBound 138 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32686 63625/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_67.c Buffer_Overflow_LowBound 163 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_67_structType myStruct; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32687 63625/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_67.c Buffer_Overflow_LowBound 146 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_67_structType myStruct; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32688 63626/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_68.c Buffer_Overflow_LowBound 143 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_68b_badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_68_badData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32689 63626/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_68.c Buffer_Overflow_LowBound 160 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_68b_goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_68_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32690 63630/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_81_bad.cpp Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_81_bad(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_81_bad::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32691 63630/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_81_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32692 63631/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_82_bad.cpp Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA((10)*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_82_bad; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_82_bad::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32693 63631/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA((10+1)*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_82_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_82_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_alloca_ncpy_82_goodG2B::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32694 63632/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_01.c Buffer_Overflow_cpycat 62 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32695 63632/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_01.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32696 63633/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(0) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32697 63633/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t dataBadBuffer[10]; if(1) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32698 63634/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(5!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32699 63634/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t dataBadBuffer[10]; if(5==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32700 63635/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 50 wchar_t * data; wchar_t dataBadBuffer[10]; if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32701 63635/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 80 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(STATIC_CONST_FALSE) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32702 63636/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 50 wchar_t * data; wchar_t dataBadBuffer[10]; if(staticTrue) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32703 63636/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 80 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(staticFalse) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32704 63637/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 47 wchar_t * data; wchar_t dataBadBuffer[10]; if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32705 63637/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 77 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32706 63638/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 49 wchar_t * data; wchar_t dataBadBuffer[10]; if(staticFive==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32707 63638/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 79 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(staticFive!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32708 63639/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 57 wchar_t * data; wchar_t dataBadBuffer[10]; if(staticReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32709 63639/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 87 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(staticReturnsFalse()) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32710 63640/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(GLOBAL_CONST_FALSE) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32711 63640/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t dataBadBuffer[10]; if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32712 63641/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 94 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(globalTrue) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32713 63641/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t dataBadBuffer[10]; if(globalTrue) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32714 63642/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 94 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32715 63642/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t dataBadBuffer[10]; if(globalReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32716 63643/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_12.c Buffer_Overflow_cpycat 50 wchar_t * data; wchar_t dataBadBuffer[10]; if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32717 63643/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_12.c Buffer_Overflow_cpycat 83 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32718 63644/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 94 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32719 63644/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t dataBadBuffer[10]; if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32720 63645/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 94 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(globalFive==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32721 63645/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t dataBadBuffer[10]; if(globalFive==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32722 63646/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 49 wchar_t * data; wchar_t dataBadBuffer[10]; switch(6) case 6: data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32723 63646/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 107 wchar_t * data; wchar_t dataGoodBuffer[10+1]; switch(6) case 6: data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32724 63647/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_16.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t dataGoodBuffer[10+1]; while(1) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32725 63647/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_16.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t dataBadBuffer[10]; while(1) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32726 63648/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_17.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t dataGoodBuffer[10+1]; for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32727 63648/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_17.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t dataBadBuffer[10]; for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32728 63649/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_18.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t dataGoodBuffer[10+1]; goto source; source: data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32729 63649/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_18.c Buffer_Overflow_cpycat 42 wchar_t * data; wchar_t dataBadBuffer[10]; goto source; source: data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32730 63650/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_31.c Buffer_Overflow_cpycat 69 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32731 63650/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_31.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32732 63651/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_32.c Buffer_Overflow_cpycat 79 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataGoodBuffer[10+1]; wchar_t * data = *dataPtr1; data = dataGoodBuffer; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32733 63651/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_32.c Buffer_Overflow_cpycat 48 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBadBuffer[10]; wchar_t * data = *dataPtr1; data = dataBadBuffer; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32734 63653/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_34.c Buffer_Overflow_cpycat 50 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_34_unionType myUnion; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32735 63653/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_34.c Buffer_Overflow_cpycat 77 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_34_unionType myUnion; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32736 63654/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_41.c Buffer_Overflow_cpycat 33 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_41_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32737 63654/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_41.c Buffer_Overflow_cpycat 59 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_41_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32738 63655/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_44.c Buffer_Overflow_cpycat 33 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; static void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; 1 --------------------------------- 32739 63655/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_44.c Buffer_Overflow_cpycat 63 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; static void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; 0 --------------------------------- 32740 63656/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_45.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_45_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32741 63656/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_45.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_45_badData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32742 63657/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_51.c Buffer_Overflow_cpycat 148 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_51b_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32743 63657/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_51.c Buffer_Overflow_cpycat 133 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_51b_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32744 63658/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_52.c Buffer_Overflow_cpycat 202 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_52c_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32745 63658/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_52.c Buffer_Overflow_cpycat 187 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_52c_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32746 63659/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53.c Buffer_Overflow_cpycat 241 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53d_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32747 63659/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53.c Buffer_Overflow_cpycat 256 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_53d_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32748 63660/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54.c Buffer_Overflow_cpycat 310 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54e_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32749 63660/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54.c Buffer_Overflow_cpycat 295 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_54e_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32750 63661/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_63.c Buffer_Overflow_cpycat 131 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32751 63661/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_63.c Buffer_Overflow_cpycat 147 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32752 63662/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_64.c Buffer_Overflow_cpycat 134 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_64b_badSink(wchar_t * * dataPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32753 63662/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_64.c Buffer_Overflow_cpycat 153 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_64b_goodG2BSink(wchar_t * * dataPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32754 63663/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_65.c Buffer_Overflow_cpycat 134 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_65b_badSink; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_65b_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; 1 --------------------------------- 32755 63663/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_65.c Buffer_Overflow_cpycat 149 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_65b_goodG2BSink; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_65b_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); data = dataGoodBuffer; data[0] = L'\0'; 0 --------------------------------- 32756 63664/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_66.c Buffer_Overflow_cpycat 153 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32757 63664/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_66.c Buffer_Overflow_cpycat 137 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32758 63665/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_67.c Buffer_Overflow_cpycat 145 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_67_structType myStruct; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32759 63665/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_67.c Buffer_Overflow_cpycat 161 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_67_structType myStruct; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32760 63666/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_68.c Buffer_Overflow_cpycat 158 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_68b_goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_68_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32761 63666/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_68.c Buffer_Overflow_cpycat 142 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_68b_badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_68_badData; wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32762 63670/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_81_bad(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_81_bad::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32763 63670/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_81_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_81_goodG2B::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32764 63671/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_82_bad.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_82_bad; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_82_bad::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 32765 63671/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_82_goodG2B; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_cpy_82_goodG2B::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 32766 63792/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_01.c Buffer_Overflow_LowBound 64 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32767 63792/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_01.c Buffer_Overflow_LowBound 41 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32768 63793/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t dataBadBuffer[10]; if(1) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32769 63793/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 97 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(1) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32770 63794/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 75 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(5!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32771 63794/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t dataBadBuffer[10]; if(5==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32772 63795/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 51 wchar_t * data; wchar_t dataBadBuffer[10]; if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32773 63795/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 82 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(STATIC_CONST_FALSE) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32774 63796/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 51 wchar_t * data; wchar_t dataBadBuffer[10]; if(staticTrue) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32775 63796/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 82 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(staticFalse) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32776 63797/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 48 wchar_t * data; wchar_t dataBadBuffer[10]; if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32777 63797/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 101 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(STATIC_CONST_FIVE==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32778 63798/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 81 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(staticFive!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32779 63798/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 50 wchar_t * data; wchar_t dataBadBuffer[10]; if(staticFive==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32780 63799/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 89 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(staticReturnsFalse()) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32781 63799/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 58 wchar_t * data; wchar_t dataBadBuffer[10]; if(staticReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32782 63800/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t dataBadBuffer[10]; if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32783 63800/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 97 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32784 63801/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t dataBadBuffer[10]; if(globalTrue) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32785 63801/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 97 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(globalTrue) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32786 63802/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 75 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(globalReturnsFalse()) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32787 63802/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t dataBadBuffer[10]; if(globalReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32788 63803/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_12.c Buffer_Overflow_LowBound 85 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32789 63803/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_12.c Buffer_Overflow_LowBound 51 wchar_t * data; wchar_t dataBadBuffer[10]; if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32790 63804/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t dataBadBuffer[10]; if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32791 63804/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 97 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32792 63805/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 75 wchar_t * data; wchar_t dataGoodBuffer[10+1]; if(globalFive!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32793 63805/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t dataBadBuffer[10]; if(globalFive==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32794 63806/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 110 wchar_t * data; wchar_t dataGoodBuffer[10+1]; switch(6) case 6: data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32795 63806/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 50 wchar_t * data; wchar_t dataBadBuffer[10]; switch(6) case 6: data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32796 63807/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_16.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t dataGoodBuffer[10+1]; while(1) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32797 63807/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_16.c Buffer_Overflow_LowBound 45 wchar_t * data; wchar_t dataBadBuffer[10]; while(1) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32798 63808/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_17.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t dataGoodBuffer[10+1]; for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32799 63808/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_17.c Buffer_Overflow_LowBound 45 wchar_t * data; wchar_t dataBadBuffer[10]; for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32800 63809/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_18.c Buffer_Overflow_LowBound 43 wchar_t * data; wchar_t dataBadBuffer[10]; goto source; source: data = dataBadBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32801 63809/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_18.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t dataGoodBuffer[10+1]; goto source; source: data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32802 63810/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_31.c Buffer_Overflow_LowBound 71 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32803 63810/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_31.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32804 63811/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_32.c Buffer_Overflow_LowBound 81 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataGoodBuffer[10+1]; wchar_t * data = *dataPtr1; data = dataGoodBuffer; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32805 63811/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_32.c Buffer_Overflow_LowBound 49 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBadBuffer[10]; wchar_t * data = *dataPtr1; data = dataBadBuffer; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32806 63813/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_34.c Buffer_Overflow_LowBound 79 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_34_unionType myUnion; wchar_t dataGoodBuffer[10+1]; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32807 63813/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_34.c Buffer_Overflow_LowBound 51 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_34_unionType myUnion; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32808 63814/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_41.c Buffer_Overflow_LowBound 61 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_41_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32809 63814/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_41.c Buffer_Overflow_LowBound 34 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_41_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32810 63815/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_44.c Buffer_Overflow_LowBound 65 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; static void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; 0 --------------------------------- 32811 63815/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_44.c Buffer_Overflow_LowBound 34 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; static void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; 1 --------------------------------- 32812 63816/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_45.c Buffer_Overflow_LowBound 38 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_45_badData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32813 63816/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_45.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_45_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32814 63817/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_51.c Buffer_Overflow_LowBound 150 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32815 63817/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_51.c Buffer_Overflow_LowBound 134 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_51b_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32816 63818/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_52.c Buffer_Overflow_LowBound 204 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32817 63818/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_52.c Buffer_Overflow_LowBound 188 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_52c_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32818 63819/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53.c Buffer_Overflow_LowBound 258 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32819 63819/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53.c Buffer_Overflow_LowBound 242 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_53d_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32820 63820/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54.c Buffer_Overflow_LowBound 312 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32821 63820/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54.c Buffer_Overflow_LowBound 296 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_54e_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32822 63821/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_63.c Buffer_Overflow_LowBound 149 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_63b_goodG2BSink(wchar_t * * data) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32823 63821/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_63.c Buffer_Overflow_LowBound 132 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_63b_badSink(wchar_t * dataVoidPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32824 63822/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_64.c Buffer_Overflow_LowBound 135 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_64b_badSink(wchar_t * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32825 63822/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_64.c Buffer_Overflow_LowBound 155 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_64b_goodG2BSink(wchar_t * * data) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32826 63823/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_65.c Buffer_Overflow_LowBound 151 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_65b_goodG2BSink; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; 0 --------------------------------- 32827 63823/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_65.c Buffer_Overflow_LowBound 135 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_65b_badSink; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_65b_badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; 1 --------------------------------- 32828 63824/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_66.c Buffer_Overflow_LowBound 155 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32829 63824/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_66.c Buffer_Overflow_LowBound 138 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32830 63825/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_67.c Buffer_Overflow_LowBound 163 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_67_structType myStruct; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32831 63825/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_67.c Buffer_Overflow_LowBound 146 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_67_structType myStruct; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32832 63826/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_68.c Buffer_Overflow_LowBound 143 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_68b_badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_68_badData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32833 63826/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_68.c Buffer_Overflow_LowBound 160 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_68b_goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_68_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32834 63830/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_81_bad.cpp Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_81_bad(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_81_bad::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32835 63830/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_81_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32836 63831/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_82_bad.cpp Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t dataBadBuffer[10]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_82_bad; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_82_bad::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 32837 63831/CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t dataGoodBuffer[10+1]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_82_goodG2B; void CWE121_Stack_Based_Buffer_Overflow__CWE193_wchar_t_declare_ncpy_82_goodG2B::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 32838 63952/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_01.c Buffer_Overflow_LowBound 37 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32839 63952/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_01.c Buffer_Overflow_LowBound 60 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32840 63953/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_02.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(1) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32841 63953/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_02.c Buffer_Overflow_LowBound 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; if(0) else data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32842 63954/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_03.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32843 63954/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_03.c Buffer_Overflow_LowBound 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(5==5) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32844 63955/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_04.c Buffer_Overflow_LowBound 78 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(STATIC_CONST_FALSE) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32845 63955/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_04.c Buffer_Overflow_LowBound 47 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32846 63956/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_05.c Buffer_Overflow_LowBound 78 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(staticFalse) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32847 63956/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_05.c Buffer_Overflow_LowBound 47 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32848 63957/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_06.c Buffer_Overflow_LowBound 75 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(STATIC_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32849 63957/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_06.c Buffer_Overflow_LowBound 44 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32850 63958/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_07.c Buffer_Overflow_LowBound 46 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32851 63958/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_07.c Buffer_Overflow_LowBound 99 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(staticFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32852 63959/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_08.c Buffer_Overflow_LowBound 54 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32853 63959/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_08.c Buffer_Overflow_LowBound 85 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(staticReturnsFalse()) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32854 63960/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_09.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32855 63960/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_09.c Buffer_Overflow_LowBound 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32856 63961/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_10.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32857 63961/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_10.c Buffer_Overflow_LowBound 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(globalTrue) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32858 63962/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_11.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32859 63962/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_11.c Buffer_Overflow_LowBound 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(globalReturnsFalse()) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32860 63963/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_12.c Buffer_Overflow_LowBound 46 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32861 63963/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_12.c Buffer_Overflow_LowBound 79 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32862 63964/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_13.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32863 63964/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_13.c Buffer_Overflow_LowBound 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32864 63965/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_14.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32865 63965/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_14.c Buffer_Overflow_LowBound 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(globalFive!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32866 63966/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_15.c Buffer_Overflow_LowBound 78 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); switch(5) default: data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32867 63966/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_15.c Buffer_Overflow_LowBound 46 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32868 63967/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_16.c Buffer_Overflow_LowBound 41 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); while(1) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32869 63967/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_16.c Buffer_Overflow_LowBound 68 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); while(1) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32870 63968/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_17.c Buffer_Overflow_LowBound 41 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32871 63968/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_17.c Buffer_Overflow_LowBound 68 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32872 63969/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_18.c Buffer_Overflow_LowBound 64 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32873 63969/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_18.c Buffer_Overflow_LowBound 39 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32874 63970/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_31.c Buffer_Overflow_LowBound 67 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32875 63970/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_31.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32876 63971/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_32.c Buffer_Overflow_LowBound 77 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32877 63971/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_32.c Buffer_Overflow_LowBound 45 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32878 63973/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_34.c Buffer_Overflow_LowBound 75 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_34_unionType myUnion; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32879 63973/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_34.c Buffer_Overflow_LowBound 47 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32880 63974/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_41.c Buffer_Overflow_LowBound 30 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32881 63974/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_41.c Buffer_Overflow_LowBound 58 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32882 63975/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_44.c Buffer_Overflow_LowBound 30 char * data; void (*funcPtr) (char *) = badSink; static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; 1 --------------------------------- 32883 63975/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_44.c Buffer_Overflow_LowBound 62 char * data; void (*funcPtr) (char *) = goodG2BSink; static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; 0 --------------------------------- 32884 63976/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_45.c Buffer_Overflow_LowBound 65 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32885 63976/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_45.c Buffer_Overflow_LowBound 34 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32886 63977/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_51.c Buffer_Overflow_LowBound 141 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32887 63977/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_51.c Buffer_Overflow_LowBound 124 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32888 63978/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_52.c Buffer_Overflow_LowBound 190 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32889 63978/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_52.c Buffer_Overflow_LowBound 173 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32890 63979/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53.c Buffer_Overflow_LowBound 222 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32891 63979/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53.c Buffer_Overflow_LowBound 239 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32892 63980/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54.c Buffer_Overflow_LowBound 288 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32893 63980/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54.c Buffer_Overflow_LowBound 271 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32894 63981/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_63.c Buffer_Overflow_LowBound 122 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32895 63981/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_63.c Buffer_Overflow_LowBound 140 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32896 63982/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_64.c Buffer_Overflow_LowBound 125 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32897 63982/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_64.c Buffer_Overflow_LowBound 146 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32898 63983/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_65.c Buffer_Overflow_LowBound 142 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_65b_goodG2BSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; 0 --------------------------------- 32899 63983/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_65.c Buffer_Overflow_LowBound 125 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_65b_badSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; 1 --------------------------------- 32900 63984/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_66.c Buffer_Overflow_LowBound 128 char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32901 63984/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_66.c Buffer_Overflow_LowBound 146 char * data; char * dataArray[5]; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32902 63985/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_67.c Buffer_Overflow_LowBound 136 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32903 63985/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_67.c Buffer_Overflow_LowBound 154 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_67_structType myStruct; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32904 63986/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_68.c Buffer_Overflow_LowBound 133 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32905 63986/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_68.c Buffer_Overflow_LowBound 151 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32906 63990/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_81_bad(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32907 63990/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_81_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_81_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32908 63991/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_82_bad.cpp Buffer_Overflow_LowBound 31 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_82_bad; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 32909 63991/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_82_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_82_goodG2B; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncat_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 32910 63992/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_01.c Buffer_Overflow_LowBound 37 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32911 63992/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_01.c Buffer_Overflow_LowBound 61 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32912 63993/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_02.c Buffer_Overflow_LowBound 95 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(1) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32913 63993/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_02.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(1) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32914 63994/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_03.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32915 63994/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_03.c Buffer_Overflow_LowBound 72 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(5!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32916 63995/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_04.c Buffer_Overflow_LowBound 47 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32917 63995/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_04.c Buffer_Overflow_LowBound 102 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32918 63996/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_05.c Buffer_Overflow_LowBound 79 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(staticFalse) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32919 63996/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_05.c Buffer_Overflow_LowBound 47 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32920 63997/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_06.c Buffer_Overflow_LowBound 76 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(STATIC_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32921 63997/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_06.c Buffer_Overflow_LowBound 44 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32922 63998/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_07.c Buffer_Overflow_LowBound 78 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(staticFive!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32923 63998/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_07.c Buffer_Overflow_LowBound 46 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32924 63999/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_08.c Buffer_Overflow_LowBound 54 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32925 63999/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_08.c Buffer_Overflow_LowBound 109 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32926 64000/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_09.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32927 64000/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_09.c Buffer_Overflow_LowBound 72 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(GLOBAL_CONST_FALSE) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32928 64001/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_10.c Buffer_Overflow_LowBound 95 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(globalTrue) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32929 64001/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_10.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32930 64002/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_11.c Buffer_Overflow_LowBound 95 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32931 64002/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_11.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32932 64003/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_12.c Buffer_Overflow_LowBound 80 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32933 64003/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_12.c Buffer_Overflow_LowBound 46 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32934 64004/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_13.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32935 64004/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_13.c Buffer_Overflow_LowBound 72 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(GLOBAL_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32936 64005/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_14.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32937 64005/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_14.c Buffer_Overflow_LowBound 72 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(globalFive!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32938 64006/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_15.c Buffer_Overflow_LowBound 79 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); switch(5) default: data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32939 64006/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_15.c Buffer_Overflow_LowBound 46 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32940 64007/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_16.c Buffer_Overflow_LowBound 69 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); while(1) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32941 64007/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_16.c Buffer_Overflow_LowBound 41 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); while(1) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32942 64008/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_17.c Buffer_Overflow_LowBound 69 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32943 64008/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_17.c Buffer_Overflow_LowBound 41 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32944 64009/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_18.c Buffer_Overflow_LowBound 39 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32945 64009/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_18.c Buffer_Overflow_LowBound 65 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32946 64010/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_31.c Buffer_Overflow_LowBound 40 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32947 64010/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_31.c Buffer_Overflow_LowBound 68 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32948 64011/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_32.c Buffer_Overflow_LowBound 45 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32949 64011/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_32.c Buffer_Overflow_LowBound 78 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32950 64013/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_34.c Buffer_Overflow_LowBound 47 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32951 64013/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_34.c Buffer_Overflow_LowBound 76 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_34_unionType myUnion; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32952 64014/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_41.c Buffer_Overflow_LowBound 30 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32953 64014/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_41.c Buffer_Overflow_LowBound 59 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32954 64015/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_44.c Buffer_Overflow_LowBound 63 char * data; void (*funcPtr) (char *) = goodG2BSink; static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; 0 --------------------------------- 32955 64015/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_44.c Buffer_Overflow_LowBound 30 char * data; void (*funcPtr) (char *) = badSink; static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); data[100-1] = '\0'; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; 1 --------------------------------- 32956 64016/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_45.c Buffer_Overflow_LowBound 66 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32957 64016/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_45.c Buffer_Overflow_LowBound 34 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32958 64017/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_51.c Buffer_Overflow_LowBound 142 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32959 64017/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_51.c Buffer_Overflow_LowBound 124 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32960 64018/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_52.c Buffer_Overflow_LowBound 191 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32961 64018/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_52.c Buffer_Overflow_LowBound 173 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32962 64019/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53.c Buffer_Overflow_LowBound 240 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32963 64019/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53.c Buffer_Overflow_LowBound 222 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32964 64020/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54.c Buffer_Overflow_LowBound 271 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32965 64020/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54.c Buffer_Overflow_LowBound 289 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32966 64021/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_63.c Buffer_Overflow_LowBound 141 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32967 64021/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_63.c Buffer_Overflow_LowBound 122 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32968 64022/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_64.c Buffer_Overflow_LowBound 125 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32969 64022/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_64.c Buffer_Overflow_LowBound 147 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32970 64023/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_65.c Buffer_Overflow_LowBound 143 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_65b_goodG2BSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; 0 --------------------------------- 32971 64023/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_65.c Buffer_Overflow_LowBound 125 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_65b_badSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; 1 --------------------------------- 32972 64024/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_66.c Buffer_Overflow_LowBound 128 char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32973 64024/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_66.c Buffer_Overflow_LowBound 147 char * data; char * dataArray[5]; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32974 64025/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_67.c Buffer_Overflow_LowBound 136 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32975 64025/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_67.c Buffer_Overflow_LowBound 155 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_67_structType myStruct; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32976 64026/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_68.c Buffer_Overflow_LowBound 152 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32977 64026/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_68.c Buffer_Overflow_LowBound 133 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32978 64030/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_81_bad(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32979 64030/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_81_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32980 64031/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_82_bad; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 32981 64031/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_82_goodG2B; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_ncpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 32982 64032/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_01.c Buffer_Overflow_LowBound 43 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 32983 64032/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_01.c Buffer_Overflow_LowBound 66 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 32984 64033/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_02.c Buffer_Overflow_LowBound 46 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(1) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 32985 64033/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_02.c Buffer_Overflow_LowBound 99 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(1) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 32986 64034/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_03.c Buffer_Overflow_LowBound 77 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(5!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 32987 64034/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_03.c Buffer_Overflow_LowBound 46 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 32988 64035/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_04.c Buffer_Overflow_LowBound 53 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 32989 64035/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_04.c Buffer_Overflow_LowBound 106 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 32990 64036/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_05.c Buffer_Overflow_LowBound 53 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 32991 64036/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_05.c Buffer_Overflow_LowBound 84 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(staticFalse) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 32992 64037/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_06.c Buffer_Overflow_LowBound 81 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(STATIC_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 32993 64037/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_06.c Buffer_Overflow_LowBound 50 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 32994 64038/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_07.c Buffer_Overflow_LowBound 83 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(staticFive!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 32995 64038/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_07.c Buffer_Overflow_LowBound 52 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 32996 64039/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_08.c Buffer_Overflow_LowBound 60 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 32997 64039/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_08.c Buffer_Overflow_LowBound 113 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 32998 64040/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_09.c Buffer_Overflow_LowBound 77 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(GLOBAL_CONST_FALSE) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 32999 64040/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_09.c Buffer_Overflow_LowBound 46 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33000 64041/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_10.c Buffer_Overflow_LowBound 46 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33001 64041/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_10.c Buffer_Overflow_LowBound 99 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(globalTrue) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33002 64042/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_11.c Buffer_Overflow_LowBound 77 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(globalReturnsFalse()) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33003 64042/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_11.c Buffer_Overflow_LowBound 46 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33004 64043/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_12.c Buffer_Overflow_LowBound 85 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33005 64043/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_12.c Buffer_Overflow_LowBound 52 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33006 64044/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_13.c Buffer_Overflow_LowBound 46 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33007 64044/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_13.c Buffer_Overflow_LowBound 99 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33008 64045/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_14.c Buffer_Overflow_LowBound 77 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); if(globalFive!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33009 64045/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_14.c Buffer_Overflow_LowBound 46 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33010 64046/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_15.c Buffer_Overflow_LowBound 84 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); switch(5) default: data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33011 64046/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_15.c Buffer_Overflow_LowBound 52 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33012 64047/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_16.c Buffer_Overflow_LowBound 47 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); while(1) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33013 64047/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_16.c Buffer_Overflow_LowBound 74 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); while(1) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33014 64048/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_17.c Buffer_Overflow_LowBound 47 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33015 64048/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_17.c Buffer_Overflow_LowBound 74 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33016 64049/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_18.c Buffer_Overflow_LowBound 45 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33017 64049/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_18.c Buffer_Overflow_LowBound 70 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33018 64050/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_31.c Buffer_Overflow_LowBound 46 char * data char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33019 64050/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_31.c Buffer_Overflow_LowBound 73 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33020 64051/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_32.c Buffer_Overflow_LowBound 51 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33021 64051/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_32.c Buffer_Overflow_LowBound 83 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33022 64053/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_34.c Buffer_Overflow_LowBound 53 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33023 64053/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_34.c Buffer_Overflow_LowBound 81 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_34_unionType myUnion; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33024 64054/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_41.c Buffer_Overflow_LowBound 64 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33025 64054/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_41.c Buffer_Overflow_LowBound 36 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33026 64055/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_44.c Buffer_Overflow_LowBound 68 char * data; void (*funcPtr) (char *) = goodG2BSink; static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; 0 --------------------------------- 33027 64055/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_44.c Buffer_Overflow_LowBound 36 char * data; void (*funcPtr) (char *) = badSink; static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; 1 --------------------------------- 33028 64056/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_45.c Buffer_Overflow_LowBound 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33029 64056/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_45.c Buffer_Overflow_LowBound 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33030 64057/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_51.c Buffer_Overflow_LowBound 136 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33031 64057/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_51.c Buffer_Overflow_LowBound 153 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33032 64058/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_52.c Buffer_Overflow_LowBound 191 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33033 64058/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_52.c Buffer_Overflow_LowBound 208 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33034 64059/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53.c Buffer_Overflow_LowBound 263 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33035 64059/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53.c Buffer_Overflow_LowBound 246 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33036 64060/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54.c Buffer_Overflow_LowBound 301 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33037 64060/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54.c Buffer_Overflow_LowBound 318 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33038 64061/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_63.c Buffer_Overflow_LowBound 152 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33039 64061/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_63.c Buffer_Overflow_LowBound 134 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33040 64062/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_64.c Buffer_Overflow_LowBound 158 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33041 64062/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_64.c Buffer_Overflow_LowBound 137 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33042 64063/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_65.c Buffer_Overflow_LowBound 137 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_65b_badSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; 1 --------------------------------- 33043 64063/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_65.c Buffer_Overflow_LowBound 154 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_65b_goodG2BSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; 0 --------------------------------- 33044 64064/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_66.c Buffer_Overflow_LowBound 158 char * data; char * dataArray[5]; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33045 64064/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_66.c Buffer_Overflow_LowBound 140 char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33046 64065/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_67.c Buffer_Overflow_LowBound 166 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_67_structType myStruct; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33047 64065/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_67.c Buffer_Overflow_LowBound 148 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33048 64066/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_68.c Buffer_Overflow_LowBound 163 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33049 64066/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_68.c Buffer_Overflow_LowBound 145 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33050 64070/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_81_bad.cpp Buffer_Overflow_LowBound 37 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_81_bad(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33051 64070/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_81_goodG2B.cpp Buffer_Overflow_LowBound 37 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_81_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33052 64071/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_82_bad.cpp Buffer_Overflow_LowBound 37 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_82_bad; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33053 64071/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_82_goodG2B.cpp Buffer_Overflow_LowBound 37 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_82_goodG2B; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_alloca_snprintf_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33054 64192/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_01.c Buffer_Overflow_LowBound 37 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33055 64192/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_01.c Buffer_Overflow_LowBound 60 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33056 64193/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_02.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(1) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33057 64193/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_02.c Buffer_Overflow_LowBound 71 char * data; char dataGoodBuffer[100]; if(0) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33058 64194/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_03.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33059 64194/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_03.c Buffer_Overflow_LowBound 93 char * data; char dataGoodBuffer[100]; if(5==5) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33060 64195/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_04.c Buffer_Overflow_LowBound 47 char * data; char dataBadBuffer[50]; if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33061 64195/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_04.c Buffer_Overflow_LowBound 100 char * data; char dataGoodBuffer[100]; if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33062 64196/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_05.c Buffer_Overflow_LowBound 47 char * data; char dataBadBuffer[50]; if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33063 64196/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_05.c Buffer_Overflow_LowBound 100 char * data; char dataGoodBuffer[100]; if(staticTrue) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33064 64197/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_06.c Buffer_Overflow_LowBound 75 char * data; char dataGoodBuffer[100]; if(STATIC_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33065 64197/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_06.c Buffer_Overflow_LowBound 44 char * data; char dataBadBuffer[50]; if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33066 64198/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_07.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33067 64198/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_07.c Buffer_Overflow_LowBound 77 char * data; char dataGoodBuffer[100]; if(staticFive!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33068 64199/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_08.c Buffer_Overflow_LowBound 54 char * data; char dataBadBuffer[50]; if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33069 64199/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_08.c Buffer_Overflow_LowBound 85 char * data; char dataGoodBuffer[100]; if(staticReturnsFalse()) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33070 64200/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_09.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33071 64200/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_09.c Buffer_Overflow_LowBound 93 char * data; char dataGoodBuffer[100]; if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33072 64201/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_10.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33073 64201/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_10.c Buffer_Overflow_LowBound 71 char * data; char dataGoodBuffer[100]; if(globalFalse) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33074 64202/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_11.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33075 64202/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_11.c Buffer_Overflow_LowBound 71 char * data; char dataGoodBuffer[100]; if(globalReturnsFalse()) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33076 64203/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_12.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33077 64203/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_12.c Buffer_Overflow_LowBound 79 char * data; char dataGoodBuffer[100]; if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33078 64204/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_13.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33079 64204/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_13.c Buffer_Overflow_LowBound 93 char * data; char dataGoodBuffer[100]; if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33080 64205/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_14.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33081 64205/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_14.c Buffer_Overflow_LowBound 71 char * data; char dataGoodBuffer[100]; if(globalFive!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33082 64206/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_15.c Buffer_Overflow_LowBound 78 char * data; char dataGoodBuffer[100]; switch(5) default: data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33083 64206/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_15.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33084 64207/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_16.c Buffer_Overflow_LowBound 41 char * data; char dataBadBuffer[50]; while(1) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33085 64207/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_16.c Buffer_Overflow_LowBound 68 char * data; char dataGoodBuffer[100]; while(1) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33086 64208/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_17.c Buffer_Overflow_LowBound 41 char * data; char dataBadBuffer[50]; for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33087 64208/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_17.c Buffer_Overflow_LowBound 68 char * data; char dataGoodBuffer[100]; for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33088 64209/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_18.c Buffer_Overflow_LowBound 64 char * data; char dataGoodBuffer[100]; goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33089 64209/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_18.c Buffer_Overflow_LowBound 39 char * data; char dataBadBuffer[50]; goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33090 64210/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_31.c Buffer_Overflow_LowBound 67 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33091 64210/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_31.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33092 64211/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_32.c Buffer_Overflow_LowBound 77 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataGoodBuffer[100]; char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33093 64211/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_32.c Buffer_Overflow_LowBound 45 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBadBuffer[50] char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33094 64213/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_34.c Buffer_Overflow_LowBound 75 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_34_unionType myUnion; char dataGoodBuffer[100]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33095 64213/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_34.c Buffer_Overflow_LowBound 47 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_34_unionType myUnion; char dataBadBuffer[50]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33096 64214/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_41.c Buffer_Overflow_LowBound 30 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33097 64214/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_41.c Buffer_Overflow_LowBound 58 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33098 64215/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_44.c Buffer_Overflow_LowBound 30 char * data; void (*funcPtr) (char *) = badSink; static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; 1 --------------------------------- 33099 64215/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_44.c Buffer_Overflow_LowBound 62 char * data; void (*funcPtr) (char *) = goodG2BSink; static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; 0 --------------------------------- 33100 64216/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_45.c Buffer_Overflow_LowBound 65 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33101 64216/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_45.c Buffer_Overflow_LowBound 34 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33102 64217/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_51.c Buffer_Overflow_LowBound 141 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33103 64217/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_51.c Buffer_Overflow_LowBound 124 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33104 64218/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_52.c Buffer_Overflow_LowBound 190 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33105 64218/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_52.c Buffer_Overflow_LowBound 173 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33106 64219/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53.c Buffer_Overflow_LowBound 222 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33107 64219/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53.c Buffer_Overflow_LowBound 239 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33108 64220/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54.c Buffer_Overflow_LowBound 288 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33109 64220/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54.c Buffer_Overflow_LowBound 271 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33110 64221/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_63.c Buffer_Overflow_LowBound 122 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33111 64221/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_63.c Buffer_Overflow_LowBound 140 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33112 64222/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_64.c Buffer_Overflow_LowBound 125 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33113 64222/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_64.c Buffer_Overflow_LowBound 146 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33114 64223/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_65.c Buffer_Overflow_LowBound 142 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_65b_goodG2BSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33115 64223/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_65.c Buffer_Overflow_LowBound 125 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_65b_badSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33116 64224/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_66.c Buffer_Overflow_LowBound 128 char * data; char * dataArray[5]; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33117 64224/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_66.c Buffer_Overflow_LowBound 146 char * data; char * dataArray[5]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33118 64225/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_67.c Buffer_Overflow_LowBound 136 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_67_structType myStruct; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33119 64225/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_67.c Buffer_Overflow_LowBound 154 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_67_structType myStruct; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33120 64226/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_68.c Buffer_Overflow_LowBound 133 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33121 64226/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_68.c Buffer_Overflow_LowBound 151 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33122 64230/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_81_bad(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33123 64230/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_81_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_81_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33124 64231/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_82_bad.cpp Buffer_Overflow_LowBound 31 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_82_bad; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 33125 64231/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_82_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_82_goodG2B; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncat_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 33126 64232/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_01.c Buffer_Overflow_LowBound 37 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33127 64232/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_01.c Buffer_Overflow_LowBound 61 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33128 64233/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_02.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(1) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33129 64233/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_02.c Buffer_Overflow_LowBound 72 char * data; char dataGoodBuffer[100]; if(0) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33130 64234/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_03.c Buffer_Overflow_LowBound 95 char * data; char dataGoodBuffer[100]; if(5==5) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33131 64234/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_03.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33132 64235/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_04.c Buffer_Overflow_LowBound 47 char * data; char dataBadBuffer[50]; if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33133 64235/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_04.c Buffer_Overflow_LowBound 102 char * data; char dataGoodBuffer[100]; if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33134 64236/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_05.c Buffer_Overflow_LowBound 47 char * data; char dataBadBuffer[50]; if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33135 64236/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_05.c Buffer_Overflow_LowBound 102 char * data; char dataGoodBuffer[100]; if(staticTrue) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33136 64237/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_06.c Buffer_Overflow_LowBound 76 char * data; char dataGoodBuffer[100]; if(STATIC_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33137 64237/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_06.c Buffer_Overflow_LowBound 44 char * data; char dataBadBuffer[50]; if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33138 64238/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_07.c Buffer_Overflow_LowBound 78 char * data; char dataGoodBuffer[100]; if(staticFive!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33139 64238/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_07.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33140 64239/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_08.c Buffer_Overflow_LowBound 54 char * data; char dataBadBuffer[50]; if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33141 64239/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_08.c Buffer_Overflow_LowBound 86 char * data; char dataGoodBuffer[100]; if(staticReturnsFalse()) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33142 64240/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_09.c Buffer_Overflow_LowBound 95 char * data; char dataGoodBuffer[100]; if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33143 64240/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_09.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33144 64241/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_10.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33145 64241/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_10.c Buffer_Overflow_LowBound 72 char * data; char dataGoodBuffer[100]; if(globalFalse) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33146 64242/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_11.c Buffer_Overflow_LowBound 95 char * data; char dataGoodBuffer[100]; if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33147 64242/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_11.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33148 64243/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_12.c Buffer_Overflow_LowBound 80 char * data; char dataGoodBuffer[100]; if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33149 64243/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_12.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33150 64244/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_13.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33151 64244/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_13.c Buffer_Overflow_LowBound 72 char * data; char dataGoodBuffer[100]; if(GLOBAL_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33152 64245/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_14.c Buffer_Overflow_LowBound 95 char * data; char dataGoodBuffer[100]; if(globalFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33153 64245/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_14.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33154 64246/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_15.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33155 64246/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_15.c Buffer_Overflow_LowBound 108 char * data; char dataGoodBuffer[100]; switch(6) case 6: data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33156 64247/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_16.c Buffer_Overflow_LowBound 69 char * data; char dataGoodBuffer[100]; while(1) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33157 64247/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_16.c Buffer_Overflow_LowBound 41 char * data; char dataBadBuffer[50]; while(1) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33158 64248/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_17.c Buffer_Overflow_LowBound 69 char * data; char dataGoodBuffer[100]; for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33159 64248/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_17.c Buffer_Overflow_LowBound 41 char * data; char dataBadBuffer[50]; for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33160 64249/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_18.c Buffer_Overflow_LowBound 39 char * data; char dataBadBuffer[50]; goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33161 64249/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_18.c Buffer_Overflow_LowBound 65 char * data; char dataGoodBuffer[100]; goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33162 64250/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_31.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33163 64250/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_31.c Buffer_Overflow_LowBound 68 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33164 64251/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_32.c Buffer_Overflow_LowBound 45 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBadBuffer[50]; char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33165 64251/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_32.c Buffer_Overflow_LowBound 78 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataGoodBuffer[100]; char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33166 64253/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_34.c Buffer_Overflow_LowBound 47 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_34_unionType myUnion; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33167 64253/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_34.c Buffer_Overflow_LowBound 76 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_34_unionType myUnion; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33168 64254/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_41.c Buffer_Overflow_LowBound 30 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33169 64254/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_41.c Buffer_Overflow_LowBound 59 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33170 64255/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_44.c Buffer_Overflow_LowBound 63 char * data; void (*funcPtr) (char *) = goodG2BSink; static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; 0 --------------------------------- 33171 64255/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_44.c Buffer_Overflow_LowBound 30 char * data; void (*funcPtr) (char *) = badSink; static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; 1 --------------------------------- 33172 64256/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_45.c Buffer_Overflow_LowBound 66 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33173 64256/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_45.c Buffer_Overflow_LowBound 34 char * data; char dataBadBuffer[50] data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33174 64257/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_51.c Buffer_Overflow_LowBound 142 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33175 64257/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_51.c Buffer_Overflow_LowBound 124 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33176 64258/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_52.c Buffer_Overflow_LowBound 191 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33177 64258/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_52.c Buffer_Overflow_LowBound 173 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33178 64259/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53.c Buffer_Overflow_LowBound 240 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33179 64259/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53.c Buffer_Overflow_LowBound 222 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33180 64260/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54.c Buffer_Overflow_LowBound 271 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33181 64260/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54.c Buffer_Overflow_LowBound 289 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33182 64261/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_63.c Buffer_Overflow_LowBound 141 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33183 64261/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_63.c Buffer_Overflow_LowBound 122 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33184 64262/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_64.c Buffer_Overflow_LowBound 125 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33185 64262/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_64.c Buffer_Overflow_LowBound 147 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33186 64263/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_65.c Buffer_Overflow_LowBound 143 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_65b_goodG2BSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; 0 --------------------------------- 33187 64263/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_65.c Buffer_Overflow_LowBound 125 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_65b_badSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; 1 --------------------------------- 33188 64264/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_66.c Buffer_Overflow_LowBound 128 char * data; char * dataArray[5]; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33189 64264/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_66.c Buffer_Overflow_LowBound 147 char * data; char * dataArray[5]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33190 64265/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_67.c Buffer_Overflow_LowBound 136 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_67_structType myStruct; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33191 64265/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_67.c Buffer_Overflow_LowBound 155 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_67_structType myStruct; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33192 64266/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_68.c Buffer_Overflow_LowBound 152 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33193 64266/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_68.c Buffer_Overflow_LowBound 133 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33194 64270/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_81_bad(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33195 64270/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_81_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33196 64271/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_82_bad; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 33197 64271/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_82_goodG2B; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_ncpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 33198 64272/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_01.c Buffer_Overflow_LowBound 43 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33199 64272/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_01.c Buffer_Overflow_LowBound 66 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33200 64273/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_02.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; if(1) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33201 64273/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_02.c Buffer_Overflow_LowBound 99 char * data; char dataGoodBuffer[100]; if(1) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33202 64274/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_03.c Buffer_Overflow_LowBound 77 char * data; char dataGoodBuffer[100]; if(5!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33203 64274/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_03.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; if(5==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33204 64275/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_04.c Buffer_Overflow_LowBound 53 char * data; char dataBadBuffer[50]; if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33205 64275/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_04.c Buffer_Overflow_LowBound 106 char * data; char dataGoodBuffer[100]; if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33206 64276/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_05.c Buffer_Overflow_LowBound 53 char * data; char dataBadBuffer[50]; if(staticTrue) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33207 64276/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_05.c Buffer_Overflow_LowBound 84 char * data; char dataGoodBuffer[100]; if(staticFalse) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33208 64277/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_06.c Buffer_Overflow_LowBound 81 char * data; char dataGoodBuffer[100]; if(STATIC_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33209 64277/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_06.c Buffer_Overflow_LowBound 50 char * data; char dataBadBuffer[50]; if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33210 64278/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_07.c Buffer_Overflow_LowBound 52 char * data; char dataBadBuffer[50]; if(staticFive==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33211 64278/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_07.c Buffer_Overflow_LowBound 105 char * data; char dataGoodBuffer[100]; if(staticFive==5) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33212 64279/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_08.c Buffer_Overflow_LowBound 91 char * data; char dataGoodBuffer[100]; if(staticReturnsFalse()) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33213 64279/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_08.c Buffer_Overflow_LowBound 60 char * data; char dataBadBuffer[50]; if(staticReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33214 64280/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_09.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33215 64280/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_09.c Buffer_Overflow_LowBound 99 char * data; char dataGoodBuffer[100]; if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33216 64281/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_10.c Buffer_Overflow_LowBound 77 char * data; char dataGoodBuffer[100]; if(globalFalse) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33217 64281/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_10.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; if(globalTrue) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33218 64282/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_11.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; if(globalReturnsTrue()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33219 64282/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_11.c Buffer_Overflow_LowBound 99 char * data; char dataGoodBuffer[100]; if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33220 64283/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_12.c Buffer_Overflow_LowBound 85 char * data; char dataGoodBuffer[100]; if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33221 64283/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_12.c Buffer_Overflow_LowBound 52 char * data; char dataBadBuffer[50]; if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33222 64284/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_13.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33223 64284/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_13.c Buffer_Overflow_LowBound 99 char * data; char dataGoodBuffer[100]; if(GLOBAL_CONST_FIVE==5) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33224 64285/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_14.c Buffer_Overflow_LowBound 77 char * data; char dataGoodBuffer[100]; if(globalFive!=5) else data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33225 64285/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_14.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; if(globalFive==5) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33226 64286/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_15.c Buffer_Overflow_LowBound 84 char * data; char dataGoodBuffer[100]; switch(5) default: data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33227 64286/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_15.c Buffer_Overflow_LowBound 52 char * data; char dataBadBuffer[50]; switch(6) case 6: data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33228 64287/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_16.c Buffer_Overflow_LowBound 47 char * data; char dataBadBuffer[50]; while(1) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33229 64287/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_16.c Buffer_Overflow_LowBound 74 char * data; char dataGoodBuffer[100]; while(1) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33230 64288/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_17.c Buffer_Overflow_LowBound 47 char * data; char dataBadBuffer[50]; for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33231 64288/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_17.c Buffer_Overflow_LowBound 74 char * data; char dataGoodBuffer[100]; for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33232 64289/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_18.c Buffer_Overflow_LowBound 45 char * data; char dataBadBuffer[50]; goto source; source: data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33233 64289/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_18.c Buffer_Overflow_LowBound 70 char * data; char dataGoodBuffer[100]; goto source; source: data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33234 64290/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_31.c Buffer_Overflow_LowBound 46 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33235 64290/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_31.c Buffer_Overflow_LowBound 73 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33236 64291/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_32.c Buffer_Overflow_LowBound 51 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBadBuffer[50]; char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33237 64291/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_32.c Buffer_Overflow_LowBound 83 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataGoodBuffer[100]; char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33238 64293/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_34.c Buffer_Overflow_LowBound 53 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_34_unionType myUnion; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33239 64293/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_34.c Buffer_Overflow_LowBound 81 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_34_unionType myUnion; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33240 64294/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_41.c Buffer_Overflow_LowBound 64 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33241 64294/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_41.c Buffer_Overflow_LowBound 36 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33242 64295/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_44.c Buffer_Overflow_LowBound 68 char * data; void (*funcPtr) (char *) = goodG2BSink; static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; 0 --------------------------------- 33243 64295/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_44.c Buffer_Overflow_LowBound 36 char * data; void (*funcPtr) (char *) = badSink; static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; 1 --------------------------------- 33244 64296/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_45.c Buffer_Overflow_LowBound 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33245 64296/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_45.c Buffer_Overflow_LowBound 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33246 64297/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_51.c Buffer_Overflow_LowBound 136 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33247 64297/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_51.c Buffer_Overflow_LowBound 153 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33248 64298/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_52.c Buffer_Overflow_LowBound 191 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33249 64298/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_52.c Buffer_Overflow_LowBound 208 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33250 64299/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53.c Buffer_Overflow_LowBound 263 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33251 64299/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53.c Buffer_Overflow_LowBound 246 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33252 64300/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54.c Buffer_Overflow_LowBound 301 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33253 64300/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54.c Buffer_Overflow_LowBound 318 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33254 64301/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_63.c Buffer_Overflow_LowBound 152 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33255 64301/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_63.c Buffer_Overflow_LowBound 134 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33256 64302/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_64.c Buffer_Overflow_LowBound 158 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33257 64302/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_64.c Buffer_Overflow_LowBound 137 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33258 64303/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_65.c Buffer_Overflow_LowBound 137 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_65b_badSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; 1 --------------------------------- 33259 64303/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_65.c Buffer_Overflow_LowBound 154 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_65b_goodG2BSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; 0 --------------------------------- 33260 64304/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_66.c Buffer_Overflow_LowBound 158 char * data; char * dataArray[5]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33261 64304/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_66.c Buffer_Overflow_LowBound 140 char * data; char * dataArray[5]; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33262 64305/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_67.c Buffer_Overflow_LowBound 166 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_67_structType myStruct; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33263 64305/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_67.c Buffer_Overflow_LowBound 148 char * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_67_structType myStruct; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33264 64306/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_68.c Buffer_Overflow_LowBound 163 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33265 64306/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_68.c Buffer_Overflow_LowBound 145 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33266 64310/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_81_bad.cpp Buffer_Overflow_LowBound 37 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_81_bad(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33267 64310/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_81_goodG2B.cpp Buffer_Overflow_LowBound 37 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_81_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33268 64311/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_82_bad.cpp Buffer_Overflow_LowBound 37 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_82_bad; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 33269 64311/CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_82_goodG2B.cpp Buffer_Overflow_LowBound 37 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_82_goodG2B; void CWE121_Stack_Based_Buffer_Overflow__CWE805_char_declare_snprintf_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 33270 65152/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_01.c Buffer_Overflow_LowBound 37 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33271 65152/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_01.c Buffer_Overflow_LowBound 60 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33272 65153/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_02.c Buffer_Overflow_LowBound 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(0) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33273 65153/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_02.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(1) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33274 65154/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_03.c Buffer_Overflow_LowBound 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(5==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33275 65154/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_03.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(5==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33276 65155/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_04.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33277 65155/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_04.c Buffer_Overflow_LowBound 78 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(STATIC_CONST_FALSE) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33278 65156/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_05.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(staticTrue) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33279 65156/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_05.c Buffer_Overflow_LowBound 100 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(staticTrue) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33280 65157/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_06.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33281 65157/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_06.c Buffer_Overflow_LowBound 75 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(STATIC_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33282 65158/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_07.c Buffer_Overflow_LowBound 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(staticFive!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33283 65158/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_07.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(staticFive==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33284 65159/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_08.c Buffer_Overflow_LowBound 54 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(staticReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33285 65159/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_08.c Buffer_Overflow_LowBound 107 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33286 65160/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_09.c Buffer_Overflow_LowBound 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(GLOBAL_CONST_FALSE) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33287 65160/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_09.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33288 65161/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_10.c Buffer_Overflow_LowBound 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(globalTrue) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33289 65161/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_10.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(globalTrue) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33290 65162/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_11.c Buffer_Overflow_LowBound 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(globalReturnsFalse()) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33291 65162/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_11.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(globalReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33292 65163/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_12.c Buffer_Overflow_LowBound 79 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33293 65163/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_12.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33294 65164/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_13.c Buffer_Overflow_LowBound 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33295 65164/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_13.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33296 65165/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_14.c Buffer_Overflow_LowBound 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(globalFive==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33297 65165/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_14.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(globalFive==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33298 65166/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_15.c Buffer_Overflow_LowBound 78 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); switch(5) default: data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33299 65166/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_15.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); switch(6) case 6: data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33300 65167/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_16.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); while(1) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33301 65167/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_16.c Buffer_Overflow_LowBound 41 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); while(1) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33302 65168/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_17.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); for(h = 0; h < 1; h++) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33303 65168/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_17.c Buffer_Overflow_LowBound 41 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); for(i = 0; i < 1; i++) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33304 65169/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_18.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); goto source; source: data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33305 65169/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_18.c Buffer_Overflow_LowBound 64 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); goto source; source: data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33306 65170/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_31.c Buffer_Overflow_LowBound 67 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33307 65170/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_31.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33308 65171/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_32.c Buffer_Overflow_LowBound 45 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * data = *dataPtr1; data = dataBadBuffer; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33309 65171/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_32.c Buffer_Overflow_LowBound 77 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wchar_t * data = *dataPtr1; data = dataGoodBuffer; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33310 65173/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_34.c Buffer_Overflow_LowBound 47 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_34_unionType myUnion; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33311 65173/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_34.c Buffer_Overflow_LowBound 75 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_34_unionType myUnion; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33312 65174/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_41.c Buffer_Overflow_LowBound 58 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_41_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33313 65174/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_41.c Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_41_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33314 65175/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_44.c Buffer_Overflow_LowBound 30 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; 1 --------------------------------- 33315 65175/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_44.c Buffer_Overflow_LowBound 62 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; 0 --------------------------------- 33316 65176/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_45.c Buffer_Overflow_LowBound 34 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_45_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33317 65176/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_45.c Buffer_Overflow_LowBound 65 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_45_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33318 65177/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_51.c Buffer_Overflow_LowBound 141 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33319 65177/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_51.c Buffer_Overflow_LowBound 124 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_51b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33320 65178/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_52.c Buffer_Overflow_LowBound 173 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_52c_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33321 65178/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_52.c Buffer_Overflow_LowBound 190 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33322 65179/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53.c Buffer_Overflow_LowBound 239 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33323 65179/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53.c Buffer_Overflow_LowBound 222 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_53d_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33324 65180/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54.c Buffer_Overflow_LowBound 271 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54e_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33325 65180/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54.c Buffer_Overflow_LowBound 288 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33326 65181/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_63.c Buffer_Overflow_LowBound 122 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33327 65181/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_63.c Buffer_Overflow_LowBound 140 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33328 65182/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_64.c Buffer_Overflow_LowBound 125 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33329 65182/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_64.c Buffer_Overflow_LowBound 146 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33330 65183/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_65.c Buffer_Overflow_LowBound 125 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_65b_badSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_65b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; 1 --------------------------------- 33331 65183/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_65.c Buffer_Overflow_LowBound 142 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_65b_goodG2BSink; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; 0 --------------------------------- 33332 65184/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_66.c Buffer_Overflow_LowBound 146 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33333 65184/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_66.c Buffer_Overflow_LowBound 128 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33334 65185/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_67.c Buffer_Overflow_LowBound 154 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_67_structType myStruct; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33335 65185/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_67.c Buffer_Overflow_LowBound 136 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_67_structType myStruct; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33336 65186/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_68.c Buffer_Overflow_LowBound 133 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_68b_badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33337 65186/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_68.c Buffer_Overflow_LowBound 151 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_68b_goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33338 65190/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_81_bad(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33339 65190/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_81_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_81_goodG2B(); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33340 65191/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_82_bad; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33341 65191/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_82_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_82_goodG2B; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncat_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33342 65192/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_01.c Buffer_Overflow_LowBound 61 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33343 65192/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_01.c Buffer_Overflow_LowBound 37 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33344 65193/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(1) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33345 65193/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(0) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33346 65194/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 95 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(5==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33347 65194/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(5==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33348 65195/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33349 65195/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 102 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(STATIC_CONST_TRUE) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33350 65196/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(staticTrue) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33351 65196/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 79 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(staticFalse) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33352 65197/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 76 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(STATIC_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33353 65197/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33354 65198/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(staticFive==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33355 65198/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 101 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(staticFive==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33356 65199/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 54 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(staticReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33357 65199/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 86 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(staticReturnsFalse()) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33358 65200/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33359 65200/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(GLOBAL_CONST_FALSE) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33360 65201/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 95 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(globalTrue) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33361 65201/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(globalTrue) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33362 65202/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(globalReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33363 65202/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(globalReturnsFalse()) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33364 65203/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_12.c Buffer_Overflow_LowBound 80 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33365 65203/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_12.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33366 65204/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33367 65204/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(GLOBAL_CONST_FIVE!=5) else data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33368 65205/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 95 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(globalFive==5) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33369 65205/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(globalFive==5) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33370 65206/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 79 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); switch(5) default: data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33371 65206/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); switch(6) case 6: data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33372 65207/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_16.c Buffer_Overflow_LowBound 41 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); while(1) data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33373 65207/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_16.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); while(1) data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33374 65207/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_16.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33375 65207/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_16.c Off_by_One_Error_in_Methods 41 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = databadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33376 65208/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_17.c Buffer_Overflow_LowBound 41 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33377 65208/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_17.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33378 65209/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_18.c Buffer_Overflow_LowBound 65 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33379 65209/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_18.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33380 65210/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_31.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33381 65210/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_31.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33382 65211/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_32.c Buffer_Overflow_LowBound 45 wchar_t * *dataPtr2 = &data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; wchar_t * data = *dataPtr2; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33383 65211/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_32.c Buffer_Overflow_LowBound 78 wchar_t * *dataPtr2 = &data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * data = *dataPtr2; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33384 65213/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_34.c Buffer_Overflow_LowBound 76 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBadBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33385 65213/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_34.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33386 65214/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_41.c Buffer_Overflow_LowBound 59 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_41_goodG2BSink(wchar_t * data) wcsncpy(data, source, 100-1); 0 --------------------------------- 33387 65214/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_41.c Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_41_badSink(wchar_t * data) wcsncpy(data, source, 100-1); 1 --------------------------------- 33388 65215/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_44.c Buffer_Overflow_LowBound 63 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33389 65215/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_44.c Buffer_Overflow_LowBound 30 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33390 65216/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_45.c Buffer_Overflow_LowBound 34 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_45_badData = data; badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_45_badData; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33391 65216/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_45.c Buffer_Overflow_LowBound 66 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_45_goodG2BData; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_45_goodG2BData = data; goodG2BSink(); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33392 65217/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_51.c Buffer_Overflow_LowBound 124 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_51b_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33393 65217/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_51.c Buffer_Overflow_LowBound 142 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_51b_goodG2BSink(data); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_51b_goodG2BSink(wchar_t * data) wcsncpy(data, source, 100-1); 0 --------------------------------- 33394 65218/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_52.c Buffer_Overflow_LowBound 191 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_52c_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33395 65218/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_52.c Buffer_Overflow_LowBound 173 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_52c_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33396 65219/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_53.c Buffer_Overflow_LowBound 240 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_53d_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33397 65219/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_53.c Buffer_Overflow_LowBound 222 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_53d_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33398 65220/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_54.c Buffer_Overflow_LowBound 289 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_54e_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33399 65220/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_54.c Buffer_Overflow_LowBound 271 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_54e_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33400 65221/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_63.c Buffer_Overflow_LowBound 122 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33401 65221/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_63.c Buffer_Overflow_LowBound 141 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_63b_goodG2BSink(&data); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcsncpy(data, source, 100-1); 0 --------------------------------- 33402 65222/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_64.c Buffer_Overflow_LowBound 147 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_64b_goodG2BSink(&data); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcsncpy(data, source, 100-1); 0 --------------------------------- 33403 65222/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_64.c Buffer_Overflow_LowBound 125 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33404 65223/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_65.c Buffer_Overflow_LowBound 143 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_65b_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33405 65223/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_65.c Buffer_Overflow_LowBound 125 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_65b_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33406 65224/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_66.c Buffer_Overflow_LowBound 147 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_66b_goodG2BSink(dataArray); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcsncpy(data, source, 100-1); 0 --------------------------------- 33407 65224/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_66.c Buffer_Overflow_LowBound 128 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33408 65225/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_67.c Buffer_Overflow_LowBound 155 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_67_structType myStruct; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_67b_goodG2BSink(myStruct); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcsncpy(data, source, 100-1); 0 --------------------------------- 33409 65225/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_67.c Buffer_Overflow_LowBound 136 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33410 65226/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_68.c Buffer_Overflow_LowBound 152 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_68b_goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_68_goodG2BData; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33411 65226/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_68.c Buffer_Overflow_LowBound 133 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_68_badData; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33412 65230/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_81_bad::action(wchar_t * data) const source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33413 65231/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_ncpy_82_bad::action(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33414 65232/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_01.c Format_String_Attack 66 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33415 65232/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_01.c Format_String_Attack 43 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33416 65233/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_02.c Format_String_Attack 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33417 65233/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_02.c Format_String_Attack 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33418 65234/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_03.c Format_String_Attack 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33419 65234/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_03.c Format_String_Attack 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33420 65235/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_04.c Format_String_Attack 106 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33421 65235/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_04.c Format_String_Attack 53 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33422 65236/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_05.c Format_String_Attack 106 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33423 65236/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_05.c Format_String_Attack 53 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33424 65237/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_06.c Format_String_Attack 50 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33425 65237/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_06.c Format_String_Attack 81 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33426 65238/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_07.c Format_String_Attack 83 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33427 65238/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_07.c Format_String_Attack 52 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33428 65239/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_08.c Format_String_Attack 91 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33429 65239/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_08.c Format_String_Attack 60 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33430 65240/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_09.c Format_String_Attack 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33431 65240/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_09.c Format_String_Attack 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33432 65241/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_10.c Format_String_Attack 99 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33433 65241/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_10.c Format_String_Attack 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33434 65242/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_11.c Buffer_Overflow_LowBound 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33435 65242/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_11.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33436 65244/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_13.c Buffer_Overflow_LowBound 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33437 65244/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_13.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33438 65245/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_14.c Buffer_Overflow_LowBound 77 wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33439 65246/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_15.c Buffer_Overflow_LowBound 52 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33440 65246/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_15.c Buffer_Overflow_LowBound 84 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33441 65247/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_16.c Buffer_Overflow_LowBound 74 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33442 65247/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_16.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33443 65248/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_17.c Buffer_Overflow_LowBound 74 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33444 65248/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_17.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33445 65249/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_18.c Buffer_Overflow_LowBound 45 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33446 65249/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_18.c Buffer_Overflow_LowBound 70 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33447 65250/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_31.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33448 65250/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_31.c Buffer_Overflow_LowBound 73 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33449 65251/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_32.c Buffer_Overflow_LowBound 83 wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33450 65251/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_32.c Buffer_Overflow_LowBound 51 wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33451 65253/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_34.c Buffer_Overflow_LowBound 53 wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33452 65253/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_34.c Buffer_Overflow_LowBound 81 wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33453 65254/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_41.c Buffer_Overflow_LowBound 64 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_41_goodG2BSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33454 65254/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_41.c Buffer_Overflow_LowBound 36 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_41_badSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33455 65255/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_44.c Buffer_Overflow_LowBound 36 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33456 65255/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_44.c Buffer_Overflow_LowBound 68 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33457 65256/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_45.c Buffer_Overflow_LowBound 40 wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_45_badData; wchar_t source[100]; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_45_badData = data; badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_45_badData; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33458 65256/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_45.c Buffer_Overflow_LowBound 71 wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_45_goodG2BData; wchar_t source[100]; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_45_goodG2BData; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33459 65257/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_51.c Buffer_Overflow_LowBound 136 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_51b_badSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33460 65257/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_51.c Buffer_Overflow_LowBound 153 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_51b_goodG2BSink(data); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_51b_goodG2BSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33461 65258/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_52.c Buffer_Overflow_LowBound 208 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_52c_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33462 65258/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_52.c Buffer_Overflow_LowBound 191 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_52c_badSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33463 65259/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_53.c Buffer_Overflow_LowBound 246 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_53d_badSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33464 65259/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_53.c Buffer_Overflow_LowBound 263 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_53d_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33465 65260/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_54.c Buffer_Overflow_LowBound 301 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_54e_badSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33466 65260/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_54.c Buffer_Overflow_LowBound 318 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_54e_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33467 65261/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_63.c Buffer_Overflow_LowBound 152 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_63b_goodG2BSink(&data); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33468 65261/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_63.c Buffer_Overflow_LowBound 134 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33469 65262/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_64.c Buffer_Overflow_LowBound 158 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_64b_goodG2BSink(&data); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33470 65262/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_64.c Buffer_Overflow_LowBound 137 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33471 65263/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_65.c Buffer_Overflow_LowBound 154 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_65b_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33472 65263/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_65.c Buffer_Overflow_LowBound 137 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_65b_badSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33473 65264/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_66.c Buffer_Overflow_LowBound 158 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_66b_goodG2BSink(dataArray); data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_66b_goodG2BSink(dataArray); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33474 65264/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_66.c Buffer_Overflow_LowBound 140 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33475 65265/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_67.c Buffer_Overflow_LowBound 166 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_67_structType myStruct; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_67b_goodG2BSink(myStruct); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33476 65265/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_67.c Buffer_Overflow_LowBound 148 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_67_structType myStruct; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33477 65266/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_68.c Buffer_Overflow_LowBound 163 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_68b_goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_68_goodG2BData; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33478 65266/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_68.c Buffer_Overflow_LowBound 145 wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; baseObject.action(data); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33479 65270/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_81_bad.cpp Format_String_Attack 37 void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_81_bad::action(wchar_t * data) const wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33480 65270/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_81_goodG2B.cpp Buffer_Overflow_LowBound 37 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_81_goodG2B::action(wchar_t * data) const source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33481 65271/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_82_bad.cpp Format_String_Attack 37 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_82_bad::action(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33482 65271/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_82_goodG2B.cpp Buffer_Overflow_LowBound 37 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_82_goodG2B::action(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33483 65392/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_01.c Buffer_Overflow_LowBound 37 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33484 65392/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_01.c Buffer_Overflow_LowBound 60 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33485 65393/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_02.c Buffer_Overflow_LowBound 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33486 65393/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_02.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33487 65394/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_03.c Buffer_Overflow_LowBound 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(5==5) data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33488 65394/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_03.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t dataBadBuffer[50]; if(5==5) data = dataBadBuffer; wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33489 65395/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_04.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(STATIC_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33490 65395/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_04.c Buffer_Overflow_LowBound 78 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(STATIC_CONST_TRUE) data = dataGoodBuffer; wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33491 65396/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_05.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(staticTrue) data = dataBadBuffer; wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33492 65396/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_05.c Buffer_Overflow_LowBound 78 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(staticTrue) data = dataGoodBuffer; data[0] = L'\0'; wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33493 65397/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_06.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(STATIC_CONST_FIVE==5) data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33494 65397/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_06.c Buffer_Overflow_LowBound 75 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(STATIC_CONST_FIVE==5) data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33495 65398/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_07.c Buffer_Overflow_LowBound 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(staticFive==5) data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33496 65398/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_07.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(staticFive==5) data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33497 65399/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_08.c Buffer_Overflow_LowBound 85 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(staticReturnsTrue()) data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33498 65399/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_08.c Buffer_Overflow_LowBound 54 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(staticReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33499 65400/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_09.c Buffer_Overflow_LowBound 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(GLOBAL_CONST_TRUE) data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33500 65400/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_09.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(GLOBAL_CONST_TRUE) data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33501 65401/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_10.c Buffer_Overflow_LowBound 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(globalTrue) data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33502 65401/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_10.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(globalTrue) data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33503 65402/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_11.c Buffer_Overflow_LowBound 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(globalReturnsTrue()) data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33504 65402/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_11.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(globalReturnsTrue()) data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33505 65403/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_12.c Buffer_Overflow_LowBound 79 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); if(globalReturnsTrueOrFalse()) data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33506 65403/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_12.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); if(globalReturnsTrueOrFalse()) data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33507 65404/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_13.c Buffer_Overflow_LowBound 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33508 65404/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_13.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33509 65405/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_14.c Buffer_Overflow_LowBound 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33510 65405/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_14.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33511 65406/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_15.c Buffer_Overflow_LowBound 106 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33512 65406/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_15.c Buffer_Overflow_LowBound 78 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33513 65406/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_15.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33514 65407/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_16.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33515 65407/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_16.c Buffer_Overflow_LowBound 41 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33516 65408/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_17.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33517 65408/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_17.c Buffer_Overflow_LowBound 41 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33518 65409/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_18.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33519 65409/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_18.c Buffer_Overflow_LowBound 64 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33520 65410/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_31.c Buffer_Overflow_LowBound 67 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33521 65410/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_31.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33522 65411/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_32.c Buffer_Overflow_LowBound 45 wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33523 65411/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_32.c Buffer_Overflow_LowBound 77 wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33524 65413/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_34.c Buffer_Overflow_LowBound 47 wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33525 65413/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_34.c Buffer_Overflow_LowBound 75 wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33526 65414/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_41.c Buffer_Overflow_LowBound 58 wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; source[100-1] = L'\0'; wcsncat(data, source, 100); data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_41_goodG2BSink(wchar_t * data) wcsncat(data, source, 100); 0 --------------------------------- 33527 65414/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_41.c Buffer_Overflow_LowBound 30 wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; source[100-1] = L'\0'; wcsncat(data, source, 100); data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_41_badSink(wchar_t * data) wcsncat(data, source, 100); 1 --------------------------------- 33528 65415/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_44.c Buffer_Overflow_LowBound 30 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33529 65415/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_44.c Buffer_Overflow_LowBound 62 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33530 65416/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_45.c Buffer_Overflow_LowBound 34 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_45_badData = data; badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_45_badData; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33531 65416/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_45.c Buffer_Overflow_LowBound 65 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_45_goodG2BData; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33532 65417/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_51.c Buffer_Overflow_LowBound 141 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_51b_goodG2BSink(data); source[100-1] = L'\0'; wcsncat(data, source, 100); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_51b_goodG2BSink(wchar_t * data) 0 --------------------------------- 33533 65417/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_51.c Buffer_Overflow_LowBound 124 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_51b_badSink(data); source[100-1] = L'\0'; wcsncat(data, source, 100); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_51b_badSink(wchar_t * data) 1 --------------------------------- 33534 65418/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52.c Buffer_Overflow_LowBound 173 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52c_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33535 65418/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52.c Buffer_Overflow_LowBound 190 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52c_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33536 65419/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_53.c Buffer_Overflow_LowBound 239 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52c_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33537 65419/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_53.c Buffer_Overflow_LowBound 222 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52c_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33538 65420/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_54.c Buffer_Overflow_LowBound 271 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52e_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33539 65420/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_54.c Buffer_Overflow_LowBound 288 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52c_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33540 65421/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_63.c Buffer_Overflow_LowBound 122 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33541 65421/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_63.c Buffer_Overflow_LowBound 140 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_63b_goodG2BSink(&data); source[100-1] = L'\0'; wcsncat(data, source, 100); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcsncat(data, source, 100); 0 --------------------------------- 33542 65422/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_64.c Buffer_Overflow_LowBound 125 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33543 65422/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_64.c Buffer_Overflow_LowBound 146 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_64b_goodG2BSink(&data); source[100-1] = L'\0'; wcsncat(data, source, 100); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcsncat(data, source, 100); 0 --------------------------------- 33544 65423/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_65.c Buffer_Overflow_LowBound 125 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_65b_badSink; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_65b_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33545 65423/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_65.c Buffer_Overflow_LowBound 142 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_65b_goodG2BSink; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_65b_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33546 65424/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_66.c Buffer_Overflow_LowBound 146 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_66b_goodG2BSink(dataArray); source[100-1] = L'\0'; wcsncat(data, source, 100); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcsncat(data, source, 100); 0 --------------------------------- 33547 65424/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_66.c Buffer_Overflow_LowBound 128 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33548 65425/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_67.c Buffer_Overflow_LowBound 154 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_67_structType myStruct; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_67b_goodG2BSink(myStruct); source[100-1] = L'\0'; wcsncat(data, source, 100); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcsncat(data, source, 100); 0 --------------------------------- 33549 65425/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_67.c Buffer_Overflow_LowBound 136 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_67_structType myStruct; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_67_structType myStruct) wchar_t * data = myStruct.structFirst; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33550 65426/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_68.c Buffer_Overflow_LowBound 133 wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_68b_badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_68_badData; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33551 65426/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_68.c Buffer_Overflow_LowBound 151 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_68b_goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_68_goodG2BData; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33552 65430/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_81_bad::action(wchar_t * data) const source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33553 65430/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_81_goodG2B.cpp Off_by_One_Error_in_Methods 31 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_81_goodG2B::action(wchar_t * data) const source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33554 65431/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_82_bad::action(wchar_t * data) source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 33555 65431/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_82_goodG2B.cpp Off_by_One_Error_in_Methods 31 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncat_82_goodG2B::action(wchar_t * data) source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 33556 65432/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_01.c Buffer_Overflow_LowBound 61 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33557 65432/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_01.c Buffer_Overflow_LowBound 37 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33558 65433/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 95 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33559 65433/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; wchar_t * data; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33560 65434/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33561 65434/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33562 65435/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33563 65435/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 102 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33564 65436/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33565 65436/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 79 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33566 65437/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 76 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33567 65437/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33568 65438/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33569 65438/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 78 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33570 65439/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 54 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33571 65439/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 86 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33572 65440/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33573 65440/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33574 65441/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33575 65441/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33576 65442/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33577 65442/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33578 65443/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_12.c Buffer_Overflow_LowBound 80 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33579 65443/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_12.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33580 65444/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33581 65444/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33582 65445/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33583 65445/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 72 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33584 65446/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 79 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33585 65446/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33586 65447/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_16.c Buffer_Overflow_LowBound 41 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33587 65447/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_16.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33588 65448/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_17.c Buffer_Overflow_LowBound 41 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33589 65448/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_17.c Buffer_Overflow_LowBound 69 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33590 65449/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_18.c Buffer_Overflow_LowBound 65 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33591 65449/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_18.c Buffer_Overflow_LowBound 39 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33592 65450/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_31.c Buffer_Overflow_LowBound 68 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33593 65450/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_31.c Buffer_Overflow_LowBound 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33594 65451/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_32.c Buffer_Overflow_LowBound 45 wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33595 65451/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_32.c Buffer_Overflow_LowBound 78 wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33596 65453/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_34.c Buffer_Overflow_LowBound 76 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33597 65453/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_34.c Buffer_Overflow_LowBound 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33598 65454/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_41.c Buffer_Overflow_LowBound 59 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_41_goodG2BSink(data); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_41_goodG2BSink(wchar_t * data) wcsncpy(data, source, 100-1); 0 --------------------------------- 33599 65454/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_41.c Buffer_Overflow_LowBound 30 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_41_badSink(data); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_41_badSink(wchar_t * data) wcsncpy(data, source, 100-1); 1 --------------------------------- 33600 65455/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_44.c Buffer_Overflow_LowBound 63 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33601 65455/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_44.c Buffer_Overflow_LowBound 30 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33602 65456/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_45.c Buffer_Overflow_LowBound 34 wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_45_badData = data; badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_45_badData; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33603 65456/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_45.c Buffer_Overflow_LowBound 66 wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_45_goodG2BData; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_45_goodG2BData = data; goodG2BSink(); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33604 65457/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_51.c Buffer_Overflow_LowBound 124 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_51b_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33605 65457/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_51.c Buffer_Overflow_LowBound 142 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_51b_goodG2BSink(data); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_51b_goodG2BSink(wchar_t * data) wcsncpy(data, source, 100-1); 0 --------------------------------- 33606 65458/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_52.c Buffer_Overflow_LowBound 191 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_52c_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33607 65458/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_52.c Buffer_Overflow_LowBound 173 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_52c_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33608 65459/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_53.c Buffer_Overflow_LowBound 240 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_53d_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33609 65459/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_53.c Buffer_Overflow_LowBound 222 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_53d_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33610 65460/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_54.c Buffer_Overflow_LowBound 289 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_54e_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33611 65460/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_54.c Buffer_Overflow_LowBound 271 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_54e_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33612 65461/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_63.c Buffer_Overflow_LowBound 122 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33613 65461/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_63.c Buffer_Overflow_LowBound 141 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_63b_goodG2BSink(&data); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wcsncpy(data, source, 100-1); 0 --------------------------------- 33614 65462/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_64.c Buffer_Overflow_LowBound 147 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_64b_goodG2BSink(&data); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wcsncpy(data, source, 100-1); 0 --------------------------------- 33615 65462/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_64.c Buffer_Overflow_LowBound 125 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33616 65463/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_65.c Buffer_Overflow_LowBound 143 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_65b_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33617 65463/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_65.c Buffer_Overflow_LowBound 125 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_65b_badSink(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33618 65464/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_66.c Buffer_Overflow_LowBound 147 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_66b_goodG2BSink(dataArray); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcsncpy(data, source, 100-1); 0 --------------------------------- 33619 65464/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_66.c Buffer_Overflow_LowBound 128 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33620 65465/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_67.c Buffer_Overflow_LowBound 155 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_67_structType myStruct; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_67b_goodG2BSink(myStruct); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wcsncpy(data, source, 100-1); 0 --------------------------------- 33621 65465/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_67.c Buffer_Overflow_LowBound 136 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_67_structType myStruct; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33622 65466/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_68.c Buffer_Overflow_LowBound 152 wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_68b_goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_68_goodG2BData; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33623 65466/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_68.c Buffer_Overflow_LowBound 133 wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_68b_badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_68_badData; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33624 65470/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_81_bad::action(wchar_t * data) const source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33625 65470/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_81_goodG2B.cpp Off_by_One_Error_in_Methods 31 wchar_t dataBadBuffer[50]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_81_goodG2B::action(wchar_t * data) const source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33626 65471/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_82_bad::action(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 33627 65471/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_82_goodG2B.cpp Off_by_One_Error_in_Methods 31 wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_alloca_snprintf_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_ncpy_82_goodG2B::action(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 33628 65472/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_01.c Format_String_Attack 66 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33629 65472/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_01.c Format_String_Attack 43 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33630 65473/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_02.c Format_String_Attack 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33631 65473/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_02.c Format_String_Attack 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33632 65474/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_03.c Format_String_Attack 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33633 65474/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_03.c Format_String_Attack 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33634 65475/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_04.c Format_String_Attack 53 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33635 65475/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_04.c Format_String_Attack 84 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33636 65476/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_05.c Format_String_Attack 53 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33637 65476/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_05.c Format_String_Attack 84 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33638 65477/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_06.c Format_String_Attack 50 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33639 65477/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_06.c Format_String_Attack 81 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33640 65478/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_07.c Format_String_Attack 83 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33641 65478/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_07.c Format_String_Attack 52 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33642 65479/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_08.c Format_String_Attack 91 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33643 65479/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_08.c Format_String_Attack 60 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33644 65480/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_09.c Format_String_Attack 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33645 65480/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_09.c Format_String_Attack 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33646 65481/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_10.c Format_String_Attack 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33647 65481/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_10.c Format_String_Attack 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33648 65482/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_11.c Format_String_Attack 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33649 65482/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_11.c Format_String_Attack 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33650 65483/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_12.c Format_String_Attack 85 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33651 65483/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_12.c Format_String_Attack 52 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33652 65484/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_13.c Format_String_Attack 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33653 65484/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_13.c Format_String_Attack 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33654 65485/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_14.c Format_String_Attack 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33655 65485/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_14.c Format_String_Attack 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33656 65486/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_15.c Format_String_Attack 52 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33657 65486/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_15.c Format_String_Attack 84 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33658 65487/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_16.c Format_String_Attack 74 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33659 65487/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_16.c Format_String_Attack 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33660 65488/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_17.c Format_String_Attack 74 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33661 65488/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_17.c Format_String_Attack 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33662 65489/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_18.c Format_String_Attack 45 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33663 65489/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_18.c Format_String_Attack 70 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33664 65490/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_31.c Format_String_Attack 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33665 65490/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_31.c Format_String_Attack 73 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33666 65491/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_32.c Format_String_Attack 83 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33667 65491/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_32.c Format_String_Attack 51 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr2; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33668 65493/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_34.c Format_String_Attack 53 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33669 65493/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_34.c Format_String_Attack 81 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_34_unionType myUnion; wchar_t * data = myUnion.unionSecond; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33670 65494/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_41.c Format_String_Attack 64 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_41_goodG2BSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33671 65494/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_41.c Format_String_Attack 36 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_41_badSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33672 65495/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_44.c Format_String_Attack 36 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33673 65495/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_44.c Format_String_Attack 68 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33674 65496/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_45.c Format_String_Attack 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_45_badData = data; badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_45_badData; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33675 65496/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_45.c Format_String_Attack 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_45_goodG2BData; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33676 65497/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_51.c Buffer_Overflow_LowBound 136 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_51b_badSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33677 65497/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_51.c Buffer_Overflow_LowBound 153 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_51b_goodG2BSink(data); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_51b_goodG2BSink(wchar_t * data) SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33678 65498/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_52.c Buffer_Overflow_LowBound 208 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_52c_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33679 65498/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_52.c Buffer_Overflow_LowBound 191 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_52c_badSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33680 65499/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_53.c Format_String_Attack 246 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_53d_badSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33681 65499/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_53.c Format_String_Attack 263 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_53d_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33682 65500/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_54.c Format_String_Attack 301 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_54e_badSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33683 65500/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_54.c Format_String_Attack 318 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_54e_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33684 65501/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_63.c Format_String_Attack 152 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_63b_goodG2BSink(&data); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33685 65501/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_63.c Format_String_Attack 134 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33686 65502/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_64.c Format_String_Attack 158 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_64b_goodG2BSink(&data); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33687 65502/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_64.c Format_String_Attack 137 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33688 65503/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_65.c Format_String_Attack 154 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_65b_goodG2BSink; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_65b_goodG2BSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33689 65503/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_65.c Format_String_Attack 137 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_65b_badSink; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_65b_badSink(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33690 65504/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_66.c Format_String_Attack 158 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_66b_goodG2BSink(dataArray); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33691 65504/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_66.c Format_String_Attack 140 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33692 65505/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_67.c Format_String_Attack 166 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_67_structType myStruct; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_67b_goodG2BSink(myStruct); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33693 65505/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_67.c Format_String_Attack 148 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_67_structType myStruct; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33694 65506/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_68.c Format_String_Attack 163 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_68b_goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_68_goodG2BData; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 33695 65506/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_68.c Format_String_Attack 145 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_68b_badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_68_badData; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33696 65510/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_81_bad.cpp Format_String_Attack 37 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_81_bad::action(wchar_t * data) const source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33697 65511/CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_82_bad.cpp Buffer_Overflow_LowBound 37 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE805_wchar_t_declare_snprintf_82_bad::action(wchar_t * data) source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 33698 65560/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_01.c String_Termination_Error 56 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33699 65560/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_01.c String_Termination_Error 34 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33700 65561/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_02.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33701 65561/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_02.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33702 65562/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_03.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33703 65562/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_03.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33704 65563/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_04.c String_Termination_Error 74 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33705 65563/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_04.c String_Termination_Error 44 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33706 65564/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_05.c String_Termination_Error 74 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33707 65564/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_05.c String_Termination_Error 44 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33708 65565/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_06.c String_Termination_Error 71 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33709 65565/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_06.c String_Termination_Error 41 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33710 65566/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_07.c String_Termination_Error 73 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33711 65566/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_07.c String_Termination_Error 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33712 65567/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_08.c String_Termination_Error 81 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33713 65567/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_08.c String_Termination_Error 51 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33714 65568/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_09.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33715 65568/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_09.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33716 65569/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_10.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33717 65569/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_10.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33718 65570/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_11.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33719 65570/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_11.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33720 65571/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_12.c String_Termination_Error 43 har * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33721 65571/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_12.c String_Termination_Error 75 har * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33722 65572/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_13.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33723 65572/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_13.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33724 65573/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_14.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33725 65573/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_14.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33726 65574/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_15.c String_Termination_Error 74 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33727 65574/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_15.c String_Termination_Error 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33728 65575/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_16.c String_Termination_Error 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33729 65575/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_16.c String_Termination_Error 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33730 65576/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_17.c String_Termination_Error 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33731 65576/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_17.c String_Termination_Error 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33732 65577/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_18.c String_Termination_Error 60 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33733 65577/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_18.c String_Termination_Error 36 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data[100-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33734 65578/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_21.c String_Termination_Error 88 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33735 65578/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_21.c String_Termination_Error 47 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33736 65579/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_22.c String_Termination_Error 65 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_22_goodG2B1Global = 0; char dest[50] = ""; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_22_goodG2B1Source(data); memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33737 65579/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_22.c String_Termination_Error 84 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_22_goodG2B2Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_22_goodG2B2Source(char * data) return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_22_goodG2B2Source(data); memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33738 65579/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_22.c String_Termination_Error 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char dest[50] = ""; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_22_badSource(data); memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33739 65580/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_31.c String_Termination_Error 63 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; char * data = dataCopy; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33740 65580/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_31.c String_Termination_Error 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33741 65581/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_32.c String_Termination_Error 42 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; char * *dataPtr2 = &data; char * data = *dataPtr2; 1 --------------------------------- 33742 65581/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_32.c String_Termination_Error 73 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; char * *dataPtr2 = &data; char * data = *dataPtr2; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33743 65583/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_34.c String_Termination_Error 71 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; myUnion.unionFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_34_unionType myUnion; char * data = myUnion.unionSecond; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33744 65583/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_34.c String_Termination_Error 44 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50]=""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33745 65584/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_41.c String_Termination_Error 28 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_41_badSink(char * data) char dest[50]=""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33746 65584/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_41.c String_Termination_Error 54 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_41_goodG2BSink(char * data) char dest[50]=""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33747 65585/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_42.c String_Termination_Error 40 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); char dest[50] = ""; data[100-1] = '\0'; return data; data = badSource(data); memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33748 65585/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_42.c String_Termination_Error 68 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = goodG2BSource(data); char dest[50] = ""; data[50-1] = '\0'; return data; data = goodG2BSource(data); memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33749 65587/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_44.c String_Termination_Error 58 void (*funcPtr) (char *) = goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33750 65587/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_44.c String_Termination_Error 28 void (*funcPtr) (char *) = badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50]=""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33751 65588/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_45.c String_Termination_Error 32 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_45_badData = data; badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_45_badData; char dest[50]=""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33752 65588/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_45.c String_Termination_Error 61 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_45_goodG2BData = data; goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_45_goodG2BData; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33753 65589/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_51.c String_Termination_Error 121 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_51b_badSink(data); char dest[50] = ""; void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_51b_badSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33754 65589/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_51.c String_Termination_Error 137 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_51b_goodG2BSink(data); char dest[50] = ""; void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_51b_goodG2BSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33755 65590/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_52.c String_Termination_Error 186 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_52b_goodG2BSink(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33756 65590/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_52.c String_Termination_Error 170 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_52b_badSink(data); char dest[50] = ""; void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_52c_badSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33757 65591/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_53.c String_Termination_Error 219 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_53b_badSink(data); char dest[50] = ""; void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_53d_badSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33758 65591/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_53.c String_Termination_Error 235 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_53d_goodG2BSink(data); char dest[50] = ""; void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_53d_goodG2BSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33759 65592/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_54.c String_Termination_Error 268 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_54b_badSink(data); char dest[50] = ""; void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_54e_badSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33760 65592/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_54.c String_Termination_Error 284 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_54e_goodG2BSink(data); char dest[50] = ""; void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_54e_goodG2BSink(char * data) memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33761 65593/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_61.c String_Termination_Error 57 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_61b_goodG2BSource(data); data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_61b_goodG2BSource(data); memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33762 65593/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_61.c String_Termination_Error 35 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_61b_badSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33763 65595/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_63.c String_Termination_Error 136 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33764 65595/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_63.c String_Termination_Error 119 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33765 65596/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_64.c String_Termination_Error 122 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33766 65596/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_64.c String_Termination_Error 142 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33767 65597/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_65.c String_Termination_Error 138 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_65b_goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_65b_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33768 65597/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_65.c String_Termination_Error 122 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_65b_badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_65b_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33769 65598/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_66.c String_Termination_Error 142 char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33770 65598/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_66.c String_Termination_Error 125 char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33771 65599/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_67.c String_Termination_Error 150 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33772 65599/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_67.c String_Termination_Error 133 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33773 65600/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_68.c String_Termination_Error 130 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_68b_badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_68_badData; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33774 65600/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_68.c String_Termination_Error 147 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_68_goodG2BData; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33775 65604/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_81_bad.cpp String_Termination_Error 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_81_bad::action(char * data) const char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33776 65604/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_81_goodG2B.cpp String_Termination_Error 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_81_goodG2B::action(char * data) const char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33777 65605/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_82_bad.cpp String_Termination_Error 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_82_bad::action(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33778 65605/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_82_goodG2B.cpp String_Termination_Error 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memcpy_82_goodG2B::action(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33779 65608/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_01.c String_Termination_Error 34 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33780 65608/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_01.c String_Termination_Error 56 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33781 65609/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_02.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33782 65609/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_02.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33783 65610/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_03.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33784 65610/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_03.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33785 65611/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_04.c String_Termination_Error 44 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33786 65611/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_04.c String_Termination_Error 74 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33787 65612/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_05.c String_Termination_Error 44 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33788 65612/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_05.c String_Termination_Error 74 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33789 65613/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_06.c String_Termination_Error 41 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33790 65613/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_06.c String_Termination_Error 71 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33791 65614/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_07.c String_Termination_Error 73 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33792 65614/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_07.c String_Termination_Error 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33793 65615/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_08.c String_Termination_Error 81 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33794 65615/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_08.c String_Termination_Error 51 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33795 65616/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_09.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33796 65616/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_09.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33797 65617/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_10.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33798 65617/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_10.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33799 65618/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_11.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33800 65618/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_11.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33801 65619/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_12.c String_Termination_Error 75 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33802 65619/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_12.c String_Termination_Error 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33803 65620/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_13.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33804 65620/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_13.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33805 65621/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_14.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33806 65621/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_14.c String_Termination_Error 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33807 65622/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_15.c String_Termination_Error 74 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33808 65622/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_15.c String_Termination_Error 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33809 65623/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_16.c String_Termination_Error 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33810 65623/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_16.c String_Termination_Error 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33811 65624/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_17.c String_Termination_Error 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33812 65624/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_17.c String_Termination_Error 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33813 65625/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_18.c String_Termination_Error 36 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33814 65625/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_18.c String_Termination_Error 60 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33815 65626/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_21.c String_Termination_Error 47 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33816 65626/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_21.c String_Termination_Error 88 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33817 65627/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_22.c String_Termination_Error 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_22_badGlobal = 1; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_22_badSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33818 65627/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_22.c String_Termination_Error 65 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_22_goodG2B1Global = 0; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_22_goodG2B1Source(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33819 65627/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_22.c String_Termination_Error 84 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_22_goodG2B2Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33820 65628/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_31.c String_Termination_Error 63 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; char * dataCopy = data; char * data = dataCopy; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33821 65628/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_31.c String_Termination_Error 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; char * dataCopy = data; char * data = dataCopy; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33822 65629/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_32.c String_Termination_Error 73 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char * data = *dataPtr1; memset(data, 'A', 50-1); data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33823 65629/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_32.c String_Termination_Error 42 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char * data = *dataPtr1; memset(data, 'A', 100-1); data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33824 65631/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_34.c String_Termination_Error 44 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33825 65631/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_34.c String_Termination_Error 71 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33826 65632/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_41.c String_Termination_Error 54 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_41_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33827 65632/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_41.c String_Termination_Error 28 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_41_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33828 65633/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_42.c String_Termination_Error 68 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); char dest[50] = ""; memset(data, 'A', 50-1); data[50-1] = '\0'; return data; data = goodG2BSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33829 65633/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_42.c String_Termination_Error 40 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); char dest[50] = ""; memset(data, 'A', 100-1); data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33830 65635/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_44.c String_Termination_Error 28 void (*funcPtr) (char *) = badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33831 65635/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_44.c String_Termination_Error 58 void (*funcPtr) (char *) = goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33832 65636/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_45.c String_Termination_Error 61 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_45_goodG2BData = data; goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_45_goodG2BData; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33833 65636/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_45.c String_Termination_Error 32 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_45_badData = data; badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_45_badData; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33834 65637/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_51.c String_Termination_Error 121 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_51b_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33835 65637/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_51.c String_Termination_Error 137 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_51b_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33836 65638/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_52.c String_Termination_Error 170 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_52c_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33837 65638/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_52.c String_Termination_Error 186 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_52c_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33838 65639/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_53.c String_Termination_Error 235 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_53d_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33839 65639/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_53.c String_Termination_Error 219 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_53d_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33840 65640/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_54.c String_Termination_Error 284 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_54e_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33841 65640/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_54.c String_Termination_Error 268 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_54e_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33842 65641/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_61.c String_Termination_Error 57 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_61b_goodG2BSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_61b_goodG2BSource(char * data); data[50-1] = '\0'; return data; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33843 65641/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_61.c String_Termination_Error 35 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_61b_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_61b_badSource(char * data); data[100-1] = '\0'; return data; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33844 65643/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_63.c String_Termination_Error 119 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33845 65643/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_63.c String_Termination_Error 136 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33846 65644/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_64.c String_Termination_Error 142 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33847 65644/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_64.c String_Termination_Error 122 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33848 65645/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_65.c String_Termination_Error 122 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_65b_badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_65b_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33849 65645/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_65.c String_Termination_Error 138 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_65b_goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_65b_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33850 65646/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_66.c String_Termination_Error 142 char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33851 65646/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_66.c String_Termination_Error 125 char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33852 65647/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_67.c String_Termination_Error 150 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33853 65647/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_67.c String_Termination_Error 133 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33854 65648/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_68.c String_Termination_Error 130 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_68b_badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_68_badData; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33855 65648/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_68.c String_Termination_Error 147 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_68_goodG2BData; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33856 65652/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_81_bad.cpp String_Termination_Error 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_81_bad::action(char * data) const char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33857 65652/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_81_goodG2B.cpp String_Termination_Error 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_81_goodG2B::action(char * data) const char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33858 65653/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_82_bad.cpp String_Termination_Error 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_82_bad::action(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 33859 65653/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_82_goodG2B.cpp String_Termination_Error 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_memmove_82_goodG2B::action(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 33860 65656/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_01.c Off_by_One_Error_in_Methods 34 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33861 65656/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_01.c Off_by_One_Error_in_Methods 56 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33862 65657/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_02.c Buffer_Overflow_LowBound 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33863 65657/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_02.c Buffer_Overflow_LowBound 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33864 65658/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_03.c Off_by_One_Error_in_Methods 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33865 65658/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_03.c Off_by_One_Error_in_Methods 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33866 65658/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_03.c Buffer_Overflow_LowBound 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33867 65659/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_04.c Off_by_One_Error_in_Methods 74 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33868 65659/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_04.c Off_by_One_Error_in_Methods 44 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33869 65660/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_05.c Buffer_Overflow_LowBound 74 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33870 65660/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_05.c Buffer_Overflow_LowBound 44 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33871 65661/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_06.c Buffer_Overflow_LowBound 71 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33872 65661/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_06.c Buffer_Overflow_LowBound 41 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33873 65662/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_07.c Buffer_Overflow_LowBound 73 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33874 65662/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_07.c Buffer_Overflow_LowBound 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33875 65663/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_08.c Buffer_Overflow_LowBound 81 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33876 65663/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_08.c Buffer_Overflow_LowBound 51 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33877 65664/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_09.c Buffer_Overflow_LowBound 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33878 65664/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_09.c Buffer_Overflow_LowBound 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33879 65665/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_10.c Buffer_Overflow_LowBound 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33880 65665/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_10.c Buffer_Overflow_LowBound 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33881 65666/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_11.c Buffer_Overflow_LowBound 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33882 65666/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_11.c Buffer_Overflow_LowBound 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33883 65667/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_12.c Buffer_Overflow_LowBound 75 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33884 65667/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_12.c Buffer_Overflow_LowBound 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33885 65668/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_13.c Buffer_Overflow_LowBound 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33886 65668/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_13.c Buffer_Overflow_LowBound 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33887 65669/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_14.c Buffer_Overflow_LowBound 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33888 65669/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_14.c Buffer_Overflow_LowBound 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33889 65670/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_15.c Buffer_Overflow_LowBound 74 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33890 65670/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_15.c Buffer_Overflow_LowBound 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33891 65671/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_16.c Buffer_Overflow_LowBound 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33892 65671/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_16.c Buffer_Overflow_LowBound 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33893 65672/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_17.c Buffer_Overflow_LowBound 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33894 65672/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_17.c Buffer_Overflow_LowBound 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33895 65673/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_18.c Buffer_Overflow_LowBound 60 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33896 65673/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_18.c Buffer_Overflow_LowBound 36 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33897 65674/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_21.c Buffer_Overflow_LowBound 47 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badStatic = 1; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33898 65674/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_21.c Buffer_Overflow_LowBound 88 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; data = goodG2B1Source(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33899 65675/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_22.c Buffer_Overflow_LowBound 84 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_22_goodG2B1Global = 0; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_22_goodG2B1Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_22_goodG2B1Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_22_goodG2B2Source(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33900 65675/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_22.c Buffer_Overflow_LowBound 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_22_badGlobal = 1; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_22_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_22_badSource(char * data); memset(data, 'A', 100-1); data[100-1] = '\0'; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_22_badSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33901 65676/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_31.c Buffer_Overflow_LowBound 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33902 65676/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_31.c Buffer_Overflow_LowBound 63 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33903 65677/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_32.c Buffer_Overflow_LowBound 42 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * *dataPtr2 = &data; char * data = *dataPtr2; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33904 65677/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_32.c Buffer_Overflow_LowBound 73 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * *dataPtr2 = &data; char * data = *dataPtr2; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33905 65679/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_34.c Buffer_Overflow_LowBound 71 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33906 65679/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_34.c Buffer_Overflow_LowBound 44 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33907 65680/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_41.c Buffer_Overflow_LowBound 28 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_41_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33908 65680/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_41.c Buffer_Overflow_LowBound 54 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_41_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33909 65681/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_42.c Buffer_Overflow_LowBound 68 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33910 65681/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_42.c Buffer_Overflow_LowBound 40 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33911 65683/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_44.c Off_by_One_Error_in_Methods 58 void (*funcPtr) (char *) = goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33912 65683/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_44.c Off_by_One_Error_in_Methods 28 void (*funcPtr) (char *) = badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33913 65684/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_45.c Off_by_One_Error_in_Methods 61 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_45_goodG2BData; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33914 65684/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_45.c Off_by_One_Error_in_Methods 32 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_45_badData = data; badSink(); static void badSink() char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33915 65685/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_51.c Off_by_One_Error_in_Methods 121 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_51b_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33916 65685/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_51.c Off_by_One_Error_in_Methods 137 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_51b_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33917 65686/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_52.c Off_by_One_Error_in_Methods 186 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_52c_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33918 65686/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_52.c Off_by_One_Error_in_Methods 170 data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_52c_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33919 65687/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_53.c Off_by_One_Error_in_Methods 219 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_53d_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33920 65687/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_53.c Off_by_One_Error_in_Methods 235 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_53d_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33921 65688/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_54.c Off_by_One_Error_in_Methods 268 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_54e_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33922 65688/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_54.c Off_by_One_Error_in_Methods 284 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_54e_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33923 65689/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_61.c Off_by_One_Error_in_Methods 57 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_61b_goodG2BSource(data); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33924 65689/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_61.c Off_by_One_Error_in_Methods 35 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_61b_badSource(data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33925 65691/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_63.c Off_by_One_Error_in_Methods 119 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33926 65691/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_63.c Off_by_One_Error_in_Methods 136 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; strncat(dest, data, strlen(data)); 0 --------------------------------- 33927 65692/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_64.c Off_by_One_Error_in_Methods 122 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33928 65692/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_64.c Off_by_One_Error_in_Methods 142 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strncat(dest, data, strlen(data)); 0 --------------------------------- 33929 65693/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_65.c Off_by_One_Error_in_Methods 138 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_65b_goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_65b_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33930 65693/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_65.c Off_by_One_Error_in_Methods 122 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_65b_badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_65b_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33931 65694/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_66.c Off_by_One_Error_in_Methods 125 char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33932 65694/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_66.c Off_by_One_Error_in_Methods 142 char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strncat(dest, data, strlen(data)); 0 --------------------------------- 33933 65695/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_67.c Off_by_One_Error_in_Methods 133 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33934 65695/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_67.c Off_by_One_Error_in_Methods 150 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33935 65696/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_68.c Off_by_One_Error_in_Methods 130 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_68b_badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_68_badData; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33936 65696/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_68.c Off_by_One_Error_in_Methods 147 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_68_goodG2BData; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33937 65700/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_81_bad.cpp Off_by_One_Error_in_Methods 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_81_bad::action(char * data) const char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33938 65700/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_81_goodG2B.cpp String_Termination_Error 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_81_goodG2B::action(char * data) const char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33939 65701/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_82_bad.cpp Buffer_Overflow_LowBound 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_82_bad::action(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 33940 65701/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_82_goodG2B.cpp Buffer_Overflow_LowBound 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncat_82_goodG2B::action(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 33941 65704/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_01.c Buffer_Overflow_LowBound 56 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33942 65704/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_01.c Buffer_Overflow_LowBound 34 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33943 65705/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_02.c Buffer_Overflow_LowBound 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33944 65705/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_02.c Buffer_Overflow_LowBound 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33945 65706/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_03.c Off_by_One_Error_in_Methods 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33946 65706/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_03.c Off_by_One_Error_in_Methods 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33947 65707/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_04.c Off_by_One_Error_in_Methods 44 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33948 65707/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_04.c Off_by_One_Error_in_Methods 74 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33949 65708/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_05.c Off_by_One_Error_in_Methods 44 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33950 65708/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_05.c Off_by_One_Error_in_Methods 74 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33951 65709/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_06.c Off_by_One_Error_in_Methods 71 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33952 65709/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_06.c Off_by_One_Error_in_Methods 41 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33953 65710/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_07.c Off_by_One_Error_in_Methods 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33954 65710/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_07.c Off_by_One_Error_in_Methods 73 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33955 65711/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_08.c Off_by_One_Error_in_Methods 51 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33956 65711/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_08.c Off_by_One_Error_in_Methods 81 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33957 65712/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_09.c Off_by_One_Error_in_Methods 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33958 65712/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_09.c Off_by_One_Error_in_Methods 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33959 65713/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_10.c Off_by_One_Error_in_Methods 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33960 65713/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_10.c Off_by_One_Error_in_Methods 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33961 65714/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_11.c Off_by_One_Error_in_Methods 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33962 65714/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_11.c Off_by_One_Error_in_Methods 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33963 65715/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_12.c Off_by_One_Error_in_Methods 75 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33964 65715/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_12.c Off_by_One_Error_in_Methods 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33965 65716/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_13.c Off_by_One_Error_in_Methods 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33966 65716/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_13.c Off_by_One_Error_in_Methods 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33967 65717/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_14.c Off_by_One_Error_in_Methods 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33968 65717/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_14.c Off_by_One_Error_in_Methods 67 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33969 65718/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_15.c Off_by_One_Error_in_Methods 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33970 65718/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_15.c Off_by_One_Error_in_Methods 74 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33971 65719/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_16.c Off_by_One_Error_in_Methods 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33972 65719/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_16.c Off_by_One_Error_in_Methods 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33973 65720/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_17.c Off_by_One_Error_in_Methods 64 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33974 65720/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_17.c Off_by_One_Error_in_Methods 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33975 65721/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_18.c Off_by_One_Error_in_Methods 60 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33976 65721/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_18.c Off_by_One_Error_in_Methods 36 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33977 65722/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_21.c Buffer_Overflow_LowBound 47 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33978 65722/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_21.c Buffer_Overflow_LowBound 88 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33979 65723/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_22.c Off_by_One_Error_in_Methods 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_22_badGlobal = 1; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_22_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_22_badSource(char * data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33980 65723/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_22.c Off_by_One_Error_in_Methods 84 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_22_goodG2B1Global = 0; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_22_goodG2B1Source(data); memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33981 65724/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_31.c Off_by_One_Error_in_Methods 63 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33982 65724/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_31.c Off_by_One_Error_in_Methods 37 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33983 65725/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_32.c Off_by_One_Error_in_Methods 73 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * *dataPtr2 = &data; char * data = *dataPtr2; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33984 65725/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_32.c Off_by_One_Error_in_Methods 42 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * *dataPtr2 = &data; char * data = *dataPtr2; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33985 65727/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_34.c Off_by_One_Error_in_Methods 71 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33986 65727/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_34.c Off_by_One_Error_in_Methods 44 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33987 65728/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_41.c Off_by_One_Error_in_Methods 54 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_41_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33988 65728/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_41.c Off_by_One_Error_in_Methods 28 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_41_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33989 65729/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_42.c Off_by_One_Error_in_Methods 40 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33990 65729/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_42.c Off_by_One_Error_in_Methods 68 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = goodG2BSource(data); memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33991 65731/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_44.c Off_by_One_Error_in_Methods 28 void (*funcPtr) (char *) = badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33992 65731/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_44.c Off_by_One_Error_in_Methods 58 void (*funcPtr) (char *) = goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33993 65732/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_45.c Off_by_One_Error_in_Methods 32 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_45_badData = data; badSink(); static void badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_45_badData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33994 65732/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_45.c Off_by_One_Error_in_Methods 61 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_45_goodG2BData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33995 65733/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_51.c Off_by_One_Error_in_Methods 121 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_51b_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33996 65733/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_51.c Off_by_One_Error_in_Methods 137 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_51b_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33997 65734/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_52.c Off_by_One_Error_in_Methods 170 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_52c_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 33998 65734/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_52.c Off_by_One_Error_in_Methods 186 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_52c_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 33999 65735/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_53.c Off_by_One_Error_in_Methods 219 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_53d_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 34000 65735/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_53.c Off_by_One_Error_in_Methods 235 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_53d_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 34001 65736/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_54.c Off_by_One_Error_in_Methods 284 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_54e_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 34002 65736/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_54.c Off_by_One_Error_in_Methods 268 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_54e_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 34003 65737/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_61.c Off_by_One_Error_in_Methods 35 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_61b_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_61b_badSource(char * data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 34004 65737/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_61.c Off_by_One_Error_in_Methods 57 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_61b_goodG2BSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_61b_goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 34005 65739/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_63.c Off_by_One_Error_in_Methods 119 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 34006 65739/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_63.c Off_by_One_Error_in_Methods 136 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; strncpy(dest, data, strlen(data)); 0 --------------------------------- 34007 65740/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_64.c Off_by_One_Error_in_Methods 142 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); strncpy(dest, data, strlen(data)); 0 --------------------------------- 34008 65740/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_64.c Off_by_One_Error_in_Methods 122 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 34009 65741/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_65.c Off_by_One_Error_in_Methods 122 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_65b_badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_65b_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 34010 65741/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_65.c Off_by_One_Error_in_Methods 138 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_65b_goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_65b_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 34011 65742/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_66.c Off_by_One_Error_in_Methods 125 char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 34012 65742/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_66.c Off_by_One_Error_in_Methods 142 char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; strncpy(dest, data, strlen(data)); 0 --------------------------------- 34013 65743/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_67.c Off_by_One_Error_in_Methods 133 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 34014 65743/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_67.c Off_by_One_Error_in_Methods 150 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_67_structType myStruct) char * data = myStruct.structFirst; strncpy(dest, data, strlen(data)); 0 --------------------------------- 34015 65744/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68.c Off_by_One_Error_in_Methods 147 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68_goodG2BData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 34016 65744/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68.c Off_by_One_Error_in_Methods 130 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68b_badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68_badData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 34017 65748/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_81_bad::action(char * data) const char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 34018 65748/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_81_goodG2B.cpp Off_by_One_Error_in_Methods 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_81_goodG2B::action(char * data) const char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 34019 65749/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_82_bad::action(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 34020 65749/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_82_goodG2B.cpp Off_by_One_Error_in_Methods 29 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_ncpy_82_goodG2B::action(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 34021 65752/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_01.c Buffer_Overflow_LowBound 40 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34022 65752/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_01.c Buffer_Overflow_LowBound 61 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34023 65753/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_02.c Buffer_Overflow_LowBound 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34024 65753/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_02.c Buffer_Overflow_LowBound 72 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34025 65754/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_03.c Buffer_Overflow_LowBound 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34026 65754/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_03.c Buffer_Overflow_LowBound 72 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34027 65755/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_04.c Buffer_Overflow_LowBound 99 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34028 65755/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_04.c Buffer_Overflow_LowBound 79 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34029 65756/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_05.c Buffer_Overflow_LowBound 50 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34030 65756/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_05.c Buffer_Overflow_LowBound 79 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34031 65757/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_06.c Buffer_Overflow_LowBound 47 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34032 65757/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_06.c Buffer_Overflow_LowBound 76 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34033 65758/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_07.c Buffer_Overflow_LowBound 49 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34034 65758/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_07.c Buffer_Overflow_LowBound 78 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34035 65759/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_08.c Buffer_Overflow_LowBound 57 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34036 65759/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_08.c Buffer_Overflow_LowBound 86 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34037 65760/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_09.c Buffer_Overflow_LowBound 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34038 65760/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_09.c Buffer_Overflow_LowBound 72 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34039 65761/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_10.c Buffer_Overflow_LowBound 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34040 65761/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_10.c Buffer_Overflow_LowBound 72 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34041 65762/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_11.c Buffer_Overflow_LowBound 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34042 65762/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_11.c Buffer_Overflow_LowBound 72 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34043 65763/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_12.c Buffer_Overflow_LowBound 49 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34044 65763/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_12.c Buffer_Overflow_LowBound 80 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34045 65764/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_13.c Buffer_Overflow_LowBound 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34046 65764/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_13.c Buffer_Overflow_LowBound 72 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34047 65765/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_14.c Buffer_Overflow_LowBound 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34048 65765/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_14.c Buffer_Overflow_LowBound 72 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34049 65766/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_15.c Buffer_Overflow_LowBound 49 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34050 65766/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_15.c Buffer_Overflow_LowBound 79 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34051 65767/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_16.c Buffer_Overflow_LowBound 69 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34052 65767/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_16.c Buffer_Overflow_LowBound 44 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34053 65768/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_17.c Buffer_Overflow_LowBound 69 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34054 65768/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_17.c Buffer_Overflow_LowBound 44 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34055 65769/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_18.c Buffer_Overflow_LowBound 65 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34056 65769/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_18.c Buffer_Overflow_LowBound 42 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50]=""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34057 65770/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_21.c Buffer_Overflow_LowBound 93 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; data = goodG2B1Source(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34058 65770/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_21.c Buffer_Overflow_LowBound 53 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; badStatic = 1; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34059 65771/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_22.c Buffer_Overflow_LowBound 70 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_22_goodG2B1Global = 0; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_22_goodG2B1Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_22_goodG2B1Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_22_goodG2B1Source(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34060 65771/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_22.c Buffer_Overflow_LowBound 44 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_22_badGlobal = 1; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_22_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_22_badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34061 65772/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_31.c Buffer_Overflow_LowBound 43 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34062 65772/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_31.c Buffer_Overflow_LowBound 68 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34063 65773/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_32.c Buffer_Overflow_LowBound 78 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * *dataPtr2 = &data; char * data = *dataPtr2; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34064 65773/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_32.c Buffer_Overflow_LowBound 48 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * *dataPtr2 = &data; char * data = *dataPtr2; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34065 65775/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_34.c Buffer_Overflow_LowBound 50 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34066 65775/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_34.c Buffer_Overflow_LowBound 76 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34067 65776/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_41.c Buffer_Overflow_LowBound 59 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_41_goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34068 65776/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_41.c Buffer_Overflow_LowBound 34 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_41_badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34069 65777/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_42.c Buffer_Overflow_LowBound 73 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; data = goodG2BSource(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34070 65777/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_42.c Buffer_Overflow_LowBound 46 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34071 65779/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_44.c Format_String_Attack 34 void (*funcPtr) (char *) = badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34072 65779/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_44.c Format_String_Attack 63 void (*funcPtr) (char *) = goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34073 65780/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_45.c Format_String_Attack 38 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_45_badData; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34074 65780/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_45.c Format_String_Attack 66 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_45_goodG2BData; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34075 65781/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_51.c Buffer_Overflow_LowBound 133 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_51b_badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34076 65781/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_51.c Buffer_Overflow_LowBound 148 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_51b_goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34077 65782/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_52.c Buffer_Overflow_LowBound 203 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_52c_goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34078 65782/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_52.c Buffer_Overflow_LowBound 188 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_52c_badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34079 65783/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_53.c Buffer_Overflow_LowBound 243 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_53d_badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34080 65783/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_53.c Buffer_Overflow_LowBound 258 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_53d_goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34081 65784/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_54.c Buffer_Overflow_LowBound 313 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_54e_goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34082 65784/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_54.c Buffer_Overflow_LowBound 298 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_54e_badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34083 65785/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_61.c Buffer_Overflow_LowBound 41 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_61b_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_61b_badSource(char * data); memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34084 65785/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_61.c Buffer_Overflow_LowBound 62 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_61b_goodG2BSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_61b_goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34085 65787/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_63.c Buffer_Overflow_LowBound 147 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34086 65787/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_63.c Buffer_Overflow_LowBound 131 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_63b_badSink(&dat void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34087 65788/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_64.c Buffer_Overflow_LowBound 153 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34088 65788/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_64.c Buffer_Overflow_LowBound 134 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34089 65789/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_65.c Buffer_Overflow_LowBound 134 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_65b_badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_65b_badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34090 65789/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_65.c Buffer_Overflow_LowBound 149 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_65b_goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_65b_goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34091 65790/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_66.c Buffer_Overflow_LowBound 137 char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_66b_badSink(dataArra void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34092 65790/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_66.c Buffer_Overflow_LowBound 153 char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34093 65791/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_67.c Buffer_Overflow_LowBound 161 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34094 65791/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_67.c Buffer_Overflow_LowBound 145 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34095 65792/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_68.c Buffer_Overflow_LowBound 142 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_68_badData; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34096 65792/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_68.c Buffer_Overflow_LowBound 158 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_68b_goodG2BSink(); CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_68_goodG2BData; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34097 65796/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_81_bad.cpp Buffer_Overflow_LowBound 35 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_81_bad::action(char * data) const char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34098 65796/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_81_goodG2B.cpp Buffer_Overflow_LowBound 35 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_81_goodG2B::action(char * data) const char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34099 65797/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_82_bad.cpp Buffer_Overflow_LowBound 35 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_82_bad::action(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 34100 65797/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_82_goodG2B.cpp Buffer_Overflow_LowBound 35 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_alloca_snprintf_82_goodG2B::action(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 34101 65848/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_01.c String_Termination_Error 56 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34102 65848/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_01.c String_Termination_Error 34 char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 34103 65849/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_02.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34104 67484/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_01.c Buffer_Overflow_boundedcpy 61 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_01_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34105 67484/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_01.c Buffer_Overflow_boundedcpy 41 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_01_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34106 67485/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_02.c Buffer_Overflow_boundedcpy 72 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_02_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34107 67485/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_02.c Buffer_Overflow_boundedcpy 92 good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34108 67485/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_02.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_02_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34109 67486/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_03.c Buffer_Overflow_boundedcpy 72 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_03_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34110 67486/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_03.c Buffer_Overflow_boundedcpy 92 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_03_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34111 67486/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_03.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_03_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34112 67487/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_04.c Buffer_Overflow_boundedcpy 78 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_04_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34113 67487/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_04.c Buffer_Overflow_boundedcpy 98 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_04_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34114 67487/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_04.c Buffer_Overflow_boundedcpy 49 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_04_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34115 67488/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_05.c Buffer_Overflow_boundedcpy 78 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_05_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34116 67488/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_05.c Buffer_Overflow_boundedcpy 98 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_05_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34117 67488/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_05.c Buffer_Overflow_boundedcpy 49 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_05_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34118 67489/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_06.c Buffer_Overflow_boundedcpy 77 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_06_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34119 67489/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_06.c Buffer_Overflow_boundedcpy 48 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_06_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34120 67489/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_06.c Buffer_Overflow_boundedcpy 97 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_06_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34121 67490/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_07.c Buffer_Overflow_boundedcpy 77 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_07_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34122 67490/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_07.c Buffer_Overflow_boundedcpy 48 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_07_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34123 67490/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_07.c Buffer_Overflow_boundedcpy 97 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_07_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34124 67491/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_08.c Buffer_Overflow_boundedcpy 85 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_08_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34125 67491/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_08.c Buffer_Overflow_boundedcpy 56 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_08_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34126 67491/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_08.c Buffer_Overflow_boundedcpy 105 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_08_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34127 67492/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_09.c Buffer_Overflow_boundedcpy 72 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_09_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34128 67492/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_09.c Buffer_Overflow_boundedcpy 92 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_09_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34129 67492/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_09.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_09_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34130 67493/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_10.c Buffer_Overflow_boundedcpy 72 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_10_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34131 67493/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_10.c Buffer_Overflow_boundedcpy 92 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_10_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34132 67493/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_10.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_10_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34133 67494/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_11.c Buffer_Overflow_boundedcpy 72 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_11_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34134 67494/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_11.c Buffer_Overflow_boundedcpy 92 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_11_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34135 67494/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_11.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_11_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34136 67495/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34137 67495/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12.c Buffer_Overflow_boundedcpy 82 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34138 67495/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12.c Buffer_Overflow_boundedcpy 97 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34139 67495/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12.c Buffer_Overflow_boundedcpy 58 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_12_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34140 67496/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_13.c Buffer_Overflow_boundedcpy 72 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_13_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34141 67496/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_13.c Buffer_Overflow_boundedcpy 92 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_13_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34142 67496/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_13.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_13_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34143 67497/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_14.c Buffer_Overflow_boundedcpy 72 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_14_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34144 67497/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_14.c Buffer_Overflow_boundedcpy 92 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_14_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34145 67497/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_14.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_14_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34146 67498/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_15.c Buffer_Overflow_boundedcpy 44 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_15_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34147 67498/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_15.c Buffer_Overflow_boundedcpy 78 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_15_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34148 67498/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_15.c Buffer_Overflow_boundedcpy 100 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_15_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34149 67499/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_16.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_16_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34150 67499/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_16.c Buffer_Overflow_boundedcpy 68 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_16_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34151 67500/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_17.c Buffer_Overflow_boundedcpy 44 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_17_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34152 67500/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_17.c Buffer_Overflow_boundedcpy 69 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_17_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34153 67501/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_18.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_17_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34154 67501/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_18.c Buffer_Overflow_boundedcpy 66 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memcpy_18_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memcpy(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34155 67502/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_01.c Buffer_Overflow_boundedcpy 41 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_01_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34156 67502/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_01.c Buffer_Overflow_boundedcpy 60 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_01_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34157 67503/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_02.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_02_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34158 67503/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_02.c Buffer_Overflow_boundedcpy 90 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_02_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34159 67503/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_02.c Buffer_Overflow_boundedcpy 71 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_02_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34160 67504/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_03.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_03_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34161 67504/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_03.c Buffer_Overflow_boundedcpy 90 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_03_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34162 67504/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_03.c Buffer_Overflow_boundedcpy 71 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_03_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34163 67505/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_04.c Buffer_Overflow_boundedcpy 96 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_04_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34164 67505/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_04.c Buffer_Overflow_boundedcpy 77 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_04_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34165 67505/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_04.c Buffer_Overflow_boundedcpy 49 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_04_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34166 67506/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_05.c Buffer_Overflow_boundedcpy 96 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_05_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34167 67506/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_05.c Buffer_Overflow_boundedcpy 77 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_05_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34168 67506/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_05.c Buffer_Overflow_boundedcpy 49 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_05_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34169 67507/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_06.c Buffer_Overflow_boundedcpy 48 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_06_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34170 67507/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_06.c Buffer_Overflow_boundedcpy 95 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_06_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34171 67507/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_06.c Buffer_Overflow_boundedcpy 76 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_06_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34172 67508/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_07.c Buffer_Overflow_boundedcpy 48 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_07_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34173 67508/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_07.c Buffer_Overflow_boundedcpy 95 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_07_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34174 67508/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_07.c Buffer_Overflow_boundedcpy 76 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_07_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34175 67509/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_08.c Buffer_Overflow_boundedcpy 56 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_08_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34176 67509/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_08.c Buffer_Overflow_boundedcpy 103 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_08_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34177 67509/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_08.c Buffer_Overflow_boundedcpy 84 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_08_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34178 67510/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_09.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_09_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34179 67510/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_09.c Buffer_Overflow_boundedcpy 90 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_09_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34180 67510/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_09.c Buffer_Overflow_boundedcpy 71 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_09_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34181 67511/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_10.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_10_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34182 67511/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_10.c Buffer_Overflow_boundedcpy 90 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_10_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34183 67511/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_10.c Buffer_Overflow_boundedcpy 71 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_10_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34184 67512/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_11.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_11_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34185 67512/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_11.c Buffer_Overflow_boundedcpy 90 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_11_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34186 67512/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_11.c Buffer_Overflow_boundedcpy 71 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_11_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34187 67513/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12.c Buffer_Overflow_boundedcpy 57 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34188 67513/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12.c Buffer_Overflow_boundedcpy 94 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34189 67513/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34190 67513/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12.c Buffer_Overflow_boundedcpy 80 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_12_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34191 67514/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_13.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_13_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34192 67514/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_13.c Buffer_Overflow_boundedcpy 90 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_13_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34193 67514/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_13.c Buffer_Overflow_boundedcpy 71 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_13_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34194 67515/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_14.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_14_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34195 67515/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_14.c Buffer_Overflow_boundedcpy 90 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_14_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34196 67515/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_14.c Buffer_Overflow_boundedcpy 71 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_14_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34197 67516/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_15.c Buffer_Overflow_boundedcpy 77 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_15_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34198 67516/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_15.c Buffer_Overflow_boundedcpy 98 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_15_good(); good2(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34199 67516/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_15.c Buffer_Overflow_boundedcpy 44 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_15_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34200 67517/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_16.c Buffer_Overflow_boundedcpy 67 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_16_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34201 67517/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_16.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_16_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34202 67518/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_17.c Buffer_Overflow_boundedcpy 44 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_17_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34203 67518/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_17.c Buffer_Overflow_boundedcpy 68 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_17_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34204 67519/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_18.c Buffer_Overflow_boundedcpy 65 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_18_good(); good1(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(structCharVoid->charFirst)); 0 --------------------------------- 34205 67519/CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_18.c Buffer_Overflow_boundedcpy 43 CWE122_Heap_Based_Buffer_Overflow__char_type_overrun_memmove_18_bad(); charVoid * structCharVoid = (charVoid *)malloc(sizeof(charVoid)); structCharVoid->voidSecond = (void *)SRC_STR; memmove(structCharVoid->charFirst, SRC_STR, sizeof(*structCharVoid)); 1 --------------------------------- 34206 68218/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 46 wchar_t * data; data = NULL; badSource(data); void badSource(wchar_t * &data) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34207 68218/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_43.cpp Buffer_Overflow_boundedcpy 72 wchar_t * data; data = NULL; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34208 68219/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_44.cpp Buffer_Overflow_boundedcpy 66 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = new wchar_t[10+1]; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34209 68219/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_44.cpp Buffer_Overflow_boundedcpy 37 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = new wchar_t[10]; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34210 68220/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_45.cpp Buffer_Overflow_boundedcpy 41 wchar_t * data; data = NULL; data = new wchar_t[10]; badData = data; badSink(); static void badSink() wchar_t * data = badData; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34211 68220/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_45.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = goodG2BData; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34212 68221/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_51.cpp Buffer_Overflow_boundedcpy 137 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink(data); void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34213 68221/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_51.cpp Buffer_Overflow_boundedcpy 154 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34214 68222/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_52.cpp Buffer_Overflow_boundedcpy 212 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink_b(data); void goodG2BSink_b(wchar_t * data) goodG2BSink_c(data); void goodG2BSink_c(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34215 68222/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_52.cpp Buffer_Overflow_boundedcpy 195 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink_b(data); void badSink_b(wchar_t * data) badSink_c(data); void badSink_c(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34216 68223/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_53.cpp Buffer_Overflow_boundedcpy 270 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink_b(data); void goodG2BSink_b(wchar_t * data) goodG2BSink_c(data); void goodG2BSink_c(wchar_t * data) goodG2BSink_d(data); void goodG2BSink_d(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34217 68223/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_53.cpp Buffer_Overflow_boundedcpy 253 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink_b(data); void badSink_b(wchar_t * data) badSink_c(data); void badSink_c(wchar_t * data) badSink_d(data); void badSink_d(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34218 68224/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_54.cpp Buffer_Overflow_boundedcpy 311 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink_b(data); void badSink_b(wchar_t * data) badSink_c(data); void badSink_c(wchar_t * data) badSink_d(data); void badSink_d(wchar_t * data) badSink_e(data); void badSink_e(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34219 68224/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_54.cpp Buffer_Overflow_boundedcpy 328 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink_b(data); void goodG2BSink_b(wchar_t * data) goodG2BSink_c(data); void goodG2BSink_c(wchar_t * data) goodG2BSink_d(data); void goodG2BSink_d(wchar_t * data) goodG2BSink_e(data); void goodG2BSink_e(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34220 68225/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_61.cpp Buffer_Overflow_boundedcpy 65 wchar_t * data; data = NULL; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) data = new wchar_t[10+1]; return data; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34221 68225/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_61.cpp Buffer_Overflow_boundedcpy 43 wchar_t * data; data = NULL; data = badSource(data); wchar_t * badSource(wchar_t * data) data = new wchar_t[10]; return data; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34222 68226/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 65 wchar_t * data; data = NULL; goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34223 68226/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_62.cpp Buffer_Overflow_boundedcpy 43 wchar_t * data; data = NULL; badSource(data); void badSource(wchar_t * &data); data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34224 68227/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_63.cpp Buffer_Overflow_boundedcpy 153 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink(&data); void goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34225 68227/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_63.cpp Buffer_Overflow_boundedcpy 135 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink(&data); void badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34226 68228/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_64.cpp Buffer_Overflow_boundedcpy 159 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34227 68228/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_64.cpp Buffer_Overflow_boundedcpy 138 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink(&data); void badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34228 68229/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_65.cpp Buffer_Overflow_boundedcpy 138 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = new wchar_t[10]; funcPtr(data); void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34229 68229/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_65.cpp Buffer_Overflow_boundedcpy 155 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = new wchar_t[10+1]; funcPtr(data); void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34230 68230/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_66.cpp Buffer_Overflow_boundedcpy 161 wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = new wchar_t[10+1]; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34231 68230/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_66.cpp Buffer_Overflow_boundedcpy 143 wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = new wchar_t[10]; dataArray[2] = data; badSink(dataArray); void badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34232 68231/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_67.cpp Buffer_Overflow_boundedcpy 167 wchar_t * data; structType myStruct; data = NULL; data = new wchar_t[10+1]; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34233 68231/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_67.cpp Buffer_Overflow_boundedcpy 149 wchar_t * data; structType myStruct; data = NULL; data = new wchar_t[10]; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34234 68232/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_68.cpp Buffer_Overflow_boundedcpy 164 wchar_t * data; data = NULL; data = new wchar_t[10+1]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_68_goodG2BData; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34235 68232/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_68.cpp Buffer_Overflow_boundedcpy 146 wchar_t * data; data = NULL; data = new wchar_t[10]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_68_badData = data; badSink(); void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_68_badData; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34236 68233/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 172 wchar_t * data; vector dataVector; data = NULL; data = new wchar_t[10+1]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34237 68233/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_72.cpp Buffer_Overflow_boundedcpy 154 wchar_t * data; vector dataVector; data = NULL; data = new wchar_t[10]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34238 68234/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 172 wchar_t * data; list dataList; data = NULL; data = new wchar_t[10+1]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34239 68234/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_73.cpp Buffer_Overflow_boundedcpy 154 wchar_t * data; list dataList; data = NULL; data = new wchar_t[10]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34240 68235/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 172 wchar_t * data; map dataMap; data = NULL; data = new wchar_t[10+1]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 0 --------------------------------- 34241 68235/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_memmove_74.cpp Buffer_Overflow_boundedcpy 154 wchar_t * data; map dataMap; data = NULL; data = new wchar_t[10]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; memmove(data, source, (wcslen(source) + 1) * sizeof(wchar_t)); 1 --------------------------------- 34242 68240/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_01.cpp Buffer_Overflow_boundedcpy 62 wchar_t * data; data = NULL; data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34243 68240/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_01.cpp Buffer_Overflow_boundedcpy 41 wchar_t * data; data = NULL; data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34244 68241/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_02.cpp Buffer_Overflow_boundedcpy 93 wchar_t * data; data = NULL; if(1) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34245 68241/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_02.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; data = NULL; if(1) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34246 68241/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_02.cpp Buffer_Overflow_boundedcpy 73 wchar_t * data; data = NULL; if(0) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34247 68242/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_03.cpp Buffer_Overflow_boundedcpy 93 wchar_t * data; data = NULL; if(5==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34248 68242/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_03.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; data = NULL; if(5==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34249 68242/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_03.cpp Buffer_Overflow_boundedcpy 73 wchar_t * data; data = NULL; if(5!=5) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34250 68243/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_04.cpp Buffer_Overflow_boundedcpy 79 wchar_t * data; data = NULL; if(STATIC_CONST_FALSE) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34251 68243/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_04.cpp Buffer_Overflow_boundedcpy 99 wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34252 68243/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_04.cpp Buffer_Overflow_boundedcpy 50 wchar_t * data; data = NULL; if(STATIC_CONST_TRUE) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34253 68244/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_05.cpp Buffer_Overflow_boundedcpy 79 wchar_t * data; data = NULL; if(staticFalse) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34254 68244/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_05.cpp Buffer_Overflow_boundedcpy 99 wchar_t * data; data = NULL; if(staticTrue) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34255 68244/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_05.cpp Buffer_Overflow_boundedcpy 50 wchar_t * data; data = NULL; if(staticTrue) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34256 68245/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_06.cpp Buffer_Overflow_boundedcpy 78 wchar_t * data; data = NULL; if(STATIC_CONST_FIVE!=5) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34257 68245/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_06.cpp Buffer_Overflow_boundedcpy 49 wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34258 68245/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_06.cpp Buffer_Overflow_boundedcpy 98 wchar_t * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34259 68246/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_07.cpp Buffer_Overflow_boundedcpy 78 wchar_t * data; data = NULL; if(staticFive!=5) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34260 68246/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_07.cpp Buffer_Overflow_boundedcpy 49 wchar_t * data; data = NULL; if(staticFive==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34261 68246/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_07.cpp Buffer_Overflow_boundedcpy 98 wchar_t * data; data = NULL; if(staticFive==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34262 68247/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_08.cpp Buffer_Overflow_boundedcpy 86 wchar_t * data; data = NULL; if(staticReturnsFalse()) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34263 68247/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_08.cpp Buffer_Overflow_boundedcpy 57 wchar_t * data; data = NULL; if(staticReturnsTrue()) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34264 68247/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_08.cpp Buffer_Overflow_boundedcpy 106 wchar_t * data; data = NULL; if(staticReturnsTrue()) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34265 68248/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_09.cpp Buffer_Overflow_boundedcpy 93 wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34266 68248/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_09.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34267 68248/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_09.cpp Buffer_Overflow_boundedcpy 73 wchar_t * data; data = NULL; if(GLOBAL_CONST_FALSE) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34268 68249/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_10.cpp Buffer_Overflow_boundedcpy 93 wchar_t * data; data = NULL; if(globalTrue) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34269 68249/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_10.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; data = NULL; if(globalTrue) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34270 68249/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_10.cpp Buffer_Overflow_boundedcpy 73 wchar_t * data; data = NULL; if(globalFalse) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34271 68250/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_11.cpp Buffer_Overflow_boundedcpy 93 wchar_t * data; data = NULL; if(globalReturnsTrue()) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34272 68250/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_11.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; data = NULL; if(globalReturnsTrue()) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34273 68250/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_11.cpp Buffer_Overflow_boundedcpy 73 wchar_t * data; data = NULL; if(globalReturnsFalse()) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34274 68251/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_12.cpp Buffer_Overflow_boundedcpy 79 wchar_t * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new wchar_t[10+1]; else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34275 68251/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_12.cpp Buffer_Overflow_boundedcpy 49 wchar_t * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new wchar_t[10]; else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34276 68252/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_13.cpp Buffer_Overflow_boundedcpy 93 wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34277 68252/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_13.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34278 68252/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_13.cpp Buffer_Overflow_boundedcpy 73 wchar_t * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34279 68253/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_14.cpp Buffer_Overflow_boundedcpy 93 wchar_t * data; data = NULL; if(globalFive==5) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34280 68253/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_14.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; data = NULL; if(globalFive==5) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34281 68253/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_14.cpp Buffer_Overflow_boundedcpy 73 wchar_t * data; data = NULL; if(globalFive!=5) else data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34282 68254/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_15.cpp Buffer_Overflow_boundedcpy 80 wchar_t * data; data = NULL; switch(5) default: data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34283 68254/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_15.cpp Buffer_Overflow_boundedcpy 50 wchar_t * data; data = NULL; switch(6) case 6: data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34284 68254/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_15.cpp Buffer_Overflow_boundedcpy 106 wchar_t * data; data = NULL; switch(6) case 6: data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34285 68255/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_16.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; data = NULL; while(1) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34286 68255/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_16.cpp Buffer_Overflow_boundedcpy 70 wchar_t * data; data = NULL; while(1) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34287 68256/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_17.cpp Buffer_Overflow_boundedcpy 45 wchar_t * data; data = NULL; for(i = 0; i < 1; i++) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34288 68256/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_17.cpp Buffer_Overflow_boundedcpy 70 wchar_t * data; data = NULL; for(h = 0; h < 1; h++) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34289 68257/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_18.cpp Buffer_Overflow_boundedcpy 43 wchar_t * data; data = NULL; goto source; source: data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34290 68257/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_18.cpp Buffer_Overflow_boundedcpy 66 wchar_t * data; data = NULL; goto source; source: data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34291 68258/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_21.cpp Buffer_Overflow_boundedcpy 95 wchar_t * data; data = NULL; goodG2B1Static = data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Static) else data = new wchar_t[10+1]; return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34292 68258/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_21.cpp Buffer_Overflow_boundedcpy 54 wchar_t * data; data = NULL; badStatic = 1; data = badSource(data); static wchar_t * badSource(wchar_t * data) if(badStatic) data = new wchar_t[10]; return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34293 68258/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_21.cpp Buffer_Overflow_boundedcpy 123 wchar_t * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Static) data = new wchar_t[10+1]; return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34294 68259/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_22.cpp Buffer_Overflow_boundedcpy 47 wchar_t * data; data = NULL; badGlobal = 1; data = badSource(data); wchar_t * badSource(wchar_t * data) if(badGlobal) data = new wchar_t[10]; return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34295 68259/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_22.cpp Buffer_Overflow_boundedcpy 96 wchar_t * data; data = NULL; goodG2B2Global = 1; data = goodG2B2Source(data); wchar_t * goodG2B2Source(wchar_t * data) if(goodG2B2Global) data = new wchar_t[10+1]; return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34296 68259/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_22.cpp Buffer_Overflow_boundedcpy 76 wchar_t * data; data = NULL; goodG2B1Global = 0; data = goodG2B1Source(data); wchar_t * goodG2B1Source(wchar_t * data) if(goodG2B1Global) else data = new wchar_t[10+1]; return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34297 68260/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_31.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = NULL; data = new wchar_t[10+1]; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34298 68260/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_31.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; data = NULL; data = new wchar_t[10]; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34299 68261/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_32.cpp Buffer_Overflow_boundedcpy 79 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = new wchar_t[10+1]; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34300 68261/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_32.cpp Buffer_Overflow_boundedcpy 49 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = new wchar_t[10]; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34301 68262/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_33.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; wchar_t * &dataRef = data; data = NULL; data = new wchar_t[10+1]; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34302 68262/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_33.cpp Buffer_Overflow_boundedcpy 44 wchar_t * data; wchar_t * &dataRef = data; data = NULL; data = new wchar_t[10]; wchar_t * data = dataRef; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34303 68263/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_34.cpp Buffer_Overflow_boundedcpy 77 wchar_t * data; unionType myUnion; data = NULL; data = new wchar_t[10+1]; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34304 68263/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_34.cpp Buffer_Overflow_boundedcpy 51 wchar_t * data; unionType myUnion; data = NULL; data = new wchar_t[10]; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34305 68264/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_41.cpp Buffer_Overflow_boundedcpy 37 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink(data); void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34306 68264/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_41.cpp Buffer_Overflow_boundedcpy 62 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34307 68265/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_42.cpp Buffer_Overflow_boundedcpy 47 wchar_t * data; data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = new wchar_t[10]; return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34308 68265/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_42.cpp Buffer_Overflow_boundedcpy 74 wchar_t * data; data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data = new wchar_t[10+1]; return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34309 68266/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_43.cpp Buffer_Overflow_boundedcpy 72 wchar_t * data; data = NULL; goodG2BSource(data); static void goodG2BSource(wchar_t * &data) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34310 68266/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_43.cpp Buffer_Overflow_boundedcpy 46 wchar_t * data; data = NULL; badSource(data); void badSource(wchar_t * &data) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34311 68267/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_44.cpp Buffer_Overflow_boundedcpy 37 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = new wchar_t[10]; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34312 68267/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_44.cpp Buffer_Overflow_boundedcpy 66 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = new wchar_t[10+1]; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34313 68268/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_45.cpp Buffer_Overflow_boundedcpy 69 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = goodG2BData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34314 68268/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_45.cpp Buffer_Overflow_boundedcpy 41 wchar_t * data; data = NULL; data = new wchar_t[10]; badData = data; badSink(); static void badSink() wchar_t * data = badData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34315 68269/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_51.cpp Buffer_Overflow_boundedcpy 137 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink(data); void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34316 68269/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_51.cpp Buffer_Overflow_boundedcpy 154 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink(data); void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34317 68270/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_52.cpp Buffer_Overflow_boundedcpy 195 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink_b(data); void badSink_b(wchar_t * data) badSink_c(data); void badSink_c(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34318 68270/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_52.cpp Buffer_Overflow_boundedcpy 212 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink_b(data); void goodG2BSink_b(wchar_t * data) goodG2BSink_c(data); void goodG2BSink_c(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34319 68271/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_53.cpp Buffer_Overflow_boundedcpy 253 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink_b(data); void badSink_b(wchar_t * data) badSink_c(data); void badSink_c(wchar_t * data) badSink_d(data); void badSink_d(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34320 68271/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_53.cpp Buffer_Overflow_boundedcpy 270 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink_b(data); void goodG2BSink_b(wchar_t * data) goodG2BSink_c(data); void goodG2BSink_c(wchar_t * data) goodG2BSink_d(data); void goodG2BSink_d(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34321 68272/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_54.cpp Buffer_Overflow_boundedcpy 311 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink_b(data); void badSink_b(wchar_t * data) badSink_c(data); void badSink_c(wchar_t * data) badSink_d(data); void badSink_d(wchar_t * data) badSink_e(data); void badSink_e(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34322 68272/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_54.cpp Buffer_Overflow_boundedcpy 328 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink_b(data); void goodG2BSink_b(wchar_t * data) goodG2BSink_c(data); void goodG2BSink_c(wchar_t * data) goodG2BSink_d(data); void goodG2BSink_d(wchar_t * data) goodG2BSink_e(data); void goodG2BSink_e(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34323 68273/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_61.cpp Buffer_Overflow_boundedcpy 43 wchar_t * data; data = NULL; data = badSource(data); wchar_t * badSource(wchar_t * data) data = new wchar_t[10]; return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34324 68273/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_61.cpp Buffer_Overflow_boundedcpy 65 wchar_t * data; data = NULL; data = goodG2BSource(data); wchar_t * goodG2BSource(wchar_t * data) data = new wchar_t[10+1]; return data; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34325 68274/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_62.cpp Buffer_Overflow_boundedcpy 43 wchar_t * data; data = NULL; badSource(data); void badSource(wchar_t * &data) data = new wchar_t[10]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34326 68274/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_62.cpp Buffer_Overflow_boundedcpy 65 wchar_t * data; data = NULL; goodG2BSource(data); void goodG2BSource(wchar_t * &data) data = new wchar_t[10+1]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34327 68275/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_63.cpp Buffer_Overflow_boundedcpy 135 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink(&data); void badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34328 68275/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_63.cpp Buffer_Overflow_boundedcpy 153 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink(&data); void goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34329 68276/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_64.cpp Buffer_Overflow_boundedcpy 159 wchar_t * data; data = NULL; data = new wchar_t[10+1]; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34330 68276/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_64.cpp Buffer_Overflow_boundedcpy 138 wchar_t * data; data = NULL; data = new wchar_t[10]; badSink(&data); void badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34331 68277/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_65.cpp Buffer_Overflow_boundedcpy 155 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = new wchar_t[10+1]; funcPtr(data); void goodG2BSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34332 68277/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_65.cpp Buffer_Overflow_boundedcpy 138 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = new wchar_t[10]; funcPtr(data); void badSink(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34333 68278/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_66.cpp Buffer_Overflow_boundedcpy 143 wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = new wchar_t[10]; dataArray[2] = data; badSink(dataArray); void badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34334 68278/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_66.cpp Buffer_Overflow_boundedcpy 161 wchar_t * data; wchar_t * dataArray[5]; data = NULL; data = new wchar_t[10+1]; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34335 68279/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_67.cpp Buffer_Overflow_boundedcpy 167 wchar_t * data; structType myStruct; data = NULL; data = new wchar_t[10+1]; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34336 68279/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_67.cpp Buffer_Overflow_boundedcpy 149 wchar_t * data; structType myStruct; data = NULL; data = new wchar_t[10]; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34337 68280/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_68.cpp Buffer_Overflow_boundedcpy 164 wchar_t * data; data = NULL; data = new wchar_t[10+1]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_68_goodG2BData = data; goodG2BSink() void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_68_goodG2BData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34338 68280/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_68.cpp Buffer_Overflow_boundedcpy 146 wchar_t * data; data = NULL; data = new wchar_t[10]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_68_badData = data; badSink(); void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_68_badData; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34339 68281/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_72.cpp Buffer_Overflow_boundedcpy 172 wchar_t * data; vector dataVector; data = NULL; data = new wchar_t[10+1]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34340 68281/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_72.cpp Buffer_Overflow_boundedcpy 154 wchar_t * data; data = NULL; data = new wchar_t[10]; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) wchar_t * data = dataVector[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34341 68282/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_73.cpp Buffer_Overflow_boundedcpy 172 wchar_t * data; list dataList; data = NULL; data = new wchar_t[10+1]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34342 68282/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_73.cpp Buffer_Overflow_boundedcpy 154 wchar_t * data; list dataList; data = NULL; data = new wchar_t[10]; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) wchar_t * data = dataList.back(); wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34343 68283/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_74.cpp Buffer_Overflow_boundedcpy 172 wchar_t * data; map dataMap; data = NULL; data = new wchar_t[10+1]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 34344 68283/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_74.cpp Buffer_Overflow_boundedcpy 154 wchar_t * data; map dataMap; data = NULL; data = new wchar_t[10]; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) wchar_t * data = dataMap[2]; wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 34345 68288/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_01.cpp Buffer_Overflow_boundedcpy 64 char * data; data = NULL; data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34346 68288/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_01.cpp Buffer_Overflow_boundedcpy 36 char * data; data = NULL; data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34347 68289/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_02.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; if(1) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34348 68289/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_02.cpp Buffer_Overflow_boundedcpy 75 char * data; data = NULL; if(0) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34349 68289/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_02.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(1) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34350 68290/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_03.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; if(5=5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34351 68290/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_03.cpp Buffer_Overflow_boundedcpy 75 char * data; data = NULL; if(5!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34352 68290/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_03.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(5=5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34353 68291/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_04.cpp Buffer_Overflow_boundedcpy 81 char * data; data = NULL; if(STATIC_CONST_FALSE) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34354 68291/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_04.cpp Buffer_Overflow_boundedcpy 108 char * data; data = NULL; if(STATIC_CONST_TRUE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34355 68291/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_04.cpp Buffer_Overflow_boundedcpy 45 char * data; data = NULL; if(STATIC_CONST_TRUE) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34356 68292/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_05.cpp Buffer_Overflow_boundedcpy 81 char * data; data = NULL; if(staticFalse) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34357 68292/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_05.cpp Buffer_Overflow_boundedcpy 108 char * data; data = NULL; if(staticTrue) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34358 68292/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_05.cpp Buffer_Overflow_boundedcpy 45 char * data; data = NULL; if(staticTrue) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34359 68293/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_06.cpp Buffer_Overflow_boundedcpy 80 char * data; data = NULL; if(STATIC_CONST_FIVE!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34360 68293/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_06.cpp Buffer_Overflow_boundedcpy 44 char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34361 68293/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_06.cpp Buffer_Overflow_boundedcpy 107 char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34362 68294/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_07.cpp Buffer_Overflow_boundedcpy 80 char * data; data = NULL; if(staticFive!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34363 68294/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_07.cpp Buffer_Overflow_boundedcpy 44 char * data; data = NULL; if(staticFive=5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34364 68294/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_07.cpp Buffer_Overflow_boundedcpy 107 char * data; data = NULL; if(staticFive=5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34365 68295/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_08.cpp Buffer_Overflow_boundedcpy 88 char * data; data = NULL; if(staticReturnsFalse()) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34366 68295/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_08.cpp Buffer_Overflow_boundedcpy 52 char * data; data = NULL; if(staticReturnsTrue()) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34367 68295/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_08.cpp Buffer_Overflow_boundedcpy 115 char * data; data = NULL; if(staticReturnsTrue()) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34368 68296/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_09.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34369 68296/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_09.cpp Buffer_Overflow_boundedcpy 75 char * data; data = NULL; if(GLOBAL_CONST_FALSE) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34370 68296/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_09.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34371 68297/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_10.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; if(globalTrue) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34372 68297/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_10.cpp Buffer_Overflow_boundedcpy 75 char * data; data = NULL; if(globalFalse) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34373 68297/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_10.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(globalTrue) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34374 68298/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_11.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; if(globalReturnsTrue()) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34375 68298/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_11.cpp Buffer_Overflow_boundedcpy 75 char * data; data = NULL; if(globalReturnsFalse()) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34376 68298/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_11.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(globalReturnsTrue()) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34377 68299/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_12.cpp Buffer_Overflow_boundedcpy 83 char * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new char[100]; data[0] = '\0'; else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34378 68299/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_12.cpp Buffer_Overflow_boundedcpy 45 char * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new char[50]; data[0] = '\0'; else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34379 68300/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_13.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34380 68300/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_13.cpp Buffer_Overflow_boundedcpy 75 char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34381 68300/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_13.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34382 68301/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_14.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; if(globalFive==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34383 68301/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_14.cpp Buffer_Overflow_boundedcpy 75 char * data; data = NULL; if(globalFive!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34384 68301/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_14.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(globalFive=5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34385 68302/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_15.cpp Buffer_Overflow_boundedcpy 82 char * data; data = NULL; switch(5) default: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34386 68302/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_15.cpp Buffer_Overflow_boundedcpy 115 char * data; data = NULL; switch(6) case 6: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34387 68302/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_15.cpp Buffer_Overflow_boundedcpy 45 char * data; data = NULL; switch(6) case 6: data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34388 68303/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_16.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; while(1) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34389 68303/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_16.cpp Buffer_Overflow_boundedcpy 40 char * data; data = NULL; while(1) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34390 68304/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_17.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; for(h = 0; h < 1; h++) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34391 68304/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_17.cpp Buffer_Overflow_boundedcpy 40 char * data; data = NULL; for(i = 0; i < 1; i++) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34392 68305/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_18.cpp Buffer_Overflow_boundedcpy 68 char * data; data = NULL; goto source; source: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34393 68305/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_18.cpp Buffer_Overflow_boundedcpy 38 char * data; data = NULL; goto source; source: data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34394 68306/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_21.cpp Buffer_Overflow_boundedcpy 49 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34395 68306/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_21.cpp Buffer_Overflow_boundedcpy 132 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34396 68306/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_21.cpp Buffer_Overflow_boundedcpy 97 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) else data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34397 68307/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_22.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; badGlobal = 1; data = badSource(data); char * badSource(char * data) if(badGlobal) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34398 68307/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_22.cpp Buffer_Overflow_boundedcpy 76 char * data; data = NULL; goodG2B1Global = 0; data = goodG2B1Source(data); char * goodG2B1Source(char * data) if(goodG2B1Global) else data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34399 68307/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_22.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; goodG2B2Global = 1; data = goodG2B2Source(data); char * goodG2B2Source(char * data) if(goodG2B2Global) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34400 68308/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_31.cpp Buffer_Overflow_boundedcpy 71 char * data; data = NULL; data = new char[100]; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34401 68308/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_31.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; data = new char[50]; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34402 68309/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_32.cpp Buffer_Overflow_boundedcpy 81 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[100]; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34403 68309/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_32.cpp Buffer_Overflow_boundedcpy 44 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[50]; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34404 68310/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_33.cpp Buffer_Overflow_boundedcpy 71 char * data; char * &dataRef = data; data = NULL; data = new char[100]; data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34405 68310/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_33.cpp Buffer_Overflow_boundedcpy 39 char * data; char * &dataRef = data; data = NULL; data = new char[50]; data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34406 68311/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_34.cpp Buffer_Overflow_boundedcpy 79 char * data; unionType myUnion; data = NULL; data = new char[100]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34407 68311/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_34.cpp Buffer_Overflow_boundedcpy 46 char * data; unionType myUnion; data = NULL; data = new char[50]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34408 68312/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_41.cpp Buffer_Overflow_boundedcpy 63 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34409 68312/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_41.cpp Buffer_Overflow_boundedcpy 31 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34410 68313/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_42.cpp Buffer_Overflow_boundedcpy 42 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34411 68313/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_42.cpp Buffer_Overflow_boundedcpy 76 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34412 68314/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_43.cpp Buffer_Overflow_boundedcpy 74 char * data; data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34413 68314/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_43.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; badSource(data); void badSource(char * &data) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34414 68315/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_44.cpp Buffer_Overflow_boundedcpy 31 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = new char[50]; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34415 68315/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_44.cpp Buffer_Overflow_boundedcpy 67 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = new char[100]; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34416 68316/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_45.cpp Buffer_Overflow_boundedcpy 35 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badData = data; badSink(); static void badSink() char * data = badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34417 68316/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_45.cpp Buffer_Overflow_boundedcpy 70 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34418 68317/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_51.cpp Buffer_Overflow_boundedcpy 128 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34419 68317/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_51.cpp Buffer_Overflow_boundedcpy 151 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34420 68318/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_52.cpp Buffer_Overflow_boundedcpy 204 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34421 68318/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_52.cpp Buffer_Overflow_boundedcpy 181 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSinkk_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34422 68319/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_53.cpp Buffer_Overflow_boundedcpy 234 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSinkk_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34423 68319/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_53.cpp Buffer_Overflow_boundedcpy 257 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34424 68320/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_54.cpp Buffer_Overflow_boundedcpy 287 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSinkk_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) badSink_e(data); void badSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34425 68320/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_54.cpp Buffer_Overflow_boundedcpy 310 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) goodG2BSink_e(data); void goodG2BSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34426 68321/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_61.cpp Buffer_Overflow_boundedcpy 65 char * data; data = NULL; data = goodG2BSource(data); char * goodG2BSource(char * data) data = new char[100] data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34427 68321/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_61.cpp Buffer_Overflow_boundedcpy 37 char * data; data = NULL; data = badSource(data); char * badSource(char * data) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34428 68322/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_62.cpp Buffer_Overflow_boundedcpy 65 char * data; data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34429 68322/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_62.cpp Buffer_Overflow_boundedcpy 37 char * data; data = NULL; badSource(data); void badSource(char * &data) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34430 68323/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_63.cpp Buffer_Overflow_boundedcpy 126 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34431 68323/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_63.cpp Buffer_Overflow_boundedcpy 150 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(&data); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34432 68324/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_64.cpp Buffer_Overflow_boundedcpy 129 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34433 68324/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_64.cpp Buffer_Overflow_boundedcpy 156 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34434 68325/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_65.cpp Buffer_Overflow_boundedcpy 152 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = new char[100]; data[0] = '\0'; funcPtr(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34435 68325/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_65.cpp Buffer_Overflow_boundedcpy 129 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = new char[50]; data[0] = '\0'; funcPtr(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34436 68326/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_66.cpp Buffer_Overflow_boundedcpy 134 char * data; char * dataArray[5]; data = NULL; data = new char[50]; data[0] = '\0'; dataArray[2] = data; badSink(dataArray); void badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34437 68326/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_66.cpp Buffer_Overflow_boundedcpy 158 char * data; char * dataArray[5]; data = NULL; data = new char[100]; data[0] = '\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34438 68327/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_67.cpp Buffer_Overflow_boundedcpy 164 char * data; structType myStruct; data = NULL; data = new char[100]; data[0] = '\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34439 68327/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_67.cpp Buffer_Overflow_boundedcpy 140 char * data; structType myStruct; data = NULL; data = new char[50]; data[0] = '\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34440 68328/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_68.cpp Buffer_Overflow_boundedcpy 137 char * data; data = NULL; data = new char[50]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_68_badData = data; badSink(); void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34441 68328/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_68.cpp Buffer_Overflow_boundedcpy 161 char * data; data = NULL; data = new char[100]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34442 68329/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_72.cpp Buffer_Overflow_boundedcpy 145 char * data; vector dataVector; data = NULL; data = new char[50]; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34443 68329/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_72.cpp Buffer_Overflow_boundedcpy 169 char * data; vector dataVector; data = NULL; data = new char[100]; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34444 68330/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_73.cpp Buffer_Overflow_boundedcpy 145 char * data; list dataList; data = NULL; data = new char[50]; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34445 68330/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_73.cpp Buffer_Overflow_boundedcpy 169 char * data; list dataList; data = NULL; data = new char[100]; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34446 68331/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_74.cpp Buffer_Overflow_boundedcpy 145 char * data; map dataMap; data = NULL; data = new char[50]; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 1 --------------------------------- 34447 68331/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_loop_74.cpp Buffer_Overflow_boundedcpy 169 char * data; map dataMap; data = NULL; data = new char[100]; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; for (i = 0; i < 100; i++) data[i] = source[i]; data[100-1] = '\0'; 0 --------------------------------- 34448 68336/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_01.cpp Buffer_Overflow_boundedcpy 62 char * data; data = NULL; data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34449 68336/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_01.cpp Buffer_Overflow_boundedcpy 38 char * data; data = NULL; data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34450 68337/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_02.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(0) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34451 68337/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_02.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(1) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34452 68337/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_02.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(1) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34453 68338/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_03.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(5!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34454 68338/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_03.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(5==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34455 68338/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_03.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(5=5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34456 68339/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_04.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(STATIC_CONST_TRUE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34457 68339/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_04.cpp Buffer_Overflow_boundedcpy 79 char * data; data = NULL; if(STATIC_CONST_FALSE) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34458 68339/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_04.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; if(STATIC_CONST_TRUE) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34459 68340/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_05.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(staticTrue) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34460 68340/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_05.cpp Buffer_Overflow_boundedcpy 79 char * data; data = NULL; if(staticFalse) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34461 68340/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_05.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; if(staticTrue) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34462 68341/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_06.cpp Buffer_Overflow_boundedcpy 78 char * data; data = NULL; if(STATIC_CONST_FIVE!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34463 68341/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_06.cpp Buffer_Overflow_boundedcpy 46 char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34464 68341/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_06.cpp Buffer_Overflow_boundedcpy 101 char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34465 68342/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_07.cpp Buffer_Overflow_boundedcpy 78 char * data; data = NULL; if(staticFive!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34466 68342/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_07.cpp Buffer_Overflow_boundedcpy 46 char * data; data = NULL; if(staticFive==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34467 68342/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_07.cpp Buffer_Overflow_boundedcpy 101 char * data; data = NULL; if(staticFive==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34468 68343/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_08.cpp Buffer_Overflow_boundedcpy 86 char * data; data = NULL; if(staticReturnsFalse()) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34469 68343/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_08.cpp Buffer_Overflow_boundedcpy 54 char * data; data = NULL; if(staticReturnsTrue()) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34470 68343/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_08.cpp Buffer_Overflow_boundedcpy 109 char * data; data = NULL; if(staticReturnsTrue()) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34471 68344/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_09.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(GLOBAL_CONST_FALSE) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34472 68344/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_09.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34473 68344/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_09.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34474 68345/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_10.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(globalFalse) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34475 68345/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_10.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(globalTrue) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34476 68345/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_10.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(globalTrue) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34477 68346/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_11.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(globalReturnsFalse()) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34478 68346/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_11.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(globalReturnsTrue()) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34479 68346/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_11.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(globalReturnsTrue()) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34480 68347/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_12.cpp Buffer_Overflow_boundedcpy 81 char * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new char[100]; data[0] = '\0'; else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34481 68347/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_12.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new char[50]; data[0] = '\0'; else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34482 68348/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_13.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34483 68348/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_13.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34484 68348/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_13.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34485 68349/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_14.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(globalFive!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34486 68349/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_14.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(globalFive==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34487 68349/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_14.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(globalFive==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34488 68350/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_15.cpp Buffer_Overflow_boundedcpy 109 char * data; data = NULL; switch(6) case 6: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34489 68350/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_15.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; switch(6) case 6: data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34490 68350/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_15.cpp Buffer_Overflow_boundedcpy 80 char * data; data = NULL; switch(5) default: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34491 68351/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_16.cpp Buffer_Overflow_boundedcpy 70 char * data; data = NULL; while(1) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34492 68351/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_16.cpp Buffer_Overflow_boundedcpy 42 char * data; data = NULL; while(1) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34493 68352/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_17.cpp Buffer_Overflow_boundedcpy 70 char * data; data = NULL; for(h = 0; h < 1; h++) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34494 68352/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_17.cpp Buffer_Overflow_boundedcpy 42 char * data; data = NULL; for(i = 0; i < 1; i++) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34495 68353/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_18.cpp Buffer_Overflow_boundedcpy 66 char * data; data = NULL; goto source; source: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34496 68353/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_18.cpp Buffer_Overflow_boundedcpy 40 char * data; data = NULL; goto source; source: data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34497 68354/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_21.cpp Buffer_Overflow_boundedcpy 51 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34498 68354/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_21.cpp Buffer_Overflow_boundedcpy 126 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Source) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34499 68354/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_21.cpp Buffer_Overflow_boundedcpy 95 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Source) else data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34500 68355/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_22.cpp Buffer_Overflow_boundedcpy 74 char * data; data = NULL; goodG2B1Global = 0; data = goodG2B1Source(data); char * goodG2B1Source(char * data) if(goodG2B1Global) else data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34501 68355/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_22.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; goodG2B2Global = 1; data = goodG2B2Source(data); char * goodG2B2Source(char * data) if(goodG2B2Global) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34502 68355/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_22.cpp Buffer_Overflow_boundedcpy 43 char * data; data = NULL; badGlobal = 1; data = badSource(data); char * badSource(char * data) if(badGlobal) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34503 68356/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_31.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; data = new char[50]; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34504 68356/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_31.cpp Buffer_Overflow_boundedcpy 69 char * data; data = NULL; data = new char[100]; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34505 68357/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_32.cpp Buffer_Overflow_boundedcpy 46 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[50]; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34506 68357/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_32.cpp Buffer_Overflow_boundedcpy 79 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[100]; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34507 68358/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 41 char * data; char * &dataRef = data; data = NULL; data = new char[50]; data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34508 68358/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_33.cpp Buffer_Overflow_boundedcpy 69 char * data; char * &dataRef = data; data = NULL; data = new char[100]; data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34509 68359/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_34.cpp Buffer_Overflow_boundedcpy 77 char * data; unionType myUnion; data = NULL; data = new char[100]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34510 68359/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_34.cpp Buffer_Overflow_boundedcpy 48 char * data; unionType myUnion; data = NULL; data = new char[50]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34511 68360/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_41.cpp Buffer_Overflow_boundedcpy 33 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34512 68360/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_41.cpp Buffer_Overflow_boundedcpy 61 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34513 68361/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_42.cpp Buffer_Overflow_boundedcpy 44 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34514 68361/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_42.cpp Buffer_Overflow_boundedcpy 74 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34515 68362/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 43 char * data; data = NULL; badSource(data); void badSource(char * &data) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34516 68362/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_43.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34517 68363/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_44.cpp Buffer_Overflow_boundedcpy 65 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = new char[100]; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34518 68363/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_44.cpp Buffer_Overflow_boundedcpy 33 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = new char[50]; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34519 68364/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_45.cpp Buffer_Overflow_boundedcpy 68 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34520 68364/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_45.cpp Buffer_Overflow_boundedcpy 37 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badData = data; badSink(); static void badSink() char * data = badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34521 68365/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_51.cpp Buffer_Overflow_boundedcpy 130 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34522 68365/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_51.cpp Buffer_Overflow_boundedcpy 149 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34523 68366/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_52.cpp Buffer_Overflow_boundedcpy 183 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34524 68366/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_52.cpp Buffer_Overflow_boundedcpy 202 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34525 68367/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_53.cpp Buffer_Overflow_boundedcpy 236 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34526 68367/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_53.cpp Buffer_Overflow_boundedcpy 255 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34527 68368/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_54.cpp Buffer_Overflow_boundedcpy 289 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) badSink_e(data); void badSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34528 68368/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_54.cpp Buffer_Overflow_boundedcpy 308 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) goodG2BSink_e(data); void goodG2BSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34529 68369/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_61.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; data = badSource(data); char * badSource(char * data) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34530 68369/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_61.cpp Buffer_Overflow_boundedcpy 63 char * data; data = NULL; data = goodG2BSource(data); char * goodG2BSource(char * data) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34531 68370/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; badSource(data); void badSource(char * &data) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34532 68370/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_62.cpp Buffer_Overflow_boundedcpy 63 char * data; data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34533 68371/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_63.cpp Buffer_Overflow_boundedcpy 148 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSource(&data); void goodG2BSource(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34534 68371/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_63.cpp Buffer_Overflow_boundedcpy 128 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34535 68372/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_64.cpp Buffer_Overflow_boundedcpy 154 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34536 68372/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_64.cpp Buffer_Overflow_boundedcpy 131 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34537 68373/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_65.cpp Buffer_Overflow_boundedcpy 150 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = new char[100]; data[0] = '\0'; funcPtr(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34538 68373/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_65.cpp Buffer_Overflow_boundedcpy 131 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = new char[50]; data[0] = '\0'; funcPtr(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34539 68374/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_66.cpp Buffer_Overflow_boundedcpy 156 char * data; char * dataArray[5]; data = NULL; data = new char[100]; data[0] = '\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34540 68374/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_66.cpp Buffer_Overflow_boundedcpy 136 char * data; char * dataArray[5]; data = NULL; data = new char[50]; data[0] = '\0'; dataArray[2] = data; badSink(dataArray); void badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34541 68375/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_67.cpp Buffer_Overflow_boundedcpy 142 char * data; structType myStruct; data = NULL; data = new char[50]; data[0] = '\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34542 68375/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_67.cpp Buffer_Overflow_boundedcpy 162 char * data; structType myStruct; data = NULL; data = new char[100]; data[0] = '\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34543 68376/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_68.cpp Buffer_Overflow_boundedcpy 159 char * data; data = NULL; data = new char[100]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34544 68376/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_68.cpp Buffer_Overflow_boundedcpy 139 char * data; data = NULL; data = new char[50]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_68_badData = data; badSink(); void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34545 68377/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 167 char * data; vector dataVector; data = NULL; data = new char[100]; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34546 68377/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_72.cpp Buffer_Overflow_boundedcpy 147 char * data; vector dataVector; data = NULL; data = new char[50]; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34547 68378/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 167 char * data; list dataList; data = NULL; data = new char[100]; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34548 68378/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_73.cpp Buffer_Overflow_boundedcpy 147 char * data; list dataList; data = NULL; data = new char[50]; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34549 68379/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 167 char * data; map dataMap; data = NULL; data = new char[100]; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 0 --------------------------------- 34550 68379/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memcpy_74.cpp Buffer_Overflow_boundedcpy 147 char * data; map dataMap; data = NULL; data = new char[50]; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memcpy(data, source, 100*sizeof(char)); 1 --------------------------------- 34551 68384/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_01.cpp Buffer_Overflow_boundedcpy 62 char * data; data = NULL; data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34552 68384/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_01.cpp Buffer_Overflow_boundedcpy 38 char * data; data = NULL; data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34553 68385/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_02.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(1) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34554 68385/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_02.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(1) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34555 68385/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_02.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(0) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34556 68386/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_03.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(5==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34557 68386/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_03.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(5==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34558 68386/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_03.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(5!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34559 68387/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_04.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; if(STATIC_CONST_TRUE) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34560 68387/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_04.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(STATIC_CONST_TRUE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34561 68387/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_04.cpp Buffer_Overflow_boundedcpy 79 char * data; data = NULL; if(STATIC_CONST_FALSE) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34562 68388/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_05.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; if(staticTrue) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34563 68388/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_05.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(staticTrue) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34564 68388/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_05.cpp Buffer_Overflow_boundedcpy 79 char * data; data = NULL; if(staticFalse) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34565 68389/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_06.cpp Buffer_Overflow_boundedcpy 101 char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34566 68389/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_06.cpp Buffer_Overflow_boundedcpy 46 char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34567 68389/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_06.cpp Buffer_Overflow_boundedcpy 78 char * data; data = NULL; if(STATIC_CONST_FIVE!=5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34568 68390/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_07.cpp Buffer_Overflow_boundedcpy 101 char * data; data = NULL; if(staticFive==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34569 68390/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_07.cpp Buffer_Overflow_boundedcpy 46 char * data; data = NULL; if(staticFive==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34570 68390/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_07.cpp Buffer_Overflow_boundedcpy 78 char * data; data = NULL; if(staticFive!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34571 68391/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_08.cpp Buffer_Overflow_boundedcpy 54 char * data; data = NULL; if(staticReturnsTrue()) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34572 68391/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_08.cpp Buffer_Overflow_boundedcpy 86 char * data; data = NULL; if(staticReturnsFalse()) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34573 68391/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_08.cpp Buffer_Overflow_boundedcpy 109 char * data; data = NULL; if(staticReturnsTrue()) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34574 68392/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_09.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34575 68392/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_09.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34576 68392/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_09.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(GLOBAL_CONST_FALSE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34577 68393/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_10.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(globalTrue) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34578 68393/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_10.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(globalTrue) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34579 68393/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_10.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(globalFalse) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34580 68394/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_11.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(globalReturnsTrue()) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34581 68394/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_11.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(globalReturnsTrue()) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34582 68394/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_11.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(globalReturnsFalse()) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34583 68395/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_12.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new char[50]; data[0] = '\0'; else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34584 68395/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_12.cpp Buffer_Overflow_boundedcpy 81 char * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new char[100]; data[0] = '\0'; else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34585 68396/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_13.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34586 68396/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_13.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34587 68396/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_13.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34588 68397/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_14.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(globalFive==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34589 68397/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_14.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(globalFive==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34590 68397/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_14.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(globalFive!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34591 68398/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_15.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; switch(6) case 6: data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34592 68398/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_15.cpp Buffer_Overflow_boundedcpy 80 char * data; data = NULL; switch(5) default: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34593 68398/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_15.cpp Buffer_Overflow_boundedcpy 109 char * data; data = NULL; switch(6) case 6: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34594 68399/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_16.cpp Buffer_Overflow_boundedcpy 70 char * data; data = NULL; while(1) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34595 68399/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_16.cpp Buffer_Overflow_boundedcpy 42 char * data; data = NULL; while(1) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34596 68400/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_17.cpp Buffer_Overflow_boundedcpy 70 char * data; data = NULL; for(h = 0; h < 1; h++) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34597 68400/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_17.cpp Buffer_Overflow_boundedcpy 42 char * data; data = NULL; for(i = 0; i < 1; i++) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34598 68401/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_18.cpp Buffer_Overflow_boundedcpy 40 char * data; data = NULL; goto source; source: data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34599 68401/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_18.cpp Buffer_Overflow_boundedcpy 66 char * data; data = NULL; goto source; source: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34600 68402/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_21.cpp Buffer_Overflow_boundedcpy 51 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34601 68402/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_21.cpp Buffer_Overflow_boundedcpy 126 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34602 68402/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_21.cpp Buffer_Overflow_boundedcpy 95 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) else data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34603 68403/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_22.cpp Buffer_Overflow_boundedcpy 74 char * data; data = NULL; goodG2B1Global = 0; data = goodG2B1Source(data); char * goodG2B1Source(char * data) if(goodG2B1Global) else data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34604 68403/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_22.cpp Buffer_Overflow_boundedcpy 43 char * data; data = NULL; badGlobal = 1; data = badSource(data); char * badSource(char * data) if(badGlobal) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34605 68403/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_22.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; goodG2B2Global = 1; data = goodG2B2Source(data); char * goodG2B2Source(char * data) if(goodG2B2Global) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34606 68404/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_31.cpp Buffer_Overflow_boundedcpy 69 char * data; data = NULL; data = new char[100]; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34607 68404/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_31.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; data = new char[50]; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34608 68405/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_32.cpp Buffer_Overflow_boundedcpy 46 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[50]; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34609 68405/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_32.cpp Buffer_Overflow_boundedcpy 79 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[100]; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34610 68406/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_33.cpp Buffer_Overflow_boundedcpy 69 char * data; char * &dataRef = data; data = NULL; data = new char[100]; data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34611 68406/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_33.cpp Buffer_Overflow_boundedcpy 41 char * data; char * &dataRef = data; data = NULL; data = new char[50]; data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34612 68407/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_34.cpp Buffer_Overflow_boundedcpy 77 char * data; unionType myUnion; data = NULL; data = new char[100]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34613 68407/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_34.cpp Buffer_Overflow_boundedcpy 48 char * data; unionType myUnion; data = NULL; data = new char[50]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34614 68408/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_41.cpp Buffer_Overflow_boundedcpy 61 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34615 68408/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_41.cpp Buffer_Overflow_boundedcpy 33 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34616 68409/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_42.cpp Buffer_Overflow_boundedcpy 44 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34617 68409/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_42.cpp Buffer_Overflow_boundedcpy 74 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34618 68410/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_43.cpp Buffer_Overflow_boundedcpy 43 char * data; data = NULL; badSource(data); void badSource(char * &data) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34619 68410/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_43.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; data = goodG2BSource(data); static void goodG2BSource(char * &data) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34620 68411/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_44.cpp Buffer_Overflow_boundedcpy 33 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = new char[50]; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34621 68411/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_44.cpp Buffer_Overflow_boundedcpy 65 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = new char[100]; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34622 68412/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_45.cpp Buffer_Overflow_boundedcpy 68 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34623 68412/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_45.cpp Buffer_Overflow_boundedcpy 37 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badData = data; badSink(); static void badSink() char * data = badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34624 68413/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_51.cpp Buffer_Overflow_boundedcpy 149 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34625 68413/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_51.cpp Buffer_Overflow_boundedcpy 130 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34626 68414/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_52.cpp Buffer_Overflow_boundedcpy 183 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34627 68414/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_52.cpp Buffer_Overflow_boundedcpy 202 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34628 68415/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_53.cpp Buffer_Overflow_boundedcpy 236 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34629 68415/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_53.cpp Buffer_Overflow_boundedcpy 255 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34630 68416/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_54.cpp Buffer_Overflow_boundedcpy 308 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) goodG2BSink_e(data); void goodG2BSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34631 68416/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_54.cpp Buffer_Overflow_boundedcpy 289 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) badSink_e(data); void badSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34632 68417/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_61.cpp Buffer_Overflow_boundedcpy 63 char * data; data = NULL; data = goodG2BSource(data); char * goodG2BSource(char * data) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34633 68417/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_61.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; data = badSource(data); char * badSource(char * data) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34634 68418/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_62.cpp Buffer_Overflow_boundedcpy 63 char * data; data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34635 68418/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_62.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; badSource(data); void badSource(char * &data) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34636 68419/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_63.cpp Buffer_Overflow_boundedcpy 148 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(&data); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34637 68419/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_63.cpp Buffer_Overflow_boundedcpy 128 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34638 68420/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_64.cpp Buffer_Overflow_boundedcpy 131 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34639 68420/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_64.cpp Buffer_Overflow_boundedcpy 154 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34640 68421/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_65.cpp Buffer_Overflow_boundedcpy 131 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = new char[50]; data[0] = '\0'; funcPtr(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34641 68421/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_65.cpp Buffer_Overflow_boundedcpy 150 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = new char[100]; data[0] = '\0'; funcPtr(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34642 68422/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_66.cpp Buffer_Overflow_boundedcpy 156 char * data; char * dataArray[5]; data = NULL; data = new char[100]; data[0] = '\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34643 68422/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_66.cpp Buffer_Overflow_boundedcpy 136 char * data; char * dataArray[5]; data = NULL; data = new char[50]; data[0] = '\0'; dataArray[2] = data; badSink(dataArray); void badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34644 68423/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_67.cpp Buffer_Overflow_boundedcpy 142 char * data; structType myStruct; data = NULL; data = new char[50]; data[0] = '\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34645 68423/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_67.cpp Buffer_Overflow_boundedcpy 162 char * data; structType myStruct; data = NULL; data = new char[100]; data[0] = '\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34646 68424/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_68.cpp Buffer_Overflow_boundedcpy 139 char * data; data = NULL; data = new char[50]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_68_badData = data; badSink(); void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34647 68424/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_68.cpp Buffer_Overflow_boundedcpy 159 char * data; data = NULL; data = new char[100]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34648 68425/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_72.cpp Buffer_Overflow_boundedcpy 147 char * data; vector dataVector; data = NULL; data = new char[50]; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34649 68425/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_72.cpp Buffer_Overflow_boundedcpy 167 char * data; vector dataVector; data = NULL; data = new char[100]; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34650 68426/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_73.cpp Buffer_Overflow_boundedcpy 147 char * data; list dataList; data = NULL; data = new char[50]; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34651 68426/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_73.cpp Buffer_Overflow_boundedcpy 167 char * data; list dataList; data = NULL; data = new char[100]; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34652 68427/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_74.cpp Buffer_Overflow_boundedcpy 147 char * data; map dataMap; data = NULL; data = new char[50]; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 1 --------------------------------- 34653 68427/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_memmove_74.cpp Buffer_Overflow_boundedcpy 167 char * data; map dataMap; data = NULL; data = new char[100]; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; memmove(data, source, 100*sizeof(char)); 0 --------------------------------- 34654 68432/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_01.cpp Buffer_Overflow_boundedcpy 38 char * data; data = NULL; data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34655 68432/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_01.cpp Buffer_Overflow_boundedcpy 61 char * data; data = NULL; data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34656 68433/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_02.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(1) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34657 68433/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_02.cpp Buffer_Overflow_boundedcpy 94 char * data; data = NULL; if(1) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34658 68433/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_02.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; if(0) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34659 68434/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_03.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(5==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34660 68434/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_03.cpp Buffer_Overflow_boundedcpy 94 char * data; data = NULL; if(5==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34661 68434/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_03.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; if(5!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34662 68435/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_04.cpp Buffer_Overflow_boundedcpy 78 char * data; data = NULL; if(STATIC_CONST_FALSE) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34663 68435/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_04.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; if(STATIC_CONST_TRUE) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34664 68435/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_04.cpp Buffer_Overflow_boundedcpy 100 char * data; data = NULL; if(STATIC_CONST_TRUE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34665 68436/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_05.cpp Buffer_Overflow_boundedcpy 78 char * data; data = NULL; if(staticFalse) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34666 68436/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_05.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; if(staticTrue) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34667 68436/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_05.cpp Buffer_Overflow_boundedcpy 100 char * data; data = NULL; if(staticTrue) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34668 68437/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_06.cpp Buffer_Overflow_boundedcpy 46 char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34669 68437/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_06.cpp Buffer_Overflow_boundedcpy 99 char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34670 68437/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_06.cpp Buffer_Overflow_boundedcpy 77 char * data; data = NULL; if(STATIC_CONST_FIVE!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34671 68438/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_07.cpp Buffer_Overflow_boundedcpy 46 char * data; data = NULL; if(staticFive==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34672 68438/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_07.cpp Buffer_Overflow_boundedcpy 99 char * data; data = NULL; if(staticFive==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34673 68438/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_07.cpp Buffer_Overflow_boundedcpy 77 char * data; data = NULL; if(staticFive!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34674 68439/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_08.cpp Buffer_Overflow_boundedcpy 54 char * data; data = NULL; if(staticReturnsTrue()) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34675 68439/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_08.cpp Buffer_Overflow_boundedcpy 107 char * data; data = NULL; if(staticReturnsTrue()) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34676 68439/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_08.cpp Buffer_Overflow_boundedcpy 85 char * data; data = NULL; if(staticReturnsFalse()) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34677 68440/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_09.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34678 68440/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_09.cpp Buffer_Overflow_boundedcpy 94 char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34679 68440/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_09.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; if(GLOBAL_CONST_FALSE) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34680 68441/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_10.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(globalTrue) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34681 68441/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_10.cpp Buffer_Overflow_boundedcpy 94 char * data; data = NULL; if(globalTrue) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34682 68441/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_10.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; if(globalFalse) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34683 68442/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_11.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(globalReturnsTrue()) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34684 68442/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_11.cpp Buffer_Overflow_boundedcpy 94 char * data; data = NULL; if(globalReturnsTrue()) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34685 68442/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_11.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; if(globalReturnsFalse()) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34686 68443/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_12.cpp Buffer_Overflow_boundedcpy 80 char * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new char[100]; data[0] = '\0'; else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34687 68443/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_12.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new char[50]; data[0] = '\0'; else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34688 68444/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_13.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34689 68444/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_13.cpp Buffer_Overflow_boundedcpy 94 char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34690 68444/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_13.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34691 68445/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_14.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(globalFive==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34692 68445/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_14.cpp Buffer_Overflow_boundedcpy 94 char * data; data = NULL; if(globalFive==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34693 68445/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_14.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; if(globalFive!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34694 68446/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_15.cpp Buffer_Overflow_boundedcpy 107 char * data; data = NULL; switch(6) case 6: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34695 68446/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_15.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; switch(6) case 6: data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34696 68446/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_15.cpp Buffer_Overflow_boundedcpy 79 char * data; data = NULL; switch(5) default: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34697 68447/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_16.cpp Buffer_Overflow_boundedcpy 69 char * data; data = NULL; while(1) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34698 68447/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_16.cpp Buffer_Overflow_boundedcpy 42 char * data; data = NULL; while(1) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34699 68448/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_17.cpp Buffer_Overflow_boundedcpy 69 char * data; data = NULL; for(h = 0; h < 1; h++) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34700 68448/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_17.cpp Buffer_Overflow_boundedcpy 42 char * data; data = NULL; for(i = 0; i < 1; i++) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34701 68449/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_18.cpp Buffer_Overflow_boundedcpy 65 char * data; data = NULL; goto source; source: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34702 68449/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_18.cpp Buffer_Overflow_boundedcpy 40 char * data; data = NULL; goto source; source: data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34703 68450/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_21.cpp Buffer_Overflow_boundedcpy 94 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) else data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34704 68450/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_21.cpp Buffer_Overflow_boundedcpy 51 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34705 68450/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_21.cpp Buffer_Overflow_boundedcpy 124 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34706 68451/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_22.cpp Buffer_Overflow_boundedcpy 43 char * data; data = NULL; badGlobal = 1; data = badSource(data); char * badSource(char * data) if(badGlobal) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34707 68451/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_22.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; goodG2B1Global = 0; data = goodG2B1Source(data); char * goodG2B1Source(char * data) if(goodG2B1Global) else data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34708 68451/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_22.cpp Buffer_Overflow_boundedcpy 94 char * data; data = NULL; goodG2B2Global = 1; data = goodG2B2Source(data); char * goodG2B2Source(char * data) if(goodG2B2Global) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34709 68452/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_31.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; data = new char[50]; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34710 68452/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_31.cpp Buffer_Overflow_boundedcpy 68 char * data; data = NULL; data = new char[100]; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34711 68453/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_32.cpp Buffer_Overflow_boundedcpy 46 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[50]; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34712 68453/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_32.cpp Buffer_Overflow_boundedcpy 78 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[100]; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34713 68454/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_33.cpp Buffer_Overflow_boundedcpy 41 char * data; char * &dataRef = data; data = NULL; data = new char[50]; data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34714 68454/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_33.cpp Buffer_Overflow_boundedcpy 68 char * data; char * &dataRef = data; data = NULL; data = new char[100]; data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34715 68455/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_34.cpp Buffer_Overflow_boundedcpy 48 char * data; unionType myUnion; data = NULL; data = new char[50]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34716 68455/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_34.cpp Buffer_Overflow_boundedcpy 76 char * data; unionType myUnion; data = NULL; data = new char[100]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34717 68456/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_41.cpp Buffer_Overflow_boundedcpy 33 char * data data = NULL; data = new char[50]; data[0] = '\0'; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34718 68456/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_41.cpp Buffer_Overflow_boundedcpy 60 char * data data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34719 68457/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_42.cpp Buffer_Overflow_boundedcpy 73 char * data data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34720 68457/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_42.cpp Buffer_Overflow_boundedcpy 44 char * data data = NULL; data = badSource(data); static char * badSource(char * data) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34721 68458/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_43.cpp Buffer_Overflow_boundedcpy 43 char * data data = NULL; badSource(data); void badSource(char * &data) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34722 68458/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_43.cpp Buffer_Overflow_boundedcpy 71 char * data data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34723 68459/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_44.cpp Buffer_Overflow_boundedcpy 33 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = new char[50]; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34724 68459/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_44.cpp Buffer_Overflow_boundedcpy 64 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = new char[100]; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34725 68460/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_45.cpp Buffer_Overflow_boundedcpy 37 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badData = data; badSink(); static void badSink() char * data = badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34726 68460/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_45.cpp Buffer_Overflow_boundedcpy 67 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34727 68461/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_51.cpp Buffer_Overflow_boundedcpy 130 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34728 68461/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_51.cpp Buffer_Overflow_boundedcpy 148 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34729 68462/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_52.cpp Buffer_Overflow_boundedcpy 201 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34730 68462/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_52.cpp Buffer_Overflow_boundedcpy 183 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34731 68463/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_53.cpp Buffer_Overflow_boundedcpy 254 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34732 68463/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_53.cpp Buffer_Overflow_boundedcpy 236 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34733 68464/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_54.cpp Buffer_Overflow_boundedcpy 289 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) goodG2BSink_e(data); void goodG2BSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34734 68464/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_54.cpp Buffer_Overflow_boundedcpy 307 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) badSink_e(data); void badSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34735 68465/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_61.cpp Buffer_Overflow_boundedcpy 62 char * data; data = NULL; data = goodG2BSource(data); char * goodG2BSource(char * data) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34736 68465/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_61.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; data = badSource(data); char * badSource(char * data) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34737 68466/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_62.cpp Buffer_Overflow_boundedcpy 62 char * data; data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34738 68466/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_62.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; badSource(data); void badSource(char * &data) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34739 68467/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_63.cpp Buffer_Overflow_boundedcpy 147 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(&data); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34740 68467/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_63.cpp Buffer_Overflow_boundedcpy 128 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34741 68468/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_64.cpp Buffer_Overflow_boundedcpy 153 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34742 68468/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_64.cpp Buffer_Overflow_boundedcpy 131 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34743 68469/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_65.cpp Buffer_Overflow_boundedcpy 149 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = new char[100]; data[0] = '\0'; funcPtr(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34744 68469/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_65.cpp Buffer_Overflow_boundedcpy 131 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = new char[50]; data[0] = '\0'; funcPtr(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34745 68470/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_66.cpp Buffer_Overflow_boundedcpy 155 char * data; char * dataArray[5]; data = NULL; data = new char[100]; data[0] = '\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34746 68470/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_66.cpp Buffer_Overflow_boundedcpy 136 char * data; char * dataArray[5]; data = NULL; data = new char[50]; data[0] = '\0'; dataArray[2] = data; badSink(dataArray); void badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34747 68471/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_67.cpp Buffer_Overflow_boundedcpy 161 char * data; structType myStruct; data = NULL; data = new char[100]; data[0] = '\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34748 68471/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_67.cpp Buffer_Overflow_boundedcpy 142 char * data; structType myStruct; data = NULL; data = new char[50]; data[0] = '\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34749 68472/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_68.cpp Buffer_Overflow_boundedcpy 158 char * data; data = NULL; data = new char[100]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34750 68472/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_68.cpp Buffer_Overflow_boundedcpy 139 char * data; data = NULL; data = new char[50]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_68_badData = data; badSink(); void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34751 68473/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_72.cpp Buffer_Overflow_boundedcpy 166 char * data; vector dataVector; data = NULL; data = new char[100]; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34752 68473/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_72.cpp Buffer_Overflow_boundedcpy 147 char * data; vector dataVector; data = NULL; data = new char[50]; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34753 68474/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_73.cpp Buffer_Overflow_boundedcpy 166 char * data; list dataList; data = NULL; data = new char[100]; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34754 68474/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_73.cpp Buffer_Overflow_boundedcpy 147 char * data; list dataList; data = NULL; data = new char[50]; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34755 68475/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_74.cpp Buffer_Overflow_boundedcpy 166 char * data; map dataMap; data = NULL; data = new char[100]; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 34756 68475/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_74.cpp Buffer_Overflow_boundedcpy 147 char * data; map dataMap; data = NULL; data = new char[50]; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 34757 68480/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_01.cpp Buffer_Overflow_boundedcpy 62 char * data; data = NULL; data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34758 68480/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_01.cpp Buffer_Overflow_boundedcpy 38 char * data; data = NULL; data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34759 68481/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_02.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(1) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34760 68481/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_02.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(0) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34761 68481/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_02.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(1) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34762 68482/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_03.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(5==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34763 68482/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_03.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(5!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34764 68482/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_03.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(5=5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34765 68483/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_04.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(STATIC_CONST_TRUE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34766 68483/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_04.cpp Buffer_Overflow_boundedcpy 79 char * data; data = NULL; if(STATIC_CONST_FALSE) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34767 68483/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_04.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; if(STATIC_CONST_TRUE) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34768 68484/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_05.cpp Buffer_Overflow_boundedcpy 102 char * data; data = NULL; if(staticTrue) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34769 68484/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_05.cpp Buffer_Overflow_boundedcpy 79 char * data; data = NULL; if(staticFalse) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34770 68484/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_05.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; if(staticTrue) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34771 68485/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_06.cpp Buffer_Overflow_boundedcpy 78 char * data; data = NULL; if(STATIC_CONST_FIVE!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34772 68485/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_06.cpp Buffer_Overflow_boundedcpy 101 char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34773 68485/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_06.cpp Buffer_Overflow_boundedcpy 46 char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34774 68486/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_07.cpp Buffer_Overflow_boundedcpy 78 char * data; data = NULL; if(staticFive!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34775 68486/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_07.cpp Buffer_Overflow_boundedcpy 101 char * data; data = NULL; if(staticFive=5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34776 68486/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_07.cpp Buffer_Overflow_boundedcpy 46 char * data; data = NULL; if(staticFive=5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34777 68487/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_08.cpp Buffer_Overflow_boundedcpy 54 char * data; data = NULL; if(staticReturnsTrue()) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34778 68487/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_08.cpp Buffer_Overflow_boundedcpy 109 char * data; data = NULL; if(staticReturnsTrue()) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34779 68487/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_08.cpp Buffer_Overflow_boundedcpy 86 char * data; data = NULL; if(staticReturnsFalse()) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34780 68488/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_09.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34781 68488/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_09.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(GLOBAL_CONST_FALSE) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34782 68488/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_09.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34783 68489/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_10.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(globalTrue) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34784 68489/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_10.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(globalFalse) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34785 68489/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_10.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(globalTrue) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34786 68490/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_11.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(globalReturnsTrue()) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34787 68490/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_11.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(globalReturnsFalse()) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34788 68490/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_11.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(globalReturnsTrue()) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34789 68491/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_12.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new char[50]; data[0] = '\0'; else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34790 68491/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_12.cpp Buffer_Overflow_boundedcpy 81 char * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new char[100]; data[0] = '\0'; else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34791 68492/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_13.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34792 68492/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_13.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34793 68492/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_13.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34794 68493/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_14.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; if(globalFive==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34795 68493/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_14.cpp Buffer_Overflow_boundedcpy 73 char * data; data = NULL; if(globalFive!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34796 68493/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_14.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; if(globalFive==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34797 68494/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_15.cpp Buffer_Overflow_boundedcpy 80 char * data; data = NULL; switch(5) default: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34798 68494/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_15.cpp Buffer_Overflow_boundedcpy 109 char * data; data = NULL; switch(6) case 6: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34799 68494/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_15.cpp Buffer_Overflow_boundedcpy 47 char * data; data = NULL; switch(6) case 6: data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34800 68495/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_16.cpp Buffer_Overflow_boundedcpy 70 char * data; data = NULL; while(1) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34801 68495/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_16.cpp Buffer_Overflow_boundedcpy 42 char * data; data = NULL; while(1) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34802 68496/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_17.cpp Buffer_Overflow_boundedcpy 70 char * data; data = NULL; for(h = 0; h < 1; h++) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34803 68496/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_17.cpp Buffer_Overflow_boundedcpy 42 char * data; data = NULL; for(i = 0; i < 1; i++) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34804 68497/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_18.cpp Buffer_Overflow_boundedcpy 40 char * data; data = NULL; goto source; source: data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34805 68497/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_18.cpp Buffer_Overflow_boundedcpy 66 char * data; data = NULL; goto source; source: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34806 68498/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_21.cpp Buffer_Overflow_boundedcpy 51 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34807 68498/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_21.cpp Buffer_Overflow_boundedcpy 95 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) else data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34808 68498/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_21.cpp Buffer_Overflow_boundedcpy 126 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34809 68499/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_22.cpp Buffer_Overflow_boundedcpy 43 char * data; data = NULL; badGlobal = 1; data = badSource(data); char * badSource(char * data) if(badGlobal) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34810 68499/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_22.cpp Buffer_Overflow_boundedcpy 74 char * data; data = NULL; goodG2B1Global = 0; data = goodG2B1Source(data); char * goodG2B1Source(char * data) if(goodG2B1Global) else data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34811 68499/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_22.cpp Buffer_Overflow_boundedcpy 96 char * data; data = NULL; goodG2B2Global = 1; data = goodG2B2Source(data); char * goodG2B2Source(char * data) if(goodG2B2Global) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34812 68500/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_31.cpp Buffer_Overflow_boundedcpy 41 char * data; data = NULL; data = new char[50]; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34813 68500/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_31.cpp Buffer_Overflow_boundedcpy 69 char * data; data = NULL; data = new char[100]; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34814 68501/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_32.cpp Buffer_Overflow_boundedcpy 79 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[100]; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34815 68501/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_32.cpp Buffer_Overflow_boundedcpy 46 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[50]; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34816 68502/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_33.cpp Buffer_Overflow_boundedcpy 69 char * data; char * &dataRef = data; data = NULL; data = new char[100]; data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34817 68502/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_33.cpp Buffer_Overflow_boundedcpy 41 char * data; char * &dataRef = data; data = NULL; data = new char[50]; data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34818 68503/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_34.cpp Buffer_Overflow_boundedcpy 48 char * data; unionType myUnion; data = NULL; data = new char[50]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34819 68503/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_34.cpp Buffer_Overflow_boundedcpy 77 char * data; unionType myUnion; data = NULL; data = new char[100]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34820 68504/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_41.cpp Buffer_Overflow_boundedcpy 61 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34821 68504/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_41.cpp Buffer_Overflow_boundedcpy 33 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34822 68505/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_42.cpp Buffer_Overflow_boundedcpy 44 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34823 68505/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_42.cpp Buffer_Overflow_boundedcpy 74 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34824 68506/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_43.cpp Buffer_Overflow_boundedcpy 72 char * data; data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34825 68506/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_43.cpp Buffer_Overflow_boundedcpy 43 char * data; data = NULL; badSource(data); void badSource(char * &data) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34826 68507/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_44.cpp Buffer_Overflow_boundedcpy 65 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = new char[100]; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34827 68507/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_44.cpp Buffer_Overflow_boundedcpy 33 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = new char[50]; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34828 68508/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_45.cpp Buffer_Overflow_boundedcpy 68 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34829 68508/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_45.cpp Buffer_Overflow_boundedcpy 37 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badData = data; badSink(); static void badSink() char * data = badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34830 68509/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_51.cpp Buffer_Overflow_boundedcpy 149 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34831 68509/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_51.cpp Buffer_Overflow_boundedcpy 130 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34832 68510/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_52.cpp Buffer_Overflow_boundedcpy 183 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34833 68510/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_52.cpp Buffer_Overflow_boundedcpy 202 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34834 68511/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_53.cpp Buffer_Overflow_boundedcpy 255 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34835 68511/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_53.cpp Buffer_Overflow_boundedcpy 236 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34836 68512/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_54.cpp Buffer_Overflow_boundedcpy 289 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) badSink_e(data); void badSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34837 68512/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_54.cpp Buffer_Overflow_boundedcpy 308 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) goodG2BSink_e(data); void goodG2BSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34838 68513/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_61.cpp Buffer_Overflow_boundedcpy 63 char * data; data = NULL; data = goodG2BSource(data); char * goodG2BSource(char * data) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34839 68513/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_61.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; data = badSource(data); char * badSource(char * data) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34840 68514/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 63 char * data; data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34841 68514/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_62.cpp Buffer_Overflow_boundedcpy 39 char * data; data = NULL; badSource(data); void badSource(char * &data) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34842 68515/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_63.cpp Buffer_Overflow_boundedcpy 128 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34843 68515/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_63.cpp Buffer_Overflow_boundedcpy 148 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(&data); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34844 68516/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_64.cpp Buffer_Overflow_boundedcpy 131 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34845 68516/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_64.cpp Buffer_Overflow_boundedcpy 154 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34846 68517/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_65.cpp Buffer_Overflow_boundedcpy 150 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = new char[100]; data[0] = '\0'; funcPtr(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34847 68517/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_65.cpp Buffer_Overflow_boundedcpy 131 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = new char[50]; data[0] = '\0'; funcPtr(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34848 68518/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_66.cpp Buffer_Overflow_boundedcpy 136 char * data; char * dataArray[5]; data = NULL; data = new char[50]; data[0] = '\0'; dataArray[2] = data; badSink(dataArray); void badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34849 68518/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_66.cpp Buffer_Overflow_boundedcpy 156 char * data; char * dataArray[5]; data = NULL; data = new char[100]; data[0] = '\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34850 68519/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_67.cpp Buffer_Overflow_boundedcpy 142 char * data; structType myStruct; data = NULL; data = new char[50]; data[0] = '\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34851 68519/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_67.cpp Buffer_Overflow_boundedcpy 162 char * data; structType myStruct; data = NULL; data = new char[100]; data[0] = '\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34852 68520/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_68.cpp Buffer_Overflow_boundedcpy 159 char * data; data = NULL; data = new char[100]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_68_goodG2BData = data; goodG2BSink(); void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34853 68520/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_68.cpp Buffer_Overflow_boundedcpy 139 char * data; data = NULL; data = new char[50]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_68_badData = data; badSink(); void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34854 68521/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 167 char * data; vector dataVector; data = NULL; data = new char[100]; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34855 68521/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_72.cpp Buffer_Overflow_boundedcpy 147 char * data; vector dataVector; data = NULL; data = new char[50]; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34856 68522/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 167 char * data; list dataList; data = NULL; data = new char[100]; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34857 68522/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_73.cpp Buffer_Overflow_boundedcpy 147 char * data; list dataList; data = NULL; data = new char[50]; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34858 68523/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 167 char * data; map dataMap; data = NULL; data = new char[100]; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 34859 68523/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_74.cpp Buffer_Overflow_boundedcpy 147 char * data; map dataMap; data = NULL; data = new char[50]; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 34860 68528/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_01.cpp Buffer_Overflow_LowBound 67 char * data; data = NULL; data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34861 68528/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_01.cpp Buffer_Overflow_LowBound 44 char * data; data = NULL; data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34862 68529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_02.cpp Buffer_Overflow_LowBound 47 char * data; data = NULL; if(1) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34863 68529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_02.cpp Buffer_Overflow_LowBound 78 char * data; data = NULL; if(0) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34864 68529/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_02.cpp Buffer_Overflow_LowBound 100 char * data; data = NULL; if(1) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34865 68530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_03.cpp Buffer_Overflow_LowBound 47 char * data; data = NULL; if(5==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34866 68530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_03.cpp Buffer_Overflow_LowBound 78 char * data; data = NULL; if(5!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34867 68530/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_03.cpp Buffer_Overflow_LowBound 100 char * data; data = NULL; if(5==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34868 68531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_04.cpp Buffer_Overflow_LowBound 53 char * data; data = NULL; if(STATIC_CONST_TRUE) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34869 68531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_04.cpp Buffer_Overflow_LowBound 84 char * data; data = NULL; if(STATIC_CONST_FALSE) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34870 68531/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_04.cpp Buffer_Overflow_LowBound 106 char * data; data = NULL; if(STATIC_CONST_TRUE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34871 68532/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_05.cpp Buffer_Overflow_LowBound 53 char * data; data = NULL; if(staticTrue) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34872 68532/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_05.cpp Buffer_Overflow_LowBound 84 char * data; data = NULL; if(staticFalse) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34873 68532/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_05.cpp Buffer_Overflow_LowBound 106 char * data; data = NULL; if(staticTrue) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34874 68533/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_06.cpp Buffer_Overflow_LowBound 83 char * data; data = NULL; if(STATIC_CONST_FIVE!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34875 68533/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_06.cpp Buffer_Overflow_LowBound 52 char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34876 68533/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_06.cpp Buffer_Overflow_LowBound 105 char * data; data = NULL; if(STATIC_CONST_FIVE==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34877 68534/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_07.cpp Buffer_Overflow_LowBound 83 char * data; data = NULL; if(staticFive!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34878 68534/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_07.cpp Buffer_Overflow_LowBound 52 char * data; data = NULL; if(staticFive==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34879 68534/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_07.cpp Buffer_Overflow_LowBound 105 char * data; data = NULL; if(staticFive==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34880 68535/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_08.cpp Buffer_Overflow_LowBound 91 char * data; data = NULL; if(staticReturnsFalse()) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34881 68535/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_08.cpp Buffer_Overflow_LowBound 60 char * data; data = NULL; if(staticReturnsTrue()) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34882 68535/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_08.cpp Buffer_Overflow_LowBound 113 char * data; data = NULL; if(staticReturnsTrue()) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34883 68536/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_09.cpp Buffer_Overflow_LowBound 47 char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34884 68536/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_09.cpp Buffer_Overflow_LowBound 78 char * data; data = NULL; if(GLOBAL_CONST_FALSE) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34885 68536/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_09.cpp Buffer_Overflow_LowBound 100 char * data; data = NULL; if(GLOBAL_CONST_TRUE) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34886 68537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_10.cpp Buffer_Overflow_LowBound 47 char * data; data = NULL; if(globalTrue) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34887 68537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_10.cpp Buffer_Overflow_LowBound 78 char * data; data = NULL; if(globalFalse) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34888 68537/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_10.cpp Buffer_Overflow_LowBound 100 char * data; data = NULL; if(globalTrue) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34889 68538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_11.cpp Buffer_Overflow_LowBound 47 char * data; data = NULL; if(globalReturnsTrue()) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34890 68538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_11.cpp Buffer_Overflow_LowBound 78 char * data; data = NULL; if(globalReturnsFalse()) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34891 68538/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_11.cpp Buffer_Overflow_LowBound 100 char * data; data = NULL; if(globalReturnsTrue()) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34892 68539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_12.cpp Buffer_Overflow_LowBound 53 char * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new char[50]; data[0] = '\0'; else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34893 68539/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_12.cpp Buffer_Overflow_LowBound 86 char * data; data = NULL; if(globalReturnsTrueOrFalse()) data = new char[100]; data[0] = '\0'; else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34894 68540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_13.cpp Buffer_Overflow_LowBound 47 char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34895 68540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_13.cpp Buffer_Overflow_LowBound 78 char * data; data = NULL; if(GLOBAL_CONST_FIVE!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34896 68540/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_13.cpp Buffer_Overflow_LowBound 100 char * data; data = NULL; if(GLOBAL_CONST_FIVE==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34897 68541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_14.cpp Buffer_Overflow_LowBound 47 char * data; data = NULL; if(globalFive==5) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34898 68541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_14.cpp Buffer_Overflow_LowBound 78 char * data; data = NULL; if(globalFive!=5) else data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34899 68541/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_14.cpp Buffer_Overflow_LowBound 100 char * data; data = NULL; if(globalFive==5) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34900 68542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_15.cpp Buffer_Overflow_LowBound 53 char * data; data = NULL; switch(6) case 6: data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34901 68542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_15.cpp Buffer_Overflow_LowBound 85 char * data; data = NULL; switch(5) default: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34902 68542/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_15.cpp Buffer_Overflow_LowBound 113 char * data; data = NULL; switch(6) case 6: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34903 68543/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_16.cpp Buffer_Overflow_LowBound 48 char * data; data = NULL; while(1) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34904 68543/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_16.cpp Buffer_Overflow_LowBound 75 char * data; data = NULL; while(1) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34905 68544/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_17.cpp Buffer_Overflow_LowBound 48 char * data; data = NULL; for(i = 0; i < 1; i++) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34906 68544/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_17.cpp Buffer_Overflow_LowBound 75 char * data; data = NULL; for(h = 0; h < 1; h++) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34907 68545/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_18.cpp Buffer_Overflow_LowBound 71 char * data; data = NULL; goto source; source: data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34908 68545/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_18.cpp Buffer_Overflow_LowBound 46 char * data; data = NULL; goto source; source: data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34909 68546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_21.cpp Buffer_Overflow_LowBound 100 char * data; data = NULL; goodG2B1Static = 0; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) if(goodG2B1Static) else data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34910 68546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_21.cpp Buffer_Overflow_LowBound 57 char * data; data = NULL; badStatic = 1; data = badSource(data); static char * badSource(char * data) if(badStatic) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34911 68546/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_21.cpp Buffer_Overflow_LowBound 130 char * data; data = NULL; goodG2B2Static = 1; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) if(goodG2B2Static) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34912 68547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_22.cpp Buffer_Overflow_LowBound 79 char * data; data = NULL; goodG2B1Global = 0; data = goodG2B1Source(data); char * goodG2B1Source(char * data) if(goodG2B1Global) else data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34913 68547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_22.cpp Buffer_Overflow_LowBound 100 char * data; data = NULL; goodG2B2Global = 1; data = goodG2B2Source(data); char * goodG2B2Source(char * data) if(goodG2B2Global) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34914 68547/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_22.cpp Buffer_Overflow_LowBound 49 char * data; data = NULL; badGlobal = 1; data = badSource(data); char * badSource(char * data) if(badGlobal) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34915 68548/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_31.cpp Buffer_Overflow_LowBound 47 char * data; data = NULL; data = new char[50]; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34916 68548/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_31.cpp Buffer_Overflow_LowBound 74 char * data; data = NULL; data = new char[100]; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34917 68549/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_32.cpp Buffer_Overflow_LowBound 52 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[50]; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34918 68549/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_32.cpp Buffer_Overflow_LowBound 84 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = NULL; char * data = *dataPtr1; data = new char[100]; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34919 68550/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_33.cpp Buffer_Overflow_LowBound 47 char * data; char * &dataRef = data; data = NULL; data = new char[50]; data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34920 68550/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_33.cpp Buffer_Overflow_LowBound 74 char * data; char * &dataRef = data; data = NULL; data = new char[100]; data[0] = '\0'; char * data = dataRef; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34921 68551/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_34.cpp Buffer_Overflow_LowBound 54 char * data; unionType myUnion; data = NULL; data = new char[50]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34922 68551/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_34.cpp Buffer_Overflow_LowBound 82 char * data; unionType myUnion; data = NULL; data = new char[100]; data[0] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34923 68552/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_41.cpp Buffer_Overflow_LowBound 39 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34924 68552/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_41.cpp Buffer_Overflow_LowBound 66 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34925 68553/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_42.cpp Buffer_Overflow_LowBound 79 char * data; data = NULL; data = goodG2BSource(data); static char * goodG2BSource(char * data) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34926 68553/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_42.cpp Buffer_Overflow_LowBound 50 char * data; data = NULL; data = badSource(data); static char * badSource(char * data) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34927 68554/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_43.cpp Buffer_Overflow_LowBound 77 char * data; data = NULL; goodG2BSource(data); static void goodG2BSource(char * &data) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34928 68554/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_43.cpp Buffer_Overflow_LowBound 49 char * data; data = NULL; badSource(data); void badSource(char * &data) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34929 68555/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_44.cpp Buffer_Overflow_LowBound 39 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = new char[50]; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34930 68555/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_44.cpp Buffer_Overflow_LowBound 70 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = new char[100]; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34931 68556/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_45.cpp Buffer_Overflow_LowBound 43 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badData = data; badSink(); static void badSink() char * data = badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34932 68556/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_45.cpp Buffer_Overflow_LowBound 73 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34933 68557/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_51.cpp Buffer_Overflow_LowBound 160 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34934 68557/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_51.cpp Buffer_Overflow_LowBound 142 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34935 68558/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_52.cpp Buffer_Overflow_LowBound 219 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34936 68558/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_52.cpp Buffer_Overflow_LowBound 201 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34937 68559/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_53.cpp Buffer_Overflow_LowBound 278 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34938 68559/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_53.cpp Buffer_Overflow_LowBound 260 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34939 68560/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_54.cpp Buffer_Overflow_LowBound 319 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink_b(data); void badSink_b(char * data) badSink_c(data); void badSink_c(char * data) badSink_d(data); void badSink_d(char * data) badSink_e(data); void badSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34940 68560/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_54.cpp Buffer_Overflow_LowBound 337 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink_b(data); void goodG2BSink_b(char * data) goodG2BSink_c(data); void goodG2BSink_c(char * data) goodG2BSink_d(data); void goodG2BSink_d(char * data) goodG2BSink_e(data); void goodG2BSink_e(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34941 68561/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_61.cpp Buffer_Overflow_LowBound 45 char * data; data = NULL; data = badSource(data); char * badSource(char * data) data = new char[50]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34942 68561/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_61.cpp Buffer_Overflow_LowBound 68 char * data; data = NULL; data = goodG2BSource(data); char * goodG2BSource(char * data) data = new char[100]; data[0] = '\0'; return data; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34943 68562/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_62.cpp Buffer_Overflow_LowBound 45 char * data; data = NULL; badSource(data); void badSource(char * &data) data = new char[50]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34944 68562/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_62.cpp Buffer_Overflow_LowBound 68 char * data; data = NULL; goodG2BSource(data); void goodG2BSource(char * &data) data = new char[100]; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34945 68563/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_63.cpp Buffer_Overflow_LowBound 159 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(&data); void goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34946 68563/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_63.cpp Buffer_Overflow_LowBound 140 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(&data); void badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34947 68564/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_64.cpp Buffer_Overflow_LowBound 143 char * data; data = NULL; data = new char[50]; data[0] = '\0'; badSink(&data); void badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34948 68564/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_64.cpp Buffer_Overflow_LowBound 165 char * data; data = NULL; data = new char[100]; data[0] = '\0'; goodG2BSink(&data); void goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34949 68565/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_65.cpp Buffer_Overflow_LowBound 143 char * data; void (*funcPtr) (char *) = badSink; data = NULL; data = new char[50]; data[0] = '\0'; funcPtr(data); void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34950 68565/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_65.cpp Buffer_Overflow_LowBound 161 char * data; void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = new char[100]; data[0] = '\0'; funcPtr(data); void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34951 68566/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_66.cpp Buffer_Overflow_LowBound 167 char * data; char * dataArray[5]; data = NULL; data = new char[100]; data[0] = '\0'; dataArray[2] = data; goodG2BSink(dataArray); void goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34952 68566/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_66.cpp Buffer_Overflow_LowBound 148 char * data; char * dataArray[5]; data = NULL; data = new char[50]; data[0] = '\0'; dataArray[2] = data; badSink(dataArray); void badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34953 68567/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_67.cpp Buffer_Overflow_LowBound 173 char * data; structType myStruct; data = NULL; data = new char[100]; data[0] = '\0'; myStruct.structFirst = data; goodG2BSink(myStruct); void goodG2BSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34954 68567/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_67.cpp Buffer_Overflow_LowBound 154 char * data; structType myStruct; data = NULL; data = new char[50]; data[0] = '\0'; myStruct.structFirst = data; badSink(myStruct); void badSink(structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34955 68568/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_68.cpp Buffer_Overflow_LowBound 151 char * data; data = NULL; data = new char[50]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_68_badData = data; badSink(); void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34956 68568/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_68.cpp Buffer_Overflow_LowBound 170 char * data; data = NULL; data = new char[100]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_68_goodG2BData = data; goodG2BSink(); char * data = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34957 68569/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_72.cpp Buffer_Overflow_LowBound 172 char * data; vector dataVector; data = NULL; data = new char[100]; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); goodG2BSink(dataVector); void goodG2BSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34958 68569/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_72.cpp Buffer_Overflow_LowBound 153 char * data; vector dataVector; data = NULL; data = new char[50]; data[0] = '\0'; dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); dataVector.insert(dataVector.end(), 1, data); badSink(dataVector); void badSink(vector dataVector) char * data = dataVector[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34959 68570/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_73.cpp Buffer_Overflow_LowBound 172 char * data; list dataList; data = NULL; data = new char[100]; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); goodG2BSink(dataList); void goodG2BSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34960 68570/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_73.cpp Buffer_Overflow_LowBound 153 char * data; list dataList; data = NULL; data = new char[50]; data[0] = '\0'; dataList.push_back(data); dataList.push_back(data); dataList.push_back(data); badSink(dataList); void badSink(list dataList) char * data = dataList.back(); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34961 68571/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_74.cpp Buffer_Overflow_LowBound 172 char * data; map dataMap; data = NULL; data = new char[100]; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; goodG2BSink(dataMap); void goodG2BSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 34962 68571/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_74.cpp Buffer_Overflow_LowBound 153 char * data; map dataMap; data = NULL; data = new char[50]; data[0] = '\0'; dataMap[0] = data; dataMap[1] = data; dataMap[2] = data; badSink(dataMap); void badSink(map dataMap) char * data = dataMap[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 34963 68624/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_01.cpp Buffer_Overflow_boundedcpy 42 TwoIntsClass * data; data = NULL; data = new TwoIntsClass[50]; TwoIntsClass source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 34964 68624/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_01.cpp Buffer_Overflow_boundedcpy 71 TwoIntsClass * data; data = NULL; data = new TwoIntsClass[100]; TwoIntsClass source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 34965 68625/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_02.cpp Buffer_Overflow_boundedcpy 82 TwoIntsClass * data; data = NULL; if(0) else data = new TwoIntsClass[100]; TwoIntsClass source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 34966 68625/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_02.cpp Buffer_Overflow_boundedcpy 45 TwoIntsClass * data; data = NULL; if(1) data = new TwoIntsClass[50]; TwoIntsClass source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 34967 68625/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_02.cpp Buffer_Overflow_boundedcpy 110 TwoIntsClass * data; data = NULL; if(1) data = new TwoIntsClass[100]; TwoIntsClass source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 34968 68626/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_03.cpp Buffer_Overflow_boundedcpy 82 TwoIntsClass * data; data = NULL; if(5!=5) else data = new TwoIntsClass[100]; TwoIntsClass source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 34969 68626/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_03.cpp Buffer_Overflow_boundedcpy 45 TwoIntsClass * data; data = NULL; if(5==5) data = new TwoIntsClass[50]; TwoIntsClass source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 1 --------------------------------- 34970 68626/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_class_memcpy_03.cpp Buffer_Overflow_boundedcpy 110 TwoIntsClass * data; data = NULL; if(5==5) data = new TwoIntsClass[100]; TwoIntsClass source[100]; for (i = 0; i < 100; i++) source[i].intOne = 0; source[i].intTwo = 0; memcpy(data, source, 100*sizeof(TwoIntsClass)); 0 --------------------------------- 34971 65849/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_02.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34972 65849/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_02.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34973 65849/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_02.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; dest[50-1] = '\0'; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 34974 65850/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_03.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34975 65850/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_03.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34976 65850/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_03.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 34977 65851/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_04.c String_Termination_Error 95 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34978 65851/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_04.c String_Termination_Error 74 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34979 65851/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_04.c String_Termination_Error 44 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 34980 65852/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_05.c String_Termination_Error 95 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34981 65852/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_05.c String_Termination_Error 74 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34982 65852/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_05.c String_Termination_Error 44 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 34983 65853/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_06.c String_Termination_Error 71 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34984 65853/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_06.c String_Termination_Error 41 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 34985 65853/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_06.c String_Termination_Error 92 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34986 65854/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_07.c String_Termination_Error 73 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34987 65854/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_07.c String_Termination_Error 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 34988 65854/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_07.c String_Termination_Error 94 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34989 65855/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_08.c String_Termination_Error 81 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34990 65855/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_08.c String_Termination_Error 51 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 34991 65855/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_08.c String_Termination_Error 102 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34992 65856/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_09.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34993 65856/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_09.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34994 65856/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_09.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 34995 65857/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_10.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34996 65857/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_10.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34997 65857/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_10.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 34998 65858/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_11.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 34999 65858/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_11.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35000 65858/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_11.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35001 65859/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_12.c String_Termination_Error 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35002 65859/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_12.c String_Termination_Error 75 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35003 65860/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_13.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35004 65860/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_13.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35005 65860/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_13.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35006 65861/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_14.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35007 65861/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_14.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35008 65861/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_14.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35009 65862/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_15.c String_Termination_Error 74 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35010 65862/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_15.c String_Termination_Error 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35011 65862/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_15.c String_Termination_Error 101 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35012 65863/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_16.c String_Termination_Error 64 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35013 65863/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_16.c String_Termination_Error 38 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35014 65864/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_17.c String_Termination_Error 64 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35015 65864/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_17.c String_Termination_Error 38 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35016 65865/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_18.c String_Termination_Error 60 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35017 65865/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_18.c String_Termination_Error 36 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35018 65866/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_21.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35019 65866/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_21.c String_Termination_Error 47 char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35020 65866/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_21.c String_Termination_Error 116 char dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35021 65867/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_22.c String_Termination_Error 65 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_22_goodG2B1Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_22_goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_22_goodG2B1Source(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35022 65867/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_22.c String_Termination_Error 84 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_22_goodG2B2Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_22_goodG2B2Source(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35023 65867/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_22.c String_Termination_Error 38 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_22_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_22_badSource(char * data) data[100-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_22_badSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35024 65868/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_31.c String_Termination_Error 63 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35025 65868/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_31.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35026 65869/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_32.c String_Termination_Error 42 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35027 65869/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_32.c String_Termination_Error 73 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35028 65871/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_34.c String_Termination_Error 71 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char * data = myUnion.unionSecond; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35029 65871/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_34.c String_Termination_Error 44 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char * data = myUnion.unionSecond; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35030 65872/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_41.c String_Termination_Error 28 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_41_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35031 65872/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_41.c String_Termination_Error 54 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_41_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35032 65873/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_42.c String_Termination_Error 40 char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35033 65873/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_42.c String_Termination_Error 68 char dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) data[50-1] = '\0'; return data; data = goodG2BSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35034 65875/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_44.c String_Termination_Error 58 void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35035 65875/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_44.c String_Termination_Error 28 void (*funcPtr) (char *) = badSink; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35036 65876/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_45.c String_Termination_Error 32 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_45_badData; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35037 65876/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_45.c String_Termination_Error 61 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_45_goodG2BData; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35038 65877/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_51.c String_Termination_Error 121 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_51b_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35039 65877/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_51.c String_Termination_Error 137 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_51b_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35040 65878/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_52.c String_Termination_Error 186 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_52c_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35041 65878/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_52.c String_Termination_Error 170 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_52c_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35042 65879/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53.c String_Termination_Error 219 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53d_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35043 65879/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53.c String_Termination_Error 235 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_53d_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35044 65880/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54.c String_Termination_Error 268 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54e_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35045 65880/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54.c String_Termination_Error 284 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_54e_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35046 65881/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_61.c String_Termination_Error 57 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_61b_goodG2BSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_61b_goodG2BSource(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_61b_goodG2BSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35047 65881/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_61.c String_Termination_Error 35 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_61b_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_61b_badSource(char * data) data[100-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_61b_badSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35048 65883/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_63.c String_Termination_Error 136 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35049 65883/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_63.c String_Termination_Error 119 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35050 65884/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_64.c String_Termination_Error 122 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35051 65884/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_64.c String_Termination_Error 142 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35052 65885/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_65.c String_Termination_Error 138 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_65b_goodG2BSink; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_65b_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35053 65885/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_65.c String_Termination_Error 122 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_65b_badSink; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_65b_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35054 65886/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_66.c String_Termination_Error 142 char * dataArray[5]; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35055 65886/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_66.c String_Termination_Error 125 char * dataArray[5]; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35056 65887/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_67.c String_Termination_Error 150 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35057 65887/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_67.c String_Termination_Error 133 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35058 65888/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_68.c String_Termination_Error 130 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_68_badData; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35059 65888/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_68.c String_Termination_Error 147 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_68_goodG2BData; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35060 65892/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_81_bad.cpp String_Termination_Error 29 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_81_bad::action(char * data) const char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35061 65892/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_81_goodG2B.cpp String_Termination_Error 29 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_81_goodG2B::action(char * data) const char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35062 65893/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_82_bad.cpp String_Termination_Error 29 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_82_bad::action(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35063 65893/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_82_goodG2B.cpp String_Termination_Error 29 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memcpy_82_goodG2B::action(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35064 65896/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_01.c String_Termination_Error 34 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35065 65896/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_01.c String_Termination_Error 56 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35066 65897/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_02.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35067 65897/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_02.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35068 65897/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_02.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35069 65898/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_03.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35070 65898/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_03.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35071 65898/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_03.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35072 65899/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_04.c String_Termination_Error 44 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35073 65899/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_04.c String_Termination_Error 95 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35074 65899/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_04.c String_Termination_Error 74 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35075 65900/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_05.c String_Termination_Error 44 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35076 65900/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_05.c String_Termination_Error 95 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35077 65900/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_05.c String_Termination_Error 74 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35078 65901/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_06.c String_Termination_Error 41 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35079 65901/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_06.c String_Termination_Error 92 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35080 65901/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_06.c String_Termination_Error 71 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35081 65902/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_07.c String_Termination_Error 94 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35082 65902/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_07.c String_Termination_Error 73 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35083 65902/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_07.c String_Termination_Error 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35084 65903/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_08.c String_Termination_Error 102 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35085 65903/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_08.c String_Termination_Error 81 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35086 65903/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_08.c String_Termination_Error 51 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35087 65904/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_09.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35088 65904/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_09.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35089 65904/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_09.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35090 65905/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_10.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35091 65905/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_10.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35092 65905/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_10.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35093 65906/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_11.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35094 65906/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_11.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35095 65906/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_11.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35096 65907/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_12.c String_Termination_Error 75 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35097 65907/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_12.c String_Termination_Error 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35098 65908/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_13.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35099 65908/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_13.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35100 65908/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_13.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35101 65909/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_14.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35102 65909/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_14.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35103 65909/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_14.c String_Termination_Error 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35104 65910/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_15.c String_Termination_Error 74 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35105 65910/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_15.c String_Termination_Error 101 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35106 65910/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_15.c String_Termination_Error 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35107 65911/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_16.c String_Termination_Error 38 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35108 65911/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_16.c String_Termination_Error 64 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35109 65912/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_17.c String_Termination_Error 38 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35110 65912/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_17.c String_Termination_Error 64 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35111 65913/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_18.c String_Termination_Error 36 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35112 65913/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_18.c String_Termination_Error 60 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35113 65914/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_21.c String_Termination_Error 116 char dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35114 65914/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_21.c String_Termination_Error 47 char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35115 65914/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_21.c String_Termination_Error 88 char dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35116 65915/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_22.c String_Termination_Error 38 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_22_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_22_badSource(char * data) data[100-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_22_badSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35117 65915/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_22.c String_Termination_Error 65 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_22_goodG2B1Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_22_goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_22_goodG2B1Source(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35118 65915/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_22.c String_Termination_Error 84 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_22_goodG2B2Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_22_goodG2B2Source(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35119 65916/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_31.c String_Termination_Error 63 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35120 65916/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_31.c String_Termination_Error 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35121 65917/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_32.c String_Termination_Error 73 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35122 65917/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_32.c String_Termination_Error 42 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35123 65919/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_34.c String_Termination_Error 44 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char * data = myUnion.unionSecond; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35124 65919/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_34.c String_Termination_Error 71 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char * data = myUnion.unionSecond; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35125 65920/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_41.c String_Termination_Error 54 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_41_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35126 65920/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_41.c String_Termination_Error 28 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_41_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35127 65921/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_42.c String_Termination_Error 68 char dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) data[50-1] = '\0'; return data; data = goodG2BSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35128 65921/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_42.c String_Termination_Error 40 char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35129 65923/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_44.c String_Termination_Error 28 void (*funcPtr) (char *) = badSink; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35130 65923/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_44.c String_Termination_Error 58 void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35131 65924/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_45.c String_Termination_Error 61 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_45_goodG2BData; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35132 65924/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_45.c String_Termination_Error 32 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_45_badData; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35133 65925/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_51.c String_Termination_Error 121 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_51b_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35134 65925/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_51.c String_Termination_Error 137 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_51b_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35135 65926/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_52.c String_Termination_Error 170 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_52c_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35136 65926/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_52.c String_Termination_Error 186 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_52c_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35137 65927/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53.c String_Termination_Error 235 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53d_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35138 65927/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53.c String_Termination_Error 219 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_53d_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35139 65928/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54.c String_Termination_Error 284 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54e_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35140 65928/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54.c String_Termination_Error 268 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_54e_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35141 65929/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_61.c String_Termination_Error 57 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_61b_goodG2BSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_61b_goodG2BSource(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_61b_goodG2BSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35142 65929/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_61.c String_Termination_Error 35 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_61b_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_61b_badSource(char * data) data[100-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_61b_badSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35143 65931/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_63.c String_Termination_Error 119 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35144 65931/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_63.c String_Termination_Error 136 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35145 65932/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_64.c String_Termination_Error 142 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35146 65932/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_64.c String_Termination_Error 122 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35147 65933/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_65.c String_Termination_Error 122 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_65b_badSink; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_65b_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35148 65933/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_65.c String_Termination_Error 138 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_65b_goodG2BSink; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_65b_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35149 65934/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_66.c String_Termination_Error 142 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35150 65934/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_66.c String_Termination_Error 125 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35151 65935/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_67.c String_Termination_Error 150 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35152 65935/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_67.c String_Termination_Error 133 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35153 65936/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_68.c String_Termination_Error 130 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_68_badData; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35154 65936/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_68.c String_Termination_Error 147 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_68_goodG2BData; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35155 65940/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_81_bad.cpp String_Termination_Error 29 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_81_bad::action(char * data) const char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35156 65940/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_81_goodG2B.cpp String_Termination_Error 29 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_81_goodG2B::action(char * data) const char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35157 65941/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_82_bad.cpp String_Termination_Error 29 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_82_bad::action(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 35158 65941/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_82_goodG2B.cpp String_Termination_Error 29 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_memmove_82_goodG2B::action(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 35159 65944/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_01.c Off_by_One_Error_in_Methods 34 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35160 65944/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_01.c Off_by_One_Error_in_Methods 56 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35161 65945/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_02.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35162 65945/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_02.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35163 65945/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_02.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35164 65946/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_03.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35165 65946/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_03.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35166 65946/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_03.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35167 65947/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_04.c Off_by_One_Error_in_Methods 74 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35168 65947/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_04.c Off_by_One_Error_in_Methods 95 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35169 65947/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_04.c Off_by_One_Error_in_Methods 44 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35170 65948/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_05.c Off_by_One_Error_in_Methods 74 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35171 65948/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_05.c Off_by_One_Error_in_Methods 95 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35172 65948/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_05.c Off_by_One_Error_in_Methods 44 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35173 65949/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_06.c Off_by_One_Error_in_Methods 71 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35174 65949/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_06.c Off_by_One_Error_in_Methods 92 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35175 65949/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_06.c Off_by_One_Error_in_Methods 41 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35176 65950/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_07.c Off_by_One_Error_in_Methods 73 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35177 65950/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_07.c Off_by_One_Error_in_Methods 94 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35178 65950/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_07.c Off_by_One_Error_in_Methods 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35179 65951/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_08.c Off_by_One_Error_in_Methods 81 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35180 65951/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_08.c Off_by_One_Error_in_Methods 102 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35181 65951/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_08.c Off_by_One_Error_in_Methods 51 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35182 65952/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_09.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35183 65952/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_09.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35184 65952/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_09.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35185 65953/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_10.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35186 65953/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_10.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35187 65953/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_10.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35188 65954/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_11.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35189 65954/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_11.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35190 65954/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_11.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35191 65955/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_12.c Off_by_One_Error_in_Methods 75 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35192 65955/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_12.c Off_by_One_Error_in_Methods 43 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35193 65956/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_13.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35194 65956/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_13.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35195 65956/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_13.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35196 65957/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_14.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35197 65957/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_14.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35198 65957/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_14.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35199 65958/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_15.c Off_by_One_Error_in_Methods 101 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35200 65958/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_15.c Off_by_One_Error_in_Methods 74 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35201 65958/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_15.c Off_by_One_Error_in_Methods 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35202 65959/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_16.c Off_by_One_Error_in_Methods 38 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35203 65959/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_16.c Off_by_One_Error_in_Methods 64 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35204 65960/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_17.c Off_by_One_Error_in_Methods 38 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35205 65960/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_17.c Off_by_One_Error_in_Methods 64 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35206 65961/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_18.c Off_by_One_Error_in_Methods 60 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35207 65961/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_18.c Off_by_One_Error_in_Methods 36 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35208 65962/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_21.c Off_by_One_Error_in_Methods 47 char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35209 65962/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_21.c Off_by_One_Error_in_Methods 116 char dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35210 65962/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_21.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35211 65963/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_22.c Off_by_One_Error_in_Methods 84 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_22_goodG2B2Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_22_goodG2B2Source(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35212 65963/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_22.c Off_by_One_Error_in_Methods 65 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_22_goodG2B1Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_22_goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_22_goodG2B1Source(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35213 65963/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_22.c Off_by_One_Error_in_Methods 38 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_22_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_22_badSource(char * data) data[100-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_22_badSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35214 65964/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_31.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35215 65964/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_31.c Off_by_One_Error_in_Methods 63 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35216 65965/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_32.c Off_by_One_Error_in_Methods 42 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35217 65965/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_32.c Off_by_One_Error_in_Methods 73 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35218 65967/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_34.c Off_by_One_Error_in_Methods 71 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35219 65967/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_34.c Off_by_One_Error_in_Methods 44 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35220 65968/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_41.c Off_by_One_Error_in_Methods 28 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_41_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35221 65968/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_41.c Off_by_One_Error_in_Methods 54 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_41_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35222 65969/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_42.c Off_by_One_Error_in_Methods 68 char dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) data[50-1] = '\0'; return data; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35223 65969/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_42.c Off_by_One_Error_in_Methods 40 char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35224 65971/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_44.c Off_by_One_Error_in_Methods 58 void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35225 65971/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_44.c Off_by_One_Error_in_Methods 28 void (*funcPtr) (char *) = badSink; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35226 65972/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_45.c Off_by_One_Error_in_Methods 61 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_45_goodG2BData; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35227 65972/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_45.c Off_by_One_Error_in_Methods 32 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_45_badData; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35228 65973/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_51.c Off_by_One_Error_in_Methods 121 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_51b_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35229 65973/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_51.c Off_by_One_Error_in_Methods 137 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_51b_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35230 65974/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_52.c Off_by_One_Error_in_Methods 186 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_52c_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35231 65974/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_52.c Off_by_One_Error_in_Methods 170 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_52c_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35232 65975/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53.c Off_by_One_Error_in_Methods 219 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53d_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35233 65975/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53.c Off_by_One_Error_in_Methods 235 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_53d_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35234 65976/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54.c Off_by_One_Error_in_Methods 268 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54e_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35235 65976/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54.c Off_by_One_Error_in_Methods 284 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_54e_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35236 65977/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_61.c Off_by_One_Error_in_Methods 57 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_61b_goodG2BSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_61b_goodG2BSource(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_61b_goodG2BSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35237 65977/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_61.c Off_by_One_Error_in_Methods 35 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_61b_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_61b_badSource(char * data) data[100-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_61b_badSource(data); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35238 65979/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_63.c Off_by_One_Error_in_Methods 119 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35239 65979/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_63.c Off_by_One_Error_in_Methods 136 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35240 65980/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_64.c Off_by_One_Error_in_Methods 122 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35241 65980/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_64.c Off_by_One_Error_in_Methods 142 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35242 65981/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_65.c Off_by_One_Error_in_Methods 138 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_65b_goodG2BSink; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_65b_goodG2BSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35243 65981/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_65.c Off_by_One_Error_in_Methods 122 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_65b_badSink; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_65b_badSink(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35244 65982/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_66.c Off_by_One_Error_in_Methods 125 char * dataArray[5]; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35245 65982/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_66.c Off_by_One_Error_in_Methods 142 char * dataArray[5]; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35246 65983/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_67.c Off_by_One_Error_in_Methods 133 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35247 65983/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_67.c Off_by_One_Error_in_Methods 150 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35248 65984/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_68.c Off_by_One_Error_in_Methods 130 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_68_badData; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35249 65984/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_68.c Off_by_One_Error_in_Methods 147 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_68_goodG2BData; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35250 65988/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_81_bad.cpp Off_by_One_Error_in_Methods 29 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_81_bad::action(char * data) const char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35251 65988/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_81_goodG2B.cpp Off_by_One_Error_in_Methods 29 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_81_goodG2B::action(char * data) const char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35252 65989/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_82_bad.cpp Off_by_One_Error_in_Methods 29 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_82_bad::action(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 35253 65989/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_82_goodG2B.cpp Off_by_One_Error_in_Methods 29 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncat_82_goodG2B::action(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 35254 65992/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_01.c Off_by_One_Error_in_Methods 56 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35255 65992/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_01.c Off_by_One_Error_in_Methods 34 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35256 65993/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_02.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35257 65993/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_02.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35258 65993/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_02.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35259 65994/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_03.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35260 65994/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_03.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35261 65994/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_03.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35262 65995/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_04.c Off_by_One_Error_in_Methods 95 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35263 65995/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_04.c Off_by_One_Error_in_Methods 44 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35264 65995/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_04.c Off_by_One_Error_in_Methods 74 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35265 65996/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_05.c Off_by_One_Error_in_Methods 95 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35266 65996/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_05.c Off_by_One_Error_in_Methods 44 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35267 65996/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_05.c Off_by_One_Error_in_Methods 74 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35268 65997/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_06.c Off_by_One_Error_in_Methods 71 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35269 65997/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_06.c Off_by_One_Error_in_Methods 92 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35270 65997/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_06.c Off_by_One_Error_in_Methods 41 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35271 65998/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_07.c Off_by_One_Error_in_Methods 94 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35272 65998/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_07.c Off_by_One_Error_in_Methods 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35273 65998/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_07.c Off_by_One_Error_in_Methods 73 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35274 65999/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_08.c Off_by_One_Error_in_Methods 102 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35275 65999/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_08.c Off_by_One_Error_in_Methods 51 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35276 65999/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_08.c Off_by_One_Error_in_Methods 81 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35277 66000/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_09.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35278 66000/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_09.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35279 66000/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_09.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35280 66001/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_10.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35281 66001/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_10.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35282 66001/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_10.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35283 66002/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_11.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35284 66002/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_11.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35285 66002/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_11.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35286 66003/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_12.c Off_by_One_Error_in_Methods 75 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35287 66003/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_12.c Off_by_One_Error_in_Methods 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35288 66004/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_13.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35289 66004/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_13.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35290 66004/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_13.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35291 66005/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_14.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35292 66005/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_14.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35293 66005/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_14.c Off_by_One_Error_in_Methods 67 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35294 66006/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_15.c Off_by_One_Error_in_Methods 101 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35295 66006/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_15.c Off_by_One_Error_in_Methods 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35296 66006/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_15.c Off_by_One_Error_in_Methods 74 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35297 66007/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_16.c Off_by_One_Error_in_Methods 64 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35298 66007/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_16.c Off_by_One_Error_in_Methods 38 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35299 66008/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_17.c Off_by_One_Error_in_Methods 64 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35300 66008/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_17.c Off_by_One_Error_in_Methods 38 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35301 66009/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_18.c Off_by_One_Error_in_Methods 60 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35302 66009/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_18.c Off_by_One_Error_in_Methods 36 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35303 66010/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_21.c Off_by_One_Error_in_Methods 47 char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35304 66010/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_21.c Off_by_One_Error_in_Methods 88 char dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35305 66010/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_21.c Off_by_One_Error_in_Methods 116 char dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35306 66011/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_22.c Off_by_One_Error_in_Methods 38 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_22_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_22_badSource(char * data) data[100-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_22_badSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35307 66011/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_22.c Off_by_One_Error_in_Methods 84 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_22_goodG2B2Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_22_goodG2B2Source(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35308 66011/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_22.c Off_by_One_Error_in_Methods 65 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_22_goodG2B1Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_22_goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_22_goodG2B1Source(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35309 66012/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_31.c Off_by_One_Error_in_Methods 63 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35310 66012/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_31.c Off_by_One_Error_in_Methods 37 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35311 66013/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_32.c Off_by_One_Error_in_Methods 73 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35312 66013/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_32.c Off_by_One_Error_in_Methods 42 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35313 66015/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_34.c Off_by_One_Error_in_Methods 71 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35314 66015/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_34.c Off_by_One_Error_in_Methods 44 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35315 66016/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_41.c Off_by_One_Error_in_Methods 54 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_41_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35316 66016/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_41.c Off_by_One_Error_in_Methods 28 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_41_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35317 66017/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_42.c Off_by_One_Error_in_Methods 40 char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35318 66017/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_42.c Off_by_One_Error_in_Methods 68 char dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) data[50-1] = '\0'; return data; data = goodG2BSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35319 66019/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_44.c Off_by_One_Error_in_Methods 28 void (*funcPtr) (char *) = badSink; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35320 66019/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_44.c Off_by_One_Error_in_Methods 58 void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35321 66020/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_45.c Off_by_One_Error_in_Methods 32 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_45_badData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35322 66020/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_45.c Off_by_One_Error_in_Methods 61 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_45_goodG2BData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35323 66021/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_51.c Off_by_One_Error_in_Methods 121 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_51b_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35324 66021/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_51.c Off_by_One_Error_in_Methods 137 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_51b_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35325 66022/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_52.c Off_by_One_Error_in_Methods 170 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_52c_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35326 66022/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_52.c Off_by_One_Error_in_Methods 186 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_52c_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35327 66023/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53.c Off_by_One_Error_in_Methods 219 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53d_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35328 66023/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53.c Off_by_One_Error_in_Methods 235 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_53d_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35329 66024/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54.c Off_by_One_Error_in_Methods 284 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54e_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35330 66024/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54.c Off_by_One_Error_in_Methods 268 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_54e_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35331 66025/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_61.c Off_by_One_Error_in_Methods 35 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_61b_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_61b_badSource(char * data) data[100-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_61b_badSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35332 66025/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_61.c Off_by_One_Error_in_Methods 57 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_61b_goodG2BSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_61b_goodG2BSource(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_61b_goodG2BSource(data); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35333 66027/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_63.c Off_by_One_Error_in_Methods 119 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35334 66027/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_63.c Off_by_One_Error_in_Methods 136 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35335 66028/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_64.c Off_by_One_Error_in_Methods 142 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35336 66028/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_64.c Off_by_One_Error_in_Methods 122 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35337 66029/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_65.c Off_by_One_Error_in_Methods 122 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_65b_badSink; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_65b_badSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35338 66029/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_65.c Off_by_One_Error_in_Methods 138 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_65b_goodG2BSink; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_65b_goodG2BSink(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35339 66030/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_66.c Off_by_One_Error_in_Methods 125 char * dataArray[5]; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35340 66030/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_66.c Off_by_One_Error_in_Methods 142 char * dataArray[5]; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35341 66031/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_67.c Off_by_One_Error_in_Methods 133 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35342 66031/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_67.c Off_by_One_Error_in_Methods 150 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35343 66032/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_68.c Off_by_One_Error_in_Methods 147 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_68_goodG2BData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35344 66032/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_68.c Off_by_One_Error_in_Methods 130 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_68_badData; char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35345 66036/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 29 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_81_bad::action(char * data) const char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35346 66036/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_81_goodG2B.cpp Off_by_One_Error_in_Methods 29 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_81_goodG2B::action(char * data) const char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35347 66037/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 29 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_82_bad::action(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 35348 66037/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_82_goodG2B.cpp Off_by_One_Error_in_Methods 29 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_ncpy_82_goodG2B::action(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 35349 66040/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_01.c Format_String_Attack 40 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35350 66040/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_01.c Format_String_Attack 61 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35351 66041/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_02.c Format_String_Attack 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35352 66041/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_02.c Format_String_Attack 72 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35353 66041/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_02.c Format_String_Attack 92 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35354 66042/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_03.c Format_String_Attack 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35355 66042/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_03.c Format_String_Attack 72 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35356 66042/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_03.c Format_String_Attack 92 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35357 66043/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_04.c Format_String_Attack 99 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35358 66043/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_04.c Format_String_Attack 50 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35359 66043/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_04.c Format_String_Attack 79 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35360 66044/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_05.c Format_String_Attack 99 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35361 66044/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_05.c Format_String_Attack 50 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35362 66044/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_05.c Format_String_Attack 79 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35363 66045/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_06.c Format_String_Attack 96 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35364 66045/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_06.c Format_String_Attack 47 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35365 66045/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_06.c Format_String_Attack 76 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35366 66046/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_07.c Format_String_Attack 49 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35367 66046/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_07.c Format_String_Attack 78 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35368 66046/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_07.c Format_String_Attack 98 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35369 66047/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_08.c Format_String_Attack 57 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35370 66047/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_08.c Format_String_Attack 86 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35371 66047/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_08.c Format_String_Attack 106 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35372 66048/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_09.c Format_String_Attack 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35373 66048/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_09.c Format_String_Attack 72 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35374 66048/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_09.c Format_String_Attack 92 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35375 66049/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_10.c Format_String_Attack 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35376 66049/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_10.c Format_String_Attack 72 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35377 66049/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_10.c Format_String_Attack 92 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35378 66050/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_11.c Format_String_Attack 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35379 66050/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_11.c Format_String_Attack 72 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35380 66050/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_11.c Format_String_Attack 92 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35381 66051/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_12.c Format_String_Attack 49 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35382 66051/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_12.c Format_String_Attack 80 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35383 66052/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_13.c Format_String_Attack 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35384 66052/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_13.c Format_String_Attack 72 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35385 66052/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_13.c Format_String_Attack 92 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35386 66053/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_14.c Format_String_Attack 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35387 66053/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_14.c Format_String_Attack 72 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35388 66053/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_14.c Format_String_Attack 92 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35389 66054/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_15.c Format_String_Attack 49 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35390 66054/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_15.c Format_String_Attack 105 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35391 66054/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_15.c Format_String_Attack 79 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35392 66055/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_16.c Format_String_Attack 69 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35393 66055/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_16.c Format_String_Attack 44 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35394 66056/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_17.c Format_String_Attack 69 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35395 66056/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_17.c Format_String_Attack 44 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35396 66057/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_18.c Format_String_Attack 65 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35397 66057/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_18.c Format_String_Attack 42 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35398 66058/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_21.c Format_String_Attack 93 char dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35399 66058/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_21.c Format_String_Attack 120 char dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35400 66058/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_21.c Format_String_Attack 53 char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35401 66059/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_22.c Format_String_Attack 70 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_22_goodG2B1Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_22_goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_22_goodG2B1Source(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35402 66059/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_22.c Format_String_Attack 88 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_22_goodG2B2Source(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_22_goodG2B2Source(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35403 66059/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_22.c Format_String_Attack 44 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_22_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_22_badSource(char * data) data[100-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_22_badSource(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35404 66060/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_31.c Format_String_Attack 43 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35405 66060/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_31.c Format_String_Attack 68 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35406 66061/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_32.c Format_String_Attack 78 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35407 66061/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_32.c Format_String_Attack 48 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35408 66063/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_34.c Format_String_Attack 50 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35409 66063/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_34.c Format_String_Attack 76 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35410 66064/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_41.c Format_String_Attack 59 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_41_goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35411 66064/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_41.c Format_String_Attack 34 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_41_badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35412 66065/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_42.c Format_String_Attack 73 char dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) data[50-1] = '\0'; return data; data = goodG2BSource(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35413 66065/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_42.c Format_String_Attack 46 char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35414 66067/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_44.c Format_String_Attack 34 void (*funcPtr) (char *) = badSink; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35415 66067/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_44.c Format_String_Attack 63 void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35416 66068/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_45.c Format_String_Attack 38 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_45_badData = data; badSink(); static void badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_45_badData; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35417 66068/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_45.c Format_String_Attack 66 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_45_goodG2BData; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35418 66069/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_51.c Format_String_Attack 133 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_51b_badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35419 66069/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_51.c Format_String_Attack 148 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_51b_goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35420 66070/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_52.c Format_String_Attack 203 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_52c_goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35421 66070/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_52.c Format_String_Attack 188 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_52c_badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35422 66071/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53.c Format_String_Attack 243 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53d_badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35423 66071/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53.c Format_String_Attack 258 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_53d_goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35424 66072/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54.c Format_String_Attack 313 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54e_goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35425 66072/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54.c Format_String_Attack 298 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_54e_badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35426 66073/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_61.c Format_String_Attack 41 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_61b_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_61b_badSource(char * data) data[100-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_61b_badSource(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35427 66073/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_61.c Format_String_Attack 62 char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_61b_goodG2BSource(data); char * CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_61b_goodG2BSource(char * data) data[50-1] = '\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_61b_goodG2BSource(data); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35428 66075/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_63.c Format_String_Attack 147 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35429 66075/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_63.c Format_String_Attack 131 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35430 66076/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_64.c Format_String_Attack 153 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35431 66076/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_64.c Format_String_Attack 134 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35432 66077/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_65.c Format_String_Attack 134 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_65b_badSink; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_65b_badSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35433 66077/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_65.c Format_String_Attack 149 void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_65b_goodG2BSink; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_65b_goodG2BSink(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35434 66078/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_66.c Format_String_Attack 137 char * dataArray[5]; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35435 66078/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_66.c Format_String_Attack 153 char * dataArray[5]; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35436 66079/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_67.c Format_String_Attack 161 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35437 66079/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_67.c Format_String_Attack 145 CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35438 66080/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_68.c Format_String_Attack 142 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_68_badData; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35439 66080/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_68.c Format_String_Attack 158 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_68b_goodG2BSink() char * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_68_goodG2BData; char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35440 66084/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_81_bad.cpp Format_String_Attack 35 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_81_bad::action(char * data) const char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35441 66084/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_81_goodG2B.cpp Format_String_Attack 35 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_81_goodG2B::action(char * data) const char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35442 66085/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_82_bad.cpp Format_String_Attack 35 char dataBuffer[100]; data = dataBuffer; data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_82_bad::action(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 35443 66085/CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_82_goodG2B.cpp Format_String_Attack 35 char dataBuffer[100]; data = dataBuffer; data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_char_declare_snprintf_82_goodG2B::action(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 35444 66232/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_01.c Buffer_Overflow_LowBound 56 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35445 66232/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_01.c Buffer_Overflow_LowBound 34 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35446 66233/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_02.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35447 66233/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_02.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35448 66233/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_02.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35449 66234/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_03.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35450 66234/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_03.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35451 66234/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_03.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35452 66235/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_04.c Buffer_Overflow_LowBound 74 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35453 66235/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_04.c Buffer_Overflow_LowBound 95 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35454 66235/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_04.c Buffer_Overflow_LowBound 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35455 66236/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_05.c Buffer_Overflow_LowBound 74 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35456 66236/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_05.c Buffer_Overflow_LowBound 95 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35457 66236/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_05.c Buffer_Overflow_LowBound 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35458 66237/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_06.c Buffer_Overflow_LowBound 41 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35459 66237/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_06.c Buffer_Overflow_LowBound 71 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35460 66237/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_06.c Buffer_Overflow_LowBound 92 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35461 66238/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_07.c Buffer_Overflow_LowBound 73 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35462 66238/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_07.c Buffer_Overflow_LowBound 94 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35463 66238/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_07.c Buffer_Overflow_LowBound 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35464 66239/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_08.c Buffer_Overflow_LowBound 81 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35465 66239/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_08.c Buffer_Overflow_LowBound 102 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35466 66239/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_08.c Buffer_Overflow_LowBound 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35467 66240/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_09.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35468 66240/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_09.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35469 66240/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_09.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35470 66241/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_10.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35471 66241/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_10.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35472 66241/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_10.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35473 66242/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_11.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35474 66242/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_11.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35475 66242/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_11.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35476 66243/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_12.c Buffer_Overflow_LowBound 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35477 66243/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_12.c Buffer_Overflow_LowBound 75 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35478 66244/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_13.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35479 66244/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_13.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35480 66244/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_13.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35481 66245/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_14.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35482 66245/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_14.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35483 66245/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_14.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35484 66246/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_15.c Buffer_Overflow_LowBound 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35485 66246/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_15.c Buffer_Overflow_LowBound 101 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35486 66246/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_15.c Buffer_Overflow_LowBound 74 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35487 66247/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_16.c Buffer_Overflow_LowBound 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35488 66247/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_16.c Buffer_Overflow_LowBound 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35489 66248/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_17.c Buffer_Overflow_LowBound 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35490 66248/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_17.c Buffer_Overflow_LowBound 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35491 66249/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_18.c Buffer_Overflow_LowBound 36 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35492 66249/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_18.c Buffer_Overflow_LowBound 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35493 66250/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_21.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B1Source(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35494 66250/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_21.c Buffer_Overflow_LowBound 47 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35495 66250/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_21.c Buffer_Overflow_LowBound 116 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B2Source(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35496 66251/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22.c Buffer_Overflow_LowBound 65 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22_goodG2B1Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22_goodG2B1Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22_goodG2B1Source(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35497 66251/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22.c Buffer_Overflow_LowBound 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22_badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22_badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35498 66251/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22.c Buffer_Overflow_LowBound 84 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22_goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_22_goodG2B2Source(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35499 66252/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_31.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35500 66252/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_31.c Buffer_Overflow_LowBound 63 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35501 66253/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_32.c Buffer_Overflow_LowBound 73 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wchar_t * data = *dataPtr1; data[100-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35502 66253/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_32.c Buffer_Overflow_LowBound 42 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wchar_t * data = *dataPtr1; data[50-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35503 66255/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_34.c Buffer_Overflow_LowBound 71 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35504 66255/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_34.c Buffer_Overflow_LowBound 44 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35505 66256/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_41.c Buffer_Overflow_LowBound 54 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_41_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35506 66256/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_41.c Buffer_Overflow_LowBound 28 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_41_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35507 66257/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_42.c Buffer_Overflow_LowBound 40 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35508 66257/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_42.c Buffer_Overflow_LowBound 68 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2BSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35509 66259/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_44.c Buffer_Overflow_LowBound 58 void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35510 66259/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_44.c Buffer_Overflow_LowBound 28 void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35511 66260/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_45.c Buffer_Overflow_LowBound 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_45_badData; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35512 66260/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_45.c Buffer_Overflow_LowBound 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_45_goodG2BData; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35513 66261/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_51.c Buffer_Overflow_LowBound 137 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_51b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35514 66261/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_51.c Buffer_Overflow_LowBound 121 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_51b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35515 66262/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_52.c Buffer_Overflow_LowBound 186 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_52c_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35516 66262/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_52.c Buffer_Overflow_LowBound 170 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_52c_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35517 66263/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53.c Buffer_Overflow_LowBound 235 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53d_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35518 66263/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53.c Buffer_Overflow_LowBound 219 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_53d_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35519 66264/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54.c Buffer_Overflow_LowBound 268 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54e_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35520 66264/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54.c Buffer_Overflow_LowBound 284 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_54e_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35521 66265/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_61.c Buffer_Overflow_LowBound 57 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_61b_goodG2BSource(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_61b_goodG2BSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35522 66265/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_61.c Buffer_Overflow_LowBound 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_61b_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_61b_badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_61b_badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35523 66267/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_63.c Buffer_Overflow_LowBound 136 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35524 66267/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_63.c Buffer_Overflow_LowBound 119 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35525 66268/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_64.c Buffer_Overflow_LowBound 142 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35526 66268/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_64.c Buffer_Overflow_LowBound 122 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35527 66269/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_65.c Buffer_Overflow_LowBound 138 void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_65b_goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_65b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35528 66269/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_65.c Buffer_Overflow_LowBound 122 void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_65b_badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_65b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35529 66270/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_66.c Buffer_Overflow_LowBound 142 wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35530 66270/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_66.c Buffer_Overflow_LowBound 125 wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35531 66271/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_67.c Buffer_Overflow_LowBound 150 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35532 66271/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_67.c Buffer_Overflow_LowBound 133 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35533 66272/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_68.c Buffer_Overflow_LowBound 147 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_68b_goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_68_goodG2BData; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35534 66272/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_68.c Buffer_Overflow_LowBound 130 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_68b_badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_68_badData; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35535 66276/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_81_bad.cpp Buffer_Overflow_LowBound 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35536 66276/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_81_goodG2B.cpp Buffer_Overflow_LowBound 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35537 66277/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_82_bad.cpp Buffer_Overflow_LowBound 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35538 66277/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_82_goodG2B.cpp Buffer_Overflow_LowBound 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncat_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35539 66280/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_01.c Buffer_Overflow_LowBound 56 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35540 66280/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_01.c Buffer_Overflow_LowBound 34 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35541 66281/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35542 66281/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35543 66281/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_02.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35544 66282/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35545 66282/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35546 66282/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_03.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35547 66283/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 95 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35548 66283/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35549 66283/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_04.c Buffer_Overflow_LowBound 74 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35550 66284/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 95 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35551 66284/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35552 66284/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_05.c Buffer_Overflow_LowBound 74 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35553 66285/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 71 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35554 66285/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 92 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35555 66285/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_06.c Buffer_Overflow_LowBound 41 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35556 66286/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 94 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35557 66286/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35558 66286/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_07.c Buffer_Overflow_LowBound 73 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35559 66287/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 102 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35560 66287/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 51 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35561 66287/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_08.c Buffer_Overflow_LowBound 81 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35562 66288/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35563 66288/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35564 66288/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_09.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35565 66289/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35566 66289/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35567 66289/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_10.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35568 66290/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35569 66290/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35570 66290/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_11.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35571 66291/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_12.c Buffer_Overflow_LowBound 75 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35572 66291/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_12.c Buffer_Overflow_LowBound 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35573 66292/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35574 66292/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35575 66292/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_13.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35576 66293/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35577 66293/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35578 66293/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_14.c Buffer_Overflow_LowBound 67 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35579 66294/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 101 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35580 66294/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35581 66294/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_15.c Buffer_Overflow_LowBound 74 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35582 66295/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_16.c Buffer_Overflow_LowBound 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35583 66295/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_16.c Buffer_Overflow_LowBound 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35584 66296/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_17.c Buffer_Overflow_LowBound 64 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35585 66296/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_17.c Buffer_Overflow_LowBound 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35586 66297/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_18.c Buffer_Overflow_LowBound 60 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35587 66297/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_18.c Buffer_Overflow_LowBound 36 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35588 66298/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_21.c Buffer_Overflow_LowBound 47 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35589 66298/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_21.c Buffer_Overflow_LowBound 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B1Source(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35590 66298/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_21.c Buffer_Overflow_LowBound 116 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B2Source(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35591 66299/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22.c Buffer_Overflow_LowBound 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22_badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22_badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35592 66299/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22.c Buffer_Overflow_LowBound 84 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22_goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22_goodG2B2Source(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35593 66299/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22.c Buffer_Overflow_LowBound 65 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22_goodG2B1Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22_goodG2B1Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_22_goodG2B1Source(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35594 66300/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_31.c Buffer_Overflow_LowBound 63 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35595 66300/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_31.c Buffer_Overflow_LowBound 37 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35596 66301/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_32.c Buffer_Overflow_LowBound 73 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wchar_t * data = *dataPtr1; data[50-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35597 66301/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_32.c Buffer_Overflow_LowBound 42 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wchar_t * data = *dataPtr1; data[100-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35598 66303/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_34.c Buffer_Overflow_LowBound 71 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35599 66303/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_34.c Buffer_Overflow_LowBound 44 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35600 66304/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_41.c Buffer_Overflow_LowBound 54 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_41_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35601 66304/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_41.c Buffer_Overflow_LowBound 28 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_41_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35602 66305/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_42.c Buffer_Overflow_LowBound 40 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35603 66305/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_42.c Buffer_Overflow_LowBound 68 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2BSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35604 66307/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_44.c Buffer_Overflow_LowBound 28 void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35605 66307/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_44.c Buffer_Overflow_LowBound 58 void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35606 66308/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_45.c Buffer_Overflow_LowBound 32 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_45_badData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35607 66308/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_45.c Buffer_Overflow_LowBound 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_45_goodG2BData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35608 66309/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_51.c Buffer_Overflow_LowBound 121 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_51b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35609 66309/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_51.c Buffer_Overflow_LowBound 137 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35610 66310/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_52.c Buffer_Overflow_LowBound 170 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_52c_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35611 66310/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_52.c Buffer_Overflow_LowBound 186 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35612 66311/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53.c Buffer_Overflow_LowBound 219 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53d_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35613 66311/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53.c Buffer_Overflow_LowBound 235 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35614 66312/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54.c Buffer_Overflow_LowBound 284 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35615 66312/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54.c Buffer_Overflow_LowBound 268 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_54e_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35616 66313/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_61.c Buffer_Overflow_LowBound 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_61b_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_61b_badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_61b_badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35617 66313/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_61.c Buffer_Overflow_LowBound 57 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_61b_goodG2BSource(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_61b_goodG2BSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35618 66315/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_63.c Buffer_Overflow_LowBound 119 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35619 66315/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_63.c Buffer_Overflow_LowBound 136 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35620 66316/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_64.c Buffer_Overflow_LowBound 142 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35621 66316/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_64.c Buffer_Overflow_LowBound 122 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35622 66317/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_65.c Buffer_Overflow_LowBound 122 void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_65b_badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_65b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35623 66317/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_65.c Buffer_Overflow_LowBound 138 void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_65b_goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35624 66318/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_66.c Buffer_Overflow_LowBound 125 wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35625 66318/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_66.c Buffer_Overflow_LowBound 142 wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35626 66319/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_67.c Buffer_Overflow_LowBound 133 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35627 66319/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_67.c Buffer_Overflow_LowBound 150 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35628 66320/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_68.c Buffer_Overflow_LowBound 147 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_68b_goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_68_goodG2BData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35629 66320/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_68.c Buffer_Overflow_LowBound 130 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_68b_badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_68_badData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35630 66324/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_81_bad.cpp Buffer_Overflow_LowBound 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35631 66324/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35632 66325/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_82_bad.cpp Buffer_Overflow_LowBound 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35633 66325/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 29 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_ncpy_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35634 66328/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_01.c Format_String_Attack 61 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35635 66328/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_01.c Format_String_Attack 40 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35636 66329/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_02.c Format_String_Attack 92 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35637 66329/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_02.c Format_String_Attack 72 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35638 66329/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_02.c Format_String_Attack 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35639 66330/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_03.c Format_String_Attack 92 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35640 66330/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_03.c Format_String_Attack 72 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35641 66330/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_03.c Format_String_Attack 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35642 66331/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_04.c Format_String_Attack 79 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35643 66331/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_04.c Format_String_Attack 50 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35644 66331/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_04.c Format_String_Attack 99 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35645 66332/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_05.c Format_String_Attack 79 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35646 66332/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_05.c Format_String_Attack 50 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35647 66332/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_05.c Format_String_Attack 99 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35648 66333/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_06.c Format_String_Attack 76 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35649 66333/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_06.c Format_String_Attack 47 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35650 66333/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_06.c Format_String_Attack 96 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35651 66334/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_07.c Format_String_Attack 78 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35652 66334/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_07.c Format_String_Attack 49 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35653 66334/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_07.c Format_String_Attack 98 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35654 66335/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_08.c Format_String_Attack 86 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35655 66335/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_08.c Format_String_Attack 57 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35656 66335/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_08.c Format_String_Attack 106 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35657 66336/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_09.c Format_String_Attack 92 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35658 66336/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_09.c Format_String_Attack 72 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35659 66336/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_09.c Format_String_Attack 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35660 66337/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_10.c Format_String_Attack 92 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35661 66337/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_10.c Format_String_Attack 72 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35662 66337/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_10.c Format_String_Attack 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35663 66338/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_11.c Format_String_Attack 92 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35664 66338/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_11.c Format_String_Attack 72 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35665 66338/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_11.c Format_String_Attack 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35666 66339/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_12.c Format_String_Attack 49 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35667 66339/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_12.c Format_String_Attack 80 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35668 66340/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_13.c Format_String_Attack 92 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35669 66340/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_13.c Format_String_Attack 72 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35670 66340/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_13.c Format_String_Attack 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35671 66341/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_14.c Format_String_Attack 92 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35672 66341/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_14.c Format_String_Attack 72 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35673 66341/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_14.c Format_String_Attack 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35674 66342/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_15.c Format_String_Attack 49 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35675 66342/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_15.c Format_String_Attack 79 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35676 66342/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_15.c Format_String_Attack 105 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35677 66343/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_16.c Format_String_Attack 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35678 66343/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_16.c Format_String_Attack 69 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35679 66344/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_17.c Format_String_Attack 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35680 66344/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_17.c Format_String_Attack 69 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35681 66345/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_18.c Format_String_Attack 65 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35682 66345/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_18.c Format_String_Attack 42 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35683 66346/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_21.c Format_String_Attack 53 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35684 66346/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_21.c Format_String_Attack 120 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B2Source(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35685 66346/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_21.c Format_String_Attack 93 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B1Source(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35686 66347/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22.c Format_String_Attack 70 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22_goodG2B1Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22_goodG2B1Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22_goodG2B1Source(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35687 66347/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22.c Format_String_Attack 44 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22_badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22_badSource(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35688 66347/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22.c Format_String_Attack 88 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22_goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_22_goodG2B2Source(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35689 66348/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_31.c Format_String_Attack 68 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35690 66348/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_31.c Format_String_Attack 43 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35691 66349/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_32.c Format_String_Attack 78 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wchar_t * data = *dataPtr1; data[100-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35692 66349/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_32.c Format_String_Attack 48 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wchar_t * data = *dataPtr1; data[50-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35693 66351/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_34.c Format_String_Attack 76 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35694 66351/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_34.c Format_String_Attack 50 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35695 66352/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_41.c Format_String_Attack 34 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_41_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35696 66352/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_41.c Format_String_Attack 59 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_41_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35697 66353/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_42.c Format_String_Attack 46 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35698 66353/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_42.c Format_String_Attack 73 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2BSource(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35699 66355/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_44.c Format_String_Attack 63 void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35700 66355/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_44.c Format_String_Attack 34 void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35701 66356/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_45.c Format_String_Attack 38 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_45_badData; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35702 66356/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_45.c Format_String_Attack 66 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_45_goodG2BData; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35703 66357/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_51.c Format_String_Attack 148 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_51b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35704 66357/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_51.c Format_String_Attack 133 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_51b_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35705 66358/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_52.c Format_String_Attack 188 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_52c_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35706 66358/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_52.c Format_String_Attack 203 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_52c_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35707 66359/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53.c Format_String_Attack 258 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53d_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35708 66359/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53.c Format_String_Attack 243 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_53d_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35709 66360/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54.c Format_String_Attack 313 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54e_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35710 66360/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54.c Format_String_Attack 298 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_54e_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35711 66361/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_61.c Format_String_Attack 62 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_61b_goodG2BSource(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_61b_goodG2BSource(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35712 66361/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_61.c Format_String_Attack 41 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_61b_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_61b_badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_61b_badSource(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35713 66363/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_63.c Format_String_Attack 131 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35714 66363/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_63.c Format_String_Attack 147 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35715 66364/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_64.c Format_String_Attack 134 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35716 66364/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_64.c Format_String_Attack 153 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35717 66365/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_65.c Format_String_Attack 134 void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_65b_badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_65b_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35718 66365/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_65.c Format_String_Attack 149 void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_65b_goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_65b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35719 66366/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_66.c Format_String_Attack 137 wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35720 66366/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_66.c Format_String_Attack 153 wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35721 66367/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_67.c Format_String_Attack 161 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35722 66367/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_67.c Format_String_Attack 145 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35723 66368/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_68.c Format_String_Attack 142 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_68b_badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_68_badData; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35724 66368/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_68.c Format_String_Attack 158 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_68b_goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_68_goodG2BData; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35725 66372/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_81_bad.cpp Format_String_Attack 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35726 66372/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_81_goodG2B.cpp Format_String_Attack 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35727 66373/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_82_bad.cpp Format_String_Attack 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35728 66373/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_82_goodG2B.cpp Format_String_Attack 35 wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_alloca_snprintf_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35729 66520/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_01.c Buffer_Overflow_LowBound 56 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35730 66520/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_01.c Buffer_Overflow_LowBound 34 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35731 66521/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_02.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35732 66521/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_02.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35733 66521/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_02.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35734 66522/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_03.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35735 66522/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_03.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35736 66522/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_03.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35737 66523/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_04.c Buffer_Overflow_LowBound 74 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35738 66523/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_04.c Buffer_Overflow_LowBound 95 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35739 66523/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_04.c Buffer_Overflow_LowBound 44 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35740 66524/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_05.c Buffer_Overflow_LowBound 74 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35741 66524/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_05.c Buffer_Overflow_LowBound 95 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35742 66524/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_05.c Buffer_Overflow_LowBound 44 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35743 66525/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_06.c Buffer_Overflow_LowBound 41 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35744 66525/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_06.c Buffer_Overflow_LowBound 71 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35745 66525/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_06.c Buffer_Overflow_LowBound 92 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35746 66526/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_07.c Buffer_Overflow_LowBound 73 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35747 66526/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_07.c Buffer_Overflow_LowBound 94 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35748 66526/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_07.c Buffer_Overflow_LowBound 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35749 66527/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_08.c Buffer_Overflow_LowBound 81 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35750 66527/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_08.c Buffer_Overflow_LowBound 102 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35751 66527/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_08.c Buffer_Overflow_LowBound 51 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35752 66528/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_09.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35753 66528/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_09.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35754 66528/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_09.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35755 66529/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_10.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35756 66529/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_10.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35757 66529/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_10.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35758 66530/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_11.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35759 66530/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_11.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35760 66530/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_11.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35761 66531/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_12.c Buffer_Overflow_LowBound 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35762 66531/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_12.c Buffer_Overflow_LowBound 75 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35763 66532/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_13.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35764 66532/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_13.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35765 66532/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_13.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35766 66533/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_14.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35767 66533/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_14.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35768 66533/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_14.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35769 66534/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_15.c Buffer_Overflow_LowBound 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35770 66534/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_15.c Buffer_Overflow_LowBound 101 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35771 66534/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_15.c Buffer_Overflow_LowBound 74 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35772 66535/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_16.c Buffer_Overflow_LowBound 38 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35773 66535/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_16.c Buffer_Overflow_LowBound 64 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35774 66536/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_17.c Buffer_Overflow_LowBound 38 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35775 66536/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_17.c Buffer_Overflow_LowBound 64 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35776 66537/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_18.c Buffer_Overflow_LowBound 36 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35777 66537/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_18.c Buffer_Overflow_LowBound 60 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35778 66538/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_21.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B1Source(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35779 66538/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_21.c Buffer_Overflow_LowBound 47 wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35780 66538/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_21.c Buffer_Overflow_LowBound 116 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B2Source(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35781 66539/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22.c Buffer_Overflow_LowBound 65 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22_goodG2B1Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22_goodG2B1Source(wchar_t * data) data[100-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22_goodG2B1Source(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35782 66539/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22.c Buffer_Overflow_LowBound 38 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22_badSource(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22_badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35783 66539/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22.c Buffer_Overflow_LowBound 84 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22_goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_22_goodG2B2Source(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35784 66540/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_31.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35785 66540/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_31.c Buffer_Overflow_LowBound 63 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35786 66541/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_32.c Buffer_Overflow_LowBound 73 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; data = dataBuffer; wchar_t * data = *dataPtr1; data[50-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35787 66541/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_32.c Buffer_Overflow_LowBound 42 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; data = dataBuffer; wchar_t * data = *dataPtr1; data[100-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35788 66543/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_34.c Buffer_Overflow_LowBound 71 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_34_unionType myUnion; wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35789 66543/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_34.c Buffer_Overflow_LowBound 44 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_34_unionType myUnion; wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35790 66544/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_41.c Buffer_Overflow_LowBound 54 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_41_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35791 66544/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_41.c Buffer_Overflow_LowBound 28 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_41_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35792 66545/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_42.c Buffer_Overflow_LowBound 40 wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35793 66545/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_42.c Buffer_Overflow_LowBound 68 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2BSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35794 66547/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_44.c Buffer_Overflow_LowBound 58 void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35795 66547/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_44.c Buffer_Overflow_LowBound 28 void (*funcPtr) (wchar_t *) = badSink; wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35796 66548/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_45.c Buffer_Overflow_LowBound 32 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_45_badData; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35797 66548/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_45.c Buffer_Overflow_LowBound 61 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_45_goodG2BData; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35798 66549/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_51.c Buffer_Overflow_LowBound 137 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_51b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35799 66549/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_51.c Buffer_Overflow_LowBound 121 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_51b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35800 66550/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_52.c Buffer_Overflow_LowBound 186 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_52c_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35801 66550/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_52.c Buffer_Overflow_LowBound 170 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_52c_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35802 66551/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53.c Buffer_Overflow_LowBound 235 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53d_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35803 66551/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53.c Buffer_Overflow_LowBound 219 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_53d_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35804 66552/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54.c Buffer_Overflow_LowBound 268 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54e_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35805 66552/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54.c Buffer_Overflow_LowBound 284 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_54e_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35806 66553/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_61.c Buffer_Overflow_LowBound 57 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_61b_goodG2BSource(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_61b_goodG2BSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35807 66553/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_61.c Buffer_Overflow_LowBound 35 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_61b_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_61b_badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_61b_badSource(data); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35808 66555/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_63.c Buffer_Overflow_LowBound 136 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35809 66555/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_63.c Buffer_Overflow_LowBound 119 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35810 66556/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_64.c Buffer_Overflow_LowBound 142 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; 0 --------------------------------- 35811 66556/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_64.c Buffer_Overflow_LowBound 122 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35812 66557/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_65.c Buffer_Overflow_LowBound 138 void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_65b_goodG2BSink; wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_65b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35813 66557/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_65.c Buffer_Overflow_LowBound 122 void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_65b_badSink; wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_65b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35814 66558/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_66.c Buffer_Overflow_LowBound 142 wchar_t * dataArray[5]; wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35815 66558/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_66.c Buffer_Overflow_LowBound 125 wchar_t * dataArray[5]; wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35816 66559/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_67.c Buffer_Overflow_LowBound 150 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_67_structType myStruct; wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35817 66559/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_67.c Buffer_Overflow_LowBound 133 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_67_structType myStruct; wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35818 66560/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_68.c Buffer_Overflow_LowBound 147 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_68b_goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_68_goodG2BData; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35819 66560/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_68.c Buffer_Overflow_LowBound 130 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_68b_badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_68_badData; wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35820 66564/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_81_bad.cpp Buffer_Overflow_LowBound 29 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35821 66564/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_81_goodG2B.cpp Buffer_Overflow_LowBound 29 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35822 66565/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_82_bad.cpp Buffer_Overflow_LowBound 29 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 35823 66565/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_82_goodG2B.cpp Buffer_Overflow_LowBound 29 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncat_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 35824 66568/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_01.c Buffer_Overflow_LowBound 56 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35825 66568/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_01.c Buffer_Overflow_LowBound 34 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35826 66569/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35827 66569/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35828 66569/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_02.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35829 66570/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35830 66570/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35831 66570/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_03.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35832 66571/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 95 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35833 66571/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 44 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35834 66571/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_04.c Buffer_Overflow_LowBound 74 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35835 66572/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 95 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35836 66572/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 44 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35837 66572/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_05.c Buffer_Overflow_LowBound 74 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35838 66573/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 71 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35839 66573/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 92 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35840 66573/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_06.c Buffer_Overflow_LowBound 41 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35841 66574/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 94 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35842 66574/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35843 66574/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_07.c Buffer_Overflow_LowBound 73 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35844 66575/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 102 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35845 66575/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 51 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35846 66575/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_08.c Buffer_Overflow_LowBound 81 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35847 66576/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35848 66576/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35849 66576/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_09.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35850 66577/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35851 66577/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35852 66577/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_10.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35853 66578/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35854 66578/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35855 66578/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_11.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35856 66579/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_12.c Buffer_Overflow_LowBound 75 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35857 66579/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_12.c Buffer_Overflow_LowBound 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35858 66580/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35859 66580/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35860 66580/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_13.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35861 66581/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35862 66581/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35863 66581/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_14.c Buffer_Overflow_LowBound 67 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35864 66582/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 101 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35865 66582/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35866 66582/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_15.c Buffer_Overflow_LowBound 74 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35867 66583/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_16.c Buffer_Overflow_LowBound 64 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35868 66583/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_16.c Buffer_Overflow_LowBound 38 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35869 66584/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_17.c Buffer_Overflow_LowBound 64 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35870 66584/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_17.c Buffer_Overflow_LowBound 38 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35871 66585/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_18.c Buffer_Overflow_LowBound 60 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35872 66585/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_18.c Buffer_Overflow_LowBound 36 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35873 66586/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_21.c Buffer_Overflow_LowBound 47 wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35874 66586/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_21.c Buffer_Overflow_LowBound 88 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B1Source(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35875 66586/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_21.c Buffer_Overflow_LowBound 116 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2B2Source(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35876 66587/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22.c Buffer_Overflow_LowBound 38 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22_badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22_badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35877 66587/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22.c Buffer_Overflow_LowBound 84 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22_goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22_goodG2B2Source(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35878 66587/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22.c Buffer_Overflow_LowBound 65 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22_goodG2B1Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22_goodG2B1Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_22_goodG2B1Source(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35879 66588/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_31.c Buffer_Overflow_LowBound 63 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35880 66588/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_31.c Buffer_Overflow_LowBound 37 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35881 66589/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_32.c Buffer_Overflow_LowBound 73 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; data = dataBuffer; wchar_t * data = *dataPtr1; data[50-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35882 66589/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_32.c Buffer_Overflow_LowBound 42 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; data = dataBuffer; wchar_t * data = *dataPtr1; data[100-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35883 66591/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_34.c Buffer_Overflow_LowBound 71 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_34_unionType myUnion; wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35884 66591/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_34.c Buffer_Overflow_LowBound 44 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_34_unionType myUnion; wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35885 66592/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_41.c Buffer_Overflow_LowBound 54 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_41_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35886 66592/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_41.c Buffer_Overflow_LowBound 28 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_41_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35887 66593/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_42.c Buffer_Overflow_LowBound 40 wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35888 66593/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_42.c Buffer_Overflow_LowBound 68 wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data[50-1] = L'\0'; return data; data = goodG2BSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35889 66595/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_44.c Buffer_Overflow_LowBound 28 void (*funcPtr) (wchar_t *) = badSink; wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35890 66595/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_44.c Buffer_Overflow_LowBound 58 void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35891 66596/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_45.c Buffer_Overflow_LowBound 32 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_45_badData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35892 66596/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_45.c Buffer_Overflow_LowBound 61 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_45_goodG2BData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35893 66597/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_51.c Buffer_Overflow_LowBound 121 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_51b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35894 66597/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_51.c Buffer_Overflow_LowBound 137 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35895 66598/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_52.c Buffer_Overflow_LowBound 170 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_52c_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35896 66598/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_52.c Buffer_Overflow_LowBound 186 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35897 66599/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53.c Buffer_Overflow_LowBound 219 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53d_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35898 66599/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53.c Buffer_Overflow_LowBound 235 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35899 66600/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54.c Buffer_Overflow_LowBound 284 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35900 66600/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54.c Buffer_Overflow_LowBound 268 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_54e_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35901 66601/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_61.c Buffer_Overflow_LowBound 35 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_61b_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_61b_badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_61b_badSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35902 66601/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_61.c Buffer_Overflow_LowBound 57 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_61b_goodG2BSource(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_61b_goodG2BSource(data); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35903 66603/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_63.c Buffer_Overflow_LowBound 119 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35904 66603/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_63.c Buffer_Overflow_LowBound 136 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35905 66604/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_64.c Buffer_Overflow_LowBound 142 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35906 66604/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_64.c Buffer_Overflow_LowBound 122 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35907 66605/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_65.c Buffer_Overflow_LowBound 122 void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_65b_badSink; wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_65b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35908 66605/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_65.c Buffer_Overflow_LowBound 138 void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_65b_goodG2BSink; wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35909 66606/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_66.c Buffer_Overflow_LowBound 125 wchar_t * dataArray[5]; wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35910 66606/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_66.c Buffer_Overflow_LowBound 142 wchar_t * dataArray[5]; wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35911 66607/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_67.c Buffer_Overflow_LowBound 133 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_67_structType myStruct; wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35912 66607/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_67.c Buffer_Overflow_LowBound 150 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_67_structType myStruct; wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35913 66608/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_68.c Buffer_Overflow_LowBound 147 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_68b_goodG2BSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_68b_goodG2BSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_68_goodG2BData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35914 66608/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_68.c Buffer_Overflow_LowBound 130 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_68b_badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_68_badData; wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35915 66612/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_81_bad.cpp Buffer_Overflow_LowBound 29 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35916 66612/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 29 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35917 66613/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_82_bad.cpp Buffer_Overflow_LowBound 29 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 35918 66613/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 29 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_ncpy_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 35919 66616/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_01.c Format_String_Attack 61 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35920 66616/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_01.c Format_String_Attack 40 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35921 66617/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_02.c Format_String_Attack 92 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35922 66617/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_02.c Format_String_Attack 72 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 35923 66617/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_02.c Format_String_Attack 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 35924 71483/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_44.c Format_String_Attack 67 void (*funcPtr) (char *) = goodG2BSink; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35925 71483/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_44.c Format_String_Attack 36 void (*funcPtr) (char *) = badSink; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; funcPtr(data); static void badSink(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35926 71484/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_45.c Format_String_Attack 40 data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_45_badData; source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35927 71484/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_45.c Format_String_Attack 70 data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_45_goodG2BData; source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35928 71485/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_51.c Format_String_Attack 151 data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_51b_goodG2BSink(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35929 71485/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_51.c Format_String_Attack 133 data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_51b_badSink(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35930 71486/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52.c Format_String_Attack 206 data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52c_goodG2BSink(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35931 71486/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52.c Format_String_Attack 188 data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_52c_badSink(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35932 71487/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53.c Format_String_Attack 261 data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53d_goodG2BSink(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35933 71487/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53.c Format_String_Attack 243 data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_53d_badSink(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35934 71488/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54.c Format_String_Attack 316 data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54e_goodG2BSink(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35935 71488/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54.c Format_String_Attack 298 data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_54e_badSink(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35936 71489/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_61.c Format_String_Attack 65 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_61b_goodG2BSource(char * data) data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_61b_goodG2BSource(data); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35937 71489/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_61.c Format_String_Attack 42 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_61b_badSource(char * data) data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_61b_badSource(data); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35938 71491/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_63.c Format_String_Attack 150 data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35939 71491/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_63.c Format_String_Attack 131 data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_63b_badSink(char * * dataPtr) char * data = *dataPtr; source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35940 71492/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_64.c Format_String_Attack 134 data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35941 71492/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_64.c Format_String_Attack 156 data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35942 71493/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_65.c Format_String_Attack 152 void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_65b_goodG2BSink; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_65b_goodG2BSink(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35943 71493/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_65.c Format_String_Attack 134 void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_65b_badSink; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_65b_badSink(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35944 71494/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_66.c Format_String_Attack 156 char * dataArray[5]; data = NULL; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35945 71494/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_66.c Format_String_Attack 137 char * dataArray[5]; data = NULL; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35946 71495/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67.c Format_String_Attack 164 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67_structType myStruct) char * data = myStruct.structFirst; source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35947 71495/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67.c Format_String_Attack 145 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67_structType myStruct; data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_67_structType myStruct) char * data = myStruct.structFirst; source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35948 71496/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68.c Format_String_Attack 142 data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68_badData; source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35949 71496/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68.c Format_String_Attack 161 data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_68_goodG2BData; source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35950 71500/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_81_bad.cpp Format_String_Attack 37 data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_81_bad::action(char * data) const source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35951 71500/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_81_goodG2B.cpp Format_String_Attack 37 data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_81_goodG2B::action(char * data) const source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35952 71501/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_82_bad.cpp Format_String_Attack 37 data = (char *)malloc(50*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_82_bad::action(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 35953 71501/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_82_goodG2B.cpp Format_String_Attack 37 data = (char *)malloc(100*sizeof(char)); data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_char_snprintf_82_goodG2B::action(char * data) source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 35954 72080/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_01.c Buffer_Overflow_LowBound 58 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35955 72080/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_01.c Buffer_Overflow_LowBound 35 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35956 72081/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_02.c Buffer_Overflow_LowBound 69 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35957 72081/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_02.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35958 72081/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_02.c Buffer_Overflow_LowBound 91 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35959 72082/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_03.c Buffer_Overflow_LowBound 69 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35960 72082/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_03.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35961 72082/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_03.c Buffer_Overflow_LowBound 91 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35962 72083/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_04.c Buffer_Overflow_LowBound 45 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35963 72083/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_04.c Buffer_Overflow_LowBound 98 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35964 72083/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_04.c Buffer_Overflow_LowBound 76 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35965 72084/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_05.c Buffer_Overflow_LowBound 45 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35966 72084/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_05.c Buffer_Overflow_LowBound 98 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35967 72084/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_05.c Buffer_Overflow_LowBound 76 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35968 72085/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_06.c Buffer_Overflow_LowBound 42 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35969 72085/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_06.c Buffer_Overflow_LowBound 95 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35970 72085/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_06.c Buffer_Overflow_LowBound 73 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35971 72086/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_07.c Buffer_Overflow_LowBound 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35972 72086/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_07.c Buffer_Overflow_LowBound 97 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35973 72086/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_07.c Buffer_Overflow_LowBound 75 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35974 72087/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_08.c Buffer_Overflow_LowBound 52 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35975 72087/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_08.c Buffer_Overflow_LowBound 105 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35976 72087/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_08.c Buffer_Overflow_LowBound 83 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35977 72088/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_09.c Buffer_Overflow_LowBound 69 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35978 72088/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_09.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35979 72088/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_09.c Buffer_Overflow_LowBound 91 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35980 72089/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_10.c Buffer_Overflow_LowBound 69 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35981 72089/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_10.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35982 72089/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_10.c Buffer_Overflow_LowBound 91 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35983 72090/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_11.c Buffer_Overflow_LowBound 69 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35984 72090/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_11.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35985 72090/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_11.c Buffer_Overflow_LowBound 91 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35986 72091/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_12.c Buffer_Overflow_LowBound 77 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35987 72091/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_12.c Buffer_Overflow_LowBound 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35988 72092/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_13.c Buffer_Overflow_LowBound 69 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35989 72092/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_13.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35990 72092/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_13.c Buffer_Overflow_LowBound 91 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35991 72093/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_14.c Buffer_Overflow_LowBound 69 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35992 72093/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_14.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35993 72093/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_14.c Buffer_Overflow_LowBound 91 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35994 72094/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_15.c Buffer_Overflow_LowBound 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35995 72094/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_15.c Buffer_Overflow_LowBound 76 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35996 72094/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_15.c Buffer_Overflow_LowBound 104 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35997 72095/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_16.c Buffer_Overflow_LowBound 66 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 35998 72095/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_16.c Buffer_Overflow_LowBound 39 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 35999 72096/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_17.c Buffer_Overflow_LowBound 66 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36000 72096/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_17.c Buffer_Overflow_LowBound 39 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36001 72097/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_18.c Buffer_Overflow_LowBound 37 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36002 72097/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_18.c Buffer_Overflow_LowBound 62 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36003 72098/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_21.c Buffer_Overflow_LowBound 90 data = NULL; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = goodG2B1Source(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36004 72098/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_21.c Buffer_Overflow_LowBound 119 data = NULL; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = goodG2B2Source(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36005 72098/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_21.c Buffer_Overflow_LowBound 48 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36006 72099/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22.c Buffer_Overflow_LowBound 87 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_goodG2B2Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_goodG2B2Source(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36007 72099/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22.c Buffer_Overflow_LowBound 39 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_badSource(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36008 72099/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22.c Buffer_Overflow_LowBound 67 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_goodG2B1Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_goodG2B1Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_22_goodG2B1Source(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36009 72100/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_31.c Buffer_Overflow_LowBound 65 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36010 72100/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_31.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36011 72101/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_32.c Buffer_Overflow_LowBound 75 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36012 72101/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_32.c Buffer_Overflow_LowBound 43 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36013 72103/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_34.c Buffer_Overflow_LowBound 45 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_34_unionType myUnion; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36014 72103/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_34.c Buffer_Overflow_LowBound 73 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_34_unionType myUnion; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36015 72104/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_41.c Buffer_Overflow_LowBound 57 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_41_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36016 72104/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_41.c Buffer_Overflow_LowBound 30 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_41_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36017 72105/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_42.c Buffer_Overflow_LowBound 41 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36018 72105/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_42.c Buffer_Overflow_LowBound 70 data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = goodG2BSource(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36019 72107/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_44.c Buffer_Overflow_LowBound 61 void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36020 72107/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_44.c Buffer_Overflow_LowBound 30 void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36021 72108/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_45.c Buffer_Overflow_LowBound 34 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_45_badData; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36022 72108/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_45.c Buffer_Overflow_LowBound 64 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_45_goodG2BData; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36023 72109/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_51.c Buffer_Overflow_LowBound 121 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_51b_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36024 72109/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_51.c Buffer_Overflow_LowBound 139 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36025 72110/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52.c Buffer_Overflow_LowBound 170 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52c_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36026 72110/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52.c Buffer_Overflow_LowBound 188 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36027 72111/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53.c Buffer_Overflow_LowBound 237 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36028 72111/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53.c Buffer_Overflow_LowBound 219 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_53d_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36029 72112/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54.c Buffer_Overflow_LowBound 268 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54d_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54e_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36030 72112/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54.c Buffer_Overflow_LowBound 286 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36031 72113/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_61.c Buffer_Overflow_LowBound 36 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_61b_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_61b_badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_61b_badSource(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36032 72113/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_61.c Buffer_Overflow_LowBound 59 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_61b_goodG2BSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_61b_goodG2BSource(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_61b_goodG2BSource(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36033 72115/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_63.c Buffer_Overflow_LowBound 138 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36034 72115/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_63.c Buffer_Overflow_LowBound 119 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36035 72116/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_64.c Buffer_Overflow_LowBound 122 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36036 72116/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_64.c Buffer_Overflow_LowBound 144 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36037 72117/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_65.c Buffer_Overflow_LowBound 122 void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_65b_badSink; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_65b_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36038 72117/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_65.c Buffer_Overflow_LowBound 140 void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_65b_goodG2BSink; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36039 72118/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_66.c Buffer_Overflow_LowBound 125 wchar_t * dataArray[5]; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36040 72118/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_66.c Buffer_Overflow_LowBound 144 wchar_t * dataArray[5]; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36041 72119/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67.c Buffer_Overflow_LowBound 133 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67_structType myStruct; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36042 72119/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67.c Buffer_Overflow_LowBound 152 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67_structType myStruct; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36043 72120/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68.c Buffer_Overflow_LowBound 149 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68b_goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68_goodG2BData; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36044 72120/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68.c Buffer_Overflow_LowBound 130 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68b_badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_68_badData; wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36045 72124/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_81_bad.cpp Buffer_Overflow_LowBound 31 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_81_bad::action(wchar_t * data) const wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36046 72124/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_81_goodG2B.cpp Buffer_Overflow_LowBound 31 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36047 72125/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_82_bad.cpp Buffer_Overflow_LowBound 31 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_82_bad::action(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 36048 72125/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_82_goodG2B.cpp Buffer_Overflow_LowBound 31 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncat_82_goodG2B::action(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 36049 72128/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_01.c Buffer_Overflow_LowBound 35 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36050 72128/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_01.c Buffer_Overflow_LowBound 59 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36051 72129/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_02.c Buffer_Overflow_LowBound 70 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36052 72129/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_02.c Buffer_Overflow_LowBound 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36053 72129/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_02.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36054 72130/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_03.c Buffer_Overflow_LowBound 70 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36055 72130/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_03.c Buffer_Overflow_LowBound 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36056 72130/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_03.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36057 72131/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_04.c Buffer_Overflow_LowBound 100 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36058 72131/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_04.c Buffer_Overflow_LowBound 77 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36059 72131/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_04.c Buffer_Overflow_LowBound 45 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36060 72132/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_05.c Buffer_Overflow_LowBound 100 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36061 72132/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_05.c Buffer_Overflow_LowBound 77 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36062 72132/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_05.c Buffer_Overflow_LowBound 45 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36063 72133/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_06.c Buffer_Overflow_LowBound 42 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36064 72133/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_06.c Buffer_Overflow_LowBound 97 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36065 72133/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_06.c Buffer_Overflow_LowBound 74 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36066 72134/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_07.c Buffer_Overflow_LowBound 99 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36067 72134/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_07.c Buffer_Overflow_LowBound 76 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36068 72134/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_07.c Buffer_Overflow_LowBound 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36069 72135/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 107 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36070 72135/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 84 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36071 72135/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_08.c Buffer_Overflow_LowBound 52 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36072 72136/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 70 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36073 72136/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36074 72136/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_09.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36075 72137/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 70 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36076 72137/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36077 72137/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_10.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36078 72138/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 70 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36079 72138/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36080 72138/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_11.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36081 72139/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_12.c Buffer_Overflow_LowBound 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36082 72139/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_12.c Buffer_Overflow_LowBound 78 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36083 72140/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 70 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36084 72140/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36085 72140/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_13.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36086 72141/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 70 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36087 72141/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 93 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36088 72141/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_14.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36089 72142/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36090 72142/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 106 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36091 72142/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_15.c Buffer_Overflow_LowBound 77 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36092 72143/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_16.c Buffer_Overflow_LowBound 67 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36093 72143/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_16.c Buffer_Overflow_LowBound 39 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36094 72144/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_17.c Buffer_Overflow_LowBound 67 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36095 72144/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_17.c Buffer_Overflow_LowBound 39 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36096 72145/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_18.c Buffer_Overflow_LowBound 63 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36097 72145/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_18.c Buffer_Overflow_LowBound 37 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36098 72146/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 91 data = NULL; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = goodG2B1Source(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36099 72146/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 121 data = NULL; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = goodG2B2Source(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36100 72146/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_21.c Buffer_Overflow_LowBound 48 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36101 72147/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 68 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22_goodG2B1Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22_goodG2B1Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22_goodG2B1Source(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36102 72147/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 89 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22_goodG2B2Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22_goodG2B2Source(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36103 72147/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22.c Buffer_Overflow_LowBound 39 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22_badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_22_badSource(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36104 72148/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_31.c Buffer_Overflow_LowBound 66 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36105 72148/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_31.c Buffer_Overflow_LowBound 38 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36106 72149/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_32.c Buffer_Overflow_LowBound 43 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36107 72149/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_32.c Buffer_Overflow_LowBound 76 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36108 72151/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_34.c Buffer_Overflow_LowBound 74 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_34_unionType myUnion; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36109 72151/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_34.c Buffer_Overflow_LowBound 45 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_34_unionType myUnion; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36110 72152/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_41.c Buffer_Overflow_LowBound 58 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_41_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36111 72152/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_41.c Buffer_Overflow_LowBound 30 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_41_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36112 72153/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_42.c Buffer_Overflow_LowBound 41 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36113 72153/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_42.c Buffer_Overflow_LowBound 71 data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = goodG2BSource(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36114 72155/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_44.c Buffer_Overflow_LowBound 62 void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36115 72155/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_44.c Buffer_Overflow_LowBound 30 void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36116 72156/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_45.c Buffer_Overflow_LowBound 65 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_45_goodG2BData; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36117 72156/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_45.c Buffer_Overflow_LowBound 34 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_45_badData; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36118 72157/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_51.c Buffer_Overflow_LowBound 140 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36119 72157/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_51.c Buffer_Overflow_LowBound 121 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_51b_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36120 72158/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_52.c Buffer_Overflow_LowBound 170 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_52b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_52c_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36121 72158/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_52.c Buffer_Overflow_LowBound 189 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36122 72159/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53.c Buffer_Overflow_LowBound 219 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53d_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36123 72159/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53.c Buffer_Overflow_LowBound 238 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36124 72160/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54.c Buffer_Overflow_LowBound 268 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54d_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54e_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36125 72160/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54.c Buffer_Overflow_LowBound 287 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36126 72161/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_61.c Buffer_Overflow_LowBound 60 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_61b_goodG2BSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_61b_goodG2BSource(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_61b_goodG2BSource(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36127 72161/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_61.c Buffer_Overflow_LowBound 36 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_61b_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_61b_badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_61b_badSource(data); wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36128 72163/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_63.c Buffer_Overflow_LowBound 139 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36129 72163/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_63.c Buffer_Overflow_LowBound 119 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36130 72164/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_64.c Buffer_Overflow_LowBound 145 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36131 72164/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_64.c Buffer_Overflow_LowBound 122 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36132 72165/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_65.c Buffer_Overflow_LowBound 122 void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_65b_badSink; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_65b_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36133 72165/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_65.c Buffer_Overflow_LowBound 141 void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_65b_goodG2BSink; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36134 72166/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_66.c Buffer_Overflow_LowBound 145 wchar_t * dataArray[5]; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36135 72166/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_66.c Buffer_Overflow_LowBound 125 wchar_t * dataArray[5]; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36136 72167/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_67.c Buffer_Overflow_LowBound 153 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_67_structType myStruct; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; data = (wchar_t *)malloc(100*sizeof(wchar_t)); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36137 72167/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_67.c Buffer_Overflow_LowBound 133 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_67_structType myStruct; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; data = (wchar_t *)malloc(100*sizeof(wchar_t)); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36138 72168/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_68.c Buffer_Overflow_LowBound 130 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_68b_badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_68_badData; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36139 72168/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_68.c Buffer_Overflow_LowBound 150 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_68b_goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_68_goodG2BData; wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36140 72172/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_81_bad::action(wchar_t * data) const wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36141 72172/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_81_goodG2B.cpp Off_by_One_Error_in_Methods 31 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36142 72173/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_82_bad::action(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 36143 72173/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_82_goodG2B.cpp Off_by_One_Error_in_Methods 31 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_ncpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 36144 72176/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_01.c Format_String_Attack 64 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36145 72176/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_01.c Format_String_Attack 41 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36146 72177/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_02.c Format_String_Attack 75 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36147 72177/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_02.c Format_String_Attack 97 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36148 72177/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_02.c Format_String_Attack 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36149 72178/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_03.c Format_String_Attack 75 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36150 72178/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_03.c Format_String_Attack 97 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36151 72178/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_03.c Format_String_Attack 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36152 72179/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_04.c Format_String_Attack 82 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36153 72179/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_04.c Format_String_Attack 104 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36154 72179/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_04.c Format_String_Attack 51 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36155 72180/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_05.c Format_String_Attack 82 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36156 72180/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_05.c Format_String_Attack 104 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36157 72180/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_05.c Format_String_Attack 51 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36158 72181/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_06.c Format_String_Attack 101 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36159 72181/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_06.c Format_String_Attack 48 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36160 72181/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_06.c Format_String_Attack 79 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36161 72182/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_07.c Format_String_Attack 50 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36162 72182/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_07.c Format_String_Attack 81 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36163 72182/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_07.c Format_String_Attack 103 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36164 72183/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_08.c Format_String_Attack 58 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36165 72183/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_08.c Format_String_Attack 89 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36166 72183/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_08.c Format_String_Attack 111 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36167 72184/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_09.c Format_String_Attack 75 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36168 72184/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_09.c Format_String_Attack 97 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36169 72184/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_09.c Format_String_Attack 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36170 72185/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_10.c Format_String_Attack 75 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36171 72185/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_10.c Format_String_Attack 97 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36172 72185/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_10.c Format_String_Attack 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36173 72186/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_11.c Format_String_Attack 75 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36174 72186/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_11.c Format_String_Attack 97 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36175 72186/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_11.c Format_String_Attack 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36176 72187/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_12.c Format_String_Attack 50 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36177 72187/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_12.c Format_String_Attack 83 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36178 72188/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_13.c Format_String_Attack 75 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36179 72188/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_13.c Format_String_Attack 97 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36180 72188/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_13.c Format_String_Attack 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36181 72189/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_14.c Format_String_Attack 75 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36182 72189/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_14.c Format_String_Attack 97 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36183 72189/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_14.c Format_String_Attack 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36184 72190/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_15.c Format_String_Attack 50 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36185 72190/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_15.c Format_String_Attack 82 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36186 72190/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_15.c Format_String_Attack 110 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36187 72191/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_16.c Format_String_Attack 45 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36188 72191/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_16.c Format_String_Attack 72 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36189 72192/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_17.c Format_String_Attack 45 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36190 72192/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_17.c Format_String_Attack 72 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36191 72193/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_18.c Format_String_Attack 43 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36192 72193/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_18.c Format_String_Attack 68 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36193 72194/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_21.c Format_String_Attack 125 data = NULL; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = goodG2B2Source(data); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36194 72194/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_21.c Format_String_Attack 96 data = NULL; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = goodG2B1Source(data); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36195 72194/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_21.c Format_String_Attack 54 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36196 72195/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22.c Format_String_Attack 45 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_badSource(data); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36197 72195/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22.c Format_String_Attack 73 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_goodG2B1Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_goodG2B1Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_goodG2B1Source(data); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36198 72195/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22.c Format_String_Attack 93 data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_goodG2B2Source(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_goodG2B2Source(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_22_goodG2B2Source(data); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36199 72196/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_31.c Format_String_Attack 44 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36200 72196/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_31.c Format_String_Attack 71 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36201 72197/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_32.c Format_String_Attack 81 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36202 72197/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_32.c Format_String_Attack 49 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; data = NULL; wchar_t * data = *dataPtr1; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36203 72199/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_34.c Format_String_Attack 51 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_34_unionType myUnion; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36204 72199/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_34.c Format_String_Attack 79 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_34_unionType myUnion; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; myUnion.unionFirst = data; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36205 72200/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_41.c Format_String_Attack 36 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_41_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36206 72200/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_41.c Format_String_Attack 63 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_41_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36207 72201/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_42.c Format_String_Attack 76 data = NULL; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = goodG2BSource(data); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36208 72201/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_42.c Format_String_Attack 47 data = NULL; data = badSource(data); static wchar_t * badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; data = badSource(data); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36209 72203/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_44.c Format_String_Attack 67 void (*funcPtr) (wchar_t *) = goodG2BSink; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36210 72203/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_44.c Format_String_Attack 36 void (*funcPtr) (wchar_t *) = badSink; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36211 72204/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_45.c Format_String_Attack 40 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_45_badData = data; badSink(); static void badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_45_badData; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36212 72204/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_45.c Format_String_Attack 70 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_45_goodG2BData; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36213 72205/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_51.c Format_String_Attack 133 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_51b_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36214 72205/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_51.c Format_String_Attack 151 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36215 72206/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52.c Format_String_Attack 206 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36216 72206/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52.c Format_String_Attack 188 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_52c_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36217 72207/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53.c Format_String_Attack 261 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36218 72207/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53.c Format_String_Attack 243 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_53d_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36219 72208/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54.c Format_String_Attack 298 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54b_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54c_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54d_badSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54e_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36220 72208/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54.c Format_String_Attack 316 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54b_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54c_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54d_goodG2BSink(wchar_t * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36221 72209/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_61.c Format_String_Attack 42 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_61b_badSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_61b_badSource(wchar_t * data) data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_61b_badSource(data); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36222 72209/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_61.c Format_String_Attack 65 data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_61b_goodG2BSource(data); wchar_t * CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_61b_goodG2BSource(wchar_t * data) data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_61b_goodG2BSource(data); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36223 72211/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_63.c Format_String_Attack 131 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36224 72211/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_63.c Format_String_Attack 150 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36225 72212/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_64.c Format_String_Attack 134 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36226 72212/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_64.c Format_String_Attack 156 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36227 72213/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_65.c Format_String_Attack 152 void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_65b_goodG2BSink; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36228 72213/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_65.c Format_String_Attack 134 void (*funcPtr) (wchar_t *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_65b_badSink; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_65b_badSink(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36229 72214/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_66.c Format_String_Attack 137 wchar_t * dataArray[5]; data = NULL; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36230 72214/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_66.c Format_String_Attack 156 wchar_t * dataArray[5]; data = NULL; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36231 72215/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67.c Format_String_Attack 145 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67_structType myStruct; data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36232 72215/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67.c Format_String_Attack 164 CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67_structType myStruct; data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36233 72216/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68.c Format_String_Attack 142 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68b_badSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68_badData; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36234 72216/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68.c Format_String_Attack 161 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68b_goodG2BSink() wchar_t * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_68_goodG2BData; wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36235 72220/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_81_bad.cpp Format_String_Attack 37 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_81_bad::action(wchar_t * data) const wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36236 72220/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_81_goodG2B.cpp Buffer_Overflow_LowBound 37 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36237 72221/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_82_bad.cpp Format_String_Attack 37 data = (wchar_t *)malloc(50*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_82_bad::action(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 36238 72221/CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_82_goodG2B.cpp Buffer_Overflow_LowBound 37 data = (wchar_t *)malloc(100*sizeof(wchar_t)); data[0] = L'\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE805_wchar_t_snprintf_82_goodG2B::action(wchar_t * data) wchar_t source[100]; source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 36239 72272/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_01.c String_Termination_Error 55 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36240 72272/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_01.c String_Termination_Error 33 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36241 72273/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_02.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36242 72273/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_02.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36243 72273/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_02.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36244 72274/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_03.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36245 72274/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_03.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36246 72274/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_03.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36247 72275/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_04.c String_Termination_Error 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36248 72275/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_04.c String_Termination_Error 43 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36249 72275/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_04.c String_Termination_Error 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36250 72276/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_05.c String_Termination_Error 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36251 72276/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_05.c String_Termination_Error 43 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36252 72276/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_05.c String_Termination_Error 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36253 72277/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_06.c String_Termination_Error 40 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36254 72277/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_06.c String_Termination_Error 91 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36255 72277/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_06.c String_Termination_Error 70 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36256 72278/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_07.c String_Termination_Error 72 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36257 72278/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_07.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36258 72278/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_07.c String_Termination_Error 93 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36259 72279/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_08.c String_Termination_Error 80 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36260 72279/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_08.c String_Termination_Error 50 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36261 72279/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_08.c String_Termination_Error 101 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36262 72280/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_09.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36263 72280/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_09.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36264 72280/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_09.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36265 72281/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_10.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36266 72281/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_10.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36267 72281/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_10.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36268 72282/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_11.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36269 72282/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_11.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36270 72282/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_11.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36271 72283/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_12.c String_Termination_Error 74 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36272 72283/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_12.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36273 72284/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_13.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36274 72284/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_13.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36275 72284/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_13.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36276 72285/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_14.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36277 72285/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_14.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36278 72285/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_14.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36279 72286/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_15.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36280 72286/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_15.c String_Termination_Error 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36281 72286/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_15.c String_Termination_Error 100 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36282 72287/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_16.c String_Termination_Error 63 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36283 72287/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_16.c String_Termination_Error 37 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36284 72288/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_17.c String_Termination_Error 63 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36285 72288/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_17.c String_Termination_Error 37 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36286 72289/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_18.c String_Termination_Error 35 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36287 72289/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_18.c String_Termination_Error 59 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36288 72290/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_21.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36289 72290/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_21.c String_Termination_Error 115 data = (char *)malloc(100*sizeof(char)); data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36290 72290/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_21.c String_Termination_Error 46 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36291 72291/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22.c String_Termination_Error 64 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_goodG2B1Source(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36292 72291/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22.c String_Termination_Error 83 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_goodG2B2Source(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36293 72291/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22.c String_Termination_Error 37 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_badSource(char * data) data[100-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_22_badSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36294 72292/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_31.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36295 72292/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_31.c String_Termination_Error 62 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36296 72293/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_32.c String_Termination_Error 72 char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = (char *)malloc(100*sizeof(char)); char * data = *dataPtr1; data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36297 72293/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_32.c String_Termination_Error 41 char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = (char *)malloc(100*sizeof(char)); char * data = *dataPtr1; data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36298 72295/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_34.c String_Termination_Error 43 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_34_unionType myUnion; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36299 72295/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_34.c String_Termination_Error 70 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_34_unionType myUnion; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36300 72296/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_41.c String_Termination_Error 28 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_41_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36301 72296/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_41.c String_Termination_Error 54 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_41_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36302 72297/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_42.c String_Termination_Error 39 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36303 72297/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_42.c String_Termination_Error 67 data = (char *)malloc(100*sizeof(char)); data = goodG2BSource(data); static char * goodG2BSource(char * data) data[50-1] = '\0'; return data; data = goodG2BSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36304 72299/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_44.c String_Termination_Error 58 void (*funcPtr) (char *) = goodG2BSink; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36305 72299/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_44.c String_Termination_Error 28 void (*funcPtr) (char *) = badSink; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36306 72300/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_45.c String_Termination_Error 32 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_45_badData; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36307 72300/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_45.c String_Termination_Error 61 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_45_goodG2BData; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36308 72301/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_51.c String_Termination_Error 136 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_51b_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36309 72301/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_51.c String_Termination_Error 119 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_51b_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36310 72302/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52.c String_Termination_Error 168 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52c_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36311 72302/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52.c String_Termination_Error 185 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_52c_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36312 72303/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53.c String_Termination_Error 234 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53d_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36313 72303/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53.c String_Termination_Error 217 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_53d_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36314 72304/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54.c String_Termination_Error 266 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54e_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36315 72304/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54.c String_Termination_Error 283 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_54e_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36316 72305/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_61.c String_Termination_Error 56 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_61b_goodG2BSource(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_61b_goodG2BSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36317 72305/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_61.c String_Termination_Error 34 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_61b_badSource(char * data) data[100-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_61b_badSource(data); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36318 72307/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_63.c String_Termination_Error 135 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36319 72307/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_63.c String_Termination_Error 117 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36320 72308/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_64.c String_Termination_Error 120 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36321 72308/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_64.c String_Termination_Error 141 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36322 72309/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_65.c String_Termination_Error 120 void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_65b_badSink; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_65b_badSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36323 72309/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_65.c String_Termination_Error 137 void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_65b_goodG2BSink; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_65b_goodG2BSink(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36324 72310/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_66.c String_Termination_Error 123 char * dataArray[5]; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36325 72310/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_66.c String_Termination_Error 141 char * dataArray[5]; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36326 72311/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67.c String_Termination_Error 131 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36327 72311/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67.c String_Termination_Error 149 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36328 72312/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68.c String_Termination_Error 128 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68_badData; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36329 72312/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68.c String_Termination_Error 146 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_68_goodG2BData; char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36330 72316/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_81_bad.cpp String_Termination_Error 29 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_81_bad::action(char * data) const char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36331 72316/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_81_goodG2B.cpp String_Termination_Error 29 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_81_goodG2B::action(char * data) const char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36332 72317/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_82_bad.cpp String_Termination_Error 29 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_82_bad::action(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36333 72317/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_82_goodG2B.cpp String_Termination_Error 29 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memcpy_82_goodG2B::action(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36334 72320/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_01.c String_Termination_Error 33 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36335 72320/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_01.c String_Termination_Error 55 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36336 72321/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_02.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36337 72321/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_02.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36338 72321/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_02.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36339 72322/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_03.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36340 72322/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_03.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36341 72322/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_03.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36342 72323/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_04.c String_Termination_Error 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36343 72323/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_04.c String_Termination_Error 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36344 72323/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_04.c String_Termination_Error 43 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36345 72324/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_05.c String_Termination_Error 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36346 72324/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_05.c String_Termination_Error 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36347 72324/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_05.c String_Termination_Error 43 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36348 72325/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_06.c String_Termination_Error 70 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36349 72325/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_06.c String_Termination_Error 40 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36350 72325/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_06.c String_Termination_Error 91 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36351 72326/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_07.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36352 72326/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_07.c String_Termination_Error 93 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36353 72326/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_07.c String_Termination_Error 72 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36354 72327/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_08.c String_Termination_Error 50 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36355 72327/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_08.c String_Termination_Error 101 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36356 72327/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_08.c String_Termination_Error 80 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36357 72328/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_09.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36358 72328/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_09.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36359 72328/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_09.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36360 72329/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_10.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36361 72329/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_10.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36362 72329/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_10.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36363 72330/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_11.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36364 72330/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_11.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36365 72330/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_11.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36366 72331/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_12.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36367 72331/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_12.c String_Termination_Error 74 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36368 72332/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_13.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36369 72332/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_13.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36370 72332/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_13.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36371 72333/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_14.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36372 72333/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_14.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36373 72333/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_14.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36374 72334/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_15.c String_Termination_Error 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36375 72334/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_15.c String_Termination_Error 100 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36376 72334/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_15.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36377 72335/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_16.c String_Termination_Error 63 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36378 72335/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_16.c String_Termination_Error 37 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36379 72336/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_17.c String_Termination_Error 63 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36380 72336/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_17.c String_Termination_Error 37 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36381 72337/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_18.c String_Termination_Error 59 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36382 72337/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_18.c String_Termination_Error 35 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36383 72338/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_21.c String_Termination_Error 46 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36384 72338/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_21.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data = goodG2B1Source(data); static char * goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = goodG2B1Source(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36385 72338/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_21.c String_Termination_Error 115 data = (char *)malloc(100*sizeof(char)); data = goodG2B2Source(data); static char * goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = goodG2B2Source(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36386 72339/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22.c String_Termination_Error 37 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_badSource(char * data) data[100-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_badSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36387 72339/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22.c String_Termination_Error 64 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_goodG2B1Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_goodG2B1Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_goodG2B1Source(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36388 72339/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22.c String_Termination_Error 83 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_goodG2B2Source(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_goodG2B2Source(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_22_goodG2B2Source(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36389 72340/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_31.c String_Termination_Error 62 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36390 72340/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_31.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36391 72341/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_32.c String_Termination_Error 41 char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = (char *)malloc(100*sizeof(char)); char * data = *dataPtr1; data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36392 72341/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_32.c String_Termination_Error 72 char * *dataPtr1 = &data; char * *dataPtr2 = &data; data = (char *)malloc(100*sizeof(char)); char * data = *dataPtr1; data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36393 72343/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_34.c String_Termination_Error 70 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_34_unionType myUnion; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36394 72343/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_34.c String_Termination_Error 43 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_34_unionType myUnion; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36395 72344/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_41.c String_Termination_Error 54 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_41_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_41_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36396 72344/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_41.c String_Termination_Error 28 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_41_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_41_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36397 72345/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_42.c String_Termination_Error 39 data = (char *)malloc(100*sizeof(char)); data = badSource(data); static char * badSource(char * data) data[100-1] = '\0'; return data; data = badSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36398 72345/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_42.c String_Termination_Error 67 data = (char *)malloc(100*sizeof(char)); data = goodG2BSource(data); static char * goodG2BSource(char * data) data[50-1] = '\0'; return data; data = goodG2BSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36399 72347/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_44.c String_Termination_Error 28 void (*funcPtr) (char *) = badSink; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36400 72347/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_44.c String_Termination_Error 58 void (*funcPtr) (char *) = goodG2BSink; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36401 72348/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_45.c String_Termination_Error 61 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_45_goodG2BData; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36402 72348/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_45.c String_Termination_Error 32 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_45_badData = data; badSink(); static void badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_45_badData; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36403 72349/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_51.c String_Termination_Error 119 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_51b_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36404 72349/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_51.c String_Termination_Error 136 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_51b_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36405 72350/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52.c String_Termination_Error 185 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52c_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36406 72350/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52.c String_Termination_Error 168 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_52c_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36407 72351/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53.c String_Termination_Error 217 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53d_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36408 72351/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53.c String_Termination_Error 234 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_53d_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36409 72352/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54.c String_Termination_Error 266 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54b_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54c_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54d_badSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54e_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36410 72352/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54.c String_Termination_Error 283 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54b_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54c_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54d_goodG2BSink(char * data) CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_54e_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36411 72353/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_61.c String_Termination_Error 34 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_61b_badSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_61b_badSource(char * data) data[100-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_61b_badSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36412 72353/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_61.c String_Termination_Error 56 data = (char *)malloc(100*sizeof(char)); data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_61b_goodG2BSource(data); char * CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_61b_goodG2BSource(char * data) data[50-1] = '\0'; return data; data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_61b_goodG2BSource(data); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36413 72355/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_63.c String_Termination_Error 135 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36414 72355/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_63.c String_Termination_Error 117 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36415 72356/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_64.c String_Termination_Error 141 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36416 72356/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_64.c String_Termination_Error 120 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36417 72357/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_65.c String_Termination_Error 137 void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_65b_goodG2BSink; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_65b_goodG2BSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36418 72357/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_65.c String_Termination_Error 120 void (*funcPtr) (char *) = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_65b_badSink; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_65b_badSink(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36419 72358/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_66.c String_Termination_Error 141 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36420 72358/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_66.c String_Termination_Error 123 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36421 72359/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67.c String_Termination_Error 149 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36422 72359/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67.c String_Termination_Error 131 CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67_structType myStruct; data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36423 72360/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68.c String_Termination_Error 146 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68b_goodG2BSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68b_goodG2BSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68_goodG2BData; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36424 72360/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68.c String_Termination_Error 128 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68b_badSink(); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68b_badSink() char * data = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_68_badData; char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36425 72364/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_81_bad.cpp String_Termination_Error 29 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_81_bad::action(char * data) const char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36426 72364/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_81_goodG2B.cpp String_Termination_Error 29 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_81_goodG2B::action(char * data) const char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36427 72365/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_82_bad.cpp String_Termination_Error 29 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_82_bad::action(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 36428 72365/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_82_goodG2B.cpp String_Termination_Error 29 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_memmove_82_goodG2B::action(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 36429 72368/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_01.c String_Termination_Error 55 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36430 72368/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_01.c String_Termination_Error 33 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 36431 72369/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_02.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36432 72369/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_02.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36433 72369/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_02.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 36434 72370/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_03.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36435 72370/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_03.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36436 72370/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_03.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 36437 72371/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_04.c String_Termination_Error 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36438 72371/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_04.c String_Termination_Error 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36439 72371/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_04.c String_Termination_Error 43 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 36440 72372/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_05.c String_Termination_Error 73 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36441 72372/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_05.c String_Termination_Error 94 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36442 72372/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_05.c String_Termination_Error 43 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 36443 72373/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_06.c String_Termination_Error 70 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36444 72373/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_06.c String_Termination_Error 91 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36445 72373/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_06.c String_Termination_Error 40 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 36446 72374/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_07.c String_Termination_Error 93 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36447 72374/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_07.c String_Termination_Error 42 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 36448 72374/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_07.c String_Termination_Error 72 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36449 72375/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_08.c String_Termination_Error 101 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36450 72375/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_08.c String_Termination_Error 50 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 36451 72375/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_08.c String_Termination_Error 80 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36452 72376/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_09.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36453 72376/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_09.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36454 72376/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_09.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 36455 72377/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_10.c String_Termination_Error 66 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36456 72377/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_10.c String_Termination_Error 87 data = (char *)malloc(100*sizeof(char)); data[50-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 36457 72377/CWE122_Heap_Based_Buffer_Overflow__c_CWE806_char_ncat_10.c String_Termination_Error 36 data = (char *)malloc(100*sizeof(char)); data[100-1] = '\0'; char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 36458 66617/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_02.c Buffer_Overflow_LowBound 92 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36459 66617/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_02.c Buffer_Overflow_LowBound 72 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36460 66617/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_02.c Buffer_Overflow_LowBound 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36461 66618/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_03.c Format_String_Attack 92 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36462 66618/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_03.c Format_String_Attack 72 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36463 66618/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_03.c Format_String_Attack 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36464 66619/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_04.c Format_String_Attack 79 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36465 66619/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_04.c Format_String_Attack 50 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36466 66619/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_04.c Format_String_Attack 99 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36467 66620/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_05.c Format_String_Attack 79 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36468 66620/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_05.c Format_String_Attack 50 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36469 66620/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_05.c Format_String_Attack 99 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36470 66621/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_06.c Format_String_Attack 76 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36471 66621/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_06.c Format_String_Attack 47 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36472 66621/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_06.c Format_String_Attack 96 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36473 66622/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_07.c Format_String_Attack 78 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36474 66622/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_07.c Format_String_Attack 49 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36475 66622/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_07.c Format_String_Attack 98 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36476 66623/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_08.c Format_String_Attack 86 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36477 66623/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_08.c Format_String_Attack 57 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36478 66623/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_08.c Format_String_Attack 106 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36479 66624/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_09.c Format_String_Attack 92 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36480 66624/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_09.c Format_String_Attack 72 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36481 66624/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_09.c Format_String_Attack 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36482 66625/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_10.c Format_String_Attack 92 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36483 66625/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_10.c Format_String_Attack 72 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36484 66625/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_10.c Format_String_Attack 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36485 66626/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_11.c Format_String_Attack 92 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36486 66626/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_11.c Format_String_Attack 72 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36487 66626/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_11.c Format_String_Attack 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36488 66627/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_12.c Format_String_Attack 49 data[100-1] = L'\0'; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36489 66627/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_12.c Format_String_Attack 80 data[50-1] = L'\0'; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36490 66628/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_13.c Format_String_Attack 92 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36491 66628/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_13.c Format_String_Attack 72 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36492 66628/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_13.c Format_String_Attack 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36493 66629/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_14.c Format_String_Attack 92 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36494 66629/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_14.c Format_String_Attack 72 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36495 66629/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_14.c Format_String_Attack 43 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36496 66630/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_15.c Format_String_Attack 49 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36497 66630/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_15.c Format_String_Attack 79 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36498 66630/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_15.c Format_String_Attack 105 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36499 66631/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_16.c Format_String_Attack 44 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36500 66631/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_16.c Format_String_Attack 69 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36501 66632/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_17.c Format_String_Attack 44 wchar_t dataBuffer[100]; data = dataBuffer; data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36502 66632/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_17.c Format_String_Attack 69 wchar_t dataBuffer[100]; data = dataBuffer; data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36503 66633/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_18.c Format_String_Attack 65 data[50-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36504 66633/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_18.c Format_String_Attack 42 data[100-1] = L'\0'; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36505 66634/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_21.c Format_String_Attack 53 data[100-1] = L'\0'; return data; wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); static wchar_t * badSource(wchar_t * data) return data; data = badSource(data); SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36506 66634/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_21.c Format_String_Attack 120 data[50-1] = L'\0'; return data; wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); static wchar_t * goodG2B2Source(wchar_t * data) return data; data = goodG2B2Source(data); SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36507 66634/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_21.c Format_String_Attack 93 data[50-1] = L'\0'; return data; wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); static wchar_t * goodG2B1Source(wchar_t * data) return data; data = goodG2B1Source(data); SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36508 66635/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22.c Format_String_Attack 70 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22_goodG2B1Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22_goodG2B1Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22_goodG2B1Source(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36509 66635/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22.c Format_String_Attack 44 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22_badSource(wchar_t * data) data[100-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22_badSource(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36510 66635/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22.c Format_String_Attack 88 wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22_goodG2B2Source(wchar_t * data) data[50-1] = L'\0'; return data; data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_22_goodG2B2Source(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36511 66636/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_31.c Format_String_Attack 68 data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36512 66636/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_31.c Format_String_Attack 43 data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36513 66637/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_32.c Format_String_Attack 78 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr1; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36514 66637/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_32.c Format_String_Attack 48 wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * data = *dataPtr1; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36515 66639/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_34.c Format_String_Attack 76 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_34_unionType myUnion; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36516 66639/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_34.c Format_String_Attack 50 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_34_unionType myUnion; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36517 66640/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_41.c Format_String_Attack 34 data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_41_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36518 66640/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_41.c Format_String_Attack 59 data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_41_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36519 66641/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_42.c Format_String_Attack 46 data[100-1] = L'\0'; return data; data = badSource(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36520 66641/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_42.c Format_String_Attack 73 data[50-1] = L'\0'; return data; data = goodG2BSource(data); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36521 66643/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_44.c Format_String_Attack 63 void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36522 66643/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_44.c Format_String_Attack 34 void (*funcPtr) (wchar_t *) = badSink; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36523 66644/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_45.c Format_String_Attack 38 data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_45_badData = data; badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_45_badData; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36524 66644/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_45.c Format_String_Attack 66 data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_45_goodG2BData; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36525 66645/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_51.c Format_String_Attack 148 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_51b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36526 66645/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_51.c Format_String_Attack 133 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_51b_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36527 66646/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_52.c Format_String_Attack 188 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_52c_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36528 66646/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_52.c Format_String_Attack 203 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_52c_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36529 66647/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53.c Format_String_Attack 258 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53d_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36530 66647/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53.c Format_String_Attack 243 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_53d_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36531 66648/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54.c Format_String_Attack 313 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54e_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36532 66648/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54.c Format_String_Attack 298 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_54e_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36533 66649/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_61.c Format_String_Attack 62 data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_61b_goodG2BSource(data); wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36534 66649/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_61.c Format_String_Attack 41 data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_61b_badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36535 66651/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_63.c Format_String_Attack 131 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36536 66651/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_63.c Format_String_Attack 147 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36537 66652/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_64.c Format_String_Attack 134 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36538 66652/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_64.c Format_String_Attack 153 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36539 66653/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_65.c Format_String_Attack 134 void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_65b_badSink; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_65b_badSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36540 66653/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_65.c Format_String_Attack 149 void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_65b_goodG2BSink; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_65b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36541 66654/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_66.c Format_String_Attack 137 wchar_t * dataArray[5]; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36542 66654/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_66.c Format_String_Attack 153 wchar_t * dataArray[5]; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36543 66655/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_67.c Format_String_Attack 161 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_67_structType myStruct; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36544 66655/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_67.c Format_String_Attack 145 CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_67_structType myStruct; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36545 66656/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_68.c Format_String_Attack 142 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_68b_badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_68_badData; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36546 66656/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_68.c Format_String_Attack 158 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_68b_goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_68_goodG2BData; wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36547 66660/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_81_bad.cpp Format_String_Attack 35 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36548 66660/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_81_goodG2B.cpp Format_String_Attack 35 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36549 66661/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_82_bad.cpp Format_String_Attack 35 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 36550 66661/CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_82_goodG2B.cpp Format_String_Attack 35 wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__CWE806_wchar_t_declare_snprintf_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 36551 66664/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_01.c Buffer_Overflow_cpycat 60 char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36552 66664/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_01.c Buffer_Overflow_cpycat 37 char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36553 66665/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_02.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36554 66665/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_02.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36555 66665/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_02.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36556 66666/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_03.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36557 66666/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_03.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36558 66666/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_03.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36559 66667/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_04.c Buffer_Overflow_cpycat 100 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36560 66667/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_04.c Buffer_Overflow_cpycat 78 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36561 66667/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_04.c Buffer_Overflow_cpycat 47 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36562 66668/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_05.c Buffer_Overflow_cpycat 100 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36563 66668/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_05.c Buffer_Overflow_cpycat 78 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36564 66668/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_05.c Buffer_Overflow_cpycat 47 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36565 66669/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_06.c Buffer_Overflow_cpycat 44 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36566 66669/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_06.c Buffer_Overflow_cpycat 75 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36567 66669/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_06.c Buffer_Overflow_cpycat 97 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36568 66670/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_07.c Buffer_Overflow_cpycat 99 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36569 66670/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_07.c Buffer_Overflow_cpycat 46 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36570 66670/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_07.c Buffer_Overflow_cpycat 77 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36571 66671/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_08.c Buffer_Overflow_cpycat 107 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36572 66671/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_08.c Buffer_Overflow_cpycat 54 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36573 66671/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_08.c Buffer_Overflow_cpycat 85 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36574 66672/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_09.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36575 66672/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_09.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36576 66672/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_09.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36577 66673/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_10.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36578 66673/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_10.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36579 66673/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_10.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36580 66674/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_11.c Buffer_Overflow_cpycat 93 char * data; char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36581 66674/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_11.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36582 66674/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_11.c Buffer_Overflow_cpycat 71 char * data; data[0] = '\0'; source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36583 66675/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_12.c Buffer_Overflow_cpycat 46 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36584 66675/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_12.c Buffer_Overflow_cpycat 79 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36585 66676/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_13.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36586 66676/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_13.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36587 66676/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_13.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36588 66677/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_14.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36589 66677/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_14.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36590 66677/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_14.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36591 66678/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_15.c Buffer_Overflow_cpycat 78 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36592 66678/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_15.c Buffer_Overflow_cpycat 46 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36593 66678/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_15.c Buffer_Overflow_cpycat 106 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36594 66679/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_16.c Buffer_Overflow_cpycat 68 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36595 66679/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_16.c Buffer_Overflow_cpycat 41 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36596 66680/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_17.c Buffer_Overflow_cpycat 68 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36597 66680/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_17.c Buffer_Overflow_cpycat 41 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36598 66681/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_18.c Buffer_Overflow_cpycat 64 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36599 66681/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_18.c Buffer_Overflow_cpycat 39 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36600 66682/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_31.c Buffer_Overflow_cpycat 67 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36601 66682/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_31.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36602 66683/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_32.c Buffer_Overflow_cpycat 45 char * data; char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36603 66683/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_32.c Buffer_Overflow_cpycat 77 char * data; char * *dataPtr2 = &data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36604 66685/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_34.c Buffer_Overflow_cpycat 75 CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_34_unionType myUnion; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36605 66685/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_34.c Buffer_Overflow_cpycat 47 CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36606 66686/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_41.c Buffer_Overflow_cpycat 30 char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36607 66686/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_41.c Buffer_Overflow_cpycat 58 char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36608 66687/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_44.c Buffer_Overflow_cpycat 30 char * data; void (*funcPtr) (char *) = badSink; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36609 66687/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_44.c Buffer_Overflow_cpycat 62 char * data; void (*funcPtr) (char *) = goodG2BSink; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36610 66688/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_45.c Buffer_Overflow_cpycat 34 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_45_badData = data; badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36611 66688/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_45.c Buffer_Overflow_cpycat 65 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_45_goodG2BData = data; goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36612 66689/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_51.c Buffer_Overflow_cpycat 124 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36613 66689/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_51.c Buffer_Overflow_cpycat 141 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36614 66690/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_52.c Buffer_Overflow_cpycat 190 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36615 66690/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_52.c Buffer_Overflow_cpycat 173 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36616 66691/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53.c Buffer_Overflow_cpycat 222 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36617 66691/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53.c Buffer_Overflow_cpycat 239 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36618 66692/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54.c Buffer_Overflow_cpycat 288 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36619 66692/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54.c Buffer_Overflow_cpycat 271 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36620 66693/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_63.c Buffer_Overflow_cpycat 140 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36621 66693/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_63.c Buffer_Overflow_cpycat 122 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36622 66694/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_64.c Buffer_Overflow_cpycat 125 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36623 66694/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_64.c Buffer_Overflow_cpycat 146 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36624 66695/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_65.c Buffer_Overflow_cpycat 142 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_65b_goodG2BSink; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36625 66695/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_65.c Buffer_Overflow_cpycat 125 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_65b_badSink; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36626 66696/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_66.c Buffer_Overflow_cpycat 128 char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36627 66696/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_66.c Buffer_Overflow_cpycat 146 char * data; char * dataArray[5]; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36628 66697/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_67.c Buffer_Overflow_cpycat 136 char * data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36629 66697/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_67.c Buffer_Overflow_cpycat 154 char * data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_67_structType myStruct; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36630 66698/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_68.c Buffer_Overflow_cpycat 133 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_68b_badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36631 66698/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_68.c Buffer_Overflow_cpycat 151 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36632 66702/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36633 66702/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36634 66703/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36635 66703/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cat_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36636 66704/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_01.c Buffer_Overflow_cpycat 37 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36637 66704/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_01.c Buffer_Overflow_cpycat 60 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36638 66705/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_02.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36639 66705/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_02.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36640 66705/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_02.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36641 66706/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_03.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36642 66706/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_03.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36643 66706/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_03.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36644 66707/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_04.c Buffer_Overflow_cpycat 78 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36645 66707/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_04.c Buffer_Overflow_cpycat 100 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36646 66707/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_04.c Buffer_Overflow_cpycat 47 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36647 66708/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_05.c Buffer_Overflow_cpycat 78 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36648 66708/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_05.c Buffer_Overflow_cpycat 100 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36649 66708/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_05.c Buffer_Overflow_cpycat 47 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36650 66709/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_06.c Buffer_Overflow_cpycat 75 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36651 66709/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_06.c Buffer_Overflow_cpycat 97 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36652 66709/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_06.c Buffer_Overflow_cpycat 44 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36653 66710/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_07.c Buffer_Overflow_cpycat 77 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36654 66710/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_07.c Buffer_Overflow_cpycat 99 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36655 66710/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_07.c Buffer_Overflow_cpycat 46 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36656 66711/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_08.c Buffer_Overflow_cpycat 85 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36657 66711/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_08.c Buffer_Overflow_cpycat 107 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36658 66711/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_08.c Buffer_Overflow_cpycat 54 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36659 66712/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_09.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36660 66712/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_09.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36661 66712/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_09.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36662 66713/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_10.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36663 66713/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_10.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36664 66713/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_10.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36665 66714/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_11.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36666 66714/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_11.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36667 66714/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_11.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36668 66715/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_12.c Buffer_Overflow_cpycat 46 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36669 66715/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_12.c Buffer_Overflow_cpycat 79 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36670 66716/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_13.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36671 66716/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_13.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36672 66716/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_13.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36673 66717/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_14.c Buffer_Overflow_cpycat 93 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36674 66717/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_14.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36675 66717/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_14.c Buffer_Overflow_cpycat 71 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36676 66718/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_15.c Buffer_Overflow_cpycat 106 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36677 66718/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_15.c Buffer_Overflow_cpycat 46 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36678 66718/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_15.c Buffer_Overflow_cpycat 78 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36679 66719/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_16.c Buffer_Overflow_cpycat 41 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36680 66719/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_16.c Buffer_Overflow_cpycat 68 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36681 66720/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_17.c Buffer_Overflow_cpycat 41 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36682 66720/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_17.c Buffer_Overflow_cpycat 68 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36683 66721/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_18.c Buffer_Overflow_cpycat 64 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36684 66721/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_18.c Buffer_Overflow_cpycat 39 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36685 66722/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_31.c Buffer_Overflow_cpycat 40 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36686 66722/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_31.c Buffer_Overflow_cpycat 67 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36687 66723/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_32.c Buffer_Overflow_cpycat 45 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36688 66723/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_32.c Buffer_Overflow_cpycat 77 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36689 66725/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_34.c Buffer_Overflow_cpycat 75 char * data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_34_unionType myUnion; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36690 66725/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_34.c Buffer_Overflow_cpycat 47 char * data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_34_unionType myUnion; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36691 66726/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_41.c Buffer_Overflow_cpycat 58 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36692 66726/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_41.c Buffer_Overflow_cpycat 30 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36693 66727/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_44.c Buffer_Overflow_cpycat 62 char * data; void (*funcPtr) (char *) = goodG2BSink; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36694 66727/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_44.c Buffer_Overflow_cpycat 30 char * data; void (*funcPtr) (char *) = badSink; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36695 66728/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_45.c Buffer_Overflow_cpycat 34 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_45_badData = data; badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36696 66728/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_45.c Buffer_Overflow_cpycat 65 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_45_goodG2BData = data; goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36697 66729/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_51.c Buffer_Overflow_cpycat 141 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36698 66729/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_51.c Buffer_Overflow_cpycat 124 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36699 66730/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_52.c Buffer_Overflow_cpycat 173 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36700 66730/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_52.c Buffer_Overflow_cpycat 190 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36701 66731/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53.c Buffer_Overflow_cpycat 222 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36702 66731/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53.c Buffer_Overflow_cpycat 239 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36703 66732/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54.c Buffer_Overflow_cpycat 288 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36704 66732/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54.c Buffer_Overflow_cpycat 271 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36705 66733/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_63.c Buffer_Overflow_cpycat 122 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36706 66733/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_63.c Buffer_Overflow_cpycat 140 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36707 66734/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_64.c Buffer_Overflow_cpycat 146 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36708 66734/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_64.c Buffer_Overflow_cpycat 125 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36709 66735/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_65.c Buffer_Overflow_cpycat 125 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_65b_badSink; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36710 66735/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_65.c Buffer_Overflow_cpycat 142 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_65b_goodG2BSink; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36711 66736/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_66.c Buffer_Overflow_cpycat 146 char * data; char * dataArray[5]; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36712 66736/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_66.c Buffer_Overflow_cpycat 128 char * data; char * dataArray[5]; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36713 66737/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_67.c Buffer_Overflow_cpycat 154 char * data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_67_structType myStruct; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36714 66737/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_67.c Buffer_Overflow_cpycat 136 char * data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_67_structType myStruct; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36715 66738/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_68.c Buffer_Overflow_cpycat 133 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_68b_badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36716 66738/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_68.c Buffer_Overflow_cpycat 151 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36717 66742/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36718 66742/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36719 66743/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; char * dataBadBuffer = (char *)ALLOCA(50*sizeof(char)); data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36720 66743/CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char * dataGoodBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_alloca_cpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36721 66744/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_01.c Buffer_Overflow_cpycat 60 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36722 66744/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_01.c Buffer_Overflow_cpycat 37 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36723 66745/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_02.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36724 66745/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_02.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36725 66745/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_02.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36726 66746/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_03.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36727 66746/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_03.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36728 66746/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_03.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36729 66747/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_04.c Buffer_Overflow_cpycat 100 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36730 66747/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_04.c Buffer_Overflow_cpycat 78 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36731 66747/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_04.c Buffer_Overflow_cpycat 47 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36732 66748/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_05.c Buffer_Overflow_cpycat 100 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36733 66748/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_05.c Buffer_Overflow_cpycat 78 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36734 66748/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_05.c Buffer_Overflow_cpycat 47 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36735 66749/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_06.c Buffer_Overflow_cpycat 44 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36736 66749/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_06.c Buffer_Overflow_cpycat 75 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36737 66749/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_06.c Buffer_Overflow_cpycat 97 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36738 66750/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_07.c Buffer_Overflow_cpycat 99 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36739 66750/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_07.c Buffer_Overflow_cpycat 46 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36740 66750/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_07.c Buffer_Overflow_cpycat 77 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36741 66751/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_08.c Buffer_Overflow_cpycat 107 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36742 66751/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_08.c Buffer_Overflow_cpycat 54 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36743 66751/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_08.c Buffer_Overflow_cpycat 85 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36744 66752/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_09.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36745 66752/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_09.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36746 66752/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_09.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36747 66753/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_10.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36748 66753/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_10.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36749 66753/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_10.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36750 66754/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_11.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36751 66754/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_11.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36752 66754/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_11.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36753 66755/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_12.c Buffer_Overflow_cpycat 46 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36754 66755/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_12.c Buffer_Overflow_cpycat 79 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36755 66756/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_13.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36756 66756/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_13.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36757 66756/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_13.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36758 66757/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_14.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36759 66757/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_14.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36760 66757/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_14.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36761 66758/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_15.c Buffer_Overflow_cpycat 78 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36762 66758/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_15.c Buffer_Overflow_cpycat 46 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36763 66758/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_15.c Buffer_Overflow_cpycat 106 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36764 66759/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_16.c Buffer_Overflow_cpycat 68 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36765 66759/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_16.c Buffer_Overflow_cpycat 41 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36766 66760/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_17.c Buffer_Overflow_cpycat 68 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36767 66760/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_17.c Buffer_Overflow_cpycat 41 char * data; data[0] = '\0'; source[100-1] = '\0'; strcat(data, source); char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36768 66761/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_18.c Buffer_Overflow_cpycat 64 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36769 66761/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_18.c Buffer_Overflow_cpycat 39 char * data; data[0] = '\0'; source[100-1] = '\0'; strcat(data, source); char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36770 66762/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_31.c Buffer_Overflow_cpycat 67 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36771 66762/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_31.c Buffer_Overflow_cpycat 40 char * data; data[0] = '\0'; source[100-1] = '\0'; strcat(data, source); char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36772 66763/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_32.c Buffer_Overflow_cpycat 45 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBadBuffer[50]; char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36773 66763/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_32.c Buffer_Overflow_cpycat 77 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataGoodBuffer[100]; char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36774 66765/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_34.c Buffer_Overflow_cpycat 75 CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_34_unionType myUnion; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36775 66765/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_34.c Buffer_Overflow_cpycat 47 CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_34_unionType myUnion; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36776 66766/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_41.c Buffer_Overflow_cpycat 30 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36777 66766/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_41.c Buffer_Overflow_cpycat 58 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36778 66767/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_44.c Buffer_Overflow_cpycat 30 char * data; void (*funcPtr) (char *) = badSink; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36779 66767/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_44.c Buffer_Overflow_cpycat 62 char * data; void (*funcPtr) (char *) = goodG2BSink; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36780 66768/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_45.c Buffer_Overflow_cpycat 34 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_45_badData = data; badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36781 66768/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_45.c Buffer_Overflow_cpycat 65 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_45_goodG2BData = data; goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36782 66769/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_51.c Buffer_Overflow_cpycat 124 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36783 66769/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_51.c Buffer_Overflow_cpycat 141 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36784 66770/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_52.c Buffer_Overflow_cpycat 190 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36785 66770/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_52.c Buffer_Overflow_cpycat 173 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36786 66771/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53.c Buffer_Overflow_cpycat 222 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36787 66771/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53.c Buffer_Overflow_cpycat 239 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36788 66772/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54.c Buffer_Overflow_cpycat 288 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36789 66772/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54.c Buffer_Overflow_cpycat 271 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36790 66773/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_63.c Buffer_Overflow_cpycat 140 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36791 66773/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_63.c Buffer_Overflow_cpycat 122 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36792 66774/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_64.c Buffer_Overflow_cpycat 125 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36793 66774/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_64.c Buffer_Overflow_cpycat 146 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36794 66775/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_65.c Buffer_Overflow_cpycat 142 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_65b_goodG2BSink; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_65b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36795 66775/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_65.c Buffer_Overflow_cpycat 125 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_65b_badSink; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36796 66776/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_66.c Buffer_Overflow_cpycat 128 char * data; char * dataArray[5]; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36797 66776/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_66.c Buffer_Overflow_cpycat 146 char * data; char * dataArray[5]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36798 66777/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_67.c Buffer_Overflow_cpycat 136 char * data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_67_structType myStruct; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36799 66777/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_67.c Buffer_Overflow_cpycat 154 char * data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_67_structType myStruct; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36800 66778/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_68.c Buffer_Overflow_cpycat 133 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_68b_badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36801 66778/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_68.c Buffer_Overflow_cpycat 151 char * data; char dataGoodBuffer[100]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36802 66782/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36803 66782/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36804 66783/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 36805 66783/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cat_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 36806 66784/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_01.c Buffer_Overflow_cpycat 37 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36807 66784/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_01.c Buffer_Overflow_cpycat 60 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36808 66785/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_02.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36809 66785/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_02.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36810 66785/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_02.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36811 66786/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_03.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36812 66786/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_03.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36813 66786/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_03.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36814 66787/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_04.c Buffer_Overflow_cpycat 78 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36815 66787/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_04.c Buffer_Overflow_cpycat 100 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36816 66787/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_04.c Buffer_Overflow_cpycat 47 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36817 66788/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_05.c Buffer_Overflow_cpycat 78 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36818 66788/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_05.c Buffer_Overflow_cpycat 100 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36819 66788/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_05.c Buffer_Overflow_cpycat 47 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36820 66789/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_06.c Buffer_Overflow_cpycat 75 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36821 66789/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_06.c Buffer_Overflow_cpycat 97 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36822 66789/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_06.c Buffer_Overflow_cpycat 44 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36823 66790/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_07.c Buffer_Overflow_cpycat 77 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36824 66790/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_07.c Buffer_Overflow_cpycat 99 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36825 66790/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_07.c Buffer_Overflow_cpycat 46 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36826 66791/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_08.c Buffer_Overflow_cpycat 85 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36827 66791/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_08.c Buffer_Overflow_cpycat 107 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36828 66791/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_08.c Buffer_Overflow_cpycat 54 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36829 66792/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_09.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36830 66792/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_09.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36831 66792/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_09.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36832 66793/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_10.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36833 66793/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_10.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36834 66793/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_10.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36835 66794/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_11.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36836 66794/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_11.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36837 66794/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_11.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36838 66795/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_12.c Buffer_Overflow_cpycat 46 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36839 66795/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_12.c Buffer_Overflow_cpycat 79 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36840 66796/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_13.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36841 66796/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_13.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36842 66796/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_13.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36843 66797/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_14.c Buffer_Overflow_cpycat 93 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36844 66797/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_14.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36845 66797/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_14.c Buffer_Overflow_cpycat 71 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36846 66798/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_15.c Buffer_Overflow_cpycat 106 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36847 66798/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_15.c Buffer_Overflow_cpycat 46 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36848 66798/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_15.c Buffer_Overflow_cpycat 78 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36849 66799/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_16.c Buffer_Overflow_cpycat 41 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36850 66799/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_16.c Buffer_Overflow_cpycat 68 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36851 66800/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_17.c Buffer_Overflow_cpycat 41 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36852 66800/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_17.c Buffer_Overflow_cpycat 68 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36853 66801/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_18.c Buffer_Overflow_cpycat 64 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36854 66801/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_18.c Buffer_Overflow_cpycat 39 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36855 66802/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_31.c Buffer_Overflow_cpycat 40 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36856 66802/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_31.c Buffer_Overflow_cpycat 67 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char * dataCopy = data; char * data = dataCopy; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36857 66803/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_32.c Buffer_Overflow_cpycat 45 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBadBuffer[50]; char * data = *dataPtr1; data = dataBadBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36858 66803/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_32.c Buffer_Overflow_cpycat 77 char * data; char * *dataPtr2 = &data; char dataGoodBuffer[100]; char * data = *dataPtr1; data = dataGoodBuffer; data[0] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36859 66805/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_34.c Buffer_Overflow_cpycat 75 CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_34_unionType myUnion; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36860 66805/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_34.c Buffer_Overflow_cpycat 47 CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_34_unionType myUnion; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; char * data = myUnion.unionSecond; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36861 66806/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_41.c Buffer_Overflow_cpycat 58 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_41_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36862 66806/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_41.c Buffer_Overflow_cpycat 30 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_41_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36863 66807/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_44.c Buffer_Overflow_cpycat 62 char * data; void (*funcPtr) (char *) = goodG2BSink; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36864 66807/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_44.c Buffer_Overflow_cpycat 30 char * data; void (*funcPtr) (char *) = badSink; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; funcPtr(data); static void badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36865 66808/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_45.c Buffer_Overflow_cpycat 34 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_45_badData = data; badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_45_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36866 66808/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_45.c Buffer_Overflow_cpycat 65 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_45_goodG2BData = data; goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_45_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36867 66809/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_51.c Buffer_Overflow_cpycat 141 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_51b_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36868 66809/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_51.c Buffer_Overflow_cpycat 124 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_51b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36869 66810/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_52.c Buffer_Overflow_cpycat 173 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_52c_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36870 66810/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_52.c Buffer_Overflow_cpycat 190 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_52c_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36871 66811/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53.c Buffer_Overflow_cpycat 222 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53d_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36872 66811/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53.c Buffer_Overflow_cpycat 239 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_53d_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36873 66812/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54.c Buffer_Overflow_cpycat 288 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54e_goodG2BSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36874 66812/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54.c Buffer_Overflow_cpycat 271 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_54e_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36875 66813/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_63.c Buffer_Overflow_cpycat 122 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36876 66813/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_63.c Buffer_Overflow_cpycat 140 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36877 66814/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_64.c Buffer_Overflow_cpycat 146 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36878 66814/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_64.c Buffer_Overflow_cpycat 125 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36879 66815/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_65.c Buffer_Overflow_cpycat 125 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_65b_badSink; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_65b_badSink(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36880 66815/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_65.c Buffer_Overflow_cpycat 142 void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_65b_goodG2BSink(char * data) source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36881 66816/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_66.c Buffer_Overflow_cpycat 146 char * data; char * dataArray[5]; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36882 66816/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_66.c Buffer_Overflow_cpycat 128 char * data; char * dataArray[5]; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36883 66817/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_67.c Buffer_Overflow_cpycat 154 char * data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_67_structType myStruct; char dataGoodBuffer[100]; data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36884 66817/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_67.c Buffer_Overflow_cpycat 136 char * data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_67_structType myStruct; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_67_structType myStruct) char * data = myStruct.structFirst; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36885 66818/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_68.c Buffer_Overflow_cpycat 133 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_68b_badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_68_badData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36886 66818/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_68.c Buffer_Overflow_cpycat 151 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_68_goodG2BData; char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36887 66822/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36888 66822/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36889 66823/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; char dataBadBuffer[50]; data = dataBadBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 36890 66823/CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; char dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = '\0'; CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_char_declare_cpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 36891 66864/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_01.c Buffer_Overflow_cpycat 60 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36892 66864/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_01.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36893 66865/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36894 66865/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36895 66865/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36896 66866/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36897 66866/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36898 66866/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36899 66867/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 78 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36900 66867/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 100 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36901 66867/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36902 66868/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 78 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36903 66868/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 100 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36904 66868/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 47 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36905 66869/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 97 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36906 66869/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36907 66869/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 75 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36908 66870/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36909 66870/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 77 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36910 66870/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 99 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36911 66871/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 54 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36912 66871/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 85 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36913 66871/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 107 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36914 66872/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36915 66872/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36916 66872/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36917 66873/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36918 66873/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36919 66873/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36920 66874/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36921 66874/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36922 66874/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36923 66875/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_12.c Buffer_Overflow_cpycat 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36924 66875/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_12.c Buffer_Overflow_cpycat 79 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36925 66876/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36926 66876/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36927 66876/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36928 66877/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36929 66877/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36930 66877/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36931 66878/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 78 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36932 66878/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 46 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36933 66878/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 106 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36934 66879/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_16.c Buffer_Overflow_cpycat 41 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36935 66879/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_16.c Buffer_Overflow_cpycat 68 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36936 66880/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_17.c Buffer_Overflow_cpycat 41 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36937 66880/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_17.c Buffer_Overflow_cpycat 68 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36938 66881/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_18.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36939 66881/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_18.c Buffer_Overflow_cpycat 64 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36940 66882/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_31.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36941 66882/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_31.c Buffer_Overflow_cpycat 67 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36942 66883/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_32.c Buffer_Overflow_cpycat 45 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); wchar_t * data = *dataPtr1; data = dataBadBuffer; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36943 66883/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_32.c Buffer_Overflow_cpycat 77 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); wchar_t * data = *dataPtr1; data = dataGoodBuffer; data[0] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36944 66885/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_34.c Buffer_Overflow_cpycat 47 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_34_unionType myUnion; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36945 66885/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_34.c Buffer_Overflow_cpycat 75 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_34_unionType myUnion; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36946 66886/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_41.c Buffer_Overflow_cpycat 30 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_41_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36947 66886/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_41.c Buffer_Overflow_cpycat 58 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_41_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36948 66887/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_44.c Buffer_Overflow_cpycat 30 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36949 66887/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_44.c Buffer_Overflow_cpycat 62 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36950 66888/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_45.c Buffer_Overflow_cpycat 65 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_45_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36951 66888/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_45.c Buffer_Overflow_cpycat 34 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_45_badData = data; badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_45_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36952 66889/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_51.c Buffer_Overflow_cpycat 124 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_51b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36953 66889/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_51.c Buffer_Overflow_cpycat 141 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36954 66890/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_52.c Buffer_Overflow_cpycat 190 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36955 66890/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_52.c Buffer_Overflow_cpycat 173 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_52c_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36956 66891/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53.c Buffer_Overflow_cpycat 222 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53d_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36957 66891/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53.c Buffer_Overflow_cpycat 239 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36958 66892/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54.c Buffer_Overflow_cpycat 271 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54e_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36959 66892/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54.c Buffer_Overflow_cpycat 288 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36960 66893/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_63.c Buffer_Overflow_cpycat 140 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36961 66893/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_63.c Buffer_Overflow_cpycat 122 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36962 66894/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_64.c Buffer_Overflow_cpycat 146 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36963 66894/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_64.c Buffer_Overflow_cpycat 125 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36964 66895/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_65.c Buffer_Overflow_cpycat 142 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_65b_goodG2BSink; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36965 66895/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_65.c Buffer_Overflow_cpycat 125 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_65b_badSink; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_65b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36966 66896/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_66.c Buffer_Overflow_cpycat 146 data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_66b_goodG2BSink(dataArray); source[100-1] = L'\0'; wcscpy(data, source); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wcscpy(data, source); 0 --------------------------------- 36967 66896/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_66.c Buffer_Overflow_cpycat 128 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36968 66897/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_67.c Buffer_Overflow_cpycat 154 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_67_structType myStruct; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36969 66897/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_67.c Buffer_Overflow_cpycat 136 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_67_structType myStruct; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36970 66898/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_68.c Buffer_Overflow_cpycat 151 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_68b_goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36971 66898/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_68.c Buffer_Overflow_cpycat 133 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_68b_badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36972 66902/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36973 66902/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36974 66903/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t * dataBadBuffer = (wchar_t *)ALLOCA(50*sizeof(wchar_t)); data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36975 66903/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t * dataGoodBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_alloca_cpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36976 66944/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_01.c Buffer_Overflow_cpycat 60 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36977 66944/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_01.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36978 66945/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36979 66945/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36980 66945/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36981 66946/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36982 66946/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36983 66946/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36984 66947/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 78 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36985 66947/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 100 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36986 66947/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 47 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36987 66948/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 78 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36988 66948/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 100 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36989 66948/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 47 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36990 66949/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 97 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36991 66949/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36992 66949/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 75 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36993 66950/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 46 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36994 66950/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 77 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36995 66950/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 99 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36996 66951/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 54 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 36997 66951/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 85 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36998 66951/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 107 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 36999 66952/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37000 66952/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37001 66952/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37002 66953/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37003 66953/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37004 66953/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37005 66954/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37006 66954/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37007 66954/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37008 66955/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_12.c Buffer_Overflow_cpycat 46 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37009 66955/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_12.c Buffer_Overflow_cpycat 79 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37010 66956/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37011 66956/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37012 66956/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37013 66957/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 71 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37014 66957/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37015 66957/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37016 66958/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 78 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37017 66958/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 46 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37018 66958/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 106 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37019 66959/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_16.c Buffer_Overflow_cpycat 41 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37020 66959/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_16.c Buffer_Overflow_cpycat 68 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37021 66960/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_17.c Buffer_Overflow_cpycat 41 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37022 66960/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_17.c Buffer_Overflow_cpycat 68 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37023 66961/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_18.c Buffer_Overflow_cpycat 39 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37024 66961/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_18.c Buffer_Overflow_cpycat 64 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37025 66962/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_31.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37026 66962/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_31.c Buffer_Overflow_cpycat 67 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37027 66963/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_32.c Buffer_Overflow_cpycat 45 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBadBuffer[50]; wchar_t * data = *dataPtr1; data = dataBadBuffer; data[0] = L'\0'; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37028 66963/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_32.c Buffer_Overflow_cpycat 77 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataGoodBuffer[100]; wchar_t * data = *dataPtr1; data = dataGoodBuffer; data[0] = L'\0'; wchar_t * data = *dataPtr2; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37029 66965/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_34.c Buffer_Overflow_cpycat 47 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_34_unionType myUnion; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37030 66965/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_34.c Buffer_Overflow_cpycat 75 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_34_unionType myUnion; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; wchar_t * data = myUnion.unionSecond; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37031 66966/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_41.c Buffer_Overflow_cpycat 30 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_41_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37032 66966/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_41.c Buffer_Overflow_cpycat 58 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_41_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37033 66967/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_44.c Buffer_Overflow_cpycat 30 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37034 66967/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_44.c Buffer_Overflow_cpycat 62 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37035 66968/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_45.c Buffer_Overflow_cpycat 65 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_45_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37036 66968/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_45.c Buffer_Overflow_cpycat 34 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_45_badData = data; badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_45_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37037 66969/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_51.c Buffer_Overflow_cpycat 124 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_51b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37038 66969/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_51.c Buffer_Overflow_cpycat 141 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_51b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37039 66970/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_52.c Buffer_Overflow_cpycat 190 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_52c_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37040 66970/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_52.c Buffer_Overflow_cpycat 173 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_52c_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37041 66971/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53.c Buffer_Overflow_cpycat 222 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53d_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37042 66971/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53.c Buffer_Overflow_cpycat 239 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_53d_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37043 66972/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54.c Buffer_Overflow_cpycat 271 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54c_badSink(data); } void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54e_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37044 66972/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54.c Buffer_Overflow_cpycat 288 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_54e_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37045 66973/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_63.c Buffer_Overflow_cpycat 140 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37046 66973/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_63.c Buffer_Overflow_cpycat 122 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37047 66974/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_64.c Buffer_Overflow_cpycat 146 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37048 66974/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_64.c Buffer_Overflow_cpycat 125 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37049 66975/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_65.c Buffer_Overflow_cpycat 142 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_65b_goodG2BSink; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_65b_goodG2BSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37050 66975/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_65.c Buffer_Overflow_cpycat 125 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_65b_badSink; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_65b_badSink(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37051 66976/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_66.c Buffer_Overflow_cpycat 146 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37052 66976/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_66.c Buffer_Overflow_cpycat 128 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37053 66977/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_67.c Buffer_Overflow_cpycat 154 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_67_structType myStruct; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37054 66977/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_67.c Buffer_Overflow_cpycat 136 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_67_structType myStruct; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37055 66978/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_68.c Buffer_Overflow_cpycat 151 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_68b_goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_68_goodG2BData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37056 66978/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_68.c Buffer_Overflow_cpycat 133 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_68b_badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_68_badData; wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37057 66982/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37058 66982/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37059 66983/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t dataBadBuffer[50]; data = dataBadBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37060 66983/CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; wchar_t dataGoodBuffer[100]; data = dataGoodBuffer; data[0] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__dest_wchar_t_declare_cpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37061 67064/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_01.c Buffer_Overflow_cpycat 34 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37062 67064/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_01.c Buffer_Overflow_cpycat 55 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37063 67065/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_02.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37064 67065/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_02.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37065 67065/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_02.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37066 67066/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_03.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37067 67066/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_03.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37068 67066/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_03.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37069 67067/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_04.c Buffer_Overflow_cpycat 44 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37070 67067/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_04.c Buffer_Overflow_cpycat 73 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37071 67067/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_04.c Buffer_Overflow_cpycat 93 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37072 67068/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_05.c Buffer_Overflow_cpycat 44 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37073 67068/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_05.c Buffer_Overflow_cpycat 73 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37074 67068/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_05.c Buffer_Overflow_cpycat 93 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37075 67069/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_06.c Buffer_Overflow_cpycat 41 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37076 67069/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_06.c Buffer_Overflow_cpycat 90 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37077 67069/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_06.c Buffer_Overflow_cpycat 70 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37078 67070/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_07.c Buffer_Overflow_cpycat 43 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37079 67070/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_07.c Buffer_Overflow_cpycat 92 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37080 67070/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_07.c Buffer_Overflow_cpycat 72 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37081 67071/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_08.c Buffer_Overflow_cpycat 51 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37082 67071/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_08.c Buffer_Overflow_cpycat 100 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37083 67071/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_08.c Buffer_Overflow_cpycat 80 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37084 67072/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_09.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37085 67072/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_09.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37086 67072/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_09.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37087 67073/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_10.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37088 67073/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_10.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37089 67073/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_10.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37090 67074/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_11.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37091 67074/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_11.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37092 67074/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_11.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37093 67075/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_12.c Buffer_Overflow_cpycat 43 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37094 67075/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_12.c Buffer_Overflow_cpycat 74 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37095 67076/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_13.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37096 67076/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_13.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37097 67076/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_13.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37098 67077/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_14.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37099 67077/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_14.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37100 67077/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_14.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37101 67078/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_15.c Buffer_Overflow_cpycat 43 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37102 67078/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_15.c Buffer_Overflow_cpycat 99 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37103 67078/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_15.c Buffer_Overflow_cpycat 73 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37104 67079/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_16.c Buffer_Overflow_cpycat 63 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37105 67079/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_16.c Buffer_Overflow_cpycat 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37106 67080/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_17.c Buffer_Overflow_cpycat 63 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37107 67080/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_17.c Buffer_Overflow_cpycat 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37108 67081/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_18.c Buffer_Overflow_cpycat 59 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37109 67081/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_18.c Buffer_Overflow_cpycat 36 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37110 67082/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_21.c Buffer_Overflow_cpycat 87 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37111 67082/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_21.c Buffer_Overflow_cpycat 114 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37112 67082/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_21.c Buffer_Overflow_cpycat 47 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37113 67083/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_22.c Buffer_Overflow_cpycat 82 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_22_goodG2B2Global = 1; data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_22_goodG2B2Source(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_22_goodG2B2Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37114 67083/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_22.c Buffer_Overflow_cpycat 64 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_22_goodG2B1Global = 0; data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_22_goodG2B1Source(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_22_goodG2B1Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37115 67083/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_22.c Buffer_Overflow_cpycat 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_22_badGlobal = 1; data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_22_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_22_badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37116 67084/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_31.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37117 67084/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_31.c Buffer_Overflow_cpycat 62 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37118 67085/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_32.c Buffer_Overflow_cpycat 42 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char * data = *dataPtr1; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = *dataPtr2; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37119 67085/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_32.c Buffer_Overflow_cpycat 72 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char * data = *dataPtr1; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = *dataPtr2; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37120 67087/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_34.c Buffer_Overflow_cpycat 44 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = myUnion.unionSecond; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37121 67087/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_34.c Buffer_Overflow_cpycat 70 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = myUnion.unionSecond; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37122 67088/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_41.c Buffer_Overflow_cpycat 28 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_41_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37123 67088/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_41.c Buffer_Overflow_cpycat 53 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_41_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37124 67089/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_42.c Buffer_Overflow_cpycat 67 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37125 67089/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_42.c Buffer_Overflow_cpycat 40 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37126 67091/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_44.c Buffer_Overflow_cpycat 28 char * data; void (*funcPtr) (char *) = badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37127 67091/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_44.c Buffer_Overflow_cpycat 57 char * data; void (*funcPtr) (char *) = goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37128 67092/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_45.c Buffer_Overflow_cpycat 60 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_45_goodG2BData = data; goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_45_goodG2BData; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37129 67092/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_45.c Buffer_Overflow_cpycat 32 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_45_badData = data; badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_45_badData; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37130 67093/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_51.c Buffer_Overflow_cpycat 121 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_51b_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37131 67093/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_51.c Buffer_Overflow_cpycat 136 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_51b_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37132 67094/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_52.c Buffer_Overflow_cpycat 185 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_52c_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37133 67094/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_52.c Buffer_Overflow_cpycat 170 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_52c_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37134 67095/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53.c Buffer_Overflow_cpycat 219 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53d_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37135 67095/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53.c Buffer_Overflow_cpycat 234 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_53d_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37136 67096/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54.c Buffer_Overflow_cpycat 283 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54e_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37137 67096/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54.c Buffer_Overflow_cpycat 268 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_54e_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37138 67097/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_61.c Buffer_Overflow_cpycat 35 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_61b_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_61b_badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37139 67097/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_61.c Buffer_Overflow_cpycat 56 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_61b_goodG2BSource(data); memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37140 67099/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_63.c Buffer_Overflow_cpycat 135 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37141 67099/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_63.c Buffer_Overflow_cpycat 119 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37142 67100/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_64.c Buffer_Overflow_cpycat 122 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37143 67100/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_64.c Buffer_Overflow_cpycat 141 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37144 67101/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_65.c Buffer_Overflow_cpycat 137 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_65b_goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_65b_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37145 67101/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_65.c Buffer_Overflow_cpycat 122 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_65b_badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_65b_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37146 67102/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_66.c Buffer_Overflow_cpycat 141 char * data; char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37147 67102/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_66.c Buffer_Overflow_cpycat 125 char * data; char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37148 67103/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_67.c Buffer_Overflow_cpycat 133 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37149 67103/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_67.c Buffer_Overflow_cpycat 149 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37150 67104/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_68.c Buffer_Overflow_cpycat 146 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_68_goodG2BData; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37151 67104/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_68.c Buffer_Overflow_cpycat 130 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_68b_badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_68_badData; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37152 67108/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_81_bad.cpp Buffer_Overflow_cpycat 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_81_bad::action(char * data) const char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37153 67108/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_81_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_81_goodG2B::action(char * data) const char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37154 67109/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_82_bad.cpp Buffer_Overflow_cpycat 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_82_bad::action(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37155 67109/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_82_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cat_82_goodG2B::action(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37156 67112/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_01.c Buffer_Overflow_cpycat 34 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37157 67112/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_01.c Buffer_Overflow_cpycat 55 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37158 67113/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_02.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37159 67113/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_02.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37160 67113/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_02.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37161 67114/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_03.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37162 67114/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_03.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37163 67114/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_03.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37164 67115/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_04.c Buffer_Overflow_cpycat 73 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37165 67115/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_04.c Buffer_Overflow_cpycat 93 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37166 67115/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_04.c Buffer_Overflow_cpycat 44 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37167 67116/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_05.c Buffer_Overflow_cpycat 73 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37168 67116/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_05.c Buffer_Overflow_cpycat 93 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37169 67116/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_05.c Buffer_Overflow_cpycat 44 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37170 67117/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_06.c Buffer_Overflow_cpycat 41 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37171 67117/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_06.c Buffer_Overflow_cpycat 70 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37172 67117/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_06.c Buffer_Overflow_cpycat 90 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37173 67118/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_07.c Buffer_Overflow_cpycat 43 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37174 67118/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_07.c Buffer_Overflow_cpycat 72 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37175 67118/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_07.c Buffer_Overflow_cpycat 92 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37176 67119/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_08.c Buffer_Overflow_cpycat 51 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37177 67119/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_08.c Buffer_Overflow_cpycat 80 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37178 67119/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_08.c Buffer_Overflow_cpycat 100 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37179 67120/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_09.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37180 67120/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_09.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37181 67120/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_09.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37182 67121/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_10.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37183 67121/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_10.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37184 67121/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_10.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37185 67122/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_11.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37186 67122/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_11.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37187 67122/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_11.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37188 67123/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_12.c Buffer_Overflow_cpycat 43 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37189 67123/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_12.c Buffer_Overflow_cpycat 74 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37190 67124/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_13.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37191 67124/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_13.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37192 67124/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_13.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37193 67125/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_14.c Buffer_Overflow_cpycat 86 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37194 67125/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_14.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37195 67125/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_14.c Buffer_Overflow_cpycat 66 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37196 67126/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_15.c Buffer_Overflow_cpycat 73 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37197 67126/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_15.c Buffer_Overflow_cpycat 43 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37198 67126/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_15.c Buffer_Overflow_cpycat 99 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37199 67127/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_16.c Buffer_Overflow_cpycat 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37200 67127/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_16.c Buffer_Overflow_cpycat 63 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37201 67128/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_17.c Buffer_Overflow_cpycat 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37202 67128/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_17.c Buffer_Overflow_cpycat 63 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37203 67129/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_18.c Buffer_Overflow_cpycat 59 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37204 67129/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_18.c Buffer_Overflow_cpycat 36 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37205 67130/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_21.c Buffer_Overflow_cpycat 87 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37206 67130/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_21.c Buffer_Overflow_cpycat 47 char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37207 67130/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_21.c Buffer_Overflow_cpycat 114 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37208 67131/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_22.c Buffer_Overflow_cpycat 38 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_22_badGlobal = 1; data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_22_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_22_badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37209 67131/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_22.c Buffer_Overflow_cpycat 64 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_22_goodG2B1Source(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_22_goodG2B1Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37210 67131/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_22.c Buffer_Overflow_cpycat 82 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_22_goodG2B2Source(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_22_goodG2B2Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37211 67132/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_31.c Buffer_Overflow_cpycat 62 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37212 67132/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_31.c Buffer_Overflow_cpycat 37 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37213 67133/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_32.c Buffer_Overflow_cpycat 72 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char * data = *dataPtr1; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = *dataPtr2; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37214 67133/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_32.c Buffer_Overflow_cpycat 42 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; char * data = *dataPtr1; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = *dataPtr2; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37215 67135/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_34.c Buffer_Overflow_cpycat 70 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = myUnion.unionSecond; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37216 67135/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_34.c Buffer_Overflow_cpycat 44 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_34_unionType myUnion; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = myUnion.unionSecond; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37217 67136/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_41.c Buffer_Overflow_cpycat 53 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_41_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37218 67136/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_41.c Buffer_Overflow_cpycat 28 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_41_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37219 67137/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_42.c Buffer_Overflow_cpycat 67 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37220 67137/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_42.c Buffer_Overflow_cpycat 40 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37221 67139/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_44.c Buffer_Overflow_cpycat 57 char * data; void (*funcPtr) (char *) = goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37222 67139/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_44.c Buffer_Overflow_cpycat 28 char * data; void (*funcPtr) (char *) = badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37223 67140/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_45.c Buffer_Overflow_cpycat 32 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_45_badData = data; badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_45_badData; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37224 67140/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_45.c Buffer_Overflow_cpycat 60 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_45_goodG2BData = data; goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_45_goodG2BData; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37225 67141/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_51.c Buffer_Overflow_cpycat 121 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_51b_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37226 67141/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_51.c Buffer_Overflow_cpycat 136 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_51b_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37227 67142/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_52.c Buffer_Overflow_cpycat 185 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_52c_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37228 67142/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_52.c Buffer_Overflow_cpycat 170 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_52c_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37229 67143/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53.c Buffer_Overflow_cpycat 219 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53d_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37230 67143/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53.c Buffer_Overflow_cpycat 234 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_53d_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37231 67144/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54.c Buffer_Overflow_cpycat 283 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54e_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37232 67144/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54.c Buffer_Overflow_cpycat 268 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_54e_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37233 67145/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_61.c Buffer_Overflow_cpycat 35 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_61b_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_61b_badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37234 67145/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_61.c Buffer_Overflow_cpycat 56 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_61b_goodG2BSource(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_61b_goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37235 67147/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_63.c Buffer_Overflow_cpycat 135 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37236 67147/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_63.c Buffer_Overflow_cpycat 119 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37237 67148/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_64.c Buffer_Overflow_cpycat 141 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37238 67148/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_64.c Buffer_Overflow_cpycat 122 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37239 67149/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_65.c Buffer_Overflow_cpycat 137 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_65b_goodG2BSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_65b_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37240 67149/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_65.c Buffer_Overflow_cpycat 122 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_65b_badSink; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_65b_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37241 67150/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_66.c Buffer_Overflow_cpycat 141 char * data; char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37242 67150/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_66.c Buffer_Overflow_cpycat 125 char * data; char * dataArray[5]; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37243 67151/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_67.c Buffer_Overflow_cpycat 133 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37244 67151/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_67.c Buffer_Overflow_cpycat 149 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_67_structType myStruct; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37245 67152/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_68.c Buffer_Overflow_cpycat 146 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_68_goodG2BData; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37246 67152/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_68.c Buffer_Overflow_cpycat 130 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_68b_badSink() char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_68_badData; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37247 67156/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_81_bad::action(char * data) const char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37248 67156/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_81_goodG2B::action(char * data) const char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37249 67157/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_82_bad.cpp Buffer_Overflow_cpycat 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_82_bad::action(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37250 67157/CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; char * dataBuffer = (char *)ALLOCA(100*sizeof(char)); data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_alloca_cpy_82_goodG2B::action(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37251 67160/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_01.c Buffer_Overflow_cpycat 34 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37252 67160/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_01.c Buffer_Overflow_cpycat 55 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37253 67161/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_02.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37254 67161/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_02.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37255 67161/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_02.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37256 67162/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_03.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37257 67162/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_03.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37258 67162/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_03.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37259 67163/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_04.c Buffer_Overflow_cpycat 44 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37260 67163/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_04.c Buffer_Overflow_cpycat 73 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37261 67163/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_04.c Buffer_Overflow_cpycat 93 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37262 67164/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_05.c Buffer_Overflow_cpycat 44 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37263 67164/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_05.c Buffer_Overflow_cpycat 73 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37264 67164/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_05.c Buffer_Overflow_cpycat 93 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37265 67165/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_06.c Buffer_Overflow_cpycat 41 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37266 67165/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_06.c Buffer_Overflow_cpycat 90 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37267 67165/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_06.c Buffer_Overflow_cpycat 70 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37268 67166/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_07.c Buffer_Overflow_cpycat 43 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37269 67166/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_07.c Buffer_Overflow_cpycat 92 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37270 67166/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_07.c Buffer_Overflow_cpycat 72 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37271 67167/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_08.c Buffer_Overflow_cpycat 51 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37272 67167/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_08.c Buffer_Overflow_cpycat 100 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37273 67167/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_08.c Buffer_Overflow_cpycat 80 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37274 67168/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_09.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37275 67168/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_09.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37276 67168/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_09.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37277 67169/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_10.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37278 67169/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_10.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37279 67169/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_10.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37280 67170/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_11.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37281 67170/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_11.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37282 67170/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_11.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37283 67171/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_12.c Buffer_Overflow_cpycat 43 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37284 67171/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_12.c Buffer_Overflow_cpycat 74 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37285 67172/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_13.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37286 67172/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_13.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37287 67172/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_13.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37288 67173/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_14.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37289 67173/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_14.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37290 67173/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_14.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37291 67174/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_15.c Buffer_Overflow_cpycat 43 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37292 67174/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_15.c Buffer_Overflow_cpycat 99 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37293 67174/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_15.c Buffer_Overflow_cpycat 73 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37294 67175/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_16.c Buffer_Overflow_cpycat 63 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37295 67175/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_16.c Buffer_Overflow_cpycat 38 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37296 67176/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_17.c Buffer_Overflow_cpycat 63 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37297 67176/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_17.c Buffer_Overflow_cpycat 38 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37298 67177/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_18.c Buffer_Overflow_cpycat 59 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37299 67177/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_18.c Buffer_Overflow_cpycat 36 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37300 67178/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_21.c Buffer_Overflow_cpycat 87 char * data; char dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37301 67178/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_21.c Buffer_Overflow_cpycat 114 char * data; char dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37302 67178/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_21.c Buffer_Overflow_cpycat 47 char * data; char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37303 67179/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_22.c Buffer_Overflow_cpycat 82 char * data; char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_22_goodG2B2Source(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_22_goodG2B2Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37304 67179/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_22.c Buffer_Overflow_cpycat 64 char * data; char dataBuffer[100]; data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_22_goodG2B1Global = 0; data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_22_goodG2B1Source(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_22_goodG2B1Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37305 67179/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_22.c Buffer_Overflow_cpycat 38 char * data; char dataBuffer[100]; data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_22_badGlobal = 1; data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_22_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_22_badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37306 67180/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_31.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37307 67180/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_31.c Buffer_Overflow_cpycat 62 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37308 67181/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_32.c Buffer_Overflow_cpycat 42 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; memset(data, 'A', 100-1); data[100-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37309 67181/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_32.c Buffer_Overflow_cpycat 72 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; memset(data, 'A', 50-1); data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37310 67183/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_34.c Buffer_Overflow_cpycat 44 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = myUnion.unionSecond; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37311 67183/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_34.c Buffer_Overflow_cpycat 70 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = myUnion.unionSecond; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37312 67184/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_41.c Buffer_Overflow_cpycat 28 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_41_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37313 67184/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_41.c Buffer_Overflow_cpycat 53 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_41_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37314 67185/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_42.c Buffer_Overflow_cpycat 67 char * data; char dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37315 67185/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_42.c Buffer_Overflow_cpycat 40 char * data; char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37316 67187/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_44.c Buffer_Overflow_cpycat 28 char * data; void (*funcPtr) (char *) = badSink; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37317 67187/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_44.c Buffer_Overflow_cpycat 57 char * data; void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37318 67188/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_45.c Buffer_Overflow_cpycat 60 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_45_goodG2BData = data; goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_45_goodG2BData; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37319 67188/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_45.c Buffer_Overflow_cpycat 32 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_45_badData = data; badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_45_badData; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37320 67189/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_51.c Buffer_Overflow_cpycat 121 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_51b_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37321 67189/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_51.c Buffer_Overflow_cpycat 136 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_51b_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37322 67190/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_52.c Buffer_Overflow_cpycat 185 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_52c_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37323 67190/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_52.c Buffer_Overflow_cpycat 170 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_52c_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37324 67191/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53.c Buffer_Overflow_cpycat 219 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53d_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37325 67191/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53.c Buffer_Overflow_cpycat 234 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_53d_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37326 67192/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54.c Buffer_Overflow_cpycat 283 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54e_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37327 67192/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54.c Buffer_Overflow_cpycat 268 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_54e_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37328 67193/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_61.c Buffer_Overflow_cpycat 35 char * data; char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_61b_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_61b_badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37329 67193/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_61.c Buffer_Overflow_cpycat 56 char * data; char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_61b_goodG2BSource(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_61b_goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37330 67195/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_63.c Buffer_Overflow_cpycat 135 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37331 67195/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_63.c Buffer_Overflow_cpycat 119 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37332 67196/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_64.c Buffer_Overflow_cpycat 122 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37333 67196/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_64.c Buffer_Overflow_cpycat 141 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37334 67197/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_65.c Buffer_Overflow_cpycat 137 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_65b_goodG2BSink; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_65b_goodG2BSink(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37335 67197/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_65.c Buffer_Overflow_cpycat 122 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_65b_badSink; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_65b_badSink(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37336 67198/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_66.c Buffer_Overflow_cpycat 141 char * data; char * dataArray[5]; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37337 67198/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_66.c Buffer_Overflow_cpycat 125 char * data; char * dataArray[5]; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37338 67199/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_67.c Buffer_Overflow_cpycat 133 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37339 67199/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_67.c Buffer_Overflow_cpycat 149 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37340 67200/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_68.c Buffer_Overflow_cpycat 146 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_68_goodG2BData; char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37341 67200/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_68.c Buffer_Overflow_cpycat 130 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_68b_badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_68_badData; char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37342 67204/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_81_bad.cpp Buffer_Overflow_cpycat 29 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_81_bad::action(char * data) const char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37343 67204/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_81_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_81_goodG2B::action(char * data) const char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37344 67205/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_82_bad.cpp Buffer_Overflow_cpycat 29 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_82_bad; baseObject->action(data); delete baseObject; void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_82_bad::action(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37345 67205/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_82_bad.cpp String_Termination_Error 29 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cat_82_bad::action(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37346 67208/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_01.c Buffer_Overflow_cpycat 34 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37347 67208/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_01.c Buffer_Overflow_cpycat 55 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37348 67209/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_02.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37349 67209/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_02.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37350 67209/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_02.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37351 67210/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_03.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37352 67210/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_03.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37353 67210/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_03.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37354 67211/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_04.c Buffer_Overflow_cpycat 73 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37355 67211/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_04.c Buffer_Overflow_cpycat 93 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37356 67211/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_04.c Buffer_Overflow_cpycat 44 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37357 67212/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_05.c Buffer_Overflow_cpycat 73 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37358 67212/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_05.c Buffer_Overflow_cpycat 93 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37359 67212/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_05.c Buffer_Overflow_cpycat 44 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37360 67213/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_06.c Buffer_Overflow_cpycat 41 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37361 67213/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_06.c Buffer_Overflow_cpycat 70 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37362 67213/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_06.c Buffer_Overflow_cpycat 90 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37363 67214/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_07.c Buffer_Overflow_cpycat 43 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37364 67214/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_07.c Buffer_Overflow_cpycat 72 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37365 67214/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_07.c Buffer_Overflow_cpycat 92 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37366 67215/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_08.c Buffer_Overflow_cpycat 51 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37367 67215/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_08.c Buffer_Overflow_cpycat 80 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37368 67215/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_08.c Buffer_Overflow_cpycat 100 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37369 67216/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_09.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37370 67216/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_09.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37371 67216/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_09.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37372 67217/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_10.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37373 67217/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_10.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37374 67217/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_10.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37375 67218/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_11.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37376 67218/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_11.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37377 67218/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_11.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37378 67219/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_12.c Buffer_Overflow_cpycat 43 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37379 67219/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_12.c Buffer_Overflow_cpycat 74 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37380 67220/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_13.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37381 67220/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_13.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37382 67220/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_13.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37383 67221/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_14.c Buffer_Overflow_cpycat 86 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37384 67221/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_14.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37385 67221/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_14.c Buffer_Overflow_cpycat 66 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37386 67222/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_15.c Buffer_Overflow_cpycat 73 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37387 67222/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_15.c Buffer_Overflow_cpycat 43 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37388 67222/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_15.c Buffer_Overflow_cpycat 99 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37389 67223/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_16.c Buffer_Overflow_cpycat 38 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37390 67223/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_16.c Buffer_Overflow_cpycat 63 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37391 67224/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_17.c Buffer_Overflow_cpycat 38 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37392 67224/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_17.c Buffer_Overflow_cpycat 63 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37393 67225/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_18.c Buffer_Overflow_cpycat 59 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37394 67225/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_18.c Buffer_Overflow_cpycat 36 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37395 67226/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_21.c Buffer_Overflow_cpycat 87 char * data; char dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static char * goodG2B1Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37396 67226/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_21.c Buffer_Overflow_cpycat 47 char * data; char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37397 67226/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_21.c Buffer_Overflow_cpycat 114 char * data; char dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static char * goodG2B2Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37398 67227/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_22.c Buffer_Overflow_cpycat 38 char * data; char dataBuffer[100]; data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_22_badGlobal = 1; data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_22_badSource(data); memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37399 67227/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_22.c Buffer_Overflow_cpycat 64 char * data; char dataBuffer[100]; data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_22_goodG2B1Global = 0; data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_22_goodG2B1Source(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_22_goodG2B1Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37400 67227/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_22.c Buffer_Overflow_cpycat 82 char * data; char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_22_goodG2B2Source(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_22_goodG2B2Source(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37401 67228/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_31.c Buffer_Overflow_cpycat 62 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37402 67228/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_31.c Buffer_Overflow_cpycat 37 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37403 67229/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_32.c Buffer_Overflow_cpycat 72 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; memset(data, 'A', 50-1); data[50-1] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37404 67229/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_32.c Buffer_Overflow_cpycat 42 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100]; data = dataBuffer; char * data = *dataPtr1; memset(data, 'A', 100-1); data[100-1] = '\0'; char * *dataPtr2 = &data; char * data = *dataPtr2; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37405 67231/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_34.c Buffer_Overflow_cpycat 70 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; char * data = myUnion.unionSecond; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37406 67231/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_34.c Buffer_Overflow_cpycat 44 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_34_unionType myUnion; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; char * data = myUnion.unionSecond; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37407 67232/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_41.c Buffer_Overflow_cpycat 53 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_41_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37408 67232/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_41.c Buffer_Overflow_cpycat 28 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_41_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37409 67233/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_42.c Buffer_Overflow_cpycat 67 char * data; char dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37410 67233/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_42.c Buffer_Overflow_cpycat 40 char * data; char dataBuffer[100]; data = dataBuffer; data = badSource(data); static char * badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37411 67235/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_44.c Buffer_Overflow_cpycat 57 char * data; void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); static void goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37412 67235/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_44.c Buffer_Overflow_cpycat 28 char * data; void (*funcPtr) (char *) = badSink; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); static void badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37413 67236/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_45.c Buffer_Overflow_cpycat 32 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_45_badData = data; badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_45_badData; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37414 67236/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_45.c Buffer_Overflow_cpycat 60 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_45_goodG2BData = data; goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_45_goodG2BData; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37415 67237/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_51.c Buffer_Overflow_cpycat 121 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_51b_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37416 67237/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_51.c Buffer_Overflow_cpycat 136 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_51b_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37417 67238/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_52.c Buffer_Overflow_cpycat 185 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_52b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_52c_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37418 67238/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_52.c Buffer_Overflow_cpycat 170 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_52b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_52c_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37419 67239/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53.c Buffer_Overflow_cpycat 219 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53d_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37420 67239/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53.c Buffer_Overflow_cpycat 234 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_53d_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37421 67240/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54.c Buffer_Overflow_cpycat 283 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54b_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54c_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54d_goodG2BSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54e_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37422 67240/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54.c Buffer_Overflow_cpycat 268 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54b_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54c_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54d_badSink(char * data) CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_54e_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37423 67241/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_61.c Buffer_Overflow_cpycat 35 char * data; char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_61b_badSource(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_61b_badSource(char * data) memset(data, 'A', 100-1); data[100-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37424 67241/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_61.c Buffer_Overflow_cpycat 56 char * data; char dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_61b_goodG2BSource(data); char * CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_61b_goodG2BSource(char * data) memset(data, 'A', 50-1); data[50-1] = '\0'; return data; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37425 67243/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_63.c Buffer_Overflow_cpycat 135 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37426 67243/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_63.c Buffer_Overflow_cpycat 119 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37427 67244/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_64.c Buffer_Overflow_cpycat 141 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37428 67244/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_64.c Buffer_Overflow_cpycat 122 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37429 67245/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_65.c Buffer_Overflow_cpycat 137 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_65b_goodG2BSink; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_65b_goodG2BSink(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37430 67245/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_65.c Buffer_Overflow_cpycat 122 char * data; void (*funcPtr) (char *) = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_65b_badSink; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_65b_badSink(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37431 67246/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_66.c Buffer_Overflow_cpycat 141 char * data; char * dataArray[5]; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37432 67246/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_66.c Buffer_Overflow_cpycat 125 char * data; char * dataArray[5]; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37433 67247/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_67.c Buffer_Overflow_cpycat 133 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37434 67247/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_67.c Buffer_Overflow_cpycat 149 char * data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_67_structType myStruct; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_67_structType myStruct) char * data = myStruct.structFirst; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37435 67248/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_68.c Buffer_Overflow_cpycat 146 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_68b_goodG2BSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_68_goodG2BData; char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37436 67248/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_68.c Buffer_Overflow_cpycat 130 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_68b_badSink(); char * data = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_68_badData; char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37437 67252/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_81_bad::action(char * data) const char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37438 67252/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; const CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_81_goodG2B::action(char * data) const char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37439 67253/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_82_bad.cpp Buffer_Overflow_cpycat 29 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 100-1); data[100-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_82_bad::action(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37440 67253/CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; char dataBuffer[100]; data = dataBuffer; memset(data, 'A', 50-1); data[50-1] = '\0'; CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__src_char_declare_cpy_82_goodG2B::action(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37441 67304/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_01.c Buffer_Overflow_cpycat 34 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37442 67304/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_01.c Buffer_Overflow_cpycat 55 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37443 67305/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37444 67305/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37445 67305/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_02.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37446 67306/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37447 67306/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37448 67306/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_03.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37449 67307/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37450 67307/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37451 67307/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_04.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37452 67308/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37453 67308/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37454 67308/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_05.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37455 67309/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 90 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37456 67309/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 41 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37457 67309/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_06.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37458 67310/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 92 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37459 67310/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37460 67310/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_07.c Buffer_Overflow_cpycat 72 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37461 67311/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 100 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37462 67311/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 51 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37463 67311/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_08.c Buffer_Overflow_cpycat 80 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37464 67312/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37465 67312/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37466 67312/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_09.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37467 67313/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37468 67313/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37469 67313/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_10.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37470 67314/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37471 67314/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37472 67314/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_11.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37473 67315/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_12.c Buffer_Overflow_cpycat 74 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37474 67315/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_12.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37475 67316/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37476 67316/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37477 67316/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_13.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37478 67317/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37479 67317/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37480 67317/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_14.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37481 67318/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37482 67318/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 99 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37483 67318/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_15.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37484 67319/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_16.c Buffer_Overflow_cpycat 63 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37485 67319/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_16.c Buffer_Overflow_cpycat 38 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37486 67320/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_17.c Buffer_Overflow_cpycat 63 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37487 67320/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_17.c Buffer_Overflow_cpycat 38 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37488 67321/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_18.c Buffer_Overflow_cpycat 36 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37489 67321/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_18.c Buffer_Overflow_cpycat 59 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37490 67322/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_21.c Buffer_Overflow_cpycat 114 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37491 67322/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_21.c Buffer_Overflow_cpycat 47 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37492 67322/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_21.c Buffer_Overflow_cpycat 87 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37493 67323/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22.c Buffer_Overflow_cpycat 82 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22_goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37494 67323/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22.c Buffer_Overflow_cpycat 38 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22_badGlobal = 1; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22_badSource(data); wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37495 67323/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22.c Buffer_Overflow_cpycat 64 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22_goodG2B1Global = 0; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22_goodG2B1Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_22_goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37496 67324/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_31.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37497 67324/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_31.c Buffer_Overflow_cpycat 62 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37498 67325/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_32.c Buffer_Overflow_cpycat 42 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wchar_t * data = *dataPtr1; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37499 67325/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_32.c Buffer_Overflow_cpycat 72 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wchar_t * data = *dataPtr1; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37500 67327/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_34.c Buffer_Overflow_cpycat 44 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37501 67327/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_34.c Buffer_Overflow_cpycat 70 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_34_unionType myUnion; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37502 67328/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_41.c Buffer_Overflow_cpycat 53 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_41_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37503 67328/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_41.c Buffer_Overflow_cpycat 28 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_41_badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37504 67329/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_42.c Buffer_Overflow_cpycat 67 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37505 67329/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_42.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37506 67331/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_44.c Buffer_Overflow_cpycat 28 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37507 67331/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_44.c Buffer_Overflow_cpycat 57 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37508 67332/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_45.c Buffer_Overflow_cpycat 60 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_45_goodG2BData; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37509 67332/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_45.c Buffer_Overflow_cpycat 32 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_45_badData = data; badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_45_badData; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37510 67333/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_51.c Buffer_Overflow_cpycat 121 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_51b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37511 67333/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_51.c Buffer_Overflow_cpycat 136 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_51b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37512 67334/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_52.c Buffer_Overflow_cpycat 170 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_52b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37513 67334/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_52.c Buffer_Overflow_cpycat 185 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_52c_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37514 67335/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53.c Buffer_Overflow_cpycat 234 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53d_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37515 67335/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53.c Buffer_Overflow_cpycat 219 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_53d_badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37516 67336/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54.c Buffer_Overflow_cpycat 268 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54e_badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37517 67336/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54.c Buffer_Overflow_cpycat 283 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_54e_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37518 67337/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_61.c Buffer_Overflow_cpycat 35 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_61b_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_61b_badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37519 67337/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_61.c Buffer_Overflow_cpycat 56 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37520 67339/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_63.c Buffer_Overflow_cpycat 119 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37521 67339/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_63.c Buffer_Overflow_cpycat 135 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37522 67340/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_64.c Buffer_Overflow_cpycat 141 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37523 67340/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_64.c Buffer_Overflow_cpycat 122 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37524 67341/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_65.c Buffer_Overflow_cpycat 122 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_65b_badSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_65b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37525 67341/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_65.c Buffer_Overflow_cpycat 137 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_65b_goodG2BSink; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_65b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37526 67342/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_66.c Buffer_Overflow_cpycat 125 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37527 67342/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_66.c Buffer_Overflow_cpycat 141 wchar_t * data; wchar_t * dataArray[5]; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37528 67343/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_67.c Buffer_Overflow_cpycat 149 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37529 67343/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_67.c Buffer_Overflow_cpycat 133 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_67_structType myStruct; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37530 67344/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_68.c Buffer_Overflow_cpycat 146 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_68b_goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_68_goodG2BData; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37531 67344/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_68.c Buffer_Overflow_cpycat 130 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_68b_badSink(); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_68b_badSink() wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_68_badData; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37532 67348/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37533 67348/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37534 67349/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_82_bad.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37535 67349/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t * dataBuffer = (wchar_t *)ALLOCA(100*sizeof(wchar_t)); data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_alloca_cpy_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37536 67400/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_01.c Buffer_Overflow_cpycat 34 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37537 67400/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_01.c Buffer_Overflow_cpycat 55 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37538 67401/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37539 67401/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37540 67401/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_02.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37541 67402/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37542 67402/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37543 67402/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_03.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37544 67403/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37545 67403/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37546 67403/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_04.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37547 67404/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 93 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37548 67404/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 44 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37549 67404/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_05.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37550 67405/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 90 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37551 67405/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 41 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37552 67405/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_06.c Buffer_Overflow_cpycat 70 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37553 67406/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 92 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37554 67406/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37555 67406/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_07.c Buffer_Overflow_cpycat 72 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37556 67407/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 100 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37557 67407/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 51 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37558 67407/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_08.c Buffer_Overflow_cpycat 80 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37559 67408/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37560 67408/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37561 67408/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_09.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37562 67409/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37563 67409/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37564 67409/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_10.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37565 67410/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37566 67410/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37567 67410/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_11.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37568 67411/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_12.c Buffer_Overflow_cpycat 74 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37569 67411/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_12.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37570 67412/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37571 67412/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37572 67412/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_13.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37573 67413/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37574 67413/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 66 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37575 67413/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_14.c Buffer_Overflow_cpycat 86 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37576 67414/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 73 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37577 67414/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 99 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37578 67414/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_15.c Buffer_Overflow_cpycat 43 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37579 67415/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_16.c Buffer_Overflow_cpycat 63 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37580 67415/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_16.c Buffer_Overflow_cpycat 38 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37581 67416/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_17.c Buffer_Overflow_cpycat 63 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37582 67416/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_17.c Buffer_Overflow_cpycat 38 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37583 67417/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_18.c Buffer_Overflow_cpycat 36 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37584 67417/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_18.c Buffer_Overflow_cpycat 59 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37585 67418/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_21.c Buffer_Overflow_cpycat 114 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B2Source(data); static wchar_t * goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37586 67418/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_21.c Buffer_Overflow_cpycat 47 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37587 67418/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_21.c Buffer_Overflow_cpycat 87 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2B1Source(data); static wchar_t * goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37588 67419/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22.c Buffer_Overflow_cpycat 82 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22_goodG2B2Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22_goodG2B2Source(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37589 67419/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22.c Buffer_Overflow_cpycat 38 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22_badGlobal = 1; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22_badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37590 67419/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22.c Buffer_Overflow_cpycat 64 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22_goodG2B1Source(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_22_goodG2B1Source(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37591 67420/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_31.c Buffer_Overflow_cpycat 37 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37592 67420/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_31.c Buffer_Overflow_cpycat 62 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * dataCopy = data; wchar_t * data = dataCopy; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37593 67421/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_32.c Buffer_Overflow_cpycat 42 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; data = dataBuffer; wchar_t * data = *dataPtr1; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37594 67421/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_32.c Buffer_Overflow_cpycat 72 wchar_t * data; wchar_t * *dataPtr1 = &data; wchar_t * *dataPtr2 = &data; wchar_t dataBuffer[100]; data = dataBuffer; wchar_t * data = *dataPtr1; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; *dataPtr1 = data; wchar_t * data = *dataPtr2; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37595 67423/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_34.c Buffer_Overflow_cpycat 44 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_34_unionType myUnion; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37596 67423/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_34.c Buffer_Overflow_cpycat 70 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_34_unionType myUnion; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; wchar_t * data = myUnion.unionSecond; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37597 67424/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_41.c Buffer_Overflow_cpycat 53 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_41_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_41_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37598 67424/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_41.c Buffer_Overflow_cpycat 28 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_41_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_41_badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37599 67425/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_42.c Buffer_Overflow_cpycat 67 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; data = goodG2BSource(data); static wchar_t * goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37600 67425/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_42.c Buffer_Overflow_cpycat 40 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; data = badSource(data); static wchar_t * badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37601 67427/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_44.c Buffer_Overflow_cpycat 28 wchar_t * data; void (*funcPtr) (wchar_t *) = badSink; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); static void badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37602 67427/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_44.c Buffer_Overflow_cpycat 57 wchar_t * data; void (*funcPtr) (wchar_t *) = goodG2BSink; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); static void goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37603 67428/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_45.c Buffer_Overflow_cpycat 60 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_45_goodG2BData = data; goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_45_goodG2BData; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37604 67428/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_45.c Buffer_Overflow_cpycat 32 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_45_badData = data; badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_45_badData; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37605 67429/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_51.c Buffer_Overflow_cpycat 121 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_51b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_51b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37606 67429/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_51.c Buffer_Overflow_cpycat 136 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_51b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_51b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37607 67430/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_52.c Buffer_Overflow_cpycat 170 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_52b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_52b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_52c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_52c_badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37608 67430/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_52.c Buffer_Overflow_cpycat 185 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_52b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_52b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_52c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_52c_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37609 67431/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53.c Buffer_Overflow_cpycat 234 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53d_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37610 67431/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53.c Buffer_Overflow_cpycat 219 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_53d_badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37611 67432/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54.c Buffer_Overflow_cpycat 268 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54b_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54b_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54c_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54c_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54d_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54d_badSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54e_badSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54e_badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37612 67432/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54.c Buffer_Overflow_cpycat 283 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54b_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54b_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54c_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54c_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54d_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54d_goodG2BSink(wchar_t * data) CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54e_goodG2BSink(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_54e_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37613 67433/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_61.c Buffer_Overflow_cpycat 35 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_61b_badSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_61b_badSource(wchar_t * data) wmemset(data, L'A', 100-1); data[100-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37614 67433/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_61.c Buffer_Overflow_cpycat 56 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_61b_goodG2BSource(data); wchar_t * CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_61b_goodG2BSource(wchar_t * data) wmemset(data, L'A', 50-1); data[50-1] = L'\0'; return data; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37615 67435/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_63.c Buffer_Overflow_cpycat 119 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_63b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_63b_badSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37616 67435/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_63.c Buffer_Overflow_cpycat 135 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_63b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_63b_goodG2BSink(wchar_t * * dataPtr) wchar_t * data = *dataPtr; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37617 67436/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_64.c Buffer_Overflow_cpycat 141 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_64b_goodG2BSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_64b_goodG2BSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37618 67436/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_64.c Buffer_Overflow_cpycat 122 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_64b_badSink(&data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_64b_badSink(void * dataVoidPtr) wchar_t * * dataPtr = (wchar_t * *)dataVoidPtr; wchar_t * data = (*dataPtr); wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37619 67437/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_65.c Buffer_Overflow_cpycat 122 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_65b_badSink; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_65b_badSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37620 67437/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_65.c Buffer_Overflow_cpycat 137 wchar_t * data; void (*funcPtr) (wchar_t *) = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_65b_goodG2BSink; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; funcPtr(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_65b_goodG2BSink(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37621 67438/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_66.c Buffer_Overflow_cpycat 125 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_66b_badSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_66b_badSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37622 67438/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_66.c Buffer_Overflow_cpycat 141 wchar_t * data; wchar_t * dataArray[5]; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; dataArray[2] = data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_66b_goodG2BSink(dataArray); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_66b_goodG2BSink(wchar_t * dataArray[]) wchar_t * data = dataArray[2]; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37623 67439/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_67.c Buffer_Overflow_cpycat 149 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_67_structType myStruct; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_67b_goodG2BSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_67b_goodG2BSink(CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37624 67439/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_67.c Buffer_Overflow_cpycat 133 wchar_t * data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_67_structType myStruct; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; myStruct.structFirst = data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_67b_badSink(myStruct); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_67b_badSink(CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_67_structType myStruct) wchar_t * data = myStruct.structFirst; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37625 67440/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_68.c Buffer_Overflow_cpycat 146 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_68_goodG2BData = data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_68b_goodG2BSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_68_goodG2BData; wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37626 67440/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_68.c Buffer_Overflow_cpycat 130 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_68_badData = data; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_68b_badSink(); wchar_t * data = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_68_badData; wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37627 67444/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_81_bad(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37628 67444/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; const CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_81_base& baseObject = CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_81_goodG2B(); baseObject.action(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37629 67445/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_82_bad.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_82_bad; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37630 67445/CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 29 wchar_t * data; wchar_t dataBuffer[100]; data = dataBuffer; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_82_base* baseObject = new CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_82_goodG2B; baseObject->action(data); void CWE121_Stack_Based_Buffer_Overflow__src_wchar_t_declare_cpy_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37631 67564/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_81a.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); o.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_81_bad::action(int data) const if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37632 67564/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_81a.cpp Buffer_Overflow_Indexes 170 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_81_goodB2G::action(int data) const if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37633 67565/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_82a.cpp Buffer_Overflow_Indexes 172 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); baseObject->action(data); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37634 67565/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_82a.cpp Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); baseObject->action(data); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37635 67566/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_83_bad.cpp Buffer_Overflow_Indexes 83 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37636 67566/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_83_goodB2G.cpp Buffer_Overflow_Indexes 83 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37637 67567/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_84_bad.cpp Buffer_Overflow_Indexes 83 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37638 67567/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_connect_socket_84_goodB2G.cpp Buffer_Overflow_Indexes 83 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37639 67660/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fscanf_81a.cpp Buffer_Overflow_unbounded 32 fscanf(stdin, "%d", &data); o.action(data); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37640 67660/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fscanf_81a.cpp Buffer_Overflow_unbounded 61 fscanf(stdin, "%d", &data); baseObject.action(data); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37641 67661/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fscanf_82a.cpp Buffer_Overflow_unbounded 32 fscanf(stdin, "%d", &data); baseObject->action(data); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37642 67661/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fscanf_82a.cpp Buffer_Overflow_unbounded 63 fscanf(stdin, "%d", &data); baseObject->action(data); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37643 67662/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fscanf_83_bad.cpp Buffer_Overflow_unbounded 28 fscanf(stdin, "%d", &data); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37644 67662/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fscanf_83_goodB2G.cpp Buffer_Overflow_unbounded 28 fscanf(stdin, "%d", &data); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37645 67663/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fscanf_84_bad.cpp Buffer_Overflow_unbounded 28 fscanf(stdin, "%d", &data); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37646 67663/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_fscanf_84_goodB2G.cpp Buffer_Overflow_unbounded 28 fscanf(stdin, "%d", &data); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37647 67756/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_81a.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); o.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_81_bad::action(int data) const if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37648 67756/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_81a.cpp Buffer_Overflow_Indexes 192 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_81_goodB2G::action(int data) const if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37649 67757/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_82a.cpp Buffer_Overflow_Indexes 194 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); baseObject->action(data); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37650 67757/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_82a.cpp Buffer_Overflow_Indexes 96 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); baseObject->action(data); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37651 67758/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_83_bad.cpp Buffer_Overflow_Indexes 92 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37652 67758/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_83_goodB2G.cpp Buffer_Overflow_Indexes 92 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37653 67759/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_84_bad.cpp Buffer_Overflow_Indexes 92 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37654 67759/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE129_listen_socket_84_goodB2G.cpp Buffer_Overflow_Indexes 92 recvResult = recv(acceptSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37655 67852/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 char * data; data = NULL; data = new char[10]; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_81_bad::action(char * data) const char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 37656 67852/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; data = NULL; data = new char[10+1]; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_81_goodG2B::action(char * data) const char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 37657 67853/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_82_bad.cpp Buffer_Overflow_cpycat 29 char * data; data = NULL; data = new char[10]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_82_bad::action(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 1 --------------------------------- 37658 67853/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; data = NULL; data = new char[10+1]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_cpy_82_goodG2B::action(char * data) char source[10+1] = SRC_STRING; strcpy(data, source); 0 --------------------------------- 37659 67948/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_81_bad.cpp String_Termination_Error 30 char * data; data = NULL; data = new char[10]; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_81_bad::action(char * data) const char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 37660 67948/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_81_goodG2B.cpp String_Termination_Error 30 char * data; data = NULL; data = new char[10+1]; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_81_goodG2B::action(char * data) const char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 37661 67949/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_82_bad.cpp String_Termination_Error 30 char * data; data = NULL; data = new char[10]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_82_bad::action(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 37662 67949/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_82_goodG2B.cpp String_Termination_Error 30 char * data; data = NULL; data = new char[10+1]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memcpy_82_bad::action(char * data) char source[10+1] = SRC_STRING; memcpy(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 37663 67996/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_81_bad.cpp String_Termination_Error 30 char * data; data = NULL; data = new char[10]; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_81_bad::action(char * data) const char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 37664 67996/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_81_goodG2B.cpp String_Termination_Error 30 char * data; data = NULL; data = new char[10+1]; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_81_goodG2B::action(char * data) const char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 37665 67997/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_82_bad.cpp String_Termination_Error 30 char * data; data = NULL; data = new char[10]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_82_bad::action(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 1 --------------------------------- 37666 67997/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_82_goodG2B.cpp String_Termination_Error 30 char * data; data = NULL; data = new char[10+1]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_memmove_82_goodG2B::action(char * data) char source[10+1] = SRC_STRING; memmove(data, source, (strlen(source) + 1) * sizeof(char)); 0 --------------------------------- 37667 68044/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 30 char * data; data = NULL; data = new char[10]; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_81_bad::action(char * data) const char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 37668 68044/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_81_goodG2B.cpp Off_by_One_Error_in_Methods 30 char * data; data = NULL; data = new char[10+1]; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_81_goodG2B::action(char * data) const char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 37669 68045/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 30 char * data; data = NULL; data = new char[10]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_82_bad::action(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 1 --------------------------------- 37670 68045/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_82_goodG2B.cpp Off_by_One_Error_in_Methods 30 char * data; data = NULL; data = new char[10+1]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_char_ncpy_82_goodG2B::action(char * data) char source[10+1] = SRC_STRING; strncpy(data, source, strlen(source) + 1); 0 --------------------------------- 37671 68092/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 wchar_t * data; data = NULL; data = new wchar_t[10]; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_81_bad::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 37672 68092/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 wchar_t * data; data = NULL; data = new wchar_t[10+1]; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_81_goodG2B::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 37673 68093/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_82_bad.cpp Buffer_Overflow_cpycat 29 wchar_t * data; data = NULL; data = new wchar_t[10]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_82_bad::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 1 --------------------------------- 37674 68093/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 29 wchar_t * data; data = NULL; data = new wchar_t[10+1]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_cpy_82_goodG2B::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcscpy(data, source); 0 --------------------------------- 37675 68284/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_81_bad.cpp Buffer_Overflow_LowBound 30 wchar_t * data; data = NULL; data = new wchar_t[10]; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_81_bad::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 37676 68284/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 30 wchar_t * data; data = NULL; data = new wchar_t[10+1]; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 37677 68285/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_82_bad.cpp Buffer_Overflow_LowBound 30 wchar_t * data; data = NULL; data = new wchar_t[10]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_82_bad::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 1 --------------------------------- 37678 68285/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 30 wchar_t * data; data = NULL; data = new wchar_t[10+1]; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE193_wchar_t_ncpy_82_goodG2B::action(wchar_t * data) wchar_t source[10+1] = SRC_STRING; wcsncpy(data, source, wcslen(source) + 1); 0 --------------------------------- 37679 68476/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; data = new char[50]; data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 37680 68476/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_81_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; data = new char[100]; data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 37681 68477/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_82_bad.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; data = new char[50]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 1 --------------------------------- 37682 68477/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_82_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; data = new char[100]; data[0] = '\0'; CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncat_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncat(data, source, 100); 0 --------------------------------- 37683 68524/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; data = new char[50]; data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 37684 68524/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; data = new char[100]; data[0] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 37685 68525/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; data = new char[50]; data[0] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 1 --------------------------------- 37686 68525/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 char * data; data = NULL; data = new char[100]; data[0] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_ncpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strncpy(data, source, 100-1); 0 --------------------------------- 37687 68572/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_81_bad.cpp Format_String_Attack 37 char * data; data = NULL; data = new char[50]; data[0] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 37688 68572/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_81_goodG2B.cpp Format_String_Attack 37 char * data; data = NULL; data = new char[100]; data[0] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 37689 68573/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_82_bad.cpp Format_String_Attack 37 char * data; data = NULL; data = new char[50]; data[0] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 1 --------------------------------- 37690 68573/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_82_goodG2B.cpp Format_String_Attack 37 char * data; data = NULL; data = new char[100]; data[0] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_char_snprintf_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; SNPRINTF(data, 100, "%s", source); 0 --------------------------------- 37691 69196/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 37692 69196/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_81_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 37693 69197/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 1 --------------------------------- 37694 69197/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_82_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncat_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncat(data, source, 100); 0 --------------------------------- 37695 69244/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_81_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 37696 69244/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 37697 69245/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_82_bad.cpp Buffer_Overflow_LowBound 31 wchar_t * data; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 1 --------------------------------- 37698 69245/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 31 void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_ncpy_82_goodG2B::action(wchar_t * data) source[100-1] = L'\0'; wcsncpy(data, source, 100-1); 0 --------------------------------- 37699 69292/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_81_bad.cpp Format_String_Attack 37 wchar_t * data; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 37700 69292/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_81_goodG2B.cpp Format_String_Attack 37 wchar_t * data; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 37701 69293/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_82_bad.cpp Format_String_Attack 37 wchar_t * data; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 1 --------------------------------- 37702 69293/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_82_goodG2B.cpp Format_String_Attack 37 wchar_t * data; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE805_wchar_t_snprintf_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; SNPRINTF(data, 100, L"%s", source); 0 --------------------------------- 37703 69388/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memcpy_81_bad.cpp String_Termination_Error 29 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memcpy_81_bad::action(char * data) const char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 37704 69388/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memcpy_81_goodG2B.cpp String_Termination_Error 29 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memcpy_81_goodG2B::action(char * data) const char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 37705 69389/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memcpy_82_bad.cpp String_Termination_Error 29 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memcpy_82_bad::action(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 37706 69389/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memcpy_82_goodG2B.cpp String_Termination_Error 29 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memcpy_82_goodG2B::action(char * data) char dest[50] = ""; memcpy(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 37707 69436/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memmove_81_bad.cpp String_Termination_Error 29 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memmove_81_bad::action(char * data) const char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 37708 69436/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memmove_81_goodG2B.cpp String_Termination_Error 29 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memmove_81_goodG2B::action(char * data) const char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 37709 69437/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memmove_82_bad.cpp String_Termination_Error 29 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memmove_82_bad::action(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 1 --------------------------------- 37710 69437/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memmove_82_goodG2B.cpp String_Termination_Error 29 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_memmove_82_goodG2B::action(char * data) char dest[50] = ""; memmove(dest, data, strlen(data)*sizeof(char)); 0 --------------------------------- 37711 69484/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncat_81_bad.cpp Off_by_One_Error_in_Methods 29 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncat_81_bad::action(char * data) const char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 37712 69484/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncat_81_goodG2B.cpp Off_by_One_Error_in_Methods 29 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; const CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncat_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncat_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncat_81_goodG2B::action(char * data) const char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 37713 69485/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncat_82_bad.cpp Off_by_One_Error_in_Methods 29 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncat_82_bad::action(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 1 --------------------------------- 37714 69485/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncat_82_goodG2B.cpp Off_by_One_Error_in_Methods 29 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncat_82_goodG2B::action(char * data) char dest[50] = ""; strncat(dest, data, strlen(data)); 0 --------------------------------- 37715 69532/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_81_bad.cpp Off_by_One_Error_in_Methods 29 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_81_bad::action(char * data) const char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 37716 69532/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_81_goodG2B.cpp Off_by_One_Error_in_Methods 29 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_81_goodG2B::action(char * data) const char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 37717 69533/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_82_bad.cpp Off_by_One_Error_in_Methods 29 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_82_bad::action(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 1 --------------------------------- 37718 69533/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_82_goodG2B.cpp Off_by_One_Error_in_Methods 29 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_ncpy_82_goodG2B::action(char * data) char dest[50] = ""; strncpy(dest, data, strlen(data)); 0 --------------------------------- 37719 69580/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_81_bad.cpp Format_String_Attack 35 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_81_bad::action(char * data) const char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 37720 69580/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_81_goodG2B.cpp Format_String_Attack 35 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_81_goodG2B::action(char * data) const char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 37721 69581/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_82_bad.cpp Format_String_Attack 35 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_82_bad::action(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 1 --------------------------------- 37722 69581/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_82_goodG2B.cpp Format_String_Attack 35 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_char_snprintf_82_goodG2B::action(char * data) char dest[50] = ""; SNPRINTF(dest, strlen(data), "%s", data); 0 --------------------------------- 37723 69772/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_81_bad.cpp Buffer_Overflow_LowBound 29 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 37724 69772/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_81_goodG2B.cpp Buffer_Overflow_LowBound 29 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 37725 69773/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_82_bad.cpp Buffer_Overflow_LowBound 29 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 1 --------------------------------- 37726 69773/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_82_goodG2B.cpp Buffer_Overflow_LowBound 29 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncat_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; wcsncat(dest, data, wcslen(data)); 0 --------------------------------- 37727 69916/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_81_bad.cpp Buffer_Overflow_LowBound 29 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 37728 69916/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_81_goodG2B.cpp Buffer_Overflow_LowBound 29 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 37729 69917/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_82_bad.cpp Buffer_Overflow_LowBound 29 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 1 --------------------------------- 37730 69917/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_82_goodG2B.cpp Buffer_Overflow_LowBound 29 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_ncpy_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; wcsncpy(dest, data, wcslen(data)); 0 --------------------------------- 37731 69964/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_81_bad.cpp Format_String_Attack 35 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 37732 69964/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_81_goodG2B.cpp Format_String_Attack 35 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 37733 69965/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_82_bad.cpp Format_String_Attack 35 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 1 --------------------------------- 37734 69965/CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_82_goodG2B.cpp Format_String_Attack 35 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_CWE806_wchar_t_snprintf_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; SNPRINTF(dest, wcslen(data), L"%s", data); 0 --------------------------------- 37735 70012/CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cat_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = new char[50]; data[0] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cat_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 37736 70012/CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cat_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = new char[100]; data[0] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cat_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 37737 70013/CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cat_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = new char[50]; data[0] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cat_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 1 --------------------------------- 37738 70013/CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cat_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = new char[100]; data[0] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cat_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcat(data, source); 0 --------------------------------- 37739 70060/CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = new char[50]; data[0] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cpy_81_bad::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 37740 70060/CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = new char[100]; data[0] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cpy_81_goodG2B::action(char * data) const char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 37741 70061/CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = new char[50]; data[0] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cpy_82_bad::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 1 --------------------------------- 37742 70061/CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 char * data; data = NULL; data = new char[100]; data[0] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_dest_char_cpy_82_goodG2B::action(char * data) char source[100]; memset(source, 'C', 100-1); source[100-1] = '\0'; strcpy(data, source); 0 --------------------------------- 37743 70156/CWE122_Heap_Based_Buffer_Overflow__cpp_dest_wchar_t_cpy_81_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_dest_wchar_t_cpy_81_bad::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37744 70156/CWE122_Heap_Based_Buffer_Overflow__cpp_dest_wchar_t_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_dest_wchar_t_cpy_81_goodG2B::action(wchar_t * data) const wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37745 70157/CWE122_Heap_Based_Buffer_Overflow__cpp_dest_wchar_t_cpy_82_bad.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; data = new wchar_t[50]; data[0] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_dest_wchar_t_cpy_82_bad::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 1 --------------------------------- 37746 70157/CWE122_Heap_Based_Buffer_Overflow__cpp_dest_wchar_t_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 31 wchar_t * data; data = NULL; data = new wchar_t[100]; data[0] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_dest_wchar_t_cpy_82_goodG2B::action(wchar_t * data) wchar_t source[100]; wmemset(source, L'C', 100-1); source[100-1] = L'\0'; wcscpy(data, source); 0 --------------------------------- 37747 70204/CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cat_81_bad.cpp Buffer_Overflow_cpycat 29 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cat_81_bad::action(char * data) const char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37748 70204/CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cat_81_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cat_81_goodG2B::action(char * data) const char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37749 70205/CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cat_82_bad.cpp Buffer_Overflow_cpycat 29 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cat_82_bad::action(char * data) char dest[50] = ""; strcat(dest, data); 1 --------------------------------- 37750 70205/CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cat_82_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cat_82_goodG2B::action(char * data) char dest[50] = ""; strcat(dest, data); 0 --------------------------------- 37751 70252/CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cpy_81_bad::action(char * data) const char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37752 70252/CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cpy_81_goodG2B::action(char * data) const char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37753 70253/CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cpy_82_bad.cpp Buffer_Overflow_cpycat 29 char * data; data = new char[100]; memset(data, 'A', 100-1); data[100-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cpy_82_bad::action(char * data) char dest[50] = ""; strcpy(dest, data); 1 --------------------------------- 37754 70253/CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 29 char * data; data = new char[100]; memset(data, 'A', 50-1); data[50-1] = '\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_src_char_cpy_82_goodG2B::action(char * data) char dest[50] = ""; strcpy(dest, data); 0 --------------------------------- 37755 70348/CWE122_Heap_Based_Buffer_Overflow__cpp_src_wchar_t_cpy_81_bad.cpp Buffer_Overflow_cpycat 29 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_src_wchar_t_cpy_81_bad::action(wchar_t * data) const wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37756 70348/CWE122_Heap_Based_Buffer_Overflow__cpp_src_wchar_t_cpy_81_goodG2B.cpp Buffer_Overflow_cpycat 29 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_src_wchar_t_cpy_81_goodG2B::action(wchar_t * data) const wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37757 70349/CWE122_Heap_Based_Buffer_Overflow__cpp_src_wchar_t_cpy_82_bad.cpp Buffer_Overflow_cpycat 29 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 100-1); data[100-1] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_src_wchar_t_cpy_82_bad::action(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 1 --------------------------------- 37758 70349/CWE122_Heap_Based_Buffer_Overflow__cpp_src_wchar_t_cpy_82_goodG2B.cpp Buffer_Overflow_cpycat 29 wchar_t * data; data = new wchar_t[100]; wmemset(data, L'A', 50-1); data[50-1] = L'\0'; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__cpp_src_wchar_t_cpy_82_goodG2B::action(wchar_t * data) wchar_t dest[50] = L""; wcscpy(dest, data); 0 --------------------------------- 37759 70400/CWE122_Heap_Based_Buffer_Overflow__CWE135_01.c String_Termination_Error 37 wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37760 70400/CWE122_Heap_Based_Buffer_Overflow__CWE135_01.c String_Termination_Error 63 char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37761 70401/CWE122_Heap_Based_Buffer_Overflow__CWE135_02.c String_Termination_Error 42 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37762 70401/CWE122_Heap_Based_Buffer_Overflow__CWE135_02.c String_Termination_Error 168 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37763 70401/CWE122_Heap_Based_Buffer_Overflow__CWE135_02.c String_Termination_Error 140 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37764 70402/CWE122_Heap_Based_Buffer_Overflow__CWE135_03.c String_Termination_Error 42 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37765 70402/CWE122_Heap_Based_Buffer_Overflow__CWE135_03.c String_Termination_Error 168 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37766 70402/CWE122_Heap_Based_Buffer_Overflow__CWE135_03.c String_Termination_Error 140 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37767 70403/CWE122_Heap_Based_Buffer_Overflow__CWE135_04.c String_Termination_Error 146 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37768 70403/CWE122_Heap_Based_Buffer_Overflow__CWE135_04.c String_Termination_Error 48 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37769 70403/CWE122_Heap_Based_Buffer_Overflow__CWE135_04.c String_Termination_Error 174 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37770 70404/CWE122_Heap_Based_Buffer_Overflow__CWE135_05.c String_Termination_Error 146 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37771 70404/CWE122_Heap_Based_Buffer_Overflow__CWE135_05.c String_Termination_Error 48 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37772 70404/CWE122_Heap_Based_Buffer_Overflow__CWE135_05.c String_Termination_Error 174 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37773 70405/CWE122_Heap_Based_Buffer_Overflow__CWE135_06.c String_Termination_Error 173 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37774 70405/CWE122_Heap_Based_Buffer_Overflow__CWE135_06.c String_Termination_Error 145 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37775 70405/CWE122_Heap_Based_Buffer_Overflow__CWE135_06.c String_Termination_Error 47 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37776 70406/CWE122_Heap_Based_Buffer_Overflow__CWE135_07.c String_Termination_Error 173 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37777 70406/CWE122_Heap_Based_Buffer_Overflow__CWE135_07.c String_Termination_Error 145 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37778 70406/CWE122_Heap_Based_Buffer_Overflow__CWE135_07.c String_Termination_Error 47 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37779 70407/CWE122_Heap_Based_Buffer_Overflow__CWE135_08.c String_Termination_Error 181 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37780 70407/CWE122_Heap_Based_Buffer_Overflow__CWE135_08.c String_Termination_Error 153 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37781 70407/CWE122_Heap_Based_Buffer_Overflow__CWE135_08.c String_Termination_Error 55 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37782 70408/CWE122_Heap_Based_Buffer_Overflow__CWE135_09.c String_Termination_Error 42 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37783 70408/CWE122_Heap_Based_Buffer_Overflow__CWE135_09.c String_Termination_Error 168 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37784 70408/CWE122_Heap_Based_Buffer_Overflow__CWE135_09.c String_Termination_Error 140 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37785 70409/CWE122_Heap_Based_Buffer_Overflow__CWE135_10.c String_Termination_Error 42 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37786 70409/CWE122_Heap_Based_Buffer_Overflow__CWE135_10.c String_Termination_Error 168 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37787 70409/CWE122_Heap_Based_Buffer_Overflow__CWE135_10.c String_Termination_Error 140 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37788 70410/CWE122_Heap_Based_Buffer_Overflow__CWE135_11.c String_Termination_Error 42 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37789 70410/CWE122_Heap_Based_Buffer_Overflow__CWE135_11.c String_Termination_Error 168 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37790 70410/CWE122_Heap_Based_Buffer_Overflow__CWE135_11.c String_Termination_Error 140 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37791 70411/CWE122_Heap_Based_Buffer_Overflow__CWE135_12.c String_Termination_Error 158 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37792 70411/CWE122_Heap_Based_Buffer_Overflow__CWE135_12.c String_Termination_Error 169 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37793 70411/CWE122_Heap_Based_Buffer_Overflow__CWE135_12.c String_Termination_Error 52 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37794 70412/CWE122_Heap_Based_Buffer_Overflow__CWE135_13.c String_Termination_Error 42 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37795 70412/CWE122_Heap_Based_Buffer_Overflow__CWE135_13.c String_Termination_Error 168 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37796 70412/CWE122_Heap_Based_Buffer_Overflow__CWE135_13.c String_Termination_Error 140 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37797 70413/CWE122_Heap_Based_Buffer_Overflow__CWE135_14.c String_Termination_Error 42 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37798 70413/CWE122_Heap_Based_Buffer_Overflow__CWE135_14.c String_Termination_Error 168 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37799 70413/CWE122_Heap_Based_Buffer_Overflow__CWE135_14.c String_Termination_Error 140 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37800 70414/CWE122_Heap_Based_Buffer_Overflow__CWE135_15.c String_Termination_Error 213 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37801 70414/CWE122_Heap_Based_Buffer_Overflow__CWE135_15.c String_Termination_Error 49 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37802 70414/CWE122_Heap_Based_Buffer_Overflow__CWE135_15.c String_Termination_Error 173 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37803 70415/CWE122_Heap_Based_Buffer_Overflow__CWE135_16.c String_Termination_Error 107 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37804 70415/CWE122_Heap_Based_Buffer_Overflow__CWE135_16.c String_Termination_Error 43 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37805 70416/CWE122_Heap_Based_Buffer_Overflow__CWE135_17.c String_Termination_Error 43 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37806 70416/CWE122_Heap_Based_Buffer_Overflow__CWE135_17.c String_Termination_Error 105 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37807 70417/CWE122_Heap_Based_Buffer_Overflow__CWE135_18.c String_Termination_Error 41 data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37808 70417/CWE122_Heap_Based_Buffer_Overflow__CWE135_18.c String_Termination_Error 97 data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37809 70418/CWE122_Heap_Based_Buffer_Overflow__CWE135_21.c String_Termination_Error 33 wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; badSink(data); static void badSink(void * data) size_t dataLen = strlen((char *)data); 1 --------------------------------- 37810 70418/CWE122_Heap_Based_Buffer_Overflow__CWE135_21.c String_Termination_Error 140 char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; goodG2BSink(data); static void goodG2BSink(void * data) size_t dataLen = strlen((char *)data); 0 --------------------------------- 37811 70419/CWE122_Heap_Based_Buffer_Overflow__CWE135_22.c String_Termination_Error 176 wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_22_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_22_badSink(void * data) size_t dataLen = strlen((char *)data); 1 --------------------------------- 37812 70419/CWE122_Heap_Based_Buffer_Overflow__CWE135_22.c String_Termination_Error 238 char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_22_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_22_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); 0 --------------------------------- 37813 70420/CWE122_Heap_Based_Buffer_Overflow__CWE135_31.c String_Termination_Error 40 wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; void * dataCopy = data; void * data = dataCopy; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37814 70420/CWE122_Heap_Based_Buffer_Overflow__CWE135_31.c String_Termination_Error 70 char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; void * dataCopy = data; void * data = dataCopy; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37815 70421/CWE122_Heap_Based_Buffer_Overflow__CWE135_32.c String_Termination_Error 45 void * data; void * *dataPtr1 = &data; void * *dataPtr2 = &data; data = NULL; void * data = *dataPtr1; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; void * data = *dataPtr2; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37816 70421/CWE122_Heap_Based_Buffer_Overflow__CWE135_32.c String_Termination_Error 80 void * data; void * *dataPtr1 = &data; void * *dataPtr2 = &data; data = NULL; void * data = *dataPtr1; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; void * data = *dataPtr2; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37817 70423/CWE122_Heap_Based_Buffer_Overflow__CWE135_34.c String_Termination_Error 78 void * data; CWE122_Heap_Based_Buffer_Overflow__CWE135_34_unionType myUnion; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; void * data = myUnion.unionSecond; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37818 70423/CWE122_Heap_Based_Buffer_Overflow__CWE135_34.c String_Termination_Error 47 void * data; CWE122_Heap_Based_Buffer_Overflow__CWE135_34_unionType myUnion; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; void * data = myUnion.unionSecond; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37819 70424/CWE122_Heap_Based_Buffer_Overflow__CWE135_41.c String_Termination_Error 59 char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; goodG2BSink(data); static void goodG2BSink(void * data) size_t dataLen = strlen((char *)data); 0 --------------------------------- 37820 70424/CWE122_Heap_Based_Buffer_Overflow__CWE135_41.c String_Termination_Error 28 wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; badSink(data); static void badSink(void * data) size_t dataLen = strlen((char *)data); 1 --------------------------------- 37821 70425/CWE122_Heap_Based_Buffer_Overflow__CWE135_42.c String_Termination_Error 43 void * data; data = NULL; data = badSource(data); static void * badSource(void * data) wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; return data; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37822 70425/CWE122_Heap_Based_Buffer_Overflow__CWE135_42.c String_Termination_Error 75 void * data; data = NULL; data = goodG2BSource(data); static void * goodG2BSource(void * data) char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; return data; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37823 70427/CWE122_Heap_Based_Buffer_Overflow__CWE135_44.c String_Termination_Error 62 void * data; void (*funcPtr) (void *) = goodG2BSink; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; funcPtr(data); static void goodG2BSink(void * data) size_t dataLen = strlen((char *)data); 0 --------------------------------- 37824 70427/CWE122_Heap_Based_Buffer_Overflow__CWE135_44.c String_Termination_Error 28 void * data; void (*funcPtr) (void *) = badSink; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; funcPtr(data); static void badSink(void * data) size_t dataLen = strlen((char *)data); 1 --------------------------------- 37825 70428/CWE122_Heap_Based_Buffer_Overflow__CWE135_45.c String_Termination_Error 66 void * data; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_45_goodG2BData = data; goodG2BSink(); void * data = CWE122_Heap_Based_Buffer_Overflow__CWE135_45_goodG2BData; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37826 70428/CWE122_Heap_Based_Buffer_Overflow__CWE135_45.c String_Termination_Error 33 void * data; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_45_badData = data; badSink(); void * data = CWE122_Heap_Based_Buffer_Overflow__CWE135_45_badData; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37827 70429/CWE122_Heap_Based_Buffer_Overflow__CWE135_51.c String_Termination_Error 142 void * data; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_51b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_51b_badSink(void * data) size_t dataLen = strlen((char *)data); 1 --------------------------------- 37828 70429/CWE122_Heap_Based_Buffer_Overflow__CWE135_51.c String_Termination_Error 159 void * data; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_51b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_51b_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); 0 --------------------------------- 37829 70430/CWE122_Heap_Based_Buffer_Overflow__CWE135_52.c String_Termination_Error 197 void * data; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_52b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_52b_badSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_52c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_52c_badSink(void * data) size_t dataLen = strlen((char *)data); 1 --------------------------------- 37830 70430/CWE122_Heap_Based_Buffer_Overflow__CWE135_52.c String_Termination_Error 214 void * data; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_52b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_52b_goodG2BSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_52c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_52c_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); 0 --------------------------------- 37831 70431/CWE122_Heap_Based_Buffer_Overflow__CWE135_53.c String_Termination_Error 269 void * data; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_53b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_53b_goodG2BSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_53c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_53c_goodG2BSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_53d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_53d_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); 0 --------------------------------- 37832 70431/CWE122_Heap_Based_Buffer_Overflow__CWE135_53.c String_Termination_Error 252 void * data; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CCWE122_Heap_Based_Buffer_Overflow__CWE135_53b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_53b_badSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_53c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_53c_badSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_53d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_53d_badSink(void * data) size_t dataLen = strlen((char *)data); 1 --------------------------------- 37833 70432/CWE122_Heap_Based_Buffer_Overflow__CWE135_54.c String_Termination_Error 307 void * data; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_54b_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_54b_badSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_54c_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_54c_badSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_54d_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_54d_badSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_54e_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_54e_badSink(void * data) size_t dataLen = strlen((char *)data); 1 --------------------------------- 37834 70432/CWE122_Heap_Based_Buffer_Overflow__CWE135_54.c String_Termination_Error 324 void * data; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_54b_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_54b_goodG2BSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_54c_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_54c_goodG2BSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_54d_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_54d_goodG2BSink(void * data) CWE122_Heap_Based_Buffer_Overflow__CWE135_54e_goodG2BSink(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_54e_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); 0 --------------------------------- 37835 70433/CWE122_Heap_Based_Buffer_Overflow__CWE135_61.c String_Termination_Error 34 void * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__CWE135_61b_badSource(data); void * CWE122_Heap_Based_Buffer_Overflow__CWE135_61b_badSource(void * data) wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; return data; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37836 70433/CWE122_Heap_Based_Buffer_Overflow__CWE135_61.c String_Termination_Error 56 void * data; data = NULL; data = CWE122_Heap_Based_Buffer_Overflow__CWE135_61b_goodG2BSource(data); void * CWE122_Heap_Based_Buffer_Overflow__CWE135_61b_goodG2BSource(void * data) char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; return data; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37837 70435/CWE122_Heap_Based_Buffer_Overflow__CWE135_63.c String_Termination_Error 161 void * data; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_63b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_63b_goodG2BSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37838 70435/CWE122_Heap_Based_Buffer_Overflow__CWE135_63.c String_Termination_Error 143 void * data; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_63b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_63b_badSink(void * * dataPtr) void * data = *dataPtr; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37839 70436/CWE122_Heap_Based_Buffer_Overflow__CWE135_64.c String_Termination_Error 146 void * data; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_64b_badSink(&data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_64b_badSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = strlen((char *)data); 1 --------------------------------- 37840 70436/CWE122_Heap_Based_Buffer_Overflow__CWE135_64.c String_Termination_Error 167 void * data; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_64b_goodG2BSink(&data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_64b_goodG2BSink(void * dataVoidPtr) void * * dataPtr = (void * *)dataVoidPtr; void * data = (*dataPtr); size_t dataLen = strlen((char *)data); 0 --------------------------------- 37841 70437/CWE122_Heap_Based_Buffer_Overflow__CWE135_65.c String_Termination_Error 147 void * data; void (*funcPtr) (void *) = CWE122_Heap_Based_Buffer_Overflow__CWE135_65b_badSink; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_65b_badSink(void * data) size_t dataLen = strlen((char *)data); 1 --------------------------------- 37842 70437/CWE122_Heap_Based_Buffer_Overflow__CWE135_65.c String_Termination_Error 164 void * data; void (*funcPtr) (void *) = CWE122_Heap_Based_Buffer_Overflow__CWE135_65b_goodG2BSink; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; funcPtr(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_65b_goodG2BSink(void * data) size_t dataLen = strlen((char *)data); 0 --------------------------------- 37843 70438/CWE122_Heap_Based_Buffer_Overflow__CWE135_66.c String_Termination_Error 169 void * data; void * dataArray[5]; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__CWE135_66b_goodG2BSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__CWE135_66b_goodG2BSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37844 70438/CWE122_Heap_Based_Buffer_Overflow__CWE135_66.c String_Termination_Error 151 void * data; void * dataArray[5]; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; dataArray[2] = data; CWE122_Heap_Based_Buffer_Overflow__CWE135_66b_badSink(dataArray); void CWE122_Heap_Based_Buffer_Overflow__CWE135_66b_badSink(void * dataArray[]) void * data = dataArray[2]; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37845 70439/CWE122_Heap_Based_Buffer_Overflow__CWE135_67.c String_Termination_Error 177 void * data; CWE122_Heap_Based_Buffer_Overflow__CWE135_67_structType myStruct; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__CWE135_67b_goodG2BSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__CWE135_67b_goodG2BSink(CWE122_Heap_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37846 70439/CWE122_Heap_Based_Buffer_Overflow__CWE135_67.c String_Termination_Error 159 void * data; CWE122_Heap_Based_Buffer_Overflow__CWE135_67_structType myStruct; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; myStruct.structFirst = data; CWE122_Heap_Based_Buffer_Overflow__CWE135_67b_badSink(myStruct); void CWE122_Heap_Based_Buffer_Overflow__CWE135_67b_badSink(CWE122_Heap_Based_Buffer_Overflow__CWE135_67_structType myStruct) void * data = myStruct.structFirst; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37847 70440/CWE122_Heap_Based_Buffer_Overflow__CWE135_68.c String_Termination_Error 154 void * data; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_68_badData = data; CWE122_Heap_Based_Buffer_Overflow__CWE135_68b_badSink(); void * data = CWE122_Heap_Based_Buffer_Overflow__CWE135_68_badData; size_t dataLen = strlen((char *)data); 1 --------------------------------- 37848 70440/CWE122_Heap_Based_Buffer_Overflow__CWE135_68.c String_Termination_Error 172 void * data; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_68_goodG2BData = data; CWE122_Heap_Based_Buffer_Overflow__CWE135_68b_goodG2BSink(); void * data = CWE122_Heap_Based_Buffer_Overflow__CWE135_68_goodG2BData; size_t dataLen = strlen((char *)data); 0 --------------------------------- 37849 70444/CWE122_Heap_Based_Buffer_Overflow__CWE135_81_bad.cpp String_Termination_Error 29 void * data; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; const CWE122_Heap_Based_Buffer_Overflow__CWE135_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__CWE135_81_bad(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_81_bad::action(void * data) const size_t dataLen = strlen((char *)data); 1 --------------------------------- 37850 70444/CWE122_Heap_Based_Buffer_Overflow__CWE135_81_goodG2B.cpp String_Termination_Error 29 void * data; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; const CWE122_Heap_Based_Buffer_Overflow__CWE135_81_base& baseObject = CWE122_Heap_Based_Buffer_Overflow__CWE135_81_goodG2B(); baseObject.action(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_81_goodG2B::action(void * data) const size_t dataLen = strlen((char *)data); 0 --------------------------------- 37851 70445/CWE122_Heap_Based_Buffer_Overflow__CWE135_82_bad.cpp String_Termination_Error 29 void * data; data = NULL; wchar_t * dataBadBuffer = (wchar_t *)malloc(50*sizeof(wchar_t)); wmemset(dataBadBuffer, L'A', 50-1); dataBadBuffer[50-1] = L'\0'; data = (void *)dataBadBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__CWE135_82_bad; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_82_bad::action(void * data) size_t dataLen = strlen((char *)data); 1 --------------------------------- 37852 70445/CWE122_Heap_Based_Buffer_Overflow__CWE135_82_goodG2B.cpp String_Termination_Error 29 void * data; data = NULL; char * dataGoodBuffer = (char *)malloc(50*sizeof(char)); memset(dataGoodBuffer, 'A', 50-1); dataGoodBuffer[50-1] = '\0'; data = (void *)dataGoodBuffer; CWE122_Heap_Based_Buffer_Overflow__CWE135_82_base* baseObject = new CWE122_Heap_Based_Buffer_Overflow__CWE135_82_goodG2B; baseObject->action(data); void CWE122_Heap_Based_Buffer_Overflow__CWE135_82_goodG2B::action(void * data) size_t dataLen = strlen((char *)data); 0 --------------------------------- 37853 70448/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_01.c Buffer_Overflow_Indexes 212 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37854 70448/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_01.c Buffer_Overflow_Indexes 83 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37855 70449/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_02.c Buffer_Overflow_Indexes 283 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37856 70449/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_02.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37857 70449/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_02.c Buffer_Overflow_Indexes 184 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37858 70450/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_03.c Buffer_Overflow_Indexes 283 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37859 70450/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_03.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37860 70450/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_03.c Buffer_Overflow_Indexes 184 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37861 70451/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_04.c Buffer_Overflow_Indexes 91 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37862 70451/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_04.c Buffer_Overflow_Indexes 190 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37863 70451/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_04.c Buffer_Overflow_Indexes 289 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37864 70452/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_05.c Buffer_Overflow_Indexes 91 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37865 70452/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_05.c Buffer_Overflow_Indexes 190 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37866 70452/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_05.c Buffer_Overflow_Indexes 289 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37867 70453/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_06.c Buffer_Overflow_Indexes 189 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37868 70453/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_06.c Buffer_Overflow_Indexes 288 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37869 70453/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_06.c Buffer_Overflow_Indexes 90 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37870 70454/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_07.c Buffer_Overflow_Indexes 189 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37871 70454/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_07.c Buffer_Overflow_Indexes 288 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37872 70454/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_07.c Buffer_Overflow_Indexes 90 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37873 70455/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_08.c Buffer_Overflow_Indexes 197 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37874 70455/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_08.c Buffer_Overflow_Indexes 296 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37875 70455/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_08.c Buffer_Overflow_Indexes 98 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37876 70456/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_09.c Buffer_Overflow_Indexes 283 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37877 70456/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_09.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37878 70456/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_09.c Buffer_Overflow_Indexes 184 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37879 70457/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_10.c Buffer_Overflow_Indexes 283 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37880 70457/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_10.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37881 70457/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_10.c Buffer_Overflow_Indexes 184 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37882 70458/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_11.c Buffer_Overflow_Indexes 283 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37883 70458/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_11.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37884 70458/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_11.c Buffer_Overflow_Indexes 184 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37885 70459/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_12.c Buffer_Overflow_Indexes 219 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37886 70459/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_12.c Buffer_Overflow_Indexes 278 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37887 70459/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_12.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37888 70460/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_13.c Buffer_Overflow_Indexes 283 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37889 70460/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_13.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37890 70460/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_13.c Buffer_Overflow_Indexes 184 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37891 70461/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_14.c Buffer_Overflow_Indexes 283 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37892 70461/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_14.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37893 70461/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_14.c Buffer_Overflow_Indexes 184 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37894 70462/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_15.c Buffer_Overflow_Indexes 86 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37895 70462/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_15.c Buffer_Overflow_Indexes 197 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37896 70462/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_15.c Buffer_Overflow_Indexes 303 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37897 70463/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_16.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37898 70463/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_16.c Buffer_Overflow_Indexes 186 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37899 70464/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_17.c Buffer_Overflow_Indexes 86 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37900 70464/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_17.c Buffer_Overflow_Indexes 186 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37901 70465/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_18.c Buffer_Overflow_Indexes 182 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37902 70465/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_18.c Buffer_Overflow_Indexes 85 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37903 70466/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_21.c Buffer_Overflow_Indexes 118 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); badSink(data); static void badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37904 70466/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_21.c Buffer_Overflow_Indexes 229 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2G1Sink(data); static void goodB2G1Sink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37905 70466/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_21.c Buffer_Overflow_Indexes 326 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); goodB2G2Sink(data); static void goodB2G2Sink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37906 70467/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22.c Buffer_Overflow_Indexes 165 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22_goodB2G1Sink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22_goodB2G1Sink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37907 70467/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22.c Buffer_Overflow_Indexes 88 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22_badSink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22_badSink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37908 70467/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22.c Buffer_Overflow_Indexes 233 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22_goodB2G2Sink(data); void CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_22_goodB2G2Sink(int data) int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37909 70468/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_31.c Buffer_Overflow_Indexes 220 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37910 70468/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_31.c Buffer_Overflow_Indexes 83 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int dataCopy = data; int data = dataCopy; int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37911 70469/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_32.c Buffer_Overflow_Indexes 87 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int data = *dataPtr2; int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0) buffer[data] = 1; 1 --------------------------------- 37912 70469/CWE122_Heap_Based_Buffer_Overflow__c_CWE129_connect_socket_32.c Buffer_Overflow_Indexes 234 recvResult = recv(connectSocket, inputBuffer, CHAR_ARRAY_SIZE - 1, 0); if (recvResult == SOCKET_ERROR || recvResult == 0) inputBuffer[recvResult] = '\0'; data = atoi(inputBuffer); int data = *dataPtr2; int * buffer = (int *)malloc(10 * sizeof(int)); buffer[i] = 0; if (data >= 0 && data < (10)) buffer[data] = 1; 0 --------------------------------- 37913 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c Format_String_Attack 258 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticFive==5) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 37914 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c Buffer_Overflow_LowBound 388 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticFive!=5){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37915 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c Buffer_Overflow_LowBound 158 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticFive==5) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37916 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c Buffer_Overflow_LowBound 353 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive!=5){} else strcpy(data, "fixedstringtest"); if(staticFive==5) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37917 79344/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_07.c Buffer_Overflow_LowBound 60 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) strcpy(data, "fixedstringtest"); if(staticFive==5) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37918 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c Buffer_Overflow_LowBound 396 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticReturnsTrue()) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 37919 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c Buffer_Overflow_LowBound 166 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticReturnsFalse()){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37920 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c Buffer_Overflow_LowBound 361 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(staticReturnsTrue()) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37921 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c Buffer_Overflow_LowBound 68 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsFalse()){} else strcpy(data, "fixedstringtest"); if(staticReturnsTrue()) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37922 79345/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_08.c Buffer_Overflow_LowBound 266 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) strcpy(data, "fixedstringtest"); if(staticReturnsTrue()) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37923 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c Buffer_Overflow_LowBound 383 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(GLOBAL_CONST_TRUE) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 37924 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c Buffer_Overflow_LowBound 55 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(GLOBAL_CONST_FALSE){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37925 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c Buffer_Overflow_LowBound 253 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(GLOBAL_CONST_TRUE) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37926 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c Buffer_Overflow_LowBound 348 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FALSE){} else strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_TRUE) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37927 79346/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_09.c Buffer_Overflow_LowBound 153 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_TRUE) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37928 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c Buffer_Overflow_LowBound 383 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalTrue) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 37929 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c Buffer_Overflow_LowBound 55 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalFalse){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37930 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c Buffer_Overflow_LowBound 253 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalTrue) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37931 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c Buffer_Overflow_LowBound 348 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFalse){} else strcpy(data, "fixedstringtest"); if(globalTrue) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37932 79347/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_10.c Buffer_Overflow_LowBound 153 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) strcpy(data, "fixedstringtest"); if(globalTrue) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37933 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c Buffer_Overflow_LowBound 383 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalReturnsTrue()) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 37934 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c Buffer_Overflow_LowBound 55 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalReturnsFalse()){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37935 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c Buffer_Overflow_LowBound 253 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalReturnsTrue()) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37936 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c Buffer_Overflow_LowBound 348 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsFalse()){} else strcpy(data, "fixedstringtest"); if(globalReturnsTrue()) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37937 79348/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_11.c Buffer_Overflow_LowBound 153 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) strcpy(data, "fixedstringtest"); if(globalReturnsTrue()) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37938 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c Buffer_Overflow_LowBound 383 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(GLOBAL_CONST_FIVE==5) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 37939 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c Buffer_Overflow_LowBound 55 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(GLOBAL_CONST_FIVE!=5){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37940 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c Buffer_Overflow_LowBound 253 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(GLOBAL_CONST_FIVE==5) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37941 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c Buffer_Overflow_LowBound 348 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE!=5){} else strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_FIVE==5) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37942 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c Buffer_Overflow_LowBound 153 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_FIVE==5) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37943 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c Buffer_Overflow_cpycat 368 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 37944 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c Buffer_Overflow_cpycat 398 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 37945 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c String_Termination_Error 176 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 37946 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c String_Termination_Error 276 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 37947 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c String_Termination_Error 216 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 37948 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c String_Termination_Error 117 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 37949 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c String_Termination_Error 316 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 37950 79350/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_13.c String_Termination_Error 77 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 37951 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c Buffer_Overflow_LowBound 383 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalFive==5) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 37952 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c Buffer_Overflow_LowBound 55 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalFive!=5){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37953 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c Buffer_Overflow_LowBound 253 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; if(globalFive==5) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37954 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c Buffer_Overflow_LowBound 348 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive!=5){} else strcpy(data, "fixedstringtest"); if(globalFive==5) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37955 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c Buffer_Overflow_LowBound 153 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) strcpy(data, "fixedstringtest"); if(globalFive==5) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37956 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c Buffer_Overflow_cpycat 368 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 37957 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c Buffer_Overflow_cpycat 398 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 37958 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c String_Termination_Error 176 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 37959 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c String_Termination_Error 276 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 37960 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c String_Termination_Error 216 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 37961 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c String_Termination_Error 117 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 37962 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c String_Termination_Error 316 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 37963 79351/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_14.c String_Termination_Error 77 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 37964 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c Buffer_Overflow_LowBound 55 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; break; default: break; switch(7) case 7: badVaSinkB(data, data); static void badVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 37965 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c Buffer_Overflow_LowBound 165 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; break; default: break; switch(8) case 7: break; default: goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37966 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c Buffer_Overflow_LowBound 272 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; break; default: break; switch(7) case 7: goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37967 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c Buffer_Overflow_LowBound 379 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(5) case 6: break; default: strcpy(data, "fixedstringtest"); break; switch(7) case 7: goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37968 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c Buffer_Overflow_LowBound 421 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: strcpy(data, "fixedstringtest"); break; default: break; switch(7) case 7: goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37969 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c Buffer_Overflow_cpycat 399 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 37970 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c Buffer_Overflow_cpycat 437 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 37971 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c String_Termination_Error 189 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 37972 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c String_Termination_Error 78 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 37973 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c String_Termination_Error 296 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 37974 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c String_Termination_Error 229 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 37975 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c String_Termination_Error 336 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 37976 79352/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_15.c String_Termination_Error 118 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 37977 79353/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_16.c Buffer_Overflow_LowBound 155 char * data; char dataBuffer[100] = ""; data = dataBuffer; while(1) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; break; while(1) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); break; 1 --------------------------------- 37978 79353/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_16.c Buffer_Overflow_LowBound 252 char * data; char dataBuffer[100] = ""; data = dataBuffer; while(1) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; break; while(1) goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); break; 0 --------------------------------- 37979 79353/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_16.c Buffer_Overflow_LowBound 55 char * data; char dataBuffer[100] = ""; data = dataBuffer; while(1) strcpy(data, "fixedstringtest"); break; while(1) goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); break; 0 --------------------------------- 37980 79353/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_16.c Buffer_Overflow_cpycat 267 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 37981 79353/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_16.c String_Termination_Error 77 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); size_t dataLen = strlen(data); 0 --------------------------------- 37982 79353/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_16.c String_Termination_Error 178 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); size_t dataLen = strlen(data); 0 --------------------------------- 37983 79354/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_17.c Buffer_Overflow_LowBound 55 char * data; char dataBuffer[100] = ""; data = dataBuffer; for(i = 0; i < 1; i++) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; for(j = 0; j < 1; j++) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 37984 79354/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_17.c Buffer_Overflow_LowBound 250 char * data; char dataBuffer[100] = ""; data = dataBuffer; for(i = 0; i < 1; i++) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; for(k = 0; k < 1; k++) goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37985 79354/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_17.c Buffer_Overflow_LowBound 154 char * data; char dataBuffer[100] = ""; data = dataBuffer; for(h = 0; h < 1; h++) strcpy(data, "fixedstringtest"); for(j = 0; j < 1; j++) goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37986 79354/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_17.c Buffer_Overflow_cpycat 266 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 37987 79354/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_17.c String_Termination_Error 78 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); size_t dataLen = strlen(data); 0 --------------------------------- 37988 79354/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_17.c String_Termination_Error 178 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); size_t dataLen = strlen(data); 0 --------------------------------- 37989 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c Buffer_Overflow_LowBound 55 char dataBuffer[100] = ""; data = dataBuffer; goto source; source: recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; goto sink; sink: badVaSinkB(data, data); static void badVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 37990 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c Buffer_Overflow_LowBound 244 char * data; char dataBuffer[100] = ""; data = dataBuffer; goto source; source: recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; goto sink; sink: goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37991 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c Buffer_Overflow_LowBound 151 char * data; char dataBuffer[100] = ""; data = dataBuffer; goto source; source: strcpy(data, "fixedstringtest"); goto sink; sink: goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 37992 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c Buffer_Overflow_cpycat 259 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 37993 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c String_Termination_Error 214 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 37994 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c String_Termination_Error 77 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 37995 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c String_Termination_Error 174 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 37996 79355/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_18.c String_Termination_Error 117 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 37997 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c Buffer_Overflow_LowBound 260 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; badStatic = 1; badVaSink(data, data); static void badVaSink(char * data, ...) if(badStatic) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 37998 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c Buffer_Overflow_LowBound 353 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; goodB2G1Static = 0; goodB2G1_vasink(data, data); static void goodB2G1_vasink(char * data, ...) if(goodB2G1Static){} else char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 37999 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c Buffer_Overflow_LowBound 60 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; goodB2G2Static = 1; goodB2G2_vasink(data, data); static void goodB2G2_vasink(char * data, ...) if(goodB2G2Static) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38000 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c Buffer_Overflow_LowBound 167 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BStatic = 1; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) if(goodG2BStatic) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38001 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c Buffer_Overflow_cpycat 366 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38002 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c String_Termination_Error 188 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38003 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c String_Termination_Error 121 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38004 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c String_Termination_Error 321 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38005 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c String_Termination_Error 281 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38006 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c String_Termination_Error 81 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38007 79356/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_21.c String_Termination_Error 228 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38008 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c Buffer_Overflow_LowBound 450 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_badGlobal = 1; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_badVaSink(data, data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_badVaSink(char * data, ...) if(CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_badGlobal) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38009 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c Buffer_Overflow_LowBound 385 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodB2G1Global = 0; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodB2G1_vasink(data, data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodB2G1_vasink(char * data, ...) if(CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodB2G1Global){} else char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38010 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c Buffer_Overflow_LowBound 416 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodB2G2Global = 1; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodB2G2_vasink(data, data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodB2G2_vasink(char * data, ...) if(CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodB2G2Global) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38011 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c Buffer_Overflow_LowBound 433 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodG2BGlobal = 1; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodG2BVaSink(data, data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodG2BVaSink(char * data, ...) if(CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22_goodG2BGlobal) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38012 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c Buffer_Overflow_cpycat 305 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38013 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c String_Termination_Error 107 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38014 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c String_Termination_Error 155 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38015 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c String_Termination_Error 234 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38016 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c String_Termination_Error 67 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38017 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c String_Termination_Error 274 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38018 79357/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_22.c String_Termination_Error 195 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38019 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c Buffer_Overflow_LowBound 180 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; char * dataCopy = data; char * data = dataCopy; badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38020 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c Buffer_Overflow_LowBound 55 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); char * dataCopy = data; char * data = dataCopy; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38021 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c Buffer_Overflow_LowBound 152 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; char * dataCopy = data; char * data = dataCopy; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38022 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c Buffer_Overflow_cpycat 164 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38023 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c String_Termination_Error 240 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38024 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c String_Termination_Error 115 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38025 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c String_Termination_Error 75 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38026 79358/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_31.c String_Termination_Error 200 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38027 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c Buffer_Overflow_LowBound 55 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; *dataPtr1 = data; char * data = *dataPtr2; badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38028 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c Buffer_Overflow_LowBound 190 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; strcpy(data, "fixedstringtest"); *dataPtr1 = data; char * data = *dataPtr2; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38029 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c Buffer_Overflow_LowBound 157 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; *dataPtr1 = data; char * data = *dataPtr2; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38030 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c Buffer_Overflow_cpycat 173 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38031 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c String_Termination_Error 119 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38032 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c String_Termination_Error 79 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38033 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c String_Termination_Error 254 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38034 79359/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_32.c String_Termination_Error 214 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38035 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c Buffer_Overflow_LowBound 187 typedef union char * unionFirst; char * unionSecond; } CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34_unionType; char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; char * dataCopy = data; char * data = dataCopy; badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38036 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c Buffer_Overflow_LowBound 158 typedef union char * unionFirst; char * unionSecond; } CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34_unionType; char * data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); myUnion.unionFirst = data; char * data = myUnion.unionSecond; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38037 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c Buffer_Overflow_LowBound 61 typedef union char * unionFirst; char * unionSecond; } CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34_unionType; char * data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38038 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38039 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c String_Termination_Error 208 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38040 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c String_Termination_Error 121 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38041 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c String_Termination_Error 81 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38042 79361/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_34.c String_Termination_Error 248 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38043 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c Buffer_Overflow_LowBound 55 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; badSink(data); static void badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38044 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c Buffer_Overflow_LowBound 182 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BSink(data); static void goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38045 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c Buffer_Overflow_LowBound 153 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; goodB2GSink(data); static void goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38046 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c Buffer_Overflow_cpycat 170 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38047 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c String_Termination_Error 207 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38048 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c String_Termination_Error 80 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38049 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c String_Termination_Error 247 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38050 79362/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_41.c String_Termination_Error 120 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38051 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c Buffer_Overflow_LowBound 127 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; return data; badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38052 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c Buffer_Overflow_LowBound 161 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) strcpy(data, "fixedstringtest"); return data; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38053 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c Buffer_Overflow_LowBound 256 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; return data; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38054 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c Buffer_Overflow_cpycat 150 char dataBuffer[100] = ""; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) strcpy(data, "fixedstringtest"); 0 --------------------------------- 38055 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c String_Termination_Error 59 char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); 0 --------------------------------- 38056 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c String_Termination_Error 99 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38057 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c String_Termination_Error 188 char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); 0 --------------------------------- 38058 79363/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_42.c String_Termination_Error 228 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38059 79365/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_44.c Buffer_Overflow_LowBound 151 char * data; void (*funcPtr) (char *, ...) = badVaSink; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; funcPtr(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38060 79365/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_44.c Buffer_Overflow_LowBound 176 char * data; void (*funcPtr) (char *, ...) = goodG2BVaSink; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); funcPtr(data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38061 79365/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_44.c Buffer_Overflow_LowBound 55 char * data; void (*funcPtr) (char *, ...) = goodB2GVaSink; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; funcPtr(data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38062 79365/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_44.c Buffer_Overflow_cpycat 164 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38063 79365/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_44.c String_Termination_Error 197 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38064 79365/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_44.c String_Termination_Error 237 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38065 79365/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_44.c String_Termination_Error 117 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38066 79365/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_44.c String_Termination_Error 77 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38067 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c Buffer_Overflow_LowBound 159 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45_badData = data; badSink(); static void badSink() char * data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45_badData; badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38068 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c Buffer_Overflow_LowBound 190 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45_goodG2BData; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38069 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c Buffer_Overflow_LowBound 59 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() char * data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45_goodB2GData; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38070 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c Buffer_Overflow_cpycat 177 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38071 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c String_Termination_Error 256 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38072 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c String_Termination_Error 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38073 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c String_Termination_Error 125 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38074 79366/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_45.c String_Termination_Error 216 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38075 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c Buffer_Overflow_LowBound 311 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51b_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51b_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38076 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c Buffer_Overflow_LowBound 334 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51b_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38077 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c Buffer_Overflow_LowBound 353 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51b_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38078 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c Buffer_Overflow_cpycat 139 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38079 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c String_Termination_Error 200 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38080 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c String_Termination_Error 65 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38081 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c String_Termination_Error 105 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38082 79367/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_51.c String_Termination_Error 160 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38083 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c Buffer_Overflow_LowBound 432 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52b_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52c_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52c_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38084 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c Buffer_Overflow_LowBound 390 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52c_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38085 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c Buffer_Overflow_LowBound 413 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52c_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38086 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c Buffer_Overflow_cpycat 139 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38087 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c String_Termination_Error 200 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38088 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c String_Termination_Error 65 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38089 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c String_Termination_Error 105 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38090 79368/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_52.c String_Termination_Error 160 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38091 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c Buffer_Overflow_LowBound 492 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53b_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53c_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53c_badSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53d_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53d_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38092 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c Buffer_Overflow_LowBound 511 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53c_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53d_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53d_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38093 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c Buffer_Overflow_LowBound 469 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53c_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53d_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53d_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38094 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c Buffer_Overflow_cpycat 139 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38095 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c String_Termination_Error 200 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38096 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c String_Termination_Error 65 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38097 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c String_Termination_Error 105 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38098 79369/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_53.c String_Termination_Error 160 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38099 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c Buffer_Overflow_LowBound 590 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54b_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54c_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54c_badSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54d_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54d_badSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54e_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54e_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38100 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c Buffer_Overflow_LowBound 548 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54c_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54c_badSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54d_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54d_badSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54e_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54e_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38101 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c Buffer_Overflow_LowBound 571 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54c_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54c_badSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54d_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54d_badSink(char * data) CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54e_badSink(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54e_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38102 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c Buffer_Overflow_cpycat 139 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38103 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c String_Termination_Error 200 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38104 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c String_Termination_Error 65 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38105 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c String_Termination_Error 105 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38106 79370/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_54.c String_Termination_Error 160 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38107 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c Buffer_Overflow_LowBound 87 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_badSource(data); char * CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_badSource(char * data) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; return data; badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38108 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c Buffer_Overflow_LowBound 58 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_goodG2BSource(data); char * CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_goodG2BSource(char * data) strcpy(data, "fixedstringtest"); return data; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38109 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c Buffer_Overflow_LowBound 112 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_goodB2GSource(char * data) recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; return data; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38110 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c Buffer_Overflow_cpycat 290 char * CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_goodG2BSource(char * data) strcpy(data, "fixedstringtest"); 0 --------------------------------- 38111 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c String_Termination_Error 221 char * CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_badSource(char * data) size_t dataLen = strlen(data); 0 --------------------------------- 38112 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c String_Termination_Error 306 char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); 0 --------------------------------- 38113 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c String_Termination_Error 261 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38114 79371/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_61.c String_Termination_Error 346 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38115 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c Buffer_Overflow_LowBound 355 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63b_badSink(char * * dataPtr) char * data = *dataPtr; badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38116 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c Buffer_Overflow_LowBound 311 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63b_goodG2BSink(&data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38117 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c Buffer_Overflow_LowBound 335 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63b_goodB2GSink(char * * dataPtr) char * data = *dataPtr; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38118 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c Buffer_Overflow_cpycat 139 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38119 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c String_Termination_Error 200 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38120 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c String_Termination_Error 65 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38121 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c String_Termination_Error 105 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38122 79373/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_63.c String_Termination_Error 160 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38123 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c Buffer_Overflow_LowBound 311 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38124 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c Buffer_Overflow_LowBound 338 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64b_goodG2BSink(&data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38125 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c Buffer_Overflow_LowBound 361 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64b_goodB2GSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38126 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c Buffer_Overflow_cpycat 139 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38127 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c String_Termination_Error 200 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38128 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c String_Termination_Error 65 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38129 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c String_Termination_Error 105 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38130 79374/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_64.c String_Termination_Error 160 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38131 79375/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65.c Buffer_Overflow_LowBound 348 char * data; void (*funcPtr) (char *, ...) = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65b_badVaSink; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; funcPtr(data, data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65b_badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38132 79375/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65.c Buffer_Overflow_LowBound 316 char * data; void (*funcPtr) (char *, ...) = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65b_goodG2BVaSink; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); funcPtr(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65b_goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38133 79375/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65.c Buffer_Overflow_LowBound 334 char * data; void (*funcPtr) (char *, ...) = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65b_goodB2GVaSink; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; funcPtr(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65b_goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38134 79375/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65.c Buffer_Overflow_cpycat 143 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38135 79375/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65.c String_Termination_Error 67 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38136 79375/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65.c String_Termination_Error 205 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38137 79375/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65.c String_Termination_Error 107 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38138 79375/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_65.c String_Termination_Error 165 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38139 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c Buffer_Overflow_LowBound 362 char * data; char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66b_badSink(dataArray); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38140 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c Buffer_Overflow_LowBound 342 char * data; char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66b_goodG2BSink(dataArray); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38141 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c Buffer_Overflow_LowBound 317 char * data; char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66b_goodB2GSink(dataArray); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66b_goodB2GSink(char * dataArray[]) char * data = dataArray[2]; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38142 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c Buffer_Overflow_cpycat 142 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38143 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c String_Termination_Error 205 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38144 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c String_Termination_Error 66 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38145 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c String_Termination_Error 165 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38146 79376/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_66.c String_Termination_Error 106 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38147 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c Buffer_Overflow_LowBound 370 typedef struct _CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType char * structFirst; } CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType; char * data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67b_badSink(myStruct); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67b_badSink(CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType myStruct) char * data = myStruct.structFirst; badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38148 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c Buffer_Overflow_LowBound 350 typedef struct _CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType char * structFirst; } CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType; char * data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67b_goodG2BSink(myStruct); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67b_goodG2BSink(CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType myStruct) char * data = myStruct.structFirst; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38149 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c Buffer_Overflow_LowBound 326 typedef struct _CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType char * structFirst; } CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType; char * data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67b_goodB2GSink(myStruct); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67b_goodB2GSink(CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67_structType myStruct) char * data = myStruct.structFirst; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38150 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c Buffer_Overflow_cpycat 146 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38151 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c String_Termination_Error 110 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38152 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c String_Termination_Error 70 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38153 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c String_Termination_Error 209 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38154 79377/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_67.c String_Termination_Error 169 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38155 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c Buffer_Overflow_LowBound 345 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68_badData = data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68b_badSink(); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68b_badSink() char * data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68_badData; badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38156 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c Buffer_Overflow_LowBound 365 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68_goodG2BData = data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68b_goodG2BSink(); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68b_goodG2BSink() char * data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68_goodG2BData; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38157 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c Buffer_Overflow_LowBound 321 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68_goodB2GData = data; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68b_goodB2GSink(); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68b_goodB2GSink() char * data = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68_goodB2GData; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38158 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c Buffer_Overflow_cpycat 145 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38159 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c String_Termination_Error 205 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38160 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c String_Termination_Error 165 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38161 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c String_Termination_Error 108 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38162 79378/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_68.c String_Termination_Error 68 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38163 79382/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_goodB2G.cpp Buffer_Overflow_LowBound 33 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; const CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_bad(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_bad::action(char * data) const badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38164 79382/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_goodG2B.cpp Format_String_Attack 33 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); const CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_goodG2B(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_goodG2B::action(char * data) const goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38165 79382/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_goodG2B.cpp Buffer_Overflow_LowBound 33 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; const CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_goodB2G(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81_goodB2G::action(char * data) const goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38166 79382/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81a.cpp Buffer_Overflow_cpycat 134 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38167 79382/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81a.cpp String_Termination_Error 101 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38168 79382/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81a.cpp String_Termination_Error 194 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38169 79382/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81a.cpp String_Termination_Error 61 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38170 79382/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_81a.cpp String_Termination_Error 154 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38171 79383/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_goodB2G.cpp Buffer_Overflow_LowBound 33 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_bad; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_bad::action(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 1 --------------------------------- 38172 79383/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_goodG2B.cpp Format_String_Attack 33 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_goodG2B; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_goodG2B::action(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, data, args); 0 --------------------------------- 38173 79383/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_goodG2B.cpp Buffer_Overflow_LowBound 33 char * data; char dataBuffer[100] = ""; data = dataBuffer; recvResult = recv(connectSocket, (char *)(data + dataLen), sizeof(char) * (100 - dataLen - 1), 0); if (recvResult == SOCKET_ERROR || recvResult == 0) break; data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); if (replace) *replace = '\0'; replace = strchr(data, '\n'); if (replace) *replace = '\0'; CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_goodB2G; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82_goodB2G::action(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) char dest[100] = ""; va_list args; va_start(args, data); vsnprintf(dest, 100-1, "%s", args); 0 --------------------------------- 38174 79383/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82a.cpp Buffer_Overflow_cpycat 135 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38175 79383/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82a.cpp String_Termination_Error 61 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38176 79383/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82a.cpp String_Termination_Error 101 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38177 79383/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82a.cpp String_Termination_Error 196 data[dataLen + recvResult / sizeof(char)] = '\0'; replace = strchr(data, '\r'); replace = strchr(data, '\n'); 0 --------------------------------- 38178 79383/CWE134_Uncontrolled_Format_String__char_connect_socket_w32_vsnprintf_82a.cpp String_Termination_Error 156 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); 0 --------------------------------- 38179 79386/CWE134_Uncontrolled_Format_String__char_console_fprintf_01.c Format_String_Attack 57 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; fprintf(stdout, data); 1 --------------------------------- 38180 79386/CWE134_Uncontrolled_Format_String__char_console_fprintf_01.c Format_String_Attack 108 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); fprintf(stdout, data); 0 --------------------------------- 38181 79386/CWE134_Uncontrolled_Format_String__char_console_fprintf_01.c Format_String_Attack 73 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; fprintf(stdout, "%s\n", data); 0 --------------------------------- 38182 79386/CWE134_Uncontrolled_Format_String__char_console_fprintf_01.c Buffer_Overflow_fgets 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38183 79386/CWE134_Uncontrolled_Format_String__char_console_fprintf_01.c Buffer_Overflow_fgets 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38184 79386/CWE134_Uncontrolled_Format_String__char_console_fprintf_01.c Buffer_Overflow_cpycat 71 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38185 79386/CWE134_Uncontrolled_Format_String__char_console_fprintf_01.c String_Termination_Error 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38186 79386/CWE134_Uncontrolled_Format_String__char_console_fprintf_01.c String_Termination_Error 93 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38187 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c Format_String_Attack 194 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(1) fprintf(stdout, data); 1 --------------------------------- 38188 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c Format_String_Attack 112 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(0){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38189 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c Format_String_Attack 153 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(1) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38190 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c Format_String_Attack 176 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(0){} else strcpy(data, "fixedstringtest"); if(1) fprintf(stdout, data); 0 --------------------------------- 38191 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c Format_String_Attack 62 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) strcpy(data, "fixedstringtest"); if(1) fprintf(stdout, data); 0 --------------------------------- 38192 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38193 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38194 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38195 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38196 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38197 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38198 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38199 79387/CWE134_Uncontrolled_Format_String__char_console_fprintf_02.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38200 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c Format_String_Attack 194 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(5==5) fprintf(stdout, data); 1 --------------------------------- 38201 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c Format_String_Attack 112 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(5!=5){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38202 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c Format_String_Attack 153 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(5==5) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38203 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c Format_String_Attack 176 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5!=5){} else strcpy(data, "fixedstringtest"); if(5==5) fprintf(stdout, data); 0 --------------------------------- 38204 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c Format_String_Attack 62 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) strcpy(data, "fixedstringtest"); if(5==5) fprintf(stdout, data); 0 --------------------------------- 38205 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38206 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38207 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38208 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38209 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38210 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38211 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38212 79388/CWE134_Uncontrolled_Format_String__char_console_fprintf_03.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38213 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c Format_String_Attack 200 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_TRUE) fprintf(stdout, data); 1 --------------------------------- 38214 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c Format_String_Attack 159 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FALSE){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38215 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c Format_String_Attack 68 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_TRUE) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38216 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c Format_String_Attack 118 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FALSE){} else strcpy(data, "fixedstringtest"); if(STATIC_CONST_TRUE) fprintf(stdout, data); 0 --------------------------------- 38217 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c Format_String_Attack 182 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) strcpy(data, "fixedstringtest"); if(STATIC_CONST_TRUE) fprintf(stdout, data); 0 --------------------------------- 38218 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38219 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c Buffer_Overflow_fgets 91 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38220 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c Buffer_Overflow_fgets 137 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38221 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c Buffer_Overflow_cpycat 195 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38222 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c Buffer_Overflow_cpycat 177 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38223 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c String_Termination_Error 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38224 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38225 79389/CWE134_Uncontrolled_Format_String__char_console_fprintf_04.c String_Termination_Error 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38226 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c Format_String_Attack 200 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticTrue) fprintf(stdout, data); 1 --------------------------------- 38227 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c Format_String_Attack 159 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFalse){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38228 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c Format_String_Attack 68 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticTrue) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38229 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c Format_String_Attack 118 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFalse){} else strcpy(data, "fixedstringtest"); if(staticTrue) fprintf(stdout, data); 0 --------------------------------- 38230 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c Format_String_Attack 182 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) strcpy(data, "fixedstringtest"); if(staticTrue) fprintf(stdout, data); 0 --------------------------------- 38231 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38232 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c Buffer_Overflow_fgets 91 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38233 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c Buffer_Overflow_fgets 137 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38234 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c Buffer_Overflow_cpycat 195 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38235 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c Buffer_Overflow_cpycat 177 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38236 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c String_Termination_Error 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38237 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38238 79390/CWE134_Uncontrolled_Format_String__char_console_fprintf_05.c String_Termination_Error 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38239 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c Format_String_Attack 117 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FIVE==5) fprintf(stdout, data); 1 --------------------------------- 38240 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c Format_String_Attack 67 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FIVE!=5){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38241 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c Format_String_Attack 199 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FIVE==5) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38242 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c Format_String_Attack 158 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE!=5){} else strcpy(data, "fixedstringtest"); if(STATIC_CONST_FIVE==5) fprintf(stdout, data); 0 --------------------------------- 38243 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c Format_String_Attack 181 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) strcpy(data, "fixedstringtest"); if(STATIC_CONST_FIVE==5) fprintf(stdout, data); 0 --------------------------------- 38244 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c Buffer_Overflow_fgets 136 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38245 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c Buffer_Overflow_fgets 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38246 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c Buffer_Overflow_fgets 90 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38247 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c Buffer_Overflow_cpycat 176 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38248 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c Buffer_Overflow_cpycat 194 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38249 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c String_Termination_Error 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38250 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c String_Termination_Error 49 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38251 79391/CWE134_Uncontrolled_Format_String__char_console_fprintf_06.c String_Termination_Error 140 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38252 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c Format_String_Attack 117 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFive==5) fprintf(stdout, data); 1 --------------------------------- 38253 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c Format_String_Attack 67 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFive!=5){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38254 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c Format_String_Attack 199 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFive==5) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38255 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c Format_String_Attack 158 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive!=5){} else strcpy(data, "fixedstringtest"); if(staticFive==5) fprintf(stdout, data); 0 --------------------------------- 38256 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c Format_String_Attack 181 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) strcpy(data, "fixedstringtest"); if(staticFive==5) fprintf(stdout, data); 0 --------------------------------- 38257 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c Buffer_Overflow_fgets 136 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38258 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c Buffer_Overflow_fgets 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38259 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c Buffer_Overflow_fgets 90 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38260 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c Buffer_Overflow_cpycat 176 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38261 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c Buffer_Overflow_cpycat 194 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38262 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c String_Termination_Error 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38263 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c String_Termination_Error 49 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38264 79392/CWE134_Uncontrolled_Format_String__char_console_fprintf_07.c String_Termination_Error 140 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38265 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c Format_String_Attack 125 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticReturnsTrue()) fprintf(stdout, data); 1 --------------------------------- 38266 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c Format_String_Attack 75 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticReturnsFalse()){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38267 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c Format_String_Attack 207 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticReturnsTrue()) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38268 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c Format_String_Attack 166 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsFalse()){} else strcpy(data, "fixedstringtest"); if(staticReturnsTrue()) fprintf(stdout, data); 0 --------------------------------- 38269 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c Format_String_Attack 189 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) strcpy(data, "fixedstringtest"); if(staticReturnsTrue()) fprintf(stdout, data); 0 --------------------------------- 38270 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c Buffer_Overflow_fgets 144 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38271 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c Buffer_Overflow_fgets 53 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38272 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c Buffer_Overflow_fgets 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38273 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c Buffer_Overflow_cpycat 184 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38274 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c Buffer_Overflow_cpycat 202 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38275 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c String_Termination_Error 102 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38276 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c String_Termination_Error 57 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38277 79393/CWE134_Uncontrolled_Format_String__char_console_fprintf_08.c String_Termination_Error 148 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38278 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c Format_String_Attack 194 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_TRUE) fprintf(stdout, data); 1 --------------------------------- 38279 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c Format_String_Attack 112 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FALSE){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38280 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c Format_String_Attack 153 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_TRUE) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38281 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c Format_String_Attack 176 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FALSE){} else strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_TRUE) fprintf(stdout, data); 0 --------------------------------- 38282 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c Format_String_Attack 62 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_TRUE) fprintf(stdout, data); 0 --------------------------------- 38283 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38284 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38285 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38286 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38287 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38288 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38289 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38290 79394/CWE134_Uncontrolled_Format_String__char_console_fprintf_09.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38291 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c Format_String_Attack 194 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalTrue) fprintf(stdout, data); 1 --------------------------------- 38292 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c Format_String_Attack 112 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFalse){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38293 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c Format_String_Attack 153 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalTrue) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38294 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c Format_String_Attack 176 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFalse){} else strcpy(data, "fixedstringtest"); if(globalTrue) fprintf(stdout, data); 0 --------------------------------- 38295 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c Format_String_Attack 62 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) strcpy(data, "fixedstringtest"); if(globalTrue) fprintf(stdout, data); 0 --------------------------------- 38296 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38297 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38298 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38299 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38300 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38301 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38302 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38303 79395/CWE134_Uncontrolled_Format_String__char_console_fprintf_10.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38304 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c Format_String_Attack 194 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalReturnsTrue()) fprintf(stdout, data); 1 --------------------------------- 38305 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c Format_String_Attack 112 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalReturnsFalse()){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38306 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c Format_String_Attack 153 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalReturnsTrue()) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38307 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c Format_String_Attack 176 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsFalse()){} else strcpy(data, "fixedstringtest"); if(globalReturnsTrue()) fprintf(stdout, data); 0 --------------------------------- 38308 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c Format_String_Attack 62 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) strcpy(data, "fixedstringtest"); if(globalReturnsTrue()) fprintf(stdout, data); 0 --------------------------------- 38309 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38310 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38311 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38312 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38313 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38314 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38315 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38316 79396/CWE134_Uncontrolled_Format_String__char_console_fprintf_11.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38317 79397/CWE134_Uncontrolled_Format_String__char_console_fprintf_12.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38318 79397/CWE134_Uncontrolled_Format_String__char_console_fprintf_12.c Buffer_Overflow_fgets 125 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38319 79397/CWE134_Uncontrolled_Format_String__char_console_fprintf_12.c Buffer_Overflow_fgets 97 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38320 79397/CWE134_Uncontrolled_Format_String__char_console_fprintf_12.c Buffer_Overflow_cpycat 167 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38321 79397/CWE134_Uncontrolled_Format_String__char_console_fprintf_12.c Buffer_Overflow_cpycat 62 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38322 79397/CWE134_Uncontrolled_Format_String__char_console_fprintf_12.c Buffer_Overflow_cpycat 172 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38323 79397/CWE134_Uncontrolled_Format_String__char_console_fprintf_12.c String_Termination_Error 129 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38324 79397/CWE134_Uncontrolled_Format_String__char_console_fprintf_12.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38325 79397/CWE134_Uncontrolled_Format_String__char_console_fprintf_12.c String_Termination_Error 101 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38326 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c Format_String_Attack 194 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FIVE==5) fprintf(stdout, data); 1 --------------------------------- 38327 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c Format_String_Attack 112 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FIVE!=5){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38328 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c Format_String_Attack 153 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FIVE==5) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38329 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c Format_String_Attack 176 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE!=5){} else strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_FIVE==5) fprintf(stdout, data); 0 --------------------------------- 38330 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c Format_String_Attack 62 const int GLOBAL_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_FIVE==5) fprintf(stdout, data); 0 --------------------------------- 38331 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38332 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38333 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38334 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38335 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38336 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38337 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38338 79398/CWE134_Uncontrolled_Format_String__char_console_fprintf_13.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38339 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c Format_String_Attack 194 int globalFive = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFive==5) fprintf(stdout, data); 1 --------------------------------- 38340 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c Format_String_Attack 112 int globalFive = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFive!=5){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38341 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c Format_String_Attack 153 int globalFive = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFive==5) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38342 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c Format_String_Attack 176 int globalFive = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive!=5){} else strcpy(data, "fixedstringtest"); if(globalFive==5) fprintf(stdout, data); 0 --------------------------------- 38343 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c Format_String_Attack 62 int globalFive = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) strcpy(data, "fixedstringtest"); if(globalFive==5) fprintf(stdout, data); 0 --------------------------------- 38344 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38345 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38346 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38347 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38348 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38349 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38350 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38351 79399/CWE134_Uncontrolled_Format_String__char_console_fprintf_14.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38352 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c Format_String_Attack 130 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; default: break; switch(7) case 7: fprintf(stdout, data); break; default: break; 1 --------------------------------- 38353 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c Format_String_Attack 209 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; default: break; switch(8) case 7: break; default: fprintf(stdout, "%s\n", data); break; 0 --------------------------------- 38354 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c Format_String_Attack 239 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; default: break; switch(7) case 7: fprintf(stdout, "%s\n", data); break; default: break; 0 --------------------------------- 38355 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c Format_String_Attack 179 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(5) case 6: break; default: strcpy(data, "fixedstringtest"); break; switch(7) case 7: fprintf(stdout, data); break; default: break; 0 --------------------------------- 38356 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c Format_String_Attack 69 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: strcpy(data, "fixedstringtest"); break; default: break; switch(7) case 7: fprintf(stdout, data); break; default: break; 0 --------------------------------- 38357 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c Buffer_Overflow_fgets 151 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38358 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38359 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c Buffer_Overflow_fgets 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38360 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c Buffer_Overflow_cpycat 228 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38361 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c Buffer_Overflow_cpycat 202 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38362 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c String_Termination_Error 102 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38363 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38364 79400/CWE134_Uncontrolled_Format_String__char_console_fprintf_15.c String_Termination_Error 155 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38365 79401/CWE134_Uncontrolled_Format_String__char_console_fprintf_16.c Format_String_Attack 130 char * data; char dataBuffer[100] = ""; data = dataBuffer; while(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; while(1) fprintf(stdout, data); break; 1 --------------------------------- 38366 79401/CWE134_Uncontrolled_Format_String__char_console_fprintf_16.c Format_String_Attack 63 char * data; char dataBuffer[100] = ""; data = dataBuffer; while(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; while(1) fprintf(stdout, "%s\n", data); break; 0 --------------------------------- 38367 79401/CWE134_Uncontrolled_Format_String__char_console_fprintf_16.c Format_String_Attack 110 char * data; char dataBuffer[100] = ""; data = dataBuffer; while(1) strcpy(data, "fixedstringtest"); break; while(1) fprintf(stdout, data); break; 0 --------------------------------- 38368 79401/CWE134_Uncontrolled_Format_String__char_console_fprintf_16.c Buffer_Overflow_fgets 87 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38369 79401/CWE134_Uncontrolled_Format_String__char_console_fprintf_16.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38370 79401/CWE134_Uncontrolled_Format_String__char_console_fprintf_16.c Buffer_Overflow_cpycat 124 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38371 79401/CWE134_Uncontrolled_Format_String__char_console_fprintf_16.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38372 79401/CWE134_Uncontrolled_Format_String__char_console_fprintf_16.c String_Termination_Error 82 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 38373 79401/CWE134_Uncontrolled_Format_String__char_console_fprintf_16.c String_Termination_Error 35 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 38374 79401/CWE134_Uncontrolled_Format_String__char_console_fprintf_16.c String_Termination_Error 91 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38375 79402/CWE134_Uncontrolled_Format_String__char_console_fprintf_17.c Format_String_Attack 109 char * data; char dataBuffer[100] = ""; data = dataBuffer; for(i = 0; i < 1; i++) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; for(j = 0; j < 1; j++) fprintf(stdout, data); 1 --------------------------------- 38376 79402/CWE134_Uncontrolled_Format_String__char_console_fprintf_17.c Format_String_Attack 63 char * data; char dataBuffer[100] = ""; data = dataBuffer; for(i = 0; i < 1; i++) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; for(k = 0; k < 1; k++) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38377 79402/CWE134_Uncontrolled_Format_String__char_console_fprintf_17.c Format_String_Attack 128 int h,j; char * data; char dataBuffer[100] = ""; data = dataBuffer; for(h = 0; h < 1; h++) strcpy(data, "fixedstringtest"); for(j = 0; j < 1; j++) fprintf(stdout, data); 0 --------------------------------- 38378 79402/CWE134_Uncontrolled_Format_String__char_console_fprintf_17.c Buffer_Overflow_fgets 87 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38379 79402/CWE134_Uncontrolled_Format_String__char_console_fprintf_17.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38380 79402/CWE134_Uncontrolled_Format_String__char_console_fprintf_17.c Buffer_Overflow_cpycat 123 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38381 79402/CWE134_Uncontrolled_Format_String__char_console_fprintf_17.c String_Termination_Error 36 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 38382 79402/CWE134_Uncontrolled_Format_String__char_console_fprintf_17.c String_Termination_Error 82 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 38383 79402/CWE134_Uncontrolled_Format_String__char_console_fprintf_17.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38384 79402/CWE134_Uncontrolled_Format_String__char_console_fprintf_17.c String_Termination_Error 91 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38385 79403/CWE134_Uncontrolled_Format_String__char_console_fprintf_18.c Format_String_Attack 120 char * data; char dataBuffer[100] = ""; data = dataBuffer; goto source; source: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goto sink; sink: fprintf(stdout, data); 1 --------------------------------- 38386 79403/CWE134_Uncontrolled_Format_String__char_console_fprintf_18.c Format_String_Attack 61 char * data; char dataBuffer[100] = ""; data = dataBuffer; goto source; source: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goto sink; sink: fprintf(stdout, "%s\n", data); 0 --------------------------------- 38387 79403/CWE134_Uncontrolled_Format_String__char_console_fprintf_18.c Format_String_Attack 104 char * data; char dataBuffer[100] = ""; data = dataBuffer; goto source; source: strcpy(data, "fixedstringtest"); goto sink; sink: fprintf(stdout, data); 0 --------------------------------- 38388 79403/CWE134_Uncontrolled_Format_String__char_console_fprintf_18.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38389 79403/CWE134_Uncontrolled_Format_String__char_console_fprintf_18.c Buffer_Overflow_fgets 83 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38390 79403/CWE134_Uncontrolled_Format_String__char_console_fprintf_18.c Buffer_Overflow_cpycat 116 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38391 79403/CWE134_Uncontrolled_Format_String__char_console_fprintf_18.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38392 79403/CWE134_Uncontrolled_Format_String__char_console_fprintf_18.c String_Termination_Error 87 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38393 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c Format_String_Attack 180 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; badStatic = 1; badSink(data); static void badSink(char * data) if(badStatic) fprintf(stdout, data); 1 --------------------------------- 38394 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c Format_String_Attack 92 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2G1Static = 0; goodB2G1Sink(data); static void goodB2G1Sink(char * data) if(goodB2G1Static){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38395 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c Format_String_Attack 34 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2G2Static = 1; goodB2G2Sink(data); static void goodB2G2Sink(char * data) if(goodB2G2Static) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38396 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c Format_String_Attack 136 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BStatic = 1; goodG2BSink(data); static void goodG2BSink(char * data) if(goodG2BStatic) fprintf(stdout, data); 0 --------------------------------- 38397 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c Buffer_Overflow_fgets 152 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38398 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c Buffer_Overflow_fgets 108 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38399 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c Buffer_Overflow_fgets 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38400 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c Buffer_Overflow_cpycat 190 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38401 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c String_Termination_Error 54 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38402 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c String_Termination_Error 156 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38403 79404/CWE134_Uncontrolled_Format_String__char_console_fprintf_21.c String_Termination_Error 112 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38404 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c Format_String_Attack 266 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_22_badGlobal = 1; CWE134_Uncontrolled_Format_String__char_console_fprintf_22_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_22_badSink(char * data) if(CWE134_Uncontrolled_Format_String__char_console_fprintf_22_badGlobal) fprintf(stdout, data); 1 --------------------------------- 38405 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c Format_String_Attack 276 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodB2G1Global = 0; CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodB2G1Sink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodB2G1Sink(char * data) if(CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodB2G1Global){} else fprintf(stdout, "%s\n", data); 0 --------------------------------- 38406 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c Format_String_Attack 232 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodB2G2Global = 1; CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodB2G2Sink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodB2G2Sink(char * data) if(CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodB2G2Global) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38407 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c Format_String_Attack 256 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodG2BGlobal = 1; CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodG2BSink(char * data) if(CWE134_Uncontrolled_Format_String__char_console_fprintf_22_goodG2BGlobal) fprintf(stdout, data); 0 --------------------------------- 38408 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c Buffer_Overflow_fgets 126 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38409 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c Buffer_Overflow_fgets 43 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38410 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c Buffer_Overflow_fgets 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38411 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c Buffer_Overflow_cpycat 157 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38412 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c String_Termination_Error 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38413 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c String_Termination_Error 130 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38414 79405/CWE134_Uncontrolled_Format_String__char_console_fprintf_22.c String_Termination_Error 93 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38415 79406/CWE134_Uncontrolled_Format_String__char_console_fprintf_31.c Format_String_Attack 60 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; fprintf(stdout, data); 1 --------------------------------- 38416 79406/CWE134_Uncontrolled_Format_String__char_console_fprintf_31.c Format_String_Attack 119 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); char * dataCopy = data; char * data = dataCopy; fprintf(stdout, data); 0 --------------------------------- 38417 79406/CWE134_Uncontrolled_Format_String__char_console_fprintf_31.c Format_String_Attack 80 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; fprintf(stdout, "%s\n", data); 0 --------------------------------- 38418 79406/CWE134_Uncontrolled_Format_String__char_console_fprintf_31.c Buffer_Overflow_fgets 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38419 79406/CWE134_Uncontrolled_Format_String__char_console_fprintf_31.c Buffer_Overflow_fgets 97 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38420 79406/CWE134_Uncontrolled_Format_String__char_console_fprintf_31.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38421 79406/CWE134_Uncontrolled_Format_String__char_console_fprintf_31.c String_Termination_Error 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38422 79406/CWE134_Uncontrolled_Format_String__char_console_fprintf_31.c String_Termination_Error 101 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38423 79407/CWE134_Uncontrolled_Format_String__char_console_fprintf_32.c Format_String_Attack 65 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; fprintf(stdout, data); 1 --------------------------------- 38424 79407/CWE134_Uncontrolled_Format_String__char_console_fprintf_32.c Format_String_Attack 90 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; strcpy(data, "fixedstringtest"); *dataPtr1 = data; char * data = *dataPtr2; fprintf(stdout, data); 0 --------------------------------- 38425 79407/CWE134_Uncontrolled_Format_String__char_console_fprintf_32.c Format_String_Attack 134 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; fprintf(stdout, "%s\n", data); 0 --------------------------------- 38426 79407/CWE134_Uncontrolled_Format_String__char_console_fprintf_32.c Buffer_Overflow_fgets 111 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38427 79407/CWE134_Uncontrolled_Format_String__char_console_fprintf_32.c Buffer_Overflow_fgets 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38428 79407/CWE134_Uncontrolled_Format_String__char_console_fprintf_32.c Buffer_Overflow_cpycat 84 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38429 79407/CWE134_Uncontrolled_Format_String__char_console_fprintf_32.c String_Termination_Error 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38430 79407/CWE134_Uncontrolled_Format_String__char_console_fprintf_32.c String_Termination_Error 115 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38431 79409/CWE134_Uncontrolled_Format_String__char_console_fprintf_34.c Format_String_Attack 67 typedef union char * unionFirst; char * unionSecond; } CWE134_Uncontrolled_Format_String__char_console_fprintf_34_unionType; char * data; CWE134_Uncontrolled_Format_String__char_console_fprintf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; fprintf(stdout, data); 1 --------------------------------- 38432 79409/CWE134_Uncontrolled_Format_String__char_console_fprintf_34.c Format_String_Attack 88 typedef union char * unionFirst; char * unionSecond; } CWE134_Uncontrolled_Format_String__char_console_fprintf_34_unionType; char * data; CWE134_Uncontrolled_Format_String__char_console_fprintf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); myUnion.unionFirst = data; char * data = myUnion.unionSecond; fprintf(stdout, data); 0 --------------------------------- 38433 79409/CWE134_Uncontrolled_Format_String__char_console_fprintf_34.c Format_String_Attack 128 typedef union char * unionFirst; char * unionSecond; } CWE134_Uncontrolled_Format_String__char_console_fprintf_34_unionType; char * data; CWE134_Uncontrolled_Format_String__char_console_fprintf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; fprintf(stdout, "%s\n", data); 0 --------------------------------- 38434 79409/CWE134_Uncontrolled_Format_String__char_console_fprintf_34.c Buffer_Overflow_fgets 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38435 79409/CWE134_Uncontrolled_Format_String__char_console_fprintf_34.c Buffer_Overflow_fgets 106 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38436 79409/CWE134_Uncontrolled_Format_String__char_console_fprintf_34.c Buffer_Overflow_cpycat 83 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38437 79409/CWE134_Uncontrolled_Format_String__char_console_fprintf_34.c String_Termination_Error 110 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38438 79409/CWE134_Uncontrolled_Format_String__char_console_fprintf_34.c String_Termination_Error 49 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38439 79410/CWE134_Uncontrolled_Format_String__char_console_fprintf_41.c Format_String_Attack 90 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; badSink(data); static void badSink(char * data) fprintf(stdout, data); 1 --------------------------------- 38440 79410/CWE134_Uncontrolled_Format_String__char_console_fprintf_41.c Format_String_Attack 73 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BSink(data); static void goodG2BSink(char * data) fprintf(stdout, data); 0 --------------------------------- 38441 79410/CWE134_Uncontrolled_Format_String__char_console_fprintf_41.c Format_String_Attack 29 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2GSink(data); static void goodB2GSink(char * data) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38442 79410/CWE134_Uncontrolled_Format_String__char_console_fprintf_41.c Buffer_Overflow_fgets 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38443 79410/CWE134_Uncontrolled_Format_String__char_console_fprintf_41.c Buffer_Overflow_fgets 105 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38444 79410/CWE134_Uncontrolled_Format_String__char_console_fprintf_41.c Buffer_Overflow_cpycat 82 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38445 79410/CWE134_Uncontrolled_Format_String__char_console_fprintf_41.c String_Termination_Error 109 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38446 79410/CWE134_Uncontrolled_Format_String__char_console_fprintf_41.c String_Termination_Error 48 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38447 79411/CWE134_Uncontrolled_Format_String__char_console_fprintf_42.c Format_String_Attack 63 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; fprintf(stdout, data); 1 --------------------------------- 38448 79411/CWE134_Uncontrolled_Format_String__char_console_fprintf_42.c Format_String_Attack 126 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) strcpy(data, "fixedstringtest"); return data; fprintf(stdout, data); 0 --------------------------------- 38449 79411/CWE134_Uncontrolled_Format_String__char_console_fprintf_42.c Format_String_Attack 85 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; fprintf(stdout, "%s\n", data); 0 --------------------------------- 38450 79411/CWE134_Uncontrolled_Format_String__char_console_fprintf_42.c Buffer_Overflow_fgets 35 char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38451 79411/CWE134_Uncontrolled_Format_String__char_console_fprintf_42.c Buffer_Overflow_fgets 98 char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38452 79411/CWE134_Uncontrolled_Format_String__char_console_fprintf_42.c Buffer_Overflow_cpycat 74 char dataBuffer[100] = ""; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) strcpy(data, "fixedstringtest"); 0 --------------------------------- 38453 79411/CWE134_Uncontrolled_Format_String__char_console_fprintf_42.c String_Termination_Error 102 char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38454 79411/CWE134_Uncontrolled_Format_String__char_console_fprintf_42.c String_Termination_Error 39 char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38455 79413/CWE134_Uncontrolled_Format_String__char_console_fprintf_44.c Format_String_Attack 76 char * data; void (*funcPtr) (char *) = badSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); static void badSink(char * data) fprintf(stdout, data); 1 --------------------------------- 38456 79413/CWE134_Uncontrolled_Format_String__char_console_fprintf_44.c Format_String_Attack 94 char * data; void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); funcPtr(data); static void goodG2BSink(char * data) fprintf(stdout, data); 0 --------------------------------- 38457 79413/CWE134_Uncontrolled_Format_String__char_console_fprintf_44.c Format_String_Attack 29 char * data; void (*funcPtr) (char *) = goodB2GSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); static void goodB2GSink(char * data) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38458 79413/CWE134_Uncontrolled_Format_String__char_console_fprintf_44.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38459 79413/CWE134_Uncontrolled_Format_String__char_console_fprintf_44.c Buffer_Overflow_fgets 110 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38460 79413/CWE134_Uncontrolled_Format_String__char_console_fprintf_44.c Buffer_Overflow_cpycat 86 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38461 79413/CWE134_Uncontrolled_Format_String__char_console_fprintf_44.c String_Termination_Error 114 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38462 79413/CWE134_Uncontrolled_Format_String__char_console_fprintf_44.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38463 79414/CWE134_Uncontrolled_Format_String__char_console_fprintf_45.c Format_String_Attack 34 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_45_badData = data; badSink(); static void badSink() char * data = CWE134_Uncontrolled_Format_String__char_console_fprintf_45_badData; fprintf(stdout, data); 1 --------------------------------- 38464 79414/CWE134_Uncontrolled_Format_String__char_console_fprintf_45.c Format_String_Attack 80 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_fprintf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE134_Uncontrolled_Format_String__char_console_fprintf_45_goodG2BData; fprintf(stdout, data); 0 --------------------------------- 38465 79414/CWE134_Uncontrolled_Format_String__char_console_fprintf_45.c Format_String_Attack 99 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() char * data = CWE134_Uncontrolled_Format_String__char_console_fprintf_45_goodB2GData; fprintf(stdout, "%s\n", data); 0 --------------------------------- 38466 79414/CWE134_Uncontrolled_Format_String__char_console_fprintf_45.c Buffer_Overflow_fgets 49 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38467 79414/CWE134_Uncontrolled_Format_String__char_console_fprintf_45.c Buffer_Overflow_fgets 114 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38468 79414/CWE134_Uncontrolled_Format_String__char_console_fprintf_45.c Buffer_Overflow_cpycat 89 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38469 79414/CWE134_Uncontrolled_Format_String__char_console_fprintf_45.c String_Termination_Error 118 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38470 79414/CWE134_Uncontrolled_Format_String__char_console_fprintf_45.c String_Termination_Error 53 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38471 79415/CWE134_Uncontrolled_Format_String__char_console_fprintf_51.c Format_String_Attack 197 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_51b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_51b_badSink(char * data) fprintf(stdout, data); 1 --------------------------------- 38472 79415/CWE134_Uncontrolled_Format_String__char_console_fprintf_51.c Format_String_Attack 179 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_fprintf_51b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_51b_goodG2BSink(char * data) fprintf(stdout, data); 0 --------------------------------- 38473 79415/CWE134_Uncontrolled_Format_String__char_console_fprintf_51.c Format_String_Attack 190 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_51b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_51b_goodB2GSink(char * data) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38474 79415/CWE134_Uncontrolled_Format_String__char_console_fprintf_51.c Buffer_Overflow_fgets 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38475 79415/CWE134_Uncontrolled_Format_String__char_console_fprintf_51.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38476 79415/CWE134_Uncontrolled_Format_String__char_console_fprintf_51.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38477 79415/CWE134_Uncontrolled_Format_String__char_console_fprintf_51.c String_Termination_Error 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38478 79415/CWE134_Uncontrolled_Format_String__char_console_fprintf_51.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38479 79416/CWE134_Uncontrolled_Format_String__char_console_fprintf_52.c Format_String_Attack 236 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_52b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_52b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_52c_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_52c_badSink(char * data) fprintf(stdout, data); 1 --------------------------------- 38480 79416/CWE134_Uncontrolled_Format_String__char_console_fprintf_52.c Format_String_Attack 247 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_fprintf_52b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_52b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_52c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_52c_goodG2BSink(char * data) fprintf(stdout, data); 0 --------------------------------- 38481 79416/CWE134_Uncontrolled_Format_String__char_console_fprintf_52.c Format_String_Attack 254 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_52b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_52b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_52c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_52c_goodB2GSink(char * data) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38482 79416/CWE134_Uncontrolled_Format_String__char_console_fprintf_52.c Buffer_Overflow_fgets 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38483 79416/CWE134_Uncontrolled_Format_String__char_console_fprintf_52.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38484 79416/CWE134_Uncontrolled_Format_String__char_console_fprintf_52.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38485 79416/CWE134_Uncontrolled_Format_String__char_console_fprintf_52.c String_Termination_Error 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38486 79416/CWE134_Uncontrolled_Format_String__char_console_fprintf_52.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38487 79417/CWE134_Uncontrolled_Format_String__char_console_fprintf_53.c Format_String_Attack 311 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_53b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_53b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_53c_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_53c_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_53d_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_53d_badSink(char * data) fprintf(stdout, data); 1 --------------------------------- 38488 79417/CWE134_Uncontrolled_Format_String__char_console_fprintf_53.c Format_String_Attack 304 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_fprintf_53b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_53b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_53c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_53c_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_53d_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_53d_goodG2BSink(char * data) fprintf(stdout, data); 0 --------------------------------- 38489 79417/CWE134_Uncontrolled_Format_String__char_console_fprintf_53.c Format_String_Attack 293 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_53b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_53b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_53c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_53c_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_53d_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_53d_goodB2GSink(char * data) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38490 79417/CWE134_Uncontrolled_Format_String__char_console_fprintf_53.c Buffer_Overflow_fgets 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38491 79417/CWE134_Uncontrolled_Format_String__char_console_fprintf_53.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38492 79417/CWE134_Uncontrolled_Format_String__char_console_fprintf_53.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38493 79417/CWE134_Uncontrolled_Format_String__char_console_fprintf_53.c String_Termination_Error 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38494 79417/CWE134_Uncontrolled_Format_String__char_console_fprintf_53.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38495 79418/CWE134_Uncontrolled_Format_String__char_console_fprintf_54.c Format_String_Attack 361 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_54b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_54c_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54c_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_54d_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54d_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_54e_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54e_badSink(char * data) fprintf(stdout, data); 1 --------------------------------- 38496 79418/CWE134_Uncontrolled_Format_String__char_console_fprintf_54.c Format_String_Attack 350 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_fprintf_54b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_54c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54c_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_54d_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54d_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_54e_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54e_goodG2BSink(char * data) fprintf(stdout, data); 0 --------------------------------- 38497 79418/CWE134_Uncontrolled_Format_String__char_console_fprintf_54.c Format_String_Attack 368 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_54b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_54c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54c_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_54d_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54d_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_fprintf_54e_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_54e_goodB2GSink(char * data) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38498 79418/CWE134_Uncontrolled_Format_String__char_console_fprintf_54.c Buffer_Overflow_fgets 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38499 79418/CWE134_Uncontrolled_Format_String__char_console_fprintf_54.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38500 79418/CWE134_Uncontrolled_Format_String__char_console_fprintf_54.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38501 79418/CWE134_Uncontrolled_Format_String__char_console_fprintf_54.c String_Termination_Error 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38502 79418/CWE134_Uncontrolled_Format_String__char_console_fprintf_54.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38503 79419/CWE134_Uncontrolled_Format_String__char_console_fprintf_61.c Format_String_Attack 66 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_badSource(data); char * CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_badSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; fprintf(stdout, data); 1 --------------------------------- 38504 79419/CWE134_Uncontrolled_Format_String__char_console_fprintf_61.c Format_String_Attack 53 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_goodG2BSource(data); char * CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_goodG2BSource(char * data) strcpy(data, "fixedstringtest"); return data; fprintf(stdout, data); 0 --------------------------------- 38505 79419/CWE134_Uncontrolled_Format_String__char_console_fprintf_61.c Format_String_Attack 36 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; fprintf(stdout, "%s\n", data); 0 --------------------------------- 38506 79419/CWE134_Uncontrolled_Format_String__char_console_fprintf_61.c Buffer_Overflow_fgets 182 char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38507 79419/CWE134_Uncontrolled_Format_String__char_console_fprintf_61.c Buffer_Overflow_fgets 139 char * CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38508 79419/CWE134_Uncontrolled_Format_String__char_console_fprintf_61.c Buffer_Overflow_cpycat 168 char * CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_goodG2BSource(char * data) strcpy(data, "fixedstringtest"); 0 --------------------------------- 38509 79419/CWE134_Uncontrolled_Format_String__char_console_fprintf_61.c String_Termination_Error 143 char * CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38510 79419/CWE134_Uncontrolled_Format_String__char_console_fprintf_61.c String_Termination_Error 186 char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_fprintf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38511 79421/CWE134_Uncontrolled_Format_String__char_console_fprintf_63.c Format_String_Attack 180 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_63b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_63b_badSink(char * * dataPtr) char * data = *dataPtr; fprintf(stdout, data); 1 --------------------------------- 38512 79421/CWE134_Uncontrolled_Format_String__char_console_fprintf_63.c Format_String_Attack 192 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_fprintf_63b_goodG2BSink(&data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; fprintf(stdout, data); 0 --------------------------------- 38513 79421/CWE134_Uncontrolled_Format_String__char_console_fprintf_63.c Format_String_Attack 200 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_63b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_63b_goodB2GSink(char * * dataPtr) char * data = *dataPtr; fprintf(stdout, "%s\n", data); 0 --------------------------------- 38514 79421/CWE134_Uncontrolled_Format_String__char_console_fprintf_63.c Buffer_Overflow_fgets 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38515 79421/CWE134_Uncontrolled_Format_String__char_console_fprintf_63.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38516 79421/CWE134_Uncontrolled_Format_String__char_console_fprintf_63.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38517 79421/CWE134_Uncontrolled_Format_String__char_console_fprintf_63.c String_Termination_Error 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38518 79421/CWE134_Uncontrolled_Format_String__char_console_fprintf_63.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38519 79422/CWE134_Uncontrolled_Format_String__char_console_fprintf_64.c Format_String_Attack 209 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_64b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); fprintf(stdout, data); 1 --------------------------------- 38520 79422/CWE134_Uncontrolled_Format_String__char_console_fprintf_64.c Format_String_Attack 183 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_fprintf_64b_goodG2BSink(&data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); fprintf(stdout, data); 0 --------------------------------- 38521 79422/CWE134_Uncontrolled_Format_String__char_console_fprintf_64.c Format_String_Attack 198 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_64b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_64b_goodB2GSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); fprintf(stdout, "%s\n", data); 0 --------------------------------- 38522 79422/CWE134_Uncontrolled_Format_String__char_console_fprintf_64.c Buffer_Overflow_fgets 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38523 79422/CWE134_Uncontrolled_Format_String__char_console_fprintf_64.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38524 79422/CWE134_Uncontrolled_Format_String__char_console_fprintf_64.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38525 79422/CWE134_Uncontrolled_Format_String__char_console_fprintf_64.c String_Termination_Error 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38526 79422/CWE134_Uncontrolled_Format_String__char_console_fprintf_64.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38527 79423/CWE134_Uncontrolled_Format_String__char_console_fprintf_65.c Format_String_Attack 195 char * data; void (*funcPtr) (char *) = CWE134_Uncontrolled_Format_String__char_console_fprintf_65b_badSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_65b_badSink(char * data) fprintf(stdout, data); 1 --------------------------------- 38528 79423/CWE134_Uncontrolled_Format_String__char_console_fprintf_65.c Format_String_Attack 202 char * data; void (*funcPtr) (char *) = CWE134_Uncontrolled_Format_String__char_console_fprintf_65b_goodG2BSink; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); funcPtr(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_65b_goodG2BSink(char * data) fprintf(stdout, data); 0 --------------------------------- 38529 79423/CWE134_Uncontrolled_Format_String__char_console_fprintf_65.c Format_String_Attack 184 char * data; void (*funcPtr) (char *) = CWE134_Uncontrolled_Format_String__char_console_fprintf_65b_goodB2GSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_65b_goodB2GSink(char * data) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38530 79423/CWE134_Uncontrolled_Format_String__char_console_fprintf_65.c Buffer_Overflow_fgets 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38531 79423/CWE134_Uncontrolled_Format_String__char_console_fprintf_65.c Buffer_Overflow_fgets 43 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38532 79423/CWE134_Uncontrolled_Format_String__char_console_fprintf_65.c Buffer_Overflow_cpycat 79 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38533 79423/CWE134_Uncontrolled_Format_String__char_console_fprintf_65.c String_Termination_Error 103 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38534 79423/CWE134_Uncontrolled_Format_String__char_console_fprintf_65.c String_Termination_Error 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38535 79424/CWE134_Uncontrolled_Format_String__char_console_fprintf_66.c Format_String_Attack 188 char * data; char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_66b_badSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_fprintf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; fprintf(stdout, data); 1 --------------------------------- 38536 79424/CWE134_Uncontrolled_Format_String__char_console_fprintf_66.c Format_String_Attack 200 char * data; char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_66b_goodG2BSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_fprintf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; fprintf(stdout, data); 0 --------------------------------- 38537 79424/CWE134_Uncontrolled_Format_String__char_console_fprintf_66.c Format_String_Attack 208 char * data; char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_66b_goodB2GSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_fprintf_66b_goodB2GSink(char * dataArray[]) char * data = dataArray[2]; fprintf(stdout, "%s\n", data); 0 --------------------------------- 38538 79424/CWE134_Uncontrolled_Format_String__char_console_fprintf_66.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38539 79424/CWE134_Uncontrolled_Format_String__char_console_fprintf_66.c Buffer_Overflow_fgets 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38540 79424/CWE134_Uncontrolled_Format_String__char_console_fprintf_66.c Buffer_Overflow_cpycat 79 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38541 79424/CWE134_Uncontrolled_Format_String__char_console_fprintf_66.c String_Termination_Error 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38542 79424/CWE134_Uncontrolled_Format_String__char_console_fprintf_66.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38543 79425/CWE134_Uncontrolled_Format_String__char_console_fprintf_67.c Format_String_Attack 196 char * data; CWE134_Uncontrolled_Format_String__char_console_fprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_67b_badSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_fprintf_67b_badSink(CWE134_Uncontrolled_Format_String__char_console_fprintf_67_structType myStruct) char * data = myStruct.structFirst; fprintf(stdout, data); 1 --------------------------------- 38544 79425/CWE134_Uncontrolled_Format_String__char_console_fprintf_67.c Format_String_Attack 208 char * data; CWE134_Uncontrolled_Format_String__char_console_fprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_67b_goodG2BSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_fprintf_67b_goodG2BSink(CWE134_Uncontrolled_Format_String__char_console_fprintf_67_structType myStruct) char * data = myStruct.structFirst; fprintf(stdout, data); 0 --------------------------------- 38545 79425/CWE134_Uncontrolled_Format_String__char_console_fprintf_67.c Format_String_Attack 216 char * data; CWE134_Uncontrolled_Format_String__char_console_fprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_67b_goodB2GSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_fprintf_67b_goodB2GSink(CWE134_Uncontrolled_Format_String__char_console_fprintf_67_structType myStruct) char * data = myStruct.structFirst; fprintf(stdout, "%s\n", data); 0 --------------------------------- 38546 79425/CWE134_Uncontrolled_Format_String__char_console_fprintf_67.c Buffer_Overflow_fgets 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38547 79425/CWE134_Uncontrolled_Format_String__char_console_fprintf_67.c Buffer_Overflow_fgets 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38548 79425/CWE134_Uncontrolled_Format_String__char_console_fprintf_67.c Buffer_Overflow_cpycat 83 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38549 79425/CWE134_Uncontrolled_Format_String__char_console_fprintf_67.c String_Termination_Error 108 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38550 79425/CWE134_Uncontrolled_Format_String__char_console_fprintf_67.c String_Termination_Error 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38551 79426/CWE134_Uncontrolled_Format_String__char_console_fprintf_68.c Format_String_Attack 203 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_68_badData = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_68b_badSink(); void CWE134_Uncontrolled_Format_String__char_console_fprintf_68b_badSink() char * data = CWE134_Uncontrolled_Format_String__char_console_fprintf_68_badData; fprintf(stdout, data); 1 --------------------------------- 38552 79426/CWE134_Uncontrolled_Format_String__char_console_fprintf_68.c Format_String_Attack 191 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_fprintf_68_goodG2BData = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_68b_goodG2BSink(); void CWE134_Uncontrolled_Format_String__char_console_fprintf_68b_goodG2BSink() char * data = CWE134_Uncontrolled_Format_String__char_console_fprintf_68_goodG2BData; fprintf(stdout, data); 0 --------------------------------- 38553 79426/CWE134_Uncontrolled_Format_String__char_console_fprintf_68.c Format_String_Attack 211 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_68_goodB2GData = data; CWE134_Uncontrolled_Format_String__char_console_fprintf_68b_goodB2GSink(); void CWE134_Uncontrolled_Format_String__char_console_fprintf_68b_goodB2GSink() char * data = CWE134_Uncontrolled_Format_String__char_console_fprintf_68_goodB2GData; fprintf(stdout, "%s\n", data); 0 --------------------------------- 38554 79426/CWE134_Uncontrolled_Format_String__char_console_fprintf_68.c Buffer_Overflow_fgets 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38555 79426/CWE134_Uncontrolled_Format_String__char_console_fprintf_68.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38556 79426/CWE134_Uncontrolled_Format_String__char_console_fprintf_68.c Buffer_Overflow_cpycat 82 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38557 79426/CWE134_Uncontrolled_Format_String__char_console_fprintf_68.c String_Termination_Error 49 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38558 79426/CWE134_Uncontrolled_Format_String__char_console_fprintf_68.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38559 79430/CWE134_Uncontrolled_Format_String__char_console_fprintf_81_bad.cpp Format_String_Attack 28 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; const CWE134_Uncontrolled_Format_String__char_console_fprintf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_console_fprintf_81_bad(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_81_bad::action(char * data) const fprintf(stdout, data); 1 --------------------------------- 38560 79430/CWE134_Uncontrolled_Format_String__char_console_fprintf_81_goodB2G.cpp Format_String_Attack 28 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); const CWE134_Uncontrolled_Format_String__char_console_fprintf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_console_fprintf_81_goodG2B(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_81_goodG2B::action(char * data) const fprintf(stdout, data); 0 --------------------------------- 38561 79430/CWE134_Uncontrolled_Format_String__char_console_fprintf_81_goodG2B.cpp Format_String_Attack 28 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; const CWE134_Uncontrolled_Format_String__char_console_fprintf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_console_fprintf_81_goodB2G(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_81_goodB2G::action(char * data) const fprintf(stdout, "%s\n", data); 0 --------------------------------- 38562 79430/CWE134_Uncontrolled_Format_String__char_console_fprintf_81a.cpp Buffer_Overflow_fgets 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38563 79430/CWE134_Uncontrolled_Format_String__char_console_fprintf_81a.cpp Buffer_Overflow_fgets 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38564 79430/CWE134_Uncontrolled_Format_String__char_console_fprintf_81a.cpp Buffer_Overflow_cpycat 71 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38565 79430/CWE134_Uncontrolled_Format_String__char_console_fprintf_81a.cpp String_Termination_Error 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38566 79430/CWE134_Uncontrolled_Format_String__char_console_fprintf_81a.cpp String_Termination_Error 93 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38567 79431/CWE134_Uncontrolled_Format_String__char_console_fprintf_82_bad.cpp Format_String_Attack 28 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_console_fprintf_82_bad; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_82_bad::action(char * data) fprintf(stdout, data); 1 --------------------------------- 38568 79431/CWE134_Uncontrolled_Format_String__char_console_fprintf_82_goodB2G.cpp Format_String_Attack 28 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_fprintf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_console_fprintf_82_goodG2B; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_82_goodG2B::action(char * data) fprintf(stdout, data); 0 --------------------------------- 38569 79431/CWE134_Uncontrolled_Format_String__char_console_fprintf_82_goodG2B.cpp Format_String_Attack 28 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_fprintf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_console_fprintf_82_goodB2G; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_console_fprintf_82_goodB2G::action(char * data) fprintf(stdout, "%s\n", data); 0 --------------------------------- 38570 79431/CWE134_Uncontrolled_Format_String__char_console_fprintf_82a.cpp Buffer_Overflow_fgets 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38571 79431/CWE134_Uncontrolled_Format_String__char_console_fprintf_82a.cpp Buffer_Overflow_fgets 91 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38572 79431/CWE134_Uncontrolled_Format_String__char_console_fprintf_82a.cpp Buffer_Overflow_cpycat 72 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38573 79431/CWE134_Uncontrolled_Format_String__char_console_fprintf_82a.cpp String_Termination_Error 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38574 79431/CWE134_Uncontrolled_Format_String__char_console_fprintf_82a.cpp String_Termination_Error 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38575 79434/CWE134_Uncontrolled_Format_String__char_console_printf_01.c Format_String_Attack 57 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; printf(data); 1 --------------------------------- 38576 79434/CWE134_Uncontrolled_Format_String__char_console_printf_01.c Format_String_Attack 73 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); printf(data); 0 --------------------------------- 38577 79434/CWE134_Uncontrolled_Format_String__char_console_printf_01.c Format_String_Attack 108 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; printf("%s\n", data); 0 --------------------------------- 38578 79434/CWE134_Uncontrolled_Format_String__char_console_printf_01.c Buffer_Overflow_fgets 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38579 79434/CWE134_Uncontrolled_Format_String__char_console_printf_01.c Buffer_Overflow_fgets 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38580 79434/CWE134_Uncontrolled_Format_String__char_console_printf_01.c Buffer_Overflow_cpycat 71 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38581 79434/CWE134_Uncontrolled_Format_String__char_console_printf_01.c String_Termination_Error 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38582 79434/CWE134_Uncontrolled_Format_String__char_console_printf_01.c String_Termination_Error 93 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38583 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c Format_String_Attack 153 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(1) printf(data); 1 --------------------------------- 38584 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c Format_String_Attack 194 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(0){} else printf("%s\n", data); 0 --------------------------------- 38585 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c Format_String_Attack 112 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(1) printf("%s\n", data); 0 --------------------------------- 38586 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c Format_String_Attack 176 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(0){} else strcpy(data, "fixedstringtest"); if(1) printf(data); 0 --------------------------------- 38587 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c Format_String_Attack 62 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) strcpy(data, "fixedstringtest"); if(1) printf(data); 0 --------------------------------- 38588 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38589 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38590 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38591 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38592 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38593 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38594 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38595 79435/CWE134_Uncontrolled_Format_String__char_console_printf_02.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38596 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c Format_String_Attack 153 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(5==5) printf(data); 1 --------------------------------- 38597 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c Format_String_Attack 194 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(5!=5){} else printf("%s\n", data); 0 --------------------------------- 38598 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c Format_String_Attack 112 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(5==5) printf("%s\n", data); 0 --------------------------------- 38599 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c Format_String_Attack 176 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5!=5){} else strcpy(data, "fixedstringtest"); if(5==5) printf(data); 0 --------------------------------- 38600 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c Format_String_Attack 62 char * data; char dataBuffer[100] = ""; data = dataBuffer; if(5==5) strcpy(data, "fixedstringtest"); if(5==5) printf(data); 0 --------------------------------- 38601 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38602 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38603 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38604 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38605 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38606 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38607 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38608 79436/CWE134_Uncontrolled_Format_String__char_console_printf_03.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38609 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c Format_String_Attack 118 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_TRUE) printf(data); 1 --------------------------------- 38610 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c Format_String_Attack 68 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FALSE){} else printf("%s\n", data); 0 --------------------------------- 38611 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c Format_String_Attack 200 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_TRUE) printf("%s\n", data); 0 --------------------------------- 38612 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c Format_String_Attack 159 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FALSE){} else strcpy(data, "fixedstringtest"); if(STATIC_CONST_TRUE) printf(data); 0 --------------------------------- 38613 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c Format_String_Attack 182 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) strcpy(data, "fixedstringtest"); if(STATIC_CONST_TRUE) printf(data); 0 --------------------------------- 38614 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38615 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c Buffer_Overflow_fgets 91 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38616 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c Buffer_Overflow_fgets 137 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38617 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c Buffer_Overflow_cpycat 195 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38618 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c Buffer_Overflow_cpycat 177 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38619 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c String_Termination_Error 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38620 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38621 79437/CWE134_Uncontrolled_Format_String__char_console_printf_04.c String_Termination_Error 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38622 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c Format_String_Attack 118 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticTrue) printf(data); 1 --------------------------------- 38623 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c Format_String_Attack 68 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFalse){} else printf("%s\n", data); 0 --------------------------------- 38624 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c Format_String_Attack 200 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticTrue) printf("%s\n", data); 0 --------------------------------- 38625 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c Format_String_Attack 159 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFalse){} else strcpy(data, "fixedstringtest"); if(staticTrue) printf(data); 0 --------------------------------- 38626 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c Format_String_Attack 182 static int staticTrue = 1; static int staticFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) strcpy(data, "fixedstringtest"); if(staticTrue) printf(data); 0 --------------------------------- 38627 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38628 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c Buffer_Overflow_fgets 91 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38629 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c Buffer_Overflow_fgets 137 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38630 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c Buffer_Overflow_cpycat 195 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38631 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c Buffer_Overflow_cpycat 177 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38632 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c String_Termination_Error 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38633 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38634 79438/CWE134_Uncontrolled_Format_String__char_console_printf_05.c String_Termination_Error 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38635 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c Format_String_Attack 67 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) strcpy(data, "fixedstringtest"); if(STATIC_CONST_FIVE==5) printf(data); 0 --------------------------------- 38636 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c Format_String_Attack 158 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FIVE==5) printf(data); 1 --------------------------------- 38637 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c Format_String_Attack 199 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FIVE!=5){} else printf("%s\n", data); 0 --------------------------------- 38638 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c Format_String_Attack 117 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FIVE==5) printf("%s\n", data); 0 --------------------------------- 38639 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c Format_String_Attack 181 static const int STATIC_CONST_FIVE = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE!=5){} else strcpy(data, "fixedstringtest"); if(STATIC_CONST_FIVE==5) printf(data); 0 --------------------------------- 38640 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c Buffer_Overflow_fgets 136 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38641 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c Buffer_Overflow_fgets 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38642 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c Buffer_Overflow_fgets 90 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38643 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c Buffer_Overflow_cpycat 176 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38644 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c Buffer_Overflow_cpycat 194 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38645 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c String_Termination_Error 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38646 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c String_Termination_Error 49 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38647 79439/CWE134_Uncontrolled_Format_String__char_console_printf_06.c String_Termination_Error 140 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38648 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c Format_String_Attack 67 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFive==5) printf(data); 1 --------------------------------- 38649 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c Format_String_Attack 158 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFive!=5){} else printf("%s\n", data); 0 --------------------------------- 38650 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c Format_String_Attack 199 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFive==5) printf("%s\n", data); 0 --------------------------------- 38651 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c Format_String_Attack 117 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive!=5){} else strcpy(data, "fixedstringtest"); if(staticFive==5) printf(data); 0 --------------------------------- 38652 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c Format_String_Attack 181 static int staticFive = 5; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) strcpy(data, "fixedstringtest"); if(staticFive==5) printf(data); 0 --------------------------------- 38653 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c Buffer_Overflow_fgets 136 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38654 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c Buffer_Overflow_fgets 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38655 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c Buffer_Overflow_fgets 90 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38656 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c Buffer_Overflow_cpycat 176 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38657 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c Buffer_Overflow_cpycat 194 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38658 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c String_Termination_Error 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38659 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c String_Termination_Error 49 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38660 79440/CWE134_Uncontrolled_Format_String__char_console_printf_07.c String_Termination_Error 140 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38661 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c Format_String_Attack 75 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticReturnsTrue()) printf(data); 1 --------------------------------- 38662 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c Format_String_Attack 207 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticReturnsFalse()){} else printf("%s\n", data); 0 --------------------------------- 38663 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c Format_String_Attack 125 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticReturnsTrue()) printf("%s\n", data); 0 --------------------------------- 38664 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c Format_String_Attack 189 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsFalse()){} else strcpy(data, "fixedstringtest"); if(staticReturnsTrue()) printf(data); 0 --------------------------------- 38665 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c Format_String_Attack 166 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) strcpy(data, "fixedstringtest"); if(staticReturnsTrue()) printf(data); 0 --------------------------------- 38666 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c Buffer_Overflow_fgets 144 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38667 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c Buffer_Overflow_fgets 53 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38668 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c Buffer_Overflow_fgets 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38669 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c Buffer_Overflow_cpycat 184 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38670 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c Buffer_Overflow_cpycat 202 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38671 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c String_Termination_Error 102 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38672 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c String_Termination_Error 57 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38673 79441/CWE134_Uncontrolled_Format_String__char_console_printf_08.c String_Termination_Error 148 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38674 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c Format_String_Attack 153 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_TRUE) printf(data); 1 --------------------------------- 38675 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c Format_String_Attack 194 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FALSE){} else printf("%s\n", data); 0 --------------------------------- 38676 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c Format_String_Attack 112 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_TRUE) printf("%s\n", data); 0 --------------------------------- 38677 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c Format_String_Attack 176 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FALSE){} else strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_TRUE) printf(data); 0 --------------------------------- 38678 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c Format_String_Attack 62 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_TRUE) printf(data); 0 --------------------------------- 38679 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38680 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38681 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38682 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38683 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38684 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38685 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38686 79442/CWE134_Uncontrolled_Format_String__char_console_printf_09.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38687 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c Format_String_Attack 153 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalTrue) printf(data); 1 --------------------------------- 38688 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c Format_String_Attack 194 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFalse){} else printf("%s\n", data); 0 --------------------------------- 38689 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c Format_String_Attack 112 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalTrue) printf("%s\n", data); 0 --------------------------------- 38690 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c Format_String_Attack 176 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFalse){} else strcpy(data, "fixedstringtest"); if(globalTrue) printf(data); 0 --------------------------------- 38691 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c Format_String_Attack 62 int globalTrue = 1; int globalFalse = 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) strcpy(data, "fixedstringtest"); if(globalTrue) printf(data); 0 --------------------------------- 38692 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38693 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38694 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38695 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38696 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38697 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38698 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38699 79443/CWE134_Uncontrolled_Format_String__char_console_printf_10.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38700 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c Format_String_Attack 153 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalReturnsTrue()) printf(data); 1 --------------------------------- 38701 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c Format_String_Attack 194 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalReturnsFalse()){} else printf("%s\n", data); 0 --------------------------------- 38702 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c Format_String_Attack 112 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalReturnsTrue()) printf("%s\n", data); 0 --------------------------------- 38703 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c Format_String_Attack 176 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsFalse()){} else strcpy(data, "fixedstringtest"); if(globalReturnsTrue()) printf(data); 0 --------------------------------- 38704 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c Format_String_Attack 62 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) strcpy(data, "fixedstringtest"); if(globalReturnsTrue()) printf(data); 0 --------------------------------- 38705 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38706 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38707 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38708 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38709 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38710 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38711 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38712 79444/CWE134_Uncontrolled_Format_String__char_console_printf_11.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38713 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c Format_String_Attack 153 const int GLOBAL_CONST_FIVE = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FIVE==5) printf(data); 1 --------------------------------- 38714 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c Format_String_Attack 194 const int GLOBAL_CONST_FIVE = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FIVE!=5){} else printf("%s\n", data); 0 --------------------------------- 38715 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c Format_String_Attack 112 const int GLOBAL_CONST_FIVE = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FIVE==5) printf("%s\n", data); 0 --------------------------------- 38716 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c Format_String_Attack 176 const int GLOBAL_CONST_FIVE = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE!=5){} else strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_FIVE==5) printf(data); 0 --------------------------------- 38717 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c Format_String_Attack 62 const int GLOBAL_CONST_FIVE = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_FIVE==5) printf(data); 0 --------------------------------- 38718 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38719 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38720 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38721 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38722 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38723 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38724 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38725 79446/CWE134_Uncontrolled_Format_String__char_console_printf_13.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38726 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c Format_String_Attack 153 int globalFive = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFive==5) printf(data); 1 --------------------------------- 38727 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c Format_String_Attack 194 int globalFive = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFive!=5){} else printf("%s\n", data); 0 --------------------------------- 38728 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c Format_String_Attack 112 int globalFive = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFive==5) printf("%s\n", data); 0 --------------------------------- 38729 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c Format_String_Attack 176 int globalFive = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive!=5){} else strcpy(data, "fixedstringtest"); if(globalFive==5) printf(data); 0 --------------------------------- 38730 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c Format_String_Attack 62 int globalFive = 5;  char * data; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) strcpy(data, "fixedstringtest"); if(globalFive==5) printf(data); 0 --------------------------------- 38731 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38732 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c Buffer_Overflow_fgets 85 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38733 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c Buffer_Overflow_fgets 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38734 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38735 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c Buffer_Overflow_cpycat 171 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38736 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c String_Termination_Error 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38737 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38738 79447/CWE134_Uncontrolled_Format_String__char_console_printf_14.c String_Termination_Error 135 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38739 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c Format_String_Attack 179 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; default: break; switch(7) case 7: printf(data); break; default: break; 1 --------------------------------- 38740 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c Format_String_Attack 209 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; default: break; switch(8) case 7: break; default: printf("%s\n", data); break; 0 --------------------------------- 38741 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c Format_String_Attack 239 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; default: break; switch(7) case 7: printf("%s\n", data); break; default: break; 0 --------------------------------- 38742 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c Format_String_Attack 130 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(5) case 6: break; default: strcpy(data, "fixedstringtest"); break; switch(7) case 7: printf(data); break; default: break; 0 --------------------------------- 38743 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c Format_String_Attack 69 char * data; char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: strcpy(data, "fixedstringtest"); break; default: break; switch(7) case 7: printf(data); break; default: break; 0 --------------------------------- 38744 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c Buffer_Overflow_fgets 151 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38745 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38746 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c Buffer_Overflow_fgets 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38747 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c Buffer_Overflow_cpycat 228 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38748 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c Buffer_Overflow_cpycat 202 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38749 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c String_Termination_Error 102 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38750 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38751 79448/CWE134_Uncontrolled_Format_String__char_console_printf_15.c String_Termination_Error 155 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38752 79449/CWE134_Uncontrolled_Format_String__char_console_printf_16.c Format_String_Attack 110 char * data; char dataBuffer[100] = ""; data = dataBuffer; while(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; while(1) printf(data); break; 1 --------------------------------- 38753 79449/CWE134_Uncontrolled_Format_String__char_console_printf_16.c Format_String_Attack 130 char * data; char dataBuffer[100] = ""; data = dataBuffer; while(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; while(1) printf("%s\n", data); break; 0 --------------------------------- 38754 79449/CWE134_Uncontrolled_Format_String__char_console_printf_16.c Format_String_Attack 63 char * data; char dataBuffer[100] = ""; data = dataBuffer; while(1) strcpy(data, "fixedstringtest"); break; while(1) printf(data); break; 0 --------------------------------- 38755 79449/CWE134_Uncontrolled_Format_String__char_console_printf_16.c Buffer_Overflow_fgets 87 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38756 79449/CWE134_Uncontrolled_Format_String__char_console_printf_16.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38757 79449/CWE134_Uncontrolled_Format_String__char_console_printf_16.c Buffer_Overflow_cpycat 124 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38758 79449/CWE134_Uncontrolled_Format_String__char_console_printf_16.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38759 79449/CWE134_Uncontrolled_Format_String__char_console_printf_16.c String_Termination_Error 82 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 38760 79449/CWE134_Uncontrolled_Format_String__char_console_printf_16.c String_Termination_Error 35 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 38761 79449/CWE134_Uncontrolled_Format_String__char_console_printf_16.c String_Termination_Error 91 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38762 79450/CWE134_Uncontrolled_Format_String__char_console_printf_17.c Format_String_Attack 109 char * data; char dataBuffer[100] = ""; data = dataBuffer; for(i = 0; i < 1; i++) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; for(j = 0; j < 1; j++) printf(data); 1 --------------------------------- 38763 79450/CWE134_Uncontrolled_Format_String__char_console_printf_17.c Format_String_Attack 63 char * data; char dataBuffer[100] = ""; data = dataBuffer; for(i = 0; i < 1; i++) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; for(k = 0; k < 1; k++) printf("%s\n", data); 0 --------------------------------- 38764 79450/CWE134_Uncontrolled_Format_String__char_console_printf_17.c Format_String_Attack 128 char * data; char dataBuffer[100] = ""; data = dataBuffer; for(h = 0; h < 1; h++) strcpy(data, "fixedstringtest"); for(j = 0; j < 1; j++) printf(data); 0 --------------------------------- 38765 79450/CWE134_Uncontrolled_Format_String__char_console_printf_17.c Buffer_Overflow_fgets 87 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38766 79450/CWE134_Uncontrolled_Format_String__char_console_printf_17.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38767 79450/CWE134_Uncontrolled_Format_String__char_console_printf_17.c Buffer_Overflow_cpycat 123 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38768 79450/CWE134_Uncontrolled_Format_String__char_console_printf_17.c String_Termination_Error 36 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 38769 79450/CWE134_Uncontrolled_Format_String__char_console_printf_17.c String_Termination_Error 82 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 38770 79450/CWE134_Uncontrolled_Format_String__char_console_printf_17.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38771 79450/CWE134_Uncontrolled_Format_String__char_console_printf_17.c String_Termination_Error 91 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38772 79451/CWE134_Uncontrolled_Format_String__char_console_printf_18.c Format_String_Attack 104 char * data; char dataBuffer[100] = ""; data = dataBuffer; goto source; source: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goto sink; sink: printf(data); 1 --------------------------------- 38773 79451/CWE134_Uncontrolled_Format_String__char_console_printf_18.c Format_String_Attack 120 char * data; char dataBuffer[100] = ""; data = dataBuffer; goto source; source: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goto sink; sink: printf("%s\n", data); 0 --------------------------------- 38774 79451/CWE134_Uncontrolled_Format_String__char_console_printf_18.c Format_String_Attack 61 char * data; char dataBuffer[100] = ""; data = dataBuffer; goto source; source: strcpy(data, "fixedstringtest"); goto sink; sink: printf(data); 0 --------------------------------- 38775 79451/CWE134_Uncontrolled_Format_String__char_console_printf_18.c Buffer_Overflow_fgets 40 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38776 79451/CWE134_Uncontrolled_Format_String__char_console_printf_18.c Buffer_Overflow_fgets 83 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38777 79451/CWE134_Uncontrolled_Format_String__char_console_printf_18.c Buffer_Overflow_cpycat 116 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38778 79451/CWE134_Uncontrolled_Format_String__char_console_printf_18.c String_Termination_Error 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38779 79451/CWE134_Uncontrolled_Format_String__char_console_printf_18.c String_Termination_Error 87 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38780 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c Format_String_Attack 180 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; badStatic = 1; badSink(data); static void badSink(char * data) if(badStatic) printf(data); 1 --------------------------------- 38781 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c Format_String_Attack 34 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2G1Static = 0; goodB2G1Sink(data); static void goodB2G1Sink(char * data) if(goodB2G1Static){} else printf("%s\n", data); 0 --------------------------------- 38782 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c Format_String_Attack 136 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2G2Static = 1; goodB2G2Sink(data); static void goodB2G2Sink(char * data) if(goodB2G2Static) printf("%s\n", data); 0 --------------------------------- 38783 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c Format_String_Attack 92 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BStatic = 1; goodG2BSink(data); static void goodG2BSink(char * data) if(goodG2BStatic) printf(data); 0 --------------------------------- 38784 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c Buffer_Overflow_fgets 152 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38785 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c Buffer_Overflow_fgets 108 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38786 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c Buffer_Overflow_fgets 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38787 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c Buffer_Overflow_cpycat 190 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38788 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c String_Termination_Error 54 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38789 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c String_Termination_Error 156 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38790 79452/CWE134_Uncontrolled_Format_String__char_console_printf_21.c String_Termination_Error 112 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38791 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c Format_String_Attack 276 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_22_badGlobal = 1; CWE134_Uncontrolled_Format_String__char_console_printf_22_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_22_badSink(char * data) if(CWE134_Uncontrolled_Format_String__char_console_printf_22_badGlobal) printf(data); 1 --------------------------------- 38792 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c Format_String_Attack 256 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_22_goodB2G1Global = 0; CWE134_Uncontrolled_Format_String__char_console_printf_22_goodB2G1Sink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_22_goodB2G1Sink(char * data) if(CWE134_Uncontrolled_Format_String__char_console_printf_22_goodB2G1Global){} else printf("%s\n", data); 0 --------------------------------- 38793 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c Format_String_Attack 266 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_22_goodB2G2Global = 1; CWE134_Uncontrolled_Format_String__char_console_printf_22_goodB2G2Sink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_22_goodB2G2Sink(char * data) if(CWE134_Uncontrolled_Format_String__char_console_printf_22_goodB2G2Global) printf("%s\n", data); 0 --------------------------------- 38794 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c Format_String_Attack 232 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_printf_22_goodG2BGlobal = 1; CWE134_Uncontrolled_Format_String__char_console_printf_22_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_22_goodG2BSink(char * data) if(CWE134_Uncontrolled_Format_String__char_console_printf_22_goodG2BGlobal) printf(data); 0 --------------------------------- 38795 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c Buffer_Overflow_fgets 126 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38796 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c Buffer_Overflow_fgets 43 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38797 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c Buffer_Overflow_fgets 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38798 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c Buffer_Overflow_cpycat 157 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38799 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c String_Termination_Error 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38800 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c String_Termination_Error 130 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38801 79453/CWE134_Uncontrolled_Format_String__char_console_printf_22.c String_Termination_Error 93 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38802 79454/CWE134_Uncontrolled_Format_String__char_console_printf_31.c Format_String_Attack 60 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; printf(data); 1 --------------------------------- 38803 79454/CWE134_Uncontrolled_Format_String__char_console_printf_31.c Format_String_Attack 80 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); char * dataCopy = data; char * data = dataCopy; printf(data); 0 --------------------------------- 38804 79454/CWE134_Uncontrolled_Format_String__char_console_printf_31.c Format_String_Attack 119 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; printf("%s\n", data); 0 --------------------------------- 38805 79454/CWE134_Uncontrolled_Format_String__char_console_printf_31.c Buffer_Overflow_fgets 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38806 79454/CWE134_Uncontrolled_Format_String__char_console_printf_31.c Buffer_Overflow_fgets 97 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38807 79454/CWE134_Uncontrolled_Format_String__char_console_printf_31.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38808 79454/CWE134_Uncontrolled_Format_String__char_console_printf_31.c String_Termination_Error 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38809 79454/CWE134_Uncontrolled_Format_String__char_console_printf_31.c String_Termination_Error 101 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38810 79455/CWE134_Uncontrolled_Format_String__char_console_printf_32.c Format_String_Attack 134 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; printf(data); 1 --------------------------------- 38811 79455/CWE134_Uncontrolled_Format_String__char_console_printf_32.c Format_String_Attack 65 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; strcpy(data, "fixedstringtest"); *dataPtr1 = data; char * data = *dataPtr2; printf(data); 0 --------------------------------- 38812 79455/CWE134_Uncontrolled_Format_String__char_console_printf_32.c Format_String_Attack 90 char * data; char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; printf("%s\n", data); 0 --------------------------------- 38813 79455/CWE134_Uncontrolled_Format_String__char_console_printf_32.c Buffer_Overflow_fgets 111 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38814 79455/CWE134_Uncontrolled_Format_String__char_console_printf_32.c Buffer_Overflow_fgets 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38815 79455/CWE134_Uncontrolled_Format_String__char_console_printf_32.c Buffer_Overflow_cpycat 84 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38816 79455/CWE134_Uncontrolled_Format_String__char_console_printf_32.c String_Termination_Error 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38817 79455/CWE134_Uncontrolled_Format_String__char_console_printf_32.c String_Termination_Error 115 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38818 79457/CWE134_Uncontrolled_Format_String__char_console_printf_34.c Format_String_Attack 67 char * data; CWE134_Uncontrolled_Format_String__char_console_printf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; printf(data); 1 --------------------------------- 38819 79457/CWE134_Uncontrolled_Format_String__char_console_printf_34.c Format_String_Attack 128 char * data; CWE134_Uncontrolled_Format_String__char_console_printf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); myUnion.unionFirst = data; char * data = myUnion.unionSecond; printf(data); 0 --------------------------------- 38820 79457/CWE134_Uncontrolled_Format_String__char_console_printf_34.c Format_String_Attack 88 char * data; CWE134_Uncontrolled_Format_String__char_console_printf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; printf("%s\n", data); 0 --------------------------------- 38821 79457/CWE134_Uncontrolled_Format_String__char_console_printf_34.c Buffer_Overflow_fgets 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38822 79457/CWE134_Uncontrolled_Format_String__char_console_printf_34.c Buffer_Overflow_fgets 106 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38823 79457/CWE134_Uncontrolled_Format_String__char_console_printf_34.c Buffer_Overflow_cpycat 83 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38824 79457/CWE134_Uncontrolled_Format_String__char_console_printf_34.c String_Termination_Error 110 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38825 79457/CWE134_Uncontrolled_Format_String__char_console_printf_34.c String_Termination_Error 49 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38826 79458/CWE134_Uncontrolled_Format_String__char_console_printf_41.c Format_String_Attack 73 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; badSink(data); static void badSink(char * data) printf(data); 1 --------------------------------- 38827 79458/CWE134_Uncontrolled_Format_String__char_console_printf_41.c Format_String_Attack 90 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BSink(data); static void goodG2BSink(char * data) printf(data); 0 --------------------------------- 38828 79458/CWE134_Uncontrolled_Format_String__char_console_printf_41.c Format_String_Attack 29 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2GSink(data); static void goodB2GSink(char * data) printf("%s\n", data); 0 --------------------------------- 38829 79458/CWE134_Uncontrolled_Format_String__char_console_printf_41.c Buffer_Overflow_fgets 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38830 79458/CWE134_Uncontrolled_Format_String__char_console_printf_41.c Buffer_Overflow_fgets 105 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38831 79458/CWE134_Uncontrolled_Format_String__char_console_printf_41.c Buffer_Overflow_cpycat 82 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38832 79458/CWE134_Uncontrolled_Format_String__char_console_printf_41.c String_Termination_Error 109 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38833 79458/CWE134_Uncontrolled_Format_String__char_console_printf_41.c String_Termination_Error 48 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38834 79459/CWE134_Uncontrolled_Format_String__char_console_printf_42.c Format_String_Attack 126 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; printf(data); 1 --------------------------------- 38835 79459/CWE134_Uncontrolled_Format_String__char_console_printf_42.c Format_String_Attack 63 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) strcpy(data, "fixedstringtest"); return data; printf(data); 0 --------------------------------- 38836 79459/CWE134_Uncontrolled_Format_String__char_console_printf_42.c Format_String_Attack 85 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; printf("%s\n", data); 0 --------------------------------- 38837 79459/CWE134_Uncontrolled_Format_String__char_console_printf_42.c Buffer_Overflow_fgets 35 char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38838 79459/CWE134_Uncontrolled_Format_String__char_console_printf_42.c Buffer_Overflow_fgets 98 char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38839 79459/CWE134_Uncontrolled_Format_String__char_console_printf_42.c Buffer_Overflow_cpycat 74 char dataBuffer[100] = ""; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) strcpy(data, "fixedstringtest"); 0 --------------------------------- 38840 79459/CWE134_Uncontrolled_Format_String__char_console_printf_42.c String_Termination_Error 102 char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38841 79459/CWE134_Uncontrolled_Format_String__char_console_printf_42.c String_Termination_Error 39 char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38842 79461/CWE134_Uncontrolled_Format_String__char_console_printf_44.c Format_String_Attack 94 void (*funcPtr) (char *) = badSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); static void badSink(char * data) printf(data); 1 --------------------------------- 38843 79461/CWE134_Uncontrolled_Format_String__char_console_printf_44.c Format_String_Attack 29 char * data; void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); funcPtr(data); static void goodG2BSink(char * data) printf(data); 0 --------------------------------- 38844 79461/CWE134_Uncontrolled_Format_String__char_console_printf_44.c Format_String_Attack 76 void (*funcPtr) (char *) = goodB2GSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); static void goodB2GSink(char * data) printf("%s\n", data); 0 --------------------------------- 38845 79461/CWE134_Uncontrolled_Format_String__char_console_printf_44.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38846 79461/CWE134_Uncontrolled_Format_String__char_console_printf_44.c Buffer_Overflow_fgets 110 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38847 79461/CWE134_Uncontrolled_Format_String__char_console_printf_44.c Buffer_Overflow_cpycat 86 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38848 79461/CWE134_Uncontrolled_Format_String__char_console_printf_44.c String_Termination_Error 114 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38849 79461/CWE134_Uncontrolled_Format_String__char_console_printf_44.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38850 79462/CWE134_Uncontrolled_Format_String__char_console_printf_45.c Format_String_Attack 99 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_45_badData = data; badSink(); static void badSink() char * data = CWE134_Uncontrolled_Format_String__char_console_printf_45_badData; printf(data); 1 --------------------------------- 38851 79462/CWE134_Uncontrolled_Format_String__char_console_printf_45.c Format_String_Attack 34 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_printf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE134_Uncontrolled_Format_String__char_console_printf_45_goodG2BData; printf(data); 0 --------------------------------- 38852 79462/CWE134_Uncontrolled_Format_String__char_console_printf_45.c Format_String_Attack 80 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() char * data = CWE134_Uncontrolled_Format_String__char_console_printf_45_goodB2GData; printf("%s\n", data); 0 --------------------------------- 38853 79462/CWE134_Uncontrolled_Format_String__char_console_printf_45.c Buffer_Overflow_fgets 49 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38854 79462/CWE134_Uncontrolled_Format_String__char_console_printf_45.c Buffer_Overflow_fgets 114 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38855 79462/CWE134_Uncontrolled_Format_String__char_console_printf_45.c Buffer_Overflow_cpycat 89 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38856 79462/CWE134_Uncontrolled_Format_String__char_console_printf_45.c String_Termination_Error 118 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38857 79462/CWE134_Uncontrolled_Format_String__char_console_printf_45.c String_Termination_Error 53 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38858 79463/CWE134_Uncontrolled_Format_String__char_console_printf_51.c Format_String_Attack 179 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_51b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_51b_badSink(char * data) printf(data); 1 --------------------------------- 38859 79463/CWE134_Uncontrolled_Format_String__char_console_printf_51.c Format_String_Attack 197 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_printf_51b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_51b_goodG2BSink(char * data) printf(data); 0 --------------------------------- 38860 79463/CWE134_Uncontrolled_Format_String__char_console_printf_51.c Format_String_Attack 190 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_51b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_51b_goodB2GSink(char * data) printf("%s\n", data); 0 --------------------------------- 38861 79463/CWE134_Uncontrolled_Format_String__char_console_printf_51.c Buffer_Overflow_fgets 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38862 79463/CWE134_Uncontrolled_Format_String__char_console_printf_51.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38863 79463/CWE134_Uncontrolled_Format_String__char_console_printf_51.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38864 79463/CWE134_Uncontrolled_Format_String__char_console_printf_51.c String_Termination_Error 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38865 79463/CWE134_Uncontrolled_Format_String__char_console_printf_51.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38866 79464/CWE134_Uncontrolled_Format_String__char_console_printf_52.c Format_String_Attack 236 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_52b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_52b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_52c_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_52c_badSink(char * data) printf(data); 1 --------------------------------- 38867 79464/CWE134_Uncontrolled_Format_String__char_console_printf_52.c Format_String_Attack 247 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_printf_52b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_52b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_52c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_52c_goodG2BSink(char * data) printf(data); 0 --------------------------------- 38868 79464/CWE134_Uncontrolled_Format_String__char_console_printf_52.c Format_String_Attack 254 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_52b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_52b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_52c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_52c_goodB2GSink(char * data) printf("%s\n", data); 0 --------------------------------- 38869 79464/CWE134_Uncontrolled_Format_String__char_console_printf_52.c Buffer_Overflow_fgets 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38870 79464/CWE134_Uncontrolled_Format_String__char_console_printf_52.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38871 79464/CWE134_Uncontrolled_Format_String__char_console_printf_52.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38872 79464/CWE134_Uncontrolled_Format_String__char_console_printf_52.c String_Termination_Error 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38873 79464/CWE134_Uncontrolled_Format_String__char_console_printf_52.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38874 79465/CWE134_Uncontrolled_Format_String__char_console_printf_53.c Format_String_Attack 311 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_53b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_53b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_53c_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_53c_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_53d_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_53d_badSink(char * data) printf(data); 1 --------------------------------- 38875 79465/CWE134_Uncontrolled_Format_String__char_console_printf_53.c Format_String_Attack 293 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_printf_53b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_53b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_53c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_53c_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_53d_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_53d_goodG2BSink(char * data) printf(data); 0 --------------------------------- 38876 79465/CWE134_Uncontrolled_Format_String__char_console_printf_53.c Format_String_Attack 304 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_53b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_53b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_53c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_53c_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_53d_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_53d_goodB2GSink(char * data) printf("%s\n", data); 0 --------------------------------- 38877 79465/CWE134_Uncontrolled_Format_String__char_console_printf_53.c Buffer_Overflow_fgets 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38878 79465/CWE134_Uncontrolled_Format_String__char_console_printf_53.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38879 79465/CWE134_Uncontrolled_Format_String__char_console_printf_53.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38880 79465/CWE134_Uncontrolled_Format_String__char_console_printf_53.c String_Termination_Error 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38881 79465/CWE134_Uncontrolled_Format_String__char_console_printf_53.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38882 79466/CWE134_Uncontrolled_Format_String__char_console_printf_54.c Format_String_Attack 361 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_54b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_54c_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54c_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_54d_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54d_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_54e_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54e_badSink(char * data) printf(data); 1 --------------------------------- 38883 79466/CWE134_Uncontrolled_Format_String__char_console_printf_54.c Format_String_Attack 368 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_printf_54b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_54c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54c_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_54dgoodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54d_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_54e_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54e_goodG2BSink(char * data) printf(data); 0 --------------------------------- 38884 79466/CWE134_Uncontrolled_Format_String__char_console_printf_54.c Format_String_Attack 350 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_54b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_54c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54c_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_54d_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54d_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_printf_54e_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_printf_54e_goodB2GSink(char * data) printf("%s\n", data); 0 --------------------------------- 38885 79466/CWE134_Uncontrolled_Format_String__char_console_printf_54.c Buffer_Overflow_fgets 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38886 79466/CWE134_Uncontrolled_Format_String__char_console_printf_54.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38887 79466/CWE134_Uncontrolled_Format_String__char_console_printf_54.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38888 79466/CWE134_Uncontrolled_Format_String__char_console_printf_54.c String_Termination_Error 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38889 79466/CWE134_Uncontrolled_Format_String__char_console_printf_54.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38890 79467/CWE134_Uncontrolled_Format_String__char_console_printf_61.c Format_String_Attack 36 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_printf_61b_badSource(data); char * CWE134_Uncontrolled_Format_String__char_console_printf_61b_badSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; printf(data); 1 --------------------------------- 38891 79467/CWE134_Uncontrolled_Format_String__char_console_printf_61.c Format_String_Attack 66 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_printf_61b_goodG2BSource(data); char * CWE134_Uncontrolled_Format_String__char_console_printf_61b_goodG2BSource(char * data) strcpy(data, "fixedstringtest"); return data; printf(data); 0 --------------------------------- 38892 79467/CWE134_Uncontrolled_Format_String__char_console_printf_61.c Format_String_Attack 53 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_printf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_printf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; printf("%s\n", data); 0 --------------------------------- 38893 79467/CWE134_Uncontrolled_Format_String__char_console_printf_61.c Buffer_Overflow_fgets 182 char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_printf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_printf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38894 79467/CWE134_Uncontrolled_Format_String__char_console_printf_61.c Buffer_Overflow_fgets 139 char * CWE134_Uncontrolled_Format_String__char_console_printf_61b_badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38895 79467/CWE134_Uncontrolled_Format_String__char_console_printf_61.c Buffer_Overflow_cpycat 168 char * CWE134_Uncontrolled_Format_String__char_console_printf_61b_goodG2BSource(char * data) strcpy(data, "fixedstringtest"); 0 --------------------------------- 38896 79467/CWE134_Uncontrolled_Format_String__char_console_printf_61.c String_Termination_Error 143 char * CWE134_Uncontrolled_Format_String__char_console_printf_61b_badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38897 79467/CWE134_Uncontrolled_Format_String__char_console_printf_61.c String_Termination_Error 186 char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_printf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_printf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38898 79469/CWE134_Uncontrolled_Format_String__char_console_printf_63.c Format_String_Attack 180 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_63b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_printf_63b_badSink(char * * dataPtr) char * data = *dataPtr; printf(data); 1 --------------------------------- 38899 79469/CWE134_Uncontrolled_Format_String__char_console_printf_63.c Format_String_Attack 200 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_printf_63b_goodG2BSink(&data); void CWE134_Uncontrolled_Format_String__char_console_printf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; printf(data); 0 --------------------------------- 38900 79469/CWE134_Uncontrolled_Format_String__char_console_printf_63.c Format_String_Attack 192 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_63b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_printf_63b_goodB2GSink(char * * dataPtr) char * data = *dataPtr; printf("%s\n", data); 0 --------------------------------- 38901 79469/CWE134_Uncontrolled_Format_String__char_console_printf_63.c Buffer_Overflow_fgets 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38902 79469/CWE134_Uncontrolled_Format_String__char_console_printf_63.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38903 79469/CWE134_Uncontrolled_Format_String__char_console_printf_63.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38904 79469/CWE134_Uncontrolled_Format_String__char_console_printf_63.c String_Termination_Error 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38905 79469/CWE134_Uncontrolled_Format_String__char_console_printf_63.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38906 79470/CWE134_Uncontrolled_Format_String__char_console_printf_64.c Format_String_Attack 209 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_64b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_printf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); printf(data); 1 --------------------------------- 38907 79470/CWE134_Uncontrolled_Format_String__char_console_printf_64.c Format_String_Attack 183 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_printf_64b_goodG2BSink(&data); void CWE134_Uncontrolled_Format_String__char_console_printf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); printf(data); 0 --------------------------------- 38908 79470/CWE134_Uncontrolled_Format_String__char_console_printf_64.c Format_String_Attack 198 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_64b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_printf_64b_goodB2GSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); printf("%s\n", data); 0 --------------------------------- 38909 79470/CWE134_Uncontrolled_Format_String__char_console_printf_64.c Buffer_Overflow_fgets 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38910 79470/CWE134_Uncontrolled_Format_String__char_console_printf_64.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38911 79470/CWE134_Uncontrolled_Format_String__char_console_printf_64.c Buffer_Overflow_cpycat 75 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38912 79470/CWE134_Uncontrolled_Format_String__char_console_printf_64.c String_Termination_Error 98 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38913 79470/CWE134_Uncontrolled_Format_String__char_console_printf_64.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38914 79471/CWE134_Uncontrolled_Format_String__char_console_printf_65.c Format_String_Attack 195 char * data; void (*funcPtr) (char *) = CWE134_Uncontrolled_Format_String__char_console_printf_65b_badSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); void CWE134_Uncontrolled_Format_String__char_console_printf_65b_badSink(char * data) printf(data); 1 --------------------------------- 38915 79471/CWE134_Uncontrolled_Format_String__char_console_printf_65.c Format_String_Attack 184 char * data; void (*funcPtr) (char *) = CWE134_Uncontrolled_Format_String__char_console_printf_65b_goodG2BSink; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); funcPtr(data); void CWE134_Uncontrolled_Format_String__char_console_printf_65b_goodG2BSink(char * data) printf(data); 0 --------------------------------- 38916 79471/CWE134_Uncontrolled_Format_String__char_console_printf_65.c Format_String_Attack 202 char * data; void (*funcPtr) (char *) = CWE134_Uncontrolled_Format_String__char_console_printf_65b_goodB2GSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); void CWE134_Uncontrolled_Format_String__char_console_printf_65b_goodB2GSink(char * data) printf("%s\n", data); 0 --------------------------------- 38917 79471/CWE134_Uncontrolled_Format_String__char_console_printf_65.c Buffer_Overflow_fgets 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38918 79471/CWE134_Uncontrolled_Format_String__char_console_printf_65.c Buffer_Overflow_fgets 43 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38919 79471/CWE134_Uncontrolled_Format_String__char_console_printf_65.c Buffer_Overflow_cpycat 79 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38920 79471/CWE134_Uncontrolled_Format_String__char_console_printf_65.c String_Termination_Error 103 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38921 79471/CWE134_Uncontrolled_Format_String__char_console_printf_65.c String_Termination_Error 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38922 79472/CWE134_Uncontrolled_Format_String__char_console_printf_66.c Format_String_Attack 188 char * data; char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_printf_66b_badSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_printf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; printf(data); 1 --------------------------------- 38923 79472/CWE134_Uncontrolled_Format_String__char_console_printf_66.c Format_String_Attack 208 char * data; char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_printf_66b_goodG2BSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_printf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; printf(data); 0 --------------------------------- 38924 79472/CWE134_Uncontrolled_Format_String__char_console_printf_66.c Format_String_Attack 200 char * data; char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_printf_66b_goodB2GSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_printf_66b_goodB2GSink(char * dataArray[]) char * data = dataArray[2]; printf("%s\n", data); 0 --------------------------------- 38925 79472/CWE134_Uncontrolled_Format_String__char_console_printf_66.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38926 79472/CWE134_Uncontrolled_Format_String__char_console_printf_66.c Buffer_Overflow_fgets 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38927 79472/CWE134_Uncontrolled_Format_String__char_console_printf_66.c Buffer_Overflow_cpycat 79 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38928 79472/CWE134_Uncontrolled_Format_String__char_console_printf_66.c String_Termination_Error 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38929 79472/CWE134_Uncontrolled_Format_String__char_console_printf_66.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38930 79473/CWE134_Uncontrolled_Format_String__char_console_printf_67.c Format_String_Attack 196 char * data; CWE134_Uncontrolled_Format_String__char_console_printf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_printf_67b_badSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_printf_67b_badSink(CWE134_Uncontrolled_Format_String__char_console_printf_67_structType myStruct) char * data = myStruct.structFirst; printf(data); 1 --------------------------------- 38931 79473/CWE134_Uncontrolled_Format_String__char_console_printf_67.c Format_String_Attack 216 char * data; CWE134_Uncontrolled_Format_String__char_console_printf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_printf_67b_goodG2BSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_printf_67b_goodG2BSink(CWE134_Uncontrolled_Format_String__char_console_printf_67_structType myStruct) char * data = myStruct.structFirst; printf(data); 0 --------------------------------- 38932 79473/CWE134_Uncontrolled_Format_String__char_console_printf_67.c Format_String_Attack 208 char * data; CWE134_Uncontrolled_Format_String__char_console_printf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_printf_67b_goodB2GSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_printf_67b_goodB2GSink(CWE134_Uncontrolled_Format_String__char_console_printf_67_structType myStruct) char * data = myStruct.structFirst; printf("%s\n", data); 0 --------------------------------- 38933 79473/CWE134_Uncontrolled_Format_String__char_console_printf_67.c Buffer_Overflow_fgets 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38934 79473/CWE134_Uncontrolled_Format_String__char_console_printf_67.c Buffer_Overflow_fgets 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38935 79473/CWE134_Uncontrolled_Format_String__char_console_printf_67.c Buffer_Overflow_cpycat 83 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38936 79473/CWE134_Uncontrolled_Format_String__char_console_printf_67.c String_Termination_Error 108 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38937 79473/CWE134_Uncontrolled_Format_String__char_console_printf_67.c String_Termination_Error 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38938 79474/CWE134_Uncontrolled_Format_String__char_console_printf_68.c Format_String_Attack 203 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_68_badData = data; CWE134_Uncontrolled_Format_String__char_console_printf_68b_badSink(); void CWE134_Uncontrolled_Format_String__char_console_printf_68b_badSink() char * data = CWE134_Uncontrolled_Format_String__char_console_printf_68_badData; printf(data); 1 --------------------------------- 38939 79474/CWE134_Uncontrolled_Format_String__char_console_printf_68.c Format_String_Attack 211 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_printf_68_goodG2BData = data; CWE134_Uncontrolled_Format_String__char_console_printf_68b_goodG2BSink(); void CWE134_Uncontrolled_Format_String__char_console_printf_68b_goodG2BSink() char * data = CWE134_Uncontrolled_Format_String__char_console_printf_68_goodG2BData; printf(data); 0 --------------------------------- 38940 79474/CWE134_Uncontrolled_Format_String__char_console_printf_68.c Format_String_Attack 191 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_68_goodB2GData = data; CWE134_Uncontrolled_Format_String__char_console_printf_68b_goodB2GSink(); void CWE134_Uncontrolled_Format_String__char_console_printf_68b_goodB2GSink() char * data = CWE134_Uncontrolled_Format_String__char_console_printf_68_goodB2GData; printf("%s\n", data); 0 --------------------------------- 38941 79474/CWE134_Uncontrolled_Format_String__char_console_printf_68.c Buffer_Overflow_fgets 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38942 79474/CWE134_Uncontrolled_Format_String__char_console_printf_68.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38943 79474/CWE134_Uncontrolled_Format_String__char_console_printf_68.c Buffer_Overflow_cpycat 82 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38944 79474/CWE134_Uncontrolled_Format_String__char_console_printf_68.c String_Termination_Error 49 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38945 79474/CWE134_Uncontrolled_Format_String__char_console_printf_68.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38946 79478/CWE134_Uncontrolled_Format_String__char_console_printf_81_bad.cpp Format_String_Attack 28 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; const CWE134_Uncontrolled_Format_String__char_console_printf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_console_printf_81_bad(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_console_printf_81_bad::action(char * data) const printf(data); 1 --------------------------------- 38947 79478/CWE134_Uncontrolled_Format_String__char_console_printf_81_goodB2G.cpp Format_String_Attack 28 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); const CWE134_Uncontrolled_Format_String__char_console_printf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_console_printf_81_goodG2B(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_console_printf_81_goodG2B::action(char * data) const printf(data); 0 --------------------------------- 38948 79478/CWE134_Uncontrolled_Format_String__char_console_printf_81_goodG2B.cpp Format_String_Attack 28 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; const CWE134_Uncontrolled_Format_String__char_console_printf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_console_printf_81_goodB2G(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_console_printf_81_goodB2G::action(char * data) const printf("%s\n", data); 0 --------------------------------- 38949 79478/CWE134_Uncontrolled_Format_String__char_console_printf_81a.cpp Buffer_Overflow_fgets 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38950 79478/CWE134_Uncontrolled_Format_String__char_console_printf_81a.cpp Buffer_Overflow_fgets 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38951 79478/CWE134_Uncontrolled_Format_String__char_console_printf_81a.cpp Buffer_Overflow_cpycat 71 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38952 79478/CWE134_Uncontrolled_Format_String__char_console_printf_81a.cpp String_Termination_Error 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38953 79478/CWE134_Uncontrolled_Format_String__char_console_printf_81a.cpp String_Termination_Error 93 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38954 79479/CWE134_Uncontrolled_Format_String__char_console_printf_82_bad.cpp Format_String_Attack 28 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_console_printf_82_bad; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_console_printf_82_bad::action(char * data) printf(data); 1 --------------------------------- 38955 79479/CWE134_Uncontrolled_Format_String__char_console_printf_82_goodB2G.cpp Format_String_Attack 28 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_printf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_console_printf_82_goodG2B; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_console_printf_82_goodG2B::action(char * data) printf(data); 0 --------------------------------- 38956 79479/CWE134_Uncontrolled_Format_String__char_console_printf_82_goodG2B.cpp Format_String_Attack 28 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_printf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_console_printf_82_goodB2G; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_console_printf_82_goodB2G::action(char * data) printf("%s\n", data); 0 --------------------------------- 38957 79479/CWE134_Uncontrolled_Format_String__char_console_printf_82a.cpp Buffer_Overflow_fgets 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38958 79479/CWE134_Uncontrolled_Format_String__char_console_printf_82a.cpp Buffer_Overflow_fgets 91 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38959 79479/CWE134_Uncontrolled_Format_String__char_console_printf_82a.cpp Buffer_Overflow_cpycat 72 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38960 79479/CWE134_Uncontrolled_Format_String__char_console_printf_82a.cpp String_Termination_Error 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38961 79479/CWE134_Uncontrolled_Format_String__char_console_printf_82a.cpp String_Termination_Error 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38962 79482/CWE134_Uncontrolled_Format_String__char_console_snprintf_01.c Buffer_Overflow_LowBound 85 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 38963 79482/CWE134_Uncontrolled_Format_String__char_console_snprintf_01.c Buffer_Overflow_LowBound 124 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 38964 79482/CWE134_Uncontrolled_Format_String__char_console_snprintf_01.c Buffer_Overflow_LowBound 65 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 38965 79482/CWE134_Uncontrolled_Format_String__char_console_snprintf_01.c Buffer_Overflow_cpycat 81 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38966 79482/CWE134_Uncontrolled_Format_String__char_console_snprintf_01.c Buffer_Overflow_fgets 103 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38967 79482/CWE134_Uncontrolled_Format_String__char_console_snprintf_01.c Buffer_Overflow_fgets 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38968 79482/CWE134_Uncontrolled_Format_String__char_console_snprintf_01.c String_Termination_Error 48 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38969 79482/CWE134_Uncontrolled_Format_String__char_console_snprintf_01.c String_Termination_Error 107 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38970 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c Buffer_Overflow_LowBound 218 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; if(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(1) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 38971 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c Buffer_Overflow_LowBound 124 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; if(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(0){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 38972 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c Buffer_Overflow_LowBound 169 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; if(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(1) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 38973 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c Buffer_Overflow_LowBound 70 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; if(0){} else strcpy(data, "fixedstringtest"); if(1) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 38974 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c Buffer_Overflow_LowBound 196 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; if(1) strcpy(data, "fixedstringtest"); if(1) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 38975 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38976 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c Buffer_Overflow_cpycat 211 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38977 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38978 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38979 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c Buffer_Overflow_fgets 145 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38980 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38981 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c String_Termination_Error 149 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38982 79483/CWE134_Uncontrolled_Format_String__char_console_snprintf_02.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38983 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c Buffer_Overflow_LowBound 218 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; if(5==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(5==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 38984 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c Buffer_Overflow_LowBound 124 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; if(5==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(5!=5){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 38985 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c Buffer_Overflow_LowBound 169 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; if(5==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(5==5) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 38986 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c Buffer_Overflow_LowBound 70 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; if(5!=5){} else strcpy(data, "fixedstringtest"); if(5==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 38987 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c Buffer_Overflow_LowBound 196 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; if(5==5) strcpy(data, "fixedstringtest"); if(5==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 38988 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38989 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c Buffer_Overflow_cpycat 211 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 38990 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38991 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38992 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c Buffer_Overflow_fgets 145 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 38993 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38994 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c String_Termination_Error 149 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38995 79484/CWE134_Uncontrolled_Format_String__char_console_snprintf_03.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 38996 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c Buffer_Overflow_LowBound 202 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_TRUE) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 38997 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c Buffer_Overflow_LowBound 175 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FALSE){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 38998 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c Buffer_Overflow_LowBound 130 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_TRUE) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 38999 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c Buffer_Overflow_LowBound 224 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FALSE){} else strcpy(data, "fixedstringtest"); if(STATIC_CONST_TRUE) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39000 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c Buffer_Overflow_LowBound 76 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) strcpy(data, "fixedstringtest"); if(STATIC_CONST_TRUE) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39001 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c Buffer_Overflow_cpycat 195 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39002 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c Buffer_Overflow_cpycat 217 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39003 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c Buffer_Overflow_fgets 151 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39004 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c Buffer_Overflow_fgets 101 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39005 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c Buffer_Overflow_fgets 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39006 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c String_Termination_Error 105 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39007 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c String_Termination_Error 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39008 79485/CWE134_Uncontrolled_Format_String__char_console_snprintf_04.c String_Termination_Error 155 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39009 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c Buffer_Overflow_LowBound 202 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticTrue) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39010 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c Buffer_Overflow_LowBound 175 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFalse){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39011 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c Buffer_Overflow_LowBound 130 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticTrue) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39012 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c Buffer_Overflow_LowBound 224 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticFalse){} else strcpy(data, "fixedstringtest"); if(staticTrue) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39013 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c Buffer_Overflow_LowBound 76 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) strcpy(data, "fixedstringtest"); if(staticTrue) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39014 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c Buffer_Overflow_cpycat 195 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39015 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c Buffer_Overflow_cpycat 217 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39016 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c Buffer_Overflow_fgets 151 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39017 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c Buffer_Overflow_fgets 101 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39018 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c Buffer_Overflow_fgets 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39019 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c String_Termination_Error 105 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39020 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c String_Termination_Error 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39021 79486/CWE134_Uncontrolled_Format_String__char_console_snprintf_05.c String_Termination_Error 155 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39022 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c Buffer_Overflow_LowBound 75 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FIVE==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39023 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c Buffer_Overflow_LowBound 129 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FIVE!=5){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39024 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c Buffer_Overflow_LowBound 201 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FIVE==5) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39025 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c Buffer_Overflow_LowBound 174 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE!=5){} else strcpy(data, "fixedstringtest"); if(STATIC_CONST_FIVE==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39026 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c Buffer_Overflow_LowBound 223 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static const int STATIC_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) strcpy(data, "fixedstringtest"); if(STATIC_CONST_FIVE==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39027 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c Buffer_Overflow_cpycat 216 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39028 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c Buffer_Overflow_cpycat 194 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39029 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c Buffer_Overflow_fgets 150 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39030 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c Buffer_Overflow_fgets 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39031 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39032 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c String_Termination_Error 55 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39033 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c String_Termination_Error 154 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39034 79487/CWE134_Uncontrolled_Format_String__char_console_snprintf_06.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39035 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c Buffer_Overflow_LowBound 75 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFive==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39036 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c Buffer_Overflow_LowBound 129 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFive!=5){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39037 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c Buffer_Overflow_LowBound 201 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFive==5) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39038 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c Buffer_Overflow_LowBound 174 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive!=5){} else strcpy(data, "fixedstringtest"); if(staticFive==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39039 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c Buffer_Overflow_LowBound 223 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) strcpy(data, "fixedstringtest"); if(staticFive==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39040 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c Buffer_Overflow_cpycat 216 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39041 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c Buffer_Overflow_cpycat 194 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39042 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c Buffer_Overflow_fgets 150 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39043 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c Buffer_Overflow_fgets 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39044 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39045 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c String_Termination_Error 55 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39046 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c String_Termination_Error 154 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39047 79488/CWE134_Uncontrolled_Format_String__char_console_snprintf_07.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39048 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c Buffer_Overflow_LowBound 83 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticReturnsTrue()) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39049 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c Buffer_Overflow_LowBound 137 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticReturnsFalse()){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39050 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c Buffer_Overflow_LowBound 209 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticReturnsTrue()) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39051 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c Buffer_Overflow_LowBound 182 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsFalse()){} else strcpy(data, "fixedstringtest"); if(staticReturnsTrue()) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39052 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c Buffer_Overflow_LowBound 231 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) strcpy(data, "fixedstringtest"); if(staticReturnsTrue()) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39053 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c Buffer_Overflow_cpycat 224 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39054 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c Buffer_Overflow_cpycat 202 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39055 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c Buffer_Overflow_fgets 158 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39056 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c Buffer_Overflow_fgets 59 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39057 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c Buffer_Overflow_fgets 108 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39058 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c String_Termination_Error 63 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39059 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c String_Termination_Error 162 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39060 79489/CWE134_Uncontrolled_Format_String__char_console_snprintf_08.c String_Termination_Error 112 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39061 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c Buffer_Overflow_LowBound 218 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_TRUE) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39062 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c Buffer_Overflow_LowBound 124 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FALSE){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39063 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c Buffer_Overflow_LowBound 169 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_TRUE) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39064 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c Buffer_Overflow_LowBound 70 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FALSE){} else strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_TRUE) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39065 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c Buffer_Overflow_LowBound 196 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_TRUE) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39066 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39067 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c Buffer_Overflow_cpycat 211 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39068 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39069 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39070 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c Buffer_Overflow_fgets 145 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39071 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39072 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c String_Termination_Error 149 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39073 79490/CWE134_Uncontrolled_Format_String__char_console_snprintf_09.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39074 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c Buffer_Overflow_LowBound 218 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalTrue = 1; int globalFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalTrue) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39075 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c Buffer_Overflow_LowBound 124 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalTrue = 1; int globalFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFalse){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39076 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c Buffer_Overflow_LowBound 169 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalTrue = 1; int globalFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalTrue) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39077 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c Buffer_Overflow_LowBound 70 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalTrue = 1; int globalFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalFalse){} else strcpy(data, "fixedstringtest"); if(globalTrue) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39078 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c Buffer_Overflow_LowBound 196 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalTrue = 1; int globalFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) strcpy(data, "fixedstringtest"); if(globalTrue) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39079 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39080 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c Buffer_Overflow_cpycat 211 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39081 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39082 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39083 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c Buffer_Overflow_fgets 145 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39084 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39085 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c String_Termination_Error 149 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39086 79491/CWE134_Uncontrolled_Format_String__char_console_snprintf_10.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39087 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c Buffer_Overflow_LowBound 218 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalReturnsTrue()) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39088 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c Buffer_Overflow_LowBound 124 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalReturnsFalse()){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39089 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c Buffer_Overflow_LowBound 169 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalReturnsTrue()) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39090 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c Buffer_Overflow_LowBound 70 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsFalse()){} else strcpy(data, "fixedstringtest"); if(globalReturnsTrue()) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39091 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c Buffer_Overflow_LowBound 196 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) strcpy(data, "fixedstringtest"); if(globalReturnsTrue()) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39092 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39093 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c Buffer_Overflow_cpycat 211 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39094 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39095 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39096 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c Buffer_Overflow_fgets 145 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39097 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39098 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c String_Termination_Error 149 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39099 79492/CWE134_Uncontrolled_Format_String__char_console_snprintf_11.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39100 79493/CWE134_Uncontrolled_Format_String__char_console_snprintf_12.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39101 79493/CWE134_Uncontrolled_Format_String__char_console_snprintf_12.c Buffer_Overflow_cpycat 68 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39102 79493/CWE134_Uncontrolled_Format_String__char_console_snprintf_12.c Buffer_Overflow_cpycat 194 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39103 79493/CWE134_Uncontrolled_Format_String__char_console_snprintf_12.c Buffer_Overflow_fgets 111 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39104 79493/CWE134_Uncontrolled_Format_String__char_console_snprintf_12.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39105 79493/CWE134_Uncontrolled_Format_String__char_console_snprintf_12.c Buffer_Overflow_fgets 139 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39106 79493/CWE134_Uncontrolled_Format_String__char_console_snprintf_12.c String_Termination_Error 143 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39107 79493/CWE134_Uncontrolled_Format_String__char_console_snprintf_12.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39108 79493/CWE134_Uncontrolled_Format_String__char_console_snprintf_12.c String_Termination_Error 115 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39109 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c Buffer_Overflow_LowBound 218 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FIVE==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39110 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c Buffer_Overflow_LowBound 124 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FIVE!=5){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39111 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c Buffer_Overflow_LowBound 169 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FIVE==5) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39112 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c Buffer_Overflow_LowBound 70 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE!=5){} else strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_FIVE==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39113 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c Buffer_Overflow_LowBound 196 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_FIVE==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39114 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39115 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c Buffer_Overflow_cpycat 211 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39116 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39117 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39118 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c Buffer_Overflow_fgets 145 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39119 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39120 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c String_Termination_Error 149 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39121 79494/CWE134_Uncontrolled_Format_String__char_console_snprintf_13.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39122 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c Buffer_Overflow_LowBound 218 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalFive = 5;  char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFive==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39123 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c Buffer_Overflow_LowBound 124 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalFive = 5;  char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFive!=5){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39124 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c Buffer_Overflow_LowBound 169 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalFive = 5;  char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFive==5) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39125 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c Buffer_Overflow_LowBound 70 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalFive = 5;  char dataBuffer[100] = ""; data = dataBuffer; if(globalFive!=5){} else strcpy(data, "fixedstringtest"); if(globalFive==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39126 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c Buffer_Overflow_LowBound 196 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif int globalFive = 5;  char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) strcpy(data, "fixedstringtest"); if(globalFive==5) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39127 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c Buffer_Overflow_cpycat 189 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39128 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c Buffer_Overflow_cpycat 211 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39129 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39130 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39131 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c Buffer_Overflow_fgets 145 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39132 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39133 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c String_Termination_Error 149 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39134 79495/CWE134_Uncontrolled_Format_String__char_console_snprintf_14.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39135 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c Buffer_Overflow_LowBound 229 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; default: break; switch(7) case 7: char dest[100] = ""; SNPRINTF(dest, 100-1, data); break; default: break; 1 --------------------------------- 39136 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c Buffer_Overflow_LowBound 77 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; default: break; switch(8) case 7: break; default: char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); break; 0 --------------------------------- 39137 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c Buffer_Overflow_LowBound 195 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; default: break; switch(7) case 7: char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); break; default: break; 0 --------------------------------- 39138 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c Buffer_Overflow_LowBound 142 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; switch(5) case 6: break; default: strcpy(data, "fixedstringtest"); break; switch(7) case 7: char dest[100] = ""; SNPRINTF(dest, 100-1, data); break; default: break; 0 --------------------------------- 39139 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c Buffer_Overflow_LowBound 263 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: strcpy(data, "fixedstringtest"); break; default: break; switch(7) case 7: char dest[100] = ""; SNPRINTF(dest, 100-1, data); break; default: break; 0 --------------------------------- 39140 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c Buffer_Overflow_cpycat 220 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39141 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c Buffer_Overflow_cpycat 250 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39142 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c Buffer_Overflow_fgets 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39143 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c Buffer_Overflow_fgets 165 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39144 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c Buffer_Overflow_fgets 108 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39145 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c String_Termination_Error 169 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39146 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c String_Termination_Error 112 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39147 79496/CWE134_Uncontrolled_Format_String__char_console_snprintf_15.c String_Termination_Error 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39148 79497/CWE134_Uncontrolled_Format_String__char_console_snprintf_16.c Buffer_Overflow_LowBound 146 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; while(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; while(1) char dest[100] = ""; SNPRINTF(dest, 100-1, data); break; 1 --------------------------------- 39149 79497/CWE134_Uncontrolled_Format_String__char_console_snprintf_16.c Buffer_Overflow_LowBound 122 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; while(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; while(1) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); break; 0 --------------------------------- 39150 79497/CWE134_Uncontrolled_Format_String__char_console_snprintf_16.c Buffer_Overflow_LowBound 71 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; while(1) strcpy(data, "fixedstringtest"); break; while(1) char dest[100] = ""; SNPRINTF(dest, 100-1, data); break; 0 --------------------------------- 39151 79497/CWE134_Uncontrolled_Format_String__char_console_snprintf_16.c Buffer_Overflow_cpycat 138 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39152 79497/CWE134_Uncontrolled_Format_String__char_console_snprintf_16.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39153 79497/CWE134_Uncontrolled_Format_String__char_console_snprintf_16.c Buffer_Overflow_fgets 97 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39154 79497/CWE134_Uncontrolled_Format_String__char_console_snprintf_16.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39155 79497/CWE134_Uncontrolled_Format_String__char_console_snprintf_16.c String_Termination_Error 92 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 39156 79497/CWE134_Uncontrolled_Format_String__char_console_snprintf_16.c String_Termination_Error 41 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 39157 79497/CWE134_Uncontrolled_Format_String__char_console_snprintf_16.c String_Termination_Error 101 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39158 79498/CWE134_Uncontrolled_Format_String__char_console_snprintf_17.c Buffer_Overflow_LowBound 144 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; for(i = 0; i < 1; i++) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; for(j = 0; j < 1; j++) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39159 79498/CWE134_Uncontrolled_Format_String__char_console_snprintf_17.c Buffer_Overflow_LowBound 121 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; for(i = 0; i < 1; i++) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; for(k = 0; k < 1; k++) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39160 79498/CWE134_Uncontrolled_Format_String__char_console_snprintf_17.c Buffer_Overflow_LowBound 71 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; for(h = 0; h < 1; h++) strcpy(data, "fixedstringtest"); for(j = 0; j < 1; j++) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39161 79498/CWE134_Uncontrolled_Format_String__char_console_snprintf_17.c Buffer_Overflow_cpycat 137 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39162 79498/CWE134_Uncontrolled_Format_String__char_console_snprintf_17.c Buffer_Overflow_fgets 47 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39163 79498/CWE134_Uncontrolled_Format_String__char_console_snprintf_17.c Buffer_Overflow_fgets 97 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39164 79498/CWE134_Uncontrolled_Format_String__char_console_snprintf_17.c String_Termination_Error 92 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 39165 79498/CWE134_Uncontrolled_Format_String__char_console_snprintf_17.c String_Termination_Error 42 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 39166 79498/CWE134_Uncontrolled_Format_String__char_console_snprintf_17.c String_Termination_Error 101 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39167 79498/CWE134_Uncontrolled_Format_String__char_console_snprintf_17.c String_Termination_Error 51 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39168 79499/CWE134_Uncontrolled_Format_String__char_console_snprintf_18.c Buffer_Overflow_LowBound 69 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; goto source; source: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goto sink; sink: char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39169 79499/CWE134_Uncontrolled_Format_String__char_console_snprintf_18.c Buffer_Overflow_LowBound 136 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; goto source; source: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goto sink; sink: char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39170 79499/CWE134_Uncontrolled_Format_String__char_console_snprintf_18.c Buffer_Overflow_LowBound 116 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; goto source; source: strcpy(data, "fixedstringtest"); goto sink; sink: char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39171 79499/CWE134_Uncontrolled_Format_String__char_console_snprintf_18.c Buffer_Overflow_cpycat 130 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39172 79499/CWE134_Uncontrolled_Format_String__char_console_snprintf_18.c Buffer_Overflow_fgets 93 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39173 79499/CWE134_Uncontrolled_Format_String__char_console_snprintf_18.c Buffer_Overflow_fgets 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39174 79499/CWE134_Uncontrolled_Format_String__char_console_snprintf_18.c String_Termination_Error 97 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39175 79499/CWE134_Uncontrolled_Format_String__char_console_snprintf_18.c String_Termination_Error 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39176 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c Buffer_Overflow_LowBound 152 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; badStatic = 1; badSink(data); static void badSink(char * data) if(badStatic) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39177 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c Buffer_Overflow_LowBound 104 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2G1Static = 0; goodB2G1Sink(data); static void goodB2G1Sink(char * data) if(goodB2G1Static){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39178 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c Buffer_Overflow_LowBound 200 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2G2Static = 1; goodB2G2Sink(data); static void goodB2G2Sink(char * data) if(goodB2G2Static) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39179 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c Buffer_Overflow_LowBound 42 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BStatic = 1; goodG2BSink(data); static void goodG2BSink(char * data) if(goodG2BStatic) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39180 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c Buffer_Overflow_cpycat 212 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39181 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c Buffer_Overflow_fgets 170 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39182 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c Buffer_Overflow_fgets 60 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39183 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c Buffer_Overflow_fgets 122 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39184 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c String_Termination_Error 174 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39185 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c String_Termination_Error 126 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39186 79500/CWE134_Uncontrolled_Format_String__char_console_snprintf_21.c String_Termination_Error 64 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39187 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c Buffer_Overflow_LowBound 296 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_22_badGlobal = 1; CWE134_Uncontrolled_Format_String__char_console_snprintf_22_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_22_badSink(char * data) if(CWE134_Uncontrolled_Format_String__char_console_snprintf_22_badGlobal) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39188 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c Buffer_Overflow_LowBound 268 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodB2G1Global = 0; CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodB2G1Sink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodB2G1Sink(char * data) if(CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodB2G1Global){} else char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39189 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c Buffer_Overflow_LowBound 282 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodB2G2Global = 1; CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodB2G2Sink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodB2G2Sink(char * data) if(CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodB2G2Global) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39190 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c Buffer_Overflow_LowBound 240 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodG2BGlobal = 1; CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodG2BSink(char * data) if(CWE134_Uncontrolled_Format_String__char_console_snprintf_22_goodG2BGlobal) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39191 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c Buffer_Overflow_cpycat 157 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39192 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c Buffer_Overflow_fgets 126 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39193 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c Buffer_Overflow_fgets 43 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39194 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c Buffer_Overflow_fgets 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39195 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c String_Termination_Error 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39196 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c String_Termination_Error 130 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39197 79501/CWE134_Uncontrolled_Format_String__char_console_snprintf_22.c String_Termination_Error 93 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39198 79502/CWE134_Uncontrolled_Format_String__char_console_snprintf_31.c Buffer_Overflow_LowBound 135 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39199 79502/CWE134_Uncontrolled_Format_String__char_console_snprintf_31.c Buffer_Overflow_LowBound 68 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); char * dataCopy = data; char * data = dataCopy; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39200 79502/CWE134_Uncontrolled_Format_String__char_console_snprintf_31.c Buffer_Overflow_LowBound 92 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39201 79502/CWE134_Uncontrolled_Format_String__char_console_snprintf_31.c Buffer_Overflow_cpycat 85 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39202 79502/CWE134_Uncontrolled_Format_String__char_console_snprintf_31.c Buffer_Overflow_fgets 111 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39203 79502/CWE134_Uncontrolled_Format_String__char_console_snprintf_31.c Buffer_Overflow_fgets 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39204 79502/CWE134_Uncontrolled_Format_String__char_console_snprintf_31.c String_Termination_Error 48 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39205 79502/CWE134_Uncontrolled_Format_String__char_console_snprintf_31.c String_Termination_Error 115 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39206 79503/CWE134_Uncontrolled_Format_String__char_console_snprintf_32.c Buffer_Overflow_LowBound 102 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39207 79503/CWE134_Uncontrolled_Format_String__char_console_snprintf_32.c Buffer_Overflow_LowBound 73 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; strcpy(data, "fixedstringtest"); *dataPtr1 = data; char * data = *dataPtr2; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39208 79503/CWE134_Uncontrolled_Format_String__char_console_snprintf_32.c Buffer_Overflow_LowBound 150 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39209 79503/CWE134_Uncontrolled_Format_String__char_console_snprintf_32.c Buffer_Overflow_cpycat 94 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39210 79503/CWE134_Uncontrolled_Format_String__char_console_snprintf_32.c Buffer_Overflow_fgets 48 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39211 79503/CWE134_Uncontrolled_Format_String__char_console_snprintf_32.c Buffer_Overflow_fgets 125 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39212 79503/CWE134_Uncontrolled_Format_String__char_console_snprintf_32.c String_Termination_Error 129 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39213 79503/CWE134_Uncontrolled_Format_String__char_console_snprintf_32.c String_Termination_Error 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39214 79505/CWE134_Uncontrolled_Format_String__char_console_snprintf_34.c Buffer_Overflow_LowBound 144 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; CWE134_Uncontrolled_Format_String__char_console_snprintf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39215 79505/CWE134_Uncontrolled_Format_String__char_console_snprintf_34.c Buffer_Overflow_LowBound 75 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; CWE134_Uncontrolled_Format_String__char_console_snprintf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39216 79505/CWE134_Uncontrolled_Format_String__char_console_snprintf_34.c Buffer_Overflow_LowBound 100 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; CWE134_Uncontrolled_Format_String__char_console_snprintf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39217 79505/CWE134_Uncontrolled_Format_String__char_console_snprintf_34.c Buffer_Overflow_cpycat 93 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39218 79505/CWE134_Uncontrolled_Format_String__char_console_snprintf_34.c Buffer_Overflow_fgets 120 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39219 79505/CWE134_Uncontrolled_Format_String__char_console_snprintf_34.c Buffer_Overflow_fgets 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39220 79505/CWE134_Uncontrolled_Format_String__char_console_snprintf_34.c String_Termination_Error 124 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39221 79505/CWE134_Uncontrolled_Format_String__char_console_snprintf_34.c String_Termination_Error 55 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39222 79506/CWE134_Uncontrolled_Format_String__char_console_snprintf_41.c Buffer_Overflow_LowBound 85 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; badSink(data); static void badSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39223 79506/CWE134_Uncontrolled_Format_String__char_console_snprintf_41.c Buffer_Overflow_LowBound 106 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BSink(data); static void goodG2BSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39224 79506/CWE134_Uncontrolled_Format_String__char_console_snprintf_41.c Buffer_Overflow_LowBound 37 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2GSink(data); static void goodB2GSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39225 79506/CWE134_Uncontrolled_Format_String__char_console_snprintf_41.c Buffer_Overflow_cpycat 96 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39226 79506/CWE134_Uncontrolled_Format_String__char_console_snprintf_41.c Buffer_Overflow_fgets 54 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39227 79506/CWE134_Uncontrolled_Format_String__char_console_snprintf_41.c Buffer_Overflow_fgets 123 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39228 79506/CWE134_Uncontrolled_Format_String__char_console_snprintf_41.c String_Termination_Error 127 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39229 79506/CWE134_Uncontrolled_Format_String__char_console_snprintf_41.c String_Termination_Error 58 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39230 79507/CWE134_Uncontrolled_Format_String__char_console_snprintf_42.c Buffer_Overflow_LowBound 97 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39231 79507/CWE134_Uncontrolled_Format_String__char_console_snprintf_42.c Buffer_Overflow_LowBound 142 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) strcpy(data, "fixedstringtest"); return data; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39232 79507/CWE134_Uncontrolled_Format_String__char_console_snprintf_42.c Buffer_Overflow_LowBound 71 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39233 79507/CWE134_Uncontrolled_Format_String__char_console_snprintf_42.c Buffer_Overflow_cpycat 84 char dataBuffer[100] = ""; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) strcpy(data, "fixedstringtest"); 0 --------------------------------- 39234 79507/CWE134_Uncontrolled_Format_String__char_console_snprintf_42.c Buffer_Overflow_fgets 112 char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39235 79507/CWE134_Uncontrolled_Format_String__char_console_snprintf_42.c Buffer_Overflow_fgets 41 char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39236 79507/CWE134_Uncontrolled_Format_String__char_console_snprintf_42.c String_Termination_Error 116 char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39237 79507/CWE134_Uncontrolled_Format_String__char_console_snprintf_42.c String_Termination_Error 45 char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39238 79509/CWE134_Uncontrolled_Format_String__char_console_snprintf_44.c Buffer_Overflow_LowBound 37 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif void (*funcPtr) (char *) = badSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); static void badSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39239 79509/CWE134_Uncontrolled_Format_String__char_console_snprintf_44.c Buffer_Overflow_LowBound 88 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; void (*funcPtr) (char *) = goodG2BSink; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); funcPtr(data); static void goodG2BSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39240 79509/CWE134_Uncontrolled_Format_String__char_console_snprintf_44.c Buffer_Overflow_LowBound 110 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; void (*funcPtr) (char *) = goodB2GSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); static void goodB2GSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39241 79509/CWE134_Uncontrolled_Format_String__char_console_snprintf_44.c Buffer_Overflow_cpycat 100 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39242 79509/CWE134_Uncontrolled_Format_String__char_console_snprintf_44.c Buffer_Overflow_fgets 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39243 79509/CWE134_Uncontrolled_Format_String__char_console_snprintf_44.c Buffer_Overflow_fgets 128 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39244 79509/CWE134_Uncontrolled_Format_String__char_console_snprintf_44.c String_Termination_Error 60 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39245 79509/CWE134_Uncontrolled_Format_String__char_console_snprintf_44.c String_Termination_Error 132 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39246 79510/CWE134_Uncontrolled_Format_String__char_console_snprintf_45.c Buffer_Overflow_LowBound 42 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_45_badData = data; badSink(); static void badSink() char * data = CWE134_Uncontrolled_Format_String__char_console_snprintf_45_badData; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39247 79510/CWE134_Uncontrolled_Format_String__char_console_snprintf_45.c Buffer_Overflow_LowBound 115 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_snprintf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE134_Uncontrolled_Format_String__char_console_snprintf_45_goodG2BData; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39248 79510/CWE134_Uncontrolled_Format_String__char_console_snprintf_45.c Buffer_Overflow_LowBound 92 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() char * data = CWE134_Uncontrolled_Format_String__char_console_snprintf_45_goodB2GData; char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39249 79510/CWE134_Uncontrolled_Format_String__char_console_snprintf_45.c Buffer_Overflow_cpycat 103 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39250 79510/CWE134_Uncontrolled_Format_String__char_console_snprintf_45.c Buffer_Overflow_fgets 59 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39251 79510/CWE134_Uncontrolled_Format_String__char_console_snprintf_45.c Buffer_Overflow_fgets 132 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39252 79510/CWE134_Uncontrolled_Format_String__char_console_snprintf_45.c String_Termination_Error 63 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39253 79510/CWE134_Uncontrolled_Format_String__char_console_snprintf_45.c String_Termination_Error 136 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39254 79511/CWE134_Uncontrolled_Format_String__char_console_snprintf_51.c Buffer_Overflow_LowBound 208 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_51b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_51b_badSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39255 79511/CWE134_Uncontrolled_Format_String__char_console_snprintf_51.c Buffer_Overflow_LowBound 219 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_snprintf_51b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_51b_goodG2BSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39256 79511/CWE134_Uncontrolled_Format_String__char_console_snprintf_51.c Buffer_Overflow_LowBound 193 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_51b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_51b_goodB2GSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39257 79511/CWE134_Uncontrolled_Format_String__char_console_snprintf_51.c Buffer_Overflow_cpycat 81 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39258 79511/CWE134_Uncontrolled_Format_String__char_console_snprintf_51.c Buffer_Overflow_fgets 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39259 79511/CWE134_Uncontrolled_Format_String__char_console_snprintf_51.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39260 79511/CWE134_Uncontrolled_Format_String__char_console_snprintf_51.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39261 79511/CWE134_Uncontrolled_Format_String__char_console_snprintf_51.c String_Termination_Error 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39262 79512/CWE134_Uncontrolled_Format_String__char_console_snprintf_52.c Buffer_Overflow_LowBound 256 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_52b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_52b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_52c_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_52c_badSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39263 79512/CWE134_Uncontrolled_Format_String__char_console_snprintf_52.c Buffer_Overflow_LowBound 282 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_snprintf_52b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_52b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_52c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_52c_goodG2BSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39264 79512/CWE134_Uncontrolled_Format_String__char_console_snprintf_52.c Buffer_Overflow_LowBound 271 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_52b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_52b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_52c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_52c_goodB2GSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39265 79512/CWE134_Uncontrolled_Format_String__char_console_snprintf_52.c Buffer_Overflow_cpycat 81 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39266 79512/CWE134_Uncontrolled_Format_String__char_console_snprintf_52.c Buffer_Overflow_fgets 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39267 79512/CWE134_Uncontrolled_Format_String__char_console_snprintf_52.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39268 79512/CWE134_Uncontrolled_Format_String__char_console_snprintf_52.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39269 79512/CWE134_Uncontrolled_Format_String__char_console_snprintf_52.c String_Termination_Error 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39270 79513/CWE134_Uncontrolled_Format_String__char_console_snprintf_53.c Buffer_Overflow_LowBound 345 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_53b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_53b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_53c_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_53c_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_53d_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_53d_badSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39271 79513/CWE134_Uncontrolled_Format_String__char_console_snprintf_53.c Buffer_Overflow_LowBound 334 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_snprintf_53b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_53b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_53c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_53c_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_53d_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_53d_goodG2BSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39272 79513/CWE134_Uncontrolled_Format_String__char_console_snprintf_53.c Buffer_Overflow_LowBound 319 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_53b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_53b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_53c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_53c_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_53d_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_53d_goodB2GSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39273 79513/CWE134_Uncontrolled_Format_String__char_console_snprintf_53.c Buffer_Overflow_cpycat 81 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39274 79513/CWE134_Uncontrolled_Format_String__char_console_snprintf_53.c Buffer_Overflow_fgets 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39275 79513/CWE134_Uncontrolled_Format_String__char_console_snprintf_53.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39276 79513/CWE134_Uncontrolled_Format_String__char_console_snprintf_53.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39277 79513/CWE134_Uncontrolled_Format_String__char_console_snprintf_53.c String_Termination_Error 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39278 79514/CWE134_Uncontrolled_Format_String__char_console_snprintf_54.c Buffer_Overflow_LowBound 408 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_54b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_54c_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54c_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_54d_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54d_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_54e_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54e_badSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39279 79514/CWE134_Uncontrolled_Format_String__char_console_snprintf_54.c Buffer_Overflow_LowBound 397 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_snprintf_54b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_54c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54c_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_54d_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54d_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_54e_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54e_goodG2BSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39280 79514/CWE134_Uncontrolled_Format_String__char_console_snprintf_54.c Buffer_Overflow_LowBound 382 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_54b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_54c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54c_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_54d_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54d_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_snprintf_54e_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_54e_goodB2GSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39281 79514/CWE134_Uncontrolled_Format_String__char_console_snprintf_54.c Buffer_Overflow_cpycat 81 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39282 79514/CWE134_Uncontrolled_Format_String__char_console_snprintf_54.c Buffer_Overflow_fgets 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39283 79514/CWE134_Uncontrolled_Format_String__char_console_snprintf_54.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39284 79514/CWE134_Uncontrolled_Format_String__char_console_snprintf_54.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39285 79514/CWE134_Uncontrolled_Format_String__char_console_snprintf_54.c String_Termination_Error 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39286 79515/CWE134_Uncontrolled_Format_String__char_console_snprintf_61.c Buffer_Overflow_LowBound 82 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_badSource(data); char * CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_badSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39287 79515/CWE134_Uncontrolled_Format_String__char_console_snprintf_61.c Buffer_Overflow_LowBound 65 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_goodG2BSource(data); char * CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_goodG2BSource(char * data) strcpy(data, "fixedstringtest"); return data; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39288 79515/CWE134_Uncontrolled_Format_String__char_console_snprintf_61.c Buffer_Overflow_LowBound 44 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39289 79515/CWE134_Uncontrolled_Format_String__char_console_snprintf_61.c Buffer_Overflow_cpycat 192 char * CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_goodG2BSource(char * data) strcpy(data, "fixedstringtest"); 0 --------------------------------- 39290 79515/CWE134_Uncontrolled_Format_String__char_console_snprintf_61.c Buffer_Overflow_fgets 206 char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39291 79515/CWE134_Uncontrolled_Format_String__char_console_snprintf_61.c Buffer_Overflow_fgets 163 char * CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39292 79515/CWE134_Uncontrolled_Format_String__char_console_snprintf_61.c String_Termination_Error 167 char * CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39293 79515/CWE134_Uncontrolled_Format_String__char_console_snprintf_61.c String_Termination_Error 210 char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_snprintf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39294 79517/CWE134_Uncontrolled_Format_String__char_console_snprintf_63.c Buffer_Overflow_LowBound 194 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_63b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_63b_badSink(char * * dataPtr) char * data = *dataPtr; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39295 79517/CWE134_Uncontrolled_Format_String__char_console_snprintf_63.c Buffer_Overflow_LowBound 210 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_snprintf_63b_goodG2BSink(&data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39296 79517/CWE134_Uncontrolled_Format_String__char_console_snprintf_63.c Buffer_Overflow_LowBound 222 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_63b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_63b_goodB2GSink(char * * dataPtr) char * data = *dataPtr; char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39297 79517/CWE134_Uncontrolled_Format_String__char_console_snprintf_63.c Buffer_Overflow_cpycat 81 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39298 79517/CWE134_Uncontrolled_Format_String__char_console_snprintf_63.c Buffer_Overflow_fgets 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39299 79517/CWE134_Uncontrolled_Format_String__char_console_snprintf_63.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39300 79517/CWE134_Uncontrolled_Format_String__char_console_snprintf_63.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39301 79517/CWE134_Uncontrolled_Format_String__char_console_snprintf_63.c String_Termination_Error 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39302 79518/CWE134_Uncontrolled_Format_String__char_console_snprintf_64.c Buffer_Overflow_LowBound 197 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_64b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39303 79518/CWE134_Uncontrolled_Format_String__char_console_snprintf_64.c Buffer_Overflow_LowBound 216 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_snprintf_64b_goodG2BSink(&data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39304 79518/CWE134_Uncontrolled_Format_String__char_console_snprintf_64.c Buffer_Overflow_LowBound 231 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_64b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_64b_goodB2GSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39305 79518/CWE134_Uncontrolled_Format_String__char_console_snprintf_64.c Buffer_Overflow_cpycat 81 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39306 79518/CWE134_Uncontrolled_Format_String__char_console_snprintf_64.c Buffer_Overflow_fgets 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39307 79518/CWE134_Uncontrolled_Format_String__char_console_snprintf_64.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39308 79518/CWE134_Uncontrolled_Format_String__char_console_snprintf_64.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39309 79518/CWE134_Uncontrolled_Format_String__char_console_snprintf_64.c String_Termination_Error 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39310 79519/CWE134_Uncontrolled_Format_String__char_console_snprintf_65.c Buffer_Overflow_LowBound 224 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; void (*funcPtr) (char *) = CWE134_Uncontrolled_Format_String__char_console_snprintf_65b_badSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_65b_badSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39311 79519/CWE134_Uncontrolled_Format_String__char_console_snprintf_65.c Buffer_Overflow_LowBound 213 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; void (*funcPtr) (char *) = CWE134_Uncontrolled_Format_String__char_console_snprintf_65b_goodG2BSink; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); funcPtr(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_65b_goodG2BSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39312 79519/CWE134_Uncontrolled_Format_String__char_console_snprintf_65.c Buffer_Overflow_LowBound 198 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; void (*funcPtr) (char *) = CWE134_Uncontrolled_Format_String__char_console_snprintf_65b_goodB2GSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_65b_goodB2GSink(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39313 79519/CWE134_Uncontrolled_Format_String__char_console_snprintf_65.c Buffer_Overflow_cpycat 85 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39314 79519/CWE134_Uncontrolled_Format_String__char_console_snprintf_65.c Buffer_Overflow_fgets 105 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39315 79519/CWE134_Uncontrolled_Format_String__char_console_snprintf_65.c Buffer_Overflow_fgets 49 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39316 79519/CWE134_Uncontrolled_Format_String__char_console_snprintf_65.c String_Termination_Error 109 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39317 79519/CWE134_Uncontrolled_Format_String__char_console_snprintf_65.c String_Termination_Error 53 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39318 79520/CWE134_Uncontrolled_Format_String__char_console_snprintf_66.c Buffer_Overflow_LowBound 218 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_66b_badSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_snprintf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39319 79520/CWE134_Uncontrolled_Format_String__char_console_snprintf_66.c Buffer_Overflow_LowBound 202 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_66b_goodG2BSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_snprintf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39320 79520/CWE134_Uncontrolled_Format_String__char_console_snprintf_66.c Buffer_Overflow_LowBound 230 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_66b_goodB2GSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_snprintf_66b_goodB2GSink(char * dataArray[]) char * data = dataArray[2]; char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39321 79520/CWE134_Uncontrolled_Format_String__char_console_snprintf_66.c Buffer_Overflow_cpycat 85 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39322 79520/CWE134_Uncontrolled_Format_String__char_console_snprintf_66.c Buffer_Overflow_fgets 48 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39323 79520/CWE134_Uncontrolled_Format_String__char_console_snprintf_66.c Buffer_Overflow_fgets 106 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39324 79520/CWE134_Uncontrolled_Format_String__char_console_snprintf_66.c String_Termination_Error 110 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39325 79520/CWE134_Uncontrolled_Format_String__char_console_snprintf_66.c String_Termination_Error 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39326 79521/CWE134_Uncontrolled_Format_String__char_console_snprintf_67.c Buffer_Overflow_LowBound 226 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; CWE134_Uncontrolled_Format_String__char_console_snprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_67b_badSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_snprintf_67b_badSink(CWE134_Uncontrolled_Format_String__char_console_snprintf_67_structType myStruct) char * data = myStruct.structFirst; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39327 79521/CWE134_Uncontrolled_Format_String__char_console_snprintf_67.c Buffer_Overflow_LowBound 210 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; CWE134_Uncontrolled_Format_String__char_console_snprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_67b_goodG2BSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_snprintf_67b_goodG2BSink(CWE134_Uncontrolled_Format_String__char_console_snprintf_67_structType myStruct) char * data = myStruct.structFirst; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39328 79521/CWE134_Uncontrolled_Format_String__char_console_snprintf_67.c Buffer_Overflow_LowBound 238 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; CWE134_Uncontrolled_Format_String__char_console_snprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_67b_goodB2GSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_snprintf_67b_goodB2GSink(CWE134_Uncontrolled_Format_String__char_console_snprintf_67_structType myStruct) char * data = myStruct.structFirst; char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39329 79521/CWE134_Uncontrolled_Format_String__char_console_snprintf_67.c Buffer_Overflow_cpycat 89 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39330 79521/CWE134_Uncontrolled_Format_String__char_console_snprintf_67.c Buffer_Overflow_fgets 53 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39331 79521/CWE134_Uncontrolled_Format_String__char_console_snprintf_67.c Buffer_Overflow_fgets 110 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39332 79521/CWE134_Uncontrolled_Format_String__char_console_snprintf_67.c String_Termination_Error 57 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39333 79521/CWE134_Uncontrolled_Format_String__char_console_snprintf_67.c String_Termination_Error 114 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39334 79522/CWE134_Uncontrolled_Format_String__char_console_snprintf_68.c Buffer_Overflow_LowBound 205 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_68_badData = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_68b_badSink(); void CWE134_Uncontrolled_Format_String__char_console_snprintf_68b_badSink() char * data = CWE134_Uncontrolled_Format_String__char_console_snprintf_68_badData; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39335 79522/CWE134_Uncontrolled_Format_String__char_console_snprintf_68.c Buffer_Overflow_LowBound 233 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_snprintf_68_goodG2BData = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_68b_goodG2BSink(); void CWE134_Uncontrolled_Format_String__char_console_snprintf_68b_goodG2BSink() char * data = CWE134_Uncontrolled_Format_String__char_console_snprintf_68_goodG2BData; char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39336 79522/CWE134_Uncontrolled_Format_String__char_console_snprintf_68.c Buffer_Overflow_LowBound 221 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_68_goodB2GData = data; CWE134_Uncontrolled_Format_String__char_console_snprintf_68b_goodB2GSink(); void CWE134_Uncontrolled_Format_String__char_console_snprintf_68b_goodB2GSink() char * data = CWE134_Uncontrolled_Format_String__char_console_snprintf_68_goodB2GData; char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39337 79522/CWE134_Uncontrolled_Format_String__char_console_snprintf_68.c Buffer_Overflow_cpycat 88 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39338 79522/CWE134_Uncontrolled_Format_String__char_console_snprintf_68.c Buffer_Overflow_fgets 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39339 79522/CWE134_Uncontrolled_Format_String__char_console_snprintf_68.c Buffer_Overflow_fgets 106 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39340 79522/CWE134_Uncontrolled_Format_String__char_console_snprintf_68.c String_Termination_Error 110 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39341 79522/CWE134_Uncontrolled_Format_String__char_console_snprintf_68.c String_Termination_Error 55 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39342 79526/CWE134_Uncontrolled_Format_String__char_console_snprintf_81_bad.cpp Format_String_Attack 36 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; const CWE134_Uncontrolled_Format_String__char_console_snprintf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_console_snprintf_81_bad(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_81_bad::action(char * data) const char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39343 79526/CWE134_Uncontrolled_Format_String__char_console_snprintf_81_goodB2G.cpp Buffer_Overflow_LowBound 36 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); const CWE134_Uncontrolled_Format_String__char_console_snprintf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_console_snprintf_81_goodG2B(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_81_goodG2B::action(char * data) const char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39344 79526/CWE134_Uncontrolled_Format_String__char_console_snprintf_81_goodG2B.cpp Buffer_Overflow_LowBound 36 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; const CWE134_Uncontrolled_Format_String__char_console_snprintf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_console_snprintf_81_goodB2G(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_81_goodB2G::action(char * data) const char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39345 79526/CWE134_Uncontrolled_Format_String__char_console_snprintf_81a.cpp Buffer_Overflow_fgets 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39346 79526/CWE134_Uncontrolled_Format_String__char_console_snprintf_81a.cpp Buffer_Overflow_fgets 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39347 79526/CWE134_Uncontrolled_Format_String__char_console_snprintf_81a.cpp Buffer_Overflow_cpycat 71 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39348 79526/CWE134_Uncontrolled_Format_String__char_console_snprintf_81a.cpp String_Termination_Error 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39349 79526/CWE134_Uncontrolled_Format_String__char_console_snprintf_81a.cpp String_Termination_Error 93 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39350 79527/CWE134_Uncontrolled_Format_String__char_console_snprintf_82_bad.cpp Format_String_Attack 36 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_console_snprintf_82_bad; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_82_bad::action(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 1 --------------------------------- 39351 79527/CWE134_Uncontrolled_Format_String__char_console_snprintf_82_goodB2G.cpp Format_String_Attack 36 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_snprintf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_console_snprintf_82_goodG2B; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_82_goodG2B::action(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, data); 0 --------------------------------- 39352 79527/CWE134_Uncontrolled_Format_String__char_console_snprintf_82_goodG2B.cpp Format_String_Attack 36 #ifdef _WIN32 #define SNPRINTF _snprintf #else #define SNPRINTF snprintf #endif char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_snprintf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_console_snprintf_82_goodB2G; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_console_snprintf_82_goodB2G::action(char * data) char dest[100] = ""; SNPRINTF(dest, 100-1, "%s", data); 0 --------------------------------- 39353 79527/CWE134_Uncontrolled_Format_String__char_console_snprintf_82a.cpp Buffer_Overflow_fgets 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39354 79527/CWE134_Uncontrolled_Format_String__char_console_snprintf_82a.cpp Buffer_Overflow_fgets 91 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39355 79527/CWE134_Uncontrolled_Format_String__char_console_snprintf_82a.cpp Buffer_Overflow_cpycat 72 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39356 79527/CWE134_Uncontrolled_Format_String__char_console_snprintf_82a.cpp String_Termination_Error 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39357 79527/CWE134_Uncontrolled_Format_String__char_console_snprintf_82a.cpp String_Termination_Error 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39358 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c Buffer_Overflow_Indexes 121 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39359 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c Buffer_Overflow_Indexes 50 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39360 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c Buffer_Overflow_Indexes 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39361 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c Buffer_Overflow_fgets 121 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39362 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c Buffer_Overflow_fgets 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39363 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c Buffer_Overflow_cpycat 93 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39364 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c String_Termination_Error 54 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39365 79530/CWE134_Uncontrolled_Format_String__char_console_vfprintf_01.c String_Termination_Error 125 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39366 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c Buffer_Overflow_Indexes 107 char dataBuffer[100] = ""; data = dataBuffer; if(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(1) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39367 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c Buffer_Overflow_Indexes 163 char dataBuffer[100] = ""; data = dataBuffer; if(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(0){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39368 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c Buffer_Overflow_Indexes 52 char dataBuffer[100] = ""; data = dataBuffer; if(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(1) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39369 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c Buffer_Overflow_Indexes 163 char dataBuffer[100] = ""; data = dataBuffer; if(0){} else strcpy(data, "fixedstringtest"); if(1) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39370 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c Buffer_Overflow_Indexes 52 char dataBuffer[100] = ""; data = dataBuffer; if(1) strcpy(data, "fixedstringtest"); if(1) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39371 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c Buffer_Overflow_fgets 163 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39372 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c Buffer_Overflow_fgets 107 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39373 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c Buffer_Overflow_fgets 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39374 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c Buffer_Overflow_cpycat 213 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39375 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c Buffer_Overflow_cpycat 241 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39376 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c String_Termination_Error 167 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39377 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c String_Termination_Error 111 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39378 79531/CWE134_Uncontrolled_Format_String__char_console_vfprintf_02.c String_Termination_Error 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39379 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c Buffer_Overflow_Indexes 107 char dataBuffer[100] = ""; data = dataBuffer; if(5==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(5==5) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39380 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c Buffer_Overflow_Indexes 163 char dataBuffer[100] = ""; data = dataBuffer; if(5==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(5!=5){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39381 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c Buffer_Overflow_Indexes 52 char dataBuffer[100] = ""; data = dataBuffer; if(5==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(5==5) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39382 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c Buffer_Overflow_Indexes 163 char dataBuffer[100] = ""; data = dataBuffer; if(5!=5){} else strcpy(data, "fixedstringtest"); if(5==5) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39383 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c Buffer_Overflow_Indexes 52 char dataBuffer[100] = ""; data = dataBuffer; if(5==5) strcpy(data, "fixedstringtest"); if(5==5) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39384 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c Buffer_Overflow_fgets 163 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39385 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c Buffer_Overflow_fgets 107 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39386 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c Buffer_Overflow_fgets 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39387 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c Buffer_Overflow_cpycat 213 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39388 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c Buffer_Overflow_cpycat 241 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39389 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c String_Termination_Error 167 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39390 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c String_Termination_Error 111 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39391 79532/CWE134_Uncontrolled_Format_String__char_console_vfprintf_03.c String_Termination_Error 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39392 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c Buffer_Overflow_Indexes 113 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_TRUE) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39393 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c Buffer_Overflow_Indexes 169 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FALSE){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39394 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c Buffer_Overflow_Indexes 58 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_TRUE) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39395 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c Buffer_Overflow_Indexes 58 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FALSE){} else strcpy(data, "fixedstringtest"); if(STATIC_CONST_TRUE) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39396 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c Buffer_Overflow_Indexes 58 static const int STATIC_CONST_TRUE = 1; static const int STATIC_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_TRUE) strcpy(data, "fixedstringtest"); if(STATIC_CONST_TRUE) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39397 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c Buffer_Overflow_fgets 113 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39398 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c Buffer_Overflow_fgets 169 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39399 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c Buffer_Overflow_fgets 58 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39400 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c Buffer_Overflow_cpycat 247 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39401 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c Buffer_Overflow_cpycat 219 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39402 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c String_Termination_Error 62 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39403 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c String_Termination_Error 173 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39404 79533/CWE134_Uncontrolled_Format_String__char_console_vfprintf_04.c String_Termination_Error 117 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39405 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c Buffer_Overflow_Indexes 113 static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticTrue) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39406 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c Buffer_Overflow_Indexes 169 static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFalse){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39407 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c Buffer_Overflow_Indexes 58 static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticTrue) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39408 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c Buffer_Overflow_Indexes 169 static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticFalse){} else strcpy(data, "fixedstringtest"); if(staticTrue) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39409 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c Buffer_Overflow_Indexes 58 static int staticTrue = 1; static int staticFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticTrue) strcpy(data, "fixedstringtest"); if(staticTrue) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39410 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c Buffer_Overflow_fgets 113 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39411 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c Buffer_Overflow_fgets 169 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39412 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c Buffer_Overflow_fgets 58 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39413 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c Buffer_Overflow_cpycat 247 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39414 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c Buffer_Overflow_cpycat 219 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39415 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c String_Termination_Error 62 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39416 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c String_Termination_Error 173 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39417 79534/CWE134_Uncontrolled_Format_String__char_console_vfprintf_05.c String_Termination_Error 117 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39418 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c Buffer_Overflow_Indexes 112 static const int STATIC_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FIVE==5) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39419 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c Buffer_Overflow_Indexes 57 static const int STATIC_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FIVE!=5){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39420 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c Buffer_Overflow_Indexes 168 static const int STATIC_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(STATIC_CONST_FIVE==5) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39421 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c Buffer_Overflow_Indexes 57 static const int STATIC_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE!=5){} else strcpy(data, "fixedstringtest"); if(STATIC_CONST_FIVE==5) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39422 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c Buffer_Overflow_Indexes 168 static const int STATIC_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(STATIC_CONST_FIVE==5) strcpy(data, "fixedstringtest"); if(STATIC_CONST_FIVE==5) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39423 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c Buffer_Overflow_fgets 112 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39424 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c Buffer_Overflow_fgets 57 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39425 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c Buffer_Overflow_fgets 168 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39426 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c Buffer_Overflow_cpycat 246 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39427 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c Buffer_Overflow_cpycat 218 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39428 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c String_Termination_Error 172 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39429 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c String_Termination_Error 116 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39430 79535/CWE134_Uncontrolled_Format_String__char_console_vfprintf_06.c String_Termination_Error 61 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39431 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c Buffer_Overflow_Indexes 112 static int staticFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFive==5) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39432 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c Buffer_Overflow_Indexes 57 static int staticFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFive!=5){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39433 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c Buffer_Overflow_Indexes 168 static int staticFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticFive==5) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39434 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c Buffer_Overflow_Indexes 57 static int staticFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive!=5){} else strcpy(data, "fixedstringtest"); if(staticFive==5) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39435 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c Buffer_Overflow_Indexes 168 static int staticFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(staticFive==5) strcpy(data, "fixedstringtest"); if(staticFive==5) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39436 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c Buffer_Overflow_fgets 112 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39437 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c Buffer_Overflow_fgets 57 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39438 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c Buffer_Overflow_fgets 168 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39439 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c Buffer_Overflow_cpycat 246 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39440 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c Buffer_Overflow_cpycat 218 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39441 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c String_Termination_Error 172 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39442 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c String_Termination_Error 116 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39443 79536/CWE134_Uncontrolled_Format_String__char_console_vfprintf_07.c String_Termination_Error 61 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39444 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c Buffer_Overflow_Indexes 176 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticReturnsTrue()) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39445 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c Buffer_Overflow_Indexes 65 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticReturnsFalse()){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39446 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c Buffer_Overflow_Indexes 120 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(staticReturnsTrue()) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39447 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c Buffer_Overflow_Indexes 65 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsFalse()){} else strcpy(data, "fixedstringtest"); if(staticReturnsTrue()) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39448 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c Buffer_Overflow_Indexes 120 static int staticReturnsTrue() return 1; static int staticReturnsFalse() return 0; char dataBuffer[100] = ""; data = dataBuffer; if(staticReturnsTrue()) strcpy(data, "fixedstringtest"); if(staticReturnsTrue()) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39449 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c Buffer_Overflow_fgets 120 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39450 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c Buffer_Overflow_fgets 65 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39451 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c Buffer_Overflow_fgets 176 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39452 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c Buffer_Overflow_cpycat 254 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39453 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c Buffer_Overflow_cpycat 226 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39454 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c String_Termination_Error 180 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39455 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c String_Termination_Error 124 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39456 79537/CWE134_Uncontrolled_Format_String__char_console_vfprintf_08.c String_Termination_Error 69 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39457 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c Buffer_Overflow_Indexes 107 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_TRUE) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39458 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c Buffer_Overflow_Indexes 163 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FALSE){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39459 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c Buffer_Overflow_Indexes 52 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_TRUE) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39460 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c Buffer_Overflow_Indexes 163 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FALSE){} else strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_TRUE) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39461 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c Buffer_Overflow_Indexes 52 const int GLOBAL_CONST_TRUE = 1; const int GLOBAL_CONST_FALSE = 0; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_TRUE) strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_TRUE) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39462 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c Buffer_Overflow_fgets 163 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39463 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c Buffer_Overflow_fgets 107 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39464 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c Buffer_Overflow_fgets 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39465 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c Buffer_Overflow_cpycat 213 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39466 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c Buffer_Overflow_cpycat 241 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39467 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c String_Termination_Error 167 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39468 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c String_Termination_Error 111 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39469 79538/CWE134_Uncontrolled_Format_String__char_console_vfprintf_09.c String_Termination_Error 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39470 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c Buffer_Overflow_Indexes 107 int globalTrue = 1; int globalFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalTrue) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39471 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c Buffer_Overflow_Indexes 163 int globalTrue = 1; int globalFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFalse){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39472 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c Buffer_Overflow_Indexes 52 int globalTrue = 1; int globalFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalTrue) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39473 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c Buffer_Overflow_Indexes 163 int globalTrue = 1; int globalFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalFalse){} else strcpy(data, "fixedstringtest"); if(globalTrue) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39474 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c Buffer_Overflow_Indexes 52 int globalTrue = 1; int globalFalse = 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalTrue) strcpy(data, "fixedstringtest"); if(globalTrue) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39475 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c Buffer_Overflow_fgets 163 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39476 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c Buffer_Overflow_fgets 107 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39477 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c Buffer_Overflow_fgets 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39478 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c Buffer_Overflow_cpycat 213 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39479 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c Buffer_Overflow_cpycat 241 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39480 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c String_Termination_Error 167 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39481 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c String_Termination_Error 111 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39482 79539/CWE134_Uncontrolled_Format_String__char_console_vfprintf_10.c String_Termination_Error 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39483 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c Buffer_Overflow_Indexes 107 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalReturnsTrue()) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39484 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c Buffer_Overflow_Indexes 163 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalReturnsFalse()){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39485 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c Buffer_Overflow_Indexes 52 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalReturnsTrue()) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39486 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c Buffer_Overflow_Indexes 163 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsFalse()){} else strcpy(data, "fixedstringtest"); if(globalReturnsTrue()) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39487 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c Buffer_Overflow_Indexes 52 int globalReturnsTrue()  return 1; int globalReturnsFalse()  return 0; char dataBuffer[100] = ""; data = dataBuffer; if(globalReturnsTrue()) strcpy(data, "fixedstringtest"); if(globalReturnsTrue()) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39488 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c Buffer_Overflow_fgets 163 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39489 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c Buffer_Overflow_fgets 107 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39490 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c Buffer_Overflow_fgets 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39491 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c Buffer_Overflow_cpycat 213 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39492 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c Buffer_Overflow_cpycat 241 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39493 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c String_Termination_Error 167 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39494 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c String_Termination_Error 111 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39495 79540/CWE134_Uncontrolled_Format_String__char_console_vfprintf_11.c String_Termination_Error 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39496 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c Buffer_Overflow_fgets 63 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39497 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c Buffer_Overflow_fgets 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39498 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c Buffer_Overflow_fgets 169 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39499 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c Buffer_Overflow_cpycat 232 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39500 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c Buffer_Overflow_cpycat 237 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39501 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c Buffer_Overflow_cpycat 85 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39502 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c String_Termination_Error 145 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39503 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c String_Termination_Error 173 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39504 79541/CWE134_Uncontrolled_Format_String__char_console_vfprintf_12.c String_Termination_Error 67 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39505 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c Buffer_Overflow_Indexes 107 const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FIVE==5) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39506 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c Buffer_Overflow_Indexes 163 const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FIVE!=5){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39507 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c Buffer_Overflow_Indexes 52 const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(GLOBAL_CONST_FIVE==5) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39508 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c Buffer_Overflow_Indexes 163 const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE!=5){} else strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_FIVE==5) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39509 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c Buffer_Overflow_Indexes 52 const int GLOBAL_CONST_FIVE = 5; char dataBuffer[100] = ""; data = dataBuffer; if(GLOBAL_CONST_FIVE==5) strcpy(data, "fixedstringtest"); if(GLOBAL_CONST_FIVE==5) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39510 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c Buffer_Overflow_fgets 163 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39511 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c Buffer_Overflow_fgets 107 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39512 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c Buffer_Overflow_fgets 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39513 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c Buffer_Overflow_cpycat 213 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39514 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c Buffer_Overflow_cpycat 241 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39515 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c String_Termination_Error 167 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39516 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c String_Termination_Error 111 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39517 79542/CWE134_Uncontrolled_Format_String__char_console_vfprintf_13.c String_Termination_Error 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39518 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c Buffer_Overflow_Indexes 107 int globalFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFive==5) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39519 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c Buffer_Overflow_Indexes 163 int globalFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFive!=5){} else goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39520 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c Buffer_Overflow_Indexes 52 int globalFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; if(globalFive==5) goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39521 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c Buffer_Overflow_Indexes 52 int globalFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive!=5){} else strcpy(data, "fixedstringtest"); if(globalFive==5) goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39522 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c Buffer_Overflow_Indexes 52 int globalFive = 5; char dataBuffer[100] = ""; data = dataBuffer; if(globalFive==5) strcpy(data, "fixedstringtest"); if(globalFive==5) goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39523 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c Buffer_Overflow_fgets 163 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39524 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c Buffer_Overflow_fgets 107 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39525 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c Buffer_Overflow_fgets 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39526 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c Buffer_Overflow_cpycat 213 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39527 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c Buffer_Overflow_cpycat 241 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39528 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c String_Termination_Error 167 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39529 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c String_Termination_Error 111 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39530 79543/CWE134_Uncontrolled_Format_String__char_console_vfprintf_14.c String_Termination_Error 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39531 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c Buffer_Overflow_Indexes 183 char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; default: break; switch(7) case 7: badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39532 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c Buffer_Overflow_Indexes 120 char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; default: break; switch(8) case 7: break; default: goodB2G1VaSinkG(data, data); static void goodB2G1VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39533 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c Buffer_Overflow_Indexes 53 char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; default: break; switch(7) case 7: goodB2G2VaSinkG(data, data); static void goodB2G2VaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39534 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c Buffer_Overflow_Indexes 53 char dataBuffer[100] = ""; data = dataBuffer; switch(5) case 6: break; default: strcpy(data, "fixedstringtest"); break; switch(7) case 7: goodG2B1VaSinkB(data, data); static void goodG2B1VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39535 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c Buffer_Overflow_Indexes 53 char dataBuffer[100] = ""; data = dataBuffer; switch(6) case 6: strcpy(data, "fixedstringtest"); break; default: break; switch(7) case 7: goodG2B2VaSinkB(data, data); static void goodG2B2VaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39536 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c Buffer_Overflow_fgets 183 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39537 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c Buffer_Overflow_fgets 120 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39538 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c Buffer_Overflow_fgets 53 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39539 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c Buffer_Overflow_cpycat 280 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39540 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c Buffer_Overflow_cpycat 244 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39541 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c String_Termination_Error 57 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39542 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c String_Termination_Error 124 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39543 79544/CWE134_Uncontrolled_Format_String__char_console_vfprintf_15.c String_Termination_Error 187 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39544 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c Buffer_Overflow_Indexes 109 char dataBuffer[100] = ""; data = dataBuffer; while(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; while(1) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); break; 1 --------------------------------- 39545 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c Buffer_Overflow_Indexes 52 char * data; char dataBuffer[100] = ""; data = dataBuffer; while(1) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; break; while(1) goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); break; 0 --------------------------------- 39546 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c Buffer_Overflow_Indexes 52 char dataBuffer[100] = ""; data = dataBuffer; while(1) strcpy(data, "fixedstringtest"); break; while(1) goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); break; 0 --------------------------------- 39547 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c Buffer_Overflow_fgets 109 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39548 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c Buffer_Overflow_fgets 52 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39549 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c Buffer_Overflow_cpycat 156 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39550 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c String_Termination_Error 47 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 39551 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c String_Termination_Error 104 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 39552 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c String_Termination_Error 56 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39553 79545/CWE134_Uncontrolled_Format_String__char_console_vfprintf_16.c String_Termination_Error 113 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39554 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c Buffer_Overflow_Indexes 53 char * data; char dataBuffer[100] = ""; data = dataBuffer; for(i = 0; i < 1; i++) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; for(j = 0; j < 1; j++) badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39555 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c Buffer_Overflow_Indexes 109 char * data; char dataBuffer[100] = ""; data = dataBuffer; for(i = 0; i < 1; i++) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; for(k = 0; k < 1; k++) goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39556 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c Buffer_Overflow_Indexes 109 char * data; char dataBuffer[100] = ""; data = dataBuffer; for(h = 0; h < 1; h++) strcpy(data, "fixedstringtest"); for(j = 0; j < 1; j++) goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39557 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c Buffer_Overflow_fgets 109 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39558 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c Buffer_Overflow_fgets 53 char dataBuffer[100] = ""; data = dataBuffer; dataLen = strlen(data); data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39559 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c Buffer_Overflow_cpycat 155 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39560 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c String_Termination_Error 48 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 39561 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c String_Termination_Error 104 size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); size_t dataLen = strlen(data); 0 --------------------------------- 39562 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c String_Termination_Error 113 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39563 79546/CWE134_Uncontrolled_Format_String__char_console_vfprintf_17.c String_Termination_Error 57 char dataBuffer[100] = ""; data = dataBuffer; data[dataLen-1] = '\0'; data[dataLen] = '\0'; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39564 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c Buffer_Overflow_Indexes 52 char dataBuffer[100] = ""; data = dataBuffer; goto source; source: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goto sink; sink: badVaSinkB(data, data); static void badVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39565 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c Buffer_Overflow_Indexes 105 char dataBuffer[100] = ""; data = dataBuffer; goto source; source: size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goto sink; sink: goodB2GVaSinkG(data, data); static void goodB2GVaSinkG(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39566 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c Buffer_Overflow_Indexes 105 char dataBuffer[100] = ""; data = dataBuffer; goto source; source: strcpy(data, "fixedstringtest"); goto sink; sink: goodG2BVaSinkB(data, data); static void goodG2BVaSinkB(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39567 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c Buffer_Overflow_fgets 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39568 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c Buffer_Overflow_fgets 105 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39569 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c Buffer_Overflow_cpycat 148 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39570 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c String_Termination_Error 109 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39571 79547/CWE134_Uncontrolled_Format_String__char_console_vfprintf_18.c String_Termination_Error 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39572 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c Buffer_Overflow_Indexes 119 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; badStatic = 1; badVaSink(data, data); static void badVaSink(char * data, ...) if(badStatic) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39573 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c Buffer_Overflow_Indexes 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2G1Static = 0; goodB2G1_vasink(data, data); static void goodB2G1_vasink(char * data, ...) if(goodB2G1Static){} else va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39574 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c Buffer_Overflow_Indexes 168 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2G2Static = 1; goodB2G2_vasink(data, data); static void goodB2G2_vasink(char * data, ...) if(goodB2G2Static) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39575 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c Buffer_Overflow_Indexes 56 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BStatic = 1; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) if(goodG2BStatic) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39576 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c Buffer_Overflow_fgets 119 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39577 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c Buffer_Overflow_fgets 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39578 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c Buffer_Overflow_fgets 168 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39579 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c Buffer_Overflow_cpycat 211 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39580 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c String_Termination_Error 60 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39581 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c String_Termination_Error 172 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39582 79548/CWE134_Uncontrolled_Format_String__char_console_vfprintf_21.c String_Termination_Error 123 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39583 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c Buffer_Overflow_Indexes 127 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_badGlobal = 1; CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_badVaSink(data, data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_badVaSink(char * data, ...) if(CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_badGlobal) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39584 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c Buffer_Overflow_Indexes 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodB2G1Global = 0; CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodB2G1_vasink(data, data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodB2G1_vasink(char * data, ...) if(CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodB2G1Global){} else va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39585 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c Buffer_Overflow_Indexes 90 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodB2G2Global = 1; CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodB2G2_vasink(data, data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodB2G2_vasink(char * data, ...) if(CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodB2G2Global) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39586 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c Buffer_Overflow_Indexes 90 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodG2BGlobal = 1; CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodG2BVaSink(data, data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodG2BVaSink(char * data, ...) if(CWE134_Uncontrolled_Format_String__char_console_vfprintf_22_goodG2BGlobal) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39587 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c Buffer_Overflow_fgets 127 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39588 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c Buffer_Overflow_fgets 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39589 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c Buffer_Overflow_fgets 90 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39590 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c Buffer_Overflow_cpycat 158 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39591 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c String_Termination_Error 94 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39592 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c String_Termination_Error 48 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39593 79549/CWE134_Uncontrolled_Format_String__char_console_vfprintf_22.c String_Termination_Error 131 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39594 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c Buffer_Overflow_Indexes 129 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39595 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c Buffer_Overflow_Indexes 50 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); char * dataCopy = data; char * data = dataCopy; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39596 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c Buffer_Overflow_Indexes 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39597 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c Buffer_Overflow_fgets 129 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39598 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c Buffer_Overflow_fgets 50 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39599 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c Buffer_Overflow_cpycat 97 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39600 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c String_Termination_Error 54 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39601 79550/CWE134_Uncontrolled_Format_String__char_console_vfprintf_31.c String_Termination_Error 133 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39602 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c Buffer_Overflow_Indexes 143 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39603 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c Buffer_Overflow_Indexes 54 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; strcpy(data, "fixedstringtest"); *dataPtr1 = data; char * data = *dataPtr2; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39604 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c Buffer_Overflow_Indexes 54 char * *dataPtr1 = &data; char * *dataPtr2 = &data; char dataBuffer[100] = ""; data = dataBuffer; char * data = *dataPtr1; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; *dataPtr1 = data; char * data = *dataPtr2; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39605 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c Buffer_Overflow_fgets 143 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39606 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c Buffer_Overflow_fgets 54 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39607 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c Buffer_Overflow_cpycat 106 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39608 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c String_Termination_Error 58 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39609 79551/CWE134_Uncontrolled_Format_String__char_console_vfprintf_32.c String_Termination_Error 147 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39610 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c Buffer_Overflow_Indexes 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; char * dataCopy = data; char * data = dataCopy; badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39611 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c Buffer_Overflow_Indexes 137 char * data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); myUnion.unionFirst = data; char * data = myUnion.unionSecond; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39612 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c Buffer_Overflow_Indexes 137 CWE134_Uncontrolled_Format_String__char_console_vfprintf_34_unionType myUnion; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myUnion.unionFirst = data; char * data = myUnion.unionSecond; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39613 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c Buffer_Overflow_fgets 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39614 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c Buffer_Overflow_fgets 137 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39615 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c Buffer_Overflow_cpycat 104 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39616 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c String_Termination_Error 60 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39617 79553/CWE134_Uncontrolled_Format_String__char_console_vfprintf_34.c String_Termination_Error 141 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39618 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c Buffer_Overflow_Indexes 55 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; badSink(data); static void badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39619 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c Buffer_Overflow_Indexes 136 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); goodG2BSink(data); static void goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39620 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c Buffer_Overflow_Indexes 136 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; goodB2GSink(data); static void goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39621 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c Buffer_Overflow_fgets 55 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39622 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c Buffer_Overflow_fgets 136 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39623 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c Buffer_Overflow_cpycat 103 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39624 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c String_Termination_Error 140 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39625 79554/CWE134_Uncontrolled_Format_String__char_console_vfprintf_41.c String_Termination_Error 59 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39626 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c Buffer_Overflow_Indexes 119 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39627 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c Buffer_Overflow_Indexes 36 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) strcpy(data, "fixedstringtest"); return data; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39628 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c Buffer_Overflow_Indexes 36 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39629 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c Buffer_Overflow_fgets 119 char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39630 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c Buffer_Overflow_fgets 36 char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39631 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c Buffer_Overflow_cpycat 85 char dataBuffer[100] = ""; data = dataBuffer; data = goodG2BSource(data); static char * goodG2BSource(char * data) strcpy(data, "fixedstringtest"); 0 --------------------------------- 39632 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c String_Termination_Error 40 char dataBuffer[100] = ""; data = dataBuffer; data = badSource(data); static char * badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39633 79555/CWE134_Uncontrolled_Format_String__char_console_vfprintf_42.c String_Termination_Error 123 char dataBuffer[100] = ""; data = dataBuffer; data = goodB2GSource(data); static char * goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39634 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c Buffer_Overflow_Indexes 126 void (*funcPtr) (char *, ...) = badVaSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39635 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c Buffer_Overflow_Indexes 52 char * data; void (*funcPtr) (char *, ...) = goodG2BVaSink; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); funcPtr(data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39636 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c Buffer_Overflow_Indexes 52 void (*funcPtr) (char *, ...) = goodB2GVaSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39637 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c Buffer_Overflow_fgets 126 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39638 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c Buffer_Overflow_fgets 52 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39639 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c Buffer_Overflow_cpycat 97 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39640 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c String_Termination_Error 130 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39641 79557/CWE134_Uncontrolled_Format_String__char_console_vfprintf_44.c String_Termination_Error 56 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39642 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c Buffer_Overflow_Indexes 60 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_badData = data; badSink(); static void badSink() char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_badData; badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39643 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c Buffer_Overflow_Indexes 145 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_goodG2BData = data; goodG2BSink(); static void goodG2BSink() char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_goodG2BData; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39644 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c Buffer_Overflow_Indexes 145 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_goodB2GData = data; goodB2GSink(); static void goodB2GSink() char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_45_goodB2GData; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39645 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c Buffer_Overflow_fgets 60 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39646 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c Buffer_Overflow_fgets 145 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39647 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c Buffer_Overflow_cpycat 110 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39648 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c String_Termination_Error 149 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39649 79558/CWE134_Uncontrolled_Format_String__char_console_vfprintf_45.c String_Termination_Error 64 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39650 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c Buffer_Overflow_Indexes 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39651 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c Buffer_Overflow_Indexes 42 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39652 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c Buffer_Overflow_Indexes 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_51b_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39653 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39654 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c Buffer_Overflow_fgets 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39655 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c Buffer_Overflow_cpycat 76 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39656 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c String_Termination_Error 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39657 79559/CWE134_Uncontrolled_Format_String__char_console_vfprintf_51.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39658 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c Buffer_Overflow_Indexes 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_52b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_52b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_52c_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_52c_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39659 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c Buffer_Overflow_Indexes 42 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_vfprintf_52b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_52b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_52c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_52c_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39660 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c Buffer_Overflow_Indexes 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_52b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_52b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_52c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_52c_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39661 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39662 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c Buffer_Overflow_fgets 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39663 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c Buffer_Overflow_cpycat 76 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39664 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c String_Termination_Error 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39665 79560/CWE134_Uncontrolled_Format_String__char_console_vfprintf_52.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39666 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c Buffer_Overflow_Indexes 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_53b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_53c_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53c_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_53d_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53d_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39667 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c Buffer_Overflow_Indexes 42 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_vfprintf_53b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_53c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53c_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_53d_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53d_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39668 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c Buffer_Overflow_Indexes 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_53b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_53c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53c_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_53d_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_53d_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39669 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39670 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c Buffer_Overflow_fgets 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39671 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c Buffer_Overflow_cpycat 76 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39672 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c String_Termination_Error 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39673 79561/CWE134_Uncontrolled_Format_String__char_console_vfprintf_53.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39674 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c Buffer_Overflow_Indexes 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_54b_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54b_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_54c_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54c_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_54d_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54d_badSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_54e_badSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54e_badSink(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39675 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c Buffer_Overflow_Indexes 42 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_vfprintf_54b_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54b_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_54c_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54c_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_54d_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54d_goodG2BSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_54e_goodG2BSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54e_goodG2BSink(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39676 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c Buffer_Overflow_Indexes 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_54b_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54b_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_54c_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54c_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_54d_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54d_goodB2GSink(char * data) CWE134_Uncontrolled_Format_String__char_console_vfprintf_54e_goodB2GSink(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_54e_goodB2GSink(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39677 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39678 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c Buffer_Overflow_fgets 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39679 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c Buffer_Overflow_cpycat 76 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39680 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c String_Termination_Error 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39681 79562/CWE134_Uncontrolled_Format_String__char_console_vfprintf_54.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39682 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c Buffer_Overflow_Indexes 214 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_badSource(data); char * CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_badSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39683 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c Buffer_Overflow_Indexes 171 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodG2BSource(data); char * CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodG2BSource(char * data) strcpy(data, "fixedstringtest"); return data; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39684 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c Buffer_Overflow_Indexes 171 char * data; char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; return data; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39685 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c Buffer_Overflow_fgets 214 char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39686 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c Buffer_Overflow_fgets 171 char * CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39687 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c Buffer_Overflow_cpycat 200 char * CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodG2BSource(char * data) strcpy(data, "fixedstringtest"); 0 --------------------------------- 39688 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c String_Termination_Error 175 char * CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_badSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39689 79563/CWE134_Uncontrolled_Format_String__char_console_vfprintf_61.c String_Termination_Error 218 char dataBuffer[100] = ""; data = dataBuffer; data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodB2GSource(data); char * CWE134_Uncontrolled_Format_String__char_console_vfprintf_61b_goodB2GSource(char * data) size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39690 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c Buffer_Overflow_Indexes 95 char * data; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_badSink(char * * dataPtr) char * data = *dataPtr; badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39691 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c Buffer_Overflow_Indexes 42 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_goodG2BSink(&data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_goodG2BSink(char * * dataPtr) char * data = *dataPtr; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39692 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c Buffer_Overflow_Indexes 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_63b_goodB2GSink(char * * dataPtr) char * data = *dataPtr; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39693 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39694 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c Buffer_Overflow_fgets 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39695 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c Buffer_Overflow_cpycat 76 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39696 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c String_Termination_Error 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39697 79565/CWE134_Uncontrolled_Format_String__char_console_vfprintf_63.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39698 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c Buffer_Overflow_Indexes 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_badSink(&data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_badSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39699 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c Buffer_Overflow_Indexes 42 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_goodG2BSink(&data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_goodG2BSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39700 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_goodB2GSink(&data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_64b_goodB2GSink(void * dataVoidPtr) char * * dataPtr = (char * *)dataVoidPtr; char * data = (*dataPtr); goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39701 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c Buffer_Overflow_fgets 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39702 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c Buffer_Overflow_fgets 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39703 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c Buffer_Overflow_cpycat 76 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39704 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c String_Termination_Error 46 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39705 79566/CWE134_Uncontrolled_Format_String__char_console_vfprintf_64.c String_Termination_Error 99 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39706 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c Buffer_Overflow_Indexes 100 void (*funcPtr) (char *, ...) = CWE134_Uncontrolled_Format_String__char_console_vfprintf_65b_badVaSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data, data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_65b_badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39707 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c Buffer_Overflow_Indexes 44 char * data; void (*funcPtr) (char *, ...) = CWE134_Uncontrolled_Format_String__char_console_vfprintf_65b_goodG2BVaSink; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); funcPtr(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_65b_goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39708 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c Buffer_Overflow_Indexes 44 void (*funcPtr) (char *, ...) = CWE134_Uncontrolled_Format_String__char_console_vfprintf_65b_goodB2GVaSink; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; funcPtr(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_65b_goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39709 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c Buffer_Overflow_fgets 44 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39710 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39711 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c Buffer_Overflow_cpycat 80 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39712 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39713 79567/CWE134_Uncontrolled_Format_String__char_console_vfprintf_65.c String_Termination_Error 48 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39714 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c Buffer_Overflow_Indexes 43 char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_badSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_badSink(char * dataArray[]) char * data = dataArray[2]; badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39715 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c Buffer_Overflow_Indexes 100 char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_goodG2BSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_goodG2BSink(char * dataArray[]) char * data = dataArray[2]; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39716 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c Buffer_Overflow_Indexes 100 char * dataArray[5]; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; dataArray[2] = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_goodB2GSink(dataArray); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_66b_goodB2GSink(char * dataArray[]) char * data = dataArray[2]; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39717 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c Buffer_Overflow_fgets 43 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39718 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39719 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c Buffer_Overflow_cpycat 79 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39720 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c String_Termination_Error 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39721 79568/CWE134_Uncontrolled_Format_String__char_console_vfprintf_66.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39722 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c Buffer_Overflow_Indexes 47 CWE134_Uncontrolled_Format_String__char_console_vfprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_badSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_badSink(CWE134_Uncontrolled_Format_String__char_console_vfprintf_67_structType myStruct) char * data = myStruct.structFirst; badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39723 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c Buffer_Overflow_Indexes 104 CWE134_Uncontrolled_Format_String__char_console_vfprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_goodG2BSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_goodG2BSink(CWE134_Uncontrolled_Format_String__char_console_vfprintf_67_structType myStruct) char * data = myStruct.structFirst; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39724 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c Buffer_Overflow_Indexes 104 CWE134_Uncontrolled_Format_String__char_console_vfprintf_67_structType myStruct; char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; myStruct.structFirst = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_goodB2GSink(myStruct); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_67b_goodB2GSink(CWE134_Uncontrolled_Format_String__char_console_vfprintf_67_structType myStruct) char * data = myStruct.structFirst; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39725 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c Buffer_Overflow_fgets 47 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39726 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c Buffer_Overflow_fgets 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39727 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c Buffer_Overflow_cpycat 83 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39728 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c String_Termination_Error 108 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39729 79569/CWE134_Uncontrolled_Format_String__char_console_vfprintf_67.c String_Termination_Error 51 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39730 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c Buffer_Overflow_Indexes 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_badData = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_68b_badSink(); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_68b_badSink() char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_badData; badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39731 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c Buffer_Overflow_Indexes 100 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_goodG2BData = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_68b_goodG2BSink(); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_68b_goodG2BSink() char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_goodG2BData; goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39732 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c Buffer_Overflow_Indexes 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_goodB2GData = data; CWE134_Uncontrolled_Format_String__char_console_vfprintf_68b_goodB2GSink(); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_68b_goodB2GSink() char * data = CWE134_Uncontrolled_Format_String__char_console_vfprintf_68_goodB2GData; goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39733 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c Buffer_Overflow_fgets 45 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39734 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c Buffer_Overflow_fgets 100 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39735 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c Buffer_Overflow_cpycat 82 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39736 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c String_Termination_Error 49 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39737 79570/CWE134_Uncontrolled_Format_String__char_console_vfprintf_68.c String_Termination_Error 104 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39738 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81a.cpp Buffer_Overflow_Indexes 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; const CWE134_Uncontrolled_Format_String__char_console_vfprintf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_console_vfprintf_81_bad(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_81_bad::action(char * data) const badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39739 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81a.cpp Buffer_Overflow_Indexes 89 char * data; char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); const CWE134_Uncontrolled_Format_String__char_console_vfprintf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_console_vfprintf_81_goodG2B(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_81_goodG2B::action(char * data) const goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39740 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81a.cpp Buffer_Overflow_Indexes 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; const CWE134_Uncontrolled_Format_String__char_console_vfprintf_81_base& baseObject = CWE134_Uncontrolled_Format_String__char_console_vfprintf_81_goodB2G(); baseObject.action(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_81_goodB2G::action(char * data) const goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39741 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81a.cpp Buffer_Overflow_fgets 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39742 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81a.cpp Buffer_Overflow_fgets 89 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39743 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81a.cpp Buffer_Overflow_cpycat 71 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39744 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81a.cpp String_Termination_Error 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39745 79574/CWE134_Uncontrolled_Format_String__char_console_vfprintf_81a.cpp String_Termination_Error 93 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39746 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82a.cpp Buffer_Overflow_Indexes 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_console_vfprintf_82_bad; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_82_bad::action(char * data) badVaSink(data, data); static void badVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 1 --------------------------------- 39747 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82a.cpp Buffer_Overflow_Indexes 91 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); CWE134_Uncontrolled_Format_String__char_console_vfprintf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_console_vfprintf_82_goodG2B; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_82_goodG2B::action(char * data) goodG2BVaSink(data, data); static void goodG2BVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, data, args); va_end(args); 0 --------------------------------- 39748 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82a.cpp Buffer_Overflow_Indexes 91 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (100-dataLen > 1) if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); if (dataLen > 0 && data[dataLen-1] == '\n') data[dataLen-1] = '\0'; else data[dataLen] = '\0'; CWE134_Uncontrolled_Format_String__char_console_vfprintf_82_base* baseObject = new CWE134_Uncontrolled_Format_String__char_console_vfprintf_82_goodB2G; baseObject->action(data); void CWE134_Uncontrolled_Format_String__char_console_vfprintf_82_goodB2G::action(char * data) goodB2GVaSink(data, data); static void goodB2GVaSink(char * data, ...) va_list args; va_start(args, data); vfprintf(stdout, "%s", args); va_end(args); 0 --------------------------------- 39749 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82a.cpp Buffer_Overflow_fgets 38 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39750 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82a.cpp Buffer_Overflow_fgets 91 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) 0 --------------------------------- 39751 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82a.cpp Buffer_Overflow_cpycat 72 char dataBuffer[100] = ""; data = dataBuffer; strcpy(data, "fixedstringtest"); 0 --------------------------------- 39752 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82a.cpp String_Termination_Error 95 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 --------------------------------- 39753 79575/CWE134_Uncontrolled_Format_String__char_console_vfprintf_82a.cpp String_Termination_Error 42 char dataBuffer[100] = ""; data = dataBuffer; size_t dataLen = strlen(data); if (fgets(data+dataLen, (int)(100-dataLen), stdin) != NULL) dataLen = strlen(data); 0 ---------------------------------